Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: EXP/CVE-2013-0422 (Trojan.FakeAlert)

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 26.02.2013, 19:12   #1
muckl
 
EXP/CVE-2013-0422 (Trojan.FakeAlert) - Standard

EXP/CVE-2013-0422 (Trojan.FakeAlert)



Hallo!

Ich habe ein ganz ähnliches Problem wie in http://www.trojaner-board.de/129580-...ch-sauber.html geschildert. Ich habe gelesen, dass das Ding über eine Java-Lücke kommt. Dabei habe ich Version 7 vom 14.2.2013 drauf?!

Über einen Link, der etwas ganz anderes versprochen hat, bin ich auf einer offensichtlich unseriösen Seite gelandet. Von wegen Geld online etc. etc. Etwa 10 Minuten später war von meinem Bildschirm alles weg, ich habe für einige Sekunden nur das Desktophintergrundbild gesehen, dann kam formatfüllend mit Logo der Bundespolizei etc. "Sie haben sich durch ihre Onlineaktivität strafbar gemacht... zahlen Sie 100 Euro mit ukash...". Dieses Fenster konnte man nicht schließen, keine Tabs wechseln, keinen Taskmanager starten... Bei Windows-Neustart kam derselbe Dreck wieder, ehe man irgendwas anderes machen konnte.

Auf einem zweiten Rechner habe ich dann dieses Board gefunden, was das Hauptproblem gelöst hat: Der sperrende Schirm taucht nicht mehr auf. Aber es ist noch nicht sauber.


Was habe ich bislang gemacht?
Mit Avira im abgesicherten Modus einen Komplettscan gemacht, der den EXP/CVE-2013-0422 festgestellt und entfernt hat. Nach einem Neustart aber dasselbe Bild: Sperrbildschirm...
Auf anraten eures Boards habe ich mir Malwarebytes Anti-Malware geholt. Ein Quickscan hat ein paar Sachen gekillt:
Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2012.12.14.11

Windows Vista Service Pack 2 x86 NTFS (Abgesichertenmodus)
Internet Explorer 9.0.8112.16421
Admin :: ADMIN-PC [Administrator]

Schutz: Deaktiviert

26.02.2013 10:38:06
mbam-log-2013-02-26 (10-38-06).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 227419
Laufzeit: 5 Minute(n), 44 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Shell (Trojan.FakeAlert) -> Daten: explorer.exe, "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\msshell.exe" -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk (Trojan.Ransom.SUGen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
Ein Komplettscan dann noch mehr:
Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.02.26.06

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Admin :: ADMIN-PC [Administrator]

Schutz: Aktiviert

26.02.2013 11:35:42
mbam-log-2013-02-26 (11-35-42).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 272622
Laufzeit: 2 Stunde(n), 28 Minute(n), 51 Sekunde(n) [Abgebrochen]

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\Admin\10217379.exe (Trojan.Ransom) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         

Nun habe ich nochmal einen Quickscan laufen lassen, und siehe da: der Registry-Eintrag ist schon wieder da:
Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.02.26.06

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Admin :: ADMIN-PC [Administrator]

Schutz: Aktiviert

26.02.2013 18:32:20
mbam-log-2013-02-26 (18-32-20).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 230783
Laufzeit: 11 Minute(n), 15 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|shell (Trojan.FakeAlert) -> Daten: explorer.exe, "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\msshell.exe" -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
Wenige Sekunden nachdem ich "entfernen" sage meldet sich Avira, dass es einen verdächtigen Zugriff auf die Registry geblockt hat. Nochmal einen Quickscan mit Malwarebytes - und wieder wird der Registry-Eintrag auffällig! Da scheint irgendein Programm ständig zu checken ob der Registry-Eintrag des Trojaners noch da ist und erstellt ihn sofort neu wenn er fehlen sollte...
Avira sagt zwar dass es blockt, aber es blockt offenbar doch nicht. Ich glaube nicht dass Avira die Arbeit von Malwarebytes stört, denn ich habe auch probiert im abgesicherten Modus den Registrywert zu löschen - trotzdem war er dann als Admin wieder da.


Wenn ihr helfen könntet, wäre das wunderbar!

lg
Christoph

Alt 26.02.2013, 19:26   #2
markusg
/// Malware-holic
 
EXP/CVE-2013-0422 (Trojan.FakeAlert) - Standard

EXP/CVE-2013-0422 (Trojan.FakeAlert)



Hi
hast du den Link noch, den hätte ich gern als private nachicht.
gibt ja noch mehr lücken, außer javas :-)
__________________

__________________

Alt 26.02.2013, 19:30   #3
muckl
 
EXP/CVE-2013-0422 (Trojan.FakeAlert) - Standard

EXP/CVE-2013-0422 (Trojan.FakeAlert)



Hi Markus!

Nein, im Verlauf konnte ich ihn nicht finden... aber irgendwie war es ein Kurzlink mit bit.ly oder so ähnlich. Der entsprechende Forenthread ist nicht mehr existent, dort scheint man gemerkt zu haben, dass sich Müll dahinter versteckt. :-(
Sorry.

lg
Christoph
__________________

Alt 26.02.2013, 19:32   #4
markusg
/// Malware-holic
 
EXP/CVE-2013-0422 (Trojan.FakeAlert) - Standard

EXP/CVE-2013-0422 (Trojan.FakeAlert)



hi,
man öffnet doch keine shortlinks die man irgendwo findet....

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die
    OTL.exe
    .
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die
    Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 26.02.2013, 21:47   #5
muckl
 
EXP/CVE-2013-0422 (Trojan.FakeAlert) - Standard

EXP/CVE-2013-0422 (Trojan.FakeAlert)



Avira hatte den Virus in Users/.../Java/.../63 gefunden...


Hier die Ergebnisse von OTL:

OTL.txt:
Code:
ATTFilter
OTL logfile created on: 26.02.2013 21:20:43 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Admin\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,02 Gb Available Physical Memory | 50,89% Memory free
4,23 Gb Paging File | 2,93 Gb Available in Paging File | 69,23% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 58,81 Gb Total Space | 3,30 Gb Free Space | 5,60% Space Free | Partition Type: NTFS
Drive E: | 303,88 Gb Total Space | 50,24 Gb Free Space | 16,53% Space Free | Partition Type: NTFS
 
Computer Name: xxx | User Name: xxx| Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Admin\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - E:\downloads\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - E:\downloads\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - E:\downloads\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
PRC - C:\Programme\Windows Media Player\wmplayer.exe (Microsoft Corporation)
PRC - C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\audiodg.exe (Microsoft Corporation)
PRC - C:\Programme\OpenOffice.org 2.4\program\soffice.bin (OpenOffice.org)
PRC - C:\Programme\OpenOffice.org 2.4\program\soffice.exe (OpenOffice.org)
PRC - C:\Programme\PDFCreator\PDFCreator.exe (pdfforge  hxxp://www.pdfforge.org/)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe (Sony Ericsson Mobile Communications AB)
PRC - C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe ()
PRC - C:\Programme\Common Files\Teleca Shared\Generic.exe (Teleca AB)
PRC - C:\Programme\Cisco\VPN Client 48\cvpnd.exe (Cisco Systems, Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Programme\OpenOffice.org 2.4\program\libxml2.dll ()
MOD - C:\Programme\PDFCreator\GS8.61\gs8.61\Bin\gsdll32.dll ()
MOD - C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application LauncherBmp.dll ()
MOD - C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe ()
MOD - C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application LauncherLg.dll ()
MOD - C:\Programme\Common Files\Teleca Shared\boost_log-vc71-mt-1_33.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (MBAMService) -- E:\downloads\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- E:\downloads\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (nvUpdatusService) -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (CVPND) -- C:\Programme\Cisco\VPN Client 48\cvpnd.exe (Cisco Systems, Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (smserial) -- system32\DRIVERS\smserial.sys File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (npf) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies, Inc.)
DRV - (netr73) -- C:\Windows\System32\drivers\netr73.sys (Ralink Technology, Corp.)
DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (nvstor32) -- C:\Windows\System32\drivers\nvstor32.sys (NVIDIA Corporation)
DRV - (Atc002) -- C:\Windows\System32\drivers\l260x86.sys (Atheros Communications)
DRV - (HdAudAddService) -- C:\Windows\System32\drivers\viahduaa.sys (VIA Technologies, Inc.)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (RTL8187) -- C:\Windows\System32\drivers\RTL8187.sys (Realtek Semiconductor Corporation                           )
DRV - (s616unic) -- C:\Windows\System32\drivers\s616unic.sys (MCCI Corporation)
DRV - (s616obex) -- C:\Windows\System32\drivers\s616obex.sys (MCCI Corporation)
DRV - (s616nd5) -- C:\Windows\System32\drivers\s616nd5.sys (MCCI Corporation)
DRV - (s616mgmt) -- C:\Windows\System32\drivers\s616mgmt.sys (MCCI Corporation)
DRV - (s616mdm) -- C:\Windows\System32\drivers\s616mdm.sys (MCCI Corporation)
DRV - (s616mdfl) -- C:\Windows\System32\drivers\s616mdfl.sys (MCCI Corporation)
DRV - (s616bus) -- C:\Windows\System32\drivers\s616bus.sys (MCCI Corporation)
DRV - (videX32) -- C:\Windows\System32\drivers\videX32.sys (VIA Technologies, Inc.)
DRV - (ViPrt) -- C:\Windows\System32\drivers\ViPrt.sys (VIA Technologies, Inc.)
DRV - (ViBus) -- C:\Windows\System32\drivers\ViBus.sys (VIA Technologies, Inc.)
DRV - (ESDCR) -- C:\Windows\System32\drivers\ESD7SK.sys (ENE Technology Inc.)
DRV - (EMSCR) -- C:\Windows\System32\drivers\EMS7SK.sys (ENE Technology Inc.)
DRV - (MTsensor) -- C:\Windows\System32\drivers\ASACPI.sys ()
DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (RT73) -- C:\Windows\System32\drivers\Dr71WU.sys (Ralink Technology, Corp.)
DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.)
DRV - (vsdatant) -- C:\Windows\System32\vsdatant.sys (Zone Labs LLC)
DRV - (Asapi) -- C:\Windows\System32\drivers\asapi.sys (VOB Computersysteme GmbH)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Programme\Zynga\prxtbZyn0.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Programme\Zynga\prxtbZyn0.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\SearchScopes,DefaultScope = {617FB567-7944-4CC3-88D5-0650767F860B}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{31CF9EBE-5755-4a1d-AC25-2834D952D9B4}: "URL" = hxxp://search.pdfcreator-toolbar.org/search?p=Q&ts=ne&w={searchTerms}&csrc=search-field
IE - HKCU\..\SearchScopes\{617FB567-7944-4CC3-88D5-0650767F860B}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADBS_enAT267
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADBS
IE - HKCU\..\SearchScopes\{99CD314F-1928-4209-8F12-DBEBFC7E504E}: "URL" = hxxp://de.wikipedia.org/wiki/Spezial:Search?search={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "LEO Eng-Deu"
FF - prefs.js..browser.startup.homepage: "hxxp://de.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official"
FF - prefs.js..extensions.enabledAddons: personas@christopher.beard:1.6.2
FF - prefs.js..extensions.enabledAddons: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:2.0.7
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.11.3.15590
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.10
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q="
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_149.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@octoshape.com/Octoshape Streaming Services,version=1.0: C:\Users\Admin\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1103234-0-npoctoshape.dll (Octoshape ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.03 19:38:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.08.10 17:38:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.3\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.02.21 19:07:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.3\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.3\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.02.21 19:07:15 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.3\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2010.01.14 21:05:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Extensions
[2010.01.14 21:05:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2009.06.24 15:52:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Extensions\m44sed@daysofwonder.com
[2012.11.08 21:59:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\gop2vqlo.default\extensions
[2010.06.24 22:26:27 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\gop2vqlo.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.03.27 19:43:23 | 000,000,000 | ---D | M] (Personas) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\gop2vqlo.default\extensions\personas@christopher.beard
[2012.08.24 23:21:24 | 000,341,143 | ---- | M] () (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\gop2vqlo.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi
[2013.02.24 09:38:05 | 000,000,944 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\gop2vqlo.default\searchplugins\icqplugin.xml
[2012.11.08 19:03:58 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2009.07.14 10:52:47 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2012.08.10 17:38:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012.09.08 06:49:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012.11.08 19:03:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2012.09.03 19:38:38 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.09.03 19:38:35 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.03 19:38:35 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.09.03 19:38:35 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.09.03 19:38:35 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.09.03 19:38:35 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.09.03 19:38:35 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Zynga Toolbar) - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Programme\Zynga\prxtbZyn0.dll (Conduit Ltd.)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Zynga Toolbar) - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Programme\Zynga\prxtbZyn0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Zynga Toolbar) - {7B13EC3E-999A-4B70-B9CB-2617B8323822} - C:\Programme\Zynga\prxtbZyn0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Programme\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Sony Ericsson PC Suite] C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe ()
O4 - HKLM..\Run: [VDownloader] C:\Program Files\VDownloader\VDownloader.exe (Vitzo)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BOINC Manager.lnk = C:\Programme\BOINC\boincmgr.exe (Space Sciences Laboratory)
O4 - Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk = C:\Programme\OpenOffice.org 2.4\program\quickstart.exe ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Programme\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Programme\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: blank ([]about in Local intranet)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} hxxp://www.myheritage.de/Genoogle/Components/ActiveX/SearchEngineQuery.dll (CSEQueryObject Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 10.13.2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{139B96F3-FBD2-4475-BD6A-55EB5C02A7EF}: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{50A94F73-3C71-4A40-BEB1-40AC211785BA}: DhcpNameServer = 10.0.0.138
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - ("C:\Users\Admin\AppData\Roaming\Microsoft\Windows\msshell.exe") -  File not found
O24 - Desktop WallPaper: C:\Users\Admin\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Admin\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{3a45462a-b81e-11df-ac0c-001e8c091e11}\Shell\AutoRun\command - "" = D:\ContentManager\ContentManagerStarter.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.3
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.3
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6C298884-91FD-408C-9D90-5A59D2C29FD1} - Microsoft .NET Framework 1.1 Security Update (KB2742597)
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {8F736E10-8E5C-4399-A532-D0C00A406227} - Microsoft .NET Framework 1.1 Security Update (KB2698023)
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.02.26 18:37:10 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe
[2013.02.26 18:22:38 | 000,000,000 | ---D | C] -- C:\gvu
[2013.02.26 10:37:22 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Malwarebytes
[2013.02.26 10:37:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.02.26 10:37:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.02.26 10:37:11 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.02.21 19:07:14 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird
[2013.02.17 17:25:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in
[2013.02.17 17:25:18 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2013.02.10 09:27:46 | 000,000,000 | ---D | C] -- C:\Users\Admin\.gimp-2.4
[1 C:\Users\Admin\*.tmp files -> C:\Users\Admin\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.02.26 20:50:01 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.02.26 20:41:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.02.26 20:27:51 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.02.26 20:27:51 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.02.26 18:37:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe
[2013.02.26 18:33:57 | 000,642,258 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.02.26 18:33:57 | 000,607,268 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.02.26 18:33:57 | 000,131,710 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.02.26 18:33:57 | 000,108,644 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.02.26 18:27:57 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.02.26 18:27:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.02.26 18:27:43 | 2146,611,200 | -HS- | M] () -- C:\hiberfil.sys
[2013.02.26 08:45:25 | 095,023,320 | ---- | M] () -- C:\ProgramData\97371201.pad
[2013.02.25 20:56:37 | 000,002,757 | ---- | M] () -- C:\ProgramData\97371201.js
[2013.02.17 12:58:06 | 002,185,489 | ---- | M] () -- C:\Users\Admin\.recently-used.xbel
[2013.02.14 21:02:42 | 000,401,608 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[1 C:\Users\Admin\*.tmp files -> C:\Users\Admin\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.02.26 18:27:43 | 2146,611,200 | -HS- | C] () -- C:\hiberfil.sys
[2013.02.25 20:56:37 | 000,002,757 | ---- | C] () -- C:\ProgramData\97371201.js
[2013.02.25 20:56:31 | 095,023,320 | ---- | C] () -- C:\ProgramData\97371201.pad
[2013.02.17 12:58:06 | 002,185,489 | ---- | C] () -- C:\Users\Admin\.recently-used.xbel
[2012.05.31 17:29:57 | 000,136,297 | ---- | C] () -- C:\Users\Admin\SV100992.JPG
[2012.04.09 11:37:49 | 000,444,283 | ---- | C] () -- C:\Program Files\Common Files\WinPcapNmap.exe
[2011.03.05 11:09:51 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2010.10.26 11:39:01 | 000,000,680 | ---- | C] () -- C:\Users\Admin\AppData\Local\d3d9caps.dat
[2010.10.09 22:43:39 | 000,000,678 | ---- | C] () -- C:\Users\Admin\.jmf-resource
[2010.07.11 12:37:52 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.06.02 21:33:19 | 000,000,016 | ---- | C] () -- C:\Users\Admin\.gtk-bookmarks
[2010.05.02 20:18:04 | 002,323,423 | ---- | C] () -- C:\Users\Admin\winmail.dat
[2008.10.23 20:45:15 | 000,000,093 | ---- | C] () -- C:\Users\Admin\AppData\Local\fusioncache.dat
[2008.02.17 09:51:33 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat
[2008.02.16 17:46:01 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html
[2008.02.16 15:45:32 | 000,206,848 | ---- | C] () -- C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2011.01.15 10:41:13 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\.anki
[2011.01.15 09:55:51 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\.matplotlib
[2009.02.27 15:56:03 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Ahnenblatt
[2012.01.01 15:46:25 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\becker
[2011.03.15 16:10:09 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\CasaPortale.de
[2009.06.24 15:52:15 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Days of Wonder, Inc
[2010.01.22 19:16:17 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Engelmann Media
[2013.02.17 12:58:06 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\gtk-2.0
[2009.05.10 09:33:35 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\HEROLD Business Data
[2012.06.07 19:59:55 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\ICQ
[2011.01.19 20:19:56 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\mquadr.at
[2008.11.04 22:29:10 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\MyPhoneExplorer
[2012.09.05 18:34:03 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Octoshape
[2010.01.31 17:05:32 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\PIE
[2009.01.27 21:13:43 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\ScummVM
[2008.03.04 18:03:34 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Simple Sudoku
[2012.03.24 17:03:09 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\SimpleScreenshot
[2009.10.26 11:10:07 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Steinberg
[2008.10.10 19:17:47 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Stellarium
[2008.10.24 18:13:38 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Teleca
[2010.01.14 21:05:17 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Thunderbird
[2009.01.22 18:05:34 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\uTorrent
[2012.04.09 12:28:58 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\VDownloader
[2008.11.23 11:03:59 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\verwandt
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2008.02.16 14:13:08 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2009.12.11 00:39:25 | 000,000,000 | -HSD | M] -- C:\Boot
[2008.02.29 22:08:49 | 000,000,000 | ---D | M] -- C:\Cisco Systems
[2006.11.02 14:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2008.02.16 14:08:02 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2012.03.24 18:05:17 | 000,000,000 | ---D | M] -- C:\Fraps
[2013.02.26 18:26:26 | 000,000,000 | ---D | M] -- C:\gvu
[2008.02.16 15:11:36 | 000,000,000 | ---D | M] -- C:\MRecord
[2007.08.08 10:53:30 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2007.08.08 10:40:29 | 000,000,000 | ---D | M] -- C:\MyWorks
[2007.12.17 23:17:46 | 000,000,000 | ---D | M] -- C:\NVIDIA
[2008.02.17 16:07:14 | 000,000,000 | ---D | M] -- C:\PDFs
[2008.09.27 22:03:02 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2013.02.22 17:37:34 | 000,000,000 | R--D | M] -- C:\Program Files
[2013.02.26 10:37:12 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2008.02.16 14:08:02 | 000,000,000 | -HSD | M] -- C:\Programme
[2007.08.07 22:44:06 | 000,000,000 | ---D | M] -- C:\Service
[2008.05.09 14:24:37 | 000,000,000 | ---D | M] -- C:\Sierra
[2013.02.26 21:23:34 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012.11.18 07:55:55 | 000,000,000 | ---D | M] -- C:\temp
[2012.11.18 07:55:57 | 000,000,000 | R--D | M] -- C:\Users
[2013.02.25 21:07:49 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< C:\Windows\system32\*.tsp >
[2006.11.02 10:44:49 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp
[2006.11.02 10:44:49 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp
[2006.11.02 10:44:49 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp
[2006.11.02 10:44:49 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp
[2009.04.11 07:27:17 | 000,280,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp
[2006.11.02 14:01:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2006.11.02 14:01:49 | 000,032,510 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009.06.30 14:24:43 | 000,001,094 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2009.06.30 14:24:44 | 000,001,098 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2012.04.02 18:31:10 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
 
< MD5 for: AGP440.SYS  >
[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: AHCIX86S.SYS  >
[2006.12.29 00:51:56 | 000,110,592 | ---- | M] (ATI Technologies Inc.) MD5=67740F91B47434CC6173A35667A4BA66 -- C:\Windows\ConfigSetRoot\$oem$\$1\Driver\chip_ati_SB6xx\ahcix86s.sys
[2006.12.29 00:51:56 | 000,110,592 | ---- | M] (ATI Technologies Inc.) MD5=67740F91B47434CC6173A35667A4BA66 -- C:\Windows\System32\DriverStore\FileRepository\ahcix86s.inf_7154ed2b\ahcix86s.sys
 
< MD5 for: ATAPI.SYS  >
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008.02.16 14:30:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008.02.16 14:30:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008.02.16 14:30:29 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2008.10.29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008.10.30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2008.02.16 14:34:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2008.02.16 14:34:28 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008.10.28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006.11.02 10:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008.01.19 08:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2008.01.19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2006.11.02 10:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.19 08:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: NVSTOR32.SYS  >
[2007.04.19 12:12:58 | 000,102,696 | ---- | M] (NVIDIA Corporation) MD5=615D79A1D2C98817FF2FDEB1B167D808 -- C:\Windows\ConfigSetRoot\$oem$\$1\Driver\chip_nforce\IDE\WinVista\sata_ide\nvstor32.sys
[2007.04.19 12:12:58 | 000,102,696 | ---- | M] (NVIDIA Corporation) MD5=615D79A1D2C98817FF2FDEB1B167D808 -- C:\Windows\System32\DriverStore\FileRepository\nvstor32.inf_a195c2b5\nvstor32.sys
[2007.07.02 23:37:08 | 000,110,112 | ---- | M] (NVIDIA Corporation) MD5=A1CE1A6FD74C046F029448FCFA5E386D -- C:\Windows\System32\drivers\nvstor32.sys
[2007.07.02 23:37:08 | 000,110,112 | ---- | M] (NVIDIA Corporation) MD5=A1CE1A6FD74C046F029448FCFA5E386D -- C:\Windows\System32\DriverStore\FileRepository\nvstor32.inf_efe24208\nvstor32.sys
[2007.04.19 12:12:58 | 000,102,696 | ---- | M] (NVIDIA Corporation) MD5=E1C2036823B9E75535051499C61350F6 -- C:\Windows\ConfigSetRoot\$oem$\$1\Driver\chip_nforce\IDE\WinVista\sataraid\nvstor32.sys
[2007.04.19 12:12:58 | 000,102,696 | ---- | M] (NVIDIA Corporation) MD5=E1C2036823B9E75535051499C61350F6 -- C:\Windows\System32\DriverStore\FileRepository\nvrd32.inf_a8e6d559\nvstor32.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.19 08:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006.11.02 10:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2007.08.07 14:11:15 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll
[2007.08.07 14:11:16 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll
[2008.01.19 08:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2006.11.02 10:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006.11.02 10:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
 
< MD5 for: VIAMRAID.SYS  >
[2007.03.19 15:13:46 | 000,118,120 | ---- | M] (VIA Technologies inc,.ltd) MD5=503F50BF170661A23C2D50C423011469 -- C:\Windows\ConfigSetRoot\$oem$\$1\Driver\chip_via\VRAIDDrv\drvdisk\x86\NT4\viamraid.sys
[2007.03.19 15:13:46 | 000,118,120 | ---- | M] (VIA Technologies inc,.ltd) MD5=503F50BF170661A23C2D50C423011469 -- C:\Windows\ConfigSetRoot\$oem$\$1\Driver\chip_via\VRAIDDrv\NT4\viamraid.sys
[2007.03.19 15:13:46 | 000,118,120 | ---- | M] (VIA Technologies inc,.ltd) MD5=503F50BF170661A23C2D50C423011469 -- C:\Windows\ConfigSetRoot\$oem$\$1\Driver\Raid_via\VRAIDDrv\drvdisk\x86\NT4\viamraid.sys
[2007.03.19 15:13:46 | 000,118,120 | ---- | M] (VIA Technologies inc,.ltd) MD5=503F50BF170661A23C2D50C423011469 -- C:\Windows\ConfigSetRoot\$oem$\$1\Driver\Raid_via\VRAIDDrv\NT4\viamraid.sys
[2007.03.19 15:13:46 | 000,118,120 | ---- | M] (VIA Technologies inc,.ltd) MD5=503F50BF170661A23C2D50C423011469 -- C:\Windows\System32\DriverStore\FileRepository\viamraid.inf_8ad4dd6f\viamraid.sys
[2007.03.19 15:18:12 | 000,104,064 | ---- | M] (VIA Technologies inc,.ltd) MD5=85E9421C8A99D1291B43B9B59A669AC3 -- C:\Windows\ConfigSetRoot\$oem$\$1\Driver\chip_via\VRAIDDrv\2K\viamraid.sys
[2007.03.19 15:18:12 | 000,104,064 | ---- | M] (VIA Technologies inc,.ltd) MD5=85E9421C8A99D1291B43B9B59A669AC3 -- C:\Windows\ConfigSetRoot\$oem$\$1\Driver\chip_via\VRAIDDrv\drvdisk\x86\NT5\viamraid.sys
[2007.03.19 15:18:12 | 000,104,064 | ---- | M] (VIA Technologies inc,.ltd) MD5=85E9421C8A99D1291B43B9B59A669AC3 -- C:\Windows\ConfigSetRoot\$oem$\$1\Driver\chip_via\VRAIDDrv\SRV2003\x86\viamraid.sys
[2007.03.19 15:18:12 | 000,104,064 | ---- | M] (VIA Technologies inc,.ltd) MD5=85E9421C8A99D1291B43B9B59A669AC3 -- C:\Windows\ConfigSetRoot\$oem$\$1\Driver\chip_via\VRAIDDrv\XP\x86\viamraid.sys
[2007.03.19 15:18:12 | 000,104,064 | ---- | M] (VIA Technologies inc,.ltd) MD5=85E9421C8A99D1291B43B9B59A669AC3 -- C:\Windows\ConfigSetRoot\$oem$\$1\Driver\Raid_via\VRAIDDrv\2K\viamraid.sys
[2007.03.19 15:18:12 | 000,104,064 | ---- | M] (VIA Technologies inc,.ltd) MD5=85E9421C8A99D1291B43B9B59A669AC3 -- C:\Windows\ConfigSetRoot\$oem$\$1\Driver\Raid_via\VRAIDDrv\drvdisk\x86\NT5\viamraid.sys
[2007.03.19 15:18:12 | 000,104,064 | ---- | M] (VIA Technologies inc,.ltd) MD5=85E9421C8A99D1291B43B9B59A669AC3 -- C:\Windows\ConfigSetRoot\$oem$\$1\Driver\Raid_via\VRAIDDrv\SRV2003\x86\viamraid.sys
[2007.03.19 15:18:12 | 000,104,064 | ---- | M] (VIA Technologies inc,.ltd) MD5=85E9421C8A99D1291B43B9B59A669AC3 -- C:\Windows\ConfigSetRoot\$oem$\$1\Driver\Raid_via\VRAIDDrv\XP\x86\viamraid.sys
[2007.03.19 15:18:12 | 000,104,064 | ---- | M] (VIA Technologies inc,.ltd) MD5=85E9421C8A99D1291B43B9B59A669AC3 -- C:\Windows\System32\DriverStore\FileRepository\viamraid.inf_f8d8ab38\viamraid.sys
[2007.03.21 16:35:38 | 000,113,152 | ---- | M] (VIA Technologies Inc.,Ltd) MD5=8C7E7769643D3D17B8B67F99A6416C5B -- C:\Windows\ConfigSetRoot\$oem$\$1\Driver\chip_via\VRAIDDrv\drvdisk\VISTA\x86\viamraid.sys
[2007.03.21 16:35:38 | 000,113,152 | ---- | M] (VIA Technologies Inc.,Ltd) MD5=8C7E7769643D3D17B8B67F99A6416C5B -- C:\Windows\ConfigSetRoot\$oem$\$1\Driver\chip_via\VRAIDDrv\VISTA\x86\viamraid.sys
[2007.03.21 16:35:38 | 000,113,152 | ---- | M] (VIA Technologies Inc.,Ltd) MD5=8C7E7769643D3D17B8B67F99A6416C5B -- C:\Windows\ConfigSetRoot\$oem$\$1\Driver\Raid_via\VRAIDDrv\drvdisk\VISTA\x86\viamraid.sys
[2007.03.21 16:35:38 | 000,113,152 | ---- | M] (VIA Technologies Inc.,Ltd) MD5=8C7E7769643D3D17B8B67F99A6416C5B -- C:\Windows\ConfigSetRoot\$oem$\$1\Driver\Raid_via\VRAIDDrv\VISTA\x86\viamraid.sys
[2007.03.21 16:35:38 | 000,113,152 | ---- | M] (VIA Technologies Inc.,Ltd) MD5=8C7E7769643D3D17B8B67F99A6416C5B -- C:\Windows\System32\DriverStore\FileRepository\viamraid.inf_6fc4b61a\viamraid.sys
 
< MD5 for: VIPRT.SYS  >
[2007.03.26 14:26:00 | 000,052,224 | ---- | M] (VIA Technologies, Inc.) MD5=7C69B1B6DEC5F8584AA352E522AF1476 -- C:\Windows\ConfigSetRoot\$oem$\$1\Driver\chip_via\SATAIDE\W2K\ViPrt.sys
[2007.03.26 14:26:00 | 000,052,224 | ---- | M] (VIA Technologies, Inc.) MD5=7C69B1B6DEC5F8584AA352E522AF1476 -- C:\Windows\ConfigSetRoot\$oem$\$1\Driver\chip_via\SATAIDE\WNET\ViPrt.sys
[2007.03.26 14:26:00 | 000,052,224 | ---- | M] (VIA Technologies, Inc.) MD5=7C69B1B6DEC5F8584AA352E522AF1476 -- C:\Windows\ConfigSetRoot\$oem$\$1\Driver\chip_via\SATAIDE\WXP\ViPrt.sys
[2007.03.26 14:26:00 | 000,052,224 | ---- | M] (VIA Technologies, Inc.) MD5=7C69B1B6DEC5F8584AA352E522AF1476 -- C:\Windows\ConfigSetRoot\$oem$\$1\Driver\Raid_via_falcon\SATAIDE\W2K\ViPrt.sys
[2007.03.26 14:26:00 | 000,052,224 | ---- | M] (VIA Technologies, Inc.) MD5=7C69B1B6DEC5F8584AA352E522AF1476 -- C:\Windows\ConfigSetRoot\$oem$\$1\Driver\Raid_via_falcon\SATAIDE\WNET\ViPrt.sys
[2007.03.26 14:26:00 | 000,052,224 | ---- | M] (VIA Technologies, Inc.) MD5=7C69B1B6DEC5F8584AA352E522AF1476 -- C:\Windows\ConfigSetRoot\$oem$\$1\Driver\Raid_via_falcon\SATAIDE\WXP\ViPrt.sys
[2007.03.26 14:26:00 | 000,052,224 | ---- | M] (VIA Technologies, Inc.) MD5=7C69B1B6DEC5F8584AA352E522AF1476 -- C:\Windows\System32\drivers\ViPrt.sys
[2007.03.26 14:26:00 | 000,052,224 | ---- | M] (VIA Technologies, Inc.) MD5=7C69B1B6DEC5F8584AA352E522AF1476 -- C:\Windows\System32\DriverStore\FileRepository\viprt.inf_691e4045\ViPrt.sys
[2007.03.26 14:26:00 | 000,052,224 | ---- | M] (VIA Technologies, Inc.) MD5=A1B7CFFE5F09B825FBA506C4DE9FDAC7 -- C:\Windows\ConfigSetRoot\$oem$\$1\Driver\chip_via\SATAIDE\WLH\ViPrt.sys
[2007.03.26 14:26:00 | 000,052,224 | ---- | M] (VIA Technologies, Inc.) MD5=A1B7CFFE5F09B825FBA506C4DE9FDAC7 -- C:\Windows\ConfigSetRoot\$oem$\$1\Driver\Raid_via_falcon\SATAIDE\WLH\ViPrt.sys
[2007.03.26 14:26:00 | 000,052,224 | ---- | M] (VIA Technologies, Inc.) MD5=A1B7CFFE5F09B825FBA506C4DE9FDAC7 -- C:\Windows\System32\DriverStore\FileRepository\viprt.inf_86543378\ViPrt.sys
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006.11.02 10:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008.01.19 08:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2006.11.02 09:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys
[2008.01.19 06:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.19 06:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2006.11.02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006.11.02 11:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006.11.02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\system32\*.dll /lockedfiles >
[2011.11.01 09:32:27 | 000,353,792 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtmsft.dll
[2011.11.01 09:32:27 | 000,223,232 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtrans.dll
 
< %USERPROFILE%\*.* >
[2010.06.02 21:33:19 | 000,000,016 | ---- | M] () -- C:\Users\Admin\.gtk-bookmarks
[2010.10.09 22:43:39 | 000,000,678 | ---- | M] () -- C:\Users\Admin\.jmf-resource
[2013.02.17 12:58:06 | 002,185,489 | ---- | M] () -- C:\Users\Admin\.recently-used.xbel
[2013.02.26 21:40:58 | 023,855,104 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT
[2013.02.26 21:40:58 | 000,262,144 | -H-- | M] () -- C:\Users\Admin\ntuser.dat.LOG1
[2008.02.16 14:12:45 | 000,000,000 | -H-- | M] () -- C:\Users\Admin\ntuser.dat.LOG2
[2013.02.26 18:26:35 | 000,065,536 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2013.02.26 18:26:35 | 000,524,288 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2012.02.07 23:58:28 | 000,524,288 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2008.02.16 14:12:45 | 000,000,020 | -HS- | M] () -- C:\Users\Admin\ntuser.ini
[2012.05.31 17:30:18 | 000,136,297 | ---- | M] () -- C:\Users\Admin\SV100992.JPG
[2010.05.02 20:18:05 | 002,323,423 | ---- | M] () -- C:\Users\Admin\winmail.dat
[2011.03.10 19:22:38 | 000,000,058 | ---- | M] () -- C:\Users\Admin\WLAN-Key.txt
[1 C:\Users\Admin\*.tmp files -> C:\Users\Admin\*.tmp -> ]
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 229 bytes -> C:\ProgramData\TEMP:8FF81EB0
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:8C35AEA7

< End of report >
         


Extras.txt:
Code:
ATTFilter
OTL Extras logfile created on: 26.02.2013 21:20:43 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Admin\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,02 Gb Available Physical Memory | 50,89% Memory free
4,23 Gb Paging File | 2,93 Gb Available in Paging File | 69,23% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 58,81 Gb Total Space | 3,30 Gb Free Space | 5,60% Space Free | Partition Type: NTFS
Drive E: | 303,88 Gb Total Space | 50,24 Gb Free Space | 16,53% Space Free | Partition Type: NTFS
 
Computer Name: xxx| User Name: xxx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08DB5183-EFCA-4FDE-A3D0-608ABE137B59}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
"{3DF7B9F6-5FCC-460F-B3F9-549AE5F0F7CC}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{8D40CB43-613A-45E3-B963-6C645B47CA8E}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{13175683-C172-4B0E-AFB7-E1D7BB3B0D53}" = protocol=17 | dir=in | app=c:\program files\pdfcreator\pdfcreator.exe | 
"{13D459B2-100F-4AFD-8A7C-DA9C3C6F883A}" = protocol=6 | dir=in | app=e:\uig\skiworld simulator 2012\skiresort2012.dll | 
"{17BC21E2-5A67-4501-9EA5-F552F336FEA3}" = protocol=17 | dir=in | app=e:\uig\skiworld simulator 2012\iupdate.dll | 
"{1825AE9C-78A7-4560-B9C2-E27AD1232708}" = protocol=6 | dir=in | app=e:\uig\woodcutter simulator 2012\iupdate.dll | 
"{1B330C62-569E-4D41-8B36-99D4C23EBBF2}" = protocol=17 | dir=in | app=e:\christoph\hafensimulator\port simulator hamburg\port.hamburg2011.dll | 
"{277D8CA3-CF12-468B-AB00-7FE045BCB194}" = protocol=6 | dir=in | app=c:\program files\icq7.4\icq.exe | 
"{27AED3A9-C3AD-42D5-A627-7633F2ACD517}" = protocol=6 | dir=in | app=c:\program files\cisco systems\vpn client\ipsecdialer.exe | 
"{30799D7A-09E6-43B6-9CE2-152C61ED1385}" = protocol=17 | dir=in | app=c:\program files\a1 telekom austria\breitband-internet-installation\fixnet installer\installer.exe | 
"{33F1A9FA-A305-4FDC-89AE-9AF64BB2E3C7}" = protocol=17 | dir=in | app=e:\christoph\hafensimulator\port simulator hamburg\iupdate.dll | 
"{37135482-624F-4B6B-AB8C-0EE4DA273A21}" = protocol=6 | dir=in | app=e:\christoph\hafensimulator\port simulator hamburg\iupdate.dll | 
"{3B2228CD-9173-4D0B-9323-2D080A27A70E}" = protocol=6 | dir=in | app=e:\uig\skiworld simulator 2012\iupdate.dll | 
"{3FE858CF-D7AB-4DA2-A583-50302CD8C5B2}" = protocol=17 | dir=in | app=c:\program files\a1 telekom austria\breitband-internet-installation\fixnet installer\installer.exe | 
"{42CDDBAC-B65F-4C02-9419-27BFF78BF21B}" = protocol=17 | dir=in | app=c:\program files\cisco systems\vpn client\ipsecdialer.exe | 
"{6D163E66-996D-4D24-98E1-467C703E531A}" = protocol=6 | dir=in | app=c:\program files\icq7.4\icq.exe | 
"{71C8AA60-6091-480A-B3DE-A136D6CE5DDB}" = protocol=17 | dir=in | app=e:\uig\woodcutter simulator 2012\iupdate.dll | 
"{7BCC551B-01F6-4264-97CC-B96D194282CA}" = protocol=17 | dir=in | app=c:\program files\icq7.4\icq.exe | 
"{8CE47287-62A4-4C1D-A2CE-02E3C0038A2F}" = protocol=6 | dir=in | app=e:\uig\woodcutter simulator 2012\woodcutter2012.dll | 
"{8FE8D8BE-678E-4DB0-8ED9-21DBB31AE20A}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe | 
"{A0F3F6B1-6D10-490D-BB33-55A3921D2DF4}" = protocol=6 | dir=in | app=c:\program files\a1 telekom austria\breitband-internet-installation\fixnet installer\installer.exe | 
"{A202BD7E-D5F0-483E-8A12-318F6F954752}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 
"{A54D8482-25C1-4BCC-B062-DF04C6598FF3}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{A80A3CC8-3DB7-4955-92B6-025899B778F0}" = protocol=17 | dir=in | app=c:\program files\icq7.4\icq.exe | 
"{AAAA6E1B-F803-415E-8336-D27D37AD4024}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{C1A4A524-EA31-497D-BBB1-DC7204137DD8}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{C77FE59E-A20C-48E2-ACDF-19EAE1272FC4}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{C86E84A3-41CF-4B94-B45E-BC75F47947B4}" = protocol=6 | dir=in | app=c:\program files\pdfcreator\pdfcreator.exe | 
"{D151BF7F-E2D0-417B-996D-57F14867A6B2}" = protocol=17 | dir=in | app=e:\uig\woodcutter simulator 2012\woodcutter2012.dll | 
"{D7228DBA-5E90-4587-A4AB-9914652DE668}" = protocol=17 | dir=in | app=e:\uig\skiworld simulator 2012\skiresort2012.dll | 
"{E2DB2A7E-931E-47DF-B23F-B4CF315B5027}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{F5F4DBC0-E0FC-40AE-9287-EE42023110CB}" = protocol=6 | dir=in | app=c:\program files\a1 telekom austria\breitband-internet-installation\fixnet installer\installer.exe | 
"{FEBCAAE8-F575-407B-9CF9-21FCAF1A32E0}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe | 
"{FFA0D228-01D7-4A1C-A257-5A8876D90A21}" = protocol=6 | dir=in | app=e:\christoph\hafensimulator\port simulator hamburg\port.hamburg2011.dll | 
"TCP Query User{1B39E4E4-638B-44E6-B94B-1A9261365318}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"TCP Query User{4E2911F0-3351-4485-8513-C3A06098B978}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe | 
"TCP Query User{600C39FE-06EF-44FD-BC19-F1B2AA50583B}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe | 
"TCP Query User{677585DD-0B86-4555-B0BA-A462157ED360}C:\program files\bhv\puerto rico\puerto.exe" = protocol=6 | dir=in | app=c:\program files\bhv\puerto rico\puerto.exe | 
"TCP Query User{978003E3-45A0-4D04-ABEA-D25453EC6141}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{9B78F2CA-1E1B-4499-ADDE-92F1038B5871}C:\windows\system32\dpnsvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dpnsvr.exe | 
"TCP Query User{A0B5BD1B-36D3-425A-9209-ED12BE49D7F5}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"TCP Query User{A0D508B3-E7A7-4A4C-9F61-08987DE70421}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"TCP Query User{C30F5A6F-ABA7-46C2-8087-3B49664E8492}C:\program files\dartmoor\torres\bin\win32\torres.exe" = protocol=6 | dir=in | app=c:\program files\dartmoor\torres\bin\win32\torres.exe | 
"TCP Query User{C9DF1C0A-D030-4067-8783-064533E68525}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe | 
"TCP Query User{D21974EC-1820-4CFD-9100-96467F0E625C}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{DAA5967C-AB65-4EA3-9B49-8EDA5AEDCD1C}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{E2DD1035-45ED-43B5-B48F-3616F70B9301}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe | 
"TCP Query User{FEDB21D7-C433-4C95-A689-DA3AF8235528}C:\users\admin\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe" = protocol=6 | dir=in | app=c:\users\admin\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe | 
"UDP Query User{031DC278-3734-4571-97FC-C8ACD998A92C}C:\users\admin\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe" = protocol=17 | dir=in | app=c:\users\admin\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe | 
"UDP Query User{23DB7131-6EAB-437F-9051-D70573DD1CF6}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"UDP Query User{357DC6D6-FC99-45C0-B588-B892A4A610EE}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"UDP Query User{75B0AAA2-B4A9-40AC-A89B-3CD504E74524}C:\program files\bhv\puerto rico\puerto.exe" = protocol=17 | dir=in | app=c:\program files\bhv\puerto rico\puerto.exe | 
"UDP Query User{A855B18E-1398-4467-867A-16FF4BD3E147}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe | 
"UDP Query User{B3ABAA6A-4EAE-42A6-B1CF-DC32AC567A44}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{BCB7188E-7026-4CFA-A072-6A0F18BEC7DD}C:\windows\system32\dpnsvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dpnsvr.exe | 
"UDP Query User{C0C03951-0DCF-409E-8EDD-5BD4154515A8}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe | 
"UDP Query User{CE0A4A49-414F-4386-A292-F7623CE0C02F}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{CE9C2D9F-9908-4910-98DC-C95414851ADA}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{D0EAADB1-3EAA-405A-BE94-D6D892AA427E}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"UDP Query User{DB39FC79-F99B-475F-9A0D-9C112CB8AAA8}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe | 
"UDP Query User{ECBC7D79-3307-46DD-9F33-48A56040F273}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe | 
"UDP Query User{EF41CC69-77F8-4EF7-8BD0-3D599A6BC77D}C:\program files\dartmoor\torres\bin\win32\torres.exe" = protocol=17 | dir=in | app=c:\program files\dartmoor\torres\bin\win32\torres.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{05675D95-1567-4E00-A818-DB08064EA088}" = Sony Ericsson PC Suite
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0A755762-EED8-47AB-A446-505766F93D43}" = Atheros Communications Inc.(R) L2 Fast Ethernet Driver
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C4D84F4-90EA-452B-A03F-700DE569ED48}" = DNE Update
"{118B9B2E-F425-4A11-B640-1C743DD10128}" = Puerto Rico
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{1E5E2F9A-17D3-45CA-8FF0-B0C2927D4B03}" = MobileMe Control Panel
"{1ED31028-6D65-4CFD-AD03-8E484A052FE7}" = aonUpdate
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 37
"{26A24AE4-039D-4CA4-87B4-2F83217013FF}" = Java 7 Update 13
"{2D7B44B6-AB2C-44EA-90AD-D0D019195534}_is1" = TOPP Vorlagen-Druckstudio (3545)
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java(TM) 6 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{39F9C9CD-1912-4E29-A52E-ADB73D2FC1D5}" = BOINC
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F692FA9-348B-4264-B4EA-DE6BFA45D8AE}" = Microsoft WorldWide Telescope
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 5.0
"{43721D86-16D1-46BF-8353-37CD82333BC3}" = OpenOffice.org 2.4
"{447E3935-A085-42D4-0001-8BE5E4034B40}" = freeTunes*3.0
"{4767A89A-F6A5-41B1-903C-734483739882}" = Highspeed-Internet-Installation
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{537575D6-3B96-474C-BD8F-DFF667363DBD}" = Naviextras Toolbox Prerequesities
"{54490FED-042A-47E0-9037-BA6B8F21438C}" = El Grande
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6DE13770-01B7-4366-8DA6-48237793F445}" = VoiceOver Kit
"{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37}" = ICQ7.4
"{81063354-9060-42B2-A000-1EBE96778AA9}" = iTunes
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}_PROPLUS_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}_PROPLUS_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}_PROPLUS_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{904B64C4-49D8-4941-A2B6-D13D06C5CD8B}" = Controller
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A67BB21E-D419-45BB-AB86-7D87D14BBCE2}" = Safari
"{A7E19604-93AF-4611-8C9F-CE509C2B286E}_is1" = VDownloader 3.9.1154
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.4 - Deutsch
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{B8B4D43C-EAA0-4EEC-B93E-D4D012316286}" = Free DWG Viewer 6.0
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint 2.0
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C92E7DF1-624A-4D95-A4C4-18CB491B44A4}" = Sony Ericsson Device Data
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe  1.4.142.1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D25122BC-A60E-4663-B602-B01718F12044}" = Cisco Systems VPN Client 4.8.01.0300
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow! 1.0
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D5A9B7C0-8751-11D8-9D75-000129760D75}" = MediaShow 3.0
"{D6BF6477-8369-489F-8DE6-3731F4B88560}" = Sony Ericsson PC Suite
"{D8FF6E29-36B4-474F-A88F-973087650C00}" = CyberView X - SF v1.18c
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E193D669-6763-47F2-B75E-DE2A11F7F2C7}" = Torres
"{E1B2DF7C-A176-4A1D-9D32-3CEC5037A524}" = Apple Application Support
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{EDE721EC-870A-11D8-9D75-000129760D75}" = PowerDirector Express
"{EEF1D07A-1AFE-4D76-BE7F-F1E16FD2DBCD}" = Memoir '44 Editor
"{EEFE551E-A6C7-4A2A-8C92-C805523B3B0C}" = Sony Ericsson Drivers
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FFAB5ABB-8AAB-42E2-847F-1743E51E01E9}" = Disc2Phone
"0731-5765-0485-3896" = Ticket to Ride Online 1.1.4
"7-Zip" = 7-Zip 4.57
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Ahnenblatt_is1" = Ahnenblatt 2.59
"Anki" = Anki
"aonUpdate" = aonUpdate
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira Free Antivirus
"BSW" = BrettspielWelt
"Catan" = Catan
"Clean! 2.0" = Clean! 2.0
"Content Manager 2" = Content Manager 2
"Controller" = Controller
"DivXCodec" = DivX 4.11 Codec
"Elfenwelt - Abenteuer im Elfenland_is1" = Elfenwelt - Abenteuer im Elfenland
"Euphrat & Tigris" = Euphrat & Tigris (remove only)
"Fraps" = Fraps
"Free WMA to MP3 Converter_is1" = Free WMA to MP3 Converter 1.16
"HEROLD home CD" = HEROLD home CD
"Highspeed-Internet-Installation" = Highspeed-Internet-Installation
"ICQToolbar" = ICQ Toolbar
"Interactive Blues Harp Workshop_is1" = Voggenreiter's Interactive Blues Harp Workshop
"IrfanView" = IrfanView (remove only)
"Kardinal & König" = Kardinal & König
"Loewenherz" = Loewenherz (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"Mozilla Thunderbird 17.0.3 (x86 de)" = Mozilla Thunderbird 17.0.3 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MPE" = MyPhoneExplorer
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Picasa 3" = Picasa 3
"Port Simulator Hamburg" = Hafen Simulator Hamburg
"PROHYBRIDR" = 2007 Microsoft Office system
"PROPLUS" = Microsoft Office Professional Plus 2007
"ScummVM_is1" = ScummVM 0.12.0
"SimpleScreenshot" = SimpleScreenshot 1.40
"Skiworld Simulator 2012" = Skigebiet Simulator 2012
"Smart Editor Freeware" = Smart Editor Freeware (V3.0)
"SpaceShuttleMissionSimulator_is1" = SpaceShuttleMissionSimulator v5.30 G
"Stellarium_is1" = Stellarium 0.10.0
"Sweet Home 3D_is1" = Sweet Home 3D version 2.6
"Tikal" = Tikal (remove only)
"Update Service" = Update Service
"verwandt.de - Home Edition_is1" = verwandt.de - Home Edition 1.01
"Video mp3 Extractor_is1" = Video mp3 Extractor
"VLC media player" = VideoLAN VLC media player 0.8.6d
"VN_VUIns_Rhine_VIA" = VIA Rhine-Family Fast-Ethernet Adapter
"WaveLab Lite" = WaveLab Lite
"WinGimp-2.0_is1" = GIMP 2.4.4
"WinLiveSuite" = Windows Live Essentials
"Winmail Opener" = Winmail Opener 1.4
"WinPcapInst" = WinPcap 4.1.1
"Woodcutter Simulator 2012" = Holzfäller Simulator 2012
"Zynga Toolbar" = Zynga Toolbar
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Octoshape Streaming Services" = Octoshape Streaming Services
"sc09-ORF_MAIN" = ORF-Ski Challenge 2009
"uTorrent" = µTorrent
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 26.02.2013 06:27:19 | Computer Name = Admin-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 26.02.2013 06:27:19 | Computer Name = Admin-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 26.02.2013 06:27:19 | Computer Name = Admin-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 26.02.2013 06:27:19 | Computer Name = Admin-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 26.02.2013 06:27:19 | Computer Name = Admin-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 26.02.2013 06:27:20 | Computer Name = Admin-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 26.02.2013 06:27:20 | Computer Name = Admin-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 26.02.2013 06:27:20 | Computer Name = Admin-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 26.02.2013 06:27:20 | Computer Name = Admin-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 26.02.2013 13:12:45 | Computer Name = Admin-PC | Source = EventSystem | ID = 4609
Description = 
 
[ OSession Events ]
Error - 25.09.2011 11:33:40 | Computer Name = Admin-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6425.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3052
 seconds with 480 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 26.02.2013 13:13:58 | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 26.02.2013 13:13:58 | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 26.02.2013 13:13:58 | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 26.02.2013 13:13:58 | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 26.02.2013 13:13:58 | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 26.02.2013 13:13:58 | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 26.02.2013 13:13:58 | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 26.02.2013 13:13:58 | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 26.02.2013 13:13:58 | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 26.02.2013 13:30:10 | Computer Name = Admin-PC | Source = DCOM | ID = 10010
Description = 
 
 
< End of report >
         


Alt 26.02.2013, 22:10   #6
markusg
/// Malware-holic
 
EXP/CVE-2013-0422 (Trojan.FakeAlert) - Standard

EXP/CVE-2013-0422 (Trojan.FakeAlert)



Hi,
otl fix

Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:
ATTFilter
:OTL
IE - HKCU\..\URLSearchHook:  - No CLSID value found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - No CLSID value found.
O20 - HKCU Winlogon: Shell - ("C:\Users\Admin\AppData\Roaming\Microsoft\Windows\msshell.exe") -  File not found
:files
:Commands
[emptytemp]
         
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread
__________________
--> EXP/CVE-2013-0422 (Trojan.FakeAlert)

Alt 26.02.2013, 22:16   #7
muckl
 
EXP/CVE-2013-0422 (Trojan.FakeAlert) - Standard

EXP/CVE-2013-0422 (Trojan.FakeAlert)



Zitat:
Zitat von markusg Beitrag anzeigen
Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein.
was heißt "an entsprechender stelle" einfügen?? dort wo "no name" steht? welches ist der benutzername? (Siehe 1. Posting im Thread)

Alt 26.02.2013, 22:29   #8
markusg
/// Malware-holic
 
EXP/CVE-2013-0422 (Trojan.FakeAlert) - Standard

EXP/CVE-2013-0422 (Trojan.FakeAlert)



dein nutzername ist admin, da du nichts verendert hast, musst du nichts einfügen, deswegen steht da ja auch "solltest"
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 26.02.2013, 22:37   #9
muckl
 
EXP/CVE-2013-0422 (Trojan.FakeAlert) - Standard

EXP/CVE-2013-0422 (Trojan.FakeAlert)



ach, na dann...

Habe den Fix laufen lassen, der anschließend einen Reboot gefordert hat.
Während des Fix ist mal wieder die Avira-Meldung gekommen von wegen "Änderung an der Registry...". Soll ich nochmal was laufen lassen mit abgeschalteter Erkennung?

Hier das OTL-File:
Code:
ATTFilter
All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{31CF9EBE-5755-4A1D-AC25-2834D952D9B4} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31CF9EBE-5755-4A1D-AC25-2834D952D9B4}\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\msshell.exe" deleted successfully.
========== FILES ==========
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Admin
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 1259396909 bytes
->Java cache emptied: 19153589 bytes
->FireFox cache emptied: 309384168 bytes
->Apple Safari cache emptied: 22430720 bytes
->Flash cache emptied: 26869 bytes
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1577211994 bytes
RecycleBin emptied: 43216317 bytes
 
Total Files Cleaned = 3.081,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 02262013_222618

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
         

Alt 26.02.2013, 22:42   #10
markusg
/// Malware-holic
 
EXP/CVE-2013-0422 (Trojan.FakeAlert) - Standard

EXP/CVE-2013-0422 (Trojan.FakeAlert)



Hi
is ok so.
Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 26.02.2013, 22:58   #11
muckl
 
EXP/CVE-2013-0422 (Trojan.FakeAlert) - Standard

EXP/CVE-2013-0422 (Trojan.FakeAlert)



Interessehalber habe ich mit dem Malwarebytes nachgesehen - er findet noch immer diesen suspekten Eintrag... Habe ich mir gedacht, nachdem die Avira-Meldung beim Fixen kam.

TDSSKiller:
Code:
ATTFilter
22:52:56.0103 5272  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
22:52:56.0446 5272  ============================================================
22:52:56.0446 5272  Current date / time: 2013/02/26 22:52:56.0446
22:52:56.0446 5272  SystemInfo:
22:52:56.0446 5272  
22:52:56.0446 5272  OS Version: 6.0.6002 ServicePack: 2.0
22:52:56.0446 5272  Product type: Workstation
22:52:56.0446 5272  ComputerName: ADMIN-PC
22:52:56.0446 5272  UserName: Admin
22:52:56.0446 5272  Windows directory: C:\Windows
22:52:56.0446 5272  System windows directory: C:\Windows
22:52:56.0446 5272  Processor architecture: Intel x86
22:52:56.0446 5272  Number of processors: 2
22:52:56.0446 5272  Page size: 0x1000
22:52:56.0446 5272  Boot type: Normal boot
22:52:56.0446 5272  ============================================================
22:52:57.0367 5272  Drive \Device\Harddisk0\DR0 - Size: 0x5D27216000 (372.61 Gb), SectorSize: 0x200, Cylinders: 0xBE01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
22:52:57.0382 5272  ============================================================
22:52:57.0382 5272  \Device\Harddisk0\DR0:
22:52:57.0382 5272  MBR partitions:
22:52:57.0382 5272  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x13D3800
22:52:57.0382 5272  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x13D4000, BlocksNum 0x75A0000
22:52:57.0382 5272  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x8974000, BlocksNum 0x25FC4800
22:52:57.0382 5272  ============================================================
22:52:57.0398 5272  C: <-> \Device\Harddisk0\DR0\Partition2
22:52:57.0429 5272  E: <-> \Device\Harddisk0\DR0\Partition3
22:52:57.0429 5272  ============================================================
22:52:57.0429 5272  Initialize success
22:52:57.0429 5272  ============================================================
22:54:17.0707 5184  ============================================================
22:54:17.0707 5184  Scan started
22:54:17.0707 5184  Mode: Manual; SigCheck; TDLFS; 
22:54:17.0707 5184  ============================================================
22:54:20.0359 5184  ================ Scan system memory ========================
22:54:20.0359 5184  System memory - ok
22:54:20.0359 5184  ================ Scan services =============================
22:54:20.0546 5184  [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI            C:\Windows\system32\drivers\acpi.sys
22:54:20.0655 5184  ACPI - ok
22:54:20.0718 5184  [ 563CDCFEEAEF97163E206AF71A61AA6E ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
22:54:20.0733 5184  AdobeFlashPlayerUpdateSvc - ok
22:54:20.0780 5184  [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
22:54:20.0811 5184  adp94xx - ok
22:54:20.0842 5184  [ B84088CA3CDCA97DA44A984C6CE1CCAD ] adpahci         C:\Windows\system32\drivers\adpahci.sys
22:54:20.0858 5184  adpahci - ok
22:54:20.0874 5184  [ 7880C67BCCC27C86FD05AA2AFB5EA469 ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
22:54:20.0889 5184  adpu160m - ok
22:54:20.0905 5184  [ 9AE713F8E30EFC2ABCCD84904333DF4D ] adpu320         C:\Windows\system32\drivers\adpu320.sys
22:54:20.0920 5184  adpu320 - ok
22:54:20.0952 5184  [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
22:54:21.0108 5184  AeLookupSvc - ok
22:54:21.0154 5184  [ 3911B972B55FEA0478476B2E777B29FA ] AFD             C:\Windows\system32\drivers\afd.sys
22:54:21.0248 5184  AFD - ok
22:54:21.0279 5184  [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
22:54:21.0295 5184  aic78xx - ok
22:54:21.0310 5184  [ A1545B731579895D8CC44FC0481C1192 ] ALG             C:\Windows\System32\alg.exe
22:54:21.0466 5184  ALG - ok
22:54:21.0482 5184  [ 90395B64600EBB4552E26E178C94B2E4 ] aliide          C:\Windows\system32\drivers\aliide.sys
22:54:21.0498 5184  aliide - ok
22:54:21.0513 5184  [ 2B13E304C9DFDFA5EB582F6A149FA2C7 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
22:54:21.0529 5184  amdagp - ok
22:54:21.0544 5184  [ 0577DF1D323FE75A739C787893D300EA ] amdide          C:\Windows\system32\drivers\amdide.sys
22:54:21.0560 5184  amdide - ok
22:54:21.0591 5184  [ DC487885BCEF9F28EECE6FAC0E5DDFC5 ] AmdK7           C:\Windows\system32\drivers\amdk7.sys
22:54:21.0732 5184  AmdK7 - ok
22:54:21.0747 5184  [ 0CA0071DA4315B00FC1328CA86B425DA ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
22:54:21.0810 5184  AmdK8 - ok
22:54:21.0919 5184  [ 459465DA28E49B358ECFE0D788F328F4 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
22:54:21.0934 5184  AntiVirSchedulerService - ok
22:54:21.0981 5184  [ BCDD17E8469D647A71B347C4B6F86685 ] AntiVirService  C:\Program Files\Avira\AntiVir Desktop\avguard.exe
22:54:21.0981 5184  AntiVirService - ok
22:54:22.0028 5184  [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo         C:\Windows\System32\appinfo.dll
22:54:22.0106 5184  Appinfo - ok
22:54:22.0215 5184  [ 4B5AE15E5C73EB4DC8DBEC2788230D41 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
22:54:22.0231 5184  Apple Mobile Device - ok
22:54:22.0246 5184  [ 5F673180268BB1FDB69C99B6619FE379 ] arc             C:\Windows\system32\drivers\arc.sys
22:54:22.0262 5184  arc - ok
22:54:22.0293 5184  [ 957F7540B5E7F602E44648C7DE5A1C05 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
22:54:22.0293 5184  arcsas - ok
22:54:22.0340 5184  [ 1E0EEB62964513F4F1E18FEE3C69C43D ] Asapi           C:\Windows\system32\drivers\Asapi.sys
22:54:22.0356 5184  Asapi ( UnsignedFile.Multi.Generic ) - warning
22:54:22.0356 5184  Asapi - detected UnsignedFile.Multi.Generic (1)
22:54:22.0387 5184  [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
22:54:22.0434 5184  AsyncMac - ok
22:54:22.0465 5184  [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi           C:\Windows\system32\drivers\atapi.sys
22:54:22.0480 5184  atapi - ok
22:54:22.0512 5184  [ 150E93D394FE766C0106A3E4183BBE27 ] Atc002          C:\Windows\system32\DRIVERS\l260x86.sys
22:54:22.0543 5184  Atc002 - ok
22:54:22.0590 5184  [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
22:54:22.0636 5184  AudioEndpointBuilder - ok
22:54:22.0652 5184  [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv        C:\Windows\System32\Audiosrv.dll
22:54:22.0683 5184  Audiosrv - ok
22:54:22.0730 5184  [ A5C175039B1D6D85D0E79F5855828E4D ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
22:54:22.0808 5184  avgntflt - ok
22:54:22.0839 5184  [ 37B854C7D1F477E66C5B49C7700C47CC ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
22:54:22.0855 5184  avipbb - ok
22:54:22.0870 5184  [ CC4EBA25D80DE42BBC2BF3E553219388 ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
22:54:22.0870 5184  avkmgr - ok
22:54:22.0917 5184  [ 509F672686AF40F95859FDE67108449B ] BCM43XX         C:\Windows\system32\DRIVERS\bcmwl6.sys
22:54:23.0011 5184  BCM43XX - ok
22:54:23.0042 5184  [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep            C:\Windows\system32\drivers\Beep.sys
22:54:23.0089 5184  Beep - ok
22:54:23.0136 5184  [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE             C:\Windows\System32\bfe.dll
22:54:23.0198 5184  BFE - ok
22:54:23.0260 5184  [ 93952506C6D67330367F7E7934B6A02F ] BITS            C:\Windows\System32\qmgr.dll
22:54:23.0323 5184  BITS - ok
22:54:23.0338 5184  blbdrive - ok
22:54:23.0385 5184  [ 3F56903E124E820AEECE6D471583C6C1 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
22:54:23.0401 5184  Bonjour Service - ok
22:54:23.0416 5184  [ 35F376253F687BDE63976CCB3F2108CA ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
22:54:23.0463 5184  bowser - ok
22:54:23.0510 5184  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
22:54:23.0526 5184  BrFiltLo - ok
22:54:23.0541 5184  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
22:54:23.0572 5184  BrFiltUp - ok
22:54:23.0604 5184  [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser         C:\Windows\System32\browser.dll
22:54:23.0650 5184  Browser - ok
22:54:23.0666 5184  [ B304E75CFF293029EDDF094246747113 ] Brserid         C:\Windows\system32\drivers\brserid.sys
22:54:23.0713 5184  Brserid - ok
22:54:23.0728 5184  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
22:54:23.0791 5184  BrSerWdm - ok
22:54:23.0791 5184  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
22:54:23.0853 5184  BrUsbMdm - ok
22:54:23.0869 5184  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
22:54:23.0931 5184  BrUsbSer - ok
22:54:23.0947 5184  [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
22:54:23.0994 5184  BTHMODEM - ok
22:54:24.0040 5184  [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
22:54:24.0087 5184  cdfs - ok
22:54:24.0118 5184  [ 6B4BFFB9BECD728097024276430DB314 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
22:54:24.0150 5184  cdrom - ok
22:54:24.0196 5184  [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc     C:\Windows\System32\certprop.dll
22:54:24.0228 5184  CertPropSvc - ok
22:54:24.0243 5184  [ DA8E0AFC7BAA226C538EF53AC2F90897 ] circlass        C:\Windows\system32\drivers\circlass.sys
22:54:24.0290 5184  circlass - ok
22:54:24.0321 5184  [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS            C:\Windows\system32\CLFS.sys
22:54:24.0352 5184  CLFS - ok
22:54:24.0399 5184  [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:54:24.0415 5184  clr_optimization_v2.0.50727_32 - ok
22:54:24.0493 5184  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:54:24.0508 5184  clr_optimization_v4.0.30319_32 - ok
22:54:24.0555 5184  [ 0FED59EDB4A83FF17F1778827B88AB1A ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
22:54:24.0602 5184  CmBatt - ok
22:54:24.0618 5184  [ 45201046C776FFDAF3FC8A0029C581C8 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
22:54:24.0633 5184  cmdide - ok
22:54:24.0649 5184  [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
22:54:24.0664 5184  Compbatt - ok
22:54:24.0664 5184  COMSysApp - ok
22:54:24.0680 5184  [ 2A213AE086BBEC5E937553C7D9A2B22C ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
22:54:24.0696 5184  crcdisk - ok
22:54:24.0711 5184  [ 22A7F883508176489F559EE745B5BF5D ] Crusoe          C:\Windows\system32\drivers\crusoe.sys
22:54:24.0774 5184  Crusoe - ok
22:54:24.0805 5184  [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
22:54:24.0867 5184  CryptSvc - ok
22:54:24.0898 5184  [ 5C706C06C1279952D2CC1A609CA948BF ] CVirtA          C:\Windows\system32\DRIVERS\CVirtA.sys
22:54:24.0945 5184  CVirtA - ok
22:54:24.0992 5184  [ EEDBAB8486E358CDD6687E666941B30C ] CVPND           C:\Program Files\Cisco\VPN Client 48\cvpnd.exe
22:54:25.0132 5184  CVPND - ok
22:54:25.0195 5184  [ 5BA042BCAB6246C6BBA51606AFD7B488 ] CVPNDRVA        C:\Windows\system32\Drivers\CVPNDRVA.sys
22:54:25.0210 5184  CVPNDRVA ( UnsignedFile.Multi.Generic ) - warning
22:54:25.0210 5184  CVPNDRVA - detected UnsignedFile.Multi.Generic (1)
22:54:25.0257 5184  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch      C:\Windows\system32\rpcss.dll
22:54:25.0320 5184  DcomLaunch - ok
22:54:25.0382 5184  [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
22:54:25.0444 5184  DfsC - ok
22:54:25.0647 5184  [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR            C:\Windows\system32\DFSR.exe
22:54:25.0803 5184  DFSR - ok
22:54:25.0850 5184  [ 9028559C132146FB75EB7ACF384B086A ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
22:54:25.0881 5184  Dhcp - ok
22:54:25.0912 5184  [ 5D4AEFC3386920236A548271F8F1AF6A ] disk            C:\Windows\system32\drivers\disk.sys
22:54:25.0928 5184  disk - ok
22:54:25.0959 5184  [ 3BE6CEC4503989D44C2C7CE0C7CEED22 ] DNE             C:\Windows\system32\DRIVERS\dne2000.sys
22:54:25.0975 5184  DNE - ok
22:54:26.0006 5184  [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache        C:\Windows\System32\dnsrslvr.dll
22:54:26.0037 5184  Dnscache - ok
22:54:26.0068 5184  [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc         C:\Windows\System32\dot3svc.dll
22:54:26.0115 5184  dot3svc - ok
22:54:26.0146 5184  [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS             C:\Windows\system32\dps.dll
22:54:26.0178 5184  DPS - ok
22:54:26.0209 5184  [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
22:54:26.0240 5184  drmkaud - ok
22:54:26.0287 5184  [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
22:54:26.0334 5184  DXGKrnl - ok
22:54:26.0349 5184  [ F88FB26547FD2CE6D0A5AF2985892C48 ] E1G60           C:\Windows\system32\DRIVERS\E1G60I32.sys
22:54:26.0427 5184  E1G60 - ok
22:54:26.0474 5184  [ C0B95E40D85CD807D614E264248A45B9 ] EapHost         C:\Windows\System32\eapsvc.dll
22:54:26.0490 5184  EapHost - ok
22:54:26.0536 5184  [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache          C:\Windows\system32\drivers\ecache.sys
22:54:26.0552 5184  Ecache - ok
22:54:26.0614 5184  [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
22:54:26.0646 5184  ehRecvr - ok
22:54:26.0661 5184  [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched         C:\Windows\ehome\ehsched.exe
22:54:26.0724 5184  ehSched - ok
22:54:26.0739 5184  [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart         C:\Windows\ehome\ehstart.dll
22:54:26.0755 5184  ehstart - ok
22:54:26.0786 5184  [ E8F3F21A71720C84BCF423B80028359F ] elxstor         C:\Windows\system32\drivers\elxstor.sys
22:54:26.0817 5184  elxstor - ok
22:54:26.0848 5184  [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt         C:\Windows\system32\emdmgmt.dll
22:54:26.0958 5184  EMDMgmt - ok
22:54:26.0989 5184  [ 1FA3F9DF8983873746FA6B72DD7E3C2C ] EMSCR           C:\Windows\system32\DRIVERS\EMS7SK.sys
22:54:27.0036 5184  EMSCR - ok
22:54:27.0067 5184  [ 9C7487253AAD6BF61F9BC83D50E32CCC ] ESDCR           C:\Windows\system32\DRIVERS\ESD7SK.sys
22:54:27.0098 5184  ESDCR - ok
22:54:27.0176 5184  [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem     C:\Windows\system32\es.dll
22:54:27.0223 5184  EventSystem - ok
22:54:27.0270 5184  [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat           C:\Windows\system32\drivers\exfat.sys
22:54:27.0316 5184  exfat - ok
22:54:27.0348 5184  [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
22:54:27.0379 5184  fastfat - ok
22:54:27.0394 5184  [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
22:54:27.0441 5184  fdc - ok
22:54:27.0457 5184  [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost         C:\Windows\system32\fdPHost.dll
22:54:27.0488 5184  fdPHost - ok
22:54:27.0519 5184  [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub        C:\Windows\system32\fdrespub.dll
22:54:27.0566 5184  FDResPub - ok
22:54:27.0597 5184  [ 8787449F8EF116DB0E8E06C3555746A7 ] FET5X86V        C:\Windows\system32\DRIVERS\fetnd5bv.sys
22:54:27.0628 5184  FET5X86V - ok
22:54:27.0660 5184  [ B2B2C38E916184FF8523C7439DDD417F ] FETNDIS         C:\Windows\system32\DRIVERS\fetnd5.sys
22:54:27.0706 5184  FETNDIS - ok
22:54:27.0738 5184  [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
22:54:27.0753 5184  FileInfo - ok
22:54:27.0769 5184  [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
22:54:27.0831 5184  Filetrace - ok
22:54:27.0862 5184  [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
22:54:27.0894 5184  flpydisk - ok
22:54:27.0940 5184  [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
22:54:27.0956 5184  FltMgr - ok
22:54:28.0018 5184  [ 8CE364388C8ECA59B14B539179276D44 ] FontCache       C:\Windows\system32\FntCache.dll
22:54:28.0081 5184  FontCache - ok
22:54:28.0128 5184  [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
22:54:28.0143 5184  FontCache3.0.0.0 - ok
22:54:28.0174 5184  [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
22:54:28.0221 5184  Fs_Rec - ok
22:54:28.0252 5184  [ 4E1CD0A45C50A8882616CAE5BF82F3C5 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
22:54:28.0268 5184  gagp30kx - ok
22:54:28.0299 5184  [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM     C:\Windows\system32\Drivers\GEARAspiWDM.sys
22:54:28.0315 5184  GEARAspiWDM - ok
22:54:28.0377 5184  [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc           C:\Windows\System32\gpsvc.dll
22:54:28.0440 5184  gpsvc - ok
22:54:28.0502 5184  [ 626A24ED1228580B9518C01930936DF9 ] gupdate1c9f7cecfb944df C:\Program Files\Google\Update\GoogleUpdate.exe
22:54:28.0518 5184  gupdate1c9f7cecfb944df - ok
22:54:28.0533 5184  [ 626A24ED1228580B9518C01930936DF9 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
22:54:28.0549 5184  gupdatem - ok
22:54:28.0596 5184  [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc           C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
22:54:28.0611 5184  gusvc - ok
22:54:28.0642 5184  [ D5207299601C00BF13898976AA52410F ] HdAudAddService C:\Windows\system32\drivers\viahduaa.sys
22:54:28.0689 5184  HdAudAddService - ok
22:54:28.0736 5184  [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
22:54:28.0814 5184  HDAudBus - ok
22:54:28.0845 5184  [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth          C:\Windows\system32\drivers\hidbth.sys
22:54:28.0908 5184  HidBth - ok
22:54:28.0908 5184  [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr           C:\Windows\system32\drivers\hidir.sys
22:54:28.0970 5184  HidIr - ok
22:54:29.0001 5184  [ 84067081F3318162797385E11A8F0582 ] hidserv         C:\Windows\system32\hidserv.dll
22:54:29.0048 5184  hidserv - ok
22:54:29.0079 5184  [ CCA4B519B17E23A00B826C55716809CC ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
22:54:29.0110 5184  HidUsb - ok
22:54:29.0142 5184  [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc          C:\Windows\system32\kmsvc.dll
22:54:29.0173 5184  hkmsvc - ok
22:54:29.0188 5184  [ DF353B401001246853763C4B7AAA6F50 ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys
22:54:29.0204 5184  HpCISSs - ok
22:54:29.0235 5184  [ F870AA3E254628EBEAFE754108D664DE ] HTTP            C:\Windows\system32\drivers\HTTP.sys
22:54:29.0313 5184  HTTP - ok
22:54:29.0344 5184  [ 324C2152FF2C61ABAE92D09F3CCA4D63 ] i2omp           C:\Windows\system32\drivers\i2omp.sys
22:54:29.0360 5184  i2omp - ok
22:54:29.0407 5184  [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
22:54:29.0438 5184  i8042prt - ok
22:54:29.0454 5184  [ C957BF4B5D80B46C5017BF0101E6C906 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys
22:54:29.0469 5184  iaStorV - ok
22:54:29.0532 5184  [ F88E5DC5CA4C3F1AEB32169AB20D0B5A ] ICQ Service     C:\Program Files\ICQ6Toolbar\ICQ Service.exe
22:54:29.0547 5184  ICQ Service - ok
22:54:29.0610 5184  [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
22:54:29.0688 5184  idsvc - ok
22:54:29.0750 5184  [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
22:54:29.0766 5184  iirsp - ok
22:54:29.0844 5184  [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT          C:\Windows\System32\ikeext.dll
22:54:29.0906 5184  IKEEXT - ok
22:54:29.0984 5184  [ 6F62BAFE6150F3952F877051C65786FE ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
22:54:30.0078 5184  IntcAzAudAddService - ok
22:54:30.0109 5184  [ 97469037714070E45194ED318D636401 ] intelide        C:\Windows\system32\drivers\intelide.sys
22:54:30.0124 5184  intelide - ok
22:54:30.0156 5184  [ 224191001E78C89DFA78924C3EA595FF ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
22:54:30.0202 5184  intelppm - ok
22:54:30.0234 5184  [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
22:54:30.0265 5184  IPBusEnum - ok
22:54:30.0296 5184  [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:54:30.0343 5184  IpFilterDriver - ok
22:54:30.0358 5184  [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
22:54:30.0421 5184  iphlpsvc - ok
22:54:30.0436 5184  IpInIp - ok
22:54:30.0452 5184  [ 40F34F8ABA2A015D780E4B09138B6C17 ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys
22:54:30.0530 5184  IPMIDRV - ok
22:54:30.0561 5184  [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys
22:54:30.0608 5184  IPNAT - ok
22:54:30.0639 5184  [ 1E6F080D5EDB4C3B4C4EB787A0848DCC ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
22:54:30.0686 5184  iPod Service - ok
22:54:30.0748 5184  [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
22:54:30.0780 5184  IRENUM - ok
22:54:30.0826 5184  [ 350FCA7E73CF65BCEF43FAE1E4E91293 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
22:54:30.0842 5184  isapnp - ok
22:54:30.0873 5184  [ 232FA340531D940AAC623B121A595034 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
22:54:30.0889 5184  iScsiPrt - ok
22:54:30.0920 5184  [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
22:54:30.0936 5184  iteatapi - ok
22:54:30.0951 5184  [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid         C:\Windows\system32\drivers\iteraid.sys
22:54:30.0967 5184  iteraid - ok
22:54:30.0982 5184  [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
22:54:30.0998 5184  kbdclass - ok
22:54:31.0029 5184  [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
22:54:31.0060 5184  kbdhid - ok
22:54:31.0076 5184  [ A3E186B4B935905B829219502557314E ] KeyIso          C:\Windows\system32\lsass.exe
22:54:31.0123 5184  KeyIso - ok
22:54:31.0154 5184  [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
22:54:31.0201 5184  KSecDD - ok
22:54:31.0279 5184  [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm           C:\Windows\system32\msdtckrm.dll
22:54:31.0357 5184  KtmRm - ok
22:54:31.0388 5184  [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer    C:\Windows\system32\srvsvc.dll
22:54:31.0466 5184  LanmanServer - ok
22:54:31.0482 5184  [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
22:54:31.0544 5184  LanmanWorkstation - ok
22:54:31.0591 5184  [ 793FF718477345CD5D232C50BED1E452 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
22:54:31.0606 5184  LightScribeService ( UnsignedFile.Multi.Generic ) - warning
22:54:31.0606 5184  LightScribeService - detected UnsignedFile.Multi.Generic (1)
22:54:31.0638 5184  [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
22:54:31.0669 5184  lltdio - ok
22:54:31.0700 5184  [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
22:54:31.0731 5184  lltdsvc - ok
22:54:31.0762 5184  [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts         C:\Windows\System32\lmhsvc.dll
22:54:31.0809 5184  lmhosts - ok
22:54:31.0840 5184  [ A2262FB9F28935E862B4DB46438C80D2 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
22:54:31.0856 5184  LSI_FC - ok
22:54:31.0872 5184  [ 30D73327D390F72A62F32C103DAF1D6D ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
22:54:31.0887 5184  LSI_SAS - ok
22:54:31.0918 5184  [ E1E36FEFD45849A95F1AB81DE0159FE3 ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
22:54:31.0934 5184  LSI_SCSI - ok
22:54:31.0950 5184  [ 8F5C7426567798E62A3B3614965D62CC ] luafv           C:\Windows\system32\drivers\luafv.sys
22:54:31.0996 5184  luafv - ok
22:54:32.0028 5184  [ 629CABB0421668C9D3D402A3C3D77E14 ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
22:54:32.0043 5184  MBAMProtector - ok
22:54:32.0230 5184  [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler   E:\downloads\Malwarebytes' Anti-Malware\mbamscheduler.exe
22:54:32.0262 5184  MBAMScheduler - ok
22:54:32.0308 5184  [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService     E:\downloads\Malwarebytes' Anti-Malware\mbamservice.exe
22:54:32.0340 5184  MBAMService - ok
22:54:32.0371 5184  [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
22:54:32.0402 5184  Mcx2Svc - ok
22:54:32.0418 5184  [ D153B14FC6598EAE8422A2037553ADCE ] megasas         C:\Windows\system32\drivers\megasas.sys
22:54:32.0433 5184  megasas - ok
22:54:32.0464 5184  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS           C:\Windows\system32\mmcss.dll
22:54:32.0511 5184  MMCSS - ok
22:54:32.0542 5184  [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem           C:\Windows\system32\drivers\modem.sys
22:54:32.0574 5184  Modem - ok
22:54:32.0605 5184  [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
22:54:32.0652 5184  monitor - ok
22:54:32.0667 5184  [ 5BF6A1326A335C5298477754A506D263 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
22:54:32.0683 5184  mouclass - ok
22:54:32.0698 5184  [ A3A6DFF7E9E757DB3DF51A833BC28885 ] mouhid          C:\Windows\system32\drivers\mouhid.sys
22:54:32.0745 5184  mouhid - ok
22:54:32.0776 5184  [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
22:54:32.0792 5184  MountMgr - ok
22:54:32.0839 5184  [ ECE7906E074FA5AAC14AF711F65AC979 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
22:54:32.0854 5184  MozillaMaintenance - ok
22:54:32.0886 5184  [ 583A41F26278D9E0EA548163D6139397 ] mpio            C:\Windows\system32\drivers\mpio.sys
22:54:32.0901 5184  mpio - ok
22:54:32.0932 5184  [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
22:54:32.0964 5184  mpsdrv - ok
22:54:32.0995 5184  [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc          C:\Windows\system32\mpssvc.dll
22:54:33.0042 5184  MpsSvc - ok
22:54:33.0057 5184  [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
22:54:33.0073 5184  Mraid35x - ok
22:54:33.0104 5184  [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
22:54:33.0135 5184  MRxDAV - ok
22:54:33.0166 5184  [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
22:54:33.0213 5184  mrxsmb - ok
22:54:33.0260 5184  [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:54:33.0291 5184  mrxsmb10 - ok
22:54:33.0307 5184  [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:54:33.0322 5184  mrxsmb20 - ok
22:54:33.0338 5184  [ 742AED7939E734C36B7E8D6228CE26B7 ] msahci          C:\Windows\system32\drivers\msahci.sys
22:54:33.0354 5184  msahci - ok
22:54:33.0369 5184  [ 3FC82A2AE4CC149165A94699183D3028 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
22:54:33.0385 5184  msdsm - ok
22:54:33.0416 5184  [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC           C:\Windows\System32\msdtc.exe
22:54:33.0463 5184  MSDTC - ok
22:54:33.0494 5184  [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
22:54:33.0541 5184  Msfs - ok
22:54:33.0572 5184  [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
22:54:33.0588 5184  msisadrv - ok
22:54:33.0619 5184  [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
22:54:33.0666 5184  MSiSCSI - ok
22:54:33.0666 5184  msiserver - ok
22:54:33.0697 5184  [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
22:54:33.0712 5184  MSKSSRV - ok
22:54:33.0744 5184  [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
22:54:33.0775 5184  MSPCLOCK - ok
22:54:33.0806 5184  [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
22:54:33.0822 5184  MSPQM - ok
22:54:33.0868 5184  [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
22:54:33.0900 5184  MsRPC - ok
22:54:33.0915 5184  [ E384487CB84BE41D09711C30CA79646C ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
22:54:33.0931 5184  mssmbios - ok
22:54:33.0946 5184  [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
22:54:33.0978 5184  MSTEE - ok
22:54:33.0993 5184  [ DCDAAB8697A47894A554050CE18D0B56 ] MTsensor        C:\Windows\system32\DRIVERS\ASACPI.sys
22:54:34.0040 5184  MTsensor - ok
22:54:34.0071 5184  [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup             C:\Windows\system32\Drivers\mup.sys
22:54:34.0087 5184  Mup - ok
22:54:34.0118 5184  [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent        C:\Windows\system32\qagentRT.dll
22:54:34.0149 5184  napagent - ok
22:54:34.0196 5184  [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
22:54:34.0212 5184  NativeWifiP - ok
22:54:34.0258 5184  [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS            C:\Windows\system32\drivers\ndis.sys
22:54:34.0305 5184  NDIS - ok
22:54:34.0352 5184  [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
22:54:34.0368 5184  NdisTapi - ok
22:54:34.0399 5184  [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
22:54:34.0430 5184  Ndisuio - ok
22:54:34.0461 5184  [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
22:54:34.0492 5184  NdisWan - ok
22:54:34.0508 5184  [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
22:54:34.0555 5184  NDProxy - ok
22:54:34.0570 5184  [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
22:54:34.0602 5184  NetBIOS - ok
22:54:34.0633 5184  [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt           C:\Windows\system32\DRIVERS\netbt.sys
22:54:34.0648 5184  netbt - ok
22:54:34.0664 5184  [ A3E186B4B935905B829219502557314E ] Netlogon        C:\Windows\system32\lsass.exe
22:54:34.0695 5184  Netlogon - ok
22:54:34.0726 5184  [ C8052711DAECC48B982434C5116CA401 ] Netman          C:\Windows\System32\netman.dll
22:54:34.0758 5184  Netman - ok
22:54:34.0789 5184  [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm        C:\Windows\System32\netprofm.dll
22:54:34.0820 5184  netprofm - ok
22:54:34.0867 5184  [ 3E8AF59AE2807D891B2E3C0A65875FE8 ] netr73          C:\Windows\system32\DRIVERS\netr73.sys
22:54:34.0929 5184  netr73 - ok
22:54:34.0945 5184  [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:54:34.0960 5184  NetTcpPortSharing - ok
22:54:34.0992 5184  [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
22:54:35.0007 5184  nfrd960 - ok
22:54:35.0038 5184  [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc          C:\Windows\System32\nlasvc.dll
22:54:35.0070 5184  NlaSvc - ok
22:54:35.0116 5184  [ B9730495E0CF674680121E34BD95A73B ] npf             C:\Windows\system32\drivers\npf.sys
22:54:35.0116 5184  npf - ok
22:54:35.0148 5184  [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
22:54:35.0179 5184  Npfs - ok
22:54:35.0226 5184  [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi             C:\Windows\system32\nsisvc.dll
22:54:35.0257 5184  nsi - ok
22:54:35.0272 5184  [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
22:54:35.0304 5184  nsiproxy - ok
22:54:35.0350 5184  [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
22:54:35.0428 5184  Ntfs - ok
22:54:35.0475 5184  [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi       C:\Windows\system32\drivers\ntrigdigi.sys
22:54:35.0538 5184  ntrigdigi - ok
22:54:35.0553 5184  [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null            C:\Windows\system32\drivers\Null.sys
22:54:35.0584 5184  Null - ok
22:54:35.0631 5184  [ 74C825C573AA6E115590D94E7BF86901 ] NVENETFD        C:\Windows\system32\DRIVERS\nvmfdx32.sys
22:54:35.0694 5184  NVENETFD - ok
22:54:36.0364 5184  [ 0A1B502CBC8230DA74BEFBAADDB58916 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
22:54:36.0692 5184  nvlddmkm - ok
22:54:36.0723 5184  [ E69E946F80C1C31C53003BFBF50CBB7C ] nvraid          C:\Windows\system32\drivers\nvraid.sys
22:54:36.0723 5184  nvraid - ok
22:54:36.0739 5184  [ 9E0BA19A28C498A6D323D065DB76DFFC ] nvstor          C:\Windows\system32\drivers\nvstor.sys
22:54:36.0754 5184  nvstor - ok
22:54:36.0770 5184  [ A1CE1A6FD74C046F029448FCFA5E386D ] nvstor32        C:\Windows\system32\DRIVERS\nvstor32.sys
22:54:36.0786 5184  nvstor32 - ok
22:54:36.0832 5184  [ EB5A13F9139F20AD71ADF4BF79C3AA29 ] nvsvc           C:\Windows\system32\nvvsvc.exe
22:54:36.0895 5184  nvsvc - ok
22:54:36.0957 5184  [ 0629259E3AF6BB0534FCECA208973404 ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
22:54:37.0035 5184  nvUpdatusService - ok
22:54:37.0051 5184  [ 07C186427EB8FCC3D8D7927187F260F7 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
22:54:37.0082 5184  nv_agp - ok
22:54:37.0082 5184  NwlnkFlt - ok
22:54:37.0098 5184  NwlnkFwd - ok
22:54:37.0160 5184  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
22:54:37.0176 5184  odserv - ok
22:54:37.0207 5184  [ BE32DA025A0BE1878F0EE8D6D9386CD5 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
22:54:37.0254 5184  ohci1394 - ok
22:54:37.0285 5184  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:54:37.0300 5184  ose - ok
22:54:37.0347 5184  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc        C:\Windows\system32\p2psvc.dll
22:54:37.0456 5184  p2pimsvc - ok
22:54:37.0472 5184  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc          C:\Windows\system32\p2psvc.dll
22:54:37.0519 5184  p2psvc - ok
22:54:37.0550 5184  [ 8A79FDF04A73428597E2CAF9D0D67850 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
22:54:37.0597 5184  Parport - ok
22:54:37.0628 5184  [ B9C2B89F08670E159F7181891E449CD9 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
22:54:37.0644 5184  partmgr - ok
22:54:37.0659 5184  [ 6C580025C81CAF3AE9E3617C22CAD00E ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys
22:54:37.0690 5184  Parvdm - ok
22:54:37.0722 5184  [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc          C:\Windows\System32\pcasvc.dll
22:54:37.0768 5184  PcaSvc - ok
22:54:37.0784 5184  [ 941DC1D19E7E8620F40BBC206981EFDB ] pci             C:\Windows\system32\drivers\pci.sys
22:54:37.0800 5184  pci - ok
22:54:37.0831 5184  [ 1636D43F10416AEB483BC6001097B26C ] pciide          C:\Windows\system32\DRIVERS\pciide.sys
22:54:37.0846 5184  pciide - ok
22:54:37.0862 5184  [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
22:54:37.0878 5184  pcmcia - ok
22:54:37.0909 5184  [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
22:54:38.0034 5184  PEAUTH - ok
22:54:38.0112 5184  [ B1689DF169143F57053F795390C99DB3 ] pla             C:\Windows\system32\pla.dll
22:54:38.0190 5184  pla - ok
22:54:38.0221 5184  [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
22:54:38.0252 5184  PlugPlay - ok
22:54:38.0283 5184  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg     C:\Windows\system32\p2psvc.dll
22:54:38.0299 5184  PNRPAutoReg - ok
22:54:38.0330 5184  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc         C:\Windows\system32\p2psvc.dll
22:54:38.0361 5184  PNRPsvc - ok
22:54:38.0392 5184  [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
22:54:38.0455 5184  PolicyAgent - ok
22:54:38.0486 5184  [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
22:54:38.0517 5184  PptpMiniport - ok
22:54:38.0533 5184  [ 0E3CEF5D28B40CF273281D620C50700A ] Processor       C:\Windows\system32\drivers\processr.sys
22:54:38.0595 5184  Processor - ok
22:54:38.0611 5184  [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc         C:\Windows\system32\profsvc.dll
22:54:38.0642 5184  ProfSvc - ok
22:54:38.0658 5184  [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
22:54:38.0673 5184  ProtectedStorage - ok
22:54:38.0704 5184  [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
22:54:38.0736 5184  PSched - ok
22:54:38.0782 5184  [ CCDAC889326317792480C0A67156A1EC ] ql2300          C:\Windows\system32\drivers\ql2300.sys
22:54:38.0860 5184  ql2300 - ok
22:54:38.0907 5184  [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
22:54:38.0923 5184  ql40xx - ok
22:54:38.0970 5184  [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE           C:\Windows\system32\qwave.dll
22:54:39.0001 5184  QWAVE - ok
22:54:39.0016 5184  [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
22:54:39.0048 5184  QWAVEdrv - ok
22:54:39.0063 5184  [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
22:54:39.0094 5184  RasAcd - ok
22:54:39.0126 5184  [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto         C:\Windows\System32\rasauto.dll
22:54:39.0172 5184  RasAuto - ok
22:54:39.0188 5184  [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
22:54:39.0219 5184  Rasl2tp - ok
22:54:39.0266 5184  [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan          C:\Windows\System32\rasmans.dll
22:54:39.0297 5184  RasMan - ok
22:54:39.0328 5184  [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
22:54:39.0344 5184  RasPppoe - ok
22:54:39.0375 5184  [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
22:54:39.0391 5184  RasSstp - ok
22:54:39.0422 5184  [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
22:54:39.0453 5184  rdbss - ok
22:54:39.0484 5184  [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
22:54:39.0516 5184  RDPCDD - ok
22:54:39.0562 5184  [ E8BD98D46F2ED77132BA927FCCB47D8B ] rdpdr           C:\Windows\system32\drivers\rdpdr.sys
22:54:39.0609 5184  rdpdr - ok
22:54:39.0625 5184  [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
22:54:39.0656 5184  RDPENCDD - ok
22:54:39.0687 5184  [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
22:54:39.0734 5184  RDPWD - ok
22:54:39.0765 5184  [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess    C:\Windows\System32\mprdim.dll
22:54:39.0796 5184  RemoteAccess - ok
22:54:39.0828 5184  [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry  C:\Windows\system32\regsvc.dll
22:54:39.0874 5184  RemoteRegistry - ok
22:54:39.0921 5184  [ B216B03852DF788C7E2AFDF6C6E8A9B0 ] RichVideo       C:\Program Files\CyberLink\Shared Files\RichVideo.exe
22:54:39.0952 5184  RichVideo ( UnsignedFile.Multi.Generic ) - warning
22:54:39.0952 5184  RichVideo - detected UnsignedFile.Multi.Generic (1)
22:54:39.0968 5184  [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator      C:\Windows\system32\locator.exe
22:54:39.0999 5184  RpcLocator - ok
22:54:40.0030 5184  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs           C:\Windows\system32\rpcss.dll
22:54:40.0077 5184  RpcSs - ok
22:54:40.0093 5184  [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
22:54:40.0140 5184  rspndr - ok
22:54:40.0171 5184  [ CB20F16AFDBA63707FB971E0922EDEC1 ] RT73            C:\Windows\system32\DRIVERS\Dr71WU.sys
22:54:40.0202 5184  RT73 - ok
22:54:40.0233 5184  [ 3D861FBFBD3BA4DE098331FDE4EFF556 ] RTL8187         C:\Windows\system32\DRIVERS\RTL8187.sys
22:54:40.0280 5184  RTL8187 - ok
22:54:40.0296 5184  [ EF4B5A8D53F15CB269469DD4E4BB0109 ] s616bus         C:\Windows\system32\DRIVERS\s616bus.sys
22:54:40.0311 5184  s616bus - ok
22:54:40.0327 5184  [ 96187731EEFCF83E844BC1CE6617AAEB ] s616mdfl        C:\Windows\system32\DRIVERS\s616mdfl.sys
22:54:40.0342 5184  s616mdfl - ok
22:54:40.0358 5184  [ D2DD87368BFECFA099E50DC120F3F513 ] s616mdm         C:\Windows\system32\DRIVERS\s616mdm.sys
22:54:40.0374 5184  s616mdm - ok
22:54:40.0405 5184  [ 5F0BE24E4D4FA134B0B2FEF35D3A9D90 ] s616mgmt        C:\Windows\system32\DRIVERS\s616mgmt.sys
22:54:40.0405 5184  s616mgmt - ok
22:54:40.0420 5184  [ B9B507FCC67E204EF38E05FFD4176345 ] s616nd5         C:\Windows\system32\DRIVERS\s616nd5.sys
22:54:40.0436 5184  s616nd5 - ok
22:54:40.0452 5184  [ F123A1F2A04A0E8DBA80B64F0072475A ] s616obex        C:\Windows\system32\DRIVERS\s616obex.sys
22:54:40.0467 5184  s616obex - ok
22:54:40.0483 5184  [ E7E55048EBD5C17BFA791B4A6EC3D54B ] s616unic        C:\Windows\system32\DRIVERS\s616unic.sys
22:54:40.0498 5184  s616unic - ok
22:54:40.0514 5184  [ A3E186B4B935905B829219502557314E ] SamSs           C:\Windows\system32\lsass.exe
22:54:40.0530 5184  SamSs - ok
22:54:40.0561 5184  [ 3CE8F073A557E172B330109436984E30 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
22:54:40.0576 5184  sbp2port - ok
22:54:40.0608 5184  [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
22:54:40.0639 5184  SCardSvr - ok
22:54:40.0670 5184  [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule        C:\Windows\system32\schedsvc.dll
22:54:40.0764 5184  Schedule - ok
22:54:40.0779 5184  [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc     C:\Windows\System32\certprop.dll
22:54:40.0795 5184  SCPolicySvc - ok
22:54:40.0826 5184  [ 7B3973CC28B8AA3E9E2E5D53E720E2C9 ] sdbus           C:\Windows\system32\DRIVERS\sdbus.sys
22:54:40.0873 5184  sdbus - ok
22:54:40.0888 5184  [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
22:54:40.0966 5184  SDRSVC - ok
22:54:40.0982 5184  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
22:54:41.0029 5184  secdrv - ok
22:54:41.0060 5184  [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon        C:\Windows\system32\seclogon.dll
22:54:41.0091 5184  seclogon - ok
22:54:41.0122 5184  [ A9BBAB5759771E523F55563D6CBE140F ] SENS            C:\Windows\System32\sens.dll
22:54:41.0154 5184  SENS - ok
22:54:41.0169 5184  [ CE9EC966638EF0B10B864DDEDF62A099 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
22:54:41.0216 5184  Serenum - ok
22:54:41.0247 5184  [ 6D663022DB3E7058907784AE14B69898 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
22:54:41.0263 5184  Serial - ok
22:54:41.0294 5184  [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
22:54:41.0325 5184  sermouse - ok
22:54:41.0356 5184  [ D2193326F729B163125610DBF3E17D57 ] SessionEnv      C:\Windows\system32\sessenv.dll
22:54:41.0388 5184  SessionEnv - ok
22:54:41.0419 5184  [ 103B79418DA647736EE95645F305F68A ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
22:54:41.0481 5184  sffdisk - ok
22:54:41.0497 5184  [ 8FD08A310645FE872EEEC6E08C6BF3EE ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
22:54:41.0544 5184  sffp_mmc - ok
22:54:41.0559 5184  [ 9CFA05FCFCB7124E69CFC812B72F9614 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
22:54:41.0622 5184  sffp_sd - ok
22:54:41.0637 5184  [ C33BFBD6E9E41FCD9FFEF9729E9FAED6 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
22:54:41.0668 5184  sfloppy - ok
22:54:41.0684 5184  [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
22:54:41.0731 5184  SharedAccess - ok
22:54:41.0746 5184  [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
22:54:41.0809 5184  ShellHWDetection - ok
22:54:41.0824 5184  [ CEDD6F4E7D84E9F98B34B3FE988373AA ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
22:54:41.0856 5184  SiSRaid2 - ok
22:54:41.0871 5184  [ DF843C528C4F69D12CE41CE462E973A7 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
22:54:41.0887 5184  SiSRaid4 - ok
22:54:41.0949 5184  [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
22:54:41.0965 5184  SkypeUpdate - ok
22:54:42.0230 5184  [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc           C:\Windows\system32\SLsvc.exe
22:54:42.0386 5184  slsvc - ok
22:54:42.0402 5184  [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify      C:\Windows\system32\SLUINotify.dll
22:54:42.0433 5184  SLUINotify - ok
22:54:42.0464 5184  [ 7B75299A4D201D6A6533603D6914AB04 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
22:54:42.0495 5184  Smb - ok
22:54:42.0511 5184  smserial - ok
22:54:42.0542 5184  [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
22:54:42.0558 5184  SNMPTRAP - ok
22:54:42.0589 5184  [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr           C:\Windows\system32\drivers\spldr.sys
22:54:42.0604 5184  spldr - ok
22:54:42.0636 5184  [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler         C:\Windows\System32\spoolsv.exe
22:54:42.0698 5184  Spooler - ok
22:54:42.0729 5184  [ 41987F9FC0E61ADF54F581E15029AD91 ] srv             C:\Windows\system32\DRIVERS\srv.sys
22:54:42.0776 5184  srv - ok
22:54:42.0823 5184  [ FF33AFF99564B1AA534F58868CBE41EF ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
22:54:42.0870 5184  srv2 - ok
22:54:42.0901 5184  [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
22:54:42.0932 5184  srvnet - ok
22:54:42.0948 5184  [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
22:54:42.0979 5184  SSDPSRV - ok
22:54:43.0010 5184  [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv          C:\Windows\system32\DRIVERS\ssmdrv.sys
22:54:43.0026 5184  ssmdrv - ok
22:54:43.0057 5184  [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
22:54:43.0088 5184  SstpSvc - ok
22:54:43.0150 5184  [ F0359F7CE712D69ACEF0886BDB4792ED ] Stereo Service  C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
22:54:43.0197 5184  Stereo Service - ok
22:54:43.0275 5184  [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc          C:\Windows\System32\wiaservc.dll
22:54:43.0338 5184  stisvc - ok
22:54:43.0369 5184  [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
22:54:43.0384 5184  swenum - ok
22:54:43.0416 5184  [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv           C:\Windows\System32\swprv.dll
22:54:43.0462 5184  swprv - ok
22:54:43.0494 5184  [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys
22:54:43.0494 5184  Symc8xx - ok
22:54:43.0509 5184  [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
22:54:43.0525 5184  Sym_hi - ok
22:54:43.0540 5184  [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
22:54:43.0556 5184  Sym_u3 - ok
22:54:43.0587 5184  [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain         C:\Windows\system32\sysmain.dll
22:54:43.0650 5184  SysMain - ok
22:54:43.0681 5184  [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
22:54:43.0728 5184  TabletInputService - ok
22:54:43.0759 5184  [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv         C:\Windows\System32\tapisrv.dll
22:54:43.0790 5184  TapiSrv - ok
22:54:43.0821 5184  [ CB05822CD9CC6C688168E113C603DBE7 ] TBS             C:\Windows\System32\tbssvc.dll
22:54:43.0852 5184  TBS - ok
22:54:43.0884 5184  [ 74E2D020C47BB2B2FCCBA29A518A7EB4 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
22:54:43.0962 5184  Tcpip - ok
22:54:43.0993 5184  [ 74E2D020C47BB2B2FCCBA29A518A7EB4 ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
22:54:44.0040 5184  Tcpip6 - ok
22:54:44.0055 5184  [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
22:54:44.0164 5184  tcpipreg - ok
22:54:44.0196 5184  [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
22:54:44.0227 5184  TDPIPE - ok
22:54:44.0242 5184  [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
22:54:44.0274 5184  TDTCP - ok
22:54:44.0305 5184  [ 76B06EB8A01FC8624D699E7045303E54 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
22:54:44.0336 5184  tdx - ok
22:54:44.0352 5184  [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
22:54:44.0367 5184  TermDD - ok
22:54:44.0383 5184  [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService     C:\Windows\System32\termsrv.dll
22:54:44.0430 5184  TermService - ok
22:54:44.0492 5184  [ C7230FBEE14437716701C15BE02C27B8 ] Themes          C:\Windows\system32\shsvcs.dll
22:54:44.0508 5184  Themes - ok
22:54:44.0523 5184  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER     C:\Windows\system32\mmcss.dll
22:54:44.0554 5184  THREADORDER - ok
22:54:44.0586 5184  [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks          C:\Windows\System32\trkwks.dll
22:54:44.0632 5184  TrkWks - ok
22:54:44.0695 5184  [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
22:54:44.0710 5184  TrustedInstaller - ok
22:54:44.0742 5184  [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
22:54:44.0788 5184  tssecsrv - ok
22:54:44.0804 5184  [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp           C:\Windows\system32\DRIVERS\tunmp.sys
22:54:44.0851 5184  tunmp - ok
22:54:44.0866 5184  [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
22:54:44.0898 5184  tunnel - ok
22:54:44.0913 5184  [ C3ADE15414120033A36C0F293D4A4121 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
22:54:44.0929 5184  uagp35 - ok
22:54:44.0960 5184  [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
22:54:44.0991 5184  udfs - ok
22:54:45.0022 5184  [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
22:54:45.0054 5184  UI0Detect - ok
22:54:45.0069 5184  [ 75E6890EBFCE0841D3291B02E7A8BDB0 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
22:54:45.0085 5184  uliagpkx - ok
22:54:45.0100 5184  [ 3CD4EA35A6221B85DCC25DAA46313F8D ] uliahci         C:\Windows\system32\drivers\uliahci.sys
22:54:45.0116 5184  uliahci - ok
22:54:45.0132 5184  [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata          C:\Windows\system32\drivers\ulsata.sys
22:54:45.0147 5184  UlSata - ok
22:54:45.0163 5184  [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys
22:54:45.0178 5184  ulsata2 - ok
22:54:45.0210 5184  [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
22:54:45.0225 5184  umbus - ok
22:54:45.0256 5184  [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost        C:\Windows\System32\upnphost.dll
22:54:45.0303 5184  upnphost - ok
22:54:45.0334 5184  [ 1DF89C499BF45D878B87EBD4421D462D ] USBAAPL         C:\Windows\system32\Drivers\usbaapl.sys
22:54:45.0381 5184  USBAAPL - ok
22:54:45.0397 5184  [ 8BD3AE150D97BA4E633C6C5C51B41AE1 ] usbccgp         C:\Windows\system32\drivers\usbccgp.sys
22:54:45.0444 5184  usbccgp - ok
22:54:45.0444 5184  [ E9476E6C486E76BC4898074768FB7131 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
22:54:45.0506 5184  usbcir - ok
22:54:45.0522 5184  [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
22:54:45.0553 5184  usbehci - ok
22:54:45.0584 5184  [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
22:54:45.0615 5184  usbhub - ok
22:54:45.0631 5184  [ 4F8DD5C9B756EFCE251784D6AC63E4AB ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
22:54:45.0662 5184  usbohci - ok
22:54:45.0693 5184  [ B51E52ACF758BE00EF3A58EA452FE360 ] usbprint        C:\Windows\system32\drivers\usbprint.sys
22:54:45.0724 5184  usbprint - ok
22:54:45.0756 5184  [ A508C9BD8724980512136B039BBA65E9 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
22:54:45.0787 5184  usbscan - ok
22:54:45.0834 5184  [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:54:45.0865 5184  USBSTOR - ok
22:54:45.0880 5184  [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
22:54:45.0927 5184  usbuhci - ok
22:54:45.0943 5184  [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms           C:\Windows\System32\uxsms.dll
22:54:45.0974 5184  UxSms - ok
22:54:46.0005 5184  [ CD88D1B7776DC17A119049742EC07EB4 ] vds             C:\Windows\System32\vds.exe
22:54:46.0068 5184  vds - ok
22:54:46.0099 5184  [ 7D92BE0028ECDEDEC74617009084B5EF ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
22:54:46.0161 5184  vga - ok
22:54:46.0177 5184  [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave         C:\Windows\System32\drivers\vga.sys
22:54:46.0224 5184  VgaSave - ok
22:54:46.0239 5184  [ 045D9961E591CF0674A920B6BA3BA5CB ] viaagp          C:\Windows\system32\drivers\viaagp.sys
22:54:46.0255 5184  viaagp - ok
22:54:46.0270 5184  [ 56A4DE5F02F2E88182B0981119B4DD98 ] ViaC7           C:\Windows\system32\drivers\viac7.sys
22:54:46.0317 5184  ViaC7 - ok
22:54:46.0333 5184  [ FD2E3175FCADA350C7AB4521DCA187EC ] viaide          C:\Windows\system32\drivers\viaide.sys
22:54:46.0333 5184  viaide - ok
22:54:46.0364 5184  [ FD85C55B66797542A8C8A7348ED0675A ] ViBus           C:\Windows\system32\DRIVERS\ViBus.sys
22:54:46.0395 5184  ViBus - ok
22:54:46.0411 5184  [ 510B5097E81CD36D603D7D5C93820BBD ] videX32         C:\Windows\system32\DRIVERS\videX32.sys
22:54:46.0442 5184  videX32 - ok
22:54:46.0458 5184  [ 7C69B1B6DEC5F8584AA352E522AF1476 ] ViPrt           C:\Windows\system32\DRIVERS\ViPrt.sys
22:54:46.0473 5184  ViPrt - ok
22:54:46.0489 5184  [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
22:54:46.0504 5184  volmgr - ok
22:54:46.0551 5184  [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
22:54:46.0582 5184  volmgrx - ok
22:54:46.0598 5184  [ 786DB5771F05EF300390399F626BF30A ] volsnap         C:\Windows\system32\drivers\volsnap.sys
22:54:46.0629 5184  volsnap - ok
22:54:46.0645 5184  [ 27B3DD12A19EEC50220DF15B64913DDA ] vsdatant        C:\Windows\system32\vsdatant.sys
22:54:46.0676 5184  vsdatant - ok
22:54:46.0707 5184  [ D984439746D42B30FC65A4C3546C6829 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
22:54:46.0723 5184  vsmraid - ok
22:54:46.0770 5184  [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS             C:\Windows\system32\vssvc.exe
22:54:46.0848 5184  VSS - ok
22:54:46.0879 5184  [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time         C:\Windows\system32\w32time.dll
22:54:46.0910 5184  W32Time - ok
22:54:46.0926 5184  [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
22:54:46.0972 5184  WacomPen - ok
22:54:47.0004 5184  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
22:54:47.0035 5184  Wanarp - ok
22:54:47.0035 5184  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
22:54:47.0066 5184  Wanarpv6 - ok
22:54:47.0113 5184  [ A3CD60FD826381B49F03832590E069AF ] wcncsvc         C:\Windows\System32\wcncsvc.dll
22:54:47.0191 5184  wcncsvc - ok
22:54:47.0222 5184  [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
22:54:47.0269 5184  WcsPlugInService - ok
22:54:47.0284 5184  [ AFC5AD65B991C1E205CF25CFDBF7A6F4 ] Wd              C:\Windows\system32\drivers\wd.sys
22:54:47.0300 5184  Wd - ok
22:54:47.0347 5184  [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
22:54:47.0394 5184  Wdf01000 - ok
22:54:47.0440 5184  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
22:54:47.0487 5184  WdiServiceHost - ok
22:54:47.0487 5184  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
22:54:47.0518 5184  WdiSystemHost - ok
22:54:47.0550 5184  [ 04C37D8107320312FBAE09926103D5E2 ] WebClient       C:\Windows\System32\webclnt.dll
22:54:47.0581 5184  WebClient - ok
22:54:47.0628 5184  [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc          C:\Windows\system32\wecsvc.dll
22:54:47.0690 5184  Wecsvc - ok
22:54:47.0706 5184  [ 670FF720071ED741206D69BD995EA453 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
22:54:47.0737 5184  wercplsupport - ok
22:54:47.0768 5184  [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc          C:\Windows\System32\WerSvc.dll
22:54:47.0799 5184  WerSvc - ok
22:54:47.0846 5184  [ 4575AA12561C5648483403541D0D7F2B ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
22:54:47.0862 5184  WinDefend - ok
22:54:47.0877 5184  WinHttpAutoProxySvc - ok
22:54:47.0986 5184  [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
22:54:48.0018 5184  Winmgmt - ok
22:54:48.0080 5184  [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM           C:\Windows\system32\WsmSvc.dll
22:54:48.0189 5184  WinRM - ok
22:54:48.0252 5184  [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc         C:\Windows\System32\wlansvc.dll
22:54:48.0330 5184  Wlansvc - ok
22:54:48.0439 5184  [ FB01D4AE207B9EFDBABFC55DC95C7E31 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
22:54:48.0564 5184  wlidsvc - ok
22:54:48.0595 5184  [ 701A9F884A294327E9141D73746EE279 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
22:54:48.0642 5184  WmiAcpi - ok
22:54:48.0673 5184  [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
22:54:48.0688 5184  wmiApSrv - ok
22:54:48.0829 5184  [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
22:54:48.0954 5184  WMPNetworkSvc - ok
22:54:49.0000 5184  [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
22:54:49.0063 5184  WPCSvc - ok
22:54:49.0094 5184  [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
22:54:49.0141 5184  WPDBusEnum - ok
22:54:49.0250 5184  [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
22:54:49.0281 5184  WPFFontCache_v0400 - ok
22:54:49.0312 5184  [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
22:54:49.0359 5184  ws2ifsl - ok
22:54:49.0390 5184  [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc          C:\Windows\System32\wscsvc.dll
22:54:49.0453 5184  wscsvc - ok
22:54:49.0453 5184  WSearch - ok
22:54:49.0609 5184  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
22:54:49.0827 5184  wuauserv - ok
22:54:49.0874 5184  [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
22:54:49.0921 5184  WudfPf - ok
22:54:49.0952 5184  [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
22:54:49.0983 5184  WUDFRd - ok
22:54:50.0030 5184  [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
22:54:50.0077 5184  wudfsvc - ok
22:54:50.0108 5184  ================ Scan global ===============================
22:54:50.0139 5184  [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
22:54:50.0186 5184  [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
22:54:50.0202 5184  [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
22:54:50.0233 5184  [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
22:54:50.0233 5184  [Global] - ok
22:54:50.0233 5184  ================ Scan MBR ==================================
22:54:50.0248 5184  [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
22:54:50.0498 5184  \Device\Harddisk0\DR0 - ok
22:54:50.0498 5184  ================ Scan VBR ==================================
22:54:50.0514 5184  [ 8BF88435C5B724155405636BA8A02384 ] \Device\Harddisk0\DR0\Partition1
22:54:50.0514 5184  \Device\Harddisk0\DR0\Partition1 - ok
22:54:50.0529 5184  [ 53846C3B523ACFE6CD88E24751829976 ] \Device\Harddisk0\DR0\Partition2
22:54:50.0529 5184  \Device\Harddisk0\DR0\Partition2 - ok
22:54:50.0545 5184  [ 3A5892317243B6C83AB9FA1F003CFA9E ] \Device\Harddisk0\DR0\Partition3
22:54:50.0545 5184  \Device\Harddisk0\DR0\Partition3 - ok
22:54:50.0545 5184  ============================================================
22:54:50.0545 5184  Scan finished
22:54:50.0545 5184  ============================================================
22:54:50.0560 1436  Detected object count: 4
22:54:50.0560 1436  Actual detected object count: 4
22:55:15.0520 1436  Asapi ( UnsignedFile.Multi.Generic ) - skipped by user
22:55:15.0520 1436  Asapi ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:55:15.0520 1436  CVPNDRVA ( UnsignedFile.Multi.Generic ) - skipped by user
22:55:15.0520 1436  CVPNDRVA ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:55:15.0520 1436  LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
22:55:15.0520 1436  LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:55:15.0536 1436  RichVideo ( UnsignedFile.Multi.Generic ) - skipped by user
22:55:15.0536 1436  RichVideo ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:55:32.0509 0872  Deinitialize success
         

Alt 26.02.2013, 22:58   #12
markusg
/// Malware-holic
 
EXP/CVE-2013-0422 (Trojan.FakeAlert) - Standard

EXP/CVE-2013-0422 (Trojan.FakeAlert)



mach bitte nur die hier genannten scans.
Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 26.02.2013, 23:31   #13
muckl
 
EXP/CVE-2013-0422 (Trojan.FakeAlert) - Standard

EXP/CVE-2013-0422 (Trojan.FakeAlert)



Ist soweit durchgelaufen. Allerdings kam, obwohl ich Avira deaktiviert hatte (Schirm eingeklappt), wieder die Meldung von wegen Änderung an der Registry. Diese Meldung kam ziemlich am Beginn.
Nach ca. 6 Minuten etwa bei "Stufe 27 fertig" hat sich der Bildschirmschoner eingeschaltet. Ob vor dem automatischen Boot noch Meldungen waren kann ich nicht sagen, man soll ja die Maus nicht bewegen. ;-)


Code:
ATTFilter
ComboFix 13-02-26.01 - Admin 26.02.2013  23:07:49.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.43.1031.18.2047.1127 [GMT 1:00]
ausgeführt von:: c:\users\Admin\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\sss
c:\program files\sss\licence.txt
c:\program files\sss\ReadMe.txt
c:\program files\sss\SimpleScreenshot.exe
c:\program files\sss\upload.php
c:\programdata\97371201.js
c:\programdata\97371201.pad
c:\users\Admin\AppData\Roaming\Microsoft\Windows\.data
c:\windows\IsUn0407.exe
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
.
Infizierte Kopie von c:\windows\system32\Services.exe wurde gefunden und desinfiziert 
Kopie von - c:\windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe wurde wiederhergestellt 
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_ASAPI
-------\Service_Asapi
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-01-26 bis 2013-02-26  ))))))))))))))))))))))))))))))
.
.
2013-02-26 22:16 . 2013-02-26 22:16	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2013-02-26 22:16 . 2013-02-26 22:16	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-02-26 21:26 . 2013-02-26 21:26	--------	d-----w-	C:\_OTL
2013-02-26 17:22 . 2013-02-26 17:26	--------	d-----w-	C:\gvu
2013-02-26 09:37 . 2013-02-26 09:37	--------	d-----w-	c:\users\Admin\AppData\Roaming\Malwarebytes
2013-02-26 09:37 . 2013-02-26 09:37	--------	d-----w-	c:\programdata\Malwarebytes
2013-02-26 09:37 . 2012-12-14 15:49	21104	----a-w-	c:\windows\system32\drivers\mbam.sys
2013-02-21 18:07 . 2013-02-22 16:37	--------	d-----w-	c:\program files\Mozilla Thunderbird
2013-02-17 16:25 . 2013-02-17 16:25	--------	d-----w-	c:\program files\Microsoft
2013-02-14 19:36 . 2013-02-14 19:36	94112	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
2013-02-13 16:55 . 2013-01-04 01:38	2048512	----a-w-	c:\windows\system32\win32k.sys
2013-02-13 16:55 . 2012-11-08 03:48	1314816	----a-w-	c:\windows\system32\quartz.dll
2013-02-13 16:55 . 2013-01-04 11:28	905576	----a-w-	c:\windows\system32\drivers\tcpip.sys
2013-02-13 16:55 . 2013-01-05 05:26	3602808	----a-w-	c:\windows\system32\ntkrnlpa.exe
2013-02-13 16:55 . 2013-01-05 05:26	3550072	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-02-10 08:27 . 2013-02-17 12:06	--------	d-----w-	c:\users\Admin\.gimp-2.4
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-19 18:25 . 2012-04-02 17:31	691568	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-02-19 18:25 . 2011-06-07 04:24	71024	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-14 19:35 . 2012-08-10 16:38	861088	----a-w-	c:\windows\system32\npdeployJava1.dll
2013-02-14 19:35 . 2010-05-09 20:36	782240	----a-w-	c:\windows\system32\deployJava1.dll
2013-01-25 20:07 . 2011-03-28 17:36	19696	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-12-16 13:12 . 2012-12-21 14:39	34304	----a-w-	c:\windows\system32\atmlib.dll
2012-12-16 10:50 . 2012-12-21 14:39	293376	----a-w-	c:\windows\system32\atmfd.dll
2010-01-26 09:11 . 2012-04-09 10:37	444283	----a-w-	c:\program files\Common Files\WinPcapNmap.exe
2012-09-03 18:38 . 2011-04-06 17:21	97208	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{7b13ec3e-999a-4b70-b9cb-2617b8323822}"= "c:\program files\Zynga\prxtbZyn0.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
2011-03-28 16:22	176936	----a-w-	c:\program files\Zynga\prxtbZyn0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{7b13ec3e-999a-4b70-b9cb-2617b8323822}"= "c:\program files\Zynga\prxtbZyn0.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{7B13EC3E-999A-4B70-B9CB-2617B8323822}"= "c:\program files\Zynga\prxtbZyn0.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-07 39408]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 4669440]
"Skytel"="Skytel.exe" [2007-06-15 1826816]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-11-29 58928]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-02-20 741376]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-02-15 141608]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2010-02-17 177472]
"VDownloader"="c:\program files\VDownloader\VDownloader.exe" [2012-04-06 890368]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2013-02-12 385248]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
BOINC Manager.lnk - c:\program files\BOINC\boincmgr.exe [2007-11-13 4141056]
OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-1-21 393216]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
PDFCreator.lnk - c:\program files\PDFCreator\PDFCreator.exe [2008-2-17 2641920]
VPN Client.lnk - c:\windows\Installer\{D25122BC-A60E-4663-B602-B01718F12044}\Icon3E5562ED7.ico [2008-3-2 6144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\winlogon]
"shell"="explorer.exe, \"c:\users\Admin\AppData\Roaming\Microsoft\Windows\msshell.exe\""
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2013-02-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 18:25]
.
2013-02-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-28 08:59]
.
2013-02-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-28 08:59]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.at/
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files\ICQ7.4\ICQ.exe
TCP: DhcpNameServer = 10.0.0.138
DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} - hxxp://www.myheritage.de/Genoogle/Components/ActiveX/SearchEngineQuery.dll
FF - ProfilePath - c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gop2vqlo.default\
FF - prefs.js: browser.search.selectedEngine - LEO Eng-Deu
FF - prefs.js: browser.startup.homepage - hxxp://de.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - ExtSQL: !HIDDEN! 2009-08-31 18:35; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-Catan - c:\windows\IsUn0407.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2013-02-26 23:20
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
c:\windows\system32\AUDIODG.EXE
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Avira\AntiVir Desktop\sched.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Cisco\VPN Client 48\cvpnd.exe
c:\program files\ICQ6Toolbar\ICQ Service.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
e:\downloads\Malwarebytes' Anti-Malware\mbamscheduler.exe
e:\downloads\Malwarebytes' Anti-Malware\mbamservice.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
e:\downloads\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\System32\WUDFHost.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\NVIDIA Corporation\Display\nvtray.exe
c:\windows\RtHDVCpl.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Windows Media Player\wmplayer.exe
c:\program files\OpenOffice.org 2.4\program\soffice.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\OpenOffice.org 2.4\program\soffice.BIN
c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
c:\program files\Common Files\Teleca Shared\Generic.exe
c:\program files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-02-26  23:27:41 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2013-02-26 22:27
.
Vor Suchlauf: 6.781.083.648 Bytes frei
Nach Suchlauf: 8.217.608.192 Bytes frei
.
- - End Of File - - AFD4B384D223B15F9EBAED346B453C1C
         

Weitere Schritte dann morgen...

n8
Christoph

Alt 27.02.2013, 12:43   #14
markusg
/// Malware-holic
 
EXP/CVE-2013-0422 (Trojan.FakeAlert) - Standard

EXP/CVE-2013-0422 (Trojan.FakeAlert)



hi
computer öffnen bitte, c: qoobox
rechtsklick quarantain, mit winrar oder ähnlichem Programm packen und im upload channel hochladen.
Trojaner-Board Upload Channel
bescheid geben bitte, wenn fertig
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 27.02.2013, 17:32   #15
muckl
 
EXP/CVE-2013-0422 (Trojan.FakeAlert) - Standard

EXP/CVE-2013-0422 (Trojan.FakeAlert)



fertig

Antwort

Themen zu EXP/CVE-2013-0422 (Trojan.FakeAlert)
administrator, autostart, avira, bildschirm, checken, dateien, entfernen, euro, explorer, explorer.exe, festgestellt, geld, gelöscht, löschen, malwarebytes, microsoft, problem, problem gelöst, programm, registrywert, scan, schließen, sekunden, software, taskmanager, vista



Ähnliche Themen: EXP/CVE-2013-0422 (Trojan.FakeAlert)


  1. EXP/CVE-2013-0422.A1.Gen und JAVA/Jogek.ay* in tmp-Datei (musste Beitrag splitten, da zu lang)
    Log-Analyse und Auswertung - 10.10.2015 (8)
  2. Windows7: Trojaner EXP/CVE-2013-0422 und EXP/CVE-2012-4681 gefunden
    Log-Analyse und Auswertung - 02.05.2015 (21)
  3. Windows7: Trojaner EXP/CVE-2013-0422 und EXP/CVE-2012-4681 gefunden
    Mülltonne - 08.04.2015 (3)
  4. Rechner/Internet langsam; u.a. Fund: JAVA/CVE-2013-0422.E
    Plagegeister aller Art und deren Bekämpfung - 09.11.2014 (11)
  5. Trojaner Java.Exploit.CVE-2013-0422.C
    Log-Analyse und Auswertung - 10.09.2013 (4)
  6. ESET Meldet: Java/Exploit.CVE-2013-0422.EI Trojaner
    Plagegeister aller Art und deren Bekämpfung - 06.08.2013 (1)
  7. Doppelbefall: TR/PSW.Zbot.1622 und EXP/2013-0422.K.1
    Plagegeister aller Art und deren Bekämpfung - 26.04.2013 (16)
  8. Kaspersky meldet "Gefunden: HEUR:Exploit.Java.CVE-2013-0422.gen"
    Log-Analyse und Auswertung - 14.04.2013 (12)
  9. EXP/CVE-2013-0422 gefunden
    Log-Analyse und Auswertung - 03.04.2013 (23)
  10. EXP/CVE-2013-0422, EXP/CVE-2013-0422, JAVA/Lamar.RR.2 (von Antivir gefunden)
    Plagegeister aller Art und deren Bekämpfung - 06.03.2013 (26)
  11. TR/Spy.ZBot.3947845 / EXP/CVE-2013-0422 / TR/Agent.112365478
    Plagegeister aller Art und deren Bekämpfung - 27.02.2013 (11)
  12. Exploits EXP/CVE-2013-0422.I + Javavirus JAVA/Jogek.WW
    Log-Analyse und Auswertung - 21.02.2013 (19)
  13. EXP/CVE-2013-0422, TR/Meredrop.A.11462 wgsdgsdgdsgsd.exe (GVU-Trojaner?), BDS/Delf.MN19
    Log-Analyse und Auswertung - 20.01.2013 (13)
  14. Trojan.Phex.THAGen6, RootKit.0Access, Trojan.FakeAlert
    Plagegeister aller Art und deren Bekämpfung - 27.09.2012 (29)
  15. Wie entferne ich Trojan.Banker, Trojan.FakeAlert? C ist (angeblich) leer
    Log-Analyse und Auswertung - 10.10.2011 (5)
  16. Malewarebytes meldet 2 verschiedene Trojaner (Trojan.Downloader und Trojan.FakeAlert)
    Plagegeister aller Art und deren Bekämpfung - 30.08.2010 (0)
  17. iebho.dll (Trojan.FakeAlert, Trojan.BHO.H) lassen sich nicht entfernen
    Log-Analyse und Auswertung - 06.03.2010 (17)

Zum Thema EXP/CVE-2013-0422 (Trojan.FakeAlert) - Hallo! Ich habe ein ganz ähnliches Problem wie in http://www.trojaner-board.de/129580-...ch-sauber.html geschildert. Ich habe gelesen, dass das Ding über eine Java-Lücke kommt. Dabei habe ich Version 7 vom 14.2.2013 drauf?! Über - EXP/CVE-2013-0422 (Trojan.FakeAlert)...
Archiv
Du betrachtest: EXP/CVE-2013-0422 (Trojan.FakeAlert) auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.