|
Plagegeister aller Art und deren Bekämpfung: Trojaner in AcroFF*.dll / Bafi.A (MSE) / CI.A (MBAM)Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
29.12.2011, 04:32 | #1 |
| Trojaner in AcroFF*.dll / Bafi.A (MSE) / CI.A (MBAM) Hallo und guten Abend, man versucht's zwar immer wieder alleine zu lösen und landet dann doch wieder hier. Der Titel des Themas ist gerade nicht so aussagekräftig. Ich habe dabei aber mehr an andere Suchende gedacht. Das sind so die Informationen, die ich bis jetzt im Zusammenhang mit meinem Fall erkennen konnte. Einleitung: Ich hatte in den Wochen vor Weihnachten einige Abstürze von Skype. Allerdings ohne erkennbares Muster oder schwerwiegende Konsequenzen. Auch der IE stürzte ab und zu ab, da aber selten genutzt, kann ich keine Angabe zur Häufigkeit machen. Dann nun seit Montag stürzte auch der Firefox relativ häufig, aber nicht schwerwiegend ab. Manchmal eine Weile nichts, daher ebenfalls kein erkennbares Muster. Nun meldete sich heute oder gestern Microsoft Security Essentials (das zuständige Virenprogramm) mit der Entdeckung und Entfernung von Trojanern, die mit Trojan:Win32/Bafi.A einmal auch .B angegeben sind. Ein vollständiger Scan brachte ein paar mehr Funde desselben Trojaners zu Tage. Alle nach dem Muster AppData/Roaming/[vierstellige Zahl]/components/AcroFF*****.dll. Daraufhin ließ ich im FF den Panda ActiveScan2.0 laufen, der allerdings nicht beendet werden konnte, da Firefox abstürzte. (also kein Log) Weitere Schritte in Kurzfassung: - Cookies im FF komplett gelöscht - neuste FF-Version installiert - CCleaner alles säubern lassen - Spamfighter gedownloadet und 10-12 Trojaner entfernen lassen (leider kein Log) Dann habe ich mich endlich an Vorgaben hier aus dem Forum gehalten und Malewarebytes' Anti-Malware installiert und scannen lassen. Wie empfohlen wurde dann gleich gesäubert: Code:
ATTFilter Datenbank Version: v2011.12.28.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Bianco :: VICKY [Administrator] Schutz: Aktiviert 28.12.2011 22:21:41 mbam-log-2011-12-28 (22-21-41).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 176323 Laufzeit: 2 Minute(n), 13 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 7 HKCR\CLSID\{EFF39A40-C163-4d5d-B073-52FBB55C646A} (Trojan.Passwords) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EFF39A40-C163-4D5D-B073-52FBB55C646A} (Trojan.Passwords) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{EFF39A40-C163-4D5D-B073-52FBB55C646A} (Trojan.Passwords) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EFF39A40-C163-4D5D-B073-52FBB55C646A} (Trojan.Passwords) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C689C99E-3A8C-4c87-A79C-C80DC9C81632} (Trojan.Banker) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{C689C99E-3A8C-4c87-A79C-C80DC9C81632} (Trojan.Banker) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C689C99E-3A8C-4c87-A79C-C80DC9C81632} (Trojan.Banker) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Userinit (Backdoor.Agent) -> Daten: C:\Users\Bianco\AppData\Roaming\appconf32.exe -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 2 C:\Users\Bianco\AppData\Roaming\AcroIEHelpe068.dll (Trojan.Passwords) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Bianco\AppData\Roaming\appconf32.exe (Backdoor.Agent) -> Löschen bei Neustart. (Ende) Nach dem Neustart gab dann MSE das erste Mal keine Warnungen mehr raus, was mich ja hoffen ließ. Auch ein weiterer vollständiger Scan mit MBAM machte Hoffnung: Code:
ATTFilter Datenbank Version: v2011.12.28.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Bianco :: VICKY [Administrator] Schutz: Aktiviert 28.12.2011 23:28:59 mbam-log-2011-12-28 (23-28-59).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 419969 Laufzeit: 1 Stunde(n), 5 Minute(n), 6 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter ;*********************************************************************************************************************************************************************************** ANALYSIS: 2011-12-29 02:32:56 PROTECTIONS: 1 MALWARE: 13 SUSPECTS: 0 ;*********************************************************************************************************************************************************************************** PROTECTIONS Description Version Active Updated ;=================================================================================================================================================================================== Microsoft Security Essentials Yes Yes ;=================================================================================================================================================================================== MALWARE Id Description Type Active Severity Disinfectable Disinfected Location ;=================================================================================================================================================================================== 00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\users\bianco\appdata\roaming\microsoft\windows\cookies\vr8x7ae9.txt 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\users\bianco\appdata\roaming\microsoft\windows\cookies\rmulbb68.txt 03074964 Trj/CI.A Virus/Trojan No 0 Yes No c:\users\bianco\appdata\roaming\5060\components\acroff0606.dll 03074964 Trj/CI.A Virus/Trojan No 0 Yes No c:\users\bianco\appdata\roaming\5062\components\acroff0620.dll 03074964 Trj/CI.A Virus/Trojan No 0 Yes No c:\users\bianco\appdata\roaming\5064\components\acroff064.dll 09193703 Exploit/CVE-2010-0840 SecRisk No 0 Yes No c:\users\bianco\appdata\locallow\sun\java\deployment\cache\6.0\62\6f9d807e-37a56584[support/attachment.class] 09193705 Exploit/CVE-2010-0840 SecRisk No 0 Yes No c:\users\bianco\appdata\locallow\sun\java\deployment\cache\6.0\62\6f9d807e-37a56584[support/cid.class] 09612215 Generic Trojan Virus/Trojan No 0 Yes No c:\users\bianco\appdata\roaming\5052\components\acroff0528.dll 09659561 Generic Trojan Virus/Trojan No 0 Yes No c:\users\bianco\appdata\roaming\5052\components\acroff0526.dll 09661052 Generic Trojan Virus/Trojan No 0 Yes No c:\users\bianco\appdata\roaming\5060\components\acroff0605.dll 09666169 Generic Trojan Virus/Trojan No 0 Yes No c:\users\bianco\appdata\roaming\5064\components\acroff0648.dll 09666286 Generic Trojan Virus/Trojan No 0 Yes No c:\users\bianco\appdata\roaming\5064\components\acroff0645.dll 09666287 Generic Trojan Virus/Trojan No 0 Yes No c:\users\bianco\appdata\roaming\5064\components\acroff0646.dll 09666291 Generic Trojan Virus/Trojan No 0 Yes No c:\users\bianco\appdata\roaming\5061\components\acroff0617.dll 09666291 Generic Trojan Virus/Trojan No 0 Yes No c:\users\bianco\appdata\roaming\5064\components\acroff0647.dll 09678068 Generic Malware Virus/Trojan No 0 Yes No c:\users\bianco\appdata\roaming\5060\components\acroff0600.dll ;=================================================================================================================================================================================== SUSPECTS Sent Location ;=================================================================================================================================================================================== ;=================================================================================================================================================================================== VULNERABILITIES Id Severity Description ;=================================================================================================================================================================================== ;=================================================================================================================================================================================== Nun scheine ich also noch einige inaktive, daher aber nicht mindergefährliche Trojaner an Bord zu haben, die sich sicher nach dem nächsten Neustart oder Ähnlichem bereit machen, was auch immer, zu tun. In diesem Sinne: Hilfe! PS: Ich hatte, nachdem ich gemerkt habe, dass die Fehler nicht am FF liegen, wieder eine ältere Version installiert. OTF-Auswertungen noch: Code:
ATTFilter OTL logfile created on: 29.12.2011 03:56:55 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Bianco\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,31 Gb Available Physical Memory | 57,69% Memory free 7,99 Gb Paging File | 6,28 Gb Available in Paging File | 78,54% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 555,55 Gb Total Space | 128,83 Gb Free Space | 23,19% Space Free | Partition Type: NTFS Drive D: | 375,86 Gb Total Space | 375,76 Gb Free Space | 99,97% Space Free | Partition Type: NTFS Computer Name: VICKY | User Name: Bianco | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.12.29 03:52:36 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Bianco\Downloads\OTL.exe PRC - [2011.12.24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Anti-Malware\mbamservice.exe PRC - [2011.12.24 17:50:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Anti-Malware\mbamgui.exe PRC - [2011.09.02 01:42:06 | 024,183,152 | ---- | M] (Dropbox, Inc.) -- C:\Users\Bianco\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2010.07.29 17:57:34 | 000,248,936 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2009.11.20 12:17:54 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe ========== Modules (No Company Name) ========== ========== Win32 Services (SafeList) ========== SRV:64bit: - [2011.04.27 16:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv) SRV:64bit: - [2011.04.27 16:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc) SRV - [2011.12.24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011.11.03 19:25:08 | 002,358,656 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6) SRV - [2011.08.15 16:18:12 | 002,329,480 | ---- | M] (LogMeIn Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2010.10.28 11:14:30 | 000,357,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ) SRV - [2010.07.29 17:57:34 | 000,248,936 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.02.17 16:19:34 | 003,007,488 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Samsung\PC Share Manager\WiselinkPro.exe -- (WiselinkPro) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2011.12.10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2011.07.20 08:46:06 | 000,161,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscemdm.sys -- (sscemdm) DRV:64bit: - [2011.07.20 08:46:06 | 000,129,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssceserd.sys -- (ssceserd) SAMSUNG Mobile Modem Diagnostic Serial Port V2 (WDM) DRV:64bit: - [2011.07.20 08:46:06 | 000,127,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscebus.sys -- (sscebus) SAMSUNG USB Composite Device V2 driver (WDM) DRV:64bit: - [2011.07.20 08:46:06 | 000,018,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscemdfl.sys -- (sscemdfl) DRV:64bit: - [2011.07.20 08:45:58 | 000,161,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bmdm.sys -- (ss_bmdm) DRV:64bit: - [2011.07.20 08:45:58 | 000,128,000 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bserd.sys -- (ss_bserd) DRV:64bit: - [2011.07.20 08:45:58 | 000,127,488 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bbus.sys -- (ss_bbus) SAMSUNG USB Mobile Device (WDM) DRV:64bit: - [2011.07.20 08:45:58 | 000,018,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bmdfl.sys -- (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter) DRV:64bit: - [2011.05.16 08:36:21 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2011.04.27 14:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv) DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.10.21 15:11:04 | 000,097,552 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MijXfilt.sys -- (MotioninJoyXFilter) DRV:64bit: - [2010.08.24 18:29:32 | 000,057,936 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt) DRV:64bit: - [2010.08.24 18:29:10 | 000,063,568 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt) DRV:64bit: - [2010.05.27 08:40:22 | 001,550,848 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2010.03.22 10:57:20 | 000,347,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009.12.22 02:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter) DRV:64bit: - [2009.11.20 12:16:02 | 000,177,152 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2009.11.20 12:15:58 | 000,075,776 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2009.10.07 11:13:34 | 000,070,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2009.10.07 11:13:34 | 000,028,728 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2009.08.13 22:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 01:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV:64bit: - [2009.07.14 01:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam) DRV:64bit: - [2009.06.30 10:37:16 | 000,033,800 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\pavboot64.sys -- (pavboot) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.05 02:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO) DRV:64bit: - [2009.03.18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV - [2010.11.21 05:39:44 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv) DRV - [2010.11.21 05:39:10 | 000,030,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\GVTDrv64.sys -- (GVTDrv64) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 78 A7 C1 E0 3B D0 CB 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = www-cache.uni-halle.de:3128 ========== FireFox ========== FF - prefs.js..browser.search.update: false FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de" FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.2 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.8 FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.10 FF - prefs.js..extensions.enabledItems: gmailwatcher@sonthakit:1.47 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}:6.0.27 FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.1.10 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:2.0.2 FF - prefs.js..extensions.enabledItems: adblockpopups@jessehakanen.net:0.2.9 FF - prefs.js..extensions.enabledItems: {184AA5E6-741D-464a-820E-94B3ABC2F3B4}:1.0 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll File not found FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll File not found FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files (x86)\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security, S.L.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.12.29 00:43:09 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.12.29 00:43:09 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\Bianco\AppData\Roaming\5064 [2011.12.22 15:03:55 | 000,000,000 | ---D | M] [2011.08.24 10:42:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bianco\AppData\Roaming\mozilla\Extensions [2011.12.28 16:52:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bianco\AppData\Roaming\mozilla\Firefox\Profiles\fs6947nh.default\extensions [2011.12.22 05:07:33 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\Bianco\AppData\Roaming\mozilla\Firefox\Profiles\fs6947nh.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b} [2011.12.23 20:42:10 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Bianco\AppData\Roaming\mozilla\Firefox\Profiles\fs6947nh.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2011.12.28 13:01:47 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Bianco\AppData\Roaming\mozilla\Firefox\Profiles\fs6947nh.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2011.10.31 09:46:33 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\Bianco\AppData\Roaming\mozilla\Firefox\Profiles\fs6947nh.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} [2011.10.01 19:57:27 | 000,000,000 | ---D | M] (Adblock Plus Pop-up Addon) -- C:\Users\Bianco\AppData\Roaming\mozilla\Firefox\Profiles\fs6947nh.default\extensions\adblockpopups@jessehakanen.net [2011.08.24 21:53:45 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\Bianco\AppData\Roaming\mozilla\Firefox\Profiles\fs6947nh.default\extensions\de-DE@dictionaries.addons.mozilla.org [2011.12.17 02:18:54 | 000,000,000 | ---D | M] (Gmail Watcher) -- C:\Users\Bianco\AppData\Roaming\mozilla\Firefox\Profiles\fs6947nh.default\extensions\gmailwatcher@sonthakit [2011.12.29 00:43:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions File not found (No name found) -- C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} [2011.12.22 15:03:55 | 000,000,000 | ---D | M] (Java String Helper) -- C:\USERS\BIANCO\APPDATA\ROAMING\5064 [2011.08.26 23:30:39 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2011.12.13 01:14:25 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.12.13 01:14:25 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011.12.13 01:14:25 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011.12.13 01:14:25 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2011.12.13 01:14:25 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation) O4 - HKCU..\Run: [ICQ] C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.) O4 - Startup: C:\Users\Bianco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Bianco\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\Bianco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\[Vimeo-12280336] Daisy Lowe for UK esquire HD - Verknüpfung.lnk = C:\Users\Bianco\Videos\Daisy Lowe for UK esquire HD.mp4 () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} hxxp://download.gigabyte.com.tw/object/Dldrv.ocx (Dldrv2 Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27) O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{32A44F64-7AAA-4B86-8DC3-FC1D757FDFAE}: DhcpNameServer = 192.168.25.10 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{14edffcb-7f7d-11e0-a1cd-1c6f6548819b}\Shell - "" = AutoRun O33 - MountPoints2\{14edffcb-7f7d-11e0-a1cd-1c6f6548819b}\Shell\AutoRun\command - "" = F:\Autorun.exe O33 - MountPoints2\{307f1ce2-e67d-11e0-84d4-1c6f6548819b}\Shell - "" = AutoRun O33 - MountPoints2\{307f1ce2-e67d-11e0-84d4-1c6f6548819b}\Shell\AutoRun\command - "" = G:\Startme.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) MsConfig:64bit - StartUpReg: KiesPDLR - hkey= - key= - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () MsConfig:64bit - StartUpReg: KiesTrayAgent - hkey= - key= - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) MsConfig:64bit - StartUpReg: LogMeIn Hamachi Ui - hkey= - key= - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) MsConfig:64bit - StartUpReg: SwitchBoard - hkey= - key= - File not found MsConfig:64bit - State: "startup" - Reg Error: Key error. MsConfig:64bit - State: "services" - Reg Error: Key error. CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011.12.29 00:58:55 | 000,033,800 | ---- | C] (Panda Security, S.L.) -- C:\Windows\SysNative\drivers\pavboot64.sys [2011.12.28 23:19:55 | 000,000,000 | ---D | C] -- C:\Users\Bianco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis [2011.12.28 23:19:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HiJackThis [2011.12.28 22:20:20 | 000,000,000 | ---D | C] -- C:\Users\Bianco\AppData\Roaming\Malwarebytes [2011.12.28 22:20:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.12.28 22:20:11 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2011.12.28 22:20:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Anti-Malware [2011.12.28 20:32:27 | 000,000,000 | ---D | C] -- C:\ProgramData\clp [2011.12.28 15:16:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Panda Security [2011.12.22 15:03:55 | 000,000,000 | ---D | C] -- C:\Users\Bianco\AppData\Roaming\5064 [2011.12.22 14:10:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi [2011.12.22 14:10:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi [2011.12.21 10:54:29 | 000,000,000 | ---D | C] -- C:\Users\Bianco\AppData\Roaming\5063 [2011.12.20 18:23:30 | 000,000,000 | ---D | C] -- C:\Users\Bianco\AppData\Roaming\5062 [2011.12.19 14:08:56 | 000,000,000 | ---D | C] -- C:\Users\Bianco\AppData\Roaming\5061 [2011.12.16 14:53:18 | 000,000,000 | ---D | C] -- C:\Users\Bianco\AppData\Roaming\5060 [2011.12.14 16:28:43 | 000,000,000 | ---D | C] -- C:\Users\Bianco\AppData\Roaming\5059 [2011.12.13 15:46:39 | 000,000,000 | ---D | C] -- C:\Users\Bianco\AppData\Roaming\5058 [2011.12.12 14:54:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ICQ7.7 [2011.12.12 14:54:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ICQ7.7 [2011.12.12 11:18:22 | 000,000,000 | ---D | C] -- C:\Users\Bianco\AppData\Roaming\5056 [2011.12.10 15:44:36 | 000,000,000 | ---D | C] -- C:\Users\Bianco\AppData\Roaming\5055 [2011.12.09 11:05:57 | 000,000,000 | ---D | C] -- C:\Users\Bianco\AppData\Roaming\5054 [2011.12.04 10:36:02 | 000,000,000 | ---D | C] -- C:\Users\Bianco\AppData\Roaming\5053 [2011.12.01 20:47:47 | 000,000,000 | ---D | C] -- C:\Users\Bianco\AppData\Roaming\5052 [2011.12.01 20:10:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2 C:\Users\Bianco\AppData\Roaming\*.tmp files -> C:\Users\Bianco\AppData\Roaming\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.12.29 03:32:25 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.12.28 23:14:36 | 000,014,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.12.28 23:14:36 | 000,014,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.12.28 23:07:28 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.12.28 23:07:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.12.28 23:07:16 | 3219,300,352 | -HS- | M] () -- C:\hiberfil.sys [2011.12.14 07:58:47 | 004,863,712 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2011.12.12 13:34:37 | 000,000,024 | ---- | M] () -- C:\Users\Bianco\AppData\Roaming\urhtps.dat [2011.12.10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2011.12.09 19:39:20 | 004,540,106 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.12.09 19:39:20 | 001,786,018 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.12.09 19:39:20 | 001,342,482 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.12.09 19:39:20 | 001,193,392 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.12.09 19:39:20 | 000,006,472 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.12.08 20:59:41 | 000,009,979 | ---- | M] () -- C:\Users\Public\Documents\MandyBewerbungTUB.pdf [2 C:\Users\Bianco\AppData\Roaming\*.tmp files -> C:\Users\Bianco\AppData\Roaming\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.12.11 14:47:31 | 000,000,024 | ---- | C] () -- C:\Users\Bianco\AppData\Roaming\urhtps.dat [2011.12.10 14:03:33 | 000,009,979 | ---- | C] () -- C:\Users\Public\Documents\MandyBewerbungTUB.pdf [2011.09.18 13:43:44 | 000,000,337 | ---- | C] () -- C:\Users\Bianco\AppData\Local\Perfmon.PerfmonCfg [2011.07.26 16:26:48 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2011.07.26 16:26:46 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2011.07.26 16:26:46 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2011.07.26 16:26:46 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2011.07.26 16:26:46 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2011.07.19 21:06:07 | 000,006,454 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.07.09 09:24:59 | 000,000,132 | ---- | C] () -- C:\Users\Bianco\AppData\Roaming\Adobe PNG Format CS5 Prefs [2011.05.25 06:23:03 | 000,000,000 | ---- | C] () -- C:\Users\Bianco\AppData\Local\{951B364D-4355-4BFB-BA19-F499AA39035E} [2010.11.21 08:33:21 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.11.21 05:12:12 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys [2010.11.21 04:06:25 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini [2010.08.05 11:15:30 | 000,007,764 | ---- | C] () -- C:\Windows\cadx2.ini [2009.08.27 08:04:12 | 000,207,400 | R--- | C] () -- C:\Windows\GSetup.exe [2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2002.09.18 00:45:00 | 000,119,808 | ---- | C] () -- C:\Windows\lsb_un20.exe ========== LOP Check ========== [2011.11.19 15:13:34 | 000,000,000 | ---D | M] -- C:\Users\Bianco\AppData\Roaming\5043 [2011.11.20 14:28:12 | 000,000,000 | ---D | M] -- C:\Users\Bianco\AppData\Roaming\5044 [2011.11.21 20:02:13 | 000,000,000 | ---D | M] -- C:\Users\Bianco\AppData\Roaming\5045 [2011.11.22 13:13:32 | 000,000,000 | ---D | M] -- C:\Users\Bianco\AppData\Roaming\5047 [2011.11.23 10:34:47 | 000,000,000 | ---D | M] -- C:\Users\Bianco\AppData\Roaming\5048 [2011.11.24 15:40:06 | 000,000,000 | ---D | M] -- C:\Users\Bianco\AppData\Roaming\5049 [2011.11.25 18:10:55 | 000,000,000 | ---D | M] -- C:\Users\Bianco\AppData\Roaming\5050 [2011.11.28 17:51:54 | 000,000,000 | ---D | M] -- C:\Users\Bianco\AppData\Roaming\5051 [2011.12.01 20:47:47 | 000,000,000 | ---D | M] -- C:\Users\Bianco\AppData\Roaming\5052 [2011.12.04 10:36:02 | 000,000,000 | ---D | M] -- C:\Users\Bianco\AppData\Roaming\5053 [2011.12.09 11:05:57 | 000,000,000 | ---D | M] -- C:\Users\Bianco\AppData\Roaming\5054 [2011.12.10 15:44:36 | 000,000,000 | ---D | M] -- C:\Users\Bianco\AppData\Roaming\5055 [2011.12.12 11:18:22 | 000,000,000 | ---D | M] -- C:\Users\Bianco\AppData\Roaming\5056 [2011.12.13 15:46:39 | 000,000,000 | ---D | M] -- C:\Users\Bianco\AppData\Roaming\5058 [2011.12.14 16:28:43 | 000,000,000 | ---D | M] -- C:\Users\Bianco\AppData\Roaming\5059 [2011.12.16 14:53:18 | 000,000,000 | ---D | M] -- C:\Users\Bianco\AppData\Roaming\5060 [2011.12.19 14:08:56 | 000,000,000 | ---D | M] -- C:\Users\Bianco\AppData\Roaming\5061 [2011.12.20 18:23:30 | 000,000,000 | ---D | M] -- C:\Users\Bianco\AppData\Roaming\5062 [2011.12.21 10:54:29 | 000,000,000 | ---D | M] -- C:\Users\Bianco\AppData\Roaming\5063 [2011.12.22 15:03:55 | 000,000,000 | ---D | M] -- C:\Users\Bianco\AppData\Roaming\5064 [2011.07.18 07:32:36 | 000,000,000 | ---D | M] -- C:\Users\Bianco\AppData\Roaming\Amazon [2011.04.22 15:30:35 | 000,000,000 | ---D | M] -- C:\Users\Bianco\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2011.12.28 20:06:20 | 000,000,000 | ---D | M] -- C:\Users\Bianco\AppData\Roaming\DAEMON Tools Lite [2011.12.28 23:07:51 | 000,000,000 | ---D | M] -- C:\Users\Bianco\AppData\Roaming\Dropbox [2011.06.29 09:24:04 | 000,000,000 | ---D | M] -- C:\Users\Bianco\AppData\Roaming\FreeFLVConverter [2011.12.29 02:42:04 | 000,000,000 | ---D | M] -- C:\Users\Bianco\AppData\Roaming\ICQ [2011.11.19 04:20:05 | 000,000,000 | ---D | M] -- C:\Users\Bianco\AppData\Roaming\kock [2010.11.21 07:21:50 | 000,000,000 | ---D | M] -- C:\Users\Bianco\AppData\Roaming\Leadertech [2011.03.10 13:09:23 | 000,000,000 | ---D | M] -- C:\Users\Bianco\AppData\Roaming\Meine Traffic [2011.01.07 17:36:52 | 000,000,000 | ---D | M] -- C:\Users\Bianco\AppData\Roaming\MotioninJoy [2010.11.21 06:45:14 | 000,000,000 | ---D | M] -- C:\Users\Bianco\AppData\Roaming\Mouse Recorder Pro [2011.08.12 11:05:07 | 000,000,000 | ---D | M] -- C:\Users\Bianco\AppData\Roaming\Samsung [2011.08.11 19:30:48 | 000,000,000 | ---D | M] -- C:\Users\Bianco\AppData\Roaming\TeamViewer [2011.12.01 20:04:37 | 000,000,000 | ---D | M] -- C:\Users\Bianco\AppData\Roaming\UAs [2011.12.23 12:39:56 | 000,000,000 | ---D | M] -- C:\Users\Bianco\AppData\Roaming\xmldm [2011.12.02 09:44:34 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2010.12.28 11:22:51 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2011.12.28 23:19:55 | 000,000,000 | -H-D | M] -- C:\Config.Msi [2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2010.11.21 04:02:20 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2010.11.21 07:14:26 | 000,000,000 | RH-D | M] -- C:\MSOCache [2010.11.21 06:06:29 | 000,000,000 | ---D | M] -- C:\NVIDIA [2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs [2011.11.22 15:21:02 | 000,000,000 | R--D | M] -- C:\Program Files [2011.12.28 23:19:54 | 000,000,000 | R--D | M] -- C:\Program Files (x86) [2011.12.28 22:20:15 | 000,000,000 | -H-D | M] -- C:\ProgramData [2010.11.21 04:02:20 | 000,000,000 | -HSD | M] -- C:\Programme [2010.11.21 04:02:20 | 000,000,000 | -HSD | M] -- C:\Recovery [2011.09.16 09:15:52 | 000,000,000 | ---D | M] -- C:\Skins SP [2011.12.29 03:57:50 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2011.11.22 15:18:01 | 000,000,000 | ---D | M] -- C:\Temp [2010.11.21 04:02:32 | 000,000,000 | R--D | M] -- C:\Users [2011.12.28 23:07:15 | 000,000,000 | ---D | M] -- C:\Windows [2011.12.06 15:14:36 | 000,000,000 | ---D | M] -- C:\Zipster < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.manifest /3 > < MD5 for: AFD.SYS > [2011.04.25 03:44:02 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=6EF20DDF3172E97D69F596FB90602F29 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16802_none_3430bc3977dfec2d\afd.sys [2009.07.14 00:21:42 | 000,500,224 | ---- | M] (Microsoft Corporation) MD5=B9384E03479D2506BC924C16A3DB87BC -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16385_none_33dd3439781e25f7\afd.sys [2010.11.20 10:23:34 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=D31DC7A16DEA4A9BAF179F3D6FBDB38C -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_360e4801750ca991\afd.sys [2011.04.25 03:34:03 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=D5B031C308A409A0A576BFF4CF083D30 -- C:\Windows\SysNative\drivers\afd.sys [2011.04.25 03:34:03 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=D5B031C308A409A0A576BFF4CF083D30 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_3618198975057170\afd.sys [2011.04.25 04:09:35 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=F4AD06143EAC303F55D0E86C40802976 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_3695e61e8e2c13d4\afd.sys [2011.04.25 03:44:27 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=FBFF8B7C9D116229E9208A0D1CAEB49B -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.20951_none_3483491e9126fe55\afd.sys < MD5 for: EXPLORER.EXE > [2011.02.26 07:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe [2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe [2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe [2011.02.26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe [2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe [2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe [2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe [2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe [2011.02.26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe [2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe [2009.08.03 07:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe [2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe [2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe [2010.11.20 14:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe [2009.10.31 07:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe [2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe [2009.07.14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe [2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe [2011.02.26 07:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe [2009.08.03 07:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe < MD5 for: REGEDIT.EXE > [2009.07.14 02:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5023a70bf589ad3e\regedit.exe [2009.07.14 02:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe [2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\SysWOW64\regedit.exe [2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5a78515e29ea6f39\regedit.exe < MD5 for: USERINIT.EXE > [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe [2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe [2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2011.12.24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files (x86)\Anti-Malware\Chameleon\winlogon.exe [2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > < End of report > Code:
ATTFilter OTL Extras logfile created on: 29.12.2011 03:56:55 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Bianco\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,31 Gb Available Physical Memory | 57,69% Memory free 7,99 Gb Paging File | 6,28 Gb Available in Paging File | 78,54% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 555,55 Gb Total Space | 128,83 Gb Free Space | 23,19% Space Free | Partition Type: NTFS Drive D: | 375,86 Gb Total Space | 375,76 Gb Free Space | 99,97% Space Free | Partition Type: NTFS Computer Name: VICKY | User Name: Bianco | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack "{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant "{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64 "{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll "{42738DB0-FC3E-4672-A99B-9372F5696E30}" = Microsoft Security Client "{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64 "{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 "{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64 "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007 "{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64 "{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64 "{C862EC05-1C15-4327-B15D-C7788D6CFF73}" = Image Resizer Powertoy Clone for Windows (64 bit) "{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64 "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones "{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client DE-DE Language Pack "{E0FE1E14-3A7A-4DB0-9FFA-0DD945AE84DB}" = HP Officejet Pro 8500 A910 - Grundlegende Software für das Gerät "{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit "CCleaner" = CCleaner "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft Security Client" = Microsoft Security Essentials "MiKTeX 2.9" = MiKTeX 2.9 "NVIDIA Display Control Panel" = NVIDIA Display Control Panel "NVIDIA Drivers" = NVIDIA Drivers "sp6" = Logitech SetPoint 6.20 "WinRAR archiver" = WinRAR [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86 "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 "{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}" = Mass Effect "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{2315B23D-3E21-4920-837D-AE6460934ECB}" = FIFA 09 "{26A24AE4-039D-4CA4-87B4-2F83216027FF}" = Java(TM) 6 Update 27 "{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in "{2A2E822B-3B0E-46C1-9E3B-ACD7D1E95139}" = SAMSUNG PC Share Manager "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack "{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86 "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6E36A172-06FB-4BC8-B7FC-D30D219E6776}" = Tom Clancy's H.A.W.X "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{71BF8787-A67D-4CBC-9155-22927199F4BB}" = TP-LINK Wireless Client Utility "{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE}" = ICQ7.7 "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{871B2A9D-0F12-44B3-88C1-E0CB10A232E4}" = HP Officejet Pro 8500 A910 Hilfe "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7 "{889E44CE-435C-4D37-B302-A7E43339E5FA}_is1" = Mouse Recorder Pro 2.0.6.0 "{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX "{8BBB5E4C-3F5E-4C07-BFBE-33B34600783A}" = LogMeIn Hamachi "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86 "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{987B04C4-B5AC-4AD6-A7E9-8D681085B850}" = AMD USB Filter Driver "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5 "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch "{ADE91A13-434D-4229-00BC-182BAD607303}" = Need for Speed™ Most Wanted "{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86 "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86 "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker "{EDC842C6-5607-48B9-A0B2-7D8B9BC57333}" = AD_Install "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "7-Zip" = 7-Zip 9.20 "ActiveScan 2.0" = Panda ActiveScan 2.0 "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9 "Black Prophecy_is1" = Black Prophecy "DAEMON Tools Lite" = DAEMON Tools Lite "Free FLV Converter_is1" = Free FLV Converter V 6.98.0 "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "ImageJ_is1" = ImageJ 1.42q "InstallShield_{2A2E822B-3B0E-46C1-9E3B-ACD7D1E95139}" = SAMSUNG PC Share Manager "InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver "LogMeIn Hamachi" = LogMeIn Hamachi "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.0.1800 "Mozilla Firefox (3.6.25)" = Mozilla Firefox (3.6.25) "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "TeamViewer 6" = TeamViewer 6 "TeXnicCenter Alpha_is1" = TeXnicCenter Version 2.0 Alpha 3 "VLC media player" = VLC media player 1.1.11 "WinLiveSuite" = Windows Live Essentials ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Dropbox" = Dropbox ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 26.12.2011 20:03:57 | Computer Name = Vicky | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 26.12.2011 20:03:57 | Computer Name = Vicky | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 26.12.2011 20:03:57 | Computer Name = Vicky | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 26.12.2011 20:03:57 | Computer Name = Vicky | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 26.12.2011 20:04:28 | Computer Name = Vicky | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 26.12.2011 20:04:28 | Computer Name = Vicky | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 26.12.2011 20:04:28 | Computer Name = Vicky | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 26.12.2011 20:04:28 | Computer Name = Vicky | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 26.12.2011 20:04:28 | Computer Name = Vicky | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 26.12.2011 20:04:28 | Computer Name = Vicky | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . [ System Events ] Error - 28.12.2011 19:27:49 | Computer Name = Vicky | Source = ipnathlp | ID = 31004 Description = Error - 28.12.2011 19:29:56 | Computer Name = Vicky | Source = ipnathlp | ID = 31004 Description = Error - 28.12.2011 19:40:12 | Computer Name = Vicky | Source = ipnathlp | ID = 31004 Description = Error - 28.12.2011 20:00:19 | Computer Name = Vicky | Source = Application Popup | ID = 1060 Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Windows\SysWow64\drivers\RkPavproc1.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten. Error - 28.12.2011 20:00:19 | Computer Name = Vicky | Source = Service Control Manager | ID = 7000 Description = Der Dienst "RkPavproc1" wurde aufgrund folgenden Fehlers nicht gestartet: %%1275 Error - 28.12.2011 20:23:21 | Computer Name = Vicky | Source = ipnathlp | ID = 31004 Description = Error - 28.12.2011 21:12:01 | Computer Name = Vicky | Source = ipnathlp | ID = 31004 Description = Error - 28.12.2011 21:28:38 | Computer Name = Vicky | Source = ipnathlp | ID = 31004 Description = Error - 28.12.2011 22:02:09 | Computer Name = Vicky | Source = ipnathlp | ID = 31004 Description = Error - 28.12.2011 22:32:22 | Computer Name = Vicky | Source = ipnathlp | ID = 31004 Description = < End of report > Und so auf den ersten Blick, eine Prognose: Ist da was ernsthaft Gefährliches dabei und eine Neuaufsetzung unvermeidbar? |
29.12.2011, 07:43 | #2 |
| Trojaner in AcroFF*.dll / Bafi.A (MSE) / CI.A (MBAM) Hi,
__________________hey Du Nase, Du hast jede Menge Trojaner, Backdoors, Passwordstealer drauf, wenn das mal nichts ernsthaftes ist... ;o).. Sofort von einem sauberen Rechner aus alle Passwörter ändern... Dateien Online überprüfen lassen
Code:
ATTFilter C:\Windows\MusiccityDownload.exe C:\Windows\lsb_un20.exe
Fix für OTL
Code:
ATTFilter :OTL [2011.12.22 15:03:55 | 000,000,000 | ---D | M] (Java String Helper) -- C:\USERS\BIANCO\APPDATA\ROAMING\5064 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O33 - MountPoints2\{14edffcb-7f7d-11e0-a1cd-1c6f6548819b}\Shell - "" = AutoRun O33 - MountPoints2\{14edffcb-7f7d-11e0-a1cd-1c6f6548819b}\Shell\AutoRun\command - "" = F:\Autorun.exe O33 - MountPoints2\{307f1ce2-e67d-11e0-84d4-1c6f6548819b}\Shell - "" = AutoRun O33 - MountPoints2\{307f1ce2-e67d-11e0-84d4-1c6f6548819b}\Shell\AutoRun\command - "" = G:\Startme.exe [2011.12.12 11:18:22 | 000,000,000 | ---D | C] -- C:\Users\Bianco\AppData\Roaming\5056 [2011.12.10 15:44:36 | 000,000,000 | ---D | C] -- C:\Users\Bianco\AppData\Roaming\5055 [2011.12.09 11:05:57 | 000,000,000 | ---D | C] -- C:\Users\Bianco\AppData\Roaming\5054 [2011.12.04 10:36:02 | 000,000,000 | ---D | C] -- C:\Users\Bianco\AppData\Roaming\5053 [2011.12.01 20:47:47 | 000,000,000 | ---D | C] -- C:\Users\Bianco\AppData\Roaming\5052 [2011.12.21 10:54:29 | 000,000,000 | ---D | C] -- C:\Users\Bianco\AppData\Roaming\5063 [2011.12.20 18:23:30 | 000,000,000 | ---D | C] -- C:\Users\Bianco\AppData\Roaming\5062 [2011.12.19 14:08:56 | 000,000,000 | ---D | C] -- C:\Users\Bianco\AppData\Roaming\5061 [2011.12.16 14:53:18 | 000,000,000 | ---D | C] -- C:\Users\Bianco\AppData\Roaming\5060 [2011.12.14 16:28:43 | 000,000,000 | ---D | C] -- C:\Users\Bianco\AppData\Roaming\5059 [2011.12.13 15:46:39 | 000,000,000 | ---D | C] -- C:\Users\Bianco\AppData\Roaming\5058 [2011.12.22 15:03:55 | 000,000,000 | ---D | C] -- C:\Users\Bianco\AppData\Roaming\5064 [2011.12.11 14:47:31 | 000,000,024 | ---- | C] () -- C:\Users\Bianco\AppData\Roaming\urhtps.dat [2011.04.22 15:30:35 | 000,000,000 | ---D | M] -- C:\Users\Bianco\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2011.11.19 04:20:05 | 000,000,000 | ---D | M] -- C:\Users\Bianco\AppData\Roaming\kock [2011.12.23 12:39:56 | 000,000,000 | ---D | M] -- C:\Users\Bianco\AppData\Roaming\xmldm :Commands [emptytemp] [Reboot]
TDSS-Killer Download und Anweisung unter: Wie werden Schadprogramme der Familie Rootkit.Win32.TDSS bekämpft? Entpacke alle Dateien in einem eigenen Verzeichnis (z. B: C:\TDSS)! Aufruf über den Explorer duch Doppelklick auf die TDSSKiller.exe. Nach dem Start erscheint ein Fenster, dort dann "Start Scan". Wenn der Scan fertig ist bitte "Report" anwählen. Es öffnet sich ein Fenster, den Text abkopieren und hier posten... Superantispyware (SASW): http://www.trojaner-board.de/51871-a...tispyware.html chris
__________________ |
29.12.2011, 12:04 | #3 |
| Trojaner in AcroFF*.dll / Bafi.A (MSE) / CI.A (MBAM) Na super, war ja klar. ^^
__________________Nachdem MBAM nix mehr gefunden hatte, dachte ich, das Gröbste sei überstanden. Also nein. Danke für die schnelle Antwort. Hier der Reihe nach: (da ist jetzt wirklich alles reinkopiert, aber eigentlich bräuchte man nur die "Additional information", oder?) Code:
ATTFilter 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware. File name: MusiccityDownload.exe Submission date: 2011-12-29 08:19:54 (UTC) Current status: queued (#5) queued analysing finished Result: 0/ 43 (0.0%) VT Community not reviewed Safety score: - Compact Print results Antivirus Version Last Update Result AhnLab-V3 2011.12.28.03 2011.12.28 - AntiVir 7.11.20.64 2011.12.29 - Antiy-AVL 2.0.3.7 2011.12.29 - Avast 6.0.1289.0 2011.12.28 - AVG 10.0.0.1190 2011.12.29 - BitDefender 7.2 2011.12.29 - ByteHero 1.0.0.1 2011.12.07 - CAT-QuickHeal 12.00 2011.12.29 - ClamAV 0.97.3.0 2011.12.29 - Commtouch 5.3.2.6 2011.12.29 - Comodo 11126 2011.12.29 - DrWeb 5.0.2.03300 2011.12.29 - Emsisoft 5.1.0.11 2011.12.29 - eSafe 7.0.17.0 2011.12.29 - eTrust-Vet 37.0.9652 2011.12.29 - F-Prot 4.6.5.141 2011.12.28 - F-Secure 9.0.16440.0 2011.12.29 - Fortinet 4.3.388.0 2011.12.29 - GData 22.324/22.610 2011.12.29 - Ikarus T3.1.1.109.0 2011.12.29 - Jiangmin 13.0.900 2011.12.28 - K7AntiVirus 9.120.5796 2011.12.28 - Kaspersky 9.0.0.837 2011.12.29 - McAfee 5.400.0.1158 2011.12.29 - McAfee-GW-Edition 2010.1E 2011.12.28 - Microsoft 1.7903 2011.12.29 - NOD32 6750 2011.12.29 - Norman 6.07.13 2011.12.28 - nProtect 2011-12-29.01 2011.12.29 - Panda 10.0.3.5 2011.12.29 - PCTools 8.0.0.5 2011.12.29 - Prevx 3.0 2011.12.29 - Rising 23.90.03.01 2011.12.29 - Sophos 4.72.0 2011.12.29 - SUPERAntiSpyware 4.40.0.1006 2011.12.28 - Symantec 20111.2.0.82 2011.12.29 - TheHacker 6.7.0.1.367 2011.12.29 - TrendMicro 9.500.0.1008 2011.12.29 - TrendMicro-HouseCall 9.500.0.1008 2011.12.29 - VBA32 3.12.16.4 2011.12.29 - VIPRE 11319 2011.12.29 - ViRobot 2011.12.29.4852 2011.12.29 - VirusBuster 14.1.138.0 2011.12.28 - Additional information Show all MD5 : 35783ff1ccab7cfbfe799ef8d6476c0d SHA1 : ad563aa5d439a32e085d657759d7d734b95d0d06 SHA256: 7f5e34f7f1376ef8e9137d3c2ddba192e2b9ca18e6e85298dbe99d5efe1658af ssdeep: 192:PRRXHQIQ1+yte3fuUivuL1oynfY3/8YYsLwXozvyIl5x/THSyowJL/aMjGwP7XMK:JdtQkn ic1RY3/z0ox5BWYJLWAhbj5n File size : 30568 bytes First seen: 2010-05-09 19:31:37 Last seen : 2011-12-29 08:19:54 TrID: Win32 Executable Generic (42.3%) Win32 Dynamic Link Library (generic) (37.6%) Generic Win/DOS Executable (9.9%) DOS Executable Generic (9.9%) Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%) sigcheck: publisher....: copyright....: Copyright (C) 2007 product......: NYEDownload __ ____ description..: NYEDownload MFC __ ____ original name: NYEDownload.EXE internal name: NYEDownload file version.: 1, 0, 2007, 927 comments.....: signers......: MarkAny Inc. VeriSign Class 3 Code Signing 2004 CA Class 3 Public Primary Certification Authority signing date.: 10:54 16/11/2009 verified.....: - PEiD: Armadillo v1.71 PEInfo: PE structure information [[ basic data ]] entrypointaddress: 0x192E timedatestamp....: 0x47C619E0 (Thu Feb 28 02:18:08 2008) machinetype......: 0x14c (I386) [[ 4 section(s) ]] name, viradd, virsiz, rawdsiz, ntropy, md5 .text, 0x1000, 0xBB2, 0x1000, 4.55, 96d0e663281dfa8971576b8aceced951 .rdata, 0x2000, 0xB20, 0x1000, 3.87, fb8447ef3496befaeca37c92debbadb7 .data, 0x3000, 0x188, 0x1000, 0.25, 635f6272ed391f39526f0cf578cd9ea4 .rsrc, 0x4000, 0x19F0, 0x2000, 3.98, 5b8122b5627eb6bdfc15a362d9bc43be [[ 4 import(s) ]] MFC42.DLL: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, - MSVCRT.dll: _adjust_fdiv, __p__commode, __p__fmode, __set_app_type, _except_handler3, _controlfp, _initterm, __getmainargs, _acmdln, exit, _XcptFilter, _exit, _onexit, __dllonexit, __CxxFrameHandler, strncpy, _mbscmp, _setmbcp, __setusermatherr KERNEL32.dll: GetVersionExA, LoadLibraryA, MoveFileA, GetLastError, CreateMutexA, CloseHandle, GetModuleHandleA, GetStartupInfoA, GetProcAddress USER32.dll: PostMessageA, EnableWindow ExifTool: file metadata CharacterSet: Unicode CodeSize: 4096 Comments: CompanyName: EntryPoint: 0x192e FileDescription: NYEDownload MFC FileFlagsMask: 0x003f FileOS: Win32 FileSize: 30 kB FileSubtype: 0 FileType: Win32 EXE FileVersion: 1, 0, 2007, 927 FileVersionNumber: 1.0.2007.927 ImageVersion: 0.0 InitializedDataSize: 16384 InternalName: NYEDownload LanguageCode: Korean LegalCopyright: Copyright (C) 2007 LegalTrademarks: LinkerVersion: 6.0 MIMEType: application/octet-stream MachineType: Intel 386 or later, and compatibles OSVersion: 4.0 ObjectFileType: Executable application OriginalFilename: NYEDownload.EXE PEType: PE32 PrivateBuild: ProductName: NYEDownload ProductVersion: 1, 0, 2007, 927 ProductVersionNumber: 1.0.2007.927 SpecialBuild: Subsystem: Windows GUI SubsystemVersion: 4.0 TimeStamp: 2008:02:28 03:18:08+01:00 UninitializedDataSize: 0 VT Community 0 This file has never been reviewed by any VT Community member. Be the first one to comment on it! VirusTotal Team Code:
ATTFilter 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware. File name: lsb_un20.exe Submission date: 2011-12-29 08:25:45 (UTC) Current status: queued (#5) queued (#8) analysing finished Result: 0/ 43 (0.0%) VT Community not reviewed Safety score: - Compact Print results Antivirus Version Last Update Result AhnLab-V3 2011.12.28.03 2011.12.28 - AntiVir 7.11.20.64 2011.12.29 - Antiy-AVL 2.0.3.7 2011.12.29 - Avast 6.0.1289.0 2011.12.28 - AVG 10.0.0.1190 2011.12.29 - BitDefender 7.2 2011.12.29 - ByteHero 1.0.0.1 2011.12.07 - CAT-QuickHeal 12.00 2011.12.29 - ClamAV 0.97.3.0 2011.12.29 - Commtouch 5.3.2.6 2011.12.29 - Comodo 11126 2011.12.29 - DrWeb 5.0.2.03300 2011.12.29 - Emsisoft 5.1.0.11 2011.12.29 - eSafe 7.0.17.0 2011.12.29 - eTrust-Vet 37.0.9652 2011.12.29 - F-Prot 4.6.5.141 2011.12.28 - F-Secure 9.0.16440.0 2011.12.29 - Fortinet 4.3.388.0 2011.12.29 - GData 22 2011.12.29 - Ikarus T3.1.1.109.0 2011.12.29 - Jiangmin 13.0.900 2011.12.28 - K7AntiVirus 9.120.5796 2011.12.28 - Kaspersky 9.0.0.837 2011.12.29 - McAfee 5.400.0.1158 2011.12.29 - McAfee-GW-Edition 2010.1E 2011.12.28 - Microsoft 1.7903 2011.12.29 - NOD32 6750 2011.12.29 - Norman 6.07.13 2011.12.28 - nProtect 2011-12-29.01 2011.12.29 - Panda 10.0.3.5 2011.12.29 - PCTools 8.0.0.5 2011.12.29 - Prevx 3.0 2011.12.29 - Rising 23.90.03.01 2011.12.29 - Sophos 4.72.0 2011.12.29 - SUPERAntiSpyware 4.40.0.1006 2011.12.28 - Symantec 20111.2.0.82 2011.12.29 - TheHacker 6.7.0.1.367 2011.12.29 - TrendMicro 9.500.0.1008 2011.12.29 - TrendMicro-HouseCall 9.500.0.1008 2011.12.29 - VBA32 3.12.16.4 2011.12.29 - VIPRE 11319 2011.12.29 - ViRobot 2011.12.29.4852 2011.12.29 - VirusBuster 14.1.138.0 2011.12.28 - Additional information Show all MD5 : cc192386468bd7faf7624155877a7d2a SHA1 : ed7445dd32c224ae889957c8e6d551f5998818a3 SHA256: e881b88e0461fb4da8cc8a4a6d99a5b3be9e2095d8b7b14d98475dfd39e9d4ce ssdeep: 3072:Pp62QlvbyT7XbXxIuTfM7CE1jK62Ay/neAQ:PohbyT7XFIujM7JjKmN File size : 119808 bytes First seen: 2006-05-23 17:25:04 Last seen : 2011-12-29 08:25:45 TrID: Win32 Executable Delphi generic (39.8%) Win32 Executable Generic (23.1%) Win32 Dynamic Link Library (generic) (20.5%) Win16/32 Executable Delphi generic (5.6%) Generic Win/DOS Executable (5.4%) sigcheck: publisher....: n/a copyright....: n/a product......: n/a description..: n/a original name: n/a internal name: n/a file version.: 2.2.0.0 comments.....: n/a signers......: - signing date.: - verified.....: Unsigned PEInfo: PE structure information [[ basic data ]] entrypointaddress: 0x19C78 timedatestamp....: 0x2A425E19 (Fri Jun 19 22:22:17 1992) machinetype......: 0x14c (I386) [[ 8 section(s) ]] name, viradd, virsiz, rawdsiz, ntropy, md5 CODE, 0x1000, 0x18C94, 0x18E00, 6.42, b162cb438439918f24e2f3740c814bae DATA, 0x1A000, 0x648, 0x800, 2.46, 8a8607d9ea3e3ac47db174d76b360358 BSS, 0x1B000, 0xED1, 0x0, 0.00, d41d8cd98f00b204e9800998ecf8427e .idata, 0x1C000, 0x1282, 0x1400, 4.68, 7896e0b1dde4d1edd20e832c933b63b8 .tls, 0x1E000, 0x8, 0x0, 0.00, d41d8cd98f00b204e9800998ecf8427e .rdata, 0x1F000, 0x18, 0x200, 0.20, 95d7b101355c0c7bebac855893290c7d .reloc, 0x20000, 0x1B2C, 0x1C00, 6.63, 17acf8fcf1411df23fb7f64c614d2d71 .rsrc, 0x22000, 0x800, 0x800, 4.09, 5d2ca4758dc8018ffb30edfccdf8a36e [[ 14 import(s) ]] kernel32.dll: DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, VirtualFree, VirtualAlloc, LocalFree, LocalAlloc, VirtualQuery, lstrlenA, lstrcpyA, LoadLibraryExA, GetThreadLocale, GetStartupInfoA, GetModuleFileNameA, GetLocaleInfoA, GetLastError, GetCommandLineA, FreeLibrary, ExitProcess, WriteFile, SetFilePointer, SetEndOfFile, RtlUnwind, ReadFile, RaiseException, GetStdHandle, GetFileSize, GetFileType, CreateFileA, CloseHandle user32.dll: GetKeyboardType, MessageBoxA advapi32.dll: RegQueryValueExA, RegOpenKeyExA, RegCloseKey oleaut32.dll: VariantCopyInd, VariantClear, SysFreeString, SysReAllocStringLen kernel32.dll: TlsSetValue, TlsGetValue, LocalAlloc, GetModuleHandleA, GetModuleFileNameA advapi32.dll: RegSetValueExA, RegQueryValueExA, RegQueryInfoKeyA, RegOpenKeyExA, RegDeleteValueA, RegDeleteKeyA, RegCreateKeyExA, RegCloseKey kernel32.dll: WriteFile, WideCharToMultiByte, WaitForSingleObject, VirtualFree, VirtualAlloc, SetFilePointer, SetFileAttributesA, SetErrorMode, SetEndOfFile, RemoveDirectoryA, ReleaseSemaphore, ReadFile, MulDiv, MoveFileExA, LoadLibraryExA, LeaveCriticalSection, InitializeCriticalSection, GlobalUnlock, GlobalReAlloc, GlobalHandle, GlobalLock, GlobalFree, GlobalAlloc, GetWindowsDirectoryA, GetVersionExA, GetTickCount, GetThreadLocale, GetSystemDirectoryA, GetShortPathNameA, GetProcAddress, GetModuleHandleA, GetLocaleInfoA, GetLastError, GetFileSize, GetFileAttributesA, GetExitCodeProcess, GetCurrentThreadId, GetCommandLineW, FreeLibrary, FindFirstFileA, FindClose, ExpandEnvironmentStringsA, EnterCriticalSection, DeleteFileA, DeleteCriticalSection, CreateProcessA, CreateFileA, CloseHandle gdi32.dll: SetViewportOrgEx, SetTextColor, SetBkMode, SetBkColor, SelectPalette, SelectObject, SelectClipRgn, SaveDC, RestoreDC, RealizePalette, PtVisible, Polyline, IntersectClipRect, GetTextMetricsA, GetTextExtentPoint32A, GetTextCharacterExtra, GetStockObject, GetObjectA, GetDeviceCaps, GetCurrentObject, GetClipRgn, GetClipBox, GetCharWidthA, GetCharABCWidthsA, ExtTextOutA, ExcludeClipRect, DeleteObject, DeleteDC, CreateSolidBrush, CreateRectRgn, CreatePen, CreateHalftonePalette, CreateFontIndirectA, CreateCompatibleDC, CreateBitmap, BitBlt user32.dll: VkKeyScanA, UpdateWindow, TranslateMessage, ShowWindow, SetWindowPos, SetWindowLongA, SetTimer, SetPropA, SetParent, SetForegroundWindow, SetFocus, SetCapture, SetActiveWindow, SendMessageA, RemovePropA, ReleaseDC, ReleaseCapture, RegisterClassA, RedrawWindow, PostQuitMessage, PostMessageA, PeekMessageA, MapWindowPoints, LoadIconA, LoadCursorA, KillTimer, IsWindowVisible, IsWindowEnabled, InvalidateRect, GetWindowRect, GetWindowLongA, GetSystemMetrics, GetSysColor, GetPropA, GetWindow, GetMessageA, GetIconInfo, GetFocus, GetDlgItem, GetDialogBaseUnits, GetDC, GetClientRect, GetActiveWindow, FillRect, EnumThreadWindows, EnumChildWindows, EndPaint, EnableWindow, DrawTextExA, DrawIconEx, DispatchMessageA, DestroyWindow, DestroyIcon, DestroyCursor, DefWindowProcA, CreateWindowExA, CopyImage, CallWindowProcA, BeginPaint, AdjustWindowRectEx ole32.dll: OleUninitialize, OleInitialize shell32.dll: ShellExecuteExA shell32.dll: SHChangeNotify comctl32.dll: InitCommonControls user32.dll: GetUpdateRect ExifTool: file metadata CharacterSet: Windows, Latin1 CodeSize: 101888 EntryPoint: 0x19c78 FileFlagsMask: 0x003f FileOS: Win32 FileSize: 117 kB FileSubtype: 0 FileType: Win32 EXE FileVersion: 2.2.0.0 FileVersionNumber: 2.1.0.0 ImageVersion: 0.0 InitializedDataSize: 16896 LanguageCode: Italian LinkerVersion: 2.25 MIMEType: application/octet-stream MachineType: Intel 386 or later, and compatibles OSVersion: 1.0 ObjectFileType: Executable application PEType: PE32 ProductVersionNumber: 2.1.0.0 Subsystem: Windows GUI SubsystemVersion: 4.0 TimeStamp: 1992:06:20 00:22:17+02:00 UninitializedDataSize: 0 VT Community 0 This file has never been reviewed by any VT Community member. Be the first one to comment on it! VirusTotal Team Code:
ATTFilter All processes killed ========== OTL ========== C:\USERS\BIANCO\APPDATA\ROAMING\5064\components folder moved successfully. C:\USERS\BIANCO\APPDATA\ROAMING\5064 folder moved successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{14edffcb-7f7d-11e0-a1cd-1c6f6548819b}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{14edffcb-7f7d-11e0-a1cd-1c6f6548819b}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{14edffcb-7f7d-11e0-a1cd-1c6f6548819b}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{14edffcb-7f7d-11e0-a1cd-1c6f6548819b}\ not found. File F:\Autorun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{307f1ce2-e67d-11e0-84d4-1c6f6548819b}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{307f1ce2-e67d-11e0-84d4-1c6f6548819b}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{307f1ce2-e67d-11e0-84d4-1c6f6548819b}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{307f1ce2-e67d-11e0-84d4-1c6f6548819b}\ not found. File G:\Startme.exe not found. C:\Users\Bianco\AppData\Roaming\5056\components folder moved successfully. C:\Users\Bianco\AppData\Roaming\5056 folder moved successfully. C:\Users\Bianco\AppData\Roaming\5055\components folder moved successfully. C:\Users\Bianco\AppData\Roaming\5055 folder moved successfully. C:\Users\Bianco\AppData\Roaming\5054\components folder moved successfully. C:\Users\Bianco\AppData\Roaming\5054 folder moved successfully. C:\Users\Bianco\AppData\Roaming\5053\components folder moved successfully. C:\Users\Bianco\AppData\Roaming\5053 folder moved successfully. C:\Users\Bianco\AppData\Roaming\5052\components folder moved successfully. C:\Users\Bianco\AppData\Roaming\5052 folder moved successfully. C:\Users\Bianco\AppData\Roaming\5063\components folder moved successfully. C:\Users\Bianco\AppData\Roaming\5063 folder moved successfully. C:\Users\Bianco\AppData\Roaming\5062\components folder moved successfully. C:\Users\Bianco\AppData\Roaming\5062 folder moved successfully. C:\Users\Bianco\AppData\Roaming\5061\components folder moved successfully. C:\Users\Bianco\AppData\Roaming\5061 folder moved successfully. C:\Users\Bianco\AppData\Roaming\5060\components folder moved successfully. C:\Users\Bianco\AppData\Roaming\5060 folder moved successfully. C:\Users\Bianco\AppData\Roaming\5059\components folder moved successfully. C:\Users\Bianco\AppData\Roaming\5059 folder moved successfully. C:\Users\Bianco\AppData\Roaming\5058\components folder moved successfully. C:\Users\Bianco\AppData\Roaming\5058 folder moved successfully. Folder C:\Users\Bianco\AppData\Roaming\5064\ not found. C:\Users\Bianco\AppData\Roaming\urhtps.dat moved successfully. C:\Users\Bianco\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1\Local Store\HelpCfg\de_DE folder moved successfully. C:\Users\Bianco\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1\Local Store\HelpCfg folder moved successfully. C:\Users\Bianco\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1\Local Store\#SharedObjects folder moved successfully. C:\Users\Bianco\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1\Local Store\#ApplicationUpdater folder moved successfully. C:\Users\Bianco\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1\Local Store folder moved successfully. C:\Users\Bianco\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 folder moved successfully. C:\Users\Bianco\AppData\Roaming\kock folder moved successfully. C:\Users\Bianco\AppData\Roaming\xmldm folder moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Bianco ->Temp folder emptied: 89173092 bytes ->Temporary Internet Files folder emptied: 12384606 bytes ->Java cache emptied: 9493219 bytes ->FireFox cache emptied: 44312739 bytes ->Flash cache emptied: 3949 bytes User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 41620 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 20280 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 148,00 mb OTL by OldTimer - Version 3.2.31.0 log created on 12292011_093638 Files\Folders moved on Reboot... C:\Users\Bianco\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. Registry entries deleted on Reboot... So nun haben wir ein Problem mit dem TDSSKiller. Er initialisiert sich, aber nur bis 80%, dann geschieht minutenlang nichts. Läuft aktuell noch... ah jetzt aber: Code:
ATTFilter 09:49:44.0780 3316 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16 09:49:44.0842 3316 ============================================================ 09:49:44.0842 3316 Current date / time: 2011/12/29 09:49:44.0842 09:49:44.0842 3316 SystemInfo: 09:49:44.0842 3316 09:49:44.0842 3316 OS Version: 6.1.7601 ServicePack: 1.0 09:49:44.0842 3316 Product type: Workstation 09:49:44.0842 3316 ComputerName: VICKY 09:49:44.0842 3316 UserName: Bianco 09:49:44.0842 3316 Windows directory: C:\Windows 09:49:44.0842 3316 System windows directory: C:\Windows 09:49:44.0842 3316 Running under WOW64 09:49:44.0842 3316 Processor architecture: Intel x64 09:49:44.0842 3316 Number of processors: 4 09:49:44.0842 3316 Page size: 0x1000 09:49:44.0842 3316 Boot type: Normal boot 09:49:44.0842 3316 ============================================================ 09:50:51.0579 3316 Initialize success 09:51:07.0616 4500 ============================================================ 09:51:07.0616 4500 Scan started 09:51:07.0616 4500 Mode: Manual; 09:51:07.0616 4500 ============================================================ 09:51:08.0068 4500 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys 09:51:08.0084 4500 1394ohci - ok 09:51:08.0146 4500 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys 09:51:08.0162 4500 ACPI - ok 09:51:08.0193 4500 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys 09:51:08.0193 4500 AcpiPmi - ok 09:51:08.0271 4500 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys 09:51:08.0287 4500 adp94xx - ok 09:51:08.0318 4500 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys 09:51:08.0318 4500 adpahci - ok 09:51:08.0334 4500 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys 09:51:08.0349 4500 adpu320 - ok 09:51:08.0396 4500 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys 09:51:08.0412 4500 AFD - ok 09:51:08.0427 4500 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys 09:51:08.0427 4500 agp440 - ok 09:51:08.0443 4500 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys 09:51:08.0443 4500 aliide - ok 09:51:08.0458 4500 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys 09:51:08.0458 4500 amdide - ok 09:51:08.0474 4500 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys 09:51:08.0474 4500 AmdK8 - ok 09:51:08.0490 4500 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys 09:51:08.0490 4500 AmdPPM - ok 09:51:08.0521 4500 amdsata (53d8d46d51d390abdb54eca623165cb7) C:\Windows\system32\DRIVERS\amdsata.sys 09:51:08.0521 4500 amdsata - ok 09:51:08.0552 4500 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys 09:51:08.0552 4500 amdsbs - ok 09:51:08.0568 4500 amdxata (75c51148154e34eb3d7bb84749a758d5) C:\Windows\system32\DRIVERS\amdxata.sys 09:51:08.0568 4500 amdxata - ok 09:51:08.0599 4500 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys 09:51:08.0614 4500 AppID - ok 09:51:08.0646 4500 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys 09:51:08.0646 4500 arc - ok 09:51:08.0661 4500 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys 09:51:08.0661 4500 arcsas - ok 09:51:08.0692 4500 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys 09:51:08.0692 4500 AsyncMac - ok 09:51:08.0724 4500 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys 09:51:08.0724 4500 atapi - ok 09:51:08.0770 4500 athr (d6cad7e5b05055bb8226bdcb1644da27) C:\Windows\system32\DRIVERS\athrx.sys 09:51:08.0786 4500 athr - ok 09:51:08.0817 4500 AtiPcie (7c5d273e29dcc5505469b299c6f29163) C:\Windows\system32\DRIVERS\AtiPcie.sys 09:51:08.0817 4500 AtiPcie - ok 09:51:08.0833 4500 AVFSFilter - ok 09:51:08.0880 4500 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys 09:51:08.0895 4500 b06bdrv - ok 09:51:08.0911 4500 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys 09:51:08.0911 4500 b57nd60a - ok 09:51:08.0926 4500 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys 09:51:08.0942 4500 Beep - ok 09:51:08.0958 4500 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys 09:51:08.0958 4500 blbdrive - ok 09:51:09.0004 4500 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys 09:51:09.0004 4500 bowser - ok 09:51:09.0020 4500 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys 09:51:09.0020 4500 BrFiltLo - ok 09:51:09.0036 4500 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys 09:51:09.0036 4500 BrFiltUp - ok 09:51:09.0067 4500 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys 09:51:09.0067 4500 Brserid - ok 09:51:09.0082 4500 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys 09:51:09.0082 4500 BrSerWdm - ok 09:51:09.0098 4500 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys 09:51:09.0098 4500 BrUsbMdm - ok 09:51:09.0114 4500 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys 09:51:09.0114 4500 BrUsbSer - ok 09:51:09.0176 4500 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys 09:51:09.0176 4500 BthEnum - ok 09:51:09.0192 4500 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys 09:51:09.0192 4500 BTHMODEM - ok 09:51:09.0238 4500 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys 09:51:09.0238 4500 BthPan - ok 09:51:09.0285 4500 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys 09:51:09.0301 4500 BTHPORT - ok 09:51:09.0316 4500 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys 09:51:09.0332 4500 BTHUSB - ok 09:51:09.0348 4500 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys 09:51:09.0348 4500 cdfs - ok 09:51:09.0410 4500 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys 09:51:09.0410 4500 cdrom - ok 09:51:09.0441 4500 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys 09:51:09.0441 4500 circlass - ok 09:51:09.0472 4500 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys 09:51:09.0472 4500 CLFS - ok 09:51:09.0519 4500 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys 09:51:09.0519 4500 CmBatt - ok 09:51:09.0550 4500 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys 09:51:09.0550 4500 cmdide - ok 09:51:09.0597 4500 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys 09:51:09.0597 4500 CNG - ok 09:51:09.0613 4500 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys 09:51:09.0613 4500 Compbatt - ok 09:51:09.0660 4500 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys 09:51:09.0660 4500 CompositeBus - ok 09:51:09.0691 4500 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys 09:51:09.0691 4500 crcdisk - ok 09:51:09.0753 4500 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys 09:51:09.0769 4500 DfsC - ok 09:51:09.0784 4500 dgderdrv - ok 09:51:09.0816 4500 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys 09:51:09.0831 4500 discache - ok 09:51:09.0940 4500 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys 09:51:09.0940 4500 Disk - ok 09:51:10.0034 4500 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys 09:51:10.0034 4500 Dot4 - ok 09:51:10.0081 4500 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\drivers\Dot4Prt.sys 09:51:10.0096 4500 Dot4Print - ok 09:51:10.0112 4500 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys 09:51:10.0112 4500 dot4usb - ok 09:51:10.0143 4500 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys 09:51:10.0143 4500 drmkaud - ok 09:51:10.0190 4500 dtsoftbus01 (fb9bef3401ee5ecc2603311b9c64f44a) C:\Windows\system32\DRIVERS\dtsoftbus01.sys 09:51:10.0190 4500 dtsoftbus01 - ok 09:51:10.0237 4500 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys 09:51:10.0237 4500 DXGKrnl - ok 09:51:10.0299 4500 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys 09:51:10.0330 4500 ebdrv - ok 09:51:10.0377 4500 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys 09:51:10.0377 4500 elxstor - ok 09:51:10.0424 4500 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys 09:51:10.0424 4500 ErrDev - ok 09:51:10.0455 4500 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys 09:51:10.0471 4500 exfat - ok 09:51:10.0486 4500 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys 09:51:10.0486 4500 fastfat - ok 09:51:10.0502 4500 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys 09:51:10.0502 4500 fdc - ok 09:51:10.0533 4500 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys 09:51:10.0533 4500 FileInfo - ok 09:51:10.0549 4500 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys 09:51:10.0549 4500 Filetrace - ok 09:51:10.0564 4500 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys 09:51:10.0564 4500 flpydisk - ok 09:51:10.0611 4500 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys 09:51:10.0627 4500 FltMgr - ok 09:51:10.0642 4500 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys 09:51:10.0642 4500 FsDepends - ok 09:51:10.0658 4500 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys 09:51:10.0658 4500 Fs_Rec - ok 09:51:10.0720 4500 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys 09:51:10.0720 4500 fvevol - ok 09:51:10.0752 4500 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys 09:51:10.0752 4500 gagp30kx - ok 09:51:10.0783 4500 gdrv (7907e14f9bcf3a4689c9a74a1a873cb6) C:\Windows\gdrv.sys 09:51:10.0814 4500 gdrv - ok 09:51:10.0845 4500 GVTDrv64 (8126331fbd4ed29eb3b356f9c905064d) C:\Windows\GVTDrv64.sys 09:51:10.0861 4500 GVTDrv64 - ok 09:51:10.0908 4500 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys 09:51:10.0908 4500 hamachi - ok 09:51:10.0939 4500 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys 09:51:10.0939 4500 hcw85cir - ok 09:51:11.0001 4500 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys 09:51:11.0017 4500 HdAudAddService - ok 09:51:11.0064 4500 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys 09:51:11.0064 4500 HDAudBus - ok 09:51:11.0095 4500 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys 09:51:11.0095 4500 HidBatt - ok 09:51:11.0110 4500 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys 09:51:11.0110 4500 HidBth - ok 09:51:11.0126 4500 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys 09:51:11.0126 4500 HidIr - ok 09:51:11.0173 4500 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys 09:51:11.0173 4500 HidUsb - ok 09:51:11.0188 4500 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys 09:51:11.0188 4500 HpSAMD - ok 09:51:11.0266 4500 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys 09:51:11.0282 4500 HTTP - ok 09:51:11.0313 4500 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys 09:51:11.0313 4500 hwpolicy - ok 09:51:11.0329 4500 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys 09:51:11.0329 4500 i8042prt - ok 09:51:11.0376 4500 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys 09:51:11.0376 4500 iaStorV - ok 09:51:11.0407 4500 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys 09:51:11.0407 4500 iirsp - ok 09:51:11.0516 4500 IntcAzAudAddService (0adf714079ae174a39d69036143e4c50) C:\Windows\system32\drivers\RTKVHD64.sys 09:51:11.0532 4500 IntcAzAudAddService - ok 09:51:11.0563 4500 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys 09:51:11.0563 4500 intelide - ok 09:51:11.0594 4500 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys 09:51:11.0594 4500 intelppm - ok 09:51:11.0641 4500 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys 09:51:11.0641 4500 IpFilterDriver - ok 09:51:11.0672 4500 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys 09:51:11.0672 4500 IPMIDRV - ok 09:51:11.0688 4500 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys 09:51:11.0688 4500 IPNAT - ok 09:51:11.0719 4500 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys 09:51:11.0719 4500 IRENUM - ok 09:51:11.0734 4500 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys 09:51:11.0734 4500 isapnp - ok 09:51:11.0750 4500 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys 09:51:11.0750 4500 iScsiPrt - ok 09:51:11.0781 4500 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys 09:51:11.0797 4500 kbdclass - ok 09:51:11.0812 4500 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys 09:51:11.0812 4500 kbdhid - ok 09:51:11.0844 4500 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys 09:51:11.0844 4500 KSecDD - ok 09:51:11.0875 4500 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys 09:51:11.0875 4500 KSecPkg - ok 09:51:11.0890 4500 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys 09:51:11.0890 4500 ksthunk - ok 09:51:11.0953 4500 LHidFilt (24e09882ba51b9830ae029888a3aaf18) C:\Windows\system32\DRIVERS\LHidFilt.Sys 09:51:11.0953 4500 LHidFilt - ok 09:51:11.0968 4500 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys 09:51:11.0968 4500 lltdio - ok 09:51:12.0000 4500 LMouFilt (2f94325d8c10e2b715f3d753c2422aac) C:\Windows\system32\DRIVERS\LMouFilt.Sys 09:51:12.0000 4500 LMouFilt - ok 09:51:12.0015 4500 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys 09:51:12.0031 4500 LSI_FC - ok 09:51:12.0046 4500 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys 09:51:12.0046 4500 LSI_SAS - ok 09:51:12.0062 4500 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys 09:51:12.0062 4500 LSI_SAS2 - ok 09:51:12.0093 4500 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys 09:51:12.0093 4500 LSI_SCSI - ok 09:51:12.0109 4500 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys 09:51:12.0109 4500 luafv - ok 09:51:12.0171 4500 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys 09:51:12.0171 4500 MBAMProtector - ok 09:51:12.0202 4500 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys 09:51:12.0202 4500 megasas - ok 09:51:12.0218 4500 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys 09:51:12.0218 4500 MegaSR - ok 09:51:12.0249 4500 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys 09:51:12.0249 4500 Modem - ok 09:51:12.0265 4500 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys 09:51:12.0265 4500 monitor - ok 09:51:12.0327 4500 MotioninJoyXFilter (16f9f464da6e02a020bce626c56a1797) C:\Windows\system32\DRIVERS\MijXfilt.sys 09:51:12.0343 4500 MotioninJoyXFilter - ok 09:51:12.0358 4500 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys 09:51:12.0358 4500 mouclass - ok 09:51:12.0374 4500 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys 09:51:12.0390 4500 mouhid - ok 09:51:12.0421 4500 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys 09:51:12.0421 4500 mountmgr - ok 09:51:12.0452 4500 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys 09:51:12.0452 4500 MpFilter - ok 09:51:12.0514 4500 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys 09:51:12.0514 4500 mpio - ok 09:51:12.0546 4500 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys 09:51:12.0546 4500 MpNWMon - ok 09:51:12.0561 4500 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys 09:51:12.0577 4500 mpsdrv - ok 09:51:12.0608 4500 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys 09:51:12.0608 4500 MRxDAV - ok 09:51:12.0655 4500 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys 09:51:12.0655 4500 mrxsmb - ok 09:51:12.0702 4500 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys 09:51:12.0717 4500 mrxsmb10 - ok 09:51:12.0733 4500 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 09:51:12.0748 4500 mrxsmb20 - ok 09:51:12.0780 4500 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys 09:51:12.0780 4500 msahci - ok 09:51:12.0795 4500 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys 09:51:12.0795 4500 msdsm - ok 09:51:12.0842 4500 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys 09:51:12.0842 4500 Msfs - ok 09:51:12.0873 4500 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys 09:51:12.0889 4500 mshidkmdf - ok 09:51:12.0920 4500 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys 09:51:12.0920 4500 msisadrv - ok 09:51:12.0951 4500 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys 09:51:12.0951 4500 MSKSSRV - ok 09:51:12.0998 4500 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys 09:51:12.0998 4500 MSPCLOCK - ok 09:51:13.0014 4500 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys 09:51:13.0029 4500 MSPQM - ok 09:51:13.0076 4500 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys 09:51:13.0076 4500 MsRPC - ok 09:51:13.0092 4500 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys 09:51:13.0092 4500 mssmbios - ok 09:51:13.0123 4500 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys 09:51:13.0123 4500 MSTEE - ok 09:51:13.0123 4500 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys 09:51:13.0123 4500 MTConfig - ok 09:51:13.0154 4500 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys 09:51:13.0154 4500 Mup - ok 09:51:13.0185 4500 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys 09:51:13.0185 4500 NativeWifiP - ok 09:51:13.0248 4500 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys 09:51:13.0279 4500 NDIS - ok 09:51:13.0294 4500 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys 09:51:13.0294 4500 NdisCap - ok 09:51:13.0310 4500 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys 09:51:13.0310 4500 NdisTapi - ok 09:51:13.0357 4500 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys 09:51:13.0357 4500 Ndisuio - ok 09:51:13.0388 4500 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys 09:51:13.0388 4500 NdisWan - ok 09:51:13.0435 4500 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys 09:51:13.0435 4500 NDProxy - ok 09:51:13.0466 4500 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys 09:51:13.0466 4500 NetBIOS - ok 09:51:13.0482 4500 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys 09:51:13.0497 4500 NetBT - ok 09:51:13.0560 4500 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys 09:51:13.0560 4500 nfrd960 - ok 09:51:13.0606 4500 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys 09:51:13.0606 4500 NisDrv - ok 09:51:13.0622 4500 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys 09:51:13.0638 4500 Npfs - ok 09:51:13.0653 4500 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys 09:51:13.0653 4500 nsiproxy - ok 09:51:13.0716 4500 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys 09:51:13.0731 4500 Ntfs - ok 09:51:13.0747 4500 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys 09:51:13.0747 4500 Null - ok 09:51:13.0778 4500 nusb3hub (785298579b5f9b4032152dfbb992fdb6) C:\Windows\system32\DRIVERS\nusb3hub.sys 09:51:13.0778 4500 nusb3hub - ok 09:51:13.0809 4500 nusb3xhc (df2750481b4964814467c974f2b0eef1) C:\Windows\system32\DRIVERS\nusb3xhc.sys 09:51:13.0809 4500 nusb3xhc - ok 09:51:13.0809 4500 NVHDA - ok 09:51:14.0028 4500 nvlddmkm (10ad52b18792420e27bd5a0e912b1891) C:\Windows\system32\DRIVERS\nvlddmkm.sys 09:51:14.0090 4500 nvlddmkm - ok 09:51:14.0121 4500 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys 09:51:14.0121 4500 nvraid - ok 09:51:14.0152 4500 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys 09:51:14.0152 4500 nvstor - ok 09:51:14.0215 4500 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys 09:51:14.0215 4500 nv_agp - ok 09:51:14.0246 4500 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys 09:51:14.0246 4500 ohci1394 - ok 09:51:14.0293 4500 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys 09:51:14.0293 4500 Parport - ok 09:51:14.0324 4500 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys 09:51:14.0340 4500 partmgr - ok 09:51:14.0386 4500 pavboot (8a0f8a9580d9f2fc512a35d5709088a9) C:\Windows\system32\drivers\pavboot64.sys 09:51:14.0386 4500 pavboot - ok 09:51:14.0402 4500 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys 09:51:14.0402 4500 pci - ok 09:51:14.0433 4500 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys 09:51:14.0433 4500 pciide - ok 09:51:14.0464 4500 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys 09:51:14.0464 4500 pcmcia - ok 09:51:14.0480 4500 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys 09:51:14.0480 4500 pcw - ok 09:51:14.0511 4500 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys 09:51:14.0511 4500 PEAUTH - ok 09:51:14.0589 4500 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys 09:51:14.0589 4500 PptpMiniport - ok 09:51:14.0605 4500 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys 09:51:14.0605 4500 Processor - ok 09:51:14.0667 4500 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys 09:51:14.0667 4500 Psched - ok 09:51:14.0714 4500 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys 09:51:14.0745 4500 ql2300 - ok 09:51:14.0761 4500 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys 09:51:14.0761 4500 ql40xx - ok 09:51:14.0792 4500 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys 09:51:14.0792 4500 QWAVEdrv - ok 09:51:14.0792 4500 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys 09:51:14.0792 4500 RasAcd - ok 09:51:14.0823 4500 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys 09:51:14.0823 4500 RasAgileVpn - ok 09:51:14.0870 4500 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys 09:51:14.0870 4500 Rasl2tp - ok 09:51:14.0886 4500 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys 09:51:14.0886 4500 RasPppoe - ok 09:51:14.0917 4500 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys 09:51:14.0917 4500 RasSstp - ok 09:51:14.0979 4500 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys 09:51:14.0979 4500 rdbss - ok 09:51:14.0995 4500 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys 09:51:15.0010 4500 rdpbus - ok 09:51:15.0026 4500 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys 09:51:15.0026 4500 RDPCDD - ok 09:51:15.0042 4500 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys 09:51:15.0042 4500 RDPENCDD - ok 09:51:15.0073 4500 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys 09:51:15.0073 4500 RDPREFMP - ok 09:51:15.0104 4500 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys 09:51:15.0104 4500 RDPWD - ok 09:51:15.0151 4500 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys 09:51:15.0151 4500 rdyboost - ok 09:51:15.0213 4500 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys 09:51:15.0229 4500 RFCOMM - ok 09:51:15.0260 4500 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys 09:51:15.0260 4500 rspndr - ok 09:51:15.0307 4500 RTL8167 (4fbda07ef0a3097ce14c5cabf723b278) C:\Windows\system32\DRIVERS\Rt64win7.sys 09:51:15.0307 4500 RTL8167 - ok 09:51:15.0338 4500 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys 09:51:15.0338 4500 sbp2port - ok 09:51:15.0385 4500 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys 09:51:15.0385 4500 scfilter - ok 09:51:15.0416 4500 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 09:51:15.0416 4500 secdrv - ok 09:51:15.0447 4500 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys 09:51:15.0447 4500 Serenum - ok 09:51:15.0463 4500 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys 09:51:15.0463 4500 Serial - ok 09:51:15.0478 4500 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys 09:51:15.0478 4500 sermouse - ok 09:51:15.0525 4500 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys 09:51:15.0525 4500 sffdisk - ok 09:51:15.0541 4500 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys 09:51:15.0541 4500 sffp_mmc - ok 09:51:15.0572 4500 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys 09:51:15.0572 4500 sffp_sd - ok 09:51:15.0572 4500 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys 09:51:15.0572 4500 sfloppy - ok 09:51:15.0603 4500 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys 09:51:15.0603 4500 SiSRaid2 - ok 09:51:15.0619 4500 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys 09:51:15.0619 4500 SiSRaid4 - ok 09:51:15.0634 4500 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys 09:51:15.0634 4500 Smb - ok 09:51:15.0666 4500 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys 09:51:15.0666 4500 spldr - ok 09:51:15.0712 4500 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys 09:51:15.0728 4500 srv - ok 09:51:15.0744 4500 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys 09:51:15.0759 4500 srv2 - ok 09:51:15.0775 4500 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys 09:51:15.0775 4500 srvnet - ok 09:51:15.0806 4500 sscebus (f74634f46692c8315e7f37f698af3225) C:\Windows\system32\DRIVERS\sscebus.sys 09:51:15.0822 4500 sscebus - ok 09:51:15.0868 4500 sscemdfl (82732b391efd69b0548044be9cb37bfc) C:\Windows\system32\DRIVERS\sscemdfl.sys 09:51:15.0868 4500 sscemdfl - ok 09:51:15.0884 4500 sscemdm (43d56ace4469d90f9790e8352d87d9b5) C:\Windows\system32\DRIVERS\sscemdm.sys 09:51:15.0884 4500 sscemdm - ok 09:51:15.0900 4500 ssceserd (db504ef6d73f6b8ab5cf8a18560c4e2a) C:\Windows\system32\DRIVERS\ssceserd.sys 09:51:15.0915 4500 ssceserd - ok 09:51:15.0946 4500 ss_bbus (ef806d212d34b0e173baeb3564d53e37) C:\Windows\system32\DRIVERS\ss_bbus.sys 09:51:15.0962 4500 ss_bbus - ok 09:51:15.0993 4500 ss_bmdfl (08b1b34abebeb6ac2dea06900c56411e) C:\Windows\system32\DRIVERS\ss_bmdfl.sys 09:51:15.0993 4500 ss_bmdfl - ok 09:51:16.0009 4500 ss_bmdm (71a9da6beaa4cb54dfb827fb78600a5d) C:\Windows\system32\DRIVERS\ss_bmdm.sys 09:51:16.0009 4500 ss_bmdm - ok 09:51:16.0024 4500 ss_bserd (677cdc98f8363accaae783fde1599c2a) C:\Windows\system32\DRIVERS\ss_bserd.sys 09:51:16.0024 4500 ss_bserd - ok 09:51:16.0056 4500 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys 09:51:16.0056 4500 stexstor - ok 09:51:16.0102 4500 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys 09:51:16.0102 4500 StillCam - ok 09:51:16.0149 4500 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys 09:51:16.0149 4500 swenum - ok 09:51:16.0243 4500 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys 09:51:16.0274 4500 Tcpip - ok 09:51:16.0305 4500 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys 09:51:16.0321 4500 TCPIP6 - ok 09:51:16.0352 4500 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys 09:51:16.0352 4500 tcpipreg - ok 09:51:16.0383 4500 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys 09:51:16.0383 4500 TDPIPE - ok 09:51:16.0399 4500 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys 09:51:16.0399 4500 TDTCP - ok 09:51:16.0446 4500 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys 09:51:16.0446 4500 tdx - ok 09:51:16.0477 4500 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys 09:51:16.0477 4500 TermDD - ok 09:51:16.0524 4500 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys 09:51:16.0524 4500 tssecsrv - ok 09:51:16.0602 4500 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys 09:51:16.0602 4500 TsUsbFlt - ok 09:51:16.0648 4500 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys 09:51:16.0648 4500 tunnel - ok 09:51:16.0680 4500 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys 09:51:16.0680 4500 uagp35 - ok 09:51:16.0726 4500 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys 09:51:16.0742 4500 udfs - ok 09:51:16.0789 4500 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys 09:51:16.0789 4500 uliagpkx - ok 09:51:16.0804 4500 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys 09:51:16.0820 4500 umbus - ok 09:51:16.0836 4500 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys 09:51:16.0836 4500 UmPass - ok 09:51:16.0882 4500 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys 09:51:16.0882 4500 usbccgp - ok 09:51:16.0914 4500 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys 09:51:16.0914 4500 usbcir - ok 09:51:16.0929 4500 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys 09:51:16.0945 4500 usbehci - ok 09:51:16.0960 4500 usbfilter (2c780746dc44a28fe67004dc58173f05) C:\Windows\system32\DRIVERS\usbfilter.sys 09:51:16.0960 4500 usbfilter - ok 09:51:16.0976 4500 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys 09:51:16.0992 4500 usbhub - ok 09:51:17.0007 4500 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys 09:51:17.0007 4500 usbohci - ok 09:51:17.0023 4500 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys 09:51:17.0023 4500 usbprint - ok 09:51:17.0070 4500 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys 09:51:17.0070 4500 usbscan - ok 09:51:17.0101 4500 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS 09:51:17.0101 4500 USBSTOR - ok 09:51:17.0132 4500 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys 09:51:17.0132 4500 usbuhci - ok 09:51:17.0163 4500 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys 09:51:17.0163 4500 vdrvroot - ok 09:51:17.0179 4500 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys 09:51:17.0179 4500 vga - ok 09:51:17.0194 4500 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys 09:51:17.0194 4500 VgaSave - ok 09:51:17.0226 4500 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys 09:51:17.0226 4500 vhdmp - ok 09:51:17.0272 4500 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys 09:51:17.0272 4500 viaide - ok 09:51:17.0288 4500 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys 09:51:17.0288 4500 volmgr - ok 09:51:17.0335 4500 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys 09:51:17.0350 4500 volmgrx - ok 09:51:17.0366 4500 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys 09:51:17.0382 4500 volsnap - ok 09:51:17.0397 4500 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys 09:51:17.0413 4500 vsmraid - ok 09:51:17.0444 4500 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys 09:51:17.0444 4500 vwifibus - ok 09:51:17.0475 4500 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys 09:51:17.0475 4500 vwififlt - ok 09:51:17.0506 4500 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys 09:51:17.0506 4500 vwifimp - ok 09:51:17.0538 4500 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys 09:51:17.0538 4500 WacomPen - ok 09:51:17.0569 4500 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 09:51:17.0569 4500 WANARP - ok 09:51:17.0569 4500 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 09:51:17.0569 4500 Wanarpv6 - ok 09:51:17.0600 4500 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys 09:51:17.0600 4500 Wd - ok 09:51:17.0616 4500 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys 09:51:17.0631 4500 Wdf01000 - ok 09:51:17.0678 4500 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys 09:51:17.0678 4500 WfpLwf - ok 09:51:17.0694 4500 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys 09:51:17.0694 4500 WIMMount - ok 09:51:17.0756 4500 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys 09:51:17.0756 4500 WinUsb - ok 09:51:17.0818 4500 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys 09:51:17.0818 4500 WmiAcpi - ok 09:51:17.0865 4500 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys 09:51:17.0865 4500 ws2ifsl - ok 09:51:17.0896 4500 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys 09:51:17.0896 4500 WSDPrintDevice - ok 09:51:17.0943 4500 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys 09:51:17.0943 4500 WudfPf - ok 09:51:17.0974 4500 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys 09:51:17.0974 4500 WUDFRd - ok 09:51:18.0021 4500 xusb21 (2ee48cfce7ca8e0db4c44c7476c0943b) C:\Windows\system32\DRIVERS\xusb21.sys 09:51:18.0037 4500 xusb21 - ok 09:51:18.0084 4500 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0 09:51:18.0130 4500 \Device\Harddisk0\DR0 - ok 09:51:18.0130 4500 Boot (0x1200) (11965ca34b912550c4758c39e92d6752) \Device\Harddisk0\DR0\Partition0 09:51:18.0130 4500 \Device\Harddisk0\DR0\Partition0 - ok 09:51:18.0146 4500 Boot (0x1200) (88bf45dc91eeb7cc1d8580a737f7fca7) \Device\Harddisk0\DR0\Partition1 09:51:18.0146 4500 \Device\Harddisk0\DR0\Partition1 - ok 09:51:18.0177 4500 Boot (0x1200) (794f4511f0b1dd54e2326d0d7f5ba244) \Device\Harddisk0\DR0\Partition2 09:51:18.0177 4500 \Device\Harddisk0\DR0\Partition2 - ok 09:51:18.0177 4500 ============================================================ 09:51:18.0177 4500 Scan finished 09:51:18.0177 4500 ============================================================ 09:51:18.0193 1436 Detected object count: 0 09:51:18.0193 1436 Actual detected object count: 0 Letzter Punkt folgt. ...hat auch nur schlappe 2 Stunden gedauert. Code:
ATTFilter SUPERAntiSpyware Scan Log hxxp://www.superantispyware.com Generated 12/29/2011 at 11:45 AM Application Version : 5.0.1142 Core Rules Database Version : 8089 Trace Rules Database Version: 5901 Scan type : Complete Scan Total Scan Time : 01:45:52 Operating System Information Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601) UAC On - Limited User Memory items scanned : 598 Memory threats detected : 0 Registry items scanned : 71568 Registry threats detected : 0 File items scanned : 240599 File threats detected : 17 Adware.Tracking Cookie C:\Users\Bianco\AppData\Roaming\Microsoft\Windows\Cookies\PY0B03YG.txt [ /adform.net ] C:\Users\Bianco\AppData\Roaming\Microsoft\Windows\Cookies\1FU88O4L.txt [ /ad4.adfarm1.adition.com ] C:\Users\Bianco\AppData\Roaming\Microsoft\Windows\Cookies\N5GHHQWE.txt [ /track.adform.net ] C:\Users\Bianco\AppData\Roaming\Microsoft\Windows\Cookies\VR8X7AE9.txt [ /doubleclick.net ] C:\Users\Bianco\AppData\Roaming\Microsoft\Windows\Cookies\FSRXRTWN.txt [ /ad2.adfarm1.adition.com ] C:\Users\Bianco\AppData\Roaming\Microsoft\Windows\Cookies\RMULBB68.txt [ /ad.yieldmanager.com ] C:\Users\Bianco\AppData\Roaming\Microsoft\Windows\Cookies\GHW0ZUFW.txt [ /adfarm1.adition.com ] C:\USERS\BIANCO\AppData\Roaming\Microsoft\Windows\Cookies\7R4J6YVT.txt [ Cookie:bianco@google.com/accounts/ ] C:\USERS\BIANCO\AppData\Roaming\Microsoft\Windows\Cookies\Low\8V716J61.txt [ Cookie:bianco@google.com/accounts/ ] C:\USERS\BIANCO\AppData\Roaming\Microsoft\Windows\Cookies\Low\OVH30P1Z.txt [ Cookie:bianco@www.google.com/accounts ] C:\USERS\BIANCO\Cookies\7R4J6YVT.txt [ Cookie:bianco@google.com/accounts/ ] C:\USERS\BIANCO\Cookies\PY0B03YG.txt [ Cookie:bianco@adform.net/ ] C:\USERS\BIANCO\Cookies\N5GHHQWE.txt [ Cookie:bianco@track.adform.net/ ] C:\USERS\BIANCO\Cookies\VR8X7AE9.txt [ Cookie:bianco@doubleclick.net/ ] C:\USERS\BIANCO\Cookies\RMULBB68.txt [ Cookie:bianco@ad.yieldmanager.com/ ] C:\USERS\BIANCO\Cookies\GHW0ZUFW.txt [ Cookie:bianco@adfarm1.adition.com/ ] Heuristic.Agent/Gen-Dropper C:\PROGRAM FILES (X86)\NEED FOR SPEED - MOST WANTED\CRACK\SD4HIDE\SD4HIDE.EXE Mir war nicht klar, dass ich das noch hier habe. Denke aber auch nicht, dass das der Urheber sämtlicher Quellen ist, weil es schon seit fast 6 Jahren da ist. Und außerdem hab ich es meines Wissens seit 1-2 Jahren nicht mehr ausgeführt. (Da ich es sowieso nicht nutze und ja sowieso illegal ist, würde ich es löschen. Geht das gefahrlos? Ich nehme mal an, ja?) Vielen Dank schon und nochmals für die Hilfe, mit freundlichem Gruß //Edit#1: Kann ich SUPERAntiSpyware auflassen und nachher wenn die "Freigabe" kommt die Gefahren einfach beseitigen lassen? //Edit#2: Ich habe übrigens die OTL auf den Desktop verschoben, das hatte ich beim ersten Scan vergessen. Ich weiß nicht, inwiefern das bei eventuell weiteren Fixes relevant ist. Geändert von Bexod (29.12.2011 um 12:06 Uhr) Grund: Nachtrag |
29.12.2011, 13:18 | #4 |
| Trojaner in AcroFF*.dll / Bafi.A (MSE) / CI.A (MBAM) Hi, SASW alles löschen lassen, MAM updaten und nochmal Fullscan... Wegen dem Crack ist das mein letztes posting... chris&out
__________________ Don't bring me down Vor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
29.12.2011, 19:56 | #5 |
| Trojaner in AcroFF*.dll / Bafi.A (MSE) / CI.A (MBAM) Guten Abend, leider fürchte ich, dass Chris dies nicht mehr liest. Nichtsdestotrotz möchte ich mich für die (scheinbar) erfolgreiche Hilfe bedanken. Und um Entschuldigung bitten, falls du dich jetzt ärgerst, mir geholfen zu haben. Es mag zwar keine Rolle mehr spielen und ihr könnt mir das nun auch glauben oder nicht, aber dieser Bezug oben war die einzig illegale Software, die meines Wissens jemals auf einem meiner Systeme gelandet war. Und ich hätte sie ganz sicher gelöscht, wenn ich gewusst hätte, dass sie noch da ist. Nachdem ich sie dann beim Scan entdeckt habe, hatte ich überlegt das Log entsprechend abzuändern, wollte aber getreu dem Motto „Ehrlich währt am Längsten“, diesen Fehler eingestehen und hatte gehofft mit offenkundiger Reue und Versuch der Korrektur zur milde gestimmt zu haben. Dass dies nicht der Fall ist, kann ich allerdings auch nachvollziehen und es tut mir Leid, falls damit mehr als Unannehmlichkeiten entstanden sein sollten. Da ich sehr zufrieden mit der kompetenten Hilfe war und auch in Zukunft auf die Unterstützung des Trojaner-Boards gehofft hatte, würde mich noch interessieren, ob ich hiermit unwiderruflich mein Privileg auf Hilfe verwirkt habe, trotz in Zukunft legal gehaltenem Systems? Um noch zum zwangsweisen Abschluss der Sache zu kommen: SASW hat noch mal ein paar TrackingCookies gefunden, allerdings nichts Gravierenderes (so scheint es). MBAM hat wie schon heute Morgen überhaupt nicht mehr angeschlagen. Lediglich der ESET Online Scanner hat die von OTL gefixten Schädlinge im Ordner _OTL gefunden. Falls sich noch jemand erbarmen lässt, hätte ich dazu die Frage, ob ich den Ordner nun gefahrlos löschen kann oder die da halt drin bleiben. Ansonsten nochmals vielen Dank und sorry. Einen angenehmen Abend noch & einen guten Rutsch ins neue Jahr, mit freundlichen Grüßen Bexod |
Themen zu Trojaner in AcroFF*.dll / Bafi.A (MSE) / CI.A (MBAM) |
64-bit, 7-zip, acroiehelpe, adobe, autorun, backdoor.agent, bereit, bho, black, browser, c:\windows\system32\rundll32.exe, dateisystem, entfernen, error, erste mal, fehler, firefox, flash player, google earth, helper, heuristiks/extra, heuristiks/shuriken, hijack, home, install.exe, kein log, langs, logfile, microsoft office word, microsoft security, microsoft security essentials, office 2007, officejet, plug-in, programm, realtek, registry, required, rundll, scan, security, security update, senden, server, software, trj/ci.a, trojan.passwords, trojaner, usb, usb 3.0, webcheck |