| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: GUV-Trojaner (EXP/Java.Ivinest.Gen)Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
31.07.2012, 12:16
| #1 |
| |  GUV-Trojaner (EXP/Java.Ivinest.Gen) Hallo, ich habe mir vorhin beim surfen wohl einen Trojaner eingefangen. Seitdem bekomme ich nur noch einen weissen Bildschirm mit einer Meldung von der GUV, dass ich per paysafecard Geld für die Entsperrung bezahlen soll. Habe dummerweise schon laenger nichtmehr Java geupdated weil dieser automatische Updater nie funktioniert hat, war wohl ein Fehler... Ich schreibe immoment von meinem Admin Konto, hier funktionirt noch alles. Ich habe gerade einen Scan mit Avira durchgeführt, und folgendes wurde gefunden: EXP/Java.Ivinest.Gen (C:\Users\****\AppData\Local\Temp\jar_cache5201313352718993022.tmp) Habe es in Qurantäne verschoben. Habe Win7 64 Bit OTL: Code:
ATTFilter OTL logfile created on: 7/31/2012 12:50:09 PM - Run 1 OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Admin\Desktop 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.96 Gb Total Physical Memory | 2.68 Gb Available Physical Memory | 67.54% Memory free 7.92 Gb Paging File | 6.15 Gb Available in Paging File | 77.61% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 297.99 Gb Total Space | 207.05 Gb Free Space | 69.48% Space Free | Partition Type: NTFS Drive D: | 274.95 Gb Total Space | 194.67 Gb Free Space | 70.80% Space Free | Partition Type: NTFS Computer Name: NEX-PC | User Name: Admin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Admin\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_268_ActiveX.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation) PRC - C:\Program Files (x86)\Razer\Imperator\RazerImperatorSysTray.exe (Razer USA Ltd) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel Corporation) PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Program Files (x86)\Razer\Razer Lycosa\razertra.exe () PRC - C:\Program Files (x86)\Razer\Razer Lycosa\razerhid.exe (Razer USA Ltd.) PRC - C:\Program Files (x86)\NETGEAR\WNA1100\WNA1100.exe () PRC - C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe () ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll () MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () MOD - C:\Program Files (x86)\Razer\Razer Lycosa\razertra.exe () MOD - C:\Program Files (x86)\NETGEAR\WNA1100\WNA1100.exe () MOD - C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvcLib.dll () ========== Win32 Services (SafeList) ========== SRV:64bit: - (Intel(R) -- C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel Corporation) SRV - (WSWNA1100) -- C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe () SRV - (jswpsapi) -- C:\Program Files (x86)\NETGEAR\WNA1100\jswpsapi.exe (Atheros Communications, Inc.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (iusb3xhc) -- C:\Windows\SysNative\drivers\iusb3xhc.sys (Intel Corporation) DRV:64bit: - (iusb3hub) -- C:\Windows\SysNative\drivers\iusb3hub.sys (Intel Corporation) DRV:64bit: - (iusb3hcs) -- C:\Windows\SysNative\drivers\iusb3hcs.sys (Intel Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (athur) -- C:\Windows\SysNative\drivers\athurx.sys (Atheros Communications, Inc.) DRV:64bit: - (VKbms) -- C:\Windows\SysNative\drivers\VKbms.sys (Windows (R) Win 7 DDK provider) DRV:64bit: - (Lycosa) -- C:\Windows\SysNative\drivers\Lycosa.sys (Razer USA Ltd.) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (JSWPSLWF) -- C:\Windows\SysNative\drivers\jswpslwfx.sys (Atheros Communications, Inc.) DRV:64bit: - (SCMNdisP) -- C:\Windows\SysNative\drivers\SCMNdisP.sys (Windows (R) Codename Longhorn DDK provider) DRV - (WinRing0_1_2_0) -- C:\Users\NeX\AppData\Local\Microsoft\Windows Sidebar\Gadgets\IntelCoreSeries25.gadget\WinRing0x64.sys (OpenLibSys.org) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-798351699-730799831-621487735-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-798351699-730799831-621487735-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKU\S-1-5-21-798351699-730799831-621487735-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 63 62 DA 37 01 6F CD 01 [binary data] IE - HKU\S-1-5-21-798351699-730799831-621487735-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-798351699-730799831-621487735-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-798351699-730799831-621487735-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-798351699-730799831-621487735-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-21-798351699-730799831-621487735-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?rd=1&ucc=DE&dcc=DE&opt=0&ocid=iehp IE - HKU\S-1-5-21-798351699-730799831-621487735-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US IE - HKU\S-1-5-21-798351699-730799831-621487735-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 78 65 01 F9 11 6D CD 01 [binary data] IE - HKU\S-1-5-21-798351699-730799831-621487735-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-798351699-730799831-621487735-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_268.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/06/10 22:34:16 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/19 19:33:35 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/06/19 21:07:41 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/06/16 18:18:35 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012/06/19 21:07:41 | 000,000,000 | ---D | M] [2012/06/25 14:28:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\Mozilla\Extensions [2012/06/07 17:17:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2012/06/19 19:33:35 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012/06/01 17:39:16 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012/06/01 17:39:16 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml O1 HOSTS File: ([2012/06/07 17:55:43 | 000,000,854 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 activate.adobe.com O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [jswtrayutil] "C:\Program Files (x86)\NETGEAR\WNA1100\jswtrayutil.exe" File not found O4 - HKLM..\Run: [Lycosa] C:\Program Files (x86)\Razer\Razer Lycosa\razerhid.exe (Razer USA Ltd.) O4 - HKLM..\Run: [Razer Imperator Driver] C:\Program Files (x86)\Razer\Imperator\RazerImperatorSysTray.exe (Razer USA Ltd) O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-798351699-730799831-621487735-1000..\Run: [KB00326579.exe] C:\Users\NeX\AppData\Roaming\KB00326579.exe () O4 - HKU\S-1-5-21-798351699-730799831-621487735-1003..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKU\S-1-5-21-798351699-730799831-621487735-1003..\Run: [PlayNC Launcher] File not found O4 - HKU\S-1-5-21-798351699-730799831-621487735-1004..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-21-798351699-730799831-621487735-1004..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7275C768-4920-4AF7-ABB3-595421EB8626}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/07/31 12:22:37 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Razer [2012/07/31 12:17:13 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe [2012/07/29 00:37:08 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\LolClient [2012/07/28 18:29:10 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe [2012/07/28 17:54:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client [2012/07/28 17:54:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileZilla FTP Client [2012/07/28 00:07:04 | 000,000,000 | ---D | C] -- C:\ProgramData\TERA [2012/07/28 00:06:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TERA [2012/07/22 16:48:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\i-Funbox DevTeam [2012/07/22 16:48:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\i-Funbox DevTeam [2012/07/14 14:39:54 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_39.dll [2012/07/14 14:39:54 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_39.dll [2012/07/14 14:39:53 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_39.dll [2012/07/14 14:36:23 | 000,000,000 | ---D | C] -- C:\Riot Games [2012/07/14 14:36:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NewFeature1 [2012/07/14 14:01:16 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gamez Aion [2012/07/14 14:01:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gamez Aion [2012/07/12 03:01:18 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012/07/12 03:01:18 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012/07/12 03:01:18 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012/07/12 03:01:18 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012/07/12 03:01:17 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012/07/12 03:01:17 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012/07/12 03:01:17 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012/07/12 03:01:17 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012/07/12 03:01:15 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012/07/12 03:01:15 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012/07/12 03:01:15 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012/07/12 03:01:15 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012/07/12 03:01:15 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012/07/11 23:51:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gameforge [2012/07/11 23:51:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Gameforge [2012/07/11 16:48:21 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll [2012/07/11 16:48:21 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll [2012/07/11 16:48:18 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll [2012/07/11 16:48:09 | 001,462,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll [2012/07/11 16:48:09 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll [2012/07/11 16:48:02 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll [2012/07/11 16:48:02 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll [2012/07/01 15:01:51 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Chromium [2012/07/01 14:52:42 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Not_Aion_Launcher ========== Files - Modified Within 30 Days ========== [2012/07/31 12:53:49 | 004,503,728 | ---- | M] () -- C:\ProgramData\ras_0oed.pad [2012/07/31 12:18:05 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe [2012/07/31 12:17:07 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/07/31 10:02:20 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/07/31 10:02:20 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/07/31 10:01:34 | 000,778,758 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/07/31 10:01:34 | 000,660,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/07/31 10:01:34 | 000,120,960 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/07/31 09:57:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/07/31 09:57:08 | 3191,304,192 | -HS- | M] () -- C:\hiberfil.sys [2012/07/29 01:17:30 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012/07/29 01:17:30 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012/07/14 14:39:56 | 000,001,722 | ---- | M] () -- C:\Users\Public\Desktop\Play League of Legends.lnk [2012/07/14 14:01:16 | 000,001,967 | ---- | M] () -- C:\Users\Admin\Desktop\GamezAion Launcher.lnk [2012/07/12 03:22:36 | 004,901,512 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012/07/11 23:51:35 | 000,002,213 | ---- | M] () -- C:\Users\Public\Desktop\AION Free-To-Play.lnk [2012/07/06 09:50:52 | 000,001,078 | ---- | M] () -- C:\Users\Public\Desktop\JavaEditor.lnk ========== Files Created - No Company Name ========== [2012/07/31 11:45:27 | 004,503,728 | ---- | C] () -- C:\ProgramData\ras_0oed.pad [2012/07/14 14:39:56 | 000,001,722 | ---- | C] () -- C:\Users\Public\Desktop\Play League of Legends.lnk [2012/07/14 14:01:16 | 000,001,967 | ---- | C] () -- C:\Users\Admin\Desktop\GamezAion Launcher.lnk [2012/07/11 23:51:35 | 000,002,213 | ---- | C] () -- C:\Users\Public\Desktop\AION Free-To-Play.lnk [2012/07/06 09:50:52 | 000,001,078 | ---- | C] () -- C:\Users\Public\Desktop\JavaEditor.lnk [2012/06/21 09:57:11 | 000,772,014 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012/06/10 22:28:23 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2011/12/08 16:14:58 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll ========== LOP Check ========== [2012/06/07 13:20:43 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DAEMON Tools Lite [2012/06/18 15:43:29 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DVDVideoSoft [2012/06/18 15:43:30 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers [2012/07/29 00:37:08 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\LolClient [2012/06/19 21:01:48 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Notepad++ [2012/07/31 12:22:37 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Razer [2012/07/31 11:44:03 | 000,000,000 | -H-D | M] -- C:\Users\NeX\AppData\Roaming\B2196877 [2012/06/07 13:22:45 | 000,000,000 | ---D | M] -- C:\Users\NeX\AppData\Roaming\DAEMON Tools Lite [2012/06/18 15:43:39 | 000,000,000 | ---D | M] -- C:\Users\NeX\AppData\Roaming\DVDVideoSoft [2012/07/29 17:21:30 | 000,000,000 | ---D | M] -- C:\Users\NeX\AppData\Roaming\FileZilla [2012/06/21 10:58:01 | 000,000,000 | ---D | M] -- C:\Users\NeX\AppData\Roaming\Foxit Software [2012/07/22 16:48:53 | 000,000,000 | ---D | M] -- C:\Users\NeX\AppData\Roaming\iFunbox_UserCache [2012/07/14 16:22:20 | 000,000,000 | ---D | M] -- C:\Users\NeX\AppData\Roaming\LolClient [2012/06/19 21:07:39 | 000,000,000 | ---D | M] -- C:\Users\NeX\AppData\Roaming\Notepad++ [2012/06/07 03:24:42 | 000,000,000 | ---D | M] -- C:\Users\NeX\AppData\Roaming\Razer [2012/07/10 20:13:43 | 000,000,000 | ---D | M] -- C:\Users\NeX\AppData\Roaming\TeamViewer [2012/06/07 03:17:19 | 000,000,000 | ---D | M] -- C:\Users\NeX\AppData\Roaming\Thunderbird [2012/07/14 01:20:12 | 000,000,000 | ---D | M] -- C:\Users\NeX\AppData\Roaming\TS3Client [2009/07/14 07:08:49 | 000,016,880 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 7/31/2012 12:50:09 PM - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Admin\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.96 Gb Total Physical Memory | 2.68 Gb Available Physical Memory | 67.54% Memory free
7.92 Gb Paging File | 6.15 Gb Available in Paging File | 77.61% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 297.99 Gb Total Space | 207.05 Gb Free Space | 69.48% Space Free | Partition Type: NTFS
Drive D: | 274.95 Gb Total Space | 194.67 Gb Free Space | 70.80% Space Free | Partition Type: NTFS
Computer Name: NEX-PC | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-798351699-730799831-621487735-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{10C52655-7D88-4198-B2F4-52175FC9CD07}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{160FB0E5-77E3-41D3-81B1-0330F2CB818F}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1C551EFB-F34B-4119-A948-6161495C0C2F}" = rport=137 | protocol=17 | dir=out | app=system |
"{235FD5FA-88FE-4648-B43B-20CE62156B60}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{33414CEC-8AFF-4E05-8353-74B99632BDD9}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{355CD5F6-D01E-4266-B6DF-49B8693C741A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{3EF12DCB-9F21-4D1E-A542-7501BACF5A68}" = lport=139 | protocol=6 | dir=in | app=system |
"{466C62D2-46EC-479E-B327-667DE17E46AE}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{60B0C372-AF06-469E-A231-5B3432FD0155}" = lport=445 | protocol=6 | dir=in | app=system |
"{6FE5284B-9892-4537-AD64-DFAE9CA61179}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{70F9206B-A6F0-4989-8E87-2CD915646933}" = lport=56131 | protocol=6 | dir=in | name=pando media booster |
"{7A53D41E-F8B8-49CF-874D-C8051A85C96D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{80830945-F2CC-4867-A17C-8E651D6A5A0F}" = lport=56131 | protocol=17 | dir=in | name=pando media booster |
"{84A25262-F819-4D15-86D2-2548C1AD9856}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8AC003C0-08FC-4ED4-BF93-B332F1CA398B}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9C813045-F942-4970-9FD7-B3BB0E8BD6A3}" = rport=10243 | protocol=6 | dir=out | app=system |
"{9DF3700F-58D1-42A4-95AC-62DD503D1930}" = rport=139 | protocol=6 | dir=out | app=system |
"{A27A5EC9-0530-4096-9702-12946A59EB00}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B33BFC5F-B66F-4D70-B569-0920C1A18392}" = lport=10243 | protocol=6 | dir=in | app=system |
"{C78AE00D-F028-46B4-94E0-3E65CE5E0FAE}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C9D053D1-A96E-4412-90AB-FE43D1EF14F7}" = rport=445 | protocol=6 | dir=out | app=system |
"{D36FB2EC-F9B1-444B-B9A6-E00C763BFE93}" = lport=56131 | protocol=17 | dir=in | name=pando media booster |
"{DE6FC2E3-8D07-40A9-A764-B526C1EBC89E}" = lport=56131 | protocol=6 | dir=in | name=pando media booster |
"{E7ABC1F1-30E4-470C-9C65-82F0275AE668}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{EBA8C482-DA35-45B6-9E5F-1FA78D5C4609}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EE113EB3-1C47-404E-B8F9-B39468667A4A}" = lport=137 | protocol=17 | dir=in | app=system |
"{FA8C8E48-4B26-4DBF-AE04-91994A522607}" = rport=138 | protocol=17 | dir=out | app=system |
"{FC11D91C-0EA9-4A4F-A350-4C483C119481}" = lport=138 | protocol=17 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0FEC9F36-55E7-4565-AA56-9B82E2002ADC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1A4FBCA3-D9C1-47E6-B5B5-39B906A8AB9C}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{1C0ECE09-2D03-4129-A5D0-B9C645336404}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{2645DC0C-AD54-4EB0-B6EB-9653843BDB7A}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{2BD3D60B-6946-474E-A0C2-9CCFE70CAD4C}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{2E4EBADC-9569-401D-8958-0178475A1A2E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3ED7E54B-D7B1-4B0B-B5DA-B248C06BA353}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{4AFACF3A-542B-409D-B34D-2268D655C030}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe |
"{4EB237BB-AD9E-487A-A159-664F7061ECB1}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{5508D762-C23D-4FBF-9B85-02F6527CD714}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{5E7EAFF6-8871-4CB4-9B20-D5A74CCAF78D}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{6306B3C5-4A0B-47F4-8F23-DBDF8E1A9B6A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{63BCB838-A747-4442-A379-3FCCBAF8ADA9}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{7CF3A5A8-C57D-473D-ABC3-4BE164F184C3}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{81723BB6-A2CC-4923-B0CC-466BAB24E988}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{898FB99A-BD7F-4B45-9C6C-EDAC255FF646}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{950F251F-700C-44D0-BBC5-589794FEBA71}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{99278C23-A7FF-4ADD-B656-197A6B038465}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{9A51A509-425B-4640-9230-8B9B55B6BFEB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9E6D28C0-1939-4F2D-99B1-584C8171F23C}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{A279B827-1808-4E82-A36E-5F2471DBE622}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{A433588D-E728-4216-A29F-DA54511A3648}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{B455844C-D1CA-4970-8163-6E7807CF5BBC}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{BAB2A45A-2BFF-4B50-B8F8-434E9A264137}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{BE7B32FE-75C2-4910-B78E-B275B9BCF94C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{BF020188-66DD-45C5-AF4F-FD59FA828195}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C964C7AC-856B-4924-8C6C-31A738DC3B28}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe |
"{D43C164A-EB95-419C-84EF-5720C579CE05}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{E108BE0C-591A-4EAF-8211-C57654CFC6C0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{E48FD604-81EC-4F09-9E50-61E5EAEE2DE0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EA29A2AD-043F-4BF5-8648-CEF6C993C644}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{FB83972D-73D3-45DA-82AC-88D9D3CB9A02}" = protocol=6 | dir=out | app=system |
"{FD73822A-EDF2-44CB-8409-9B2F91F3912F}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{FE2C30CF-2201-4FD0-BCE1-A5657E54F42F}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"TCP Query User{63F3DEDD-436A-49C7-B044-D16B6949D233}D:\games\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=d:\games\guild wars 2\gw2.exe |
"TCP Query User{B05CFB33-1104-4FD5-91BF-E65224CE99A8}D:\games\tera\tera-launcher.exe" = protocol=6 | dir=in | app=d:\games\tera\tera-launcher.exe |
"TCP Query User{E3C46693-2C66-419B-A113-7C577D3B0B34}D:\games\css\counter strike source 2010\hl2.exe" = protocol=6 | dir=in | app=d:\games\css\counter strike source 2010\hl2.exe |
"TCP Query User{FD11F96D-CF79-4230-90AC-6717A3261621}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |
"UDP Query User{120FD196-05B4-4278-9FCF-D5D05CFCC2A5}D:\games\css\counter strike source 2010\hl2.exe" = protocol=17 | dir=in | app=d:\games\css\counter strike source 2010\hl2.exe |
"UDP Query User{9F176D83-F564-47FA-AB33-17B47FBD863E}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |
"UDP Query User{A3F8F93A-E3C9-49B9-AA9E-D20F64383C6D}D:\games\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=d:\games\guild wars 2\gw2.exe |
"UDP Query User{FCEFEB5A-EE89-49F4-90D0-C5F0166BC9BF}D:\games\tera\tera-launcher.exe" = protocol=17 | dir=in | app=d:\games\tera\tera-launcher.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1111706F-666A-4037-7777-210648764D10}" = JavaFX 2.1.0 (64-bit)
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{2222706F-666A-4037-7777-210648764D10}" = JavaFX 2.1.0 SDK (64-bit)
"{26A24AE4-039D-4CA4-87B4-2F86417004FF}" = Java(TM) 7 Update 4 (64-bit)
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{6199B534-A1B6-46ED-873B-97B0ECF8F81E}" = Intel® Trusted Connect Service Client
"{64A3A4F4-B792-11D6-A78A-00B0D0170040}" = Java SE Development Kit 7 Update 4 (64-bit)
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.8.15
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"KLiteCodecPack64_is1" = K-Lite Codec Pack 6.4.2 (64-bit)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"WinRAR archiver" = WinRAR 4.11 (64-bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{1BBD8D70-721A-41AD-AC8F-7308A0C8FA92}" = Adobe Creative Suite 5 Master Collection
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java(TM) 7 Update 4
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}" = NCsoft Launcher
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6A9EF6CF-7630-4E33-AE22-7D70F3AF4B05}" = AION Free-To-Play
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2AE9709-283B-4B48-AA34-729C070A62FB}" = NETGEAR WNA1100 N150 Wireless USB Adapter
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2S166A0-F031-4E27-A057-C69733219434}_is1" = TERA
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{C05905B9-775A-4894-A4DF-B57C15250958}" = Razer Imperator
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E0FA1DC5-FEBF-4E7B-8FA3-DB94233E952D}" = Razer Lycosa
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DAEMON Tools Lite" = DAEMON Tools Lite
"DivX Setup" = DivX Setup
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FileZilla Client" = FileZilla Client 3.5.3
"Foxit Reader_is1" = Foxit Reader
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.24.608
"iFunbox_is1" = iFunbox (v1.99.958.697), iFunbox DevTeam
"InstallShield_{6A9EF6CF-7630-4E33-AE22-7D70F3AF4B05}" = AION Free-To-Play
"KLiteCodecPack_is1" = K-Lite Codec Pack 8.8.0 (Standard)
"Mozilla Firefox 13.0.1 (x86 en-US)" = Mozilla Firefox 13.0.1 (x86 en-US)
"Mozilla Thunderbird 13.0.1 (x86 en-US)" = Mozilla Thunderbird 13.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NCLauncher_GameForge" = NC Launcher (GameForge)
"Notepad++" = Notepad++
"VLC media player" = VLC media player 2.0.1
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-798351699-730799831-621487735-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"TeamSpeak 3 Client" = TeamSpeak 3 Client
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-798351699-730799831-621487735-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"NCsoft-Aion" = Aion
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 7/17/2012 7:54:05 AM | Computer Name = NeX-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.
Error - 7/21/2012 3:25:53 PM | Computer Name = NeX-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.
Error - 7/22/2012 10:50:54 AM | Computer Name = NeX-PC | Source = Application Hang | ID = 1002
Description = The program ifunbox.exe version 1.99.958.697 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 30c4 Start
Time: 01cd68191cc86fbf Termination Time: 3 Application Path: C:\Program Files (x86)\i-Funbox
DevTeam\ifunbox.exe Report Id: a191d119-d40c-11e1-b19f-902b34143dc1
Error - 7/23/2012 5:40:37 AM | Computer Name = NeX-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.
Error - 7/26/2012 8:09:25 AM | Computer Name = NeX-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.
Error - 7/27/2012 9:08:20 AM | Computer Name = NeX-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.
Error - 7/29/2012 5:55:50 AM | Computer Name = NeX-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.
Error - 7/30/2012 7:46:02 AM | Computer Name = NeX-PC | Source = Application Hang | ID = 1002
Description = The program PDApp.exe version 1.0.175.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel. Process ID: e8c Start Time:
01cd6e44366751d6 Termination Time: 2 Application Path: C:\Program Files (x86)\Common
Files\Adobe\OOBE\PDApp\UWA\..\core\PDApp.exe Report Id:
Error - 7/30/2012 11:54:02 AM | Computer Name = NeX-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.
Error - 7/31/2012 4:37:43 AM | Computer Name = NeX-PC | Source = Application Hang | ID = 1002
Description = The program LolClient.exe version 2.0.2.12610 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: bec Start
Time: 01cd6ef2d97a1aab Termination Time: 2 Application Path: C:\Riot Games\League
of Legends\RADS\projects\lol_air_client\releases\0.0.0.176\deploy\LolClient.exe
Report
Id: daf932dd-daea-11e1-b37d-902b34143dc1
[ System Events ]
Error - 7/28/2012 12:42:46 PM | Computer Name = NeX-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk6\DR8.
Error - 7/28/2012 12:42:46 PM | Computer Name = NeX-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk6\DR8.
Error - 7/28/2012 6:36:09 PM | Computer Name = NeX-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 12:34:48 AM on ?7/?29/?2012 was unexpected.
Error - 7/28/2012 6:37:02 PM | Computer Name = NeX-PC | Source = WMPNetworkSvc | ID = 866300
Description =
Error - 7/29/2012 8:06:34 AM | Computer Name = NeX-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 2:05:42 PM on ?7/?29/?2012 was unexpected.
Error - 7/30/2012 7:27:23 AM | Computer Name = NeX-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk6\DR6.
Error - 7/30/2012 7:27:23 AM | Computer Name = NeX-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk6\DR6.
Error - 7/30/2012 7:27:24 AM | Computer Name = NeX-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk6\DR6.
Error - 7/30/2012 7:27:24 AM | Computer Name = NeX-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk6\DR6.
Error - 7/30/2012 7:27:25 AM | Computer Name = NeX-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk6\DR6.
< End of report >
|
|
31.07.2012, 12:39
| #2 |
| /// Malware-holic   | GUV-Trojaner (EXP/Java.Ivinest.Gen) dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
__________________wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts. • Starte bitte die OTL.exe • Kopiere nun das Folgende in die Textbox. Code:
ATTFilter :OTL
O4 - HKU\S-1-5-21-798351699-730799831-621487735-1000..\Run: [KB00326579.exe] C:\Users\NeX\AppData\Roaming\KB00326579.exe ()
O4 - HKU\S-1-5-21-798351699-730799831-621487735-1000..\Run: [KB00326579.exe] C:\Users\NeX\AppData\Roaming\KB00326579.exe ()
:Files
C:\Users\NeX\AppData\Roaming\KB00326579.exe
:Commands
[Reboot]
• Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren. starte in den normalen modus. falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten! Drücke bitte die  + E Taste.
 für eine weitere analyse benötige ich mal folgendes. c:\Users\name\AppData\LocalLow\Sun\Java\Deployment\cache dort rechtsklick auf den ordner cache, diesen mit winrar oder einem anderen programm packen, und im upload channel hochladen bitte Trojaner-Board Upload Channel bitt bei namen den namen des betroffenen kontos eintragen
__________________ |
|
31.07.2012, 12:56
| #3 |
| | GUV-Trojaner (EXP/Java.Ivinest.Gen) So, habe die die Ordner wie du gesagt hast hochgeladen und den Link zu dem Topic hier darein kopiert, ich hoffe du kannst die jetzt irgendwie einsehen :P
__________________Code:
ATTFilter Datei: MovedFiles.zip_1 empfangen
Datei: cache.rar empfangen
Vorgang erfolgreich abgeschlossen.
Code:
ATTFilter ========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-798351699-730799831-621487735-1000\Software\Microsoft\Windows\CurrentVersion\Run\\KB00326579.exe deleted successfully.
C:\Users\NeX\AppData\Roaming\KB00326579.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-798351699-730799831-621487735-1000\Software\Microsoft\Windows\CurrentVersion\Run\\KB00326579.exe not found.
File C:\Users\NeX\AppData\Roaming\KB00326579.exe not found.
========== COMMANDS ==========
OTL by OldTimer - Version 3.2.55.0 log created on 07312012_134329
|
|
31.07.2012, 13:05
| #4 | |
| /// Malware-holic | GUV-Trojaner (EXP/Java.Ivinest.Gen) hi danke für den upload. kommst du wieder in deinen account? wenn ja: Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
31.07.2012, 13:06
| #5 |
| /// Malware-holic | GUV-Trojaner (EXP/Java.Ivinest.Gen) edit, doppelpost
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
31.07.2012, 13:13
| #6 |
| | GUV-Trojaner (EXP/Java.Ivinest.Gen) Ne, ich komme nicht in meinen normalen Account (Nex), da kommt weiterhin die Meldung mit Ucash blah... Soll ich ComboFix von meinem Admin Account starten? So, jetzt hats geklappt: Code:
ATTFilter ComboFix 12-07-30.03 - Admin 07/31/2012 18:15:21.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4058.2771 [GMT 2:00]
Running from: c:\users\NeX\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Admin\AppData\Local\assembly\tmp
c:\users\NeX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
.
.
((((((((((((((((((((((((( Files Created from 2012-06-28 to 2012-07-31 )))))))))))))))))))))))))))))))
.
.
2012-07-31 16:18 . 2012-07-31 16:25 -------- d-----w- c:\users\Admin\AppData\Local\temp
2012-07-31 16:18 . 2012-07-31 16:18 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-07-31 16:18 . 2012-07-31 16:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-31 11:43 . 2012-07-31 11:47 -------- d-----w- C:\_OTL
2012-07-31 10:22 . 2012-07-31 10:22 -------- d-----w- c:\users\Admin\AppData\Roaming\Razer
2012-07-31 09:44 . 2012-07-31 09:44 -------- d--h--w- c:\users\NeX\AppData\Roaming\B2196877
2012-07-28 22:37 . 2012-07-28 22:37 -------- d-----w- c:\users\Admin\AppData\Roaming\LolClient
2012-07-28 16:29 . 2012-07-28 16:29 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2012-07-28 15:54 . 2012-07-29 15:21 -------- d-----w- c:\users\NeX\AppData\Roaming\FileZilla
2012-07-28 15:54 . 2012-07-28 15:54 -------- d-----w- c:\program files (x86)\FileZilla FTP Client
2012-07-27 22:07 . 2012-07-27 22:07 -------- d-----w- c:\programdata\TERA
2012-07-26 15:32 . 2012-07-26 15:32 -------- d-----w- c:\users\NeX\AppData\Roaming\NVIDIA
2012-07-22 14:48 . 2012-07-22 14:48 -------- d-----w- c:\users\NeX\AppData\Roaming\iFunbox_UserCache
2012-07-22 14:48 . 2012-07-22 14:48 -------- d-----w- c:\program files (x86)\i-Funbox DevTeam
2012-07-16 08:50 . 2012-07-16 08:50 -------- d-----w- c:\users\NeX\AppData\Local\Microsoft Help
2012-07-14 14:22 . 2012-07-14 14:22 -------- d-----w- c:\users\NeX\AppData\Roaming\LolClient
2012-07-14 12:39 . 2008-07-12 06:18 467984 ----a-w- c:\windows\SysWow64\d3dx10_39.dll
2012-07-14 12:39 . 2008-07-12 06:18 1493528 ----a-w- c:\windows\SysWow64\D3DCompiler_39.dll
2012-07-14 12:39 . 2008-07-12 06:18 3851784 ----a-w- c:\windows\SysWow64\D3DX9_39.dll
2012-07-14 12:36 . 2012-07-14 12:36 -------- d-----w- C:\Riot Games
2012-07-13 22:14 . 2012-07-13 23:20 -------- d-----w- c:\users\NeX\AppData\Roaming\TS3Client
2012-07-13 22:14 . 2012-07-13 22:14 -------- d-----w- c:\users\NeX\AppData\Local\TeamSpeak 3 Client
2012-07-12 01:05 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 21:51 . 2012-07-11 21:51 -------- d-----w- c:\program files (x86)\Gameforge
2012-07-10 17:51 . 2012-07-10 17:51 -------- d-----w- c:\users\NeX\temp
2012-07-10 17:51 . 2012-07-10 18:13 -------- d-----w- c:\users\NeX\AppData\Roaming\TeamViewer
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-28 23:17 . 2012-06-07 10:44 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-28 23:17 . 2012-06-07 10:44 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-12 01:02 . 2012-06-07 02:22 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-06-18 18:00 . 2012-06-22 13:24 92160 ----a-w- c:\windows\system32\ff_vfw.dll
2012-06-09 17:21 . 2012-06-22 13:24 206336 ----a-w- c:\windows\system32\unrar.dll
2012-06-07 11:29 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-06-07 11:29 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-06-07 11:20 . 2012-06-07 11:20 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-06-07 01:47 . 2012-06-07 01:47 189384 ----a-w- c:\windows\system32\javaw.exe
2012-06-07 01:47 . 2012-06-07 01:47 188872 ----a-w- c:\windows\system32\java.exe
2012-06-07 01:46 . 2012-06-07 01:46 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-06-07 01:46 . 2012-06-07 01:46 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-06-07 01:46 . 2012-06-07 01:46 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-06-07 01:46 . 2012-06-07 01:46 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-06-07 01:46 . 2012-06-07 01:46 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-06-07 01:46 . 2012-06-07 01:46 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-06-07 01:46 . 2012-06-07 01:46 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-06-07 01:46 . 2012-06-07 01:46 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-06-07 01:46 . 2012-06-07 01:46 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-06-07 01:46 . 2012-06-07 01:46 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-06-07 01:46 . 2012-06-07 01:46 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-06-07 01:46 . 2012-06-07 01:46 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-06-07 01:46 . 2012-06-07 01:46 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-06-07 01:46 . 2012-06-07 01:46 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-06-07 01:46 . 2012-06-07 01:46 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-06-07 01:46 . 2012-06-07 01:46 65024 ----a-w- c:\windows\system32\pngfilt.dll
2012-06-07 01:46 . 2012-06-07 01:46 55296 ----a-w- c:\windows\system32\msfeedsbs.dll
2012-06-07 01:46 . 2012-06-07 01:46 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-06-07 01:46 . 2012-06-07 01:46 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-06-07 01:46 . 2012-06-07 01:46 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-06-07 01:46 . 2012-06-07 01:46 267776 ----a-w- c:\windows\system32\ieaksie.dll
2012-06-07 01:46 . 2012-06-07 01:46 222208 ----a-w- c:\windows\system32\msls31.dll
2012-06-07 01:46 . 2012-06-07 01:46 197120 ----a-w- c:\windows\system32\msrating.dll
2012-06-07 01:46 . 2012-06-07 01:46 163840 ----a-w- c:\windows\system32\ieakui.dll
2012-06-07 01:46 . 2012-06-07 01:46 160256 ----a-w- c:\windows\system32\ieakeng.dll
2012-06-07 01:46 . 2012-06-07 01:46 149504 ----a-w- c:\windows\system32\occache.dll
2012-06-07 01:46 . 2012-06-07 01:46 145920 ----a-w- c:\windows\system32\iepeers.dll
2012-06-07 01:46 . 2012-06-07 01:46 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-06-07 01:46 . 2012-06-07 01:46 12288 ----a-w- c:\windows\system32\mshta.exe
2012-06-07 01:46 . 2012-06-07 01:46 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-06-07 01:46 . 2012-06-07 01:46 114176 ----a-w- c:\windows\system32\admparse.dll
2012-06-07 01:46 . 2012-06-07 01:46 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-06-07 01:46 . 2012-06-07 01:46 10752 ----a-w- c:\windows\system32\msfeedssync.exe
2012-06-07 01:46 . 2012-06-07 01:46 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-06-07 01:46 . 2012-06-07 01:46 89088 ----a-w- c:\windows\system32\ie4uinit.exe
2012-06-07 01:46 . 2012-06-07 01:46 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-06-07 01:46 . 2012-06-07 01:46 82432 ----a-w- c:\windows\system32\icardie.dll
2012-06-07 01:46 . 2012-06-07 01:46 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-06-07 01:46 . 2012-06-07 01:46 697344 ----a-w- c:\windows\system32\msfeeds.dll
2012-06-07 01:46 . 2012-06-07 01:46 603648 ----a-w- c:\windows\system32\vbscript.dll
2012-06-07 01:46 . 2012-06-07 01:46 534528 ----a-w- c:\windows\system32\ieapfltr.dll
2012-06-07 01:46 . 2012-06-07 01:46 452608 ----a-w- c:\windows\system32\dxtmsft.dll
2012-06-07 01:46 . 2012-06-07 01:46 448512 ----a-w- c:\windows\system32\html.iec
2012-06-07 01:46 . 2012-06-07 01:46 403248 ----a-w- c:\windows\system32\iedkcs32.dll
2012-06-07 01:46 . 2012-06-07 01:46 39936 ----a-w- c:\windows\system32\iernonce.dll
2012-06-07 01:46 . 2012-06-07 01:46 3695416 ----a-w- c:\windows\system32\ieapfltr.dat
2012-06-07 01:46 . 2012-06-07 01:46 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-06-07 01:46 . 2012-06-07 01:46 282112 ----a-w- c:\windows\system32\dxtrans.dll
2012-06-07 01:46 . 2012-06-07 01:46 249344 ----a-w- c:\windows\system32\webcheck.dll
2012-06-07 01:46 . 2012-06-07 01:46 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-06-07 01:46 . 2012-06-07 01:46 160256 ----a-w- c:\windows\system32\wextract.exe
2012-06-07 01:46 . 2012-06-07 01:46 103936 ----a-w- c:\windows\system32\inseng.dll
2012-06-02 22:19 . 2012-06-22 09:54 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-22 09:55 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-22 09:55 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-22 09:55 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-22 09:54 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-22 09:55 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-22 09:54 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-22 09:54 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 13:15 . 2012-06-22 09:54 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-05-22 13:47 . 2012-06-18 13:43 405176 ----a-w- c:\windows\SysWow64\Newtonsoft.Json.Net20.dll
2012-05-15 10:48 . 2012-06-07 01:09 68928 ----a-w- c:\windows\system32\OpenCL.dll
2012-05-15 10:48 . 2012-06-07 01:09 61248 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-05-15 10:48 . 2012-06-07 01:08 8139072 ----a-w- c:\windows\system32\nvcuda.dll
2012-05-15 10:48 . 2012-06-07 01:08 8105280 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2012-05-15 10:48 . 2012-06-07 01:08 5982528 ----a-w- c:\windows\SysWow64\nvcuda.dll
2012-05-15 10:48 . 2012-06-07 01:08 2881856 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-05-15 10:48 . 2012-06-07 01:08 2681664 ----a-w- c:\windows\system32\nvcuvid.dll
2012-05-15 10:48 . 2012-06-07 01:08 25743168 ----a-w- c:\windows\system32\nvoglv64.dll
2012-05-15 10:48 . 2012-06-07 01:08 2524992 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2012-05-15 10:48 . 2012-06-07 01:08 2445120 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2012-05-15 10:48 . 2012-06-07 01:08 19607872 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2012-05-15 10:48 . 2012-06-07 01:08 18044224 ----a-w- c:\windows\system32\nvd3dumx.dll
2012-05-15 10:48 . 2012-06-07 01:08 1738048 ----a-w- c:\windows\system32\nvdispco64.dll
2012-05-15 10:48 . 2012-06-07 01:08 1468224 ----a-w- c:\windows\system32\nvgenco64.dll
2012-05-15 10:48 . 2012-06-07 01:08 14298944 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-05-15 10:48 . 2012-06-07 01:08 17551680 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2012-05-15 10:48 . 2012-06-07 01:08 2741568 ----a-w- c:\windows\system32\nvapi64.dll
2012-05-15 10:48 . 2012-06-07 01:08 25248064 ----a-w- c:\windows\system32\nvcompiler.dll
2012-05-15 10:48 . 2012-06-07 01:08 2368832 ----a-w- c:\windows\SysWow64\nvapi.dll
2012-05-15 10:48 . 2009-07-13 21:59 10194752 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-05-15 10:48 . 2009-06-10 20:37 15322432 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2012-05-15 09:29 . 2012-06-07 01:09 889664 ----a-w- c:\windows\system32\nvvsvc.exe
2012-05-15 09:29 . 2012-06-07 01:09 63296 ----a-w- c:\windows\system32\nvshext.dll
2012-05-15 09:29 . 2012-06-07 01:09 2561856 ----a-w- c:\windows\system32\nvsvcr.dll
2012-05-15 09:29 . 2012-06-07 01:09 118080 ----a-w- c:\windows\system32\nvmctray.dll
2012-05-15 09:29 . 2012-06-07 01:09 3149632 ----a-w- c:\windows\system32\nvsvc64.dll
2012-05-15 09:28 . 2012-06-07 01:09 6151488 ----a-w- c:\windows\system32\nvcpl.dll
2012-05-14 23:41 . 2012-06-07 00:24 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9BAAC30D-8D9D-43C9-84D6-3B72C33E3079}\mpengine.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-04-11 3672384]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"Razer Imperator Driver"="c:\program files (x86)\Razer\Imperator\RazerImperatorSysTray.exe" [2012-02-09 979360]
"Lycosa"="c:\program files (x86)\Razer\Razer Lycosa\razerhid.exe" [2011-03-21 233984]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-03-27 291608]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-05-01 348624]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
NETGEAR WNA1100 Smart Wizard.lnk - c:\program files (x86)\NETGEAR\WNA1100\WNA1100.exe [2012-6-7 4545024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-28 250056]
R3 athur;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys [2010-10-11 1924096]
R3 jswpsapi;JumpStart Wi-Fi Protected Setup;c:\program files (x86)\NETGEAR\WNA1100\jswpsapi.exe [2010-03-23 960992]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-19 113120]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-03-27 19224]
S0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\DRIVERS\scmndisp.sys [2007-01-20 25312]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-05-02 27760]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-06-07 283200]
S1 JSWPSLWF;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwfx.sys [2008-05-15 26624]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-01 86224]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2011-12-08 607456]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2011-12-16 161560]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-12-16 363800]
S2 WinRing0_1_2_0;WinRing0_1_2_0;c:\users\NeX\AppData\Local\Microsoft\Windows Sidebar\Gadgets\IntelCoreSeries25.gadget\WinRing0x64.sys [2012-06-07 14544]
S2 WSWNA1100;WSWNA1100;c:\program files (x86)\NETGEAR\WNA1100\WifiSvc.exe [2010-08-04 266240]
S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-03-27 356632]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-03-27 789272]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2011-08-11 104560]
S3 Lycosa;Lycosa Keyboard;c:\windows\system32\drivers\Lycosa.sys [2010-09-08 28928]
S3 MEIx64;Intel(R) Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [2011-11-09 60184]
S3 VKbms;Virtual HID Minidriver;c:\windows\system32\DRIVERS\VKbms.sys [2010-09-30 13312]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-31 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-07 23:17]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Free YouTube to MP3 Converter - c:\users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3hirubpt.default\
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-PlayNC Launcher - (no file)
Wow6432Node-HKLM-Run-jswtrayutil - c:\program files (x86)\NETGEAR\WNA1100\jswtrayutil.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2012-07-31 18:28:08 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-31 16:28
.
Pre-Run: 223,860,613,120 bytes free
Post-Run: 225,236,275,200 bytes free
.
- - End Of File - - C59EE868624D12EC2915552A2973E841
|
|
01.08.2012, 20:29
| #7 |
| /// Malware-holic | GUV-Trojaner (EXP/Java.Ivinest.Gen) nur hier surfen, der normale account sollte jetzt aber wieder gehen download tdss killer: http://www.trojaner-board.de/82358-t...entfernen.html Klicke auf Change parameters • Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system • Klick auf OK und anschließend auf Start scan - bei funden erst mal immer skip wählen, log posten
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu GUV-Trojaner (EXP/Java.Ivinest.Gen) |
| antivir, application/pdf:, avira, bho, bildschirm, bonjour, browser, converter, error, excel, exp/java.ivinest.gen, failed, firefox, flash player, geld, helper, install.exe, langs, logfile, mp3, nvidia update, object, office 2007, pando media booster, plug-in, problem, scan, security, software, svchost.exe, teamspeak, trojaner, usb 3.0, win7 64, windows |
Linear-Darstellung
