|
Plagegeister aller Art und deren Bekämpfung: 100€ Virus (mor.exe)Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
30.03.2012, 01:19 | #1 |
| 100€ Virus (mor.exe) Hallo, habe mir die bereits öfter erwähnte mor.exe eingefangen, welche sich nur durch rechnerneustart schließen lies. Die datei selber im temp ordner ließ sich problemlos löschen, bin aber eben nicht sicher ob wirklich schon alles entfernt ist. Danke für eure Hilfe |
30.03.2012, 17:38 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | 100€ Virus (mor.exe) Bitte erstmal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
__________________Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden. Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! ESET Online Scanner
Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ |
02.04.2012, 02:08 | #3 |
| 100€ Virus (mor.exe) Hallo,
__________________und danke für die Antowort Hier die beiden Logs: Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.60.1.1000 www.malwarebytes.org Datenbank Version: v2012.04.01.04 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 8.0.7601.17514 Pegasuz :: PEGASUZ2 [Administrator] Schutz: Aktiviert 01.04.2012 23:01:39 mbam-log-2012-04-01 (23-01-39).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 350022 Laufzeit: 1 Stunde(n), 28 Minute(n), 52 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=6f2403a0271b4a46a9c3643e6ad7c946 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-04-02 12:57:31 # local_time=2012-04-02 02:57:31 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=1792 16777215 100 0 9095413 9095413 0 0 # compatibility_mode=5893 16776574 100 85 3254193 84951666 0 0 # compatibility_mode=8192 67108863 100 0 887 887 0 0 # compatibility_mode=9217 16777214 75 66 38714257 55594105 0 0 # scanned=171314 # found=22 # cleaned=0 # scan_time=7776 C:\Program Files\Acer Arcade Deluxe\PlayMovie\VideoFilter\cl264dec.ax probably a variant of Win32/Hupigon.DCPCEC trojan (unable to clean) 00000000000000000000000000000000 I C:\Program Files\Acer Arcade Deluxe\PlayMovie\VideoFilter\cldabc.dll probably a variant of Win32/Hupigon.EFSSZFA trojan (unable to clean) 00000000000000000000000000000000 I C:\Program Files\Acer Arcade Deluxe\PlayMovie\VideoFilter\cldorz.dll probably a variant of Win32/Hupigon.KQQLKZT trojan (unable to clean) 00000000000000000000000000000000 I C:\Toolz\CRC-Killer.exe Win32/Packed.Autoit.C.Gen application (unable to clean) 00000000000000000000000000000000 I C:\Users\Pegasuz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11\4b39be8b-267b01df a variant of Java/TrojanDownloader.Agent.AD trojan (unable to clean) 00000000000000000000000000000000 I C:\Users\Pegasuz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\6d76550c-4881728a Java/Agent.EI trojan (unable to clean) 00000000000000000000000000000000 I C:\Users\Pegasuz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\78e2444c-59ce3de8 Java/Exploit.CVE-2011-3544.L trojan (unable to clean) 00000000000000000000000000000000 I C:\Users\Pegasuz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\30c08a91-77cb5d99 a variant of Java/TrojanDownloader.Agent.AD trojan (unable to clean) 00000000000000000000000000000000 I C:\Users\Pegasuz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\67c69e11-7adf2233 a variant of Java/Exploit.CVE-2012-0507.D trojan (unable to clean) 00000000000000000000000000000000 I C:\Users\Pegasuz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\165f57c2-108daa08 probably a variant of Java/Exploit.CVE-2012-0507.C trojan (unable to clean) 00000000000000000000000000000000 I C:\Users\Pegasuz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\728a1d82-4717ad02 a variant of Java/TrojanDownloader.OpenConnection.AQ trojan (unable to clean) 00000000000000000000000000000000 I C:\Users\Pegasuz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\193cd055-660da22e multiple threats (unable to clean) 00000000000000000000000000000000 I C:\Users\Pegasuz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\1c7ed395-4141cfcb a variant of Java/Exploit.CVE-2011-3544.B trojan (unable to clean) 00000000000000000000000000000000 I C:\Users\Pegasuz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\5bf70e57-1e4bd70b multiple threats (unable to clean) 00000000000000000000000000000000 I C:\Users\Pegasuz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\78c10d1b-48081999 a variant of Java/Exploit.CVE-2011-3544.AA trojan (unable to clean) 00000000000000000000000000000000 I C:\Users\Pegasuz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\7679fe61-16288d62 a variant of Java/Exploit.CVE-2012-0507.B trojan (unable to clean) 00000000000000000000000000000000 I C:\Users\Pegasuz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\7135ddab-5f99353e Java/TrojanDownloader.Agent.AD trojan (unable to clean) 00000000000000000000000000000000 I C:\Users\Pegasuz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\6dfaef34-1d014d7b multiple threats (unable to clean) 00000000000000000000000000000000 I C:\Users\Pegasuz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\280b3877-105c4176 multiple threats (unable to clean) 00000000000000000000000000000000 I C:\Users\Pegasuz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56\66f3c038-6ed573db a variant of Win32/Kryptik.WLG trojan (unable to clean) 00000000000000000000000000000000 I C:\Users\Pegasuz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\7517c83a-458a24d5 a variant of Java/TrojanDownloader.OpenConnection.AQ trojan (unable to clean) 00000000000000000000000000000000 I C:\Users\Pegasuz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\7b781448-3747c428 Java/Exploit.CVE-2011-3544.BB trojan (unable to clean) 00000000000000000000000000000000 I |
02.04.2012, 11:31 | #4 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | 100€ Virus (mor.exe)Zitat:
Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt? Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.
__________________ Logfiles bitte immer in CODE-Tags posten |
04.04.2012, 20:28 | #5 |
| 100€ Virus (mor.exe) Crc-Killer ist ein kleines Tool um Archive auch entpacken zu können wenn diese CRC Fehler haben, also zum beispiel beim download was schiefgegangen ist. siehe auch hxxp://www.perfectsoft.tk/Programme.php?n=CRC-Killer Bei Malwarebytes gibt es nur neuere Logs die scheinbar automatisch erstellt werden: Code:
ATTFilter 2012/04/01 22:59:57 +0200 PEGASUZ2 Pegasuz MESSAGE Executing scheduled update: Daily 2012/04/01 22:59:57 +0200 PEGASUZ2 Pegasuz MESSAGE Starting protection 2012/04/01 23:00:00 +0200 PEGASUZ2 Pegasuz MESSAGE Protection started successfully 2012/04/01 23:00:03 +0200 PEGASUZ2 Pegasuz MESSAGE Starting IP protection 2012/04/01 23:00:07 +0200 PEGASUZ2 Pegasuz MESSAGE IP Protection started successfully 2012/04/01 23:00:13 +0200 PEGASUZ2 Pegasuz MESSAGE Scheduled update executed successfully: database updated from version v2012.03.31.02 to version v2012.04.01.04 2012/04/01 23:00:13 +0200 PEGASUZ2 Pegasuz MESSAGE Starting database refresh 2012/04/01 23:00:13 +0200 PEGASUZ2 Pegasuz MESSAGE Stopping IP protection 2012/04/01 23:02:56 +0200 PEGASUZ2 Pegasuz MESSAGE IP Protection stopped 2012/04/01 23:02:58 +0200 PEGASUZ2 Pegasuz MESSAGE Database refreshed successfully 2012/04/01 23:02:58 +0200 PEGASUZ2 Pegasuz MESSAGE Starting IP protection 2012/04/01 23:03:00 +0200 PEGASUZ2 Pegasuz MESSAGE IP Protection started successfully Code:
ATTFilter 2012/04/02 00:45:04 +0200 PEGASUZ2 Pegasuz MESSAGE Stopping IP protection 2012/04/02 00:47:55 +0200 PEGASUZ2 Pegasuz MESSAGE IP Protection stopped 2012/04/02 02:18:35 +0200 PEGASUZ2 Pegasuz MESSAGE Executing scheduled update: Daily 2012/04/02 02:18:47 +0200 PEGASUZ2 Pegasuz MESSAGE Starting database refresh 2012/04/02 02:18:47 +0200 PEGASUZ2 Pegasuz MESSAGE Scheduled update executed successfully: database updated from version v2012.04.01.04 to version v2012.04.01.05 2012/04/02 02:19:10 +0200 PEGASUZ2 Pegasuz MESSAGE Database refreshed successfully 2012/04/02 23:45:11 +0200 PEGASUZ2 Pegasuz MESSAGE Starting protection 2012/04/02 23:45:14 +0200 PEGASUZ2 Pegasuz MESSAGE Protection started successfully 2012/04/02 23:45:17 +0200 PEGASUZ2 Pegasuz MESSAGE Starting IP protection 2012/04/02 23:45:19 +0200 PEGASUZ2 Pegasuz MESSAGE IP Protection started successfully MfG |
04.04.2012, 22:48 | #6 |
/// Winkelfunktion /// TB-Süch-Tiger™ | 100€ Virus (mor.exe) Hätte da mal zwei Fragen bevor es weiter geht 1.) Geht der normale Modus wieder uneingeschränkt? 2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?
__________________ --> 100€ Virus (mor.exe) |
04.04.2012, 22:54 | #7 |
| 100€ Virus (mor.exe) hi, 1. Ja Windows läßt sich normal starten 2. Im Startmenü ist auch alles ok 3. Was mir aufgefallen ist, der "AppData" Ordner unter meinem Benutzernamen war versteckt, ließ sich aber durch ändern der Ordneroptionen wieder sichtbar machen. (habe normaleweise nie ordner versteckt/unsichtbar) MfG |
04.04.2012, 23:33 | #8 |
/// Winkelfunktion /// TB-Süch-Tiger™ | 100€ Virus (mor.exe) Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %SYSTEMDRIVE%\*.exe /md5start wininit.exe userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten |
05.04.2012, 00:02 | #9 |
| 100€ Virus (mor.exe) Hier das Logfile: Code:
ATTFilter OTL logfile created on: 05.04.2012 00:46:38 - Run 2 OTL by OldTimer - Version 3.2.39.2 Folder = D:\New Folder\Incoming Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 1,88 Gb Available Physical Memory | 62,92% Memory free 5,99 Gb Paging File | 4,77 Gb Available in Paging File | 79,71% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 142,16 Gb Total Space | 24,89 Gb Free Space | 17,51% Space Free | Partition Type: NTFS Drive D: | 142,18 Gb Total Space | 113,58 Gb Free Space | 79,88% Space Free | Partition Type: NTFS Computer Name: PEGASUZ2 | User Name: Pegasuz | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - D:\New Folder\Incoming\OTL.exe (OldTimer Tools) PRC - C:\Programme\Secure Banking\v1.4\sbservice.exe () PRC - C:\Programme\Samsung\AllShare\AllShareDMS\AllShareDMS.exe (Samsung Electronics Co., Ltd.) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Windows\Explorer.EXE (Microsoft Corporation) PRC - C:\Windows\System32\FsUsbExService.Exe (Teruten) PRC - C:\Windows\System32\atieclxx.exe (AMD) PRC - C:\Windows\System32\atiesrxx.exe (AMD) PRC - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) PRC - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (Microsoft Corporation) PRC - C:\Programme\Acer\Empowering Technology\Service\ETService.exe () PRC - C:\Acer\Mobility Center\MobilityService.exe (Acer Incorporated) PRC - C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe () PRC - C:\Programme\Acer\Empowering Technology\eAudio\eAudio.exe (Acer Incorporated) PRC - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated) PRC - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe (Egis Incorporated) PRC - C:\Programme\RocketDock\RocketDock.exe () PRC - C:\Programme\DTProTS\DTProTS.exe () ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll () MOD - C:\Programme\Secure Banking\v1.4\SecureBanking.dll () MOD - C:\Programme\Secure Banking\v1.4\funcs.dll () MOD - C:\Programme\Secure Banking\v1.4\sbservice.exe () MOD - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\ShowErrMsg.dll () MOD - C:\Programme\RocketDock\RocketDock.exe () MOD - C:\Programme\RocketDock\RocketDock.dll () ========== Win32 Services (SafeList) ========== SRV - (getPlusHelper) -- C:\Program Files\NOS\bin\getPlus_Helper.dll File not found SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (SamsungAllShareV2.0) -- C:\Programme\Samsung\AllShare\AllShareDMS\AllShareDMS.exe (Samsung Electronics Co., Ltd.) SRV - (SimpleSlideShowServer) -- C:\Programme\Samsung\AllShare\AllShareSlideShowService.exe (Samsung Electronics Co., Ltd.) SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (odserv) -- C:\Programme\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (nosGetPlusHelper) getPlus(R) -- C:\Programme\NOS\bin\getPlus_Helper_3004.dll (NOS Microsystems Ltd.) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (vsmon) -- C:\Windows\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD) SRV - (FsUsbExService) -- C:\Windows\System32\FsUsbExService.Exe (Teruten) SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) SRV - (ETService) -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe () SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV - (MobilityService) -- C:\Acer\Mobility Center\MobilityService.exe (Acer Incorporated) SRV - (CLHNService) -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe () SRV - (eDataSecurity Service) -- C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated) SRV - (ose) -- C:\Programme\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (DTProTS) -- C:\Programme\DTProTS\DTProTS.exe () ========== Driver Services (SafeList) ========== DRV - (XDva391) -- C:\Windows\system32\XDva391.sys File not found DRV - (VMnetAdapter) -- system32\DRIVERS\vmnetadapter.sys File not found DRV - (USBModem) -- system32\DRIVERS\lgusbmodem.sys File not found DRV - (UsbDiag) -- system32\DRIVERS\lgusbdiag.sys File not found DRV - (usbbus) -- system32\DRIVERS\lgusbbus.sys File not found DRV - (RSUSBSTOR) -- System32\Drivers\RtsUStor.sys File not found DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- system32\drivers\RTKVHDA.sys File not found DRV - (hwdatacard) -- system32\DRIVERS\ewusbmdm.sys File not found DRV - (dgderdrv) -- System32\drivers\dgderdrv.sys File not found DRV - (cmnsusbser) -- system32\DRIVERS\cmnsusbser.sys File not found DRV - (apv6mmuc) -- File not found DRV - (avipbb) -- C:\Windows\System32\DRIVERS\avipbb.sys (Avira GmbH) DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (avgntflt) -- C:\Windows\System32\DRIVERS\avgntflt.sys (Avira GmbH) DRV - (avkmgr) -- C:\Windows\System32\DRIVERS\avkmgr.sys (Avira GmbH) DRV - (ssudmdm) SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.) -- C:\Windows\System32\DRIVERS\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr)) DRV - (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.) -- C:\Windows\System32\DRIVERS\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr)) DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys () DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\tsusbflt.sys (Microsoft Corporation) DRV - (RMCAST) -- C:\Windows\System32\DRIVERS\RMCAST.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\DRIVERS\WinUsb.sys (Microsoft Corporation) DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.SYS () DRV - (ssmdrv) -- C:\Windows\System32\DRIVERS\ssmdrv.sys (Avira GmbH) DRV - (Vsdatant) -- C:\Windows\System32\DRIVERS\vsdatant.sys (Check Point Software Technologies LTD) DRV - (sscemdm) -- C:\Windows\System32\DRIVERS\sscemdm.sys (MCCI Corporation) DRV - (ssceserd) SAMSUNG Mobile Modem Diagnostic Serial Port V2 (WDM) -- C:\Windows\System32\DRIVERS\ssceserd.sys (MCCI Corporation) DRV - (sscebus) SAMSUNG USB Composite Device V2 driver (WDM) -- C:\Windows\System32\DRIVERS\sscebus.sys (MCCI Corporation) DRV - (sscemdfl) -- C:\Windows\System32\DRIVERS\sscemdfl.sys (MCCI Corporation) DRV - (ss_bmdm) -- C:\Windows\System32\DRIVERS\ss_bmdm.sys (MCCI Corporation) DRV - (ss_bbus) SAMSUNG USB Mobile Device (WDM) -- C:\Windows\System32\DRIVERS\ss_bbus.sys (MCCI) DRV - (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter) -- C:\Windows\System32\DRIVERS\ss_bmdfl.sys (MCCI Corporation) DRV - (atikmdag) -- C:\Windows\System32\DRIVERS\atikmdag.sys (ATI Technologies Inc.) DRV - (amdkmdag) -- C:\Windows\System32\DRIVERS\atikmdag.sys (ATI Technologies Inc.) DRV - (amdkmdap) -- C:\Windows\System32\DRIVERS\atikmpag.sys (Advanced Micro Devices, Inc.) DRV - (NETw5s32) Intel(R) -- C:\Windows\System32\DRIVERS\NETw5s32.sys (Intel Corporation) DRV - (hidshim) -- C:\Windows\System32\DRIVERS\hidshim.sys (Windows (R) Win 7 DDK provider) DRV - (nuvotonhidgeneric) -- C:\Windows\System32\DRIVERS\nuvotonhidgeneric.sys (Nuvoton Technology Corporation) DRV - (netw5v32) Intel(R) -- C:\Windows\System32\DRIVERS\netw5v32.sys (Intel Corporation) DRV - (RTHDMIAzAudService) -- C:\Windows\System32\drivers\RtHDMIV.sys (Realtek Semiconductor Corp.) DRV - ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) -- C:\Programme\Acer Arcade Deluxe\PlayMovie\000.fcl (CyberLink Corp.) DRV - (int15) -- C:\Windows\System32\drivers\int15.sys (Acer, Inc.) DRV - (XAudio) -- C:\Windows\System32\DRIVERS\xaudio.sys (Conexant Systems, Inc.) DRV - (AVMUNET) -- C:\Windows\System32\DRIVERS\avmunet.sys (AVM GmbH) DRV - (AFPAnsi) -- C:\Windows\System32\Drivers\AFPAnsi.sys (Alfa Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0809&m=aspire_8730 IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2851647 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3659569405-2327324472-3049137322-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0809&m=aspire_8730 IE - HKU\S-1-5-21-3659569405-2327324472-3049137322-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data] IE - HKU\S-1-5-21-3659569405-2327324472-3049137322-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = IE - HKU\S-1-5-21-3659569405-2327324472-3049137322-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKU\S-1-5-21-3659569405-2327324472-3049137322-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-3659569405-2327324472-3049137322-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://global.acer.com [binary data] IE - HKU\S-1-5-21-3659569405-2327324472-3049137322-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0809&m=aspire_8730 IE - HKU\S-1-5-21-3659569405-2327324472-3049137322-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-3659569405-2327324472-3049137322-1000\..\URLSearchHook: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - No CLSID value found IE - HKU\S-1-5-21-3659569405-2327324472-3049137322-1000\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKU\S-1-5-21-3659569405-2327324472-3049137322-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKU\S-1-5-21-3659569405-2327324472-3049137322-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW IE - HKU\S-1-5-21-3659569405-2327324472-3049137322-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2851647 IE - HKU\S-1-5-21-3659569405-2327324472-3049137322-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3659569405-2327324472-3049137322-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = fritz.box;192.168.178.1;127.0.0.1 ========== FireFox ========== FF - prefs.js..browser.search.update: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.12startseite.de/index.php" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_228.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll File not found FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@virtools.com/3DviaPlayer: C:\Program Files\Virtools\3D Life Player\npvirtools.dll File not found FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Pegasuz\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.03.19 23:06:16 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.02.24 09:22:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pegasuz\AppData\Roaming\mozilla\Extensions [2010.05.30 14:32:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pegasuz\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2011.04.13 18:40:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pegasuz\AppData\Roaming\mozilla\Extensions\IMVUClientXUL@imvu.com [2012.04.04 22:51:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pegasuz\AppData\Roaming\mozilla\Firefox\Profiles\2xmvettj.default\extensions [2012.04.04 22:51:35 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Pegasuz\AppData\Roaming\mozilla\Firefox\Profiles\2xmvettj.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2012.03.22 08:51:43 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\Pegasuz\AppData\Roaming\mozilla\Firefox\Profiles\2xmvettj.default\extensions\support@lastpass.com [2012.04.04 22:51:44 | 000,002,112 | ---- | M] () -- C:\Users\Pegasuz\AppData\Roaming\Mozilla\Firefox\Profiles\2xmvettj.default\searchplugins\wot-safe-search.xml [2012.02.24 09:23:47 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\mozilla firefox\extensions () (No name found) -- C:\USERS\PEGASUZ\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2XMVETTJ.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI () (No name found) -- C:\USERS\PEGASUZ\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2XMVETTJ.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI [2012.03.19 23:06:16 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.02.16 13:02:53 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.02.16 12:48:01 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.02.16 13:02:53 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.02.16 13:02:53 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.02.16 13:02:53 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.02.16 13:02:53 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2000.01.01 01:00:00 | 000,000,794 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 secure.disc-soft.com O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O3 - HKU\S-1-5-21-3659569405-2327324472-3049137322-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O4 - HKLM..\Run: [AllShareAgent] C:\Programme\Samsung\AllShare\AllShareAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [eAudio] C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe (Acer Incorporated) O4 - HKLM..\Run: [eDataSecurity Loader] C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe (Egis Incorporated) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD) O4 - HKU\S-1-5-21-3659569405-2327324472-3049137322-1000..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe () O4 - HKU\S-1-5-21-3659569405-2327324472-3049137322-1000..\Run: [SecureBanking] C:\Programme\Secure Banking\v1.4\SecureBanking.exe (Secure Banking) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\S-1-5-21-3659569405-2327324472-3049137322-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1 O7 - HKU\S-1-5-21-3659569405-2327324472-3049137322-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\MICROS~4\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\Pegasuz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk () O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-3659569405-2327324472-3049137322-1000\..Trusted Domains: fritz.box ([]* in Lokales Intranet) O15 - HKU\S-1-5-21-3659569405-2327324472-3049137322-1000\..Trusted Ranges: Range1 ([*] in Lokales Intranet) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0C5F150D-4CA5-4E28-A2A7-3BC269E2EFAD}: DhcpNameServer = 192.168.2.1 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9A96DDCA-6073-439C-BDCE-DC4BF86E933D}: DhcpNameServer = 192.168.42.129 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O24 - Desktop WallPaper: C:\Users\Pegasuz\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Pegasuz\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{02fd1b56-584d-11df-a5f4-001f16be9587}\Shell - "" = AutoRun O33 - MountPoints2\{02fd1b56-584d-11df-a5f4-001f16be9587}\Shell\AutoRun\command - "" = J:\preinst.exe O33 - MountPoints2\{12f03283-0571-11e1-9179-001f16be9587}\Shell - "" = AutoRun O33 - MountPoints2\{12f03283-0571-11e1-9179-001f16be9587}\Shell\AutoRun\command - "" = H:\AutoRun.exe O33 - MountPoints2\{12f0328d-0571-11e1-9179-001f16be9587}\Shell - "" = AutoRun O33 - MountPoints2\{12f0328d-0571-11e1-9179-001f16be9587}\Shell\AutoRun\command - "" = H:\AutoRun.exe O33 - MountPoints2\{12f03298-0571-11e1-9179-001f16be9587}\Shell - "" = AutoRun O33 - MountPoints2\{12f03298-0571-11e1-9179-001f16be9587}\Shell\AutoRun\command - "" = H:\AutoRun.exe O33 - MountPoints2\{37dd83cc-57f5-11df-a13d-001f16be9587}\Shell - "" = AutoRun O33 - MountPoints2\{37dd83cc-57f5-11df-a13d-001f16be9587}\Shell\AutoRun\command - "" = I:\preinst.exe O33 - MountPoints2\{614d254d-8f85-11df-804a-001e657ece4c}\Shell - "" = AutoRun O33 - MountPoints2\{614d254d-8f85-11df-804a-001e657ece4c}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{63b23e4d-8267-11df-8c5f-001e657ece4c}\Shell - "" = AutoRun O33 - MountPoints2\{63b23e4d-8267-11df-8c5f-001e657ece4c}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{63b23e55-8267-11df-8c5f-001e657ece4c}\Shell - "" = AutoRun O33 - MountPoints2\{63b23e55-8267-11df-8c5f-001e657ece4c}\Shell\AutoRun\command - "" = I:\AutoRun.exe O33 - MountPoints2\{7e4a52cd-8752-11df-b642-001e657ece4c}\Shell - "" = AutoRun O33 - MountPoints2\{7e4a52cd-8752-11df-b642-001e657ece4c}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{8ac17976-b854-11de-88c9-001e657ece4c}\Shell - "" = AutoRun O33 - MountPoints2\{8ac17976-b854-11de-88c9-001e657ece4c}\Shell\AutoRun\command - "" = H:\autorun.exe O33 - MountPoints2\{8b58dfcd-97ee-11df-a5ae-001e657ece4c}\Shell - "" = AutoRun O33 - MountPoints2\{8b58dfcd-97ee-11df-a5ae-001e657ece4c}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{8b58dfd0-97ee-11df-a5ae-001e657ece4c}\Shell - "" = AutoRun O33 - MountPoints2\{8b58dfd0-97ee-11df-a5ae-001e657ece4c}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{a54171c8-022d-11e0-aed3-001f16be9587}\Shell - "" = AutoRun O33 - MountPoints2\{a54171c8-022d-11e0-aed3-001f16be9587}\Shell\AutoRun\command - "" = "G:\WD SmartWare.exe" autoplay=true O33 - MountPoints2\{ab371969-d057-11de-9019-001f16be9587}\Shell - "" = AutoRun O33 - MountPoints2\{ab371969-d057-11de-9019-001f16be9587}\Shell\AutoRun\command - "" = G:\USBAutoRun.exe O33 - MountPoints2\{ac721ece-8442-11df-800a-001e657ece4c}\Shell - "" = AutoRun O33 - MountPoints2\{ac721ece-8442-11df-800a-001e657ece4c}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{ac721ed0-8442-11df-800a-001e657ece4c}\Shell - "" = AutoRun O33 - MountPoints2\{ac721ed0-8442-11df-800a-001e657ece4c}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{ca98c62e-4a6e-11df-8aa0-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{ca98c62e-4a6e-11df-8aa0-806e6f6e6963}\Shell\AutoRun\command - "" = H:\SETUP95.EXE O33 - MountPoints2\{e57b67c4-b1db-11df-9e23-001f16be9587}\Shell - "" = AutoRun O33 - MountPoints2\{e57b67c4-b1db-11df-9e23-001f16be9587}\Shell\AutoRun\command - "" = H:\AutoRun.exe O33 - MountPoints2\{e57b67c7-b1db-11df-9e23-001f16be9587}\Shell - "" = AutoRun O33 - MountPoints2\{e57b67c7-b1db-11df-9e23-001f16be9587}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\USBAutoRun.exe O33 - MountPoints2\H\Shell - "" = AutoRun O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpFolder: C:^Users^Pegasuz^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^0.713674863367620167f76.exe.lnk - - File not found MsConfig - StartUpFolder: C:^Users^Pegasuz^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^IMVU.lnk - - File not found MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: Akamai NetSession Interface - hkey= - key= - File not found MsConfig - StartUpReg: AllShareAgent - hkey= - key= - C:\Programme\Samsung\AllShare\AllShareAgent.exe (Samsung Electronics Co., Ltd.) MsConfig - StartUpReg: APSDaemon - hkey= - key= - File not found MsConfig - StartUpReg: ControlCenter3 - hkey= - key= - C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.) MsConfig - StartUpReg: DAEMON Tools Pro Agent - hkey= - key= - C:\Program Files\DAEMON Tools Pro\DTAgent.exe (DT Soft Ltd) MsConfig - StartUpReg: Google Update - hkey= - key= - File not found MsConfig - StartUpReg: iTunesHelper - hkey= - key= - File not found MsConfig - StartUpReg: KiesHelper - hkey= - key= - C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung) MsConfig - StartUpReg: KiesPDLR - hkey= - key= - C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () MsConfig - StartUpReg: StartCCC - hkey= - key= - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) MsConfig - State: "services" - 2 MsConfig - State: "startup" - 2 MsConfig - State: "bootini" - 2 SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: WinDefend - C:\Programme\Windows Defender\mpsvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: vsmon - C:\Windows\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD) SafeBootNet: WinDefend - C:\Programme\Windows Defender\mpsvc.dll (Microsoft Corporation) SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.lhacm - C:\Windows\System32\lhacm.acm (Microsoft Corporation) Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.ffds - C:\Windows\System32\ff_vfw.dll () Drivers32: vidc.iv31 - C:\Windows\System32\ir32_32.dll (Intel(R) Corporation) Drivers32: vidc.iv32 - C:\Windows\System32\ir32_32.dll (Intel(R) Corporation) Drivers32: vidc.VSPX - C:\Windows\System32\vspxvfw.dll () CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.04.05 00:00:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2012.04.04 22:36:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2012.04.04 22:36:31 | 000,000,000 | ---D | C] -- C:\Program Files\Skype [2012.04.04 22:24:02 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Pegasuz\Desktop\aswMBR.exe [2012.04.04 21:58:19 | 000,000,000 | ---D | C] -- C:\Program Files\Secure Banking [2012.04.02 00:33:08 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2012.03.31 06:30:48 | 000,000,000 | ---D | C] -- C:\Users\Pegasuz\AppData\Roaming\Malwarebytes [2012.03.31 06:30:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.03.31 06:30:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.03.31 06:30:20 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.03.31 06:30:20 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.03.23 19:43:11 | 000,000,000 | ---D | C] -- C:\Users\Pegasuz\AppData\Roaming\WindSolutions [2012.03.23 19:43:11 | 000,000,000 | ---D | C] -- C:\ProgramData\WindSolutions [2012.03.12 14:03:45 | 000,000,000 | ---D | C] -- C:\Program Files\ShadowBladeTN3ENG [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.04.04 23:09:24 | 000,016,176 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.04.04 23:09:24 | 000,016,176 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.04.04 22:59:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.04.04 22:55:05 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.04.04 22:55:05 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.04.04 22:55:05 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.04.04 22:55:05 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.04.04 22:51:21 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.04.04 22:36:30 | 000,000,536 | ---- | M] () -- C:\Windows\tasks\{BA37C855-184C-4BDB-95D3-9588C533021B}.job [2012.04.04 22:23:50 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Pegasuz\Desktop\aswMBR.exe [2012.03.23 18:38:59 | 000,378,216 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.04.04 22:51:21 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.04.04 22:36:30 | 000,000,536 | ---- | C] () -- C:\Windows\tasks\{BA37C855-184C-4BDB-95D3-9588C533021B}.job [2011.09.12 16:10:00 | 000,000,030 | ---- | C] () -- C:\Windows\System32\brss01a.ini [2011.09.12 16:09:59 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI [2011.09.12 16:09:59 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI [2011.06.07 16:52:29 | 000,081,920 | ---- | C] () -- C:\Windows\System32\GkSui20.EXE [2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat [2011.03.20 19:31:20 | 000,000,502 | ---- | C] () -- C:\Windows\wiso.ini [2011.01.29 18:00:24 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2011.01.29 18:00:22 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll [2011.01.29 18:00:22 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll [2011.01.29 18:00:22 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll [2011.01.29 18:00:22 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll [2010.09.19 18:04:35 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf05a.dat [2010.07.11 17:32:52 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll [2010.07.11 17:32:52 | 000,036,640 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys [2010.05.25 01:00:30 | 000,007,601 | ---- | C] () -- C:\Users\Pegasuz\AppData\Local\Resmon.ResmonCfg [2010.05.21 21:34:06 | 000,002,023 | ---- | C] () -- C:\Windows\System32\atipblag.dat [2010.05.16 14:23:44 | 000,019,456 | ---- | C] () -- C:\Users\Pegasuz\AppData\Local\WebpageIcons.db [2010.05.07 15:37:21 | 000,065,536 | ---- | C] () -- C:\Windows\TADSUINS.EXE ========== LOP Check ========== [2009.10.19 11:21:58 | 000,000,000 | -HSD | M] -- C:\Users\Pegasuz\AppData\Roaming\.# [2009.12.23 15:14:00 | 000,000,000 | -H-D | M] -- C:\Users\Pegasuz\AppData\Roaming\Acer GameZone Console [2011.03.20 19:31:29 | 000,000,000 | ---D | M] -- C:\Users\Pegasuz\AppData\Roaming\Buhl Data Service [2009.12.27 06:31:00 | 000,000,000 | -H-D | M] -- C:\Users\Pegasuz\AppData\Roaming\CheckPoint [2011.11.29 15:12:13 | 000,000,000 | -H-D | M] -- C:\Users\Pegasuz\AppData\Roaming\DAEMON Tools Pro [2011.11.14 08:18:09 | 000,000,000 | ---D | M] -- C:\Users\Pegasuz\AppData\Roaming\IMVU [2011.09.26 15:17:43 | 000,000,000 | ---D | M] -- C:\Users\Pegasuz\AppData\Roaming\IMVUClient [2009.12.23 15:14:01 | 000,000,000 | -H-D | M] -- C:\Users\Pegasuz\AppData\Roaming\LG Electronics [2012.01.13 08:46:08 | 000,000,000 | ---D | M] -- C:\Users\Pegasuz\AppData\Roaming\LolClient [2012.01.24 09:25:32 | 000,000,000 | ---D | M] -- C:\Users\Pegasuz\AppData\Roaming\Metaversum [2011.06.08 20:57:56 | 000,000,000 | ---D | M] -- C:\Users\Pegasuz\AppData\Roaming\PopCapv1003 [2009.12.23 15:14:09 | 000,000,000 | -H-D | M] -- C:\Users\Pegasuz\AppData\Roaming\PowerCinema [2012.02.22 16:41:54 | 000,000,000 | ---D | M] -- C:\Users\Pegasuz\AppData\Roaming\QuickScan [2011.07.21 20:29:33 | 000,000,000 | ---D | M] -- C:\Users\Pegasuz\AppData\Roaming\RenPy [2010.05.21 14:02:58 | 000,000,000 | ---D | M] -- C:\Users\Pegasuz\AppData\Roaming\SAD [2011.12.16 22:50:15 | 000,000,000 | ---D | M] -- C:\Users\Pegasuz\AppData\Roaming\Samsung [2011.10.14 14:42:23 | 000,000,000 | ---D | M] -- C:\Users\Pegasuz\AppData\Roaming\SecondLife [2010.05.17 17:26:28 | 000,000,000 | ---D | M] -- C:\Users\Pegasuz\AppData\Roaming\Senosoft [2009.12.23 15:14:09 | 000,000,000 | -H-D | M] -- C:\Users\Pegasuz\AppData\Roaming\SoftDMA [2010.03.20 18:37:20 | 000,000,000 | -H-D | M] -- C:\Users\Pegasuz\AppData\Roaming\Thunderbird [2011.04.01 17:48:08 | 000,000,000 | ---D | M] -- C:\Users\Pegasuz\AppData\Roaming\TS3Client [2010.05.09 17:08:07 | 000,000,000 | ---D | M] -- C:\Users\Pegasuz\AppData\Roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1 [2011.02.12 13:23:59 | 000,000,000 | ---D | M] -- C:\Users\Pegasuz\AppData\Roaming\Unity [2012.02.07 23:43:45 | 000,000,000 | ---D | M] -- C:\Users\Pegasuz\AppData\Roaming\uTorrent [2012.01.14 19:06:57 | 000,000,000 | ---D | M] -- C:\Users\Pegasuz\AppData\Roaming\VenusHostage [2011.12.24 17:55:57 | 000,000,000 | ---D | M] -- C:\Users\Pegasuz\AppData\Roaming\Vista Start Menu [2012.03.23 19:47:05 | 000,000,000 | ---D | M] -- C:\Users\Pegasuz\AppData\Roaming\WindSolutions [2009.07.14 06:53:46 | 000,030,112 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2012.01.13 10:52:50 | 000,000,186 | ---- | M] () -- C:\Windows\Tasks\{2547A0A8-7423-4C11-8E25-12E177C73BCC}.job [2012.04.04 22:36:30 | 000,000,536 | ---- | M] () -- C:\Windows\Tasks\{BA37C855-184C-4BDB-95D3-9588C533021B}.job ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2009.10.19 11:21:58 | 000,000,000 | -HSD | M] -- C:\Users\Pegasuz\AppData\Roaming\.# [2009.12.23 15:14:00 | 000,000,000 | -H-D | M] -- C:\Users\Pegasuz\AppData\Roaming\Acer GameZone Console [2011.04.01 17:36:22 | 000,000,000 | -H-D | M] -- C:\Users\Pegasuz\AppData\Roaming\Adobe [2012.01.02 06:07:18 | 000,000,000 | ---D | M] -- C:\Users\Pegasuz\AppData\Roaming\Apple Computer [2010.05.24 22:45:30 | 000,000,000 | -H-D | M] -- C:\Users\Pegasuz\AppData\Roaming\ATI [2011.12.18 19:23:41 | 000,000,000 | ---D | M] -- C:\Users\Pegasuz\AppData\Roaming\Avira [2011.03.20 19:31:29 | 000,000,000 | ---D | M] -- C:\Users\Pegasuz\AppData\Roaming\Buhl Data Service [2009.12.27 06:31:00 | 000,000,000 | -H-D | M] -- C:\Users\Pegasuz\AppData\Roaming\CheckPoint [2010.04.04 13:11:30 | 000,000,000 | -H-D | M] -- C:\Users\Pegasuz\AppData\Roaming\CyberLink [2011.11.29 15:12:13 | 000,000,000 | -H-D | M] -- C:\Users\Pegasuz\AppData\Roaming\DAEMON Tools Pro [2011.10.19 23:04:48 | 000,000,000 | -H-D | M] -- C:\Users\Pegasuz\AppData\Roaming\dvdcss [2009.12.23 15:14:01 | 000,000,000 | -H-D | M] -- C:\Users\Pegasuz\AppData\Roaming\Identities [2011.11.14 08:18:09 | 000,000,000 | ---D | M] -- C:\Users\Pegasuz\AppData\Roaming\IMVU [2011.09.26 15:17:43 | 000,000,000 | ---D | M] -- C:\Users\Pegasuz\AppData\Roaming\IMVUClient [2011.09.12 16:07:32 | 000,000,000 | -H-D | M] -- C:\Users\Pegasuz\AppData\Roaming\InstallShield [2009.12.23 15:14:01 | 000,000,000 | -H-D | M] -- C:\Users\Pegasuz\AppData\Roaming\LG Electronics [2012.01.13 08:46:08 | 000,000,000 | ---D | M] -- C:\Users\Pegasuz\AppData\Roaming\LolClient [2009.12.23 15:14:02 | 000,000,000 | -H-D | M] -- C:\Users\Pegasuz\AppData\Roaming\Macromedia [2012.03.31 06:30:48 | 000,000,000 | ---D | M] -- C:\Users\Pegasuz\AppData\Roaming\Malwarebytes [2009.07.14 10:56:41 | 000,000,000 | -H-D | M] -- C:\Users\Pegasuz\AppData\Roaming\Media Center Programs [2011.11.29 15:12:11 | 000,000,000 | ---D | M] -- C:\Users\Pegasuz\AppData\Roaming\Media Player Classic [2012.01.24 09:25:32 | 000,000,000 | ---D | M] -- C:\Users\Pegasuz\AppData\Roaming\Metaversum [2011.08.05 08:28:34 | 000,000,000 | --SD | M] -- C:\Users\Pegasuz\AppData\Roaming\Microsoft [2012.02.24 09:23:50 | 000,000,000 | ---D | M] -- C:\Users\Pegasuz\AppData\Roaming\Mozilla [2011.06.08 20:57:56 | 000,000,000 | ---D | M] -- C:\Users\Pegasuz\AppData\Roaming\PopCapv1003 [2009.12.23 15:14:09 | 000,000,000 | -H-D | M] -- C:\Users\Pegasuz\AppData\Roaming\PowerCinema [2012.02.22 16:41:54 | 000,000,000 | ---D | M] -- C:\Users\Pegasuz\AppData\Roaming\QuickScan [2011.07.21 20:29:33 | 000,000,000 | ---D | M] -- C:\Users\Pegasuz\AppData\Roaming\RenPy [2010.05.21 14:02:58 | 000,000,000 | ---D | M] -- C:\Users\Pegasuz\AppData\Roaming\SAD [2011.12.16 22:50:15 | 000,000,000 | ---D | M] -- C:\Users\Pegasuz\AppData\Roaming\Samsung [2011.10.14 14:42:23 | 000,000,000 | ---D | M] -- C:\Users\Pegasuz\AppData\Roaming\SecondLife [2010.04.21 23:51:17 | 000,000,000 | RH-D | M] -- C:\Users\Pegasuz\AppData\Roaming\SecuROM [2010.05.17 17:26:28 | 000,000,000 | ---D | M] -- C:\Users\Pegasuz\AppData\Roaming\Senosoft [2012.04.04 22:36:27 | 000,000,000 | ---D | M] -- C:\Users\Pegasuz\AppData\Roaming\Skype [2009.12.23 15:14:09 | 000,000,000 | -H-D | M] -- C:\Users\Pegasuz\AppData\Roaming\SoftDMA [2010.03.20 18:37:20 | 000,000,000 | -H-D | M] -- C:\Users\Pegasuz\AppData\Roaming\Thunderbird [2011.04.01 17:48:08 | 000,000,000 | ---D | M] -- C:\Users\Pegasuz\AppData\Roaming\TS3Client [2010.05.09 17:08:07 | 000,000,000 | ---D | M] -- C:\Users\Pegasuz\AppData\Roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1 [2011.02.12 13:23:59 | 000,000,000 | ---D | M] -- C:\Users\Pegasuz\AppData\Roaming\Unity [2012.02.07 23:43:45 | 000,000,000 | ---D | M] -- C:\Users\Pegasuz\AppData\Roaming\uTorrent [2012.01.14 19:06:57 | 000,000,000 | ---D | M] -- C:\Users\Pegasuz\AppData\Roaming\VenusHostage [2011.12.24 17:55:57 | 000,000,000 | ---D | M] -- C:\Users\Pegasuz\AppData\Roaming\Vista Start Menu [2012.03.12 14:52:44 | 000,000,000 | ---D | M] -- C:\Users\Pegasuz\AppData\Roaming\vlc [2012.03.23 19:47:05 | 000,000,000 | ---D | M] -- C:\Users\Pegasuz\AppData\Roaming\WindSolutions [2009.12.23 15:14:10 | 000,000,000 | -H-D | M] -- C:\Users\Pegasuz\AppData\Roaming\WinRAR < %APPDATA%\*.exe /s > [2011.02.08 00:11:20 | 007,509,008 | ---- | M] (Vivox, Inc.) -- C:\Users\Pegasuz\AppData\Roaming\IMVUClient\1VivoxVoice.exe [2011.08.17 03:13:16 | 000,012,288 | ---- | M] () -- C:\Users\Pegasuz\AppData\Roaming\IMVUClient\devicefingerprint.exe [2011.08.17 03:13:16 | 000,158,208 | ---- | M] () -- C:\Users\Pegasuz\AppData\Roaming\IMVUClient\devicefingerprint_old.exe [2011.07.27 18:28:54 | 000,009,216 | ---- | M] () -- C:\Users\Pegasuz\AppData\Roaming\IMVUClient\devicefingerprint_v94.exe [2011.08.30 23:06:02 | 000,053,504 | ---- | M] () -- C:\Users\Pegasuz\AppData\Roaming\IMVUClient\IMVUClient.exe [2011.08.30 23:06:04 | 000,022,784 | ---- | M] () -- C:\Users\Pegasuz\AppData\Roaming\IMVUClient\IMVUQualityAgent.exe [2011.08.30 23:06:04 | 000,097,200 | ---- | M] () -- C:\Users\Pegasuz\AppData\Roaming\IMVUClient\IMVUupdater.exe [2011.07.30 01:55:56 | 000,009,728 | ---- | M] (Mozilla Corporation) -- C:\Users\Pegasuz\AppData\Roaming\IMVUClient\plugin-container.exe [2011.09.26 15:17:50 | 000,077,973 | ---- | M] () -- C:\Users\Pegasuz\AppData\Roaming\IMVUClient\Uninstall.exe [2011.04.28 20:51:30 | 000,049,664 | ---- | M] () -- C:\Users\Pegasuz\AppData\Roaming\IMVUClient\w9xpopen.exe [2011.08.16 23:34:00 | 000,134,144 | ---- | M] () -- C:\Users\Pegasuz\AppData\Roaming\IMVUClient\WriteMiniDump.exe [2011.09.26 15:17:02 | 022,758,128 | ---- | M] () -- C:\Users\Pegasuz\AppData\Roaming\IMVUClient\installer\SetupImvu_update.exe [2011.06.12 12:16:53 | 000,010,134 | R--- | M] () -- C:\Users\Pegasuz\AppData\Roaming\Microsoft\Installer\{20B1B020-DEAE-48D1-9960-D4C3185D758B}\Foren.exe [2011.06.12 12:16:53 | 000,000,766 | R--- | M] () -- C:\Users\Pegasuz\AppData\Roaming\Microsoft\Installer\{20B1B020-DEAE-48D1-9960-D4C3185D758B}\htmledit.exe [2011.08.05 10:03:39 | 000,017,542 | R--- | M] () -- C:\Users\Pegasuz\AppData\Roaming\Microsoft\Installer\{F343FA04-CFC0-487C-A617-A5E8CF4D7B10}\_640ECEF665E5906E76DC9D.exe [2011.08.05 10:03:39 | 000,017,542 | R--- | M] () -- C:\Users\Pegasuz\AppData\Roaming\Microsoft\Installer\{F343FA04-CFC0-487C-A617-A5E8CF4D7B10}\_96E62DE38A7F692104A23B.exe [2011.01.31 03:01:42 | 087,340,080 | ---- | M] (Samsung Electronics Co., Ltd. ) -- C:\Users\Pegasuz\AppData\Roaming\Microsoft\Windows\Templates\SamsungKiesSetup.exe [2009.06.04 13:51:24 | 001,413,256 | RH-- | M] () -- C:\Users\Pegasuz\AppData\Roaming\Microsoft\Windows\Templates\F\USBAutoRun.exe [2009.05.12 08:46:36 | 000,212,992 | RH-- | M] () -- C:\Users\Pegasuz\AppData\Roaming\Microsoft\Windows\Templates\F\tools\LGSetCDROMAutoRun.exe [2009.06.04 13:51:24 | 001,413,256 | RH-- | M] () -- C:\Users\Pegasuz\AppData\Roaming\Microsoft\Windows\Templates\G\USBAutoRun.exe [2009.05.12 08:46:36 | 000,212,992 | RH-- | M] () -- C:\Users\Pegasuz\AppData\Roaming\Microsoft\Windows\Templates\G\tools\LGSetCDROMAutoRun.exe [2012.02.21 20:22:05 | 037,411,800 | ---- | M] (Samsung Electronics Co., Ltd. ) -- C:\Users\Pegasuz\AppData\Roaming\Samsung\AllShare\AllShare_2.1.0.12013_8.exe [2011.05.24 19:30:10 | 003,154,792 | ---- | M] (Microsoft Corporation) -- C:\Users\Pegasuz\AppData\Roaming\Samsung\Kies\UpdateTemp\NDP40-KB2461678-x86.exe [2011.01.30 00:17:04 | 000,075,112 | ---- | M] () -- C:\Users\Pegasuz\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\DriverChecker.exe [2011.05.11 18:41:08 | 000,934,800 | ---- | M] (Samsung) -- C:\Users\Pegasuz\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\Kies.exe [2011.05.11 18:41:12 | 000,278,928 | ---- | M] () -- C:\Users\Pegasuz\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\KiesDriverInstaller.exe [2011.01.30 00:17:10 | 000,040,312 | ---- | M] () -- C:\Users\Pegasuz\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\KiesMobileDeviceService.exe [2011.05.11 18:41:10 | 003,373,968 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Users\Pegasuz\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\KiesTrayAgent.exe [2011.01.30 00:17:12 | 000,207,696 | ---- | M] () -- C:\Users\Pegasuz\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\lame.exe [2011.01.30 00:17:18 | 000,195,416 | ---- | M] () -- C:\Users\Pegasuz\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\oggenc.exe [2011.04.27 07:19:58 | 000,140,800 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\Pegasuz\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\ConnectionManager.exe [2011.04.27 07:19:58 | 000,283,136 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\Pegasuz\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\DeviceDataService.exe [2011.04.27 07:19:58 | 000,659,456 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\Pegasuz\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\DeviceManager.exe [2011.01.30 00:17:28 | 000,025,960 | ---- | M] (Teruten Inc) -- C:\Users\Pegasuz\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\FsExService64.exe [2011.01.30 00:17:32 | 000,222,568 | ---- | M] (Teruten) -- C:\Users\Pegasuz\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\FsUsbExService.exe [2011.01.30 00:17:36 | 000,142,696 | ---- | M] () -- C:\Users\Pegasuz\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\FUSBCommander.exe [2011.04.27 07:19:58 | 000,107,008 | ---- | M] () -- C:\Users\Pegasuz\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\HSPConnection.exe [2011.05.11 18:41:16 | 000,067,472 | ---- | M] (Samsung) -- C:\Users\Pegasuz\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\Kies_Tutorial.exe [2011.05.11 18:41:18 | 000,131,984 | ---- | M] () -- C:\Users\Pegasuz\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\FirmwareUpdate\BinaryLoaderMgr.exe [2011.05.11 18:41:20 | 000,019,856 | ---- | M] () -- C:\Users\Pegasuz\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\FirmwareUpdate\KiesPDLR.exe [2011.05.11 18:41:22 | 004,661,464 | ---- | M] () -- C:\Users\Pegasuz\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\MediaModules\MyFreeCodecPack.exe [2011.01.30 00:17:44 | 000,226,648 | ---- | M] (ENJsoft corp.) -- C:\Users\Pegasuz\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\TransModules\SelfMV.exe [2011.01.30 00:17:48 | 000,066,904 | ---- | M] (ENJsoft corp.) -- C:\Users\Pegasuz\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\TransModules\SelfMV2.exe [2011.01.30 00:17:52 | 000,079,192 | ---- | M] (ENJsoft corp.) -- C:\Users\Pegasuz\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\TransModules\TG_CAM.exe [2011.05.02 16:31:28 | 020,636,968 | ---- | M] (SAMSUNG Electronics Co., Ltd.) -- C:\Users\Pegasuz\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\USB Driver\SAMSUNG_USB_Driver_for_Mobile_Phones.exe [2011.06.24 08:54:50 | 000,358,800 | ---- | M] (ml) -- C:\Users\Pegasuz\AppData\Roaming\Samsung\Kies\UpdateTemp\temp\Kies.Update.exe [2011.08.01 05:32:24 | 000,362,384 | ---- | M] (ml) -- C:\Users\Pegasuz\AppData\Roaming\Samsung\Kies\UpdateTemp\Updater\Kies.Update.exe [2012.03.23 19:43:14 | 003,712,432 | ---- | M] (WindSolutions) -- C:\Users\Pegasuz\AppData\Roaming\WindSolutions\CopyTransControlCenter\Applications\CopyTransControlCenter.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll < MD5 for: IASTOR.SYS > [2009.06.04 12:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\drivers\iaStor.sys [2009.06.04 12:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_4f144d6467fc7c22\iaStor.sys [2009.06.04 12:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_x86_neutral_10aa509d6843c6fc\iaStor.sys < MD5 for: IASTORV.SYS > [2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys [2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys [2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys [2011.03.11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys [2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys [2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys [2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys [2011.03.11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll < MD5 for: NVSTOR.SYS > [2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys [2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys [2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys [2011.03.11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys [2011.03.11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys [2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys [2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys [2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll < MD5 for: USER32.DLL > [2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll [2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll [2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe [2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe [2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys [2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > [2011.02.28 20:19:54 | 000,431,672 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\drivers\sptd.sys [2010.05.15 17:30:50 | 000,461,400 | ---- | M] (Check Point Software Technologies LTD) Unable to obtain MD5 -- C:\Windows\system32\drivers\vsdatant.sys < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < > ========== Alternate Data Streams ========== @Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:364682BC < End of report > |
05.04.2012, 10:04 | #10 | ||
/// Winkelfunktion /// TB-Süch-Tiger™ | 100€ Virus (mor.exe)Zitat:
Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
05.04.2012, 16:46 | #11 | |
| 100€ Virus (mor.exe) Gute Frage, kann mich nicht erinnern das selbst gesperrt zu haben. Zitat:
|
05.04.2012, 18:11 | #12 |
/// Winkelfunktion /// TB-Süch-Tiger™ | 100€ Virus (mor.exe) Sowas wie ZA ist völlig unnötiger Ballast und hat nichts mit Sicherheit zu tun, du kannst das System besser mit der Windows-Firewall einrichten. Ok, man müsste sie bei dir wieder zum Laufen kriegen. Wenn du aber nur hinter einem (DSL-)Router bist bräuchtest du im Grunde nichtmal die Windows-Firewall. Lies auch mal hier, ich denke dann sollte es etwas klarer werden: Die Vertrauensbrecher c't Editorial über Internet Security Suites und warum sie idR nichts taugen Oberthal online: Personal Firewalls: Sinnvoll oder sinnfrei? personal firewalls ? Wiki ? ubuntuusers.de Dann wirst Du feststellen, dass es einfach nur unnötig ist, sich das System mit einer weiteren "Schutzkomponente" zu verhunzen... Malwarebefall vermeiden kannst Du sowieso nur, wenn Du selbst Dein verhalten in den Griff bekommst => Kompromittierung unvermeidbar?
__________________ Logfiles bitte immer in CODE-Tags posten |
05.04.2012, 19:57 | #13 |
| 100€ Virus (mor.exe) ok, firewall läuft wieder. Der entsprechende Dienst war noch deaktiviert Hab mir grad auch deine links durchgelesen, danke für die Informationen. Ich geh eigentlich immer über einen DSL-Router online und bin mit der Windows eigenen Firewall dann wohl gut versorgt. Was hälst du von Avira als Virenscanner? Taugt das Programm etwas oder kannst du mir da eventuell noch nen Tipp geben? Malwarebytes werde ich gleich installiert lassen, kann ja nich schaden. Um zum Thema zurückzukommen, kann ich meinen Rechner wieder als sauber betrachten? Danke für die Zeit die du dir nimmst und Frohe Ostern! Hab Avira nochmal durchlaufen lassen Code:
ATTFilter Avira Free Antivirus Erstellungsdatum der Reportdatei: Donnerstag, 5. April 2012 01:14 Es wird nach 3584129 Virenstämmen gesucht. Das Programm läuft als uneingeschränkte Vollversion. Online-Dienste stehen zur Verfügung. Lizenznehmer : Avira AntiVir Personal - Free Antivirus Seriennummer : 0000149996-ADJIE-0000001 Plattform : Windows 7 Windowsversion : (Service Pack 1) [6.1.7601] Boot Modus : Normal gebootet Benutzername : Pegasuz Computername : PEGASUZ2 Versionsinformationen: BUILD.DAT : 12.0.0.898 41963 Bytes 31.01.2012 13:51:00 AVSCAN.EXE : 12.1.0.20 492496 Bytes 16.02.2012 05:29:28 AVSCAN.DLL : 12.1.0.18 65744 Bytes 16.02.2012 05:29:27 LUKE.DLL : 12.1.0.19 68304 Bytes 16.02.2012 05:29:28 AVSCPLR.DLL : 12.1.0.22 100048 Bytes 16.02.2012 05:29:28 AVREG.DLL : 12.1.0.33 228104 Bytes 04.04.2012 21:13:52 VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 18:18:34 VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 09:07:39 VBASE002.VDF : 7.11.19.170 14374912 Bytes 20.12.2011 00:26:46 VBASE003.VDF : 7.11.21.238 4472832 Bytes 01.02.2012 21:27:16 VBASE004.VDF : 7.11.26.44 4329472 Bytes 28.03.2012 22:39:39 VBASE005.VDF : 7.11.26.45 2048 Bytes 28.03.2012 22:39:39 VBASE006.VDF : 7.11.26.46 2048 Bytes 28.03.2012 22:39:39 VBASE007.VDF : 7.11.26.47 2048 Bytes 28.03.2012 22:39:39 VBASE008.VDF : 7.11.26.48 2048 Bytes 28.03.2012 22:39:39 VBASE009.VDF : 7.11.26.49 2048 Bytes 28.03.2012 22:39:39 VBASE010.VDF : 7.11.26.50 2048 Bytes 28.03.2012 22:39:39 VBASE011.VDF : 7.11.26.51 2048 Bytes 28.03.2012 22:39:39 VBASE012.VDF : 7.11.26.52 2048 Bytes 28.03.2012 22:39:39 VBASE013.VDF : 7.11.26.53 2048 Bytes 28.03.2012 22:39:39 VBASE014.VDF : 7.11.26.107 221696 Bytes 30.03.2012 04:23:58 VBASE015.VDF : 7.11.26.179 224768 Bytes 02.04.2012 21:13:32 VBASE016.VDF : 7.11.26.241 142336 Bytes 04.04.2012 21:13:33 VBASE017.VDF : 7.11.26.242 2048 Bytes 04.04.2012 21:13:33 VBASE018.VDF : 7.11.26.243 2048 Bytes 04.04.2012 21:13:33 VBASE019.VDF : 7.11.26.244 2048 Bytes 04.04.2012 21:13:33 VBASE020.VDF : 7.11.26.245 2048 Bytes 04.04.2012 21:13:33 VBASE021.VDF : 7.11.26.246 2048 Bytes 04.04.2012 21:13:34 VBASE022.VDF : 7.11.26.247 2048 Bytes 04.04.2012 21:13:34 VBASE023.VDF : 7.11.26.248 2048 Bytes 04.04.2012 21:13:34 VBASE024.VDF : 7.11.26.249 2048 Bytes 04.04.2012 21:13:34 VBASE025.VDF : 7.11.26.250 2048 Bytes 04.04.2012 21:13:34 VBASE026.VDF : 7.11.26.251 2048 Bytes 04.04.2012 21:13:34 VBASE027.VDF : 7.11.26.252 2048 Bytes 04.04.2012 21:13:34 VBASE028.VDF : 7.11.26.253 2048 Bytes 04.04.2012 21:13:34 VBASE029.VDF : 7.11.26.254 2048 Bytes 04.04.2012 21:13:34 VBASE030.VDF : 7.11.26.255 2048 Bytes 04.04.2012 21:13:34 VBASE031.VDF : 7.11.27.14 14336 Bytes 04.04.2012 21:13:34 Engineversion : 8.2.10.38 AEVDF.DLL : 8.1.2.2 106868 Bytes 09.12.2011 11:39:53 AESCRIPT.DLL : 8.1.4.16 446842 Bytes 04.04.2012 21:13:51 AESCN.DLL : 8.1.8.2 131444 Bytes 28.01.2012 15:37:31 AESBX.DLL : 8.2.5.5 606579 Bytes 12.03.2012 14:54:30 AERDL.DLL : 8.1.9.15 639348 Bytes 08.09.2011 21:16:06 AEPACK.DLL : 8.2.16.9 807287 Bytes 31.03.2012 04:24:03 AEOFFICE.DLL : 8.1.2.27 201082 Bytes 04.04.2012 21:13:50 AEHEUR.DLL : 8.1.4.12 4604278 Bytes 04.04.2012 21:13:49 AEHELP.DLL : 8.1.19.1 254327 Bytes 04.04.2012 21:13:35 AEGEN.DLL : 8.1.5.23 409973 Bytes 07.03.2012 21:05:41 AEEXP.DLL : 8.1.0.28 82292 Bytes 04.04.2012 21:13:51 AEEMU.DLL : 8.1.3.0 393589 Bytes 01.09.2011 21:46:01 AECORE.DLL : 8.1.25.6 201078 Bytes 15.03.2012 17:39:22 AEBB.DLL : 8.1.1.0 53618 Bytes 01.09.2011 21:46:01 AVWINLL.DLL : 12.1.0.17 27344 Bytes 09.12.2011 11:39:57 AVPREF.DLL : 12.1.0.17 51920 Bytes 09.12.2011 11:39:55 AVREP.DLL : 12.1.0.17 179408 Bytes 09.12.2011 11:39:55 AVARKT.DLL : 12.1.0.23 209360 Bytes 16.02.2012 05:29:27 AVEVTLOG.DLL : 12.1.0.17 169168 Bytes 09.12.2011 11:39:54 SQLITE3.DLL : 3.7.0.0 398288 Bytes 09.12.2011 11:40:07 AVSMTP.DLL : 12.1.0.17 62928 Bytes 09.12.2011 11:39:56 NETNT.DLL : 12.1.0.17 17104 Bytes 09.12.2011 11:40:03 RCIMAGE.DLL : 12.1.0.17 4447952 Bytes 09.12.2011 11:40:18 RCTEXT.DLL : 12.1.0.16 98512 Bytes 09.12.2011 11:40:19 Konfiguration für den aktuellen Suchlauf: Job Name..............................: Vollständige Systemprüfung Konfigurationsdatei...................: C:\program files\avira\antivir desktop\sysscan.avp Protokollierung.......................: standard Primäre Aktion........................: interaktiv Sekundäre Aktion......................: ignorieren Durchsuche Masterbootsektoren.........: ein Durchsuche Bootsektoren...............: ein Bootsektoren..........................: C:, D:, Durchsuche aktive Programme...........: ein Laufende Programme erweitert..........: ein Durchsuche Registrierung..............: ein Suche nach Rootkits...................: ein Integritätsprüfung von Systemdateien..: aus Datei Suchmodus.......................: Alle Dateien Durchsuche Archive....................: ein Rekursionstiefe einschränken..........: 20 Archiv Smart Extensions...............: ein Makrovirenheuristik...................: ein Dateiheuristik........................: erweitert Abweichende Gefahrenkategorien........: +APPL,+GAME,+JOKE,+PCK,+PFS,+SPR, Beginn des Suchlaufs: Donnerstag, 5. April 2012 01:14 Der Suchlauf über die Masterbootsektoren wird begonnen: Masterbootsektor HD0 [INFO] Es wurde kein Virus gefunden! Masterbootsektor HD1 [INFO] Es wurde kein Virus gefunden! Der Suchlauf über die Bootsektoren wird begonnen: Bootsektor 'C:\' [INFO] Es wurde kein Virus gefunden! Bootsektor 'D:\' [INFO] Es wurde kein Virus gefunden! Der Suchlauf nach versteckten Objekten wird begonnen. Versteckter Treiber [HINWEIS] Eine Speicherveränderung wurde entdeckt, die möglicherweise zur versteckten Dateizugriffen missbraucht werden könnte. Der Suchlauf über gestartete Prozesse wird begonnen: Durchsuche Prozess 'svchost.exe' - '28' Modul(e) wurden durchsucht Durchsuche Prozess 'vssvc.exe' - '47' Modul(e) wurden durchsucht Durchsuche Prozess 'avscan.exe' - '75' Modul(e) wurden durchsucht Durchsuche Prozess 'avcenter.exe' - '108' Modul(e) wurden durchsucht Durchsuche Prozess 'sbservice.exe' - '19' Modul(e) wurden durchsucht Durchsuche Prozess 'conhost.exe' - '14' Modul(e) wurden durchsucht Durchsuche Prozess 'avshadow.exe' - '31' Modul(e) wurden durchsucht Durchsuche Prozess 'avguard.exe' - '68' Modul(e) wurden durchsucht Durchsuche Prozess 'wmiprvse.exe' - '36' Modul(e) wurden durchsucht Durchsuche Prozess 'AllShareDMS.exe' - '107' Modul(e) wurden durchsucht Durchsuche Prozess 'mbamservice.exe' - '41' Modul(e) wurden durchsucht Durchsuche Prozess 'SynTPHelper.exe' - '16' Modul(e) wurden durchsucht Durchsuche Prozess 'RocketDock.exe' - '51' Modul(e) wurden durchsucht Durchsuche Prozess 'avgnt.exe' - '75' Modul(e) wurden durchsucht Durchsuche Prozess 'eDSloader.exe' - '78' Modul(e) wurden durchsucht Durchsuche Prozess 'eAudio.exe' - '37' Modul(e) wurden durchsucht Durchsuche Prozess 'SynTPEnh.exe' - '40' Modul(e) wurden durchsucht Durchsuche Prozess 'WUDFHost.exe' - '36' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '37' Modul(e) wurden durchsucht Durchsuche Prozess 'WLIDSvcM.exe' - '17' Modul(e) wurden durchsucht Durchsuche Prozess 'xaudio.exe' - '17' Modul(e) wurden durchsucht Durchsuche Prozess 'WLIDSVC.EXE' - '60' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '38' Modul(e) wurden durchsucht Durchsuche Prozess 'Explorer.EXE' - '177' Modul(e) wurden durchsucht Durchsuche Prozess 'Dwm.exe' - '36' Modul(e) wurden durchsucht Durchsuche Prozess 'MobilityService.exe' - '40' Modul(e) wurden durchsucht Durchsuche Prozess 'LSSrvc.exe' - '21' Modul(e) wurden durchsucht Durchsuche Prozess 'FsUsbExService.Exe' - '24' Modul(e) wurden durchsucht Durchsuche Prozess 'brss01a.exe' - '15' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '67' Modul(e) wurden durchsucht Durchsuche Prozess 'ETService.exe' - '47' Modul(e) wurden durchsucht Durchsuche Prozess 'eDSService.exe' - '28' Modul(e) wurden durchsucht Durchsuche Prozess 'DTProTS.exe' - '22' Modul(e) wurden durchsucht Durchsuche Prozess 'CLHNService.exe' - '24' Modul(e) wurden durchsucht Durchsuche Prozess 'armsvc.exe' - '24' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '45' Modul(e) wurden durchsucht Durchsuche Prozess 'sched.exe' - '41' Modul(e) wurden durchsucht Durchsuche Prozess 'spoolsv.exe' - '84' Modul(e) wurden durchsucht Durchsuche Prozess 'brsvc01a.exe' - '15' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '77' Modul(e) wurden durchsucht Durchsuche Prozess 'atieclxx.exe' - '30' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '88' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '141' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '103' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '78' Modul(e) wurden durchsucht Durchsuche Prozess 'atiesrxx.exe' - '26' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '36' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '52' Modul(e) wurden durchsucht Durchsuche Prozess 'lsm.exe' - '16' Modul(e) wurden durchsucht Durchsuche Prozess 'lsass.exe' - '65' Modul(e) wurden durchsucht Durchsuche Prozess 'winlogon.exe' - '32' Modul(e) wurden durchsucht Durchsuche Prozess 'services.exe' - '33' Modul(e) wurden durchsucht Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht Durchsuche Prozess 'wininit.exe' - '26' Modul(e) wurden durchsucht Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen: Die Registry wurde durchsucht ( '1235' Dateien ). Der Suchlauf über die ausgewählten Dateien wird begonnen: Beginne mit der Suche in 'C:\' <ACER> C:\Users\Pegasuz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\6257154a-40364c28 [0] Archivtyp: ZIP --> bax.class [FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2011-3544 C:\Users\Pegasuz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11\4b39be8b-267b01df [0] Archivtyp: ZIP --> Photo.class [FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2010-0840 C:\Users\Pegasuz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\6d76550c-4881728a [0] Archivtyp: ZIP --> cr.class [FUND] Enthält Erkennungsmuster des Exploits EXP/2011-3544.ET --> G.class [FUND] Enthält Erkennungsmuster des Exploits EXP/2011-3544.EU --> ua.class [FUND] Enthält Erkennungsmuster des Exploits EXP/2011-3544.EV --> ub.class [FUND] Enthält Erkennungsmuster des Exploits EXP/2011-3544.ES C:\Users\Pegasuz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\78e2444c-59ce3de8 [0] Archivtyp: ZIP --> Translate.class [FUND] Enthält Erkennungsmuster des Exploits EXP/JAVA.Ternub.Gen C:\Users\Pegasuz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\30c08a91-77cb5d99 [0] Archivtyp: ZIP --> Photo.class [FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2010-0840 C:\Users\Pegasuz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\67c69e11-7adf2233 [0] Archivtyp: ZIP --> ta/tb.class [FUND] Enthält Erkennungsmuster des Exploits EXP/2011-3544.CZ --> ta/ta.class [FUND] Enthält Erkennungsmuster des Exploits EXP/JAVA.Loader.Gen --> ta/L.class [FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2012-0507 C:\Users\Pegasuz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\165f57c2-108daa08 [0] Archivtyp: ZIP --> a/Test.class [FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2012-0507 --> a/Msgs.class [FUND] Enthält Erkennungsmuster des Exploits EXP/JAVA.Loader.Gen C:\Users\Pegasuz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\728a1d82-4717ad02 [0] Archivtyp: ZIP --> Market.class [FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2011-3544 C:\Users\Pegasuz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\193cd055-660da22e [0] Archivtyp: ZIP --> photo/Crop.class [FUND] Enthält Erkennungsmuster des Java-Virus JAVA/2010-0840.Q --> photo/Zoom.class [FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2010-0840 C:\Users\Pegasuz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\1c7ed395-4141cfcb [0] Archivtyp: ZIP --> Applet.class [FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2010-4452 --> z.class [FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2011-3544.J C:\Users\Pegasuz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\5bf70e57-1e4bd70b [0] Archivtyp: ZIP --> a/Test.class [FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2012-0507 --> a/Help.class [FUND] Enthält Erkennungsmuster des Exploits EXP/JAVA.Loader.Gen C:\Users\Pegasuz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\78c10d1b-48081999 [0] Archivtyp: ZIP --> Update.class [FUND] Enthält Erkennungsmuster des Exploits EXP/JAVA.Ternub.Gen C:\Users\Pegasuz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\19928adf-22843fb4 [0] Archivtyp: ZIP --> cc.class [FUND] Enthält Erkennungsmuster des Exploits EXP/2011-3544.DP.1 --> Dot.class [FUND] Enthält Erkennungsmuster des Exploits EXP/2011-3544.DQ.1 --> ll.class [FUND] Enthält Erkennungsmuster des Exploits EXP/2011-3544.DR.1 --> lz.class [FUND] Enthält Erkennungsmuster des Exploits EXP/2011-3544.DS.1 --> cd.class [FUND] Enthält Erkennungsmuster des Exploits EXP/2011-3544.DT.1 --> cb.class [FUND] Enthält Erkennungsmuster des Exploits EXP/2011-3544.DU.1 C:\Users\Pegasuz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\7679fe61-16288d62 [0] Archivtyp: ZIP --> ta/ta.class [FUND] Enthält Erkennungsmuster des Exploits EXP/JAVA.Loader.Gen --> ta/L.class [FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2012-0507 C:\Users\Pegasuz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\7135ddab-5f99353e [0] Archivtyp: ZIP --> Photo.class [FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2010-0840 C:\Users\Pegasuz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\6dfaef34-1d014d7b [0] Archivtyp: ZIP --> json/Search.class [FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2010-0840 --> json/ThreadParser.class [FUND] Enthält Erkennungsmuster des Exploits EXP/Java.Blacole.H --> json/XSLT.class [FUND] Enthält Erkennungsmuster des Exploits EXP/Java.Blacole.P C:\Users\Pegasuz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\280b3877-105c4176 [0] Archivtyp: ZIP --> photo/MultiZoom.class [FUND] Enthält Erkennungsmuster des Java-Virus JAVA/ClassLoader.AY --> photo/Zoom.class [FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2010-0840 C:\Users\Pegasuz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56\66f3c038-6ed573db [FUND] Enthält ein Erkennungsmuster des (gefährlichen) Backdoorprogrammes BDS/Sinowal.6553621 C:\Users\Pegasuz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\7517c83a-458a24d5 [0] Archivtyp: ZIP --> v1.class [FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2011-3544.AG C:\Users\Pegasuz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\7b781448-3747c428 [0] Archivtyp: ZIP --> Inc.class [FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2010-0094.CA --> fa.class [FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2011-3544.BY --> fb.class [FUND] Enthält Erkennungsmuster des Exploits EXP/JAVA.Ternub.Gen --> t.class [FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2011-3544.CF Beginne mit der Suche in 'D:\' <DATA> Beginne mit der Desinfektion: C:\Users\Pegasuz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\7b781448-3747c428 [FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2011-3544.CF [WARNUNG] Die Datei wurde ignoriert. C:\Users\Pegasuz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\7517c83a-458a24d5 [FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2011-3544.AG [WARNUNG] Die Datei wurde ignoriert. C:\Users\Pegasuz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56\66f3c038-6ed573db [FUND] Enthält ein Erkennungsmuster des (gefährlichen) Backdoorprogrammes BDS/Sinowal.6553621 [WARNUNG] Die Datei wurde ignoriert. C:\Users\Pegasuz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\280b3877-105c4176 [FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2010-0840 [WARNUNG] Die Datei wurde ignoriert. C:\Users\Pegasuz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\6dfaef34-1d014d7b [FUND] Enthält Erkennungsmuster des Exploits EXP/Java.Blacole.P [WARNUNG] Die Datei wurde ignoriert. C:\Users\Pegasuz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\7135ddab-5f99353e [FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2010-0840 [WARNUNG] Die Datei wurde ignoriert. C:\Users\Pegasuz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\7679fe61-16288d62 [FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2012-0507 [WARNUNG] Die Datei wurde ignoriert. C:\Users\Pegasuz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\19928adf-22843fb4 [FUND] Enthält Erkennungsmuster des Exploits EXP/2011-3544.DU.1 [WARNUNG] Die Datei wurde ignoriert. C:\Users\Pegasuz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\78c10d1b-48081999 [FUND] Enthält Erkennungsmuster des Exploits EXP/JAVA.Ternub.Gen [WARNUNG] Die Datei wurde ignoriert. C:\Users\Pegasuz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\5bf70e57-1e4bd70b [FUND] Enthält Erkennungsmuster des Exploits EXP/2012-0507.D.1 [WARNUNG] Die Datei wurde ignoriert. C:\Users\Pegasuz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\1c7ed395-4141cfcb [FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2011-3544.J [WARNUNG] Die Datei wurde ignoriert. C:\Users\Pegasuz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\193cd055-660da22e [FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2010-0840 [WARNUNG] Die Datei wurde ignoriert. C:\Users\Pegasuz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\728a1d82-4717ad02 [FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2011-3544 [WARNUNG] Die Datei wurde ignoriert. C:\Users\Pegasuz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\165f57c2-108daa08 [FUND] Enthält Erkennungsmuster des Exploits EXP/JAVA.Loader.Gen [WARNUNG] Die Datei wurde ignoriert. C:\Users\Pegasuz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\67c69e11-7adf2233 [FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2012-0507 [WARNUNG] Die Datei wurde ignoriert. C:\Users\Pegasuz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\30c08a91-77cb5d99 [FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2010-0840 [WARNUNG] Die Datei wurde ignoriert. C:\Users\Pegasuz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\78e2444c-59ce3de8 [FUND] Enthält Erkennungsmuster des Exploits EXP/JAVA.Ternub.Gen [WARNUNG] Die Datei wurde ignoriert. C:\Users\Pegasuz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\6d76550c-4881728a [FUND] Enthält Erkennungsmuster des Exploits EXP/2011-3544.ES [WARNUNG] Die Datei wurde ignoriert. C:\Users\Pegasuz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11\4b39be8b-267b01df [FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2010-0840 [WARNUNG] Die Datei wurde ignoriert. C:\Users\Pegasuz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\6257154a-40364c28 [FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2011-3544 [WARNUNG] Die Datei wurde ignoriert. Ende des Suchlaufs: Donnerstag, 5. April 2012 02:24 Benötigte Zeit: 1:09:40 Stunde(n) Der Suchlauf wurde vollständig durchgeführt. 24424 Verzeichnisse wurden überprüft 546480 Dateien wurden geprüft 42 Viren bzw. unerwünschte Programme wurden gefunden 0 Dateien wurden als verdächtig eingestuft 0 Dateien wurden gelöscht 0 Viren bzw. unerwünschte Programme wurden repariert 0 Dateien wurden in die Quarantäne verschoben 0 Dateien wurden umbenannt 0 Dateien konnten nicht durchsucht werden 546438 Dateien ohne Befall 3317 Archive wurden durchsucht 20 Warnungen 1 Hinweise 808301 Objekte wurden beim Rootkitscan durchsucht 1 Versteckte Objekte wurden gefunden Geändert von Pegasuz (05.04.2012 um 20:09 Uhr) |
05.04.2012, 20:30 | #14 |
/// Winkelfunktion /// TB-Süch-Tiger™ | 100€ Virus (mor.exe) Also die Fragen will ich dir gern später beantworten, sonst unterbricht man immer die Analyse. Du hast jetzt SauAlarm deinstalliert? Wenn ja Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %SYSTEMDRIVE%\*.exe /md5start wininit.exe userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten |
05.04.2012, 23:38 | #15 |
| 100€ Virus (mor.exe) Jepp ZoneAlarm ist weg und die Windows Firewall wieder aktiv. Hier das OTL Log: Code:
ATTFilter OTL logfile created on: 05.04.2012 22:37:48 - Run 3 OTL by OldTimer - Version 3.2.39.2 Folder = D:\New Folder\Incoming Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 1,63 Gb Available Physical Memory | 54,41% Memory free 5,99 Gb Paging File | 4,40 Gb Available in Paging File | 73,40% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 142,16 Gb Total Space | 24,21 Gb Free Space | 17,03% Space Free | Partition Type: NTFS Drive D: | 142,18 Gb Total Space | 113,58 Gb Free Space | 79,88% Space Free | Partition Type: NTFS Drive E: | 5,13 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: PEGASUZ2 | User Name: Pegasuz | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - D:\New Folder\Incoming\OTL.exe (OldTimer Tools) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Secure Banking\v1.4\SecureBanking.exe (Secure Banking) PRC - C:\Programme\Secure Banking\v1.4\sbservice.exe () PRC - C:\Programme\Samsung\AllShare\AllShareDMS\AllShareDMS.exe (Samsung Electronics Co., Ltd.) PRC - C:\Programme\Samsung\AllShare\AllShareAgent.exe (Samsung Electronics Co., Ltd.) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Programme\VideoLAN\VLC\vlc.exe () PRC - C:\Windows\Explorer.EXE (Microsoft Corporation) PRC - C:\Windows\System32\FsUsbExService.Exe (Teruten) PRC - C:\Windows\System32\atieclxx.exe (AMD) PRC - C:\Windows\System32\atiesrxx.exe (AMD) PRC - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) PRC - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (Microsoft Corporation) PRC - C:\Programme\Acer\Empowering Technology\Service\ETService.exe () PRC - C:\Acer\Mobility Center\MobilityService.exe (Acer Incorporated) PRC - C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe () PRC - C:\Programme\Acer\Empowering Technology\eAudio\eAudio.exe (Acer Incorporated) PRC - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated) PRC - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe (Egis Incorporated) PRC - C:\Programme\RocketDock\RocketDock.exe () PRC - C:\Programme\DTProTS\DTProTS.exe () ========== Modules (No Company Name) ========== MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_2_202_228.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\80aba431ed15e3d3cd88e0a6ebd7f749\System.ServiceProcess.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\b8f323bbcb35543dd68e9dbdd1abe69b\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\389da1e0e62a532f956f05709447e8aa\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\6b80af748bbb01fead3aefa778d2a30a\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\ae40bbaf5a559e09ab86abb4a0e3b82a\PresentationCore.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\32f4b9aa5accef0f0b9634f612045b69\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\b09b3c662a1d39ed782f8c54c62a4067\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\da0fc8ce9b2fb592b7d8065481ef5d42\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\26430b84dfd15f788b0e39dce71ef5d1\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\fe6b346d83857a3f02bda63332e66642\mscorlib.ni.dll () MOD - C:\Programme\Mozilla Firefox\mozjs.dll () MOD - C:\Programme\Secure Banking\v1.4\SecureBanking.dll () MOD - C:\Users\Pegasuz\AppData\Roaming\Mozilla\Firefox\Profiles\2xmvettj.default\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll () MOD - C:\Programme\Secure Banking\v1.4\funcs.dll () MOD - C:\Programme\Secure Banking\v1.4\sbservice.exe () MOD - C:\Programme\VideoLAN\VLC\plugins\libzvbi_plugin.dll () MOD - C:\Programme\VideoLAN\VLC\plugins\libskins2_plugin.dll () MOD - C:\Programme\VideoLAN\VLC\plugins\libvorbis_plugin.dll () MOD - C:\Programme\VideoLAN\VLC\plugins\libtaglib_plugin.dll () MOD - C:\Programme\VideoLAN\VLC\plugins\libxml_plugin.dll () MOD - C:\Programme\VideoLAN\VLC\plugins\libtheora_plugin.dll () MOD - C:\Programme\VideoLAN\VLC\plugins\libswscale_plugin.dll () MOD - C:\Programme\VideoLAN\VLC\plugins\libspeex_plugin.dll () MOD - C:\Programme\VideoLAN\VLC\plugins\libzip_plugin.dll () MOD - C:\Programme\VideoLAN\VLC\plugins\libwaveout_plugin.dll () MOD - C:\Programme\VideoLAN\VLC\plugins\libyuy2_i420_plugin.dll () MOD - C:\Programme\VideoLAN\VLC\plugins\libvout_wrapper_plugin.dll () MOD - C:\Programme\VideoLAN\VLC\plugins\libspudec_plugin.dll () MOD - C:\Programme\VideoLAN\VLC\plugins\libyuy2_i422_plugin.dll () MOD - C:\Programme\VideoLAN\VLC\plugins\libsvcdsub_plugin.dll () MOD - C:\Programme\VideoLAN\VLC\plugins\libstream_filter_rar_plugin.dll () MOD - C:\Programme\VideoLAN\VLC\plugins\libtrivial_channel_mixer_plugin.dll () MOD - C:\Programme\VideoLAN\VLC\plugins\libyuvp_plugin.dll () MOD - C:\Programme\VideoLAN\VLC\plugins\libugly_resampler_plugin.dll () MOD - C:\Programme\VideoLAN\VLC\plugins\libstream_filter_record_plugin.dll () MOD - C:\Programme\VideoLAN\VLC\plugins\libqt4_plugin.dll () MOD - C:\Programme\VideoLAN\VLC\plugins\libschroedinger_plugin.dll () MOD - C:\Programme\VideoLAN\VLC\plugins\libsdl_image_plugin.dll () MOD - C:\Programme\VideoLAN\VLC\plugins\libscaletempo_plugin.dll () MOD - C:\Programme\VideoLAN\VLC\plugins\libsimple_channel_mixer_plugin.dll () MOD - C:\Programme\VideoLAN\VLC\plugins\librawvideo_plugin.dll () MOD - C:\Programme\VideoLAN\VLC\plugins\libscale_plugin.dll () MOD - C:\Programme\VideoLAN\VLC\plugins\libpng_plugin.dll () MOD - C:\Programme\VideoLAN\VLC\plugins\libmpgatofixed32_plugin.dll () MOD - C:\Programme\VideoLAN\VLC\plugins\libplaylist_plugin.dll () MOD - C:\Programme\VideoLAN\VLC\plugins\libpacketizer_vc1_plugin.dll () MOD - C:\Programme\VideoLAN\VLC\plugins\libpacketizer_mpegvideo_plugin.dll () MOD - C:\Programme\VideoLAN\VLC\plugins\libmono_plugin.dll () MOD - C:\Programme\VideoLAN\VLC\plugins\libmpeg_audio_plugin.dll () MOD - C:\Programme\VideoLAN\VLC\plugins\libmemcpymmxext_plugin.dll () MOD - C:\Programme\VideoLAN\VLC\plugins\liblibass_plugin.dll () MOD - C:\Programme\VideoLAN\VLC\plugins\libfreetype_plugin.dll () MOD - C:\Programme\VideoLAN\VLC\plugins\liblua_plugin.dll () MOD - C:\Programme\VideoLAN\VLC\plugins\libfaad_plugin.dll () MOD - C:\Programme\VideoLAN\VLC\plugins\libflac_plugin.dll () MOD - C:\Programme\VideoLAN\VLC\plugins\libfluidsynth_plugin.dll () MOD - C:\Programme\VideoLAN\VLC\plugins\liblibmpeg2_plugin.dll () MOD - C:\Programme\VideoLAN\VLC\plugins\libi420_rgb_sse2_plugin.dll () MOD - C:\Programme\VideoLAN\VLC\plugins\libi420_rgb_mmx_plugin.dll () MOD - C:\Programme\VideoLAN\VLC\plugins\libi420_rgb_plugin.dll () MOD - C:\Programme\VideoLAN\VLC\plugins\libi420_yuy2_sse2_plugin.dll () MOD - C:\Programme\VideoLAN\VLC\plugins\libhotkeys_plugin.dll () MOD - C:\Programme\VideoLAN\VLC\plugins\libi422_yuy2_sse2_plugin.dll () MOD - C:\Programme\VideoLAN\VLC\plugins\libi420_yuy2_mmx_plugin.dll () MOD - C:\Programme\VideoLAN\VLC\plugins\libfilesystem_plugin.dll () MOD - C:\Programme\VideoLAN\VLC\plugins\libi420_yuy2_plugin.dll () MOD - C:\Programme\VideoLAN\VLC\plugins\libi422_yuy2_mmx_plugin.dll () MOD - C:\Programme\VideoLAN\VLC\plugins\libfake_plugin.dll () MOD - C:\Programme\VideoLAN\VLC\plugins\libi422_yuy2_plugin.dll () MOD - C:\Programme\VideoLAN\VLC\plugins\liblpcm_plugin.dll () MOD - C:\Programme\VideoLAN\VLC\plugins\libglobalhotkeys_plugin.dll () MOD - C:\Programme\VideoLAN\VLC\plugins\libinvmem_plugin.dll () MOD - C:\Programme\VideoLAN\VLC\plugins\libi422_i420_plugin.dll () MOD - C:\Programme\VideoLAN\VLC\plugins\libgrey_yuv_plugin.dll () MOD - C:\Programme\VideoLAN\VLC\plugins\libfloat32_mixer_plugin.dll () MOD - C:\Programme\VideoLAN\VLC\plugins\libavcodec_plugin.dll () MOD - C:\Programme\VideoLAN\VLC\plugins\libdvdnav_plugin.dll () MOD - C:\Programme\VideoLAN\VLC\plugins\libdshow_plugin.dll () MOD - C:\Programme\VideoLAN\VLC\plugins\libdtstofloat32_plugin.dll () MOD - C:\Programme\VideoLAN\VLC\plugins\libdvbsub_plugin.dll () MOD - C:\Programme\VideoLAN\VLC\plugins\libdirectx_plugin.dll () MOD - C:\Programme\VideoLAN\VLC\plugins\libdirect3d_plugin.dll () MOD - C:\Programme\VideoLAN\VLC\plugins\libblend_plugin.dll () MOD - C:\Programme\VideoLAN\VLC\plugins\libbandlimited_resampler_plugin.dll () MOD - C:\Programme\VideoLAN\VLC\plugins\libaraw_plugin.dll () MOD - C:\Programme\VideoLAN\VLC\plugins\libaudio_format_plugin.dll () MOD - C:\Programme\VideoLAN\VLC\plugins\libdts_plugin.dll () MOD - C:\Programme\VideoLAN\VLC\plugins\libcvdsub_plugin.dll () MOD - C:\Programme\VideoLAN\VLC\plugins\libcdg_plugin.dll () MOD - C:\Programme\VideoLAN\VLC\plugins\libconverter_fixed_plugin.dll () MOD - C:\Programme\VideoLAN\VLC\plugins\libdtstospdif_plugin.dll () MOD - C:\Programme\VideoLAN\VLC\plugins\libdolby_surround_decoder_plugin.dll () MOD - C:\Programme\VideoLAN\VLC\plugins\libdrawable_plugin.dll () MOD - C:\Programme\VideoLAN\VLC\libvlccore.dll () MOD - C:\Programme\VideoLAN\VLC\vlc.exe () MOD - C:\Programme\VideoLAN\VLC\libvlc.dll () MOD - C:\Programme\VideoLAN\VLC\plugins\libaccess_bd_plugin.dll () MOD - C:\Programme\VideoLAN\VLC\plugins\liba52tofloat32_plugin.dll () MOD - C:\Programme\VideoLAN\VLC\plugins\libaout_directx_plugin.dll () MOD - C:\Programme\VideoLAN\VLC\plugins\libadpcm_plugin.dll () MOD - C:\Programme\VideoLAN\VLC\plugins\liba52_plugin.dll () MOD - C:\Programme\VideoLAN\VLC\plugins\libaes3_plugin.dll () MOD - C:\Programme\VideoLAN\VLC\plugins\liba52tospdif_plugin.dll () MOD - C:\Programme\WinRAR\rarext.dll () MOD - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\ShowErrMsg.dll () MOD - C:\Programme\RocketDock\RocketDock.exe () MOD - C:\Programme\RocketDock\RocketDock.dll () ========== Win32 Services (SafeList) ========== SRV - (getPlusHelper) -- C:\Program Files\NOS\bin\getPlus_Helper.dll File not found SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (SamsungAllShareV2.0) -- C:\Programme\Samsung\AllShare\AllShareDMS\AllShareDMS.exe (Samsung Electronics Co., Ltd.) SRV - (SimpleSlideShowServer) -- C:\Programme\Samsung\AllShare\AllShareSlideShowService.exe (Samsung Electronics Co., Ltd.) SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (odserv) -- C:\Programme\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (nosGetPlusHelper) getPlus(R) -- C:\Programme\NOS\bin\getPlus_Helper_3004.dll (NOS Microsystems Ltd.) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (FsUsbExService) -- C:\Windows\System32\FsUsbExService.Exe (Teruten) SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) SRV - (ETService) -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe () SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV - (MobilityService) -- C:\Acer\Mobility Center\MobilityService.exe (Acer Incorporated) SRV - (CLHNService) -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe () SRV - (eDataSecurity Service) -- C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated) SRV - (ose) -- C:\Programme\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (DTProTS) -- C:\Programme\DTProTS\DTProTS.exe () ========== Driver Services (SafeList) ========== DRV - (XDva391) -- C:\Windows\system32\XDva391.sys File not found DRV - (VMnetAdapter) -- system32\DRIVERS\vmnetadapter.sys File not found DRV - (USBModem) -- system32\DRIVERS\lgusbmodem.sys File not found DRV - (UsbDiag) -- system32\DRIVERS\lgusbdiag.sys File not found DRV - (usbbus) -- system32\DRIVERS\lgusbbus.sys File not found DRV - (RSUSBSTOR) -- System32\Drivers\RtsUStor.sys File not found DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- system32\drivers\RTKVHDA.sys File not found DRV - (hwdatacard) -- system32\DRIVERS\ewusbmdm.sys File not found DRV - (dgderdrv) -- System32\drivers\dgderdrv.sys File not found DRV - (cmnsusbser) -- system32\DRIVERS\cmnsusbser.sys File not found DRV - (atqxz1ce) -- File not found DRV - (avipbb) -- C:\Windows\System32\DRIVERS\avipbb.sys (Avira GmbH) DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (avgntflt) -- C:\Windows\System32\DRIVERS\avgntflt.sys (Avira GmbH) DRV - (avkmgr) -- C:\Windows\System32\DRIVERS\avkmgr.sys (Avira GmbH) DRV - (ssudmdm) SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.) -- C:\Windows\System32\DRIVERS\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr)) DRV - (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.) -- C:\Windows\System32\DRIVERS\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr)) DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys () DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\tsusbflt.sys (Microsoft Corporation) DRV - (RMCAST) -- C:\Windows\System32\DRIVERS\RMCAST.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\DRIVERS\WinUsb.sys (Microsoft Corporation) DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.SYS () DRV - (ssmdrv) -- C:\Windows\System32\DRIVERS\ssmdrv.sys (Avira GmbH) DRV - (sscemdm) -- C:\Windows\System32\DRIVERS\sscemdm.sys (MCCI Corporation) DRV - (ssceserd) SAMSUNG Mobile Modem Diagnostic Serial Port V2 (WDM) -- C:\Windows\System32\DRIVERS\ssceserd.sys (MCCI Corporation) DRV - (sscebus) SAMSUNG USB Composite Device V2 driver (WDM) -- C:\Windows\System32\DRIVERS\sscebus.sys (MCCI Corporation) DRV - (sscemdfl) -- C:\Windows\System32\DRIVERS\sscemdfl.sys (MCCI Corporation) DRV - (ss_bmdm) -- C:\Windows\System32\DRIVERS\ss_bmdm.sys (MCCI Corporation) DRV - (ss_bbus) SAMSUNG USB Mobile Device (WDM) -- C:\Windows\System32\DRIVERS\ss_bbus.sys (MCCI) DRV - (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter) -- C:\Windows\System32\DRIVERS\ss_bmdfl.sys (MCCI Corporation) DRV - (atikmdag) -- C:\Windows\System32\DRIVERS\atikmdag.sys (ATI Technologies Inc.) DRV - (amdkmdag) -- C:\Windows\System32\DRIVERS\atikmdag.sys (ATI Technologies Inc.) DRV - (amdkmdap) -- C:\Windows\System32\DRIVERS\atikmpag.sys (Advanced Micro Devices, Inc.) DRV - (NETw5s32) Intel(R) -- C:\Windows\System32\DRIVERS\NETw5s32.sys (Intel Corporation) DRV - (hidshim) -- C:\Windows\System32\DRIVERS\hidshim.sys (Windows (R) Win 7 DDK provider) DRV - (nuvotonhidgeneric) -- C:\Windows\System32\DRIVERS\nuvotonhidgeneric.sys (Nuvoton Technology Corporation) DRV - (netw5v32) Intel(R) -- C:\Windows\System32\DRIVERS\netw5v32.sys (Intel Corporation) DRV - (RTHDMIAzAudService) -- C:\Windows\System32\drivers\RtHDMIV.sys (Realtek Semiconductor Corp.) DRV - ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) -- C:\Programme\Acer Arcade Deluxe\PlayMovie\000.fcl (CyberLink Corp.) DRV - (int15) -- C:\Windows\System32\drivers\int15.sys (Acer, Inc.) DRV - (XAudio) -- C:\Windows\System32\DRIVERS\xaudio.sys (Conexant Systems, Inc.) DRV - (AVMUNET) -- C:\Windows\System32\DRIVERS\avmunet.sys (AVM GmbH) DRV - (AFPAnsi) -- C:\Windows\System32\Drivers\AFPAnsi.sys (Alfa Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0809&m=aspire_8730 IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2851647 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3659569405-2327324472-3049137322-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0809&m=aspire_8730 IE - HKU\S-1-5-21-3659569405-2327324472-3049137322-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data] IE - HKU\S-1-5-21-3659569405-2327324472-3049137322-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = IE - HKU\S-1-5-21-3659569405-2327324472-3049137322-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKU\S-1-5-21-3659569405-2327324472-3049137322-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-3659569405-2327324472-3049137322-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://global.acer.com [binary data] IE - HKU\S-1-5-21-3659569405-2327324472-3049137322-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0809&m=aspire_8730 IE - HKU\S-1-5-21-3659569405-2327324472-3049137322-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-3659569405-2327324472-3049137322-1000\..\URLSearchHook: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - No CLSID value found IE - HKU\S-1-5-21-3659569405-2327324472-3049137322-1000\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKU\S-1-5-21-3659569405-2327324472-3049137322-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKU\S-1-5-21-3659569405-2327324472-3049137322-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW IE - HKU\S-1-5-21-3659569405-2327324472-3049137322-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2851647 IE - HKU\S-1-5-21-3659569405-2327324472-3049137322-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3659569405-2327324472-3049137322-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = fritz.box;192.168.178.1;127.0.0.1 ========== FireFox ========== FF - prefs.js..browser.search.update: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.12startseite.de/index.php" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_228.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll File not found FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll File not found FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@virtools.com/3DviaPlayer: C:\Program Files\Virtools\3D Life Player\npvirtools.dll File not found FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Pegasuz\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.03.19 23:06:16 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.02.24 09:22:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pegasuz\AppData\Roaming\mozilla\Extensions [2010.05.30 14:32:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pegasuz\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2011.04.13 18:40:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pegasuz\AppData\Roaming\mozilla\Extensions\IMVUClientXUL@imvu.com [2012.04.04 22:51:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pegasuz\AppData\Roaming\mozilla\Firefox\Profiles\2xmvettj.default\extensions [2012.04.04 22:51:35 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Pegasuz\AppData\Roaming\mozilla\Firefox\Profiles\2xmvettj.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2012.03.22 08:51:43 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\Pegasuz\AppData\Roaming\mozilla\Firefox\Profiles\2xmvettj.default\extensions\support@lastpass.com [2012.04.04 22:51:44 | 000,002,112 | ---- | M] () -- C:\Users\Pegasuz\AppData\Roaming\Mozilla\Firefox\Profiles\2xmvettj.default\searchplugins\wot-safe-search.xml [2012.04.05 20:17:21 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\mozilla firefox\extensions [2012.04.05 20:17:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} () (No name found) -- C:\USERS\PEGASUZ\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2XMVETTJ.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI () (No name found) -- C:\USERS\PEGASUZ\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2XMVETTJ.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI [2012.03.19 23:06:16 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.02.16 13:02:53 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.02.16 12:48:01 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.02.16 13:02:53 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.02.16 13:02:53 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.02.16 13:02:53 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.02.16 13:02:53 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2000.01.01 01:00:00 | 000,000,794 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 secure.disc-soft.com O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O3 - HKU\S-1-5-21-3659569405-2327324472-3049137322-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O4 - HKLM..\Run: [AllShareAgent] C:\Programme\Samsung\AllShare\AllShareAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [CheckPoint Cleanup] C:\Users\Pegasuz\AppData\Local\Temp\cpes_clean_launcher.exe () O4 - HKLM..\Run: [eAudio] C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe (Acer Incorporated) O4 - HKLM..\Run: [eDataSecurity Loader] C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe (Egis Incorporated) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKU\S-1-5-21-3659569405-2327324472-3049137322-1000..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe () O4 - HKU\S-1-5-21-3659569405-2327324472-3049137322-1000..\Run: [SecureBanking] C:\Programme\Secure Banking\v1.4\SecureBanking.exe (Secure Banking) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\S-1-5-21-3659569405-2327324472-3049137322-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1 O7 - HKU\S-1-5-21-3659569405-2327324472-3049137322-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\MICROS~4\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\Pegasuz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk () O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-3659569405-2327324472-3049137322-1000\..Trusted Domains: fritz.box ([]* in Lokales Intranet) O15 - HKU\S-1-5-21-3659569405-2327324472-3049137322-1000\..Trusted Ranges: Range1 ([*] in Lokales Intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0C5F150D-4CA5-4E28-A2A7-3BC269E2EFAD}: DhcpNameServer = 192.168.2.1 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9A96DDCA-6073-439C-BDCE-DC4BF86E933D}: DhcpNameServer = 192.168.42.129 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O24 - Desktop WallPaper: C:\Users\Pegasuz\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Pegasuz\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{02fd1b56-584d-11df-a5f4-001f16be9587}\Shell - "" = AutoRun O33 - MountPoints2\{02fd1b56-584d-11df-a5f4-001f16be9587}\Shell\AutoRun\command - "" = J:\preinst.exe O33 - MountPoints2\{12f03283-0571-11e1-9179-001f16be9587}\Shell - "" = AutoRun O33 - MountPoints2\{12f03283-0571-11e1-9179-001f16be9587}\Shell\AutoRun\command - "" = H:\AutoRun.exe O33 - MountPoints2\{12f0328d-0571-11e1-9179-001f16be9587}\Shell - "" = AutoRun O33 - MountPoints2\{12f0328d-0571-11e1-9179-001f16be9587}\Shell\AutoRun\command - "" = H:\AutoRun.exe O33 - MountPoints2\{12f03298-0571-11e1-9179-001f16be9587}\Shell - "" = AutoRun O33 - MountPoints2\{12f03298-0571-11e1-9179-001f16be9587}\Shell\AutoRun\command - "" = H:\AutoRun.exe O33 - MountPoints2\{37dd83cc-57f5-11df-a13d-001f16be9587}\Shell - "" = AutoRun O33 - MountPoints2\{37dd83cc-57f5-11df-a13d-001f16be9587}\Shell\AutoRun\command - "" = I:\preinst.exe O33 - MountPoints2\{614d254d-8f85-11df-804a-001e657ece4c}\Shell - "" = AutoRun O33 - MountPoints2\{614d254d-8f85-11df-804a-001e657ece4c}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{63b23e4d-8267-11df-8c5f-001e657ece4c}\Shell - "" = AutoRun O33 - MountPoints2\{63b23e4d-8267-11df-8c5f-001e657ece4c}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{63b23e55-8267-11df-8c5f-001e657ece4c}\Shell - "" = AutoRun O33 - MountPoints2\{63b23e55-8267-11df-8c5f-001e657ece4c}\Shell\AutoRun\command - "" = I:\AutoRun.exe O33 - MountPoints2\{7e4a52cd-8752-11df-b642-001e657ece4c}\Shell - "" = AutoRun O33 - MountPoints2\{7e4a52cd-8752-11df-b642-001e657ece4c}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{8ac17976-b854-11de-88c9-001e657ece4c}\Shell - "" = AutoRun O33 - MountPoints2\{8ac17976-b854-11de-88c9-001e657ece4c}\Shell\AutoRun\command - "" = H:\autorun.exe O33 - MountPoints2\{8b58dfcd-97ee-11df-a5ae-001e657ece4c}\Shell - "" = AutoRun O33 - MountPoints2\{8b58dfcd-97ee-11df-a5ae-001e657ece4c}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{8b58dfd0-97ee-11df-a5ae-001e657ece4c}\Shell - "" = AutoRun O33 - MountPoints2\{8b58dfd0-97ee-11df-a5ae-001e657ece4c}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{a54171c8-022d-11e0-aed3-001f16be9587}\Shell - "" = AutoRun O33 - MountPoints2\{a54171c8-022d-11e0-aed3-001f16be9587}\Shell\AutoRun\command - "" = "G:\WD SmartWare.exe" autoplay=true O33 - MountPoints2\{ab371969-d057-11de-9019-001f16be9587}\Shell - "" = AutoRun O33 - MountPoints2\{ab371969-d057-11de-9019-001f16be9587}\Shell\AutoRun\command - "" = G:\USBAutoRun.exe O33 - MountPoints2\{ac721ece-8442-11df-800a-001e657ece4c}\Shell - "" = AutoRun O33 - MountPoints2\{ac721ece-8442-11df-800a-001e657ece4c}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{ac721ed0-8442-11df-800a-001e657ece4c}\Shell - "" = AutoRun O33 - MountPoints2\{ac721ed0-8442-11df-800a-001e657ece4c}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{ca98c62e-4a6e-11df-8aa0-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{ca98c62e-4a6e-11df-8aa0-806e6f6e6963}\Shell\AutoRun\command - "" = H:\SETUP95.EXE O33 - MountPoints2\{e57b67c4-b1db-11df-9e23-001f16be9587}\Shell - "" = AutoRun O33 - MountPoints2\{e57b67c4-b1db-11df-9e23-001f16be9587}\Shell\AutoRun\command - "" = H:\AutoRun.exe O33 - MountPoints2\{e57b67c7-b1db-11df-9e23-001f16be9587}\Shell - "" = AutoRun O33 - MountPoints2\{e57b67c7-b1db-11df-9e23-001f16be9587}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\USBAutoRun.exe O33 - MountPoints2\H\Shell - "" = AutoRun O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpFolder: C:^Users^Pegasuz^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^0.713674863367620167f76.exe.lnk - - File not found MsConfig - StartUpFolder: C:^Users^Pegasuz^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^DesktopVideoPlayer.lnk - C:\Users\Pegasuz\AppData\Local\vghd\bin\vghd.exe - (Totem Entertainment) MsConfig - StartUpFolder: C:^Users^Pegasuz^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^IMVU.lnk - - File not found MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: Akamai NetSession Interface - hkey= - key= - File not found MsConfig - StartUpReg: AllShareAgent - hkey= - key= - C:\Programme\Samsung\AllShare\AllShareAgent.exe (Samsung Electronics Co., Ltd.) MsConfig - StartUpReg: APSDaemon - hkey= - key= - File not found MsConfig - StartUpReg: ControlCenter3 - hkey= - key= - C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.) MsConfig - StartUpReg: DAEMON Tools Pro Agent - hkey= - key= - C:\Program Files\DAEMON Tools Pro\DTAgent.exe (DT Soft Ltd) MsConfig - StartUpReg: Google Update - hkey= - key= - File not found MsConfig - StartUpReg: iTunesHelper - hkey= - key= - File not found MsConfig - StartUpReg: KiesHelper - hkey= - key= - C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung) MsConfig - StartUpReg: KiesPDLR - hkey= - key= - C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () MsConfig - StartUpReg: StartCCC - hkey= - key= - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) MsConfig - State: "services" - 2 MsConfig - State: "startup" - 2 MsConfig - State: "bootini" - 2 SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: WinDefend - C:\Programme\Windows Defender\mpsvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: vsmon - Service SafeBootNet: WinDefend - C:\Programme\Windows Defender\mpsvc.dll (Microsoft Corporation) SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.lhacm - C:\Windows\System32\lhacm.acm (Microsoft Corporation) Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.ffds - C:\Windows\System32\ff_vfw.dll () Drivers32: vidc.iv31 - C:\Windows\System32\ir32_32.dll (Intel(R) Corporation) Drivers32: vidc.iv32 - C:\Windows\System32\ir32_32.dll (Intel(R) Corporation) Drivers32: vidc.VSPX - C:\Windows\System32\vspxvfw.dll () CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.04.05 17:29:08 | 000,000,000 | ---D | C] -- C:\ProgramData\ZA_PreservedFiles [2012.04.05 00:00:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2012.04.04 22:36:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2012.04.04 22:36:31 | 000,000,000 | ---D | C] -- C:\Program Files\Skype [2012.04.04 22:24:02 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Pegasuz\Desktop\aswMBR.exe [2012.04.04 21:58:19 | 000,000,000 | ---D | C] -- C:\Program Files\Secure Banking [2012.04.02 00:33:08 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2012.03.31 06:30:48 | 000,000,000 | ---D | C] -- C:\Users\Pegasuz\AppData\Roaming\Malwarebytes [2012.03.31 06:30:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.03.31 06:30:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.03.31 06:30:20 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.03.31 06:30:20 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.03.23 19:43:11 | 000,000,000 | ---D | C] -- C:\Users\Pegasuz\AppData\Roaming\WindSolutions [2012.03.23 19:43:11 | 000,000,000 | ---D | C] -- C:\ProgramData\WindSolutions [2012.03.12 14:03:45 | 000,000,000 | ---D | C] -- C:\Program Files\ShadowBladeTN3ENG [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.04.05 21:14:06 | 000,016,176 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.04.05 21:14:06 | 000,016,176 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.04.05 17:34:57 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.04.05 17:34:57 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.04.05 17:34:57 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.04.05 17:34:57 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.04.05 17:30:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.04.05 17:22:04 | 000,066,537 | ---- | M] () -- C:\Users\Pegasuz\Desktop\Rechnung März.pdf [2012.04.05 16:24:24 | 000,000,502 | ---- | M] () -- C:\Windows\wiso.ini [2012.04.05 16:23:10 | 000,034,680 | ---- | M] () -- C:\Users\Pegasuz\Desktop\Stunden März.pdf [2012.04.04 22:51:21 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.04.04 22:36:30 | 000,000,536 | ---- | M] () -- C:\Windows\tasks\{BA37C855-184C-4BDB-95D3-9588C533021B}.job [2012.04.04 22:23:50 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Pegasuz\Desktop\aswMBR.exe [2012.03.23 18:38:59 | 000,378,216 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.04.05 17:22:03 | 000,066,537 | ---- | C] () -- C:\Users\Pegasuz\Desktop\Rechnung März.pdf [2012.04.05 16:23:10 | 000,034,680 | ---- | C] () -- C:\Users\Pegasuz\Desktop\Stunden März.pdf [2012.04.04 22:51:21 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.04.04 22:36:30 | 000,000,536 | ---- | C] () -- C:\Windows\tasks\{BA37C855-184C-4BDB-95D3-9588C533021B}.job [2011.09.12 16:10:00 | 000,000,030 | ---- | C] () -- C:\Windows\System32\brss01a.ini [2011.09.12 16:09:59 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI [2011.09.12 16:09:59 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI [2011.06.07 16:52:29 | 000,081,920 | ---- | C] () -- C:\Windows\System32\GkSui20.EXE [2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat [2011.03.20 19:31:20 | 000,000,502 | ---- | C] () -- C:\Windows\wiso.ini [2011.01.29 18:00:24 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2011.01.29 18:00:22 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll [2011.01.29 18:00:22 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll [2011.01.29 18:00:22 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll [2011.01.29 18:00:22 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll [2010.09.19 18:04:35 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf05a.dat [2010.07.11 17:32:52 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll [2010.07.11 17:32:52 | 000,036,640 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys [2010.05.25 01:00:30 | 000,007,601 | ---- | C] () -- C:\Users\Pegasuz\AppData\Local\Resmon.ResmonCfg [2010.05.21 21:34:06 | 000,002,023 | ---- | C] () -- C:\Windows\System32\atipblag.dat [2010.05.16 14:23:44 | 000,019,456 | ---- | C] () -- C:\Users\Pegasuz\AppData\Local\WebpageIcons.db [2010.05.07 15:37:21 | 000,065,536 | ---- | C] () -- C:\Windows\TADSUINS.EXE ========== LOP Check ========== [2009.10.19 11:21:58 | 000,000,000 | -HSD | M] -- C:\Users\Pegasuz\AppData\Roaming\.# [2009.12.23 15:14:00 | 000,000,000 | -H-D | M] -- C:\Users\Pegasuz\AppData\Roaming\Acer GameZone Console [2011.03.20 19:31:29 | 000,000,000 | ---D | M] -- C:\Users\Pegasuz\AppData\Roaming\Buhl Data Service [2009.12.27 06:31:00 | 000,000,000 | -H-D | M] -- C:\Users\Pegasuz\AppData\Roaming\CheckPoint [2011.11.29 15:12:13 | 000,000,000 | -H-D | M] -- C:\Users\Pegasuz\AppData\Roaming\DAEMON Tools Pro [2011.11.14 08:18:09 | 000,000,000 | ---D | M] -- C:\Users\Pegasuz\AppData\Roaming\IMVU [2011.09.26 15:17:43 | 000,000,000 | ---D | M] -- C:\Users\Pegasuz\AppData\Roaming\IMVUClient [2009.12.23 15:14:01 | 000,000,000 | -H-D | M] -- C:\Users\Pegasuz\AppData\Roaming\LG Electronics [2012.01.13 08:46:08 | 000,000,000 | ---D | M] -- C:\Users\Pegasuz\AppData\Roaming\LolClient [2012.01.24 09:25:32 | 000,000,000 | ---D | M] -- C:\Users\Pegasuz\AppData\Roaming\Metaversum [2011.06.08 20:57:56 | 000,000,000 | ---D | M] -- C:\Users\Pegasuz\AppData\Roaming\PopCapv1003 [2009.12.23 15:14:09 | 000,000,000 | -H-D | M] -- C:\Users\Pegasuz\AppData\Roaming\PowerCinema [2012.02.22 16:41:54 | 000,000,000 | ---D | M] -- C:\Users\Pegasuz\AppData\Roaming\QuickScan [2011.07.21 20:29:33 | 000,000,000 | ---D | M] -- C:\Users\Pegasuz\AppData\Roaming\RenPy [2010.05.21 14:02:58 | 000,000,000 | ---D | M] -- C:\Users\Pegasuz\AppData\Roaming\SAD [2011.12.16 22:50:15 | 000,000,000 | ---D | M] -- C:\Users\Pegasuz\AppData\Roaming\Samsung [2011.10.14 14:42:23 | 000,000,000 | ---D | M] -- C:\Users\Pegasuz\AppData\Roaming\SecondLife [2010.05.17 17:26:28 | 000,000,000 | ---D | M] -- C:\Users\Pegasuz\AppData\Roaming\Senosoft [2009.12.23 15:14:09 | 000,000,000 | -H-D | M] -- C:\Users\Pegasuz\AppData\Roaming\SoftDMA [2010.03.20 18:37:20 | 000,000,000 | -H-D | M] -- C:\Users\Pegasuz\AppData\Roaming\Thunderbird [2011.04.01 17:48:08 | 000,000,000 | ---D | M] -- C:\Users\Pegasuz\AppData\Roaming\TS3Client [2010.05.09 17:08:07 | 000,000,000 | ---D | M] -- C:\Users\Pegasuz\AppData\Roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1 [2011.02.12 13:23:59 | 000,000,000 | ---D | M] -- C:\Users\Pegasuz\AppData\Roaming\Unity [2012.02.07 23:43:45 | 000,000,000 | ---D | M] -- C:\Users\Pegasuz\AppData\Roaming\uTorrent [2012.01.14 19:06:57 | 000,000,000 | ---D | M] -- C:\Users\Pegasuz\AppData\Roaming\VenusHostage [2011.12.24 17:55:57 | 000,000,000 | ---D | M] -- C:\Users\Pegasuz\AppData\Roaming\Vista Start Menu [2012.03.23 19:47:05 | 000,000,000 | ---D | M] -- C:\Users\Pegasuz\AppData\Roaming\WindSolutions [2009.07.14 06:53:46 | 000,030,112 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2012.01.13 10:52:50 | 000,000,186 | ---- | M] () -- C:\Windows\Tasks\{2547A0A8-7423-4C11-8E25-12E177C73BCC}.job [2012.04.04 22:36:30 | 000,000,536 | ---- | M] () -- C:\Windows\Tasks\{BA37C855-184C-4BDB-95D3-9588C533021B}.job ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2009.10.19 11:21:58 | 000,000,000 | -HSD | M] -- C:\Users\Pegasuz\AppData\Roaming\.# [2009.12.23 15:14:00 | 000,000,000 | -H-D | M] -- C:\Users\Pegasuz\AppData\Roaming\Acer GameZone Console [2011.04.01 17:36:22 | 000,000,000 | -H-D | M] -- C:\Users\Pegasuz\AppData\Roaming\Adobe [2012.01.02 06:07:18 | 000,000,000 | ---D | M] -- C:\Users\Pegasuz\AppData\Roaming\Apple Computer [2010.05.24 22:45:30 | 000,000,000 | -H-D | M] -- C:\Users\Pegasuz\AppData\Roaming\ATI [2011.12.18 19:23:41 | 000,000,000 | ---D | M] -- C:\Users\Pegasuz\AppData\Roaming\Avira [2011.03.20 19:31:29 | 000,000,000 | ---D | M] -- C:\Users\Pegasuz\AppData\Roaming\Buhl Data Service [2009.12.27 06:31:00 | 000,000,000 | -H-D | M] -- C:\Users\Pegasuz\AppData\Roaming\CheckPoint [2010.04.04 13:11:30 | 000,000,000 | -H-D | M] -- C:\Users\Pegasuz\AppData\Roaming\CyberLink [2011.11.29 15:12:13 | 000,000,000 | -H-D | M] -- C:\Users\Pegasuz\AppData\Roaming\DAEMON Tools Pro [2011.10.19 23:04:48 | 000,000,000 | -H-D | M] -- C:\Users\Pegasuz\AppData\Roaming\dvdcss [2009.12.23 15:14:01 | 000,000,000 | -H-D | M] -- C:\Users\Pegasuz\AppData\Roaming\Identities [2011.11.14 08:18:09 | 000,000,000 | ---D | M] -- C:\Users\Pegasuz\AppData\Roaming\IMVU [2011.09.26 15:17:43 | 000,000,000 | ---D | M] -- C:\Users\Pegasuz\AppData\Roaming\IMVUClient [2011.09.12 16:07:32 | 000,000,000 | -H-D | M] -- C:\Users\Pegasuz\AppData\Roaming\InstallShield [2009.12.23 15:14:01 | 000,000,000 | -H-D | M] -- C:\Users\Pegasuz\AppData\Roaming\LG Electronics [2012.01.13 08:46:08 | 000,000,000 | ---D | M] -- C:\Users\Pegasuz\AppData\Roaming\LolClient [2009.12.23 15:14:02 | 000,000,000 | -H-D | M] -- C:\Users\Pegasuz\AppData\Roaming\Macromedia [2012.03.31 06:30:48 | 000,000,000 | ---D | M] -- C:\Users\Pegasuz\AppData\Roaming\Malwarebytes [2009.07.14 10:56:41 | 000,000,000 | -H-D | M] -- C:\Users\Pegasuz\AppData\Roaming\Media Center Programs [2011.11.29 15:12:11 | 000,000,000 | ---D | M] -- C:\Users\Pegasuz\AppData\Roaming\Media Player Classic [2012.01.24 09:25:32 | 000,000,000 | ---D | M] -- C:\Users\Pegasuz\AppData\Roaming\Metaversum [2011.08.05 08:28:34 | 000,000,000 | --SD | M] -- C:\Users\Pegasuz\AppData\Roaming\Microsoft [2012.02.24 09:23:50 | 000,000,000 | ---D | M] -- C:\Users\Pegasuz\AppData\Roaming\Mozilla [2011.06.08 20:57:56 | 000,000,000 | ---D | M] -- C:\Users\Pegasuz\AppData\Roaming\PopCapv1003 [2009.12.23 15:14:09 | 000,000,000 | -H-D | M] -- C:\Users\Pegasuz\AppData\Roaming\PowerCinema [2012.02.22 16:41:54 | 000,000,000 | ---D | M] -- C:\Users\Pegasuz\AppData\Roaming\QuickScan [2011.07.21 20:29:33 | 000,000,000 | ---D | M] -- C:\Users\Pegasuz\AppData\Roaming\RenPy [2010.05.21 14:02:58 | 000,000,000 | ---D | M] -- C:\Users\Pegasuz\AppData\Roaming\SAD [2011.12.16 22:50:15 | 000,000,000 | ---D | M] -- C:\Users\Pegasuz\AppData\Roaming\Samsung [2011.10.14 14:42:23 | 000,000,000 | ---D | M] -- C:\Users\Pegasuz\AppData\Roaming\SecondLife [2010.04.21 23:51:17 | 000,000,000 | RH-D | M] -- C:\Users\Pegasuz\AppData\Roaming\SecuROM [2010.05.17 17:26:28 | 000,000,000 | ---D | M] -- C:\Users\Pegasuz\AppData\Roaming\Senosoft [2012.04.04 22:36:27 | 000,000,000 | ---D | M] -- C:\Users\Pegasuz\AppData\Roaming\Skype [2009.12.23 15:14:09 | 000,000,000 | -H-D | M] -- C:\Users\Pegasuz\AppData\Roaming\SoftDMA [2010.03.20 18:37:20 | 000,000,000 | -H-D | M] -- C:\Users\Pegasuz\AppData\Roaming\Thunderbird [2011.04.01 17:48:08 | 000,000,000 | ---D | M] -- C:\Users\Pegasuz\AppData\Roaming\TS3Client [2010.05.09 17:08:07 | 000,000,000 | ---D | M] -- C:\Users\Pegasuz\AppData\Roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1 [2011.02.12 13:23:59 | 000,000,000 | ---D | M] -- C:\Users\Pegasuz\AppData\Roaming\Unity [2012.02.07 23:43:45 | 000,000,000 | ---D | M] -- C:\Users\Pegasuz\AppData\Roaming\uTorrent [2012.01.14 19:06:57 | 000,000,000 | ---D | M] -- C:\Users\Pegasuz\AppData\Roaming\VenusHostage [2011.12.24 17:55:57 | 000,000,000 | ---D | M] -- C:\Users\Pegasuz\AppData\Roaming\Vista Start Menu [2012.03.12 14:52:44 | 000,000,000 | ---D | M] -- C:\Users\Pegasuz\AppData\Roaming\vlc [2012.03.23 19:47:05 | 000,000,000 | ---D | M] -- C:\Users\Pegasuz\AppData\Roaming\WindSolutions [2009.12.23 15:14:10 | 000,000,000 | -H-D | M] -- C:\Users\Pegasuz\AppData\Roaming\WinRAR < %APPDATA%\*.exe /s > [2011.02.08 00:11:20 | 007,509,008 | ---- | M] (Vivox, Inc.) -- C:\Users\Pegasuz\AppData\Roaming\IMVUClient\1VivoxVoice.exe [2011.08.17 03:13:16 | 000,012,288 | ---- | M] () -- C:\Users\Pegasuz\AppData\Roaming\IMVUClient\devicefingerprint.exe [2011.08.17 03:13:16 | 000,158,208 | ---- | M] () -- C:\Users\Pegasuz\AppData\Roaming\IMVUClient\devicefingerprint_old.exe [2011.07.27 18:28:54 | 000,009,216 | ---- | M] () -- C:\Users\Pegasuz\AppData\Roaming\IMVUClient\devicefingerprint_v94.exe [2011.08.30 23:06:02 | 000,053,504 | ---- | M] () -- C:\Users\Pegasuz\AppData\Roaming\IMVUClient\IMVUClient.exe [2011.08.30 23:06:04 | 000,022,784 | ---- | M] () -- C:\Users\Pegasuz\AppData\Roaming\IMVUClient\IMVUQualityAgent.exe [2011.08.30 23:06:04 | 000,097,200 | ---- | M] () -- C:\Users\Pegasuz\AppData\Roaming\IMVUClient\IMVUupdater.exe [2011.07.30 01:55:56 | 000,009,728 | ---- | M] (Mozilla Corporation) -- C:\Users\Pegasuz\AppData\Roaming\IMVUClient\plugin-container.exe [2011.09.26 15:17:50 | 000,077,973 | ---- | M] () -- C:\Users\Pegasuz\AppData\Roaming\IMVUClient\Uninstall.exe [2011.04.28 20:51:30 | 000,049,664 | ---- | M] () -- C:\Users\Pegasuz\AppData\Roaming\IMVUClient\w9xpopen.exe [2011.08.16 23:34:00 | 000,134,144 | ---- | M] () -- C:\Users\Pegasuz\AppData\Roaming\IMVUClient\WriteMiniDump.exe [2011.09.26 15:17:02 | 022,758,128 | ---- | M] () -- C:\Users\Pegasuz\AppData\Roaming\IMVUClient\installer\SetupImvu_update.exe [2011.06.12 12:16:53 | 000,010,134 | R--- | M] () -- C:\Users\Pegasuz\AppData\Roaming\Microsoft\Installer\{20B1B020-DEAE-48D1-9960-D4C3185D758B}\Foren.exe [2011.06.12 12:16:53 | 000,000,766 | R--- | M] () -- C:\Users\Pegasuz\AppData\Roaming\Microsoft\Installer\{20B1B020-DEAE-48D1-9960-D4C3185D758B}\htmledit.exe [2011.08.05 10:03:39 | 000,017,542 | R--- | M] () -- C:\Users\Pegasuz\AppData\Roaming\Microsoft\Installer\{F343FA04-CFC0-487C-A617-A5E8CF4D7B10}\_640ECEF665E5906E76DC9D.exe [2011.08.05 10:03:39 | 000,017,542 | R--- | M] () -- C:\Users\Pegasuz\AppData\Roaming\Microsoft\Installer\{F343FA04-CFC0-487C-A617-A5E8CF4D7B10}\_96E62DE38A7F692104A23B.exe [2011.01.31 03:01:42 | 087,340,080 | ---- | M] (Samsung Electronics Co., Ltd. ) -- C:\Users\Pegasuz\AppData\Roaming\Microsoft\Windows\Templates\SamsungKiesSetup.exe [2009.06.04 13:51:24 | 001,413,256 | RH-- | M] () -- C:\Users\Pegasuz\AppData\Roaming\Microsoft\Windows\Templates\F\USBAutoRun.exe [2009.05.12 08:46:36 | 000,212,992 | RH-- | M] () -- C:\Users\Pegasuz\AppData\Roaming\Microsoft\Windows\Templates\F\tools\LGSetCDROMAutoRun.exe [2009.06.04 13:51:24 | 001,413,256 | RH-- | M] () -- C:\Users\Pegasuz\AppData\Roaming\Microsoft\Windows\Templates\G\USBAutoRun.exe [2009.05.12 08:46:36 | 000,212,992 | RH-- | M] () -- C:\Users\Pegasuz\AppData\Roaming\Microsoft\Windows\Templates\G\tools\LGSetCDROMAutoRun.exe [2012.02.21 20:22:05 | 037,411,800 | ---- | M] (Samsung Electronics Co., Ltd. ) -- C:\Users\Pegasuz\AppData\Roaming\Samsung\AllShare\AllShare_2.1.0.12013_8.exe [2011.05.24 19:30:10 | 003,154,792 | ---- | M] (Microsoft Corporation) -- C:\Users\Pegasuz\AppData\Roaming\Samsung\Kies\UpdateTemp\NDP40-KB2461678-x86.exe [2011.01.30 00:17:04 | 000,075,112 | ---- | M] () -- C:\Users\Pegasuz\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\DriverChecker.exe [2011.05.11 18:41:08 | 000,934,800 | ---- | M] (Samsung) -- C:\Users\Pegasuz\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\Kies.exe [2011.05.11 18:41:12 | 000,278,928 | ---- | M] () -- C:\Users\Pegasuz\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\KiesDriverInstaller.exe [2011.01.30 00:17:10 | 000,040,312 | ---- | M] () -- C:\Users\Pegasuz\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\KiesMobileDeviceService.exe [2011.05.11 18:41:10 | 003,373,968 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Users\Pegasuz\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\KiesTrayAgent.exe [2011.01.30 00:17:12 | 000,207,696 | ---- | M] () -- C:\Users\Pegasuz\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\lame.exe [2011.01.30 00:17:18 | 000,195,416 | ---- | M] () -- C:\Users\Pegasuz\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\oggenc.exe [2011.04.27 07:19:58 | 000,140,800 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\Pegasuz\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\ConnectionManager.exe [2011.04.27 07:19:58 | 000,283,136 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\Pegasuz\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\DeviceDataService.exe [2011.04.27 07:19:58 | 000,659,456 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\Pegasuz\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\DeviceManager.exe [2011.01.30 00:17:28 | 000,025,960 | ---- | M] (Teruten Inc) -- C:\Users\Pegasuz\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\FsExService64.exe [2011.01.30 00:17:32 | 000,222,568 | ---- | M] (Teruten) -- C:\Users\Pegasuz\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\FsUsbExService.exe [2011.01.30 00:17:36 | 000,142,696 | ---- | M] () -- C:\Users\Pegasuz\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\FUSBCommander.exe [2011.04.27 07:19:58 | 000,107,008 | ---- | M] () -- C:\Users\Pegasuz\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\HSPConnection.exe [2011.05.11 18:41:16 | 000,067,472 | ---- | M] (Samsung) -- C:\Users\Pegasuz\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\Kies_Tutorial.exe [2011.05.11 18:41:18 | 000,131,984 | ---- | M] () -- C:\Users\Pegasuz\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\FirmwareUpdate\BinaryLoaderMgr.exe [2011.05.11 18:41:20 | 000,019,856 | ---- | M] () -- C:\Users\Pegasuz\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\FirmwareUpdate\KiesPDLR.exe [2011.05.11 18:41:22 | 004,661,464 | ---- | M] () -- C:\Users\Pegasuz\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\MediaModules\MyFreeCodecPack.exe [2011.01.30 00:17:44 | 000,226,648 | ---- | M] (ENJsoft corp.) -- C:\Users\Pegasuz\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\TransModules\SelfMV.exe [2011.01.30 00:17:48 | 000,066,904 | ---- | M] (ENJsoft corp.) -- C:\Users\Pegasuz\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\TransModules\SelfMV2.exe [2011.01.30 00:17:52 | 000,079,192 | ---- | M] (ENJsoft corp.) -- C:\Users\Pegasuz\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\TransModules\TG_CAM.exe [2011.05.02 16:31:28 | 020,636,968 | ---- | M] (SAMSUNG Electronics Co., Ltd.) -- C:\Users\Pegasuz\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\USB Driver\SAMSUNG_USB_Driver_for_Mobile_Phones.exe [2011.06.24 08:54:50 | 000,358,800 | ---- | M] (ml) -- C:\Users\Pegasuz\AppData\Roaming\Samsung\Kies\UpdateTemp\temp\Kies.Update.exe [2011.08.01 05:32:24 | 000,362,384 | ---- | M] (ml) -- C:\Users\Pegasuz\AppData\Roaming\Samsung\Kies\UpdateTemp\Updater\Kies.Update.exe [2012.03.23 19:43:14 | 003,712,432 | ---- | M] (WindSolutions) -- C:\Users\Pegasuz\AppData\Roaming\WindSolutions\CopyTransControlCenter\Applications\CopyTransControlCenter.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll < MD5 for: IASTOR.SYS > [2009.06.04 12:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\drivers\iaStor.sys [2009.06.04 12:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_4f144d6467fc7c22\iaStor.sys [2009.06.04 12:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_x86_neutral_10aa509d6843c6fc\iaStor.sys < MD5 for: IASTORV.SYS > [2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys [2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys [2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys [2011.03.11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys [2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys [2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys [2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys [2011.03.11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll < MD5 for: NVSTOR.SYS > [2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys [2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys [2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys [2011.03.11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys [2011.03.11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys [2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys [2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys [2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll < MD5 for: USER32.DLL > [2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll [2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll [2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe [2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe [2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys [2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > [2011.02.28 20:19:54 | 000,431,672 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\drivers\sptd.sys < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < > ========== Alternate Data Streams ========== @Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:364682BC < End of report > |
Themen zu 100€ Virus (mor.exe) |
bereits, datei, eingefangen, entfern, entfernt, gefangen, gen, löschen, mor.exe, nicht sicher, ordner, problemlos, rechner, schließe, schließen, temp, temp ordner, virus, wirklich, öfter |