| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: EXP/CVE-2013-0422 (Trojan.FakeAlert)Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
26.02.2013, 19:12
| #1 |
 |  EXP/CVE-2013-0422 (Trojan.FakeAlert) Hallo! Ich habe ein ganz ähnliches Problem wie in http://www.trojaner-board.de/129580-...ch-sauber.html geschildert. Ich habe gelesen, dass das Ding über eine Java-Lücke kommt. Dabei habe ich Version 7 vom 14.2.2013 drauf?! Über einen Link, der etwas ganz anderes versprochen hat, bin ich auf einer offensichtlich unseriösen Seite gelandet. Von wegen Geld online etc. etc. Etwa 10 Minuten später war von meinem Bildschirm alles weg, ich habe für einige Sekunden nur das Desktophintergrundbild gesehen, dann kam formatfüllend mit Logo der Bundespolizei etc. "Sie haben sich durch ihre Onlineaktivität strafbar gemacht... zahlen Sie 100 Euro mit ukash...". Dieses Fenster konnte man nicht schließen, keine Tabs wechseln, keinen Taskmanager starten... Bei Windows-Neustart kam derselbe Dreck wieder, ehe man irgendwas anderes machen konnte. Auf einem zweiten Rechner habe ich dann dieses Board gefunden, was das Hauptproblem gelöst hat: Der sperrende Schirm taucht nicht mehr auf. Aber es ist noch nicht sauber. Was habe ich bislang gemacht? Mit Avira im abgesicherten Modus einen Komplettscan gemacht, der den EXP/CVE-2013-0422 festgestellt und entfernt hat. Nach einem Neustart aber dasselbe Bild: Sperrbildschirm... Auf anraten eures Boards habe ich mir Malwarebytes Anti-Malware geholt. Ein Quickscan hat ein paar Sachen gekillt: Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2012.12.14.11 Windows Vista Service Pack 2 x86 NTFS (Abgesichertenmodus) Internet Explorer 9.0.8112.16421 Admin :: ADMIN-PC [Administrator] Schutz: Deaktiviert 26.02.2013 10:38:06 mbam-log-2013-02-26 (10-38-06).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 227419 Laufzeit: 5 Minute(n), 44 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 1 HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Shell (Trojan.FakeAlert) -> Daten: explorer.exe, "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\msshell.exe" -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk (Trojan.Ransom.SUGen) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.02.26.06 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Admin :: ADMIN-PC [Administrator] Schutz: Aktiviert 26.02.2013 11:35:42 mbam-log-2013-02-26 (11-35-42).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 272622 Laufzeit: 2 Stunde(n), 28 Minute(n), 51 Sekunde(n) [Abgebrochen] Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Users\Admin\10217379.exe (Trojan.Ransom) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Nun habe ich nochmal einen Quickscan laufen lassen, und siehe da: der Registry-Eintrag ist schon wieder da: Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.02.26.06 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Admin :: ADMIN-PC [Administrator] Schutz: Aktiviert 26.02.2013 18:32:20 mbam-log-2013-02-26 (18-32-20).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 230783 Laufzeit: 11 Minute(n), 15 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 1 HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|shell (Trojan.FakeAlert) -> Daten: explorer.exe, "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\msshell.exe" -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Avira sagt zwar dass es blockt, aber es blockt offenbar doch nicht. Ich glaube nicht dass Avira die Arbeit von Malwarebytes stört, denn ich habe auch probiert im abgesicherten Modus den Registrywert zu löschen - trotzdem war er dann als Admin wieder da. Wenn ihr helfen könntet, wäre das wunderbar! lg Christoph |
|
26.02.2013, 19:26
| #2 |
| /// Malware-holic   | EXP/CVE-2013-0422 (Trojan.FakeAlert) Hi
__________________hast du den Link noch, den hätte ich gern als private nachicht. gibt ja noch mehr lücken, außer javas :-)
__________________ |
|
26.02.2013, 19:30
| #3 |
| | EXP/CVE-2013-0422 (Trojan.FakeAlert) Hi Markus!
__________________Nein, im Verlauf konnte ich ihn nicht finden... aber irgendwie war es ein Kurzlink mit bit.ly oder so ähnlich. Der entsprechende Forenthread ist nicht mehr existent, dort scheint man gemerkt zu haben, dass sich Müll dahinter versteckt. :-( Sorry. lg Christoph |
|
26.02.2013, 19:32
| #4 |
| /// Malware-holic | EXP/CVE-2013-0422 (Trojan.FakeAlert) hi, man öffnet doch keine shortlinks die man irgendwo findet.... Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
26.02.2013, 21:47
| #5 |
| | EXP/CVE-2013-0422 (Trojan.FakeAlert) Avira hatte den Virus in Users/.../Java/.../63 gefunden... Hier die Ergebnisse von OTL: OTL.txt: Code:
ATTFilter OTL logfile created on: 26.02.2013 21:20:43 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Admin\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,02 Gb Available Physical Memory | 50,89% Memory free 4,23 Gb Paging File | 2,93 Gb Available in Paging File | 69,23% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 58,81 Gb Total Space | 3,30 Gb Free Space | 5,60% Space Free | Partition Type: NTFS Drive E: | 303,88 Gb Total Space | 50,24 Gb Free Space | 16,53% Space Free | Partition Type: NTFS Computer Name: xxx | User Name: xxx| Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Admin\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - E:\downloads\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - E:\downloads\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - E:\downloads\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) PRC - C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) PRC - C:\Programme\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation) PRC - C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) PRC - C:\Programme\Windows Media Player\wmplayer.exe (Microsoft Corporation) PRC - C:\Programme\ICQ6Toolbar\ICQ Service.exe () PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\audiodg.exe (Microsoft Corporation) PRC - C:\Programme\OpenOffice.org 2.4\program\soffice.bin (OpenOffice.org) PRC - C:\Programme\OpenOffice.org 2.4\program\soffice.exe (OpenOffice.org) PRC - C:\Programme\PDFCreator\PDFCreator.exe (pdfforge hxxp://www.pdfforge.org/) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Programme\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe (Sony Ericsson Mobile Communications AB) PRC - C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe () PRC - C:\Programme\Common Files\Teleca Shared\Generic.exe (Teleca AB) PRC - C:\Programme\Cisco\VPN Client 48\cvpnd.exe (Cisco Systems, Inc.) ========== Modules (No Company Name) ========== MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Programme\OpenOffice.org 2.4\program\libxml2.dll () MOD - C:\Programme\PDFCreator\GS8.61\gs8.61\Bin\gsdll32.dll () MOD - C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application LauncherBmp.dll () MOD - C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe () MOD - C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application LauncherLg.dll () MOD - C:\Programme\Common Files\Teleca Shared\boost_log-vc71-mt-1_33.dll () ========== Services (SafeList) ========== SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (MBAMService) -- E:\downloads\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- E:\downloads\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies) SRV - (nvUpdatusService) -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) SRV - (Stereo Service) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe () SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (CVPND) -- C:\Programme\Cisco\VPN Client 48\cvpnd.exe (Cisco Systems, Inc.) ========== Driver Services (SafeList) ========== DRV - (smserial) -- system32\DRIVERS\smserial.sys File not found DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (npf) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies, Inc.) DRV - (netr73) -- C:\Windows\System32\drivers\netr73.sys (Ralink Technology, Corp.) DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.) DRV - (nvstor32) -- C:\Windows\System32\drivers\nvstor32.sys (NVIDIA Corporation) DRV - (Atc002) -- C:\Windows\System32\drivers\l260x86.sys (Atheros Communications) DRV - (HdAudAddService) -- C:\Windows\System32\drivers\viahduaa.sys (VIA Technologies, Inc.) DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation) DRV - (RTL8187) -- C:\Windows\System32\drivers\RTL8187.sys (Realtek Semiconductor Corporation ) DRV - (s616unic) -- C:\Windows\System32\drivers\s616unic.sys (MCCI Corporation) DRV - (s616obex) -- C:\Windows\System32\drivers\s616obex.sys (MCCI Corporation) DRV - (s616nd5) -- C:\Windows\System32\drivers\s616nd5.sys (MCCI Corporation) DRV - (s616mgmt) -- C:\Windows\System32\drivers\s616mgmt.sys (MCCI Corporation) DRV - (s616mdm) -- C:\Windows\System32\drivers\s616mdm.sys (MCCI Corporation) DRV - (s616mdfl) -- C:\Windows\System32\drivers\s616mdfl.sys (MCCI Corporation) DRV - (s616bus) -- C:\Windows\System32\drivers\s616bus.sys (MCCI Corporation) DRV - (videX32) -- C:\Windows\System32\drivers\videX32.sys (VIA Technologies, Inc.) DRV - (ViPrt) -- C:\Windows\System32\drivers\ViPrt.sys (VIA Technologies, Inc.) DRV - (ViBus) -- C:\Windows\System32\drivers\ViBus.sys (VIA Technologies, Inc.) DRV - (ESDCR) -- C:\Windows\System32\drivers\ESD7SK.sys (ENE Technology Inc.) DRV - (EMSCR) -- C:\Windows\System32\drivers\EMS7SK.sys (ENE Technology Inc.) DRV - (MTsensor) -- C:\Windows\System32\drivers\ASACPI.sys () DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.) DRV - (RT73) -- C:\Windows\System32\drivers\Dr71WU.sys (Ralink Technology, Corp.) DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.) DRV - (vsdatant) -- C:\Windows\System32\vsdatant.sys (Zone Labs LLC) DRV - (Asapi) -- C:\Windows\System32\drivers\asapi.sys (VOB Computersysteme GmbH) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\URLSearchHook: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Programme\Zynga\prxtbZyn0.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\URLSearchHook: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Programme\Zynga\prxtbZyn0.dll (Conduit Ltd.) IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\..\SearchScopes,DefaultScope = {617FB567-7944-4CC3-88D5-0650767F860B} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{31CF9EBE-5755-4a1d-AC25-2834D952D9B4}: "URL" = hxxp://search.pdfcreator-toolbar.org/search?p=Q&ts=ne&w={searchTerms}&csrc=search-field IE - HKCU\..\SearchScopes\{617FB567-7944-4CC3-88D5-0650767F860B}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADBS_enAT267 IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADBS IE - HKCU\..\SearchScopes\{99CD314F-1928-4209-8F12-DBEBFC7E504E}: "URL" = hxxp://de.wikipedia.org/wiki/Spezial:Search?search={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.selectedEngine: "LEO Eng-Deu" FF - prefs.js..browser.startup.homepage: "hxxp://de.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official" FF - prefs.js..extensions.enabledAddons: personas@christopher.beard:1.6.2 FF - prefs.js..extensions.enabledAddons: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:2.0.7 FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.11.3.15590 FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.10 FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_149.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@octoshape.com/Octoshape Streaming Services,version=1.0: C:\Users\Admin\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1103234-0-npoctoshape.dll (Octoshape ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.03 19:38:39 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.08.10 17:38:25 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.3\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.02.21 19:07:15 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.3\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.3\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.02.21 19:07:15 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.3\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010.01.14 21:05:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Extensions [2010.01.14 21:05:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2009.06.24 15:52:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Extensions\m44sed@daysofwonder.com [2012.11.08 21:59:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\gop2vqlo.default\extensions [2010.06.24 22:26:27 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\gop2vqlo.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.03.27 19:43:23 | 000,000,000 | ---D | M] (Personas) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\gop2vqlo.default\extensions\personas@christopher.beard [2012.08.24 23:21:24 | 000,341,143 | ---- | M] () (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\gop2vqlo.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi [2013.02.24 09:38:05 | 000,000,944 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\gop2vqlo.default\searchplugins\icqplugin.xml [2012.11.08 19:03:58 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2009.07.14 10:52:47 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2012.08.10 17:38:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012.09.08 06:49:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012.11.08 19:03:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2012.09.03 19:38:38 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.09.03 19:38:35 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.03 19:38:35 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.09.03 19:38:35 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.09.03 19:38:35 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.09.03 19:38:35 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.09.03 19:38:35 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Zynga Toolbar) - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Programme\Zynga\prxtbZyn0.dll (Conduit Ltd.) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Zynga Toolbar) - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Programme\Zynga\prxtbZyn0.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Zynga Toolbar) - {7B13EC3E-999A-4B70-B9CB-2617B8323822} - C:\Programme\Zynga\prxtbZyn0.dll (Conduit Ltd.) O4 - HKLM..\Run: [AppleSyncNotifier] C:\Programme\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe () O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Sony Ericsson PC Suite] C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe () O4 - HKLM..\Run: [VDownloader] C:\Program Files\VDownloader\VDownloader.exe (Vitzo) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BOINC Manager.lnk = C:\Programme\BOINC\boincmgr.exe (Space Sciences Laboratory) O4 - Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk = C:\Programme\OpenOffice.org 2.4\program\quickstart.exe () O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Programme\ICQ7.4\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Programme\ICQ7.4\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: blank ([]about in Local intranet) O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} hxxp://www.myheritage.de/Genoogle/Components/ActiveX/SearchEngineQuery.dll (CSEQueryObject Object) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03) O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 10.13.2) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{139B96F3-FBD2-4475-BD6A-55EB5C02A7EF}: DhcpNameServer = 10.0.0.138 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{50A94F73-3C71-4A40-BEB1-40AC211785BA}: DhcpNameServer = 10.0.0.138 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKCU Winlogon: Shell - ("C:\Users\Admin\AppData\Roaming\Microsoft\Windows\msshell.exe") - File not found O24 - Desktop WallPaper: C:\Users\Admin\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Admin\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{3a45462a-b81e-11df-ac0c-001e8c091e11}\Shell\AutoRun\command - "" = D:\ContentManager\ContentManagerStarter.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.3 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.3 ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906) ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6C298884-91FD-408C-9D90-5A59D2C29FD1} - Microsoft .NET Framework 1.1 Security Update (KB2742597) ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {8F736E10-8E5C-4399-A532-D0C00A406227} - Microsoft .NET Framework 1.1 Security Update (KB2698023) ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2013.02.26 18:37:10 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe [2013.02.26 18:22:38 | 000,000,000 | ---D | C] -- C:\gvu [2013.02.26 10:37:22 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Malwarebytes [2013.02.26 10:37:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.02.26 10:37:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.02.26 10:37:11 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2013.02.21 19:07:14 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird [2013.02.17 17:25:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in [2013.02.17 17:25:18 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft [2013.02.10 09:27:46 | 000,000,000 | ---D | C] -- C:\Users\Admin\.gimp-2.4 [1 C:\Users\Admin\*.tmp files -> C:\Users\Admin\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.02.26 20:50:01 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.02.26 20:41:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.02.26 20:27:51 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013.02.26 20:27:51 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013.02.26 18:37:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe [2013.02.26 18:33:57 | 000,642,258 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.02.26 18:33:57 | 000,607,268 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.02.26 18:33:57 | 000,131,710 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.02.26 18:33:57 | 000,108,644 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.02.26 18:27:57 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.02.26 18:27:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.02.26 18:27:43 | 2146,611,200 | -HS- | M] () -- C:\hiberfil.sys [2013.02.26 08:45:25 | 095,023,320 | ---- | M] () -- C:\ProgramData\97371201.pad [2013.02.25 20:56:37 | 000,002,757 | ---- | M] () -- C:\ProgramData\97371201.js [2013.02.17 12:58:06 | 002,185,489 | ---- | M] () -- C:\Users\Admin\.recently-used.xbel [2013.02.14 21:02:42 | 000,401,608 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [1 C:\Users\Admin\*.tmp files -> C:\Users\Admin\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.02.26 18:27:43 | 2146,611,200 | -HS- | C] () -- C:\hiberfil.sys [2013.02.25 20:56:37 | 000,002,757 | ---- | C] () -- C:\ProgramData\97371201.js [2013.02.25 20:56:31 | 095,023,320 | ---- | C] () -- C:\ProgramData\97371201.pad [2013.02.17 12:58:06 | 002,185,489 | ---- | C] () -- C:\Users\Admin\.recently-used.xbel [2012.05.31 17:29:57 | 000,136,297 | ---- | C] () -- C:\Users\Admin\SV100992.JPG [2012.04.09 11:37:49 | 000,444,283 | ---- | C] () -- C:\Program Files\Common Files\WinPcapNmap.exe [2011.03.05 11:09:51 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE [2010.10.26 11:39:01 | 000,000,680 | ---- | C] () -- C:\Users\Admin\AppData\Local\d3d9caps.dat [2010.10.09 22:43:39 | 000,000,678 | ---- | C] () -- C:\Users\Admin\.jmf-resource [2010.07.11 12:37:52 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.06.02 21:33:19 | 000,000,016 | ---- | C] () -- C:\Users\Admin\.gtk-bookmarks [2010.05.02 20:18:04 | 002,323,423 | ---- | C] () -- C:\Users\Admin\winmail.dat [2008.10.23 20:45:15 | 000,000,093 | ---- | C] () -- C:\Users\Admin\AppData\Local\fusioncache.dat [2008.02.17 09:51:33 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat [2008.02.16 17:46:01 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html [2008.02.16 15:45:32 | 000,206,848 | ---- | C] () -- C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2011.01.15 10:41:13 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\.anki [2011.01.15 09:55:51 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\.matplotlib [2009.02.27 15:56:03 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Ahnenblatt [2012.01.01 15:46:25 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\becker [2011.03.15 16:10:09 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\CasaPortale.de [2009.06.24 15:52:15 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Days of Wonder, Inc [2010.01.22 19:16:17 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Engelmann Media [2013.02.17 12:58:06 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\gtk-2.0 [2009.05.10 09:33:35 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\HEROLD Business Data [2012.06.07 19:59:55 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\ICQ [2011.01.19 20:19:56 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\mquadr.at [2008.11.04 22:29:10 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\MyPhoneExplorer [2012.09.05 18:34:03 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Octoshape [2010.01.31 17:05:32 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\PIE [2009.01.27 21:13:43 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\ScummVM [2008.03.04 18:03:34 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Simple Sudoku [2012.03.24 17:03:09 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\SimpleScreenshot [2009.10.26 11:10:07 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Steinberg [2008.10.10 19:17:47 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Stellarium [2008.10.24 18:13:38 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Teleca [2010.01.14 21:05:17 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Thunderbird [2009.01.22 18:05:34 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\uTorrent [2012.04.09 12:28:58 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\VDownloader [2008.11.23 11:03:59 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\verwandt ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2008.02.16 14:13:08 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2009.12.11 00:39:25 | 000,000,000 | -HSD | M] -- C:\Boot [2008.02.29 22:08:49 | 000,000,000 | ---D | M] -- C:\Cisco Systems [2006.11.02 14:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2008.02.16 14:08:02 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2012.03.24 18:05:17 | 000,000,000 | ---D | M] -- C:\Fraps [2013.02.26 18:26:26 | 000,000,000 | ---D | M] -- C:\gvu [2008.02.16 15:11:36 | 000,000,000 | ---D | M] -- C:\MRecord [2007.08.08 10:53:30 | 000,000,000 | RH-D | M] -- C:\MSOCache [2007.08.08 10:40:29 | 000,000,000 | ---D | M] -- C:\MyWorks [2007.12.17 23:17:46 | 000,000,000 | ---D | M] -- C:\NVIDIA [2008.02.17 16:07:14 | 000,000,000 | ---D | M] -- C:\PDFs [2008.09.27 22:03:02 | 000,000,000 | ---D | M] -- C:\PerfLogs [2013.02.22 17:37:34 | 000,000,000 | R--D | M] -- C:\Program Files [2013.02.26 10:37:12 | 000,000,000 | -H-D | M] -- C:\ProgramData [2008.02.16 14:08:02 | 000,000,000 | -HSD | M] -- C:\Programme [2007.08.07 22:44:06 | 000,000,000 | ---D | M] -- C:\Service [2008.05.09 14:24:37 | 000,000,000 | ---D | M] -- C:\Sierra [2013.02.26 21:23:34 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2012.11.18 07:55:55 | 000,000,000 | ---D | M] -- C:\temp [2012.11.18 07:55:57 | 000,000,000 | R--D | M] -- C:\Users [2013.02.25 21:07:49 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < C:\Windows\system32\*.tsp > [2006.11.02 10:44:49 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp [2006.11.02 10:44:49 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp [2006.11.02 10:44:49 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp [2006.11.02 10:44:49 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp [2009.04.11 07:27:17 | 000,280,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp [2006.11.02 14:01:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT [2006.11.02 14:01:49 | 000,032,510 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2009.06.30 14:24:43 | 000,001,094 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job [2009.06.30 14:24:44 | 000,001,098 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job [2012.04.02 18:31:10 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job < MD5 for: AGP440.SYS > [2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys [2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys [2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: AHCIX86S.SYS > [2006.12.29 00:51:56 | 000,110,592 | ---- | M] (ATI Technologies Inc.) MD5=67740F91B47434CC6173A35667A4BA66 -- C:\Windows\ConfigSetRoot\$oem$\$1\Driver\chip_ati_SB6xx\ahcix86s.sys [2006.12.29 00:51:56 | 000,110,592 | ---- | M] (ATI Technologies Inc.) MD5=67740F91B47434CC6173A35667A4BA66 -- C:\Windows\System32\DriverStore\FileRepository\ahcix86s.inf_7154ed2b\ahcix86s.sys < MD5 for: ATAPI.SYS > [2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys [2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys [2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008.01.19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008.01.19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys [2008.02.16 14:30:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys [2008.02.16 14:30:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys [2008.02.16 14:30:29 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: EXPLORER.EXE > [2008.10.29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe [2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe [2008.10.30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe [2008.02.16 14:34:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe [2008.02.16 14:34:28 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe [2008.10.28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe [2006.11.02 10:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe [2008.01.19 08:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe < MD5 for: IASTORV.SYS > [2008.01.19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008.01.19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys [2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2006.11.02 10:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll [2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll [2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2008.01.19 08:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys [2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008.01.19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008.01.19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: NVSTOR32.SYS > [2007.04.19 12:12:58 | 000,102,696 | ---- | M] (NVIDIA Corporation) MD5=615D79A1D2C98817FF2FDEB1B167D808 -- C:\Windows\ConfigSetRoot\$oem$\$1\Driver\chip_nforce\IDE\WinVista\sata_ide\nvstor32.sys [2007.04.19 12:12:58 | 000,102,696 | ---- | M] (NVIDIA Corporation) MD5=615D79A1D2C98817FF2FDEB1B167D808 -- C:\Windows\System32\DriverStore\FileRepository\nvstor32.inf_a195c2b5\nvstor32.sys [2007.07.02 23:37:08 | 000,110,112 | ---- | M] (NVIDIA Corporation) MD5=A1CE1A6FD74C046F029448FCFA5E386D -- C:\Windows\System32\drivers\nvstor32.sys [2007.07.02 23:37:08 | 000,110,112 | ---- | M] (NVIDIA Corporation) MD5=A1CE1A6FD74C046F029448FCFA5E386D -- C:\Windows\System32\DriverStore\FileRepository\nvstor32.inf_efe24208\nvstor32.sys [2007.04.19 12:12:58 | 000,102,696 | ---- | M] (NVIDIA Corporation) MD5=E1C2036823B9E75535051499C61350F6 -- C:\Windows\ConfigSetRoot\$oem$\$1\Driver\chip_nforce\IDE\WinVista\sataraid\nvstor32.sys [2007.04.19 12:12:58 | 000,102,696 | ---- | M] (NVIDIA Corporation) MD5=E1C2036823B9E75535051499C61350F6 -- C:\Windows\System32\DriverStore\FileRepository\nvrd32.inf_a8e6d559\nvstor32.sys < MD5 for: SCECLI.DLL > [2008.01.19 08:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2006.11.02 10:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll [2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll [2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll < MD5 for: USER32.DLL > [2007.08.07 14:11:15 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll [2007.08.07 14:11:16 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll [2008.01.19 08:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll [2006.11.02 10:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll [2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll [2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll < MD5 for: USERINIT.EXE > [2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe [2006.11.02 10:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe < MD5 for: VIAMRAID.SYS > [2007.03.19 15:13:46 | 000,118,120 | ---- | M] (VIA Technologies inc,.ltd) MD5=503F50BF170661A23C2D50C423011469 -- C:\Windows\ConfigSetRoot\$oem$\$1\Driver\chip_via\VRAIDDrv\drvdisk\x86\NT4\viamraid.sys [2007.03.19 15:13:46 | 000,118,120 | ---- | M] (VIA Technologies inc,.ltd) MD5=503F50BF170661A23C2D50C423011469 -- C:\Windows\ConfigSetRoot\$oem$\$1\Driver\chip_via\VRAIDDrv\NT4\viamraid.sys [2007.03.19 15:13:46 | 000,118,120 | ---- | M] (VIA Technologies inc,.ltd) MD5=503F50BF170661A23C2D50C423011469 -- C:\Windows\ConfigSetRoot\$oem$\$1\Driver\Raid_via\VRAIDDrv\drvdisk\x86\NT4\viamraid.sys [2007.03.19 15:13:46 | 000,118,120 | ---- | M] (VIA Technologies inc,.ltd) MD5=503F50BF170661A23C2D50C423011469 -- C:\Windows\ConfigSetRoot\$oem$\$1\Driver\Raid_via\VRAIDDrv\NT4\viamraid.sys [2007.03.19 15:13:46 | 000,118,120 | ---- | M] (VIA Technologies inc,.ltd) MD5=503F50BF170661A23C2D50C423011469 -- C:\Windows\System32\DriverStore\FileRepository\viamraid.inf_8ad4dd6f\viamraid.sys [2007.03.19 15:18:12 | 000,104,064 | ---- | M] (VIA Technologies inc,.ltd) MD5=85E9421C8A99D1291B43B9B59A669AC3 -- C:\Windows\ConfigSetRoot\$oem$\$1\Driver\chip_via\VRAIDDrv\2K\viamraid.sys [2007.03.19 15:18:12 | 000,104,064 | ---- | M] (VIA Technologies inc,.ltd) MD5=85E9421C8A99D1291B43B9B59A669AC3 -- C:\Windows\ConfigSetRoot\$oem$\$1\Driver\chip_via\VRAIDDrv\drvdisk\x86\NT5\viamraid.sys [2007.03.19 15:18:12 | 000,104,064 | ---- | M] (VIA Technologies inc,.ltd) MD5=85E9421C8A99D1291B43B9B59A669AC3 -- C:\Windows\ConfigSetRoot\$oem$\$1\Driver\chip_via\VRAIDDrv\SRV2003\x86\viamraid.sys [2007.03.19 15:18:12 | 000,104,064 | ---- | M] (VIA Technologies inc,.ltd) MD5=85E9421C8A99D1291B43B9B59A669AC3 -- C:\Windows\ConfigSetRoot\$oem$\$1\Driver\chip_via\VRAIDDrv\XP\x86\viamraid.sys [2007.03.19 15:18:12 | 000,104,064 | ---- | M] (VIA Technologies inc,.ltd) MD5=85E9421C8A99D1291B43B9B59A669AC3 -- C:\Windows\ConfigSetRoot\$oem$\$1\Driver\Raid_via\VRAIDDrv\2K\viamraid.sys [2007.03.19 15:18:12 | 000,104,064 | ---- | M] (VIA Technologies inc,.ltd) MD5=85E9421C8A99D1291B43B9B59A669AC3 -- C:\Windows\ConfigSetRoot\$oem$\$1\Driver\Raid_via\VRAIDDrv\drvdisk\x86\NT5\viamraid.sys [2007.03.19 15:18:12 | 000,104,064 | ---- | M] (VIA Technologies inc,.ltd) MD5=85E9421C8A99D1291B43B9B59A669AC3 -- C:\Windows\ConfigSetRoot\$oem$\$1\Driver\Raid_via\VRAIDDrv\SRV2003\x86\viamraid.sys [2007.03.19 15:18:12 | 000,104,064 | ---- | M] (VIA Technologies inc,.ltd) MD5=85E9421C8A99D1291B43B9B59A669AC3 -- C:\Windows\ConfigSetRoot\$oem$\$1\Driver\Raid_via\VRAIDDrv\XP\x86\viamraid.sys [2007.03.19 15:18:12 | 000,104,064 | ---- | M] (VIA Technologies inc,.ltd) MD5=85E9421C8A99D1291B43B9B59A669AC3 -- C:\Windows\System32\DriverStore\FileRepository\viamraid.inf_f8d8ab38\viamraid.sys [2007.03.21 16:35:38 | 000,113,152 | ---- | M] (VIA Technologies Inc.,Ltd) MD5=8C7E7769643D3D17B8B67F99A6416C5B -- C:\Windows\ConfigSetRoot\$oem$\$1\Driver\chip_via\VRAIDDrv\drvdisk\VISTA\x86\viamraid.sys [2007.03.21 16:35:38 | 000,113,152 | ---- | M] (VIA Technologies Inc.,Ltd) MD5=8C7E7769643D3D17B8B67F99A6416C5B -- C:\Windows\ConfigSetRoot\$oem$\$1\Driver\chip_via\VRAIDDrv\VISTA\x86\viamraid.sys [2007.03.21 16:35:38 | 000,113,152 | ---- | M] (VIA Technologies Inc.,Ltd) MD5=8C7E7769643D3D17B8B67F99A6416C5B -- C:\Windows\ConfigSetRoot\$oem$\$1\Driver\Raid_via\VRAIDDrv\drvdisk\VISTA\x86\viamraid.sys [2007.03.21 16:35:38 | 000,113,152 | ---- | M] (VIA Technologies Inc.,Ltd) MD5=8C7E7769643D3D17B8B67F99A6416C5B -- C:\Windows\ConfigSetRoot\$oem$\$1\Driver\Raid_via\VRAIDDrv\VISTA\x86\viamraid.sys [2007.03.21 16:35:38 | 000,113,152 | ---- | M] (VIA Technologies Inc.,Ltd) MD5=8C7E7769643D3D17B8B67F99A6416C5B -- C:\Windows\System32\DriverStore\FileRepository\viamraid.inf_6fc4b61a\viamraid.sys < MD5 for: VIPRT.SYS > [2007.03.26 14:26:00 | 000,052,224 | ---- | M] (VIA Technologies, Inc.) MD5=7C69B1B6DEC5F8584AA352E522AF1476 -- C:\Windows\ConfigSetRoot\$oem$\$1\Driver\chip_via\SATAIDE\W2K\ViPrt.sys [2007.03.26 14:26:00 | 000,052,224 | ---- | M] (VIA Technologies, Inc.) MD5=7C69B1B6DEC5F8584AA352E522AF1476 -- C:\Windows\ConfigSetRoot\$oem$\$1\Driver\chip_via\SATAIDE\WNET\ViPrt.sys [2007.03.26 14:26:00 | 000,052,224 | ---- | M] (VIA Technologies, Inc.) MD5=7C69B1B6DEC5F8584AA352E522AF1476 -- C:\Windows\ConfigSetRoot\$oem$\$1\Driver\chip_via\SATAIDE\WXP\ViPrt.sys [2007.03.26 14:26:00 | 000,052,224 | ---- | M] (VIA Technologies, Inc.) MD5=7C69B1B6DEC5F8584AA352E522AF1476 -- C:\Windows\ConfigSetRoot\$oem$\$1\Driver\Raid_via_falcon\SATAIDE\W2K\ViPrt.sys [2007.03.26 14:26:00 | 000,052,224 | ---- | M] (VIA Technologies, Inc.) MD5=7C69B1B6DEC5F8584AA352E522AF1476 -- C:\Windows\ConfigSetRoot\$oem$\$1\Driver\Raid_via_falcon\SATAIDE\WNET\ViPrt.sys [2007.03.26 14:26:00 | 000,052,224 | ---- | M] (VIA Technologies, Inc.) MD5=7C69B1B6DEC5F8584AA352E522AF1476 -- C:\Windows\ConfigSetRoot\$oem$\$1\Driver\Raid_via_falcon\SATAIDE\WXP\ViPrt.sys [2007.03.26 14:26:00 | 000,052,224 | ---- | M] (VIA Technologies, Inc.) MD5=7C69B1B6DEC5F8584AA352E522AF1476 -- C:\Windows\System32\drivers\ViPrt.sys [2007.03.26 14:26:00 | 000,052,224 | ---- | M] (VIA Technologies, Inc.) MD5=7C69B1B6DEC5F8584AA352E522AF1476 -- C:\Windows\System32\DriverStore\FileRepository\viprt.inf_691e4045\ViPrt.sys [2007.03.26 14:26:00 | 000,052,224 | ---- | M] (VIA Technologies, Inc.) MD5=A1B7CFFE5F09B825FBA506C4DE9FDAC7 -- C:\Windows\ConfigSetRoot\$oem$\$1\Driver\chip_via\SATAIDE\WLH\ViPrt.sys [2007.03.26 14:26:00 | 000,052,224 | ---- | M] (VIA Technologies, Inc.) MD5=A1B7CFFE5F09B825FBA506C4DE9FDAC7 -- C:\Windows\ConfigSetRoot\$oem$\$1\Driver\Raid_via_falcon\SATAIDE\WLH\ViPrt.sys [2007.03.26 14:26:00 | 000,052,224 | ---- | M] (VIA Technologies, Inc.) MD5=A1B7CFFE5F09B825FBA506C4DE9FDAC7 -- C:\Windows\System32\DriverStore\FileRepository\viprt.inf_86543378\ViPrt.sys < MD5 for: WINLOGON.EXE > [2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2006.11.02 10:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe [2008.01.19 08:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < MD5 for: WS2IFSL.SYS > [2006.11.02 09:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys [2008.01.19 06:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys [2008.01.19 06:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2006.11.02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2006.11.02 11:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2006.11.02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\system32\*.dll /lockedfiles > [2011.11.01 09:32:27 | 000,353,792 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtmsft.dll [2011.11.01 09:32:27 | 000,223,232 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtrans.dll < %USERPROFILE%\*.* > [2010.06.02 21:33:19 | 000,000,016 | ---- | M] () -- C:\Users\Admin\.gtk-bookmarks [2010.10.09 22:43:39 | 000,000,678 | ---- | M] () -- C:\Users\Admin\.jmf-resource [2013.02.17 12:58:06 | 002,185,489 | ---- | M] () -- C:\Users\Admin\.recently-used.xbel [2013.02.26 21:40:58 | 023,855,104 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT [2013.02.26 21:40:58 | 000,262,144 | -H-- | M] () -- C:\Users\Admin\ntuser.dat.LOG1 [2008.02.16 14:12:45 | 000,000,000 | -H-- | M] () -- C:\Users\Admin\ntuser.dat.LOG2 [2013.02.26 18:26:35 | 000,065,536 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2013.02.26 18:26:35 | 000,524,288 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms [2012.02.07 23:58:28 | 000,524,288 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms [2008.02.16 14:12:45 | 000,000,020 | -HS- | M] () -- C:\Users\Admin\ntuser.ini [2012.05.31 17:30:18 | 000,136,297 | ---- | M] () -- C:\Users\Admin\SV100992.JPG [2010.05.02 20:18:05 | 002,323,423 | ---- | M] () -- C:\Users\Admin\winmail.dat [2011.03.10 19:22:38 | 000,000,058 | ---- | M] () -- C:\Users\Admin\WLAN-Key.txt [1 C:\Users\Admin\*.tmp files -> C:\Users\Admin\*.tmp -> ] < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 ========== Alternate Data Streams ========== @Alternate Data Stream - 229 bytes -> C:\ProgramData\TEMP:8FF81EB0 @Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:8C35AEA7 < End of report > Extras.txt: Code:
ATTFilter OTL Extras logfile created on: 26.02.2013 21:20:43 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Admin\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,02 Gb Available Physical Memory | 50,89% Memory free
4,23 Gb Paging File | 2,93 Gb Available in Paging File | 69,23% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 58,81 Gb Total Space | 3,30 Gb Free Space | 5,60% Space Free | Partition Type: NTFS
Drive E: | 303,88 Gb Total Space | 50,24 Gb Free Space | 16,53% Space Free | Partition Type: NTFS
Computer Name: xxx| User Name: xxx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08DB5183-EFCA-4FDE-A3D0-608ABE137B59}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{3DF7B9F6-5FCC-460F-B3F9-549AE5F0F7CC}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{8D40CB43-613A-45E3-B963-6C645B47CA8E}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{13175683-C172-4B0E-AFB7-E1D7BB3B0D53}" = protocol=17 | dir=in | app=c:\program files\pdfcreator\pdfcreator.exe |
"{13D459B2-100F-4AFD-8A7C-DA9C3C6F883A}" = protocol=6 | dir=in | app=e:\uig\skiworld simulator 2012\skiresort2012.dll |
"{17BC21E2-5A67-4501-9EA5-F552F336FEA3}" = protocol=17 | dir=in | app=e:\uig\skiworld simulator 2012\iupdate.dll |
"{1825AE9C-78A7-4560-B9C2-E27AD1232708}" = protocol=6 | dir=in | app=e:\uig\woodcutter simulator 2012\iupdate.dll |
"{1B330C62-569E-4D41-8B36-99D4C23EBBF2}" = protocol=17 | dir=in | app=e:\christoph\hafensimulator\port simulator hamburg\port.hamburg2011.dll |
"{277D8CA3-CF12-468B-AB00-7FE045BCB194}" = protocol=6 | dir=in | app=c:\program files\icq7.4\icq.exe |
"{27AED3A9-C3AD-42D5-A627-7633F2ACD517}" = protocol=6 | dir=in | app=c:\program files\cisco systems\vpn client\ipsecdialer.exe |
"{30799D7A-09E6-43B6-9CE2-152C61ED1385}" = protocol=17 | dir=in | app=c:\program files\a1 telekom austria\breitband-internet-installation\fixnet installer\installer.exe |
"{33F1A9FA-A305-4FDC-89AE-9AF64BB2E3C7}" = protocol=17 | dir=in | app=e:\christoph\hafensimulator\port simulator hamburg\iupdate.dll |
"{37135482-624F-4B6B-AB8C-0EE4DA273A21}" = protocol=6 | dir=in | app=e:\christoph\hafensimulator\port simulator hamburg\iupdate.dll |
"{3B2228CD-9173-4D0B-9323-2D080A27A70E}" = protocol=6 | dir=in | app=e:\uig\skiworld simulator 2012\iupdate.dll |
"{3FE858CF-D7AB-4DA2-A583-50302CD8C5B2}" = protocol=17 | dir=in | app=c:\program files\a1 telekom austria\breitband-internet-installation\fixnet installer\installer.exe |
"{42CDDBAC-B65F-4C02-9419-27BFF78BF21B}" = protocol=17 | dir=in | app=c:\program files\cisco systems\vpn client\ipsecdialer.exe |
"{6D163E66-996D-4D24-98E1-467C703E531A}" = protocol=6 | dir=in | app=c:\program files\icq7.4\icq.exe |
"{71C8AA60-6091-480A-B3DE-A136D6CE5DDB}" = protocol=17 | dir=in | app=e:\uig\woodcutter simulator 2012\iupdate.dll |
"{7BCC551B-01F6-4264-97CC-B96D194282CA}" = protocol=17 | dir=in | app=c:\program files\icq7.4\icq.exe |
"{8CE47287-62A4-4C1D-A2CE-02E3C0038A2F}" = protocol=6 | dir=in | app=e:\uig\woodcutter simulator 2012\woodcutter2012.dll |
"{8FE8D8BE-678E-4DB0-8ED9-21DBB31AE20A}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{A0F3F6B1-6D10-490D-BB33-55A3921D2DF4}" = protocol=6 | dir=in | app=c:\program files\a1 telekom austria\breitband-internet-installation\fixnet installer\installer.exe |
"{A202BD7E-D5F0-483E-8A12-318F6F954752}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{A54D8482-25C1-4BCC-B062-DF04C6598FF3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A80A3CC8-3DB7-4955-92B6-025899B778F0}" = protocol=17 | dir=in | app=c:\program files\icq7.4\icq.exe |
"{AAAA6E1B-F803-415E-8336-D27D37AD4024}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C1A4A524-EA31-497D-BBB1-DC7204137DD8}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{C77FE59E-A20C-48E2-ACDF-19EAE1272FC4}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C86E84A3-41CF-4B94-B45E-BC75F47947B4}" = protocol=6 | dir=in | app=c:\program files\pdfcreator\pdfcreator.exe |
"{D151BF7F-E2D0-417B-996D-57F14867A6B2}" = protocol=17 | dir=in | app=e:\uig\woodcutter simulator 2012\woodcutter2012.dll |
"{D7228DBA-5E90-4587-A4AB-9914652DE668}" = protocol=17 | dir=in | app=e:\uig\skiworld simulator 2012\skiresort2012.dll |
"{E2DB2A7E-931E-47DF-B23F-B4CF315B5027}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{F5F4DBC0-E0FC-40AE-9287-EE42023110CB}" = protocol=6 | dir=in | app=c:\program files\a1 telekom austria\breitband-internet-installation\fixnet installer\installer.exe |
"{FEBCAAE8-F575-407B-9CF9-21FCAF1A32E0}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{FFA0D228-01D7-4A1C-A257-5A8876D90A21}" = protocol=6 | dir=in | app=e:\christoph\hafensimulator\port simulator hamburg\port.hamburg2011.dll |
"TCP Query User{1B39E4E4-638B-44E6-B94B-1A9261365318}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{4E2911F0-3351-4485-8513-C3A06098B978}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{600C39FE-06EF-44FD-BC19-F1B2AA50583B}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe |
"TCP Query User{677585DD-0B86-4555-B0BA-A462157ED360}C:\program files\bhv\puerto rico\puerto.exe" = protocol=6 | dir=in | app=c:\program files\bhv\puerto rico\puerto.exe |
"TCP Query User{978003E3-45A0-4D04-ABEA-D25453EC6141}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{9B78F2CA-1E1B-4499-ADDE-92F1038B5871}C:\windows\system32\dpnsvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dpnsvr.exe |
"TCP Query User{A0B5BD1B-36D3-425A-9209-ED12BE49D7F5}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{A0D508B3-E7A7-4A4C-9F61-08987DE70421}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{C30F5A6F-ABA7-46C2-8087-3B49664E8492}C:\program files\dartmoor\torres\bin\win32\torres.exe" = protocol=6 | dir=in | app=c:\program files\dartmoor\torres\bin\win32\torres.exe |
"TCP Query User{C9DF1C0A-D030-4067-8783-064533E68525}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe |
"TCP Query User{D21974EC-1820-4CFD-9100-96467F0E625C}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{DAA5967C-AB65-4EA3-9B49-8EDA5AEDCD1C}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{E2DD1035-45ED-43B5-B48F-3616F70B9301}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{FEDB21D7-C433-4C95-A689-DA3AF8235528}C:\users\admin\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe" = protocol=6 | dir=in | app=c:\users\admin\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe |
"UDP Query User{031DC278-3734-4571-97FC-C8ACD998A92C}C:\users\admin\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe" = protocol=17 | dir=in | app=c:\users\admin\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe |
"UDP Query User{23DB7131-6EAB-437F-9051-D70573DD1CF6}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{357DC6D6-FC99-45C0-B588-B892A4A610EE}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{75B0AAA2-B4A9-40AC-A89B-3CD504E74524}C:\program files\bhv\puerto rico\puerto.exe" = protocol=17 | dir=in | app=c:\program files\bhv\puerto rico\puerto.exe |
"UDP Query User{A855B18E-1398-4467-867A-16FF4BD3E147}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
"UDP Query User{B3ABAA6A-4EAE-42A6-B1CF-DC32AC567A44}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{BCB7188E-7026-4CFA-A072-6A0F18BEC7DD}C:\windows\system32\dpnsvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dpnsvr.exe |
"UDP Query User{C0C03951-0DCF-409E-8EDD-5BD4154515A8}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe |
"UDP Query User{CE0A4A49-414F-4386-A292-F7623CE0C02F}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{CE9C2D9F-9908-4910-98DC-C95414851ADA}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{D0EAADB1-3EAA-405A-BE94-D6D892AA427E}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{DB39FC79-F99B-475F-9A0D-9C112CB8AAA8}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
"UDP Query User{ECBC7D79-3307-46DD-9F33-48A56040F273}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe |
"UDP Query User{EF41CC69-77F8-4EF7-8BD0-3D599A6BC77D}C:\program files\dartmoor\torres\bin\win32\torres.exe" = protocol=17 | dir=in | app=c:\program files\dartmoor\torres\bin\win32\torres.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{05675D95-1567-4E00-A818-DB08064EA088}" = Sony Ericsson PC Suite
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0A755762-EED8-47AB-A446-505766F93D43}" = Atheros Communications Inc.(R) L2 Fast Ethernet Driver
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C4D84F4-90EA-452B-A03F-700DE569ED48}" = DNE Update
"{118B9B2E-F425-4A11-B640-1C743DD10128}" = Puerto Rico
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{1E5E2F9A-17D3-45CA-8FF0-B0C2927D4B03}" = MobileMe Control Panel
"{1ED31028-6D65-4CFD-AD03-8E484A052FE7}" = aonUpdate
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 37
"{26A24AE4-039D-4CA4-87B4-2F83217013FF}" = Java 7 Update 13
"{2D7B44B6-AB2C-44EA-90AD-D0D019195534}_is1" = TOPP Vorlagen-Druckstudio (3545)
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java(TM) 6 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{39F9C9CD-1912-4E29-A52E-ADB73D2FC1D5}" = BOINC
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F692FA9-348B-4264-B4EA-DE6BFA45D8AE}" = Microsoft WorldWide Telescope
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 5.0
"{43721D86-16D1-46BF-8353-37CD82333BC3}" = OpenOffice.org 2.4
"{447E3935-A085-42D4-0001-8BE5E4034B40}" = freeTunes*3.0
"{4767A89A-F6A5-41B1-903C-734483739882}" = Highspeed-Internet-Installation
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{537575D6-3B96-474C-BD8F-DFF667363DBD}" = Naviextras Toolbox Prerequesities
"{54490FED-042A-47E0-9037-BA6B8F21438C}" = El Grande
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6DE13770-01B7-4366-8DA6-48237793F445}" = VoiceOver Kit
"{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37}" = ICQ7.4
"{81063354-9060-42B2-A000-1EBE96778AA9}" = iTunes
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}_PROPLUS_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}_PROPLUS_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}_PROPLUS_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{904B64C4-49D8-4941-A2B6-D13D06C5CD8B}" = Controller
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A67BB21E-D419-45BB-AB86-7D87D14BBCE2}" = Safari
"{A7E19604-93AF-4611-8C9F-CE509C2B286E}_is1" = VDownloader 3.9.1154
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.4 - Deutsch
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{B8B4D43C-EAA0-4EEC-B93E-D4D012316286}" = Free DWG Viewer 6.0
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint 2.0
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C92E7DF1-624A-4D95-A4C4-18CB491B44A4}" = Sony Ericsson Device Data
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D25122BC-A60E-4663-B602-B01718F12044}" = Cisco Systems VPN Client 4.8.01.0300
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow! 1.0
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D5A9B7C0-8751-11D8-9D75-000129760D75}" = MediaShow 3.0
"{D6BF6477-8369-489F-8DE6-3731F4B88560}" = Sony Ericsson PC Suite
"{D8FF6E29-36B4-474F-A88F-973087650C00}" = CyberView X - SF v1.18c
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E193D669-6763-47F2-B75E-DE2A11F7F2C7}" = Torres
"{E1B2DF7C-A176-4A1D-9D32-3CEC5037A524}" = Apple Application Support
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{EDE721EC-870A-11D8-9D75-000129760D75}" = PowerDirector Express
"{EEF1D07A-1AFE-4D76-BE7F-F1E16FD2DBCD}" = Memoir '44 Editor
"{EEFE551E-A6C7-4A2A-8C92-C805523B3B0C}" = Sony Ericsson Drivers
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FFAB5ABB-8AAB-42E2-847F-1743E51E01E9}" = Disc2Phone
"0731-5765-0485-3896" = Ticket to Ride Online 1.1.4
"7-Zip" = 7-Zip 4.57
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Ahnenblatt_is1" = Ahnenblatt 2.59
"Anki" = Anki
"aonUpdate" = aonUpdate
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira Free Antivirus
"BSW" = BrettspielWelt
"Catan" = Catan
"Clean! 2.0" = Clean! 2.0
"Content Manager 2" = Content Manager 2
"Controller" = Controller
"DivXCodec" = DivX 4.11 Codec
"Elfenwelt - Abenteuer im Elfenland_is1" = Elfenwelt - Abenteuer im Elfenland
"Euphrat & Tigris" = Euphrat & Tigris (remove only)
"Fraps" = Fraps
"Free WMA to MP3 Converter_is1" = Free WMA to MP3 Converter 1.16
"HEROLD home CD" = HEROLD home CD
"Highspeed-Internet-Installation" = Highspeed-Internet-Installation
"ICQToolbar" = ICQ Toolbar
"Interactive Blues Harp Workshop_is1" = Voggenreiter's Interactive Blues Harp Workshop
"IrfanView" = IrfanView (remove only)
"Kardinal & König" = Kardinal & König
"Loewenherz" = Loewenherz (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"Mozilla Thunderbird 17.0.3 (x86 de)" = Mozilla Thunderbird 17.0.3 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MPE" = MyPhoneExplorer
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Picasa 3" = Picasa 3
"Port Simulator Hamburg" = Hafen Simulator Hamburg
"PROHYBRIDR" = 2007 Microsoft Office system
"PROPLUS" = Microsoft Office Professional Plus 2007
"ScummVM_is1" = ScummVM 0.12.0
"SimpleScreenshot" = SimpleScreenshot 1.40
"Skiworld Simulator 2012" = Skigebiet Simulator 2012
"Smart Editor Freeware" = Smart Editor Freeware (V3.0)
"SpaceShuttleMissionSimulator_is1" = SpaceShuttleMissionSimulator v5.30 G
"Stellarium_is1" = Stellarium 0.10.0
"Sweet Home 3D_is1" = Sweet Home 3D version 2.6
"Tikal" = Tikal (remove only)
"Update Service" = Update Service
"verwandt.de - Home Edition_is1" = verwandt.de - Home Edition 1.01
"Video mp3 Extractor_is1" = Video mp3 Extractor
"VLC media player" = VideoLAN VLC media player 0.8.6d
"VN_VUIns_Rhine_VIA" = VIA Rhine-Family Fast-Ethernet Adapter
"WaveLab Lite" = WaveLab Lite
"WinGimp-2.0_is1" = GIMP 2.4.4
"WinLiveSuite" = Windows Live Essentials
"Winmail Opener" = Winmail Opener 1.4
"WinPcapInst" = WinPcap 4.1.1
"Woodcutter Simulator 2012" = Holzfäller Simulator 2012
"Zynga Toolbar" = Zynga Toolbar
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Octoshape Streaming Services" = Octoshape Streaming Services
"sc09-ORF_MAIN" = ORF-Ski Challenge 2009
"uTorrent" = µTorrent
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 26.02.2013 06:27:19 | Computer Name = Admin-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 26.02.2013 06:27:19 | Computer Name = Admin-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 26.02.2013 06:27:19 | Computer Name = Admin-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 26.02.2013 06:27:19 | Computer Name = Admin-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 26.02.2013 06:27:19 | Computer Name = Admin-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 26.02.2013 06:27:20 | Computer Name = Admin-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 26.02.2013 06:27:20 | Computer Name = Admin-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 26.02.2013 06:27:20 | Computer Name = Admin-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 26.02.2013 06:27:20 | Computer Name = Admin-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 26.02.2013 13:12:45 | Computer Name = Admin-PC | Source = EventSystem | ID = 4609
Description =
[ OSession Events ]
Error - 25.09.2011 11:33:40 | Computer Name = Admin-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6425.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3052
seconds with 480 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 26.02.2013 13:13:58 | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 26.02.2013 13:13:58 | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 26.02.2013 13:13:58 | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 26.02.2013 13:13:58 | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 26.02.2013 13:13:58 | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 26.02.2013 13:13:58 | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 26.02.2013 13:13:58 | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 26.02.2013 13:13:58 | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 26.02.2013 13:13:58 | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 26.02.2013 13:30:10 | Computer Name = Admin-PC | Source = DCOM | ID = 10010
Description =
< End of report >
|
|
26.02.2013, 22:10
| #6 |
| /// Malware-holic | EXP/CVE-2013-0422 (Trojan.FakeAlert) Hi, otl fix Fixen mit OTL
Code:
ATTFilter :OTL
IE - HKCU\..\URLSearchHook: - No CLSID value found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - No CLSID value found.
O20 - HKCU Winlogon: Shell - ("C:\Users\Admin\AppData\Roaming\Microsoft\Windows\msshell.exe") - File not found
:files
:Commands
[emptytemp]
__________________ --> EXP/CVE-2013-0422 (Trojan.FakeAlert) |
|
26.02.2013, 22:16
| #7 | |
| | EXP/CVE-2013-0422 (Trojan.FakeAlert)Zitat:
|
|
26.02.2013, 22:29
| #8 |
| /// Malware-holic | EXP/CVE-2013-0422 (Trojan.FakeAlert) dein nutzername ist admin, da du nichts verendert hast, musst du nichts einfügen, deswegen steht da ja auch "solltest"
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
26.02.2013, 22:37
| #9 |
| | EXP/CVE-2013-0422 (Trojan.FakeAlert) ach, na dann...  Habe den Fix laufen lassen, der anschließend einen Reboot gefordert hat. Während des Fix ist mal wieder die Avira-Meldung gekommen von wegen "Änderung an der Registry...". Soll ich nochmal was laufen lassen mit abgeschalteter Erkennung? Hier das OTL-File: Code:
ATTFilter All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{31CF9EBE-5755-4A1D-AC25-2834D952D9B4} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31CF9EBE-5755-4A1D-AC25-2834D952D9B4}\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\msshell.exe" deleted successfully.
========== FILES ==========
========== COMMANDS ==========
[EMPTYTEMP]
User: Admin
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 1259396909 bytes
->Java cache emptied: 19153589 bytes
->FireFox cache emptied: 309384168 bytes
->Apple Safari cache emptied: 22430720 bytes
->Flash cache emptied: 26869 bytes
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Public
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1577211994 bytes
RecycleBin emptied: 43216317 bytes
Total Files Cleaned = 3.081,00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 02262013_222618
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
|
|
26.02.2013, 22:42
| #10 |
| /// Malware-holic | EXP/CVE-2013-0422 (Trojan.FakeAlert) Hi is ok so. Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
26.02.2013, 22:58
| #11 |
| | EXP/CVE-2013-0422 (Trojan.FakeAlert) Interessehalber habe ich mit dem Malwarebytes nachgesehen - er findet noch immer diesen suspekten Eintrag... Habe ich mir gedacht, nachdem die Avira-Meldung beim Fixen kam. TDSSKiller: Code:
ATTFilter 22:52:56.0103 5272 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
22:52:56.0446 5272 ============================================================
22:52:56.0446 5272 Current date / time: 2013/02/26 22:52:56.0446
22:52:56.0446 5272 SystemInfo:
22:52:56.0446 5272
22:52:56.0446 5272 OS Version: 6.0.6002 ServicePack: 2.0
22:52:56.0446 5272 Product type: Workstation
22:52:56.0446 5272 ComputerName: ADMIN-PC
22:52:56.0446 5272 UserName: Admin
22:52:56.0446 5272 Windows directory: C:\Windows
22:52:56.0446 5272 System windows directory: C:\Windows
22:52:56.0446 5272 Processor architecture: Intel x86
22:52:56.0446 5272 Number of processors: 2
22:52:56.0446 5272 Page size: 0x1000
22:52:56.0446 5272 Boot type: Normal boot
22:52:56.0446 5272 ============================================================
22:52:57.0367 5272 Drive \Device\Harddisk0\DR0 - Size: 0x5D27216000 (372.61 Gb), SectorSize: 0x200, Cylinders: 0xBE01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
22:52:57.0382 5272 ============================================================
22:52:57.0382 5272 \Device\Harddisk0\DR0:
22:52:57.0382 5272 MBR partitions:
22:52:57.0382 5272 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x13D3800
22:52:57.0382 5272 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x13D4000, BlocksNum 0x75A0000
22:52:57.0382 5272 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x8974000, BlocksNum 0x25FC4800
22:52:57.0382 5272 ============================================================
22:52:57.0398 5272 C: <-> \Device\Harddisk0\DR0\Partition2
22:52:57.0429 5272 E: <-> \Device\Harddisk0\DR0\Partition3
22:52:57.0429 5272 ============================================================
22:52:57.0429 5272 Initialize success
22:52:57.0429 5272 ============================================================
22:54:17.0707 5184 ============================================================
22:54:17.0707 5184 Scan started
22:54:17.0707 5184 Mode: Manual; SigCheck; TDLFS;
22:54:17.0707 5184 ============================================================
22:54:20.0359 5184 ================ Scan system memory ========================
22:54:20.0359 5184 System memory - ok
22:54:20.0359 5184 ================ Scan services =============================
22:54:20.0546 5184 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
22:54:20.0655 5184 ACPI - ok
22:54:20.0718 5184 [ 563CDCFEEAEF97163E206AF71A61AA6E ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
22:54:20.0733 5184 AdobeFlashPlayerUpdateSvc - ok
22:54:20.0780 5184 [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
22:54:20.0811 5184 adp94xx - ok
22:54:20.0842 5184 [ B84088CA3CDCA97DA44A984C6CE1CCAD ] adpahci C:\Windows\system32\drivers\adpahci.sys
22:54:20.0858 5184 adpahci - ok
22:54:20.0874 5184 [ 7880C67BCCC27C86FD05AA2AFB5EA469 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
22:54:20.0889 5184 adpu160m - ok
22:54:20.0905 5184 [ 9AE713F8E30EFC2ABCCD84904333DF4D ] adpu320 C:\Windows\system32\drivers\adpu320.sys
22:54:20.0920 5184 adpu320 - ok
22:54:20.0952 5184 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
22:54:21.0108 5184 AeLookupSvc - ok
22:54:21.0154 5184 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
22:54:21.0248 5184 AFD - ok
22:54:21.0279 5184 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
22:54:21.0295 5184 aic78xx - ok
22:54:21.0310 5184 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
22:54:21.0466 5184 ALG - ok
22:54:21.0482 5184 [ 90395B64600EBB4552E26E178C94B2E4 ] aliide C:\Windows\system32\drivers\aliide.sys
22:54:21.0498 5184 aliide - ok
22:54:21.0513 5184 [ 2B13E304C9DFDFA5EB582F6A149FA2C7 ] amdagp C:\Windows\system32\drivers\amdagp.sys
22:54:21.0529 5184 amdagp - ok
22:54:21.0544 5184 [ 0577DF1D323FE75A739C787893D300EA ] amdide C:\Windows\system32\drivers\amdide.sys
22:54:21.0560 5184 amdide - ok
22:54:21.0591 5184 [ DC487885BCEF9F28EECE6FAC0E5DDFC5 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
22:54:21.0732 5184 AmdK7 - ok
22:54:21.0747 5184 [ 0CA0071DA4315B00FC1328CA86B425DA ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
22:54:21.0810 5184 AmdK8 - ok
22:54:21.0919 5184 [ 459465DA28E49B358ECFE0D788F328F4 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
22:54:21.0934 5184 AntiVirSchedulerService - ok
22:54:21.0981 5184 [ BCDD17E8469D647A71B347C4B6F86685 ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
22:54:21.0981 5184 AntiVirService - ok
22:54:22.0028 5184 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
22:54:22.0106 5184 Appinfo - ok
22:54:22.0215 5184 [ 4B5AE15E5C73EB4DC8DBEC2788230D41 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
22:54:22.0231 5184 Apple Mobile Device - ok
22:54:22.0246 5184 [ 5F673180268BB1FDB69C99B6619FE379 ] arc C:\Windows\system32\drivers\arc.sys
22:54:22.0262 5184 arc - ok
22:54:22.0293 5184 [ 957F7540B5E7F602E44648C7DE5A1C05 ] arcsas C:\Windows\system32\drivers\arcsas.sys
22:54:22.0293 5184 arcsas - ok
22:54:22.0340 5184 [ 1E0EEB62964513F4F1E18FEE3C69C43D ] Asapi C:\Windows\system32\drivers\Asapi.sys
22:54:22.0356 5184 Asapi ( UnsignedFile.Multi.Generic ) - warning
22:54:22.0356 5184 Asapi - detected UnsignedFile.Multi.Generic (1)
22:54:22.0387 5184 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
22:54:22.0434 5184 AsyncMac - ok
22:54:22.0465 5184 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys
22:54:22.0480 5184 atapi - ok
22:54:22.0512 5184 [ 150E93D394FE766C0106A3E4183BBE27 ] Atc002 C:\Windows\system32\DRIVERS\l260x86.sys
22:54:22.0543 5184 Atc002 - ok
22:54:22.0590 5184 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
22:54:22.0636 5184 AudioEndpointBuilder - ok
22:54:22.0652 5184 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
22:54:22.0683 5184 Audiosrv - ok
22:54:22.0730 5184 [ A5C175039B1D6D85D0E79F5855828E4D ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
22:54:22.0808 5184 avgntflt - ok
22:54:22.0839 5184 [ 37B854C7D1F477E66C5B49C7700C47CC ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
22:54:22.0855 5184 avipbb - ok
22:54:22.0870 5184 [ CC4EBA25D80DE42BBC2BF3E553219388 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
22:54:22.0870 5184 avkmgr - ok
22:54:22.0917 5184 [ 509F672686AF40F95859FDE67108449B ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl6.sys
22:54:23.0011 5184 BCM43XX - ok
22:54:23.0042 5184 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
22:54:23.0089 5184 Beep - ok
22:54:23.0136 5184 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
22:54:23.0198 5184 BFE - ok
22:54:23.0260 5184 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\System32\qmgr.dll
22:54:23.0323 5184 BITS - ok
22:54:23.0338 5184 blbdrive - ok
22:54:23.0385 5184 [ 3F56903E124E820AEECE6D471583C6C1 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
22:54:23.0401 5184 Bonjour Service - ok
22:54:23.0416 5184 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
22:54:23.0463 5184 bowser - ok
22:54:23.0510 5184 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
22:54:23.0526 5184 BrFiltLo - ok
22:54:23.0541 5184 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
22:54:23.0572 5184 BrFiltUp - ok
22:54:23.0604 5184 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
22:54:23.0650 5184 Browser - ok
22:54:23.0666 5184 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
22:54:23.0713 5184 Brserid - ok
22:54:23.0728 5184 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
22:54:23.0791 5184 BrSerWdm - ok
22:54:23.0791 5184 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
22:54:23.0853 5184 BrUsbMdm - ok
22:54:23.0869 5184 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
22:54:23.0931 5184 BrUsbSer - ok
22:54:23.0947 5184 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
22:54:23.0994 5184 BTHMODEM - ok
22:54:24.0040 5184 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
22:54:24.0087 5184 cdfs - ok
22:54:24.0118 5184 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
22:54:24.0150 5184 cdrom - ok
22:54:24.0196 5184 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
22:54:24.0228 5184 CertPropSvc - ok
22:54:24.0243 5184 [ DA8E0AFC7BAA226C538EF53AC2F90897 ] circlass C:\Windows\system32\drivers\circlass.sys
22:54:24.0290 5184 circlass - ok
22:54:24.0321 5184 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
22:54:24.0352 5184 CLFS - ok
22:54:24.0399 5184 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:54:24.0415 5184 clr_optimization_v2.0.50727_32 - ok
22:54:24.0493 5184 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:54:24.0508 5184 clr_optimization_v4.0.30319_32 - ok
22:54:24.0555 5184 [ 0FED59EDB4A83FF17F1778827B88AB1A ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
22:54:24.0602 5184 CmBatt - ok
22:54:24.0618 5184 [ 45201046C776FFDAF3FC8A0029C581C8 ] cmdide C:\Windows\system32\drivers\cmdide.sys
22:54:24.0633 5184 cmdide - ok
22:54:24.0649 5184 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
22:54:24.0664 5184 Compbatt - ok
22:54:24.0664 5184 COMSysApp - ok
22:54:24.0680 5184 [ 2A213AE086BBEC5E937553C7D9A2B22C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
22:54:24.0696 5184 crcdisk - ok
22:54:24.0711 5184 [ 22A7F883508176489F559EE745B5BF5D ] Crusoe C:\Windows\system32\drivers\crusoe.sys
22:54:24.0774 5184 Crusoe - ok
22:54:24.0805 5184 [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc C:\Windows\system32\cryptsvc.dll
22:54:24.0867 5184 CryptSvc - ok
22:54:24.0898 5184 [ 5C706C06C1279952D2CC1A609CA948BF ] CVirtA C:\Windows\system32\DRIVERS\CVirtA.sys
22:54:24.0945 5184 CVirtA - ok
22:54:24.0992 5184 [ EEDBAB8486E358CDD6687E666941B30C ] CVPND C:\Program Files\Cisco\VPN Client 48\cvpnd.exe
22:54:25.0132 5184 CVPND - ok
22:54:25.0195 5184 [ 5BA042BCAB6246C6BBA51606AFD7B488 ] CVPNDRVA C:\Windows\system32\Drivers\CVPNDRVA.sys
22:54:25.0210 5184 CVPNDRVA ( UnsignedFile.Multi.Generic ) - warning
22:54:25.0210 5184 CVPNDRVA - detected UnsignedFile.Multi.Generic (1)
22:54:25.0257 5184 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
22:54:25.0320 5184 DcomLaunch - ok
22:54:25.0382 5184 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
22:54:25.0444 5184 DfsC - ok
22:54:25.0647 5184 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
22:54:25.0803 5184 DFSR - ok
22:54:25.0850 5184 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
22:54:25.0881 5184 Dhcp - ok
22:54:25.0912 5184 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
22:54:25.0928 5184 disk - ok
22:54:25.0959 5184 [ 3BE6CEC4503989D44C2C7CE0C7CEED22 ] DNE C:\Windows\system32\DRIVERS\dne2000.sys
22:54:25.0975 5184 DNE - ok
22:54:26.0006 5184 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
22:54:26.0037 5184 Dnscache - ok
22:54:26.0068 5184 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
22:54:26.0115 5184 dot3svc - ok
22:54:26.0146 5184 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
22:54:26.0178 5184 DPS - ok
22:54:26.0209 5184 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
22:54:26.0240 5184 drmkaud - ok
22:54:26.0287 5184 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
22:54:26.0334 5184 DXGKrnl - ok
22:54:26.0349 5184 [ F88FB26547FD2CE6D0A5AF2985892C48 ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
22:54:26.0427 5184 E1G60 - ok
22:54:26.0474 5184 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
22:54:26.0490 5184 EapHost - ok
22:54:26.0536 5184 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
22:54:26.0552 5184 Ecache - ok
22:54:26.0614 5184 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
22:54:26.0646 5184 ehRecvr - ok
22:54:26.0661 5184 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
22:54:26.0724 5184 ehSched - ok
22:54:26.0739 5184 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
22:54:26.0755 5184 ehstart - ok
22:54:26.0786 5184 [ E8F3F21A71720C84BCF423B80028359F ] elxstor C:\Windows\system32\drivers\elxstor.sys
22:54:26.0817 5184 elxstor - ok
22:54:26.0848 5184 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
22:54:26.0958 5184 EMDMgmt - ok
22:54:26.0989 5184 [ 1FA3F9DF8983873746FA6B72DD7E3C2C ] EMSCR C:\Windows\system32\DRIVERS\EMS7SK.sys
22:54:27.0036 5184 EMSCR - ok
22:54:27.0067 5184 [ 9C7487253AAD6BF61F9BC83D50E32CCC ] ESDCR C:\Windows\system32\DRIVERS\ESD7SK.sys
22:54:27.0098 5184 ESDCR - ok
22:54:27.0176 5184 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
22:54:27.0223 5184 EventSystem - ok
22:54:27.0270 5184 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
22:54:27.0316 5184 exfat - ok
22:54:27.0348 5184 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
22:54:27.0379 5184 fastfat - ok
22:54:27.0394 5184 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
22:54:27.0441 5184 fdc - ok
22:54:27.0457 5184 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
22:54:27.0488 5184 fdPHost - ok
22:54:27.0519 5184 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
22:54:27.0566 5184 FDResPub - ok
22:54:27.0597 5184 [ 8787449F8EF116DB0E8E06C3555746A7 ] FET5X86V C:\Windows\system32\DRIVERS\fetnd5bv.sys
22:54:27.0628 5184 FET5X86V - ok
22:54:27.0660 5184 [ B2B2C38E916184FF8523C7439DDD417F ] FETNDIS C:\Windows\system32\DRIVERS\fetnd5.sys
22:54:27.0706 5184 FETNDIS - ok
22:54:27.0738 5184 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
22:54:27.0753 5184 FileInfo - ok
22:54:27.0769 5184 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
22:54:27.0831 5184 Filetrace - ok
22:54:27.0862 5184 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
22:54:27.0894 5184 flpydisk - ok
22:54:27.0940 5184 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
22:54:27.0956 5184 FltMgr - ok
22:54:28.0018 5184 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll
22:54:28.0081 5184 FontCache - ok
22:54:28.0128 5184 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
22:54:28.0143 5184 FontCache3.0.0.0 - ok
22:54:28.0174 5184 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
22:54:28.0221 5184 Fs_Rec - ok
22:54:28.0252 5184 [ 4E1CD0A45C50A8882616CAE5BF82F3C5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
22:54:28.0268 5184 gagp30kx - ok
22:54:28.0299 5184 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\Windows\system32\Drivers\GEARAspiWDM.sys
22:54:28.0315 5184 GEARAspiWDM - ok
22:54:28.0377 5184 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
22:54:28.0440 5184 gpsvc - ok
22:54:28.0502 5184 [ 626A24ED1228580B9518C01930936DF9 ] gupdate1c9f7cecfb944df C:\Program Files\Google\Update\GoogleUpdate.exe
22:54:28.0518 5184 gupdate1c9f7cecfb944df - ok
22:54:28.0533 5184 [ 626A24ED1228580B9518C01930936DF9 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
22:54:28.0549 5184 gupdatem - ok
22:54:28.0596 5184 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
22:54:28.0611 5184 gusvc - ok
22:54:28.0642 5184 [ D5207299601C00BF13898976AA52410F ] HdAudAddService C:\Windows\system32\drivers\viahduaa.sys
22:54:28.0689 5184 HdAudAddService - ok
22:54:28.0736 5184 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
22:54:28.0814 5184 HDAudBus - ok
22:54:28.0845 5184 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
22:54:28.0908 5184 HidBth - ok
22:54:28.0908 5184 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
22:54:28.0970 5184 HidIr - ok
22:54:29.0001 5184 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\system32\hidserv.dll
22:54:29.0048 5184 hidserv - ok
22:54:29.0079 5184 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
22:54:29.0110 5184 HidUsb - ok
22:54:29.0142 5184 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
22:54:29.0173 5184 hkmsvc - ok
22:54:29.0188 5184 [ DF353B401001246853763C4B7AAA6F50 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
22:54:29.0204 5184 HpCISSs - ok
22:54:29.0235 5184 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys
22:54:29.0313 5184 HTTP - ok
22:54:29.0344 5184 [ 324C2152FF2C61ABAE92D09F3CCA4D63 ] i2omp C:\Windows\system32\drivers\i2omp.sys
22:54:29.0360 5184 i2omp - ok
22:54:29.0407 5184 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
22:54:29.0438 5184 i8042prt - ok
22:54:29.0454 5184 [ C957BF4B5D80B46C5017BF0101E6C906 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
22:54:29.0469 5184 iaStorV - ok
22:54:29.0532 5184 [ F88E5DC5CA4C3F1AEB32169AB20D0B5A ] ICQ Service C:\Program Files\ICQ6Toolbar\ICQ Service.exe
22:54:29.0547 5184 ICQ Service - ok
22:54:29.0610 5184 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
22:54:29.0688 5184 idsvc - ok
22:54:29.0750 5184 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
22:54:29.0766 5184 iirsp - ok
22:54:29.0844 5184 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
22:54:29.0906 5184 IKEEXT - ok
22:54:29.0984 5184 [ 6F62BAFE6150F3952F877051C65786FE ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
22:54:30.0078 5184 IntcAzAudAddService - ok
22:54:30.0109 5184 [ 97469037714070E45194ED318D636401 ] intelide C:\Windows\system32\drivers\intelide.sys
22:54:30.0124 5184 intelide - ok
22:54:30.0156 5184 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
22:54:30.0202 5184 intelppm - ok
22:54:30.0234 5184 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
22:54:30.0265 5184 IPBusEnum - ok
22:54:30.0296 5184 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:54:30.0343 5184 IpFilterDriver - ok
22:54:30.0358 5184 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
22:54:30.0421 5184 iphlpsvc - ok
22:54:30.0436 5184 IpInIp - ok
22:54:30.0452 5184 [ 40F34F8ABA2A015D780E4B09138B6C17 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
22:54:30.0530 5184 IPMIDRV - ok
22:54:30.0561 5184 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
22:54:30.0608 5184 IPNAT - ok
22:54:30.0639 5184 [ 1E6F080D5EDB4C3B4C4EB787A0848DCC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
22:54:30.0686 5184 iPod Service - ok
22:54:30.0748 5184 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
22:54:30.0780 5184 IRENUM - ok
22:54:30.0826 5184 [ 350FCA7E73CF65BCEF43FAE1E4E91293 ] isapnp C:\Windows\system32\drivers\isapnp.sys
22:54:30.0842 5184 isapnp - ok
22:54:30.0873 5184 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
22:54:30.0889 5184 iScsiPrt - ok
22:54:30.0920 5184 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
22:54:30.0936 5184 iteatapi - ok
22:54:30.0951 5184 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
22:54:30.0967 5184 iteraid - ok
22:54:30.0982 5184 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
22:54:30.0998 5184 kbdclass - ok
22:54:31.0029 5184 [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
22:54:31.0060 5184 kbdhid - ok
22:54:31.0076 5184 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
22:54:31.0123 5184 KeyIso - ok
22:54:31.0154 5184 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
22:54:31.0201 5184 KSecDD - ok
22:54:31.0279 5184 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
22:54:31.0357 5184 KtmRm - ok
22:54:31.0388 5184 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\system32\srvsvc.dll
22:54:31.0466 5184 LanmanServer - ok
22:54:31.0482 5184 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
22:54:31.0544 5184 LanmanWorkstation - ok
22:54:31.0591 5184 [ 793FF718477345CD5D232C50BED1E452 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
22:54:31.0606 5184 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
22:54:31.0606 5184 LightScribeService - detected UnsignedFile.Multi.Generic (1)
22:54:31.0638 5184 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
22:54:31.0669 5184 lltdio - ok
22:54:31.0700 5184 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
22:54:31.0731 5184 lltdsvc - ok
22:54:31.0762 5184 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
22:54:31.0809 5184 lmhosts - ok
22:54:31.0840 5184 [ A2262FB9F28935E862B4DB46438C80D2 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
22:54:31.0856 5184 LSI_FC - ok
22:54:31.0872 5184 [ 30D73327D390F72A62F32C103DAF1D6D ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
22:54:31.0887 5184 LSI_SAS - ok
22:54:31.0918 5184 [ E1E36FEFD45849A95F1AB81DE0159FE3 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
22:54:31.0934 5184 LSI_SCSI - ok
22:54:31.0950 5184 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
22:54:31.0996 5184 luafv - ok
22:54:32.0028 5184 [ 629CABB0421668C9D3D402A3C3D77E14 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
22:54:32.0043 5184 MBAMProtector - ok
22:54:32.0230 5184 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler E:\downloads\Malwarebytes' Anti-Malware\mbamscheduler.exe
22:54:32.0262 5184 MBAMScheduler - ok
22:54:32.0308 5184 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService E:\downloads\Malwarebytes' Anti-Malware\mbamservice.exe
22:54:32.0340 5184 MBAMService - ok
22:54:32.0371 5184 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
22:54:32.0402 5184 Mcx2Svc - ok
22:54:32.0418 5184 [ D153B14FC6598EAE8422A2037553ADCE ] megasas C:\Windows\system32\drivers\megasas.sys
22:54:32.0433 5184 megasas - ok
22:54:32.0464 5184 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
22:54:32.0511 5184 MMCSS - ok
22:54:32.0542 5184 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
22:54:32.0574 5184 Modem - ok
22:54:32.0605 5184 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
22:54:32.0652 5184 monitor - ok
22:54:32.0667 5184 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
22:54:32.0683 5184 mouclass - ok
22:54:32.0698 5184 [ A3A6DFF7E9E757DB3DF51A833BC28885 ] mouhid C:\Windows\system32\drivers\mouhid.sys
22:54:32.0745 5184 mouhid - ok
22:54:32.0776 5184 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
22:54:32.0792 5184 MountMgr - ok
22:54:32.0839 5184 [ ECE7906E074FA5AAC14AF711F65AC979 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
22:54:32.0854 5184 MozillaMaintenance - ok
22:54:32.0886 5184 [ 583A41F26278D9E0EA548163D6139397 ] mpio C:\Windows\system32\drivers\mpio.sys
22:54:32.0901 5184 mpio - ok
22:54:32.0932 5184 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
22:54:32.0964 5184 mpsdrv - ok
22:54:32.0995 5184 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
22:54:33.0042 5184 MpsSvc - ok
22:54:33.0057 5184 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
22:54:33.0073 5184 Mraid35x - ok
22:54:33.0104 5184 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
22:54:33.0135 5184 MRxDAV - ok
22:54:33.0166 5184 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
22:54:33.0213 5184 mrxsmb - ok
22:54:33.0260 5184 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:54:33.0291 5184 mrxsmb10 - ok
22:54:33.0307 5184 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:54:33.0322 5184 mrxsmb20 - ok
22:54:33.0338 5184 [ 742AED7939E734C36B7E8D6228CE26B7 ] msahci C:\Windows\system32\drivers\msahci.sys
22:54:33.0354 5184 msahci - ok
22:54:33.0369 5184 [ 3FC82A2AE4CC149165A94699183D3028 ] msdsm C:\Windows\system32\drivers\msdsm.sys
22:54:33.0385 5184 msdsm - ok
22:54:33.0416 5184 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
22:54:33.0463 5184 MSDTC - ok
22:54:33.0494 5184 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
22:54:33.0541 5184 Msfs - ok
22:54:33.0572 5184 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
22:54:33.0588 5184 msisadrv - ok
22:54:33.0619 5184 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
22:54:33.0666 5184 MSiSCSI - ok
22:54:33.0666 5184 msiserver - ok
22:54:33.0697 5184 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
22:54:33.0712 5184 MSKSSRV - ok
22:54:33.0744 5184 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
22:54:33.0775 5184 MSPCLOCK - ok
22:54:33.0806 5184 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
22:54:33.0822 5184 MSPQM - ok
22:54:33.0868 5184 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
22:54:33.0900 5184 MsRPC - ok
22:54:33.0915 5184 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
22:54:33.0931 5184 mssmbios - ok
22:54:33.0946 5184 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
22:54:33.0978 5184 MSTEE - ok
22:54:33.0993 5184 [ DCDAAB8697A47894A554050CE18D0B56 ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys
22:54:34.0040 5184 MTsensor - ok
22:54:34.0071 5184 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
22:54:34.0087 5184 Mup - ok
22:54:34.0118 5184 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
22:54:34.0149 5184 napagent - ok
22:54:34.0196 5184 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
22:54:34.0212 5184 NativeWifiP - ok
22:54:34.0258 5184 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
22:54:34.0305 5184 NDIS - ok
22:54:34.0352 5184 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
22:54:34.0368 5184 NdisTapi - ok
22:54:34.0399 5184 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
22:54:34.0430 5184 Ndisuio - ok
22:54:34.0461 5184 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
22:54:34.0492 5184 NdisWan - ok
22:54:34.0508 5184 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
22:54:34.0555 5184 NDProxy - ok
22:54:34.0570 5184 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
22:54:34.0602 5184 NetBIOS - ok
22:54:34.0633 5184 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
22:54:34.0648 5184 netbt - ok
22:54:34.0664 5184 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
22:54:34.0695 5184 Netlogon - ok
22:54:34.0726 5184 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
22:54:34.0758 5184 Netman - ok
22:54:34.0789 5184 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
22:54:34.0820 5184 netprofm - ok
22:54:34.0867 5184 [ 3E8AF59AE2807D891B2E3C0A65875FE8 ] netr73 C:\Windows\system32\DRIVERS\netr73.sys
22:54:34.0929 5184 netr73 - ok
22:54:34.0945 5184 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:54:34.0960 5184 NetTcpPortSharing - ok
22:54:34.0992 5184 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
22:54:35.0007 5184 nfrd960 - ok
22:54:35.0038 5184 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
22:54:35.0070 5184 NlaSvc - ok
22:54:35.0116 5184 [ B9730495E0CF674680121E34BD95A73B ] npf C:\Windows\system32\drivers\npf.sys
22:54:35.0116 5184 npf - ok
22:54:35.0148 5184 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
22:54:35.0179 5184 Npfs - ok
22:54:35.0226 5184 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
22:54:35.0257 5184 nsi - ok
22:54:35.0272 5184 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
22:54:35.0304 5184 nsiproxy - ok
22:54:35.0350 5184 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
22:54:35.0428 5184 Ntfs - ok
22:54:35.0475 5184 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
22:54:35.0538 5184 ntrigdigi - ok
22:54:35.0553 5184 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
22:54:35.0584 5184 Null - ok
22:54:35.0631 5184 [ 74C825C573AA6E115590D94E7BF86901 ] NVENETFD C:\Windows\system32\DRIVERS\nvmfdx32.sys
22:54:35.0694 5184 NVENETFD - ok
22:54:36.0364 5184 [ 0A1B502CBC8230DA74BEFBAADDB58916 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
22:54:36.0692 5184 nvlddmkm - ok
22:54:36.0723 5184 [ E69E946F80C1C31C53003BFBF50CBB7C ] nvraid C:\Windows\system32\drivers\nvraid.sys
22:54:36.0723 5184 nvraid - ok
22:54:36.0739 5184 [ 9E0BA19A28C498A6D323D065DB76DFFC ] nvstor C:\Windows\system32\drivers\nvstor.sys
22:54:36.0754 5184 nvstor - ok
22:54:36.0770 5184 [ A1CE1A6FD74C046F029448FCFA5E386D ] nvstor32 C:\Windows\system32\DRIVERS\nvstor32.sys
22:54:36.0786 5184 nvstor32 - ok
22:54:36.0832 5184 [ EB5A13F9139F20AD71ADF4BF79C3AA29 ] nvsvc C:\Windows\system32\nvvsvc.exe
22:54:36.0895 5184 nvsvc - ok
22:54:36.0957 5184 [ 0629259E3AF6BB0534FCECA208973404 ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
22:54:37.0035 5184 nvUpdatusService - ok
22:54:37.0051 5184 [ 07C186427EB8FCC3D8D7927187F260F7 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
22:54:37.0082 5184 nv_agp - ok
22:54:37.0082 5184 NwlnkFlt - ok
22:54:37.0098 5184 NwlnkFwd - ok
22:54:37.0160 5184 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
22:54:37.0176 5184 odserv - ok
22:54:37.0207 5184 [ BE32DA025A0BE1878F0EE8D6D9386CD5 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
22:54:37.0254 5184 ohci1394 - ok
22:54:37.0285 5184 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:54:37.0300 5184 ose - ok
22:54:37.0347 5184 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
22:54:37.0456 5184 p2pimsvc - ok
22:54:37.0472 5184 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
22:54:37.0519 5184 p2psvc - ok
22:54:37.0550 5184 [ 8A79FDF04A73428597E2CAF9D0D67850 ] Parport C:\Windows\system32\DRIVERS\parport.sys
22:54:37.0597 5184 Parport - ok
22:54:37.0628 5184 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
22:54:37.0644 5184 partmgr - ok
22:54:37.0659 5184 [ 6C580025C81CAF3AE9E3617C22CAD00E ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
22:54:37.0690 5184 Parvdm - ok
22:54:37.0722 5184 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
22:54:37.0768 5184 PcaSvc - ok
22:54:37.0784 5184 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
22:54:37.0800 5184 pci - ok
22:54:37.0831 5184 [ 1636D43F10416AEB483BC6001097B26C ] pciide C:\Windows\system32\DRIVERS\pciide.sys
22:54:37.0846 5184 pciide - ok
22:54:37.0862 5184 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
22:54:37.0878 5184 pcmcia - ok
22:54:37.0909 5184 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
22:54:38.0034 5184 PEAUTH - ok
22:54:38.0112 5184 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
22:54:38.0190 5184 pla - ok
22:54:38.0221 5184 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
22:54:38.0252 5184 PlugPlay - ok
22:54:38.0283 5184 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
22:54:38.0299 5184 PNRPAutoReg - ok
22:54:38.0330 5184 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
22:54:38.0361 5184 PNRPsvc - ok
22:54:38.0392 5184 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
22:54:38.0455 5184 PolicyAgent - ok
22:54:38.0486 5184 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
22:54:38.0517 5184 PptpMiniport - ok
22:54:38.0533 5184 [ 0E3CEF5D28B40CF273281D620C50700A ] Processor C:\Windows\system32\drivers\processr.sys
22:54:38.0595 5184 Processor - ok
22:54:38.0611 5184 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
22:54:38.0642 5184 ProfSvc - ok
22:54:38.0658 5184 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
22:54:38.0673 5184 ProtectedStorage - ok
22:54:38.0704 5184 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
22:54:38.0736 5184 PSched - ok
22:54:38.0782 5184 [ CCDAC889326317792480C0A67156A1EC ] ql2300 C:\Windows\system32\drivers\ql2300.sys
22:54:38.0860 5184 ql2300 - ok
22:54:38.0907 5184 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
22:54:38.0923 5184 ql40xx - ok
22:54:38.0970 5184 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
22:54:39.0001 5184 QWAVE - ok
22:54:39.0016 5184 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
22:54:39.0048 5184 QWAVEdrv - ok
22:54:39.0063 5184 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
22:54:39.0094 5184 RasAcd - ok
22:54:39.0126 5184 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
22:54:39.0172 5184 RasAuto - ok
22:54:39.0188 5184 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
22:54:39.0219 5184 Rasl2tp - ok
22:54:39.0266 5184 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
22:54:39.0297 5184 RasMan - ok
22:54:39.0328 5184 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
22:54:39.0344 5184 RasPppoe - ok
22:54:39.0375 5184 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
22:54:39.0391 5184 RasSstp - ok
22:54:39.0422 5184 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
22:54:39.0453 5184 rdbss - ok
22:54:39.0484 5184 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
22:54:39.0516 5184 RDPCDD - ok
22:54:39.0562 5184 [ E8BD98D46F2ED77132BA927FCCB47D8B ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
22:54:39.0609 5184 rdpdr - ok
22:54:39.0625 5184 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
22:54:39.0656 5184 RDPENCDD - ok
22:54:39.0687 5184 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
22:54:39.0734 5184 RDPWD - ok
22:54:39.0765 5184 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
22:54:39.0796 5184 RemoteAccess - ok
22:54:39.0828 5184 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
22:54:39.0874 5184 RemoteRegistry - ok
22:54:39.0921 5184 [ B216B03852DF788C7E2AFDF6C6E8A9B0 ] RichVideo C:\Program Files\CyberLink\Shared Files\RichVideo.exe
22:54:39.0952 5184 RichVideo ( UnsignedFile.Multi.Generic ) - warning
22:54:39.0952 5184 RichVideo - detected UnsignedFile.Multi.Generic (1)
22:54:39.0968 5184 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
22:54:39.0999 5184 RpcLocator - ok
22:54:40.0030 5184 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
22:54:40.0077 5184 RpcSs - ok
22:54:40.0093 5184 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
22:54:40.0140 5184 rspndr - ok
22:54:40.0171 5184 [ CB20F16AFDBA63707FB971E0922EDEC1 ] RT73 C:\Windows\system32\DRIVERS\Dr71WU.sys
22:54:40.0202 5184 RT73 - ok
22:54:40.0233 5184 [ 3D861FBFBD3BA4DE098331FDE4EFF556 ] RTL8187 C:\Windows\system32\DRIVERS\RTL8187.sys
22:54:40.0280 5184 RTL8187 - ok
22:54:40.0296 5184 [ EF4B5A8D53F15CB269469DD4E4BB0109 ] s616bus C:\Windows\system32\DRIVERS\s616bus.sys
22:54:40.0311 5184 s616bus - ok
22:54:40.0327 5184 [ 96187731EEFCF83E844BC1CE6617AAEB ] s616mdfl C:\Windows\system32\DRIVERS\s616mdfl.sys
22:54:40.0342 5184 s616mdfl - ok
22:54:40.0358 5184 [ D2DD87368BFECFA099E50DC120F3F513 ] s616mdm C:\Windows\system32\DRIVERS\s616mdm.sys
22:54:40.0374 5184 s616mdm - ok
22:54:40.0405 5184 [ 5F0BE24E4D4FA134B0B2FEF35D3A9D90 ] s616mgmt C:\Windows\system32\DRIVERS\s616mgmt.sys
22:54:40.0405 5184 s616mgmt - ok
22:54:40.0420 5184 [ B9B507FCC67E204EF38E05FFD4176345 ] s616nd5 C:\Windows\system32\DRIVERS\s616nd5.sys
22:54:40.0436 5184 s616nd5 - ok
22:54:40.0452 5184 [ F123A1F2A04A0E8DBA80B64F0072475A ] s616obex C:\Windows\system32\DRIVERS\s616obex.sys
22:54:40.0467 5184 s616obex - ok
22:54:40.0483 5184 [ E7E55048EBD5C17BFA791B4A6EC3D54B ] s616unic C:\Windows\system32\DRIVERS\s616unic.sys
22:54:40.0498 5184 s616unic - ok
22:54:40.0514 5184 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
22:54:40.0530 5184 SamSs - ok
22:54:40.0561 5184 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
22:54:40.0576 5184 sbp2port - ok
22:54:40.0608 5184 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
22:54:40.0639 5184 SCardSvr - ok
22:54:40.0670 5184 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
22:54:40.0764 5184 Schedule - ok
22:54:40.0779 5184 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
22:54:40.0795 5184 SCPolicySvc - ok
22:54:40.0826 5184 [ 7B3973CC28B8AA3E9E2E5D53E720E2C9 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
22:54:40.0873 5184 sdbus - ok
22:54:40.0888 5184 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
22:54:40.0966 5184 SDRSVC - ok
22:54:40.0982 5184 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
22:54:41.0029 5184 secdrv - ok
22:54:41.0060 5184 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
22:54:41.0091 5184 seclogon - ok
22:54:41.0122 5184 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll
22:54:41.0154 5184 SENS - ok
22:54:41.0169 5184 [ CE9EC966638EF0B10B864DDEDF62A099 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
22:54:41.0216 5184 Serenum - ok
22:54:41.0247 5184 [ 6D663022DB3E7058907784AE14B69898 ] Serial C:\Windows\system32\DRIVERS\serial.sys
22:54:41.0263 5184 Serial - ok
22:54:41.0294 5184 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
22:54:41.0325 5184 sermouse - ok
22:54:41.0356 5184 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
22:54:41.0388 5184 SessionEnv - ok
22:54:41.0419 5184 [ 103B79418DA647736EE95645F305F68A ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
22:54:41.0481 5184 sffdisk - ok
22:54:41.0497 5184 [ 8FD08A310645FE872EEEC6E08C6BF3EE ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
22:54:41.0544 5184 sffp_mmc - ok
22:54:41.0559 5184 [ 9CFA05FCFCB7124E69CFC812B72F9614 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
22:54:41.0622 5184 sffp_sd - ok
22:54:41.0637 5184 [ C33BFBD6E9E41FCD9FFEF9729E9FAED6 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
22:54:41.0668 5184 sfloppy - ok
22:54:41.0684 5184 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
22:54:41.0731 5184 SharedAccess - ok
22:54:41.0746 5184 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
22:54:41.0809 5184 ShellHWDetection - ok
22:54:41.0824 5184 [ CEDD6F4E7D84E9F98B34B3FE988373AA ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
22:54:41.0856 5184 SiSRaid2 - ok
22:54:41.0871 5184 [ DF843C528C4F69D12CE41CE462E973A7 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
22:54:41.0887 5184 SiSRaid4 - ok
22:54:41.0949 5184 [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
22:54:41.0965 5184 SkypeUpdate - ok
22:54:42.0230 5184 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
22:54:42.0386 5184 slsvc - ok
22:54:42.0402 5184 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
22:54:42.0433 5184 SLUINotify - ok
22:54:42.0464 5184 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
22:54:42.0495 5184 Smb - ok
22:54:42.0511 5184 smserial - ok
22:54:42.0542 5184 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
22:54:42.0558 5184 SNMPTRAP - ok
22:54:42.0589 5184 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
22:54:42.0604 5184 spldr - ok
22:54:42.0636 5184 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
22:54:42.0698 5184 Spooler - ok
22:54:42.0729 5184 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
22:54:42.0776 5184 srv - ok
22:54:42.0823 5184 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
22:54:42.0870 5184 srv2 - ok
22:54:42.0901 5184 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
22:54:42.0932 5184 srvnet - ok
22:54:42.0948 5184 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
22:54:42.0979 5184 SSDPSRV - ok
22:54:43.0010 5184 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys
22:54:43.0026 5184 ssmdrv - ok
22:54:43.0057 5184 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
22:54:43.0088 5184 SstpSvc - ok
22:54:43.0150 5184 [ F0359F7CE712D69ACEF0886BDB4792ED ] Stereo Service C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
22:54:43.0197 5184 Stereo Service - ok
22:54:43.0275 5184 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
22:54:43.0338 5184 stisvc - ok
22:54:43.0369 5184 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
22:54:43.0384 5184 swenum - ok
22:54:43.0416 5184 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
22:54:43.0462 5184 swprv - ok
22:54:43.0494 5184 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
22:54:43.0494 5184 Symc8xx - ok
22:54:43.0509 5184 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
22:54:43.0525 5184 Sym_hi - ok
22:54:43.0540 5184 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
22:54:43.0556 5184 Sym_u3 - ok
22:54:43.0587 5184 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
22:54:43.0650 5184 SysMain - ok
22:54:43.0681 5184 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
22:54:43.0728 5184 TabletInputService - ok
22:54:43.0759 5184 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
22:54:43.0790 5184 TapiSrv - ok
22:54:43.0821 5184 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
22:54:43.0852 5184 TBS - ok
22:54:43.0884 5184 [ 74E2D020C47BB2B2FCCBA29A518A7EB4 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
22:54:43.0962 5184 Tcpip - ok
22:54:43.0993 5184 [ 74E2D020C47BB2B2FCCBA29A518A7EB4 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
22:54:44.0040 5184 Tcpip6 - ok
22:54:44.0055 5184 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
22:54:44.0164 5184 tcpipreg - ok
22:54:44.0196 5184 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
22:54:44.0227 5184 TDPIPE - ok
22:54:44.0242 5184 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
22:54:44.0274 5184 TDTCP - ok
22:54:44.0305 5184 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
22:54:44.0336 5184 tdx - ok
22:54:44.0352 5184 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
22:54:44.0367 5184 TermDD - ok
22:54:44.0383 5184 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
22:54:44.0430 5184 TermService - ok
22:54:44.0492 5184 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
22:54:44.0508 5184 Themes - ok
22:54:44.0523 5184 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
22:54:44.0554 5184 THREADORDER - ok
22:54:44.0586 5184 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
22:54:44.0632 5184 TrkWks - ok
22:54:44.0695 5184 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
22:54:44.0710 5184 TrustedInstaller - ok
22:54:44.0742 5184 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
22:54:44.0788 5184 tssecsrv - ok
22:54:44.0804 5184 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
22:54:44.0851 5184 tunmp - ok
22:54:44.0866 5184 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
22:54:44.0898 5184 tunnel - ok
22:54:44.0913 5184 [ C3ADE15414120033A36C0F293D4A4121 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
22:54:44.0929 5184 uagp35 - ok
22:54:44.0960 5184 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
22:54:44.0991 5184 udfs - ok
22:54:45.0022 5184 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
22:54:45.0054 5184 UI0Detect - ok
22:54:45.0069 5184 [ 75E6890EBFCE0841D3291B02E7A8BDB0 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
22:54:45.0085 5184 uliagpkx - ok
22:54:45.0100 5184 [ 3CD4EA35A6221B85DCC25DAA46313F8D ] uliahci C:\Windows\system32\drivers\uliahci.sys
22:54:45.0116 5184 uliahci - ok
22:54:45.0132 5184 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
22:54:45.0147 5184 UlSata - ok
22:54:45.0163 5184 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
22:54:45.0178 5184 ulsata2 - ok
22:54:45.0210 5184 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
22:54:45.0225 5184 umbus - ok
22:54:45.0256 5184 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
22:54:45.0303 5184 upnphost - ok
22:54:45.0334 5184 [ 1DF89C499BF45D878B87EBD4421D462D ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
22:54:45.0381 5184 USBAAPL - ok
22:54:45.0397 5184 [ 8BD3AE150D97BA4E633C6C5C51B41AE1 ] usbccgp C:\Windows\system32\drivers\usbccgp.sys
22:54:45.0444 5184 usbccgp - ok
22:54:45.0444 5184 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
22:54:45.0506 5184 usbcir - ok
22:54:45.0522 5184 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
22:54:45.0553 5184 usbehci - ok
22:54:45.0584 5184 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
22:54:45.0615 5184 usbhub - ok
22:54:45.0631 5184 [ 4F8DD5C9B756EFCE251784D6AC63E4AB ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
22:54:45.0662 5184 usbohci - ok
22:54:45.0693 5184 [ B51E52ACF758BE00EF3A58EA452FE360 ] usbprint C:\Windows\system32\drivers\usbprint.sys
22:54:45.0724 5184 usbprint - ok
22:54:45.0756 5184 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
22:54:45.0787 5184 usbscan - ok
22:54:45.0834 5184 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:54:45.0865 5184 USBSTOR - ok
22:54:45.0880 5184 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
22:54:45.0927 5184 usbuhci - ok
22:54:45.0943 5184 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
22:54:45.0974 5184 UxSms - ok
22:54:46.0005 5184 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
22:54:46.0068 5184 vds - ok
22:54:46.0099 5184 [ 7D92BE0028ECDEDEC74617009084B5EF ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
22:54:46.0161 5184 vga - ok
22:54:46.0177 5184 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
22:54:46.0224 5184 VgaSave - ok
22:54:46.0239 5184 [ 045D9961E591CF0674A920B6BA3BA5CB ] viaagp C:\Windows\system32\drivers\viaagp.sys
22:54:46.0255 5184 viaagp - ok
22:54:46.0270 5184 [ 56A4DE5F02F2E88182B0981119B4DD98 ] ViaC7 C:\Windows\system32\drivers\viac7.sys
22:54:46.0317 5184 ViaC7 - ok
22:54:46.0333 5184 [ FD2E3175FCADA350C7AB4521DCA187EC ] viaide C:\Windows\system32\drivers\viaide.sys
22:54:46.0333 5184 viaide - ok
22:54:46.0364 5184 [ FD85C55B66797542A8C8A7348ED0675A ] ViBus C:\Windows\system32\DRIVERS\ViBus.sys
22:54:46.0395 5184 ViBus - ok
22:54:46.0411 5184 [ 510B5097E81CD36D603D7D5C93820BBD ] videX32 C:\Windows\system32\DRIVERS\videX32.sys
22:54:46.0442 5184 videX32 - ok
22:54:46.0458 5184 [ 7C69B1B6DEC5F8584AA352E522AF1476 ] ViPrt C:\Windows\system32\DRIVERS\ViPrt.sys
22:54:46.0473 5184 ViPrt - ok
22:54:46.0489 5184 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
22:54:46.0504 5184 volmgr - ok
22:54:46.0551 5184 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
22:54:46.0582 5184 volmgrx - ok
22:54:46.0598 5184 [ 786DB5771F05EF300390399F626BF30A ] volsnap C:\Windows\system32\drivers\volsnap.sys
22:54:46.0629 5184 volsnap - ok
22:54:46.0645 5184 [ 27B3DD12A19EEC50220DF15B64913DDA ] vsdatant C:\Windows\system32\vsdatant.sys
22:54:46.0676 5184 vsdatant - ok
22:54:46.0707 5184 [ D984439746D42B30FC65A4C3546C6829 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
22:54:46.0723 5184 vsmraid - ok
22:54:46.0770 5184 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
22:54:46.0848 5184 VSS - ok
22:54:46.0879 5184 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
22:54:46.0910 5184 W32Time - ok
22:54:46.0926 5184 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
22:54:46.0972 5184 WacomPen - ok
22:54:47.0004 5184 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
22:54:47.0035 5184 Wanarp - ok
22:54:47.0035 5184 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
22:54:47.0066 5184 Wanarpv6 - ok
22:54:47.0113 5184 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
22:54:47.0191 5184 wcncsvc - ok
22:54:47.0222 5184 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
22:54:47.0269 5184 WcsPlugInService - ok
22:54:47.0284 5184 [ AFC5AD65B991C1E205CF25CFDBF7A6F4 ] Wd C:\Windows\system32\drivers\wd.sys
22:54:47.0300 5184 Wd - ok
22:54:47.0347 5184 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
22:54:47.0394 5184 Wdf01000 - ok
22:54:47.0440 5184 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
22:54:47.0487 5184 WdiServiceHost - ok
22:54:47.0487 5184 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
22:54:47.0518 5184 WdiSystemHost - ok
22:54:47.0550 5184 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
22:54:47.0581 5184 WebClient - ok
22:54:47.0628 5184 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
22:54:47.0690 5184 Wecsvc - ok
22:54:47.0706 5184 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
22:54:47.0737 5184 wercplsupport - ok
22:54:47.0768 5184 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
22:54:47.0799 5184 WerSvc - ok
22:54:47.0846 5184 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
22:54:47.0862 5184 WinDefend - ok
22:54:47.0877 5184 WinHttpAutoProxySvc - ok
22:54:47.0986 5184 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
22:54:48.0018 5184 Winmgmt - ok
22:54:48.0080 5184 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
22:54:48.0189 5184 WinRM - ok
22:54:48.0252 5184 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
22:54:48.0330 5184 Wlansvc - ok
22:54:48.0439 5184 [ FB01D4AE207B9EFDBABFC55DC95C7E31 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
22:54:48.0564 5184 wlidsvc - ok
22:54:48.0595 5184 [ 701A9F884A294327E9141D73746EE279 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
22:54:48.0642 5184 WmiAcpi - ok
22:54:48.0673 5184 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
22:54:48.0688 5184 wmiApSrv - ok
22:54:48.0829 5184 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
22:54:48.0954 5184 WMPNetworkSvc - ok
22:54:49.0000 5184 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
22:54:49.0063 5184 WPCSvc - ok
22:54:49.0094 5184 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
22:54:49.0141 5184 WPDBusEnum - ok
22:54:49.0250 5184 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
22:54:49.0281 5184 WPFFontCache_v0400 - ok
22:54:49.0312 5184 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
22:54:49.0359 5184 ws2ifsl - ok
22:54:49.0390 5184 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\System32\wscsvc.dll
22:54:49.0453 5184 wscsvc - ok
22:54:49.0453 5184 WSearch - ok
22:54:49.0609 5184 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
22:54:49.0827 5184 wuauserv - ok
22:54:49.0874 5184 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
22:54:49.0921 5184 WudfPf - ok
22:54:49.0952 5184 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
22:54:49.0983 5184 WUDFRd - ok
22:54:50.0030 5184 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
22:54:50.0077 5184 wudfsvc - ok
22:54:50.0108 5184 ================ Scan global ===============================
22:54:50.0139 5184 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
22:54:50.0186 5184 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
22:54:50.0202 5184 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
22:54:50.0233 5184 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
22:54:50.0233 5184 [Global] - ok
22:54:50.0233 5184 ================ Scan MBR ==================================
22:54:50.0248 5184 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
22:54:50.0498 5184 \Device\Harddisk0\DR0 - ok
22:54:50.0498 5184 ================ Scan VBR ==================================
22:54:50.0514 5184 [ 8BF88435C5B724155405636BA8A02384 ] \Device\Harddisk0\DR0\Partition1
22:54:50.0514 5184 \Device\Harddisk0\DR0\Partition1 - ok
22:54:50.0529 5184 [ 53846C3B523ACFE6CD88E24751829976 ] \Device\Harddisk0\DR0\Partition2
22:54:50.0529 5184 \Device\Harddisk0\DR0\Partition2 - ok
22:54:50.0545 5184 [ 3A5892317243B6C83AB9FA1F003CFA9E ] \Device\Harddisk0\DR0\Partition3
22:54:50.0545 5184 \Device\Harddisk0\DR0\Partition3 - ok
22:54:50.0545 5184 ============================================================
22:54:50.0545 5184 Scan finished
22:54:50.0545 5184 ============================================================
22:54:50.0560 1436 Detected object count: 4
22:54:50.0560 1436 Actual detected object count: 4
22:55:15.0520 1436 Asapi ( UnsignedFile.Multi.Generic ) - skipped by user
22:55:15.0520 1436 Asapi ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:55:15.0520 1436 CVPNDRVA ( UnsignedFile.Multi.Generic ) - skipped by user
22:55:15.0520 1436 CVPNDRVA ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:55:15.0520 1436 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
22:55:15.0520 1436 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:55:15.0536 1436 RichVideo ( UnsignedFile.Multi.Generic ) - skipped by user
22:55:15.0536 1436 RichVideo ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:55:32.0509 0872 Deinitialize success
|
|
26.02.2013, 22:58
| #12 |
| /// Malware-holic | EXP/CVE-2013-0422 (Trojan.FakeAlert) mach bitte nur die hier genannten scans. Scan mit Combofix
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
26.02.2013, 23:31
| #13 |
| | EXP/CVE-2013-0422 (Trojan.FakeAlert) Ist soweit durchgelaufen. Allerdings kam, obwohl ich Avira deaktiviert hatte (Schirm eingeklappt), wieder die Meldung von wegen Änderung an der Registry. Diese Meldung kam ziemlich am Beginn. Nach ca. 6 Minuten etwa bei "Stufe 27 fertig" hat sich der Bildschirmschoner eingeschaltet. Ob vor dem automatischen Boot noch Meldungen waren kann ich nicht sagen, man soll ja die Maus nicht bewegen. ;-) Code:
ATTFilter ComboFix 13-02-26.01 - Admin 26.02.2013 23:07:49.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.43.1031.18.2047.1127 [GMT 1:00]
ausgeführt von:: c:\users\Admin\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\sss
c:\program files\sss\licence.txt
c:\program files\sss\ReadMe.txt
c:\program files\sss\SimpleScreenshot.exe
c:\program files\sss\upload.php
c:\programdata\97371201.js
c:\programdata\97371201.pad
c:\users\Admin\AppData\Roaming\Microsoft\Windows\.data
c:\windows\IsUn0407.exe
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
.
Infizierte Kopie von c:\windows\system32\Services.exe wurde gefunden und desinfiziert
Kopie von - c:\windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe wurde wiederhergestellt
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_ASAPI
-------\Service_Asapi
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-01-26 bis 2013-02-26 ))))))))))))))))))))))))))))))
.
.
2013-02-26 22:16 . 2013-02-26 22:16 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-02-26 22:16 . 2013-02-26 22:16 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-02-26 21:26 . 2013-02-26 21:26 -------- d-----w- C:\_OTL
2013-02-26 17:22 . 2013-02-26 17:26 -------- d-----w- C:\gvu
2013-02-26 09:37 . 2013-02-26 09:37 -------- d-----w- c:\users\Admin\AppData\Roaming\Malwarebytes
2013-02-26 09:37 . 2013-02-26 09:37 -------- d-----w- c:\programdata\Malwarebytes
2013-02-26 09:37 . 2012-12-14 15:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-02-21 18:07 . 2013-02-22 16:37 -------- d-----w- c:\program files\Mozilla Thunderbird
2013-02-17 16:25 . 2013-02-17 16:25 -------- d-----w- c:\program files\Microsoft
2013-02-14 19:36 . 2013-02-14 19:36 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-02-13 16:55 . 2013-01-04 01:38 2048512 ----a-w- c:\windows\system32\win32k.sys
2013-02-13 16:55 . 2012-11-08 03:48 1314816 ----a-w- c:\windows\system32\quartz.dll
2013-02-13 16:55 . 2013-01-04 11:28 905576 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-02-13 16:55 . 2013-01-05 05:26 3602808 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-02-13 16:55 . 2013-01-05 05:26 3550072 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-02-10 08:27 . 2013-02-17 12:06 -------- d-----w- c:\users\Admin\.gimp-2.4
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-19 18:25 . 2012-04-02 17:31 691568 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-02-19 18:25 . 2011-06-07 04:24 71024 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-14 19:35 . 2012-08-10 16:38 861088 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-02-14 19:35 . 2010-05-09 20:36 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-01-25 20:07 . 2011-03-28 17:36 19696 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-12-16 13:12 . 2012-12-21 14:39 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 10:50 . 2012-12-21 14:39 293376 ----a-w- c:\windows\system32\atmfd.dll
2010-01-26 09:11 . 2012-04-09 10:37 444283 ----a-w- c:\program files\Common Files\WinPcapNmap.exe
2012-09-03 18:38 . 2011-04-06 17:21 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{7b13ec3e-999a-4b70-b9cb-2617b8323822}"= "c:\program files\Zynga\prxtbZyn0.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
2011-03-28 16:22 176936 ----a-w- c:\program files\Zynga\prxtbZyn0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{7b13ec3e-999a-4b70-b9cb-2617b8323822}"= "c:\program files\Zynga\prxtbZyn0.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{7B13EC3E-999A-4B70-B9CB-2617B8323822}"= "c:\program files\Zynga\prxtbZyn0.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-07 39408]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 4669440]
"Skytel"="Skytel.exe" [2007-06-15 1826816]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-11-29 58928]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-02-20 741376]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-02-15 141608]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2010-02-17 177472]
"VDownloader"="c:\program files\VDownloader\VDownloader.exe" [2012-04-06 890368]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2013-02-12 385248]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
BOINC Manager.lnk - c:\program files\BOINC\boincmgr.exe [2007-11-13 4141056]
OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-1-21 393216]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
PDFCreator.lnk - c:\program files\PDFCreator\PDFCreator.exe [2008-2-17 2641920]
VPN Client.lnk - c:\windows\Installer\{D25122BC-A60E-4663-B602-B01718F12044}\Icon3E5562ED7.ico [2008-3-2 6144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\winlogon]
"shell"="explorer.exe, \"c:\users\Admin\AppData\Roaming\Microsoft\Windows\msshell.exe\""
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2013-02-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 18:25]
.
2013-02-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-28 08:59]
.
2013-02-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-28 08:59]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.at/
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files\ICQ7.4\ICQ.exe
TCP: DhcpNameServer = 10.0.0.138
DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} - hxxp://www.myheritage.de/Genoogle/Components/ActiveX/SearchEngineQuery.dll
FF - ProfilePath - c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gop2vqlo.default\
FF - prefs.js: browser.search.selectedEngine - LEO Eng-Deu
FF - prefs.js: browser.startup.homepage - hxxp://de.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - ExtSQL: !HIDDEN! 2009-08-31 18:35; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-Catan - c:\windows\IsUn0407.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2013-02-26 23:20
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
c:\windows\system32\AUDIODG.EXE
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Avira\AntiVir Desktop\sched.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Cisco\VPN Client 48\cvpnd.exe
c:\program files\ICQ6Toolbar\ICQ Service.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
e:\downloads\Malwarebytes' Anti-Malware\mbamscheduler.exe
e:\downloads\Malwarebytes' Anti-Malware\mbamservice.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
e:\downloads\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\System32\WUDFHost.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\NVIDIA Corporation\Display\nvtray.exe
c:\windows\RtHDVCpl.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Windows Media Player\wmplayer.exe
c:\program files\OpenOffice.org 2.4\program\soffice.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\OpenOffice.org 2.4\program\soffice.BIN
c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
c:\program files\Common Files\Teleca Shared\Generic.exe
c:\program files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-02-26 23:27:41 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2013-02-26 22:27
.
Vor Suchlauf: 6.781.083.648 Bytes frei
Nach Suchlauf: 8.217.608.192 Bytes frei
.
- - End Of File - - AFD4B384D223B15F9EBAED346B453C1C
Weitere Schritte dann morgen... n8 Christoph |
|
27.02.2013, 12:43
| #14 |
| /// Malware-holic | EXP/CVE-2013-0422 (Trojan.FakeAlert) hi computer öffnen bitte, c: qoobox rechtsklick quarantain, mit winrar oder ähnlichem Programm packen und im upload channel hochladen. Trojaner-Board Upload Channel bescheid geben bitte, wenn fertig
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
27.02.2013, 17:32
| #15 |
| | EXP/CVE-2013-0422 (Trojan.FakeAlert) fertig |
|
| Themen zu EXP/CVE-2013-0422 (Trojan.FakeAlert) |
| administrator, autostart, avira, bildschirm, checken, dateien, entfernen, euro, explorer, explorer.exe, festgestellt, geld, gelöscht, löschen, malwarebytes, microsoft, problem, problem gelöst, programm, registrywert, scan, schließen, sekunden, software, taskmanager, vista |
WARNUNG an die MITLESER: 
Linear-Darstellung
