| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Trojaner in AcroFF*.dll / Bafi.A (MSE) / CI.A (MBAM)Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
29.12.2011, 04:32
| #1 |
 |  Trojaner in AcroFF*.dll / Bafi.A (MSE) / CI.A (MBAM) Hallo und guten Abend, man versucht's zwar immer wieder alleine zu lösen und landet dann doch wieder hier.  Der Titel des Themas ist gerade nicht so aussagekräftig. Ich habe dabei aber mehr an andere Suchende gedacht. Das sind so die Informationen, die ich bis jetzt im Zusammenhang mit meinem Fall erkennen konnte. Einleitung: Ich hatte in den Wochen vor Weihnachten einige Abstürze von Skype. Allerdings ohne erkennbares Muster oder schwerwiegende Konsequenzen. Auch der IE stürzte ab und zu ab, da aber selten genutzt, kann ich keine Angabe zur Häufigkeit machen. Dann nun seit Montag stürzte auch der Firefox relativ häufig, aber nicht schwerwiegend ab. Manchmal eine Weile nichts, daher ebenfalls kein erkennbares Muster. Nun meldete sich heute oder gestern Microsoft Security Essentials (das zuständige Virenprogramm) mit der Entdeckung und Entfernung von Trojanern, die mit Trojan:Win32/Bafi.A einmal auch .B angegeben sind. Ein vollständiger Scan brachte ein paar mehr Funde desselben Trojaners zu Tage. Alle nach dem Muster AppData/Roaming/[vierstellige Zahl]/components/AcroFF*****.dll. Daraufhin ließ ich im FF den Panda ActiveScan2.0 laufen, der allerdings nicht beendet werden konnte, da Firefox abstürzte. (also kein Log) Weitere Schritte in Kurzfassung: - Cookies im FF komplett gelöscht - neuste FF-Version installiert - CCleaner alles säubern lassen - Spamfighter gedownloadet und 10-12 Trojaner entfernen lassen (leider kein Log) Dann habe ich mich endlich an Vorgaben hier aus dem Forum gehalten und Malewarebytes' Anti-Malware installiert und scannen lassen. Wie empfohlen wurde dann gleich gesäubert: Code:
ATTFilter Datenbank Version: v2011.12.28.05
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Bianco :: VICKY [Administrator]
Schutz: Aktiviert
28.12.2011 22:21:41
mbam-log-2011-12-28 (22-21-41).txt
Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 176323
Laufzeit: 2 Minute(n), 13 Sekunde(n)
Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel: 7
HKCR\CLSID\{EFF39A40-C163-4d5d-B073-52FBB55C646A} (Trojan.Passwords) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EFF39A40-C163-4D5D-B073-52FBB55C646A} (Trojan.Passwords) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{EFF39A40-C163-4D5D-B073-52FBB55C646A} (Trojan.Passwords) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EFF39A40-C163-4D5D-B073-52FBB55C646A} (Trojan.Passwords) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C689C99E-3A8C-4c87-A79C-C80DC9C81632} (Trojan.Banker) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{C689C99E-3A8C-4c87-A79C-C80DC9C81632} (Trojan.Banker) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C689C99E-3A8C-4c87-A79C-C80DC9C81632} (Trojan.Banker) -> Erfolgreich gelöscht und in Quarantäne gestellt.
Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Userinit (Backdoor.Agent) -> Daten: C:\Users\Bianco\AppData\Roaming\appconf32.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.
Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateien: 2
C:\Users\Bianco\AppData\Roaming\AcroIEHelpe068.dll (Trojan.Passwords) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Bianco\AppData\Roaming\appconf32.exe (Backdoor.Agent) -> Löschen bei Neustart.
(Ende)
Nach dem Neustart gab dann MSE das erste Mal keine Warnungen mehr raus, was mich ja hoffen ließ. Auch ein weiterer vollständiger Scan mit MBAM machte Hoffnung: Code:
ATTFilter Datenbank Version: v2011.12.28.05
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Bianco :: VICKY [Administrator]
Schutz: Aktiviert
28.12.2011 23:28:59
mbam-log-2011-12-28 (23-28-59).txt
Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 419969
Laufzeit: 1 Stunde(n), 5 Minute(n), 6 Sekunde(n)
Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)
(Ende)
Code:
ATTFilter ;***********************************************************************************************************************************************************************************
ANALYSIS: 2011-12-29 02:32:56
PROTECTIONS: 1
MALWARE: 13
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
Microsoft Security Essentials Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\users\bianco\appdata\roaming\microsoft\windows\cookies\vr8x7ae9.txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\users\bianco\appdata\roaming\microsoft\windows\cookies\rmulbb68.txt
03074964 Trj/CI.A Virus/Trojan No 0 Yes No c:\users\bianco\appdata\roaming\5060\components\acroff0606.dll
03074964 Trj/CI.A Virus/Trojan No 0 Yes No c:\users\bianco\appdata\roaming\5062\components\acroff0620.dll
03074964 Trj/CI.A Virus/Trojan No 0 Yes No c:\users\bianco\appdata\roaming\5064\components\acroff064.dll
09193703 Exploit/CVE-2010-0840 SecRisk No 0 Yes No c:\users\bianco\appdata\locallow\sun\java\deployment\cache\6.0\62\6f9d807e-37a56584[support/attachment.class]
09193705 Exploit/CVE-2010-0840 SecRisk No 0 Yes No c:\users\bianco\appdata\locallow\sun\java\deployment\cache\6.0\62\6f9d807e-37a56584[support/cid.class]
09612215 Generic Trojan Virus/Trojan No 0 Yes No c:\users\bianco\appdata\roaming\5052\components\acroff0528.dll
09659561 Generic Trojan Virus/Trojan No 0 Yes No c:\users\bianco\appdata\roaming\5052\components\acroff0526.dll
09661052 Generic Trojan Virus/Trojan No 0 Yes No c:\users\bianco\appdata\roaming\5060\components\acroff0605.dll
09666169 Generic Trojan Virus/Trojan No 0 Yes No c:\users\bianco\appdata\roaming\5064\components\acroff0648.dll
09666286 Generic Trojan Virus/Trojan No 0 Yes No c:\users\bianco\appdata\roaming\5064\components\acroff0645.dll
09666287 Generic Trojan Virus/Trojan No 0 Yes No c:\users\bianco\appdata\roaming\5064\components\acroff0646.dll
09666291 Generic Trojan Virus/Trojan No 0 Yes No c:\users\bianco\appdata\roaming\5061\components\acroff0617.dll
09666291 Generic Trojan Virus/Trojan No 0 Yes No c:\users\bianco\appdata\roaming\5064\components\acroff0647.dll
09678068 Generic Malware Virus/Trojan No 0 Yes No c:\users\bianco\appdata\roaming\5060\components\acroff0600.dll
;===================================================================================================================================================================================
SUSPECTS
Sent Location
;===================================================================================================================================================================================
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description
;===================================================================================================================================================================================
;===================================================================================================================================================================================
Nun scheine ich also noch einige inaktive, daher aber nicht mindergefährliche Trojaner an Bord zu haben, die sich sicher nach dem nächsten Neustart oder Ähnlichem bereit machen, was auch immer, zu tun. In diesem Sinne: Hilfe! PS: Ich hatte, nachdem ich gemerkt habe, dass die Fehler nicht am FF liegen, wieder eine ältere Version installiert. OTF-Auswertungen noch: Code:
ATTFilter OTL logfile created on: 29.12.2011 03:56:55 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Bianco\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,31 Gb Available Physical Memory | 57,69% Memory free 7,99 Gb Paging File | 6,28 Gb Available in Paging File | 78,54% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 555,55 Gb Total Space | 128,83 Gb Free Space | 23,19% Space Free | Partition Type: NTFS Drive D: | 375,86 Gb Total Space | 375,76 Gb Free Space | 99,97% Space Free | Partition Type: NTFS Computer Name: VICKY | User Name: Bianco | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.12.29 03:52:36 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Bianco\Downloads\OTL.exe PRC - [2011.12.24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Anti-Malware\mbamservice.exe PRC - [2011.12.24 17:50:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Anti-Malware\mbamgui.exe PRC - [2011.09.02 01:42:06 | 024,183,152 | ---- | M] (Dropbox, Inc.) -- C:\Users\Bianco\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2010.07.29 17:57:34 | 000,248,936 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2009.11.20 12:17:54 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe ========== Modules (No Company Name) ========== ========== Win32 Services (SafeList) ========== SRV:64bit: - [2011.04.27 16:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv) SRV:64bit: - [2011.04.27 16:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc) SRV - [2011.12.24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011.11.03 19:25:08 | 002,358,656 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6) SRV - [2011.08.15 16:18:12 | 002,329,480 | ---- | M] (LogMeIn Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2010.10.28 11:14:30 | 000,357,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ) SRV - [2010.07.29 17:57:34 | 000,248,936 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.02.17 16:19:34 | 003,007,488 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Samsung\PC Share Manager\WiselinkPro.exe -- (WiselinkPro) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2011.12.10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2011.07.20 08:46:06 | 000,161,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscemdm.sys -- (sscemdm) DRV:64bit: - [2011.07.20 08:46:06 | 000,129,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssceserd.sys -- (ssceserd) SAMSUNG Mobile Modem Diagnostic Serial Port V2 (WDM) DRV:64bit: - [2011.07.20 08:46:06 | 000,127,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscebus.sys -- (sscebus) SAMSUNG USB Composite Device V2 driver (WDM) DRV:64bit: - [2011.07.20 08:46:06 | 000,018,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscemdfl.sys -- (sscemdfl) DRV:64bit: - [2011.07.20 08:45:58 | 000,161,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bmdm.sys -- (ss_bmdm) DRV:64bit: - [2011.07.20 08:45:58 | 000,128,000 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bserd.sys -- (ss_bserd) DRV:64bit: - [2011.07.20 08:45:58 | 000,127,488 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bbus.sys -- (ss_bbus) SAMSUNG USB Mobile Device (WDM) DRV:64bit: - [2011.07.20 08:45:58 | 000,018,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bmdfl.sys -- (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter) DRV:64bit: - [2011.05.16 08:36:21 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2011.04.27 14:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv) DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.10.21 15:11:04 | 000,097,552 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MijXfilt.sys -- (MotioninJoyXFilter) DRV:64bit: - [2010.08.24 18:29:32 | 000,057,936 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt) DRV:64bit: - [2010.08.24 18:29:10 | 000,063,568 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt) DRV:64bit: - [2010.05.27 08:40:22 | 001,550,848 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2010.03.22 10:57:20 | 000,347,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009.12.22 02:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter) DRV:64bit: - [2009.11.20 12:16:02 | 000,177,152 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2009.11.20 12:15:58 | 000,075,776 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2009.10.07 11:13:34 | 000,070,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2009.10.07 11:13:34 | 000,028,728 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2009.08.13 22:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 01:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV:64bit: - [2009.07.14 01:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam) DRV:64bit: - [2009.06.30 10:37:16 | 000,033,800 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\pavboot64.sys -- (pavboot) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.05 02:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO) DRV:64bit: - [2009.03.18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV - [2010.11.21 05:39:44 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv) DRV - [2010.11.21 05:39:10 | 000,030,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\GVTDrv64.sys -- (GVTDrv64) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 78 A7 C1 E0 3B D0 CB 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = www-cache.uni-halle.de:3128 ========== FireFox ========== FF - prefs.js..browser.search.update: false FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de" FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.2 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.8 FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.10 FF - prefs.js..extensions.enabledItems: gmailwatcher@sonthakit:1.47 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}:6.0.27 FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.1.10 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:2.0.2 FF - prefs.js..extensions.enabledItems: adblockpopups@jessehakanen.net:0.2.9 FF - prefs.js..extensions.enabledItems: {184AA5E6-741D-464a-820E-94B3ABC2F3B4}:1.0 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll File not found FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll File not found FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files (x86)\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security, S.L.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.12.29 00:43:09 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.12.29 00:43:09 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\Bianco\AppData\Roaming\5064 [2011.12.22 15:03:55 | 000,000,000 | ---D | M] [2011.08.24 10:42:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bianco\AppData\Roaming\mozilla\Extensions [2011.12.28 16:52:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bianco\AppData\Roaming\mozilla\Firefox\Profiles\fs6947nh.default\extensions [2011.12.22 05:07:33 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\Bianco\AppData\Roaming\mozilla\Firefox\Profiles\fs6947nh.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b} [2011.12.23 20:42:10 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Bianco\AppData\Roaming\mozilla\Firefox\Profiles\fs6947nh.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2011.12.28 13:01:47 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Bianco\AppData\Roaming\mozilla\Firefox\Profiles\fs6947nh.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2011.10.31 09:46:33 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\Bianco\AppData\Roaming\mozilla\Firefox\Profiles\fs6947nh.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} [2011.10.01 19:57:27 | 000,000,000 | ---D | M] (Adblock Plus Pop-up Addon) -- C:\Users\Bianco\AppData\Roaming\mozilla\Firefox\Profiles\fs6947nh.default\extensions\adblockpopups@jessehakanen.net [2011.08.24 21:53:45 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\Bianco\AppData\Roaming\mozilla\Firefox\Profiles\fs6947nh.default\extensions\de-DE@dictionaries.addons.mozilla.org [2011.12.17 02:18:54 | 000,000,000 | ---D | M] (Gmail Watcher) -- C:\Users\Bianco\AppData\Roaming\mozilla\Firefox\Profiles\fs6947nh.default\extensions\gmailwatcher@sonthakit [2011.12.29 00:43:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions File not found (No name found) -- C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} [2011.12.22 15:03:55 | 000,000,000 | ---D | M] (Java String Helper) -- C:\USERS\BIANCO\APPDATA\ROAMING\5064 [2011.08.26 23:30:39 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2011.12.13 01:14:25 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.12.13 01:14:25 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011.12.13 01:14:25 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011.12.13 01:14:25 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2011.12.13 01:14:25 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation) O4 - HKCU..\Run: [ICQ] C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.) O4 - Startup: C:\Users\Bianco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Bianco\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\Bianco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\[Vimeo-12280336] Daisy Lowe for UK esquire HD - Verknüpfung.lnk = C:\Users\Bianco\Videos\Daisy Lowe for UK esquire HD.mp4 () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} hxxp://download.gigabyte.com.tw/object/Dldrv.ocx (Dldrv2 Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27) O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{32A44F64-7AAA-4B86-8DC3-FC1D757FDFAE}: DhcpNameServer = 192.168.25.10 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{14edffcb-7f7d-11e0-a1cd-1c6f6548819b}\Shell - "" = AutoRun O33 - MountPoints2\{14edffcb-7f7d-11e0-a1cd-1c6f6548819b}\Shell\AutoRun\command - "" = F:\Autorun.exe O33 - MountPoints2\{307f1ce2-e67d-11e0-84d4-1c6f6548819b}\Shell - "" = AutoRun O33 - MountPoints2\{307f1ce2-e67d-11e0-84d4-1c6f6548819b}\Shell\AutoRun\command - "" = G:\Startme.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) MsConfig:64bit - StartUpReg: KiesPDLR - hkey= - key= - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () MsConfig:64bit - StartUpReg: KiesTrayAgent - hkey= - key= - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) MsConfig:64bit - StartUpReg: LogMeIn Hamachi Ui - hkey= - key= - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) MsConfig:64bit - StartUpReg: SwitchBoard - hkey= - key= - File not found MsConfig:64bit - State: "startup" - Reg Error: Key error. MsConfig:64bit - State: "services" - Reg Error: Key error. CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011.12.29 00:58:55 | 000,033,800 | ---- | C] (Panda Security, S.L.) -- C:\Windows\SysNative\drivers\pavboot64.sys [2011.12.28 23:19:55 | 000,000,000 | ---D | C] -- C:\Users\Bianco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis [2011.12.28 23:19:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HiJackThis [2011.12.28 22:20:20 | 000,000,000 | ---D | C] -- C:\Users\Bianco\AppData\Roaming\Malwarebytes [2011.12.28 22:20:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.12.28 22:20:11 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2011.12.28 22:20:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Anti-Malware [2011.12.28 20:32:27 | 000,000,000 | ---D | C] -- C:\ProgramData\clp [2011.12.28 15:16:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Panda Security [2011.12.22 15:03:55 | 000,000,000 | ---D | C] -- C:\Users\Bianco\AppData\Roaming\5064 [2011.12.22 14:10:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi [2011.12.22 14:10:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi [2011.12.21 10:54:29 | 000,000,000 | ---D | C] -- C:\Users\Bianco\AppData\Roaming\5063 [2011.12.20 18:23:30 | 000,000,000 | ---D | C] -- C:\Users\Bianco\AppData\Roaming\5062 [2011.12.19 14:08:56 | 000,000,000 | ---D | C] -- C:\Users\Bianco\AppData\Roaming\5061 [2011.12.16 14:53:18 | 000,000,000 | ---D | C] -- C:\Users\Bianco\AppData\Roaming\5060 [2011.12.14 16:28:43 | 000,000,000 | ---D | C] -- C:\Users\Bianco\AppData\Roaming\5059 [2011.12.13 15:46:39 | 000,000,000 | ---D | C] -- C:\Users\Bianco\AppData\Roaming\5058 [2011.12.12 14:54:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ICQ7.7 [2011.12.12 14:54:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ICQ7.7 [2011.12.12 11:18:22 | 000,000,000 | ---D | C] -- C:\Users\Bianco\AppData\Roaming\5056 [2011.12.10 15:44:36 | 000,000,000 | ---D | C] -- C:\Users\Bianco\AppData\Roaming\5055 [2011.12.09 11:05:57 | 000,000,000 | ---D | C] -- C:\Users\Bianco\AppData\Roaming\5054 [2011.12.04 10:36:02 | 000,000,000 | ---D | C] -- C:\Users\Bianco\AppData\Roaming\5053 [2011.12.01 20:47:47 | 000,000,000 | ---D | C] -- C:\Users\Bianco\AppData\Roaming\5052 [2011.12.01 20:10:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2 C:\Users\Bianco\AppData\Roaming\*.tmp files -> C:\Users\Bianco\AppData\Roaming\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.12.29 03:32:25 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.12.28 23:14:36 | 000,014,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.12.28 23:14:36 | 000,014,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.12.28 23:07:28 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.12.28 23:07:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.12.28 23:07:16 | 3219,300,352 | -HS- | M] () -- C:\hiberfil.sys [2011.12.14 07:58:47 | 004,863,712 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2011.12.12 13:34:37 | 000,000,024 | ---- | M] () -- C:\Users\Bianco\AppData\Roaming\urhtps.dat [2011.12.10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2011.12.09 19:39:20 | 004,540,106 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.12.09 19:39:20 | 001,786,018 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.12.09 19:39:20 | 001,342,482 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.12.09 19:39:20 | 001,193,392 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.12.09 19:39:20 | 000,006,472 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.12.08 20:59:41 | 000,009,979 | ---- | M] () -- C:\Users\Public\Documents\MandyBewerbungTUB.pdf [2 C:\Users\Bianco\AppData\Roaming\*.tmp files -> C:\Users\Bianco\AppData\Roaming\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.12.11 14:47:31 | 000,000,024 | ---- | C] () -- C:\Users\Bianco\AppData\Roaming\urhtps.dat [2011.12.10 14:03:33 | 000,009,979 | ---- | C] () -- C:\Users\Public\Documents\MandyBewerbungTUB.pdf [2011.09.18 13:43:44 | 000,000,337 | ---- | C] () -- C:\Users\Bianco\AppData\Local\Perfmon.PerfmonCfg [2011.07.26 16:26:48 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2011.07.26 16:26:46 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2011.07.26 16:26:46 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2011.07.26 16:26:46 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2011.07.26 16:26:46 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2011.07.19 21:06:07 | 000,006,454 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.07.09 09:24:59 | 000,000,132 | ---- | C] () -- C:\Users\Bianco\AppData\Roaming\Adobe PNG Format CS5 Prefs [2011.05.25 06:23:03 | 000,000,000 | ---- | C] () -- C:\Users\Bianco\AppData\Local\{951B364D-4355-4BFB-BA19-F499AA39035E} [2010.11.21 08:33:21 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.11.21 05:12:12 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys [2010.11.21 04:06:25 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini [2010.08.05 11:15:30 | 000,007,764 | ---- | C] () -- C:\Windows\cadx2.ini [2009.08.27 08:04:12 | 000,207,400 | R--- | C] () -- C:\Windows\GSetup.exe [2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2002.09.18 00:45:00 | 000,119,808 | ---- | C] () -- C:\Windows\lsb_un20.exe ========== LOP Check ========== [2011.11.19 15:13:34 | 000,000,000 | ---D | M] -- C:\Users\Bianco\AppData\Roaming\5043 [2011.11.20 14:28:12 | 000,000,000 | ---D | M] -- C:\Users\Bianco\AppData\Roaming\5044 [2011.11.21 20:02:13 | 000,000,000 | ---D | M] -- C:\Users\Bianco\AppData\Roaming\5045 [2011.11.22 13:13:32 | 000,000,000 | ---D | M] -- C:\Users\Bianco\AppData\Roaming\5047 [2011.11.23 10:34:47 | 000,000,000 | ---D | M] -- C:\Users\Bianco\AppData\Roaming\5048 [2011.11.24 15:40:06 | 000,000,000 | ---D | M] -- C:\Users\Bianco\AppData\Roaming\5049 [2011.11.25 18:10:55 | 000,000,000 | ---D | M] -- C:\Users\Bianco\AppData\Roaming\5050 [2011.11.28 17:51:54 | 000,000,000 | ---D | M] -- C:\Users\Bianco\AppData\Roaming\5051 [2011.12.01 20:47:47 | 000,000,000 | ---D | M] -- C:\Users\Bianco\AppData\Roaming\5052 [2011.12.04 10:36:02 | 000,000,000 | ---D | M] -- C:\Users\Bianco\AppData\Roaming\5053 [2011.12.09 11:05:57 | 000,000,000 | ---D | M] -- C:\Users\Bianco\AppData\Roaming\5054 [2011.12.10 15:44:36 | 000,000,000 | ---D | M] -- C:\Users\Bianco\AppData\Roaming\5055 [2011.12.12 11:18:22 | 000,000,000 | ---D | M] -- C:\Users\Bianco\AppData\Roaming\5056 [2011.12.13 15:46:39 | 000,000,000 | ---D | M] -- C:\Users\Bianco\AppData\Roaming\5058 [2011.12.14 16:28:43 | 000,000,000 | ---D | M] -- C:\Users\Bianco\AppData\Roaming\5059 [2011.12.16 14:53:18 | 000,000,000 | ---D | M] -- C:\Users\Bianco\AppData\Roaming\5060 [2011.12.19 14:08:56 | 000,000,000 | ---D | M] -- C:\Users\Bianco\AppData\Roaming\5061 [2011.12.20 18:23:30 | 000,000,000 | ---D | M] -- C:\Users\Bianco\AppData\Roaming\5062 [2011.12.21 10:54:29 | 000,000,000 | ---D | M] -- C:\Users\Bianco\AppData\Roaming\5063 [2011.12.22 15:03:55 | 000,000,000 | ---D | M] -- C:\Users\Bianco\AppData\Roaming\5064 [2011.07.18 07:32:36 | 000,000,000 | ---D | M] -- C:\Users\Bianco\AppData\Roaming\Amazon [2011.04.22 15:30:35 | 000,000,000 | ---D | M] -- C:\Users\Bianco\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2011.12.28 20:06:20 | 000,000,000 | ---D | M] -- C:\Users\Bianco\AppData\Roaming\DAEMON Tools Lite [2011.12.28 23:07:51 | 000,000,000 | ---D | M] -- C:\Users\Bianco\AppData\Roaming\Dropbox [2011.06.29 09:24:04 | 000,000,000 | ---D | M] -- C:\Users\Bianco\AppData\Roaming\FreeFLVConverter [2011.12.29 02:42:04 | 000,000,000 | ---D | M] -- C:\Users\Bianco\AppData\Roaming\ICQ [2011.11.19 04:20:05 | 000,000,000 | ---D | M] -- C:\Users\Bianco\AppData\Roaming\kock [2010.11.21 07:21:50 | 000,000,000 | ---D | M] -- C:\Users\Bianco\AppData\Roaming\Leadertech [2011.03.10 13:09:23 | 000,000,000 | ---D | M] -- C:\Users\Bianco\AppData\Roaming\Meine Traffic [2011.01.07 17:36:52 | 000,000,000 | ---D | M] -- C:\Users\Bianco\AppData\Roaming\MotioninJoy [2010.11.21 06:45:14 | 000,000,000 | ---D | M] -- C:\Users\Bianco\AppData\Roaming\Mouse Recorder Pro [2011.08.12 11:05:07 | 000,000,000 | ---D | M] -- C:\Users\Bianco\AppData\Roaming\Samsung [2011.08.11 19:30:48 | 000,000,000 | ---D | M] -- C:\Users\Bianco\AppData\Roaming\TeamViewer [2011.12.01 20:04:37 | 000,000,000 | ---D | M] -- C:\Users\Bianco\AppData\Roaming\UAs [2011.12.23 12:39:56 | 000,000,000 | ---D | M] -- C:\Users\Bianco\AppData\Roaming\xmldm [2011.12.02 09:44:34 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2010.12.28 11:22:51 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2011.12.28 23:19:55 | 000,000,000 | -H-D | M] -- C:\Config.Msi [2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2010.11.21 04:02:20 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2010.11.21 07:14:26 | 000,000,000 | RH-D | M] -- C:\MSOCache [2010.11.21 06:06:29 | 000,000,000 | ---D | M] -- C:\NVIDIA [2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs [2011.11.22 15:21:02 | 000,000,000 | R--D | M] -- C:\Program Files [2011.12.28 23:19:54 | 000,000,000 | R--D | M] -- C:\Program Files (x86) [2011.12.28 22:20:15 | 000,000,000 | -H-D | M] -- C:\ProgramData [2010.11.21 04:02:20 | 000,000,000 | -HSD | M] -- C:\Programme [2010.11.21 04:02:20 | 000,000,000 | -HSD | M] -- C:\Recovery [2011.09.16 09:15:52 | 000,000,000 | ---D | M] -- C:\Skins SP [2011.12.29 03:57:50 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2011.11.22 15:18:01 | 000,000,000 | ---D | M] -- C:\Temp [2010.11.21 04:02:32 | 000,000,000 | R--D | M] -- C:\Users [2011.12.28 23:07:15 | 000,000,000 | ---D | M] -- C:\Windows [2011.12.06 15:14:36 | 000,000,000 | ---D | M] -- C:\Zipster < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.manifest /3 > < MD5 for: AFD.SYS > [2011.04.25 03:44:02 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=6EF20DDF3172E97D69F596FB90602F29 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16802_none_3430bc3977dfec2d\afd.sys [2009.07.14 00:21:42 | 000,500,224 | ---- | M] (Microsoft Corporation) MD5=B9384E03479D2506BC924C16A3DB87BC -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16385_none_33dd3439781e25f7\afd.sys [2010.11.20 10:23:34 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=D31DC7A16DEA4A9BAF179F3D6FBDB38C -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_360e4801750ca991\afd.sys [2011.04.25 03:34:03 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=D5B031C308A409A0A576BFF4CF083D30 -- C:\Windows\SysNative\drivers\afd.sys [2011.04.25 03:34:03 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=D5B031C308A409A0A576BFF4CF083D30 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_3618198975057170\afd.sys [2011.04.25 04:09:35 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=F4AD06143EAC303F55D0E86C40802976 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_3695e61e8e2c13d4\afd.sys [2011.04.25 03:44:27 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=FBFF8B7C9D116229E9208A0D1CAEB49B -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.20951_none_3483491e9126fe55\afd.sys < MD5 for: EXPLORER.EXE > [2011.02.26 07:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe [2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe [2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe [2011.02.26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe [2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe [2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe [2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe [2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe [2011.02.26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe [2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe [2009.08.03 07:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe [2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe [2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe [2010.11.20 14:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe [2009.10.31 07:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe [2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe [2009.07.14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe [2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe [2011.02.26 07:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe [2009.08.03 07:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe < MD5 for: REGEDIT.EXE > [2009.07.14 02:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5023a70bf589ad3e\regedit.exe [2009.07.14 02:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe [2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\SysWOW64\regedit.exe [2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5a78515e29ea6f39\regedit.exe < MD5 for: USERINIT.EXE > [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe [2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe [2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2011.12.24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files (x86)\Anti-Malware\Chameleon\winlogon.exe [2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > < End of report > Code:
ATTFilter OTL Extras logfile created on: 29.12.2011 03:56:55 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Bianco\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 2,31 Gb Available Physical Memory | 57,69% Memory free
7,99 Gb Paging File | 6,28 Gb Available in Paging File | 78,54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 555,55 Gb Total Space | 128,83 Gb Free Space | 23,19% Space Free | Partition Type: NTFS
Drive D: | 375,86 Gb Total Space | 375,76 Gb Free Space | 99,97% Space Free | Partition Type: NTFS
Computer Name: VICKY | User Name: Bianco | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{42738DB0-FC3E-4672-A99B-9372F5696E30}" = Microsoft Security Client
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{C862EC05-1C15-4327-B15D-C7788D6CFF73}" = Image Resizer Powertoy Clone for Windows (64 bit)
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client DE-DE Language Pack
"{E0FE1E14-3A7A-4DB0-9FFA-0DD945AE84DB}" = HP Officejet Pro 8500 A910 - Grundlegende Software für das Gerät
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"MiKTeX 2.9" = MiKTeX 2.9
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"sp6" = Logitech SetPoint 6.20
"WinRAR archiver" = WinRAR
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}" = Mass Effect
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2315B23D-3E21-4920-837D-AE6460934ECB}" = FIFA 09
"{26A24AE4-039D-4CA4-87B4-2F83216027FF}" = Java(TM) 6 Update 27
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2A2E822B-3B0E-46C1-9E3B-ACD7D1E95139}" = SAMSUNG PC Share Manager
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6E36A172-06FB-4BC8-B7FC-D30D219E6776}" = Tom Clancy's H.A.W.X
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71BF8787-A67D-4CBC-9155-22927199F4BB}" = TP-LINK Wireless Client Utility
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE}" = ICQ7.7
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{871B2A9D-0F12-44B3-88C1-E0CB10A232E4}" = HP Officejet Pro 8500 A910 Hilfe
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{889E44CE-435C-4D37-B302-A7E43339E5FA}_is1" = Mouse Recorder Pro 2.0.6.0
"{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX
"{8BBB5E4C-3F5E-4C07-BFBE-33B34600783A}" = LogMeIn Hamachi
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{987B04C4-B5AC-4AD6-A7E9-8D681085B850}" = AMD USB Filter Driver
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch
"{ADE91A13-434D-4229-00BC-182BAD607303}" = Need for Speed™ Most Wanted
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EDC842C6-5607-48B9-A0B2-7D8B9BC57333}" = AD_Install
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"7-Zip" = 7-Zip 9.20
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Black Prophecy_is1" = Black Prophecy
"DAEMON Tools Lite" = DAEMON Tools Lite
"Free FLV Converter_is1" = Free FLV Converter V 6.98.0
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ImageJ_is1" = ImageJ 1.42q
"InstallShield_{2A2E822B-3B0E-46C1-9E3B-ACD7D1E95139}" = SAMSUNG PC Share Manager
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.0.1800
"Mozilla Firefox (3.6.25)" = Mozilla Firefox (3.6.25)
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"TeamViewer 6" = TeamViewer 6
"TeXnicCenter Alpha_is1" = TeXnicCenter Version 2.0 Alpha 3
"VLC media player" = VLC media player 1.1.11
"WinLiveSuite" = Windows Live Essentials
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 26.12.2011 20:03:57 | Computer Name = Vicky | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 26.12.2011 20:03:57 | Computer Name = Vicky | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 26.12.2011 20:03:57 | Computer Name = Vicky | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 26.12.2011 20:03:57 | Computer Name = Vicky | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 26.12.2011 20:04:28 | Computer Name = Vicky | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 26.12.2011 20:04:28 | Computer Name = Vicky | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 26.12.2011 20:04:28 | Computer Name = Vicky | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 26.12.2011 20:04:28 | Computer Name = Vicky | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 26.12.2011 20:04:28 | Computer Name = Vicky | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 26.12.2011 20:04:28 | Computer Name = Vicky | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
[ System Events ]
Error - 28.12.2011 19:27:49 | Computer Name = Vicky | Source = ipnathlp | ID = 31004
Description =
Error - 28.12.2011 19:29:56 | Computer Name = Vicky | Source = ipnathlp | ID = 31004
Description =
Error - 28.12.2011 19:40:12 | Computer Name = Vicky | Source = ipnathlp | ID = 31004
Description =
Error - 28.12.2011 20:00:19 | Computer Name = Vicky | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Windows\SysWow64\drivers\RkPavproc1.sys
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.
Error - 28.12.2011 20:00:19 | Computer Name = Vicky | Source = Service Control Manager | ID = 7000
Description = Der Dienst "RkPavproc1" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275
Error - 28.12.2011 20:23:21 | Computer Name = Vicky | Source = ipnathlp | ID = 31004
Description =
Error - 28.12.2011 21:12:01 | Computer Name = Vicky | Source = ipnathlp | ID = 31004
Description =
Error - 28.12.2011 21:28:38 | Computer Name = Vicky | Source = ipnathlp | ID = 31004
Description =
Error - 28.12.2011 22:02:09 | Computer Name = Vicky | Source = ipnathlp | ID = 31004
Description =
Error - 28.12.2011 22:32:22 | Computer Name = Vicky | Source = ipnathlp | ID = 31004
Description =
< End of report >
Und so auf den ersten Blick, eine Prognose: Ist da was ernsthaft Gefährliches dabei und eine Neuaufsetzung unvermeidbar?  |
|
29.12.2011, 07:43
| #2 |
  | Trojaner in AcroFF*.dll / Bafi.A (MSE) / CI.A (MBAM) Hi,
__________________hey Du Nase, Du hast jede Menge Trojaner, Backdoors, Passwordstealer drauf, wenn das mal nichts ernsthaftes ist... ;o).. Sofort von einem sauberen Rechner aus alle Passwörter ändern... Dateien Online überprüfen lassen
Code:
ATTFilter C:\Windows\MusiccityDownload.exe
C:\Windows\lsb_un20.exe
Fix für OTL
 Code:
ATTFilter
:OTL
[2011.12.22 15:03:55 | 000,000,000 | ---D | M] (Java String Helper) -- C:\USERS\BIANCO\APPDATA\ROAMING\5064
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O33 - MountPoints2\{14edffcb-7f7d-11e0-a1cd-1c6f6548819b}\Shell - "" = AutoRun
O33 - MountPoints2\{14edffcb-7f7d-11e0-a1cd-1c6f6548819b}\Shell\AutoRun\command - "" = F:\Autorun.exe
O33 - MountPoints2\{307f1ce2-e67d-11e0-84d4-1c6f6548819b}\Shell - "" = AutoRun
O33 - MountPoints2\{307f1ce2-e67d-11e0-84d4-1c6f6548819b}\Shell\AutoRun\command - "" = G:\Startme.exe
[2011.12.12 11:18:22 | 000,000,000 | ---D | C] -- C:\Users\Bianco\AppData\Roaming\5056
[2011.12.10 15:44:36 | 000,000,000 | ---D | C] -- C:\Users\Bianco\AppData\Roaming\5055
[2011.12.09 11:05:57 | 000,000,000 | ---D | C] -- C:\Users\Bianco\AppData\Roaming\5054
[2011.12.04 10:36:02 | 000,000,000 | ---D | C] -- C:\Users\Bianco\AppData\Roaming\5053
[2011.12.01 20:47:47 | 000,000,000 | ---D | C] -- C:\Users\Bianco\AppData\Roaming\5052
[2011.12.21 10:54:29 | 000,000,000 | ---D | C] -- C:\Users\Bianco\AppData\Roaming\5063
[2011.12.20 18:23:30 | 000,000,000 | ---D | C] -- C:\Users\Bianco\AppData\Roaming\5062
[2011.12.19 14:08:56 | 000,000,000 | ---D | C] -- C:\Users\Bianco\AppData\Roaming\5061
[2011.12.16 14:53:18 | 000,000,000 | ---D | C] -- C:\Users\Bianco\AppData\Roaming\5060
[2011.12.14 16:28:43 | 000,000,000 | ---D | C] -- C:\Users\Bianco\AppData\Roaming\5059
[2011.12.13 15:46:39 | 000,000,000 | ---D | C] -- C:\Users\Bianco\AppData\Roaming\5058
[2011.12.22 15:03:55 | 000,000,000 | ---D | C] -- C:\Users\Bianco\AppData\Roaming\5064
[2011.12.11 14:47:31 | 000,000,024 | ---- | C] () -- C:\Users\Bianco\AppData\Roaming\urhtps.dat
[2011.04.22 15:30:35 | 000,000,000 | ---D | M] -- C:\Users\Bianco\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011.11.19 04:20:05 | 000,000,000 | ---D | M] -- C:\Users\Bianco\AppData\Roaming\kock
[2011.12.23 12:39:56 | 000,000,000 | ---D | M] -- C:\Users\Bianco\AppData\Roaming\xmldm
:Commands
[emptytemp]
[Reboot]
TDSS-Killer Download und Anweisung unter: Wie werden Schadprogramme der Familie Rootkit.Win32.TDSS bekämpft? Entpacke alle Dateien in einem eigenen Verzeichnis (z. B: C:\TDSS)! Aufruf über den Explorer duch Doppelklick auf die TDSSKiller.exe. Nach dem Start erscheint ein Fenster, dort dann "Start Scan". Wenn der Scan fertig ist bitte "Report" anwählen. Es öffnet sich ein Fenster, den Text abkopieren und hier posten... Superantispyware (SASW): http://www.trojaner-board.de/51871-a...tispyware.html chris
__________________ |
|
29.12.2011, 12:04
| #3 |
| | Trojaner in AcroFF*.dll / Bafi.A (MSE) / CI.A (MBAM) Na super, war ja klar. ^^
__________________Nachdem MBAM nix mehr gefunden hatte, dachte ich, das Gröbste sei überstanden. Also nein.  Danke für die schnelle Antwort. Hier der Reihe nach: (da ist jetzt wirklich alles reinkopiert, aber eigentlich bräuchte man nur die "Additional information", oder?) Code:
ATTFilter 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.
File name:
MusiccityDownload.exe
Submission date:
2011-12-29 08:19:54 (UTC)
Current status:
queued (#5) queued analysing finished
Result:
0/ 43 (0.0%)
VT Community
not reviewed
Safety score: -
Compact
Print results
Antivirus Version Last Update Result
AhnLab-V3 2011.12.28.03 2011.12.28 -
AntiVir 7.11.20.64 2011.12.29 -
Antiy-AVL 2.0.3.7 2011.12.29 -
Avast 6.0.1289.0 2011.12.28 -
AVG 10.0.0.1190 2011.12.29 -
BitDefender 7.2 2011.12.29 -
ByteHero 1.0.0.1 2011.12.07 -
CAT-QuickHeal 12.00 2011.12.29 -
ClamAV 0.97.3.0 2011.12.29 -
Commtouch 5.3.2.6 2011.12.29 -
Comodo 11126 2011.12.29 -
DrWeb 5.0.2.03300 2011.12.29 -
Emsisoft 5.1.0.11 2011.12.29 -
eSafe 7.0.17.0 2011.12.29 -
eTrust-Vet 37.0.9652 2011.12.29 -
F-Prot 4.6.5.141 2011.12.28 -
F-Secure 9.0.16440.0 2011.12.29 -
Fortinet 4.3.388.0 2011.12.29 -
GData 22.324/22.610 2011.12.29 -
Ikarus T3.1.1.109.0 2011.12.29 -
Jiangmin 13.0.900 2011.12.28 -
K7AntiVirus 9.120.5796 2011.12.28 -
Kaspersky 9.0.0.837 2011.12.29 -
McAfee 5.400.0.1158 2011.12.29 -
McAfee-GW-Edition 2010.1E 2011.12.28 -
Microsoft 1.7903 2011.12.29 -
NOD32 6750 2011.12.29 -
Norman 6.07.13 2011.12.28 -
nProtect 2011-12-29.01 2011.12.29 -
Panda 10.0.3.5 2011.12.29 -
PCTools 8.0.0.5 2011.12.29 -
Prevx 3.0 2011.12.29 -
Rising 23.90.03.01 2011.12.29 -
Sophos 4.72.0 2011.12.29 -
SUPERAntiSpyware 4.40.0.1006 2011.12.28 -
Symantec 20111.2.0.82 2011.12.29 -
TheHacker 6.7.0.1.367 2011.12.29 -
TrendMicro 9.500.0.1008 2011.12.29 -
TrendMicro-HouseCall 9.500.0.1008 2011.12.29 -
VBA32 3.12.16.4 2011.12.29 -
VIPRE 11319 2011.12.29 -
ViRobot 2011.12.29.4852 2011.12.29 -
VirusBuster 14.1.138.0 2011.12.28 -
Additional information
Show all
MD5 : 35783ff1ccab7cfbfe799ef8d6476c0d
SHA1 : ad563aa5d439a32e085d657759d7d734b95d0d06
SHA256: 7f5e34f7f1376ef8e9137d3c2ddba192e2b9ca18e6e85298dbe99d5efe1658af
ssdeep: 192:PRRXHQIQ1+yte3fuUivuL1oynfY3/8YYsLwXozvyIl5x/THSyowJL/aMjGwP7XMK:JdtQkn
ic1RY3/z0ox5BWYJLWAhbj5n
File size : 30568 bytes
First seen: 2010-05-09 19:31:37
Last seen : 2011-12-29 08:19:54
TrID:
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
sigcheck:
publisher....:
copyright....: Copyright (C) 2007
product......: NYEDownload __ ____
description..: NYEDownload MFC __ ____
original name: NYEDownload.EXE
internal name: NYEDownload
file version.: 1, 0, 2007, 927
comments.....:
signers......: MarkAny Inc.
VeriSign Class 3 Code Signing 2004 CA
Class 3 Public Primary Certification Authority
signing date.: 10:54 16/11/2009
verified.....: -
PEiD: Armadillo v1.71
PEInfo: PE structure information
[[ basic data ]]
entrypointaddress: 0x192E
timedatestamp....: 0x47C619E0 (Thu Feb 28 02:18:08 2008)
machinetype......: 0x14c (I386)
[[ 4 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
.text, 0x1000, 0xBB2, 0x1000, 4.55, 96d0e663281dfa8971576b8aceced951
.rdata, 0x2000, 0xB20, 0x1000, 3.87, fb8447ef3496befaeca37c92debbadb7
.data, 0x3000, 0x188, 0x1000, 0.25, 635f6272ed391f39526f0cf578cd9ea4
.rsrc, 0x4000, 0x19F0, 0x2000, 3.98, 5b8122b5627eb6bdfc15a362d9bc43be
[[ 4 import(s) ]]
MFC42.DLL: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -
MSVCRT.dll: _adjust_fdiv, __p__commode, __p__fmode, __set_app_type, _except_handler3, _controlfp, _initterm, __getmainargs, _acmdln, exit, _XcptFilter, _exit, _onexit, __dllonexit, __CxxFrameHandler, strncpy, _mbscmp, _setmbcp, __setusermatherr
KERNEL32.dll: GetVersionExA, LoadLibraryA, MoveFileA, GetLastError, CreateMutexA, CloseHandle, GetModuleHandleA, GetStartupInfoA, GetProcAddress
USER32.dll: PostMessageA, EnableWindow
ExifTool:
file metadata
CharacterSet: Unicode
CodeSize: 4096
Comments:
CompanyName:
EntryPoint: 0x192e
FileDescription: NYEDownload MFC
FileFlagsMask: 0x003f
FileOS: Win32
FileSize: 30 kB
FileSubtype: 0
FileType: Win32 EXE
FileVersion: 1, 0, 2007, 927
FileVersionNumber: 1.0.2007.927
ImageVersion: 0.0
InitializedDataSize: 16384
InternalName: NYEDownload
LanguageCode: Korean
LegalCopyright: Copyright (C) 2007
LegalTrademarks:
LinkerVersion: 6.0
MIMEType: application/octet-stream
MachineType: Intel 386 or later, and compatibles
OSVersion: 4.0
ObjectFileType: Executable application
OriginalFilename: NYEDownload.EXE
PEType: PE32
PrivateBuild:
ProductName: NYEDownload
ProductVersion: 1, 0, 2007, 927
ProductVersionNumber: 1.0.2007.927
SpecialBuild:
Subsystem: Windows GUI
SubsystemVersion: 4.0
TimeStamp: 2008:02:28 03:18:08+01:00
UninitializedDataSize: 0
VT Community
0
This file has never been reviewed by any VT Community member. Be the first one to comment on it!
VirusTotal Team
Code:
ATTFilter 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.
File name:
lsb_un20.exe
Submission date:
2011-12-29 08:25:45 (UTC)
Current status:
queued (#5) queued (#8) analysing finished
Result:
0/ 43 (0.0%)
VT Community
not reviewed
Safety score: -
Compact
Print results
Antivirus Version Last Update Result
AhnLab-V3 2011.12.28.03 2011.12.28 -
AntiVir 7.11.20.64 2011.12.29 -
Antiy-AVL 2.0.3.7 2011.12.29 -
Avast 6.0.1289.0 2011.12.28 -
AVG 10.0.0.1190 2011.12.29 -
BitDefender 7.2 2011.12.29 -
ByteHero 1.0.0.1 2011.12.07 -
CAT-QuickHeal 12.00 2011.12.29 -
ClamAV 0.97.3.0 2011.12.29 -
Commtouch 5.3.2.6 2011.12.29 -
Comodo 11126 2011.12.29 -
DrWeb 5.0.2.03300 2011.12.29 -
Emsisoft 5.1.0.11 2011.12.29 -
eSafe 7.0.17.0 2011.12.29 -
eTrust-Vet 37.0.9652 2011.12.29 -
F-Prot 4.6.5.141 2011.12.28 -
F-Secure 9.0.16440.0 2011.12.29 -
Fortinet 4.3.388.0 2011.12.29 -
GData 22 2011.12.29 -
Ikarus T3.1.1.109.0 2011.12.29 -
Jiangmin 13.0.900 2011.12.28 -
K7AntiVirus 9.120.5796 2011.12.28 -
Kaspersky 9.0.0.837 2011.12.29 -
McAfee 5.400.0.1158 2011.12.29 -
McAfee-GW-Edition 2010.1E 2011.12.28 -
Microsoft 1.7903 2011.12.29 -
NOD32 6750 2011.12.29 -
Norman 6.07.13 2011.12.28 -
nProtect 2011-12-29.01 2011.12.29 -
Panda 10.0.3.5 2011.12.29 -
PCTools 8.0.0.5 2011.12.29 -
Prevx 3.0 2011.12.29 -
Rising 23.90.03.01 2011.12.29 -
Sophos 4.72.0 2011.12.29 -
SUPERAntiSpyware 4.40.0.1006 2011.12.28 -
Symantec 20111.2.0.82 2011.12.29 -
TheHacker 6.7.0.1.367 2011.12.29 -
TrendMicro 9.500.0.1008 2011.12.29 -
TrendMicro-HouseCall 9.500.0.1008 2011.12.29 -
VBA32 3.12.16.4 2011.12.29 -
VIPRE 11319 2011.12.29 -
ViRobot 2011.12.29.4852 2011.12.29 -
VirusBuster 14.1.138.0 2011.12.28 -
Additional information
Show all
MD5 : cc192386468bd7faf7624155877a7d2a
SHA1 : ed7445dd32c224ae889957c8e6d551f5998818a3
SHA256: e881b88e0461fb4da8cc8a4a6d99a5b3be9e2095d8b7b14d98475dfd39e9d4ce
ssdeep: 3072:Pp62QlvbyT7XbXxIuTfM7CE1jK62Ay/neAQ:PohbyT7XFIujM7JjKmN
File size : 119808 bytes
First seen: 2006-05-23 17:25:04
Last seen : 2011-12-29 08:25:45
TrID:
Win32 Executable Delphi generic (39.8%)
Win32 Executable Generic (23.1%)
Win32 Dynamic Link Library (generic) (20.5%)
Win16/32 Executable Delphi generic (5.6%)
Generic Win/DOS Executable (5.4%)
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: 2.2.0.0
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
PEInfo: PE structure information
[[ basic data ]]
entrypointaddress: 0x19C78
timedatestamp....: 0x2A425E19 (Fri Jun 19 22:22:17 1992)
machinetype......: 0x14c (I386)
[[ 8 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
CODE, 0x1000, 0x18C94, 0x18E00, 6.42, b162cb438439918f24e2f3740c814bae
DATA, 0x1A000, 0x648, 0x800, 2.46, 8a8607d9ea3e3ac47db174d76b360358
BSS, 0x1B000, 0xED1, 0x0, 0.00, d41d8cd98f00b204e9800998ecf8427e
.idata, 0x1C000, 0x1282, 0x1400, 4.68, 7896e0b1dde4d1edd20e832c933b63b8
.tls, 0x1E000, 0x8, 0x0, 0.00, d41d8cd98f00b204e9800998ecf8427e
.rdata, 0x1F000, 0x18, 0x200, 0.20, 95d7b101355c0c7bebac855893290c7d
.reloc, 0x20000, 0x1B2C, 0x1C00, 6.63, 17acf8fcf1411df23fb7f64c614d2d71
.rsrc, 0x22000, 0x800, 0x800, 4.09, 5d2ca4758dc8018ffb30edfccdf8a36e
[[ 14 import(s) ]]
kernel32.dll: DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, VirtualFree, VirtualAlloc, LocalFree, LocalAlloc, VirtualQuery, lstrlenA, lstrcpyA, LoadLibraryExA, GetThreadLocale, GetStartupInfoA, GetModuleFileNameA, GetLocaleInfoA, GetLastError, GetCommandLineA, FreeLibrary, ExitProcess, WriteFile, SetFilePointer, SetEndOfFile, RtlUnwind, ReadFile, RaiseException, GetStdHandle, GetFileSize, GetFileType, CreateFileA, CloseHandle
user32.dll: GetKeyboardType, MessageBoxA
advapi32.dll: RegQueryValueExA, RegOpenKeyExA, RegCloseKey
oleaut32.dll: VariantCopyInd, VariantClear, SysFreeString, SysReAllocStringLen
kernel32.dll: TlsSetValue, TlsGetValue, LocalAlloc, GetModuleHandleA, GetModuleFileNameA
advapi32.dll: RegSetValueExA, RegQueryValueExA, RegQueryInfoKeyA, RegOpenKeyExA, RegDeleteValueA, RegDeleteKeyA, RegCreateKeyExA, RegCloseKey
kernel32.dll: WriteFile, WideCharToMultiByte, WaitForSingleObject, VirtualFree, VirtualAlloc, SetFilePointer, SetFileAttributesA, SetErrorMode, SetEndOfFile, RemoveDirectoryA, ReleaseSemaphore, ReadFile, MulDiv, MoveFileExA, LoadLibraryExA, LeaveCriticalSection, InitializeCriticalSection, GlobalUnlock, GlobalReAlloc, GlobalHandle, GlobalLock, GlobalFree, GlobalAlloc, GetWindowsDirectoryA, GetVersionExA, GetTickCount, GetThreadLocale, GetSystemDirectoryA, GetShortPathNameA, GetProcAddress, GetModuleHandleA, GetLocaleInfoA, GetLastError, GetFileSize, GetFileAttributesA, GetExitCodeProcess, GetCurrentThreadId, GetCommandLineW, FreeLibrary, FindFirstFileA, FindClose, ExpandEnvironmentStringsA, EnterCriticalSection, DeleteFileA, DeleteCriticalSection, CreateProcessA, CreateFileA, CloseHandle
gdi32.dll: SetViewportOrgEx, SetTextColor, SetBkMode, SetBkColor, SelectPalette, SelectObject, SelectClipRgn, SaveDC, RestoreDC, RealizePalette, PtVisible, Polyline, IntersectClipRect, GetTextMetricsA, GetTextExtentPoint32A, GetTextCharacterExtra, GetStockObject, GetObjectA, GetDeviceCaps, GetCurrentObject, GetClipRgn, GetClipBox, GetCharWidthA, GetCharABCWidthsA, ExtTextOutA, ExcludeClipRect, DeleteObject, DeleteDC, CreateSolidBrush, CreateRectRgn, CreatePen, CreateHalftonePalette, CreateFontIndirectA, CreateCompatibleDC, CreateBitmap, BitBlt
user32.dll: VkKeyScanA, UpdateWindow, TranslateMessage, ShowWindow, SetWindowPos, SetWindowLongA, SetTimer, SetPropA, SetParent, SetForegroundWindow, SetFocus, SetCapture, SetActiveWindow, SendMessageA, RemovePropA, ReleaseDC, ReleaseCapture, RegisterClassA, RedrawWindow, PostQuitMessage, PostMessageA, PeekMessageA, MapWindowPoints, LoadIconA, LoadCursorA, KillTimer, IsWindowVisible, IsWindowEnabled, InvalidateRect, GetWindowRect, GetWindowLongA, GetSystemMetrics, GetSysColor, GetPropA, GetWindow, GetMessageA, GetIconInfo, GetFocus, GetDlgItem, GetDialogBaseUnits, GetDC, GetClientRect, GetActiveWindow, FillRect, EnumThreadWindows, EnumChildWindows, EndPaint, EnableWindow, DrawTextExA, DrawIconEx, DispatchMessageA, DestroyWindow, DestroyIcon, DestroyCursor, DefWindowProcA, CreateWindowExA, CopyImage, CallWindowProcA, BeginPaint, AdjustWindowRectEx
ole32.dll: OleUninitialize, OleInitialize
shell32.dll: ShellExecuteExA
shell32.dll: SHChangeNotify
comctl32.dll: InitCommonControls
user32.dll: GetUpdateRect
ExifTool:
file metadata
CharacterSet: Windows, Latin1
CodeSize: 101888
EntryPoint: 0x19c78
FileFlagsMask: 0x003f
FileOS: Win32
FileSize: 117 kB
FileSubtype: 0
FileType: Win32 EXE
FileVersion: 2.2.0.0
FileVersionNumber: 2.1.0.0
ImageVersion: 0.0
InitializedDataSize: 16896
LanguageCode: Italian
LinkerVersion: 2.25
MIMEType: application/octet-stream
MachineType: Intel 386 or later, and compatibles
OSVersion: 1.0
ObjectFileType: Executable application
PEType: PE32
ProductVersionNumber: 2.1.0.0
Subsystem: Windows GUI
SubsystemVersion: 4.0
TimeStamp: 1992:06:20 00:22:17+02:00
UninitializedDataSize: 0
VT Community
0
This file has never been reviewed by any VT Community member. Be the first one to comment on it!
VirusTotal Team
Code:
ATTFilter All processes killed
========== OTL ==========
C:\USERS\BIANCO\APPDATA\ROAMING\5064\components folder moved successfully.
C:\USERS\BIANCO\APPDATA\ROAMING\5064 folder moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{14edffcb-7f7d-11e0-a1cd-1c6f6548819b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{14edffcb-7f7d-11e0-a1cd-1c6f6548819b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{14edffcb-7f7d-11e0-a1cd-1c6f6548819b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{14edffcb-7f7d-11e0-a1cd-1c6f6548819b}\ not found.
File F:\Autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{307f1ce2-e67d-11e0-84d4-1c6f6548819b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{307f1ce2-e67d-11e0-84d4-1c6f6548819b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{307f1ce2-e67d-11e0-84d4-1c6f6548819b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{307f1ce2-e67d-11e0-84d4-1c6f6548819b}\ not found.
File G:\Startme.exe not found.
C:\Users\Bianco\AppData\Roaming\5056\components folder moved successfully.
C:\Users\Bianco\AppData\Roaming\5056 folder moved successfully.
C:\Users\Bianco\AppData\Roaming\5055\components folder moved successfully.
C:\Users\Bianco\AppData\Roaming\5055 folder moved successfully.
C:\Users\Bianco\AppData\Roaming\5054\components folder moved successfully.
C:\Users\Bianco\AppData\Roaming\5054 folder moved successfully.
C:\Users\Bianco\AppData\Roaming\5053\components folder moved successfully.
C:\Users\Bianco\AppData\Roaming\5053 folder moved successfully.
C:\Users\Bianco\AppData\Roaming\5052\components folder moved successfully.
C:\Users\Bianco\AppData\Roaming\5052 folder moved successfully.
C:\Users\Bianco\AppData\Roaming\5063\components folder moved successfully.
C:\Users\Bianco\AppData\Roaming\5063 folder moved successfully.
C:\Users\Bianco\AppData\Roaming\5062\components folder moved successfully.
C:\Users\Bianco\AppData\Roaming\5062 folder moved successfully.
C:\Users\Bianco\AppData\Roaming\5061\components folder moved successfully.
C:\Users\Bianco\AppData\Roaming\5061 folder moved successfully.
C:\Users\Bianco\AppData\Roaming\5060\components folder moved successfully.
C:\Users\Bianco\AppData\Roaming\5060 folder moved successfully.
C:\Users\Bianco\AppData\Roaming\5059\components folder moved successfully.
C:\Users\Bianco\AppData\Roaming\5059 folder moved successfully.
C:\Users\Bianco\AppData\Roaming\5058\components folder moved successfully.
C:\Users\Bianco\AppData\Roaming\5058 folder moved successfully.
Folder C:\Users\Bianco\AppData\Roaming\5064\ not found.
C:\Users\Bianco\AppData\Roaming\urhtps.dat moved successfully.
C:\Users\Bianco\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1\Local Store\HelpCfg\de_DE folder moved successfully.
C:\Users\Bianco\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1\Local Store\HelpCfg folder moved successfully.
C:\Users\Bianco\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1\Local Store\#SharedObjects folder moved successfully.
C:\Users\Bianco\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1\Local Store\#ApplicationUpdater folder moved successfully.
C:\Users\Bianco\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1\Local Store folder moved successfully.
C:\Users\Bianco\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 folder moved successfully.
C:\Users\Bianco\AppData\Roaming\kock folder moved successfully.
C:\Users\Bianco\AppData\Roaming\xmldm folder moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Bianco
->Temp folder emptied: 89173092 bytes
->Temporary Internet Files folder emptied: 12384606 bytes
->Java cache emptied: 9493219 bytes
->FireFox cache emptied: 44312739 bytes
->Flash cache emptied: 3949 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41620 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 20280 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 148,00 mb
OTL by OldTimer - Version 3.2.31.0 log created on 12292011_093638
Files\Folders moved on Reboot...
C:\Users\Bianco\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
Registry entries deleted on Reboot...
So nun haben wir ein Problem mit dem TDSSKiller. Er initialisiert sich, aber nur bis 80%, dann geschieht minutenlang nichts. Läuft aktuell noch... ah jetzt aber: Code:
ATTFilter 09:49:44.0780 3316 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
09:49:44.0842 3316 ============================================================
09:49:44.0842 3316 Current date / time: 2011/12/29 09:49:44.0842
09:49:44.0842 3316 SystemInfo:
09:49:44.0842 3316
09:49:44.0842 3316 OS Version: 6.1.7601 ServicePack: 1.0
09:49:44.0842 3316 Product type: Workstation
09:49:44.0842 3316 ComputerName: VICKY
09:49:44.0842 3316 UserName: Bianco
09:49:44.0842 3316 Windows directory: C:\Windows
09:49:44.0842 3316 System windows directory: C:\Windows
09:49:44.0842 3316 Running under WOW64
09:49:44.0842 3316 Processor architecture: Intel x64
09:49:44.0842 3316 Number of processors: 4
09:49:44.0842 3316 Page size: 0x1000
09:49:44.0842 3316 Boot type: Normal boot
09:49:44.0842 3316 ============================================================
09:50:51.0579 3316 Initialize success
09:51:07.0616 4500 ============================================================
09:51:07.0616 4500 Scan started
09:51:07.0616 4500 Mode: Manual;
09:51:07.0616 4500 ============================================================
09:51:08.0068 4500 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
09:51:08.0084 4500 1394ohci - ok
09:51:08.0146 4500 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
09:51:08.0162 4500 ACPI - ok
09:51:08.0193 4500 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
09:51:08.0193 4500 AcpiPmi - ok
09:51:08.0271 4500 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
09:51:08.0287 4500 adp94xx - ok
09:51:08.0318 4500 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
09:51:08.0318 4500 adpahci - ok
09:51:08.0334 4500 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
09:51:08.0349 4500 adpu320 - ok
09:51:08.0396 4500 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
09:51:08.0412 4500 AFD - ok
09:51:08.0427 4500 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
09:51:08.0427 4500 agp440 - ok
09:51:08.0443 4500 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
09:51:08.0443 4500 aliide - ok
09:51:08.0458 4500 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
09:51:08.0458 4500 amdide - ok
09:51:08.0474 4500 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
09:51:08.0474 4500 AmdK8 - ok
09:51:08.0490 4500 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
09:51:08.0490 4500 AmdPPM - ok
09:51:08.0521 4500 amdsata (53d8d46d51d390abdb54eca623165cb7) C:\Windows\system32\DRIVERS\amdsata.sys
09:51:08.0521 4500 amdsata - ok
09:51:08.0552 4500 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
09:51:08.0552 4500 amdsbs - ok
09:51:08.0568 4500 amdxata (75c51148154e34eb3d7bb84749a758d5) C:\Windows\system32\DRIVERS\amdxata.sys
09:51:08.0568 4500 amdxata - ok
09:51:08.0599 4500 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
09:51:08.0614 4500 AppID - ok
09:51:08.0646 4500 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
09:51:08.0646 4500 arc - ok
09:51:08.0661 4500 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
09:51:08.0661 4500 arcsas - ok
09:51:08.0692 4500 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
09:51:08.0692 4500 AsyncMac - ok
09:51:08.0724 4500 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
09:51:08.0724 4500 atapi - ok
09:51:08.0770 4500 athr (d6cad7e5b05055bb8226bdcb1644da27) C:\Windows\system32\DRIVERS\athrx.sys
09:51:08.0786 4500 athr - ok
09:51:08.0817 4500 AtiPcie (7c5d273e29dcc5505469b299c6f29163) C:\Windows\system32\DRIVERS\AtiPcie.sys
09:51:08.0817 4500 AtiPcie - ok
09:51:08.0833 4500 AVFSFilter - ok
09:51:08.0880 4500 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
09:51:08.0895 4500 b06bdrv - ok
09:51:08.0911 4500 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
09:51:08.0911 4500 b57nd60a - ok
09:51:08.0926 4500 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
09:51:08.0942 4500 Beep - ok
09:51:08.0958 4500 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
09:51:08.0958 4500 blbdrive - ok
09:51:09.0004 4500 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
09:51:09.0004 4500 bowser - ok
09:51:09.0020 4500 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
09:51:09.0020 4500 BrFiltLo - ok
09:51:09.0036 4500 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
09:51:09.0036 4500 BrFiltUp - ok
09:51:09.0067 4500 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
09:51:09.0067 4500 Brserid - ok
09:51:09.0082 4500 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
09:51:09.0082 4500 BrSerWdm - ok
09:51:09.0098 4500 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
09:51:09.0098 4500 BrUsbMdm - ok
09:51:09.0114 4500 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
09:51:09.0114 4500 BrUsbSer - ok
09:51:09.0176 4500 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
09:51:09.0176 4500 BthEnum - ok
09:51:09.0192 4500 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
09:51:09.0192 4500 BTHMODEM - ok
09:51:09.0238 4500 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
09:51:09.0238 4500 BthPan - ok
09:51:09.0285 4500 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
09:51:09.0301 4500 BTHPORT - ok
09:51:09.0316 4500 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
09:51:09.0332 4500 BTHUSB - ok
09:51:09.0348 4500 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
09:51:09.0348 4500 cdfs - ok
09:51:09.0410 4500 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
09:51:09.0410 4500 cdrom - ok
09:51:09.0441 4500 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
09:51:09.0441 4500 circlass - ok
09:51:09.0472 4500 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
09:51:09.0472 4500 CLFS - ok
09:51:09.0519 4500 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
09:51:09.0519 4500 CmBatt - ok
09:51:09.0550 4500 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
09:51:09.0550 4500 cmdide - ok
09:51:09.0597 4500 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
09:51:09.0597 4500 CNG - ok
09:51:09.0613 4500 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
09:51:09.0613 4500 Compbatt - ok
09:51:09.0660 4500 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
09:51:09.0660 4500 CompositeBus - ok
09:51:09.0691 4500 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
09:51:09.0691 4500 crcdisk - ok
09:51:09.0753 4500 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
09:51:09.0769 4500 DfsC - ok
09:51:09.0784 4500 dgderdrv - ok
09:51:09.0816 4500 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
09:51:09.0831 4500 discache - ok
09:51:09.0940 4500 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
09:51:09.0940 4500 Disk - ok
09:51:10.0034 4500 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
09:51:10.0034 4500 Dot4 - ok
09:51:10.0081 4500 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\drivers\Dot4Prt.sys
09:51:10.0096 4500 Dot4Print - ok
09:51:10.0112 4500 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
09:51:10.0112 4500 dot4usb - ok
09:51:10.0143 4500 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
09:51:10.0143 4500 drmkaud - ok
09:51:10.0190 4500 dtsoftbus01 (fb9bef3401ee5ecc2603311b9c64f44a) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
09:51:10.0190 4500 dtsoftbus01 - ok
09:51:10.0237 4500 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
09:51:10.0237 4500 DXGKrnl - ok
09:51:10.0299 4500 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
09:51:10.0330 4500 ebdrv - ok
09:51:10.0377 4500 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
09:51:10.0377 4500 elxstor - ok
09:51:10.0424 4500 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
09:51:10.0424 4500 ErrDev - ok
09:51:10.0455 4500 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
09:51:10.0471 4500 exfat - ok
09:51:10.0486 4500 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
09:51:10.0486 4500 fastfat - ok
09:51:10.0502 4500 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
09:51:10.0502 4500 fdc - ok
09:51:10.0533 4500 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
09:51:10.0533 4500 FileInfo - ok
09:51:10.0549 4500 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
09:51:10.0549 4500 Filetrace - ok
09:51:10.0564 4500 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
09:51:10.0564 4500 flpydisk - ok
09:51:10.0611 4500 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
09:51:10.0627 4500 FltMgr - ok
09:51:10.0642 4500 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
09:51:10.0642 4500 FsDepends - ok
09:51:10.0658 4500 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
09:51:10.0658 4500 Fs_Rec - ok
09:51:10.0720 4500 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
09:51:10.0720 4500 fvevol - ok
09:51:10.0752 4500 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
09:51:10.0752 4500 gagp30kx - ok
09:51:10.0783 4500 gdrv (7907e14f9bcf3a4689c9a74a1a873cb6) C:\Windows\gdrv.sys
09:51:10.0814 4500 gdrv - ok
09:51:10.0845 4500 GVTDrv64 (8126331fbd4ed29eb3b356f9c905064d) C:\Windows\GVTDrv64.sys
09:51:10.0861 4500 GVTDrv64 - ok
09:51:10.0908 4500 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
09:51:10.0908 4500 hamachi - ok
09:51:10.0939 4500 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
09:51:10.0939 4500 hcw85cir - ok
09:51:11.0001 4500 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
09:51:11.0017 4500 HdAudAddService - ok
09:51:11.0064 4500 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
09:51:11.0064 4500 HDAudBus - ok
09:51:11.0095 4500 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
09:51:11.0095 4500 HidBatt - ok
09:51:11.0110 4500 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
09:51:11.0110 4500 HidBth - ok
09:51:11.0126 4500 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
09:51:11.0126 4500 HidIr - ok
09:51:11.0173 4500 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
09:51:11.0173 4500 HidUsb - ok
09:51:11.0188 4500 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
09:51:11.0188 4500 HpSAMD - ok
09:51:11.0266 4500 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
09:51:11.0282 4500 HTTP - ok
09:51:11.0313 4500 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
09:51:11.0313 4500 hwpolicy - ok
09:51:11.0329 4500 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
09:51:11.0329 4500 i8042prt - ok
09:51:11.0376 4500 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
09:51:11.0376 4500 iaStorV - ok
09:51:11.0407 4500 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
09:51:11.0407 4500 iirsp - ok
09:51:11.0516 4500 IntcAzAudAddService (0adf714079ae174a39d69036143e4c50) C:\Windows\system32\drivers\RTKVHD64.sys
09:51:11.0532 4500 IntcAzAudAddService - ok
09:51:11.0563 4500 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
09:51:11.0563 4500 intelide - ok
09:51:11.0594 4500 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
09:51:11.0594 4500 intelppm - ok
09:51:11.0641 4500 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:51:11.0641 4500 IpFilterDriver - ok
09:51:11.0672 4500 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
09:51:11.0672 4500 IPMIDRV - ok
09:51:11.0688 4500 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
09:51:11.0688 4500 IPNAT - ok
09:51:11.0719 4500 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
09:51:11.0719 4500 IRENUM - ok
09:51:11.0734 4500 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
09:51:11.0734 4500 isapnp - ok
09:51:11.0750 4500 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
09:51:11.0750 4500 iScsiPrt - ok
09:51:11.0781 4500 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
09:51:11.0797 4500 kbdclass - ok
09:51:11.0812 4500 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
09:51:11.0812 4500 kbdhid - ok
09:51:11.0844 4500 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
09:51:11.0844 4500 KSecDD - ok
09:51:11.0875 4500 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
09:51:11.0875 4500 KSecPkg - ok
09:51:11.0890 4500 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
09:51:11.0890 4500 ksthunk - ok
09:51:11.0953 4500 LHidFilt (24e09882ba51b9830ae029888a3aaf18) C:\Windows\system32\DRIVERS\LHidFilt.Sys
09:51:11.0953 4500 LHidFilt - ok
09:51:11.0968 4500 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
09:51:11.0968 4500 lltdio - ok
09:51:12.0000 4500 LMouFilt (2f94325d8c10e2b715f3d753c2422aac) C:\Windows\system32\DRIVERS\LMouFilt.Sys
09:51:12.0000 4500 LMouFilt - ok
09:51:12.0015 4500 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
09:51:12.0031 4500 LSI_FC - ok
09:51:12.0046 4500 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
09:51:12.0046 4500 LSI_SAS - ok
09:51:12.0062 4500 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
09:51:12.0062 4500 LSI_SAS2 - ok
09:51:12.0093 4500 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
09:51:12.0093 4500 LSI_SCSI - ok
09:51:12.0109 4500 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
09:51:12.0109 4500 luafv - ok
09:51:12.0171 4500 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
09:51:12.0171 4500 MBAMProtector - ok
09:51:12.0202 4500 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
09:51:12.0202 4500 megasas - ok
09:51:12.0218 4500 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
09:51:12.0218 4500 MegaSR - ok
09:51:12.0249 4500 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
09:51:12.0249 4500 Modem - ok
09:51:12.0265 4500 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
09:51:12.0265 4500 monitor - ok
09:51:12.0327 4500 MotioninJoyXFilter (16f9f464da6e02a020bce626c56a1797) C:\Windows\system32\DRIVERS\MijXfilt.sys
09:51:12.0343 4500 MotioninJoyXFilter - ok
09:51:12.0358 4500 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
09:51:12.0358 4500 mouclass - ok
09:51:12.0374 4500 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
09:51:12.0390 4500 mouhid - ok
09:51:12.0421 4500 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
09:51:12.0421 4500 mountmgr - ok
09:51:12.0452 4500 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys
09:51:12.0452 4500 MpFilter - ok
09:51:12.0514 4500 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
09:51:12.0514 4500 mpio - ok
09:51:12.0546 4500 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys
09:51:12.0546 4500 MpNWMon - ok
09:51:12.0561 4500 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
09:51:12.0577 4500 mpsdrv - ok
09:51:12.0608 4500 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
09:51:12.0608 4500 MRxDAV - ok
09:51:12.0655 4500 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
09:51:12.0655 4500 mrxsmb - ok
09:51:12.0702 4500 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:51:12.0717 4500 mrxsmb10 - ok
09:51:12.0733 4500 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:51:12.0748 4500 mrxsmb20 - ok
09:51:12.0780 4500 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
09:51:12.0780 4500 msahci - ok
09:51:12.0795 4500 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
09:51:12.0795 4500 msdsm - ok
09:51:12.0842 4500 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
09:51:12.0842 4500 Msfs - ok
09:51:12.0873 4500 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
09:51:12.0889 4500 mshidkmdf - ok
09:51:12.0920 4500 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
09:51:12.0920 4500 msisadrv - ok
09:51:12.0951 4500 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
09:51:12.0951 4500 MSKSSRV - ok
09:51:12.0998 4500 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
09:51:12.0998 4500 MSPCLOCK - ok
09:51:13.0014 4500 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
09:51:13.0029 4500 MSPQM - ok
09:51:13.0076 4500 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
09:51:13.0076 4500 MsRPC - ok
09:51:13.0092 4500 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
09:51:13.0092 4500 mssmbios - ok
09:51:13.0123 4500 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
09:51:13.0123 4500 MSTEE - ok
09:51:13.0123 4500 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
09:51:13.0123 4500 MTConfig - ok
09:51:13.0154 4500 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
09:51:13.0154 4500 Mup - ok
09:51:13.0185 4500 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
09:51:13.0185 4500 NativeWifiP - ok
09:51:13.0248 4500 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
09:51:13.0279 4500 NDIS - ok
09:51:13.0294 4500 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
09:51:13.0294 4500 NdisCap - ok
09:51:13.0310 4500 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
09:51:13.0310 4500 NdisTapi - ok
09:51:13.0357 4500 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
09:51:13.0357 4500 Ndisuio - ok
09:51:13.0388 4500 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
09:51:13.0388 4500 NdisWan - ok
09:51:13.0435 4500 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
09:51:13.0435 4500 NDProxy - ok
09:51:13.0466 4500 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
09:51:13.0466 4500 NetBIOS - ok
09:51:13.0482 4500 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
09:51:13.0497 4500 NetBT - ok
09:51:13.0560 4500 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
09:51:13.0560 4500 nfrd960 - ok
09:51:13.0606 4500 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
09:51:13.0606 4500 NisDrv - ok
09:51:13.0622 4500 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
09:51:13.0638 4500 Npfs - ok
09:51:13.0653 4500 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
09:51:13.0653 4500 nsiproxy - ok
09:51:13.0716 4500 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
09:51:13.0731 4500 Ntfs - ok
09:51:13.0747 4500 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
09:51:13.0747 4500 Null - ok
09:51:13.0778 4500 nusb3hub (785298579b5f9b4032152dfbb992fdb6) C:\Windows\system32\DRIVERS\nusb3hub.sys
09:51:13.0778 4500 nusb3hub - ok
09:51:13.0809 4500 nusb3xhc (df2750481b4964814467c974f2b0eef1) C:\Windows\system32\DRIVERS\nusb3xhc.sys
09:51:13.0809 4500 nusb3xhc - ok
09:51:13.0809 4500 NVHDA - ok
09:51:14.0028 4500 nvlddmkm (10ad52b18792420e27bd5a0e912b1891) C:\Windows\system32\DRIVERS\nvlddmkm.sys
09:51:14.0090 4500 nvlddmkm - ok
09:51:14.0121 4500 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
09:51:14.0121 4500 nvraid - ok
09:51:14.0152 4500 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
09:51:14.0152 4500 nvstor - ok
09:51:14.0215 4500 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
09:51:14.0215 4500 nv_agp - ok
09:51:14.0246 4500 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
09:51:14.0246 4500 ohci1394 - ok
09:51:14.0293 4500 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
09:51:14.0293 4500 Parport - ok
09:51:14.0324 4500 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
09:51:14.0340 4500 partmgr - ok
09:51:14.0386 4500 pavboot (8a0f8a9580d9f2fc512a35d5709088a9) C:\Windows\system32\drivers\pavboot64.sys
09:51:14.0386 4500 pavboot - ok
09:51:14.0402 4500 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
09:51:14.0402 4500 pci - ok
09:51:14.0433 4500 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
09:51:14.0433 4500 pciide - ok
09:51:14.0464 4500 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
09:51:14.0464 4500 pcmcia - ok
09:51:14.0480 4500 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
09:51:14.0480 4500 pcw - ok
09:51:14.0511 4500 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
09:51:14.0511 4500 PEAUTH - ok
09:51:14.0589 4500 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
09:51:14.0589 4500 PptpMiniport - ok
09:51:14.0605 4500 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
09:51:14.0605 4500 Processor - ok
09:51:14.0667 4500 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
09:51:14.0667 4500 Psched - ok
09:51:14.0714 4500 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
09:51:14.0745 4500 ql2300 - ok
09:51:14.0761 4500 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
09:51:14.0761 4500 ql40xx - ok
09:51:14.0792 4500 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
09:51:14.0792 4500 QWAVEdrv - ok
09:51:14.0792 4500 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
09:51:14.0792 4500 RasAcd - ok
09:51:14.0823 4500 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
09:51:14.0823 4500 RasAgileVpn - ok
09:51:14.0870 4500 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
09:51:14.0870 4500 Rasl2tp - ok
09:51:14.0886 4500 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
09:51:14.0886 4500 RasPppoe - ok
09:51:14.0917 4500 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
09:51:14.0917 4500 RasSstp - ok
09:51:14.0979 4500 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
09:51:14.0979 4500 rdbss - ok
09:51:14.0995 4500 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
09:51:15.0010 4500 rdpbus - ok
09:51:15.0026 4500 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
09:51:15.0026 4500 RDPCDD - ok
09:51:15.0042 4500 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
09:51:15.0042 4500 RDPENCDD - ok
09:51:15.0073 4500 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
09:51:15.0073 4500 RDPREFMP - ok
09:51:15.0104 4500 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
09:51:15.0104 4500 RDPWD - ok
09:51:15.0151 4500 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
09:51:15.0151 4500 rdyboost - ok
09:51:15.0213 4500 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
09:51:15.0229 4500 RFCOMM - ok
09:51:15.0260 4500 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
09:51:15.0260 4500 rspndr - ok
09:51:15.0307 4500 RTL8167 (4fbda07ef0a3097ce14c5cabf723b278) C:\Windows\system32\DRIVERS\Rt64win7.sys
09:51:15.0307 4500 RTL8167 - ok
09:51:15.0338 4500 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
09:51:15.0338 4500 sbp2port - ok
09:51:15.0385 4500 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
09:51:15.0385 4500 scfilter - ok
09:51:15.0416 4500 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
09:51:15.0416 4500 secdrv - ok
09:51:15.0447 4500 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
09:51:15.0447 4500 Serenum - ok
09:51:15.0463 4500 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
09:51:15.0463 4500 Serial - ok
09:51:15.0478 4500 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
09:51:15.0478 4500 sermouse - ok
09:51:15.0525 4500 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
09:51:15.0525 4500 sffdisk - ok
09:51:15.0541 4500 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
09:51:15.0541 4500 sffp_mmc - ok
09:51:15.0572 4500 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
09:51:15.0572 4500 sffp_sd - ok
09:51:15.0572 4500 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
09:51:15.0572 4500 sfloppy - ok
09:51:15.0603 4500 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
09:51:15.0603 4500 SiSRaid2 - ok
09:51:15.0619 4500 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
09:51:15.0619 4500 SiSRaid4 - ok
09:51:15.0634 4500 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
09:51:15.0634 4500 Smb - ok
09:51:15.0666 4500 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
09:51:15.0666 4500 spldr - ok
09:51:15.0712 4500 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
09:51:15.0728 4500 srv - ok
09:51:15.0744 4500 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
09:51:15.0759 4500 srv2 - ok
09:51:15.0775 4500 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
09:51:15.0775 4500 srvnet - ok
09:51:15.0806 4500 sscebus (f74634f46692c8315e7f37f698af3225) C:\Windows\system32\DRIVERS\sscebus.sys
09:51:15.0822 4500 sscebus - ok
09:51:15.0868 4500 sscemdfl (82732b391efd69b0548044be9cb37bfc) C:\Windows\system32\DRIVERS\sscemdfl.sys
09:51:15.0868 4500 sscemdfl - ok
09:51:15.0884 4500 sscemdm (43d56ace4469d90f9790e8352d87d9b5) C:\Windows\system32\DRIVERS\sscemdm.sys
09:51:15.0884 4500 sscemdm - ok
09:51:15.0900 4500 ssceserd (db504ef6d73f6b8ab5cf8a18560c4e2a) C:\Windows\system32\DRIVERS\ssceserd.sys
09:51:15.0915 4500 ssceserd - ok
09:51:15.0946 4500 ss_bbus (ef806d212d34b0e173baeb3564d53e37) C:\Windows\system32\DRIVERS\ss_bbus.sys
09:51:15.0962 4500 ss_bbus - ok
09:51:15.0993 4500 ss_bmdfl (08b1b34abebeb6ac2dea06900c56411e) C:\Windows\system32\DRIVERS\ss_bmdfl.sys
09:51:15.0993 4500 ss_bmdfl - ok
09:51:16.0009 4500 ss_bmdm (71a9da6beaa4cb54dfb827fb78600a5d) C:\Windows\system32\DRIVERS\ss_bmdm.sys
09:51:16.0009 4500 ss_bmdm - ok
09:51:16.0024 4500 ss_bserd (677cdc98f8363accaae783fde1599c2a) C:\Windows\system32\DRIVERS\ss_bserd.sys
09:51:16.0024 4500 ss_bserd - ok
09:51:16.0056 4500 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
09:51:16.0056 4500 stexstor - ok
09:51:16.0102 4500 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
09:51:16.0102 4500 StillCam - ok
09:51:16.0149 4500 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
09:51:16.0149 4500 swenum - ok
09:51:16.0243 4500 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
09:51:16.0274 4500 Tcpip - ok
09:51:16.0305 4500 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
09:51:16.0321 4500 TCPIP6 - ok
09:51:16.0352 4500 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
09:51:16.0352 4500 tcpipreg - ok
09:51:16.0383 4500 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
09:51:16.0383 4500 TDPIPE - ok
09:51:16.0399 4500 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
09:51:16.0399 4500 TDTCP - ok
09:51:16.0446 4500 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
09:51:16.0446 4500 tdx - ok
09:51:16.0477 4500 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
09:51:16.0477 4500 TermDD - ok
09:51:16.0524 4500 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
09:51:16.0524 4500 tssecsrv - ok
09:51:16.0602 4500 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
09:51:16.0602 4500 TsUsbFlt - ok
09:51:16.0648 4500 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
09:51:16.0648 4500 tunnel - ok
09:51:16.0680 4500 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
09:51:16.0680 4500 uagp35 - ok
09:51:16.0726 4500 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
09:51:16.0742 4500 udfs - ok
09:51:16.0789 4500 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
09:51:16.0789 4500 uliagpkx - ok
09:51:16.0804 4500 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
09:51:16.0820 4500 umbus - ok
09:51:16.0836 4500 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
09:51:16.0836 4500 UmPass - ok
09:51:16.0882 4500 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
09:51:16.0882 4500 usbccgp - ok
09:51:16.0914 4500 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
09:51:16.0914 4500 usbcir - ok
09:51:16.0929 4500 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
09:51:16.0945 4500 usbehci - ok
09:51:16.0960 4500 usbfilter (2c780746dc44a28fe67004dc58173f05) C:\Windows\system32\DRIVERS\usbfilter.sys
09:51:16.0960 4500 usbfilter - ok
09:51:16.0976 4500 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
09:51:16.0992 4500 usbhub - ok
09:51:17.0007 4500 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
09:51:17.0007 4500 usbohci - ok
09:51:17.0023 4500 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
09:51:17.0023 4500 usbprint - ok
09:51:17.0070 4500 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
09:51:17.0070 4500 usbscan - ok
09:51:17.0101 4500 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:51:17.0101 4500 USBSTOR - ok
09:51:17.0132 4500 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
09:51:17.0132 4500 usbuhci - ok
09:51:17.0163 4500 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
09:51:17.0163 4500 vdrvroot - ok
09:51:17.0179 4500 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
09:51:17.0179 4500 vga - ok
09:51:17.0194 4500 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
09:51:17.0194 4500 VgaSave - ok
09:51:17.0226 4500 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
09:51:17.0226 4500 vhdmp - ok
09:51:17.0272 4500 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
09:51:17.0272 4500 viaide - ok
09:51:17.0288 4500 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
09:51:17.0288 4500 volmgr - ok
09:51:17.0335 4500 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
09:51:17.0350 4500 volmgrx - ok
09:51:17.0366 4500 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
09:51:17.0382 4500 volsnap - ok
09:51:17.0397 4500 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
09:51:17.0413 4500 vsmraid - ok
09:51:17.0444 4500 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
09:51:17.0444 4500 vwifibus - ok
09:51:17.0475 4500 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
09:51:17.0475 4500 vwififlt - ok
09:51:17.0506 4500 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
09:51:17.0506 4500 vwifimp - ok
09:51:17.0538 4500 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
09:51:17.0538 4500 WacomPen - ok
09:51:17.0569 4500 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
09:51:17.0569 4500 WANARP - ok
09:51:17.0569 4500 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
09:51:17.0569 4500 Wanarpv6 - ok
09:51:17.0600 4500 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
09:51:17.0600 4500 Wd - ok
09:51:17.0616 4500 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
09:51:17.0631 4500 Wdf01000 - ok
09:51:17.0678 4500 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
09:51:17.0678 4500 WfpLwf - ok
09:51:17.0694 4500 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
09:51:17.0694 4500 WIMMount - ok
09:51:17.0756 4500 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
09:51:17.0756 4500 WinUsb - ok
09:51:17.0818 4500 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
09:51:17.0818 4500 WmiAcpi - ok
09:51:17.0865 4500 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
09:51:17.0865 4500 ws2ifsl - ok
09:51:17.0896 4500 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys
09:51:17.0896 4500 WSDPrintDevice - ok
09:51:17.0943 4500 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
09:51:17.0943 4500 WudfPf - ok
09:51:17.0974 4500 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
09:51:17.0974 4500 WUDFRd - ok
09:51:18.0021 4500 xusb21 (2ee48cfce7ca8e0db4c44c7476c0943b) C:\Windows\system32\DRIVERS\xusb21.sys
09:51:18.0037 4500 xusb21 - ok
09:51:18.0084 4500 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
09:51:18.0130 4500 \Device\Harddisk0\DR0 - ok
09:51:18.0130 4500 Boot (0x1200) (11965ca34b912550c4758c39e92d6752) \Device\Harddisk0\DR0\Partition0
09:51:18.0130 4500 \Device\Harddisk0\DR0\Partition0 - ok
09:51:18.0146 4500 Boot (0x1200) (88bf45dc91eeb7cc1d8580a737f7fca7) \Device\Harddisk0\DR0\Partition1
09:51:18.0146 4500 \Device\Harddisk0\DR0\Partition1 - ok
09:51:18.0177 4500 Boot (0x1200) (794f4511f0b1dd54e2326d0d7f5ba244) \Device\Harddisk0\DR0\Partition2
09:51:18.0177 4500 \Device\Harddisk0\DR0\Partition2 - ok
09:51:18.0177 4500 ============================================================
09:51:18.0177 4500 Scan finished
09:51:18.0177 4500 ============================================================
09:51:18.0193 1436 Detected object count: 0
09:51:18.0193 1436 Actual detected object count: 0
Letzter Punkt folgt. ...hat auch nur schlappe 2 Stunden gedauert. Code:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 12/29/2011 at 11:45 AM
Application Version : 5.0.1142
Core Rules Database Version : 8089
Trace Rules Database Version: 5901
Scan type : Complete Scan
Total Scan Time : 01:45:52
Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User
Memory items scanned : 598
Memory threats detected : 0
Registry items scanned : 71568
Registry threats detected : 0
File items scanned : 240599
File threats detected : 17
Adware.Tracking Cookie
C:\Users\Bianco\AppData\Roaming\Microsoft\Windows\Cookies\PY0B03YG.txt [ /adform.net ]
C:\Users\Bianco\AppData\Roaming\Microsoft\Windows\Cookies\1FU88O4L.txt [ /ad4.adfarm1.adition.com ]
C:\Users\Bianco\AppData\Roaming\Microsoft\Windows\Cookies\N5GHHQWE.txt [ /track.adform.net ]
C:\Users\Bianco\AppData\Roaming\Microsoft\Windows\Cookies\VR8X7AE9.txt [ /doubleclick.net ]
C:\Users\Bianco\AppData\Roaming\Microsoft\Windows\Cookies\FSRXRTWN.txt [ /ad2.adfarm1.adition.com ]
C:\Users\Bianco\AppData\Roaming\Microsoft\Windows\Cookies\RMULBB68.txt [ /ad.yieldmanager.com ]
C:\Users\Bianco\AppData\Roaming\Microsoft\Windows\Cookies\GHW0ZUFW.txt [ /adfarm1.adition.com ]
C:\USERS\BIANCO\AppData\Roaming\Microsoft\Windows\Cookies\7R4J6YVT.txt [ Cookie:bianco@google.com/accounts/ ]
C:\USERS\BIANCO\AppData\Roaming\Microsoft\Windows\Cookies\Low\8V716J61.txt [ Cookie:bianco@google.com/accounts/ ]
C:\USERS\BIANCO\AppData\Roaming\Microsoft\Windows\Cookies\Low\OVH30P1Z.txt [ Cookie:bianco@www.google.com/accounts ]
C:\USERS\BIANCO\Cookies\7R4J6YVT.txt [ Cookie:bianco@google.com/accounts/ ]
C:\USERS\BIANCO\Cookies\PY0B03YG.txt [ Cookie:bianco@adform.net/ ]
C:\USERS\BIANCO\Cookies\N5GHHQWE.txt [ Cookie:bianco@track.adform.net/ ]
C:\USERS\BIANCO\Cookies\VR8X7AE9.txt [ Cookie:bianco@doubleclick.net/ ]
C:\USERS\BIANCO\Cookies\RMULBB68.txt [ Cookie:bianco@ad.yieldmanager.com/ ]
C:\USERS\BIANCO\Cookies\GHW0ZUFW.txt [ Cookie:bianco@adfarm1.adition.com/ ]
Heuristic.Agent/Gen-Dropper
C:\PROGRAM FILES (X86)\NEED FOR SPEED - MOST WANTED\CRACK\SD4HIDE\SD4HIDE.EXE
Mir war nicht klar, dass ich das noch hier habe. Denke aber auch nicht, dass das der Urheber sämtlicher Quellen ist, weil es schon seit fast 6 Jahren da ist. Und außerdem hab ich es meines Wissens seit 1-2 Jahren nicht mehr ausgeführt. (Da ich es sowieso nicht nutze und ja sowieso illegal ist, würde ich es löschen. Geht das gefahrlos? Ich nehme mal an, ja?) Vielen Dank schon und nochmals für die Hilfe, mit freundlichem Gruß //Edit#1: Kann ich SUPERAntiSpyware auflassen und nachher wenn die "Freigabe" kommt die Gefahren einfach beseitigen lassen? //Edit#2: Ich habe übrigens die OTL auf den Desktop verschoben, das hatte ich beim ersten Scan vergessen. Ich weiß nicht, inwiefern das bei eventuell weiteren Fixes relevant ist. Geändert von Bexod (29.12.2011 um 12:06 Uhr) Grund: Nachtrag |
|
29.12.2011, 13:18
| #4 |
| | Trojaner in AcroFF*.dll / Bafi.A (MSE) / CI.A (MBAM) Hi, SASW alles löschen lassen, MAM updaten und nochmal Fullscan... Wegen dem Crack ist das mein letztes posting... chris&out
__________________  Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden  ) |
|
29.12.2011, 19:56
| #5 |
| | Trojaner in AcroFF*.dll / Bafi.A (MSE) / CI.A (MBAM) Guten Abend, leider fürchte ich, dass Chris dies nicht mehr liest. Nichtsdestotrotz möchte ich mich für die (scheinbar) erfolgreiche Hilfe bedanken. Und um Entschuldigung bitten, falls du dich jetzt ärgerst, mir geholfen zu haben. Es mag zwar keine Rolle mehr spielen und ihr könnt mir das nun auch glauben oder nicht, aber dieser Bezug oben war die einzig illegale Software, die meines Wissens jemals auf einem meiner Systeme gelandet war. Und ich hätte sie ganz sicher gelöscht, wenn ich gewusst hätte, dass sie noch da ist. Nachdem ich sie dann beim Scan entdeckt habe, hatte ich überlegt das Log entsprechend abzuändern, wollte aber getreu dem Motto „Ehrlich währt am Längsten“, diesen Fehler eingestehen und hatte gehofft mit offenkundiger Reue und Versuch der Korrektur zur milde gestimmt zu haben. Dass dies nicht der Fall ist, kann ich allerdings auch nachvollziehen und es tut mir Leid, falls damit mehr als Unannehmlichkeiten entstanden sein sollten. Da ich sehr zufrieden mit der kompetenten Hilfe war und auch in Zukunft auf die Unterstützung des Trojaner-Boards gehofft hatte, würde mich noch interessieren, ob ich hiermit unwiderruflich mein Privileg auf Hilfe verwirkt habe, trotz in Zukunft legal gehaltenem Systems? Um noch zum zwangsweisen Abschluss der Sache zu kommen: SASW hat noch mal ein paar TrackingCookies gefunden, allerdings nichts Gravierenderes (so scheint es). MBAM hat wie schon heute Morgen überhaupt nicht mehr angeschlagen. Lediglich der ESET Online Scanner hat die von OTL gefixten Schädlinge im Ordner _OTL gefunden. Falls sich noch jemand erbarmen lässt, hätte ich dazu die Frage, ob ich den Ordner nun gefahrlos löschen kann oder die da halt drin bleiben. Ansonsten nochmals vielen Dank und sorry. Einen angenehmen Abend noch & einen guten Rutsch ins neue Jahr, mit freundlichen Grüßen Bexod |
|
| Themen zu Trojaner in AcroFF*.dll / Bafi.A (MSE) / CI.A (MBAM) |
| 64-bit, 7-zip, acroiehelpe, adobe, autorun, backdoor.agent, bereit, bho, black, browser, c:\windows\system32\rundll32.exe, dateisystem, entfernen, error, erste mal, fehler, firefox, flash player, google earth, helper, heuristiks/extra, heuristiks/shuriken, hijack, home, install.exe, kein log, langs, logfile, microsoft office word, microsoft security, microsoft security essentials, office 2007, officejet, plug-in, programm, realtek, registry, required, rundll, scan, security, security update, senden, server, software, trj/ci.a, trojan.passwords, trojaner, usb, usb 3.0, webcheck |
Linear-Darstellung
