Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Removal of Sinowal rootkit successful?

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Removal of Sinowal rootkit successful?

Unread postby maxdermeister » March 18th, 2011, 7:55 pm

Hi all

Guess I have to beg for some of your time, as I got stuck with the following:

My notebook has been infected with some kind of the Sinowal rootkit (sinowal.1 according to the bitdefender online scan) :evil: Though I could tackle it with malwarebytes' anti-malware, and then re-write the MBR using the /fixmbr in windows repair mode, I am not sure whether my machine is safe again.

As my knowledge is too limited to be able to interpret the log from hijackthis (after the clean-up), it would be awsome if some of the knowledgeable people in this forum could take a glance and let me know their opinion.

As I am thinking about buying a now notebook anyway, do you think it would be safe to transfer the data directly to the new one?

Much appreciate your support, and many thanks for the forum, I found some good advice here.

-----------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 00:42:32, on 19.03.2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATKOSD2\ATKOSD2.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Windows\system32\taskmgr.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Avira\AntiVir Desktop\avscan.exe
C:\Users\Maximilian E. Muelle\Desktop\HiJackThis204.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ch/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuze.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Vuze Remote - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuze.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuze.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ATKOSD2] "C:\Program Files\ATKOSD2\ATKOSD2.exe"
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [HControlUser] "C:\Program Files\ATK Hotkey\HcontrolUser.exe"
O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = unizh.ch
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = unizh.ch
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = unizh.ch
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: acaptuser32.dll
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

--
End of file - 8295 bytes
maxdermeister
Active Member
 
Posts: 6
Joined: March 18th, 2011, 7:39 pm
Advertisement
Register to Remove

Re: Removal of Sinowal rootkit successful?

Unread postby Dakeyras » March 19th, 2011, 9:49 am

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post the appropriate logs in the Malware Removal forum and wait for help.

Hi and welcome to Malware Removal. :)

I'm Dakeyras and I am going to try to assist you with your problem. Please take note of the below:

  • I will start working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine!
  • The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Refrain from running self fixes as this will hinder the malware removal process.
  • It may prove beneficial if you print of the following instructions or save them to notepad as I post them.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

Windows 7 Advice:

All applications I ask to be used will require to be run in Administrator mode. IE: Right click on and select Run as Administrator.

The Operating System in use comes with a inbuilt utility called User Access Control(UAC) when prompted by this with anything I ask you to do carry out please select the option Allow.

Before we start:

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

Peer to Peer Advice:

If I may to bring your attention to the forum policy:- P2P file sharing programmes

As a condition of receiving our help, I have included the P2P program Vuze Remote Toolbar (plus Vuze) in the removal instructions below, so we are not wasting our time. If you have used this, you can be fairly confident this is a principal reason your computer is either still infected or not.

It's really important, if you value your PC at all, to stay away from P2P file sharing programs, like utorrent, Bittorrent, Azureus, Limewire, Vuze. Criminals have "planted" thousands upon thousands of infections in the "free" shared files. Some of the recent infections can turn your machine into a doorstop. It's also very important to avoid any "cracks" or "Keygens" that allow unauthorized use of programs. Besides being illegal, these files also are loaded with "planted" malware.

Now please go to Start(Windows 7 Orb) >> Control Panel >> Programs and Features and remove the following (if present):

Vuze
Vuze Remote Toolbar


To do so click once on each of the above to highlight then click on Uninstall and follow the prompts.

Note: Take extra care in answering questions posed by any Uninstaller. Some questions may be worded to deceive you into keeping the program.

Next:

I notice the machine is part of the Zürich University domain, is this machine your personal property and or belong to the aforementioned University?
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8804
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: Removal of Sinowal rootkit successful?

Unread postby maxdermeister » March 20th, 2011, 5:03 am

Hi Dakeyras

Thanks for your reply. I agree with the forum policies and conditions set for you to help me with this issue.

I have uninstalled Vuze (incl. the toolbar).

As for the link to Zurich University: I was a student there, and for some have worked as assistant for a professor there, and for that used my private machine, hence the links. But I am no longer part of the network.

Further I have created an additional backup of all my private data.

Thanks a lot!

ps: as I am very busy in my job right now (we have busy season), please don't mind if my answers are a bit short sometimes.
maxdermeister
Active Member
 
Posts: 6
Joined: March 18th, 2011, 7:39 pm

Re: Removal of Sinowal rootkit successful?

Unread postby Dakeyras » March 20th, 2011, 8:05 am

Hi. :)

Thanks for your reply. I agree with the forum policies and conditions set for you to help me with this issue.
Good and you're welcome!

As for the link to Zurich University: I was a student there, and for some have worked as assistant for a professor there, and for that used my private machine, hence the links. But I am no longer part of the network.
Thank you for the clarification.

ps: as I am very busy in my job right now (we have busy season), please don't mind if my answers are a bit short sometimes.
Not a problem as long as you reply at least once within every seventy two hours...If in the event you feel will be unable to do so merely inform myself OK.

Lets proceed as follows shall we...

Scan with MBRCheck:

Please download MBRCheck.exe and save to your desktop.

Alternative Download is here.

  • Right-click on MBRCheck.exe and select Run as Administrator.
  • A window similar to this should open on your desktop:-
Image
  • If you are prompted with options, enter N at the prompt and press Enter .
  • Press Enter again.
  • A log will open on your Desktop ...... MBRCheck_mm.dd.yy_hh.mm.ss.txt (where mm.dd.yy_hh.mm.ss are the date and time the scan was run).
  • Please post the contents of the log in your next reply.

Scan with OTL:

Please download OTL and save it to your Desktop.

Alternate downloads are here and here.

  • Right-click on OTL.exe and select Run as Administrator to start OTL.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimised
  • Please post the contents of these 2 Notepad files in your next reply.

When completed the above, please post back the following in the order asked for:

  • How is your computer performing now, any further symptoms and or problems encountered?
  • MBRCheck Log.
  • Both OTL logs. <-- Post them individually please, IE: one Log per post/reply.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8804
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: Removal of Sinowal rootkit successful?

Unread postby maxdermeister » March 20th, 2011, 11:01 am

Hi

As instructed, I ran both programs, showing the following logs:

MBRCheck-log:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: Service Pack 1 (build 7601), 32-bit
Base Board Manufacturer: ASUSTeK Computer Inc.
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: ASUSTeK Computer Inc.
System Product Name: M51Va
Logical Drives Mask: 0x0000007c

Kernel Drivers (total 218):
0x8300A000 \SystemRoot\system32\ntkrnlpa.exe
0x8341C000 \SystemRoot\system32\halmacpi.dll
0x80BB7000 \SystemRoot\system32\kdcom.dll
0x83618000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8369D000 \SystemRoot\system32\PSHED.dll
0x836AE000 \SystemRoot\system32\BOOTVID.dll
0x836B6000 \SystemRoot\system32\CLFS.SYS
0x836F8000 \SystemRoot\system32\CI.dll
0x8B618000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8B689000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8B697000 \SystemRoot\system32\drivers\ACPI.sys
0x8B6DF000 \SystemRoot\system32\drivers\WMILIB.SYS
0x8B6E8000 \SystemRoot\system32\drivers\msisadrv.sys
0x8B6F0000 \SystemRoot\system32\drivers\pci.sys
0x8B71A000 \SystemRoot\system32\drivers\vdrvroot.sys
0x8B725000 \SystemRoot\System32\drivers\partmgr.sys
0x8B736000 \SystemRoot\system32\drivers\volmgr.sys
0x8B746000 \SystemRoot\System32\drivers\volmgrx.sys
0x8B791000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x8B799000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8B7A4000 \SystemRoot\System32\drivers\mountmgr.sys
0x8B810000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x8B8E0000 \SystemRoot\system32\drivers\amdxata.sys
0x8B8E9000 \SystemRoot\system32\drivers\fltmgr.sys
0x8B91D000 \SystemRoot\system32\drivers\fileinfo.sys
0x8BA01000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8BB30000 \SystemRoot\System32\Drivers\msrpc.sys
0x8BB5B000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8BB6E000 \SystemRoot\System32\Drivers\cng.sys
0x8BBCB000 \SystemRoot\System32\drivers\pcw.sys
0x8BBD9000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x8B92E000 \SystemRoot\system32\drivers\ndis.sys
0x8B7BA000 \SystemRoot\system32\drivers\NETIO.SYS
0x837A3000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x8BC38000 \SystemRoot\System32\drivers\tcpip.sys
0x8BD82000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8BDB3000 \SystemRoot\system32\drivers\volsnap.sys
0x8BDF2000 \SystemRoot\System32\Drivers\spldr.sys
0x8BDFA000 \SystemRoot\system32\speedfan.sys
0x8BC00000 \SystemRoot\System32\drivers\rdyboost.sys
0x8BBE2000 \SystemRoot\System32\Drivers\mup.sys
0x8BC2D000 \SystemRoot\System32\drivers\hwpolicy.sys
0x8BC35000 \SystemRoot\system32\giveio.sys
0x837C8000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x8B9E5000 \SystemRoot\system32\DRIVERS\disk.sys
0x8BE0E000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x8BF21000 \SystemRoot\system32\drivers\cdrom.sys
0x8BF40000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0x8BF67000 \SystemRoot\System32\Drivers\Null.SYS
0x8BF6E000 \SystemRoot\System32\Drivers\Beep.SYS
0x8BF75000 \SystemRoot\System32\drivers\vga.sys
0x8BF81000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8BFA2000 \SystemRoot\System32\drivers\watchdog.sys
0x8BFAF000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8BFB7000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8BFBF000 \SystemRoot\system32\drivers\rdprefmp.sys
0x8BFC7000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8BFD2000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8BFE0000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8BE00000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x90A31000 \SystemRoot\system32\drivers\afd.sys
0x90A8B000 \SystemRoot\System32\DRIVERS\netbt.sys
0x90ABD000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x90AC4000 \SystemRoot\system32\DRIVERS\pacer.sys
0x90AEC000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x90AFD000 \SystemRoot\system32\DRIVERS\netbios.sys
0x90B0B000 \SystemRoot\System32\Drivers\tosrfcom.sys
0x90B1B000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x90B2E000 \SystemRoot\system32\drivers\termdd.sys
0x90B3F000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0x90B45000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x90B86000 \SystemRoot\system32\drivers\nsiproxy.sys
0x90B90000 \SystemRoot\system32\drivers\mssmbios.sys
0x90B9A000 \SystemRoot\System32\drivers\discache.sys
0x90BA6000 \SystemRoot\System32\Drivers\dfsc.sys
0x90BBE000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x90BCC000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x90A00000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8B600000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x9121F000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x91734000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x92028000 \SystemRoot\System32\drivers\dxgmms1.sys
0x92061000 \SystemRoot\system32\drivers\HDAudBus.sys
0x92080000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x9208B000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x920D6000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x92C16000 \SystemRoot\system32\DRIVERS\NETw5s32.sys
0x931F5000 \SystemRoot\System32\drivers\vwifibus.sys
0x920E5000 \SystemRoot\system32\DRIVERS\Rt86win7.sys
0x9210A000 \SystemRoot\system32\drivers\1394ohci.sys
0x92137000 \SystemRoot\system32\drivers\sdbus.sys
0x92C00000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
0x92150000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
0x92164000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
0x921B6000 \SystemRoot\system32\drivers\i8042prt.sys
0x92C11000 \SystemRoot\system32\DRIVERS\kbfiltr.sys
0x921CE000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x94E32000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x94E61000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x94E63000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x94E70000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x94E76000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x94E7A000 \SystemRoot\system32\DRIVERS\ATKACPI.sys
0x94E82000 \SystemRoot\system32\drivers\CompositeBus.sys
0x94E8F000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x94EA1000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x94EB9000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x94EC4000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x94EE6000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x94EFE000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x94F15000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x94F2C000 \SystemRoot\system32\drivers\swenum.sys
0x94F2E000 \SystemRoot\system32\drivers\ks.sys
0x94F62000 \SystemRoot\system32\drivers\umbus.sys
0x94F70000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x94FB4000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x94FC5000 \SystemRoot\system32\drivers\AtiHdmi.sys
0x94E00000 \SystemRoot\system32\drivers\portcls.sys
0x94FDF000 \SystemRoot\system32\drivers\drmk.sys
0x8281A000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x82A28000 \SystemRoot\system32\DRIVERS\AGRSM.sys
0x82B2E000 \SystemRoot\system32\drivers\modem.sys
0x82B3B000 \SystemRoot\system32\DRIVERS\tosporte.sys
0x82B46000 \SystemRoot\system32\DRIVERS\tosrfusb.sys
0x82B51000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x82BA3000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x82610000 \SystemRoot\system32\DRIVERS\snp2uvc.sys
0x827C1000 \SystemRoot\system32\DRIVERS\STREAM.SYS
0x827CF000 \SystemRoot\system32\DRIVERS\sncduvc.SYS
0x827D6000 \SystemRoot\System32\Drivers\LUsbFilt.Sys
0x827DC000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x827E7000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x82600000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x82607000 \SystemRoot\system32\DRIVERS\LHidFilt.Sys
0x82BBA000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x82BC6000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x82BD1000 \SystemRoot\system32\DRIVERS\LMouFilt.Sys
0x82BD9000 \SystemRoot\system32\DRIVERS\usbprint.sys
0x9A830000 \SystemRoot\System32\win32k.sys
0x82BE4000 \SystemRoot\System32\drivers\Dxapi.sys
0x82BEE000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8BE33000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x82800000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x921DB000 \SystemRoot\system32\DRIVERS\monitor.sys
0x9AA90000 \SystemRoot\System32\TSDDD.dll
0x9AAC0000 \SystemRoot\System32\cdd.dll
0x9AAE0000 \SystemRoot\System32\ATMFD.DLL
0x92000000 \SystemRoot\system32\drivers\luafv.sys
0x921E6000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x91200000 \SystemRoot\system32\drivers\WudfPf.sys
0x8BF03000 \SystemRoot\system32\DRIVERS\irda.sys
0x917EB000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x9D227000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x9D26D000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x9D27D000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x9D290000 \??\C:\Program Files\ATKGFNEX\ASMMAP.sys
0x9D297000 \SystemRoot\system32\drivers\HTTP.sys
0x9D31C000 \SystemRoot\system32\DRIVERS\bowser.sys
0x9D335000 \SystemRoot\System32\drivers\mpsdrv.sys
0x9D347000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x9D36A000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x9D3A5000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x9D3D8000 \??\C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys
0x9F226000 \SystemRoot\system32\drivers\peauth.sys
0x9F2BD000 \SystemRoot\System32\Drivers\secdrv.SYS
0x9F2C7000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x9F2E8000 \SystemRoot\System32\drivers\tcpipreg.sys
0x9F2F5000 \SystemRoot\System32\DRIVERS\srv2.sys
0x9F344000 \SystemRoot\System32\DRIVERS\srv.sys
0x9F395000 \SystemRoot\system32\DRIVERS\MpNWMon.sys
0x9F39F000 \SystemRoot\system32\DRIVERS\NisDrvWFP.sys
0x9F3B1000 \SystemRoot\System32\Drivers\fastfat.SYS
0xAE887000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0xAE892000 \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2E137C58-1282-4404-BD8B-01B0241A8E58}\MpKsl943ffa15.sys
0xAE898000 \SystemRoot\system32\drivers\MSPQM.sys
0xAE89A000 \SystemRoot\system32\drivers\MSPCLOCK.sys
0xAE89C000 \SystemRoot\system32\DRIVERS\tosrfbd.sys
0xAE8C4000 \SystemRoot\system32\DRIVERS\Tosrfhid.sys
0xAE8D7000 \SystemRoot\system32\drivers\tosrfsnd.sys
0x77140000 \Windows\System32\ntdll.dll
0x48410000 \Windows\System32\smss.exe
0x77380000 \Windows\System32\apisetschema.dll
0x00290000 \Windows\System32\autochk.exe
0x77290000 \Windows\System32\kernel32.dll
0x770E0000 \Windows\System32\difxapi.dll
0x77280000 \Windows\System32\nsi.dll
0x770D0000 \Windows\System32\normaliz.dll
0x770C0000 \Windows\System32\lpk.dll
0x76FF0000 \Windows\System32\msctf.dll
0x76F90000 \Windows\System32\shlwapi.dll
0x76F10000 \Windows\System32\comdlg32.dll
0x76E40000 \Windows\System32\user32.dll
0x76C80000 \Windows\System32\iertutil.dll
0x76AE0000 \Windows\System32\setupapi.dll
0x76980000 \Windows\System32\ole32.dll
0x76940000 \Windows\System32\ws2_32.dll
0x75CF0000 \Windows\System32\shell32.dll
0x75CD0000 \Windows\System32\sechost.dll
0x75C40000 \Windows\System32\oleaut32.dll
0x75C30000 \Windows\System32\psapi.dll
0x75C10000 \Windows\System32\imm32.dll
0x75BC0000 \Windows\System32\Wldap32.dll
0x75AB0000 \Windows\System32\urlmon.dll
0x75A00000 \Windows\System32\rpcrt4.dll
0x759B0000 \Windows\System32\gdi32.dll
0x75910000 \Windows\System32\usp10.dll
0x75870000 \Windows\System32\advapi32.dll
0x75750000 \Windows\System32\wininet.dll
0x75720000 \Windows\System32\imagehlp.dll
0x75670000 \Windows\System32\msvcrt.dll
0x755E0000 \Windows\System32\clbcatq.dll
0x755C0000 \Windows\System32\devobj.dll
0x75530000 \Windows\System32\comctl32.dll
0x754E0000 \Windows\System32\KernelBase.dll
0x753C0000 \Windows\System32\crypt32.dll
0x75390000 \Windows\System32\wintrust.dll
0x75360000 \Windows\System32\cfgmgr32.dll
0x75350000 \Windows\System32\msasn1.dll

Processes (total 93):
0 System Idle Process
4 System
268 C:\Windows\System32\smss.exe
552 csrss.exe
624 C:\Windows\System32\wininit.exe
636 csrss.exe
672 C:\Windows\System32\services.exe
696 C:\Windows\System32\lsass.exe
704 C:\Windows\System32\lsm.exe
808 C:\Windows\System32\svchost.exe
892 C:\Windows\System32\svchost.exe
940 C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
996 C:\Windows\System32\atiesrxx.exe
1088 C:\Windows\System32\winlogon.exe
1132 C:\Windows\System32\svchost.exe
1176 C:\Windows\System32\svchost.exe
1224 C:\Windows\System32\svchost.exe
1380 C:\Windows\System32\svchost.exe
1488 C:\Windows\System32\svchost.exe
1516 C:\Windows\System32\atieclxx.exe
1624 C:\Program Files\ATK Hotkey\AsLdrSrv.exe
1644 C:\Program Files\ATKGFNEX\GFNEXSrv.exe
1708 C:\Windows\System32\spoolsv.exe
1740 C:\Program Files\Avira\AntiVir Desktop\sched.exe
1768 C:\Windows\System32\svchost.exe
1912 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
1932 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1968 C:\Program Files\Bonjour\mDNSResponder.exe
2008 C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
240 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
280 C:\Windows\System32\conhost.exe
316 C:\Windows\System32\svchost.exe
824 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
640 C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe
1416 C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
1840 C:\Windows\System32\svchost.exe
2064 C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
2784 WmiPrvSE.exe
2988 C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
3304 C:\Windows\System32\taskhost.exe
3324 C:\Windows\System32\taskeng.exe
3384 C:\Windows\System32\dwm.exe
3420 C:\Windows\System32\svchost.exe
3440 C:\Windows\explorer.exe
3472 C:\Program Files\ASUS\ASUS Live Update\ALU.exe
3592 C:\Windows\System32\rundll32.exe
3604 C:\Program Files\ASUS\Splendid\ACMON.exe
3616 C:\Program Files\ATK Hotkey\HControl.exe
3624 C:\Program Files\ATK Hotkey\MsgTranAgt.exe
3632 C:\Program Files\P4G\BatteryLife.exe
3680 C:\Program Files\Wireless Console 2\wcourier.exe
3732 ACEngSvr.exe
3816 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
3844 C:\Program Files\ATKOSD2\ATKOSD2.exe
3896 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
3928 C:\Program Files\ATK Hotkey\ATKOSD.exe
3936 C:\Windows\RtHDVCpl.exe
3964 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
4056 C:\Program Files\ATK Hotkey\HControlUser.exe
2148 C:\Program Files\Common Files\Java\Java Update\jusched.exe
2492 C:\Program Files\DivX\DivX Update\DivXUpdate.exe
2508 C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
2588 C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
2476 C:\Program Files\ATK Hotkey\KBFiltr.exe
2564 C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
2608 C:\Program Files\Logitech\SetPoint\SetPoint.exe
2684 C:\Program Files\ATK Hotkey\WDC.exe
3524 C:\Windows\System32\SearchIndexer.exe
2028 C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
3704 C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
4448 C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
4480 C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
4588 C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
4736 C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
5212 C:\Windows\System32\svchost.exe
5580 C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosSkypeApl.exe
5076 C:\Windows\System32\taskmgr.exe
5452 C:\Program Files\Skype\Phone\Skype.exe
4344 C:\Program Files\Skype\Plugin Manager\skypePM.exe
2956 C:\Program Files\Windows Live\Mail\wlmail.exe
2356 C:\Program Files\Windows Live\Contacts\wlcomm.exe
5832 C:\Program Files\Opera\opera.exe
2928 C:\Windows\System32\audiodg.exe
5592 C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe
5296 C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
5416 C:\Program Files\Mozilla Firefox\firefox.exe
3144 C:\Windows\System32\SearchProtocolHost.exe
5704 WmiPrvSE.exe
5944 C:\Windows\servicing\TrustedInstaller.exe
5524 C:\Windows\System32\SearchFilterHost.exe
5148 C:\Users\Maximilian E. Muelle\Desktop\MBRCheck.exe
5468 C:\Windows\System32\conhost.exe
4664 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`71167600 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000027`b3aef400 (NTFS)
\\.\F: --> \\.\PhysicalDrive2 at offset 0x00000000`00007e00 (NTFS)
\\.\G: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: ST9320320AS, Rev: 0303
PhysicalDrive2 Model Number: WD5000AAV External, Rev: 1.75
PhysicalDrive1 Model Number: Maxtor2, Rev: 0344

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
465 GB \\.\PhysicalDrive2 RE: Unknown MBR code
SHA1: D90653CCC05EE39D4D44E1F67C33297D65F3ED4F
372 GB \\.\PhysicalDrive1 RE: Unknown MBR code
SHA1: CEECB0630DEB98A912C967BD5561D0F2BFE7D8C6


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!
maxdermeister
Active Member
 
Posts: 6
Joined: March 18th, 2011, 7:39 pm

Re: Removal of Sinowal rootkit successful?

Unread postby maxdermeister » March 20th, 2011, 11:04 am

And the first OTL-log:

OTL logfile created on: 20.03.2011 15:27:27 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Maximilian E. Muelle\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8080.16413)
Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy

3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 30,00% Memory free
6,00 Gb Paging File | 4,00 Gb Available in Paging File | 70,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149,04 Gb Total Space | 112,87 Gb Free Space | 75,73% Space Free | Partition Type: NTFS
Drive D: | 139,28 Gb Total Space | 89,26 Gb Free Space | 64,09% Space Free | Partition Type: NTFS
Drive F: | 465,75 Gb Total Space | 102,65 Gb Free Space | 22,04% Space Free | Partition Type: NTFS
Drive G: | 372,61 Gb Total Space | 291,43 Gb Free Space | 78,21% Space Free | Partition Type: NTFS

Computer Name: MAXDERMEISTER | User Name: Maximilian E. Muelle | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Maximilian E. Muelle\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Opera\opera.exe (Opera Software)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - c:\Programme\Microsoft Security Client\Antimalware\MpCmdRun.exe (Microsoft Corporation)
PRC - c:\Programme\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
PRC - c:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Programme\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
PRC - C:\Programme\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Programme\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation)
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
PRC - C:\Programme\Windows Live\Mail\wlmail.exe (Microsoft Corporation)
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe (TOSHIBA CORPORATION.)
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe (TOSHIBA CORPORATION.)
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe (TOSHIBA CORPORATION.)
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe (TOSHIBA CORPORATION.)
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe (TOSHIBA CORPORATION.)
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosSkypeApl.exe (TOSHIBA Corporation)
PRC - C:\Programme\Adobe\Acrobat 9.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Programme\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
PRC - C:\Programme\Common Files\Logishrd\KHAL2\KHALMNPR.exe (Logitech, Inc.)
PRC - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe (TOSHIBA CORPORATION.)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\P4G\BatteryLife.exe (ATK)
PRC - C:\Programme\ASUS\Splendid\ACMON.exe (ATK)
PRC - C:\Programme\ATK Hotkey\HControl.exe (ATK0100)
PRC - C:\Programme\ATKOSD2\ATKOSD2.exe ()
PRC - C:\Programme\ATK Hotkey\WDC.exe ()
PRC - C:\Programme\ATK Hotkey\HControlUser.exe ()
PRC - C:\Programme\ATK Hotkey\ATKOSD.exe ()
PRC - C:\Programme\ASUS\ASUS Live Update\ALU.exe ()
PRC - C:\Programme\ATK Hotkey\MsgTranAgt.exe ()
PRC - C:\Programme\ATK Hotkey\AsLdrSrv.exe ()
PRC - C:\Programme\ATK Hotkey\KBFiltr.exe ()
PRC - C:\Programme\ATKGFNEX\GFNEXSrv.exe ()
PRC - C:\Programme\ASUS\NB Probe\SPM\spmgr.exe ()
PRC - C:\Programme\Wireless Console 2\wcourier.exe ()
PRC - C:\Programme\Common Files\microsoft shared\VS7DEBUG\mdm.exe (Microsoft Corporation)
PRC - C:\Windows\System32\ACEngSvr.exe (ASUSTeK)


========== Modules (SafeList) ==========

MOD - C:\Users\Maximilian E. Muelle\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll (Microsoft Corporation)
MOD - C:\Programme\Logitech\SetPoint\lgscroll.dll (Logitech, Inc.)


========== Win32 Services (SafeList) ==========

SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (NisSrv) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV - (TomTomHOMEService) -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (TOSHIBA Bluetooth Service) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (LBTServ) -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (CVPND) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (ASLDRService) -- C:\Programme\ATK Hotkey\AsLdrSrv.exe ()
SRV - (ATKGFNEXSrv) -- C:\Programme\ATKGFNEX\GFNEXSrv.exe ()
SRV - (spmgr) -- C:\Programme\ASUS\NB Probe\SPM\spmgr.exe ()


========== Driver Services (SafeList) ==========

DRV - (MpKsl943ffa15) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2E137C58-1282-4404-BD8B-01B0241A8E58}\MpKsl943ffa15.sys (Microsoft Corporation)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (speedfan) -- C:\Windows\system32\speedfan.sys (Almico Software)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV - (MpNWMon) -- C:\Windows\System32\drivers\MpNWMon.sys (Microsoft Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (MEMSWEEP2) -- C:\Windows\System32\BBEE.tmp (Sophos Plc)
DRV - (vnet) -- C:\Windows\System32\drivers\virtualnet.sys (Shrew Soft Inc)
DRV - (NETw5s32) Intel(R) -- C:\Windows\System32\drivers\NETw5s32.sys (Intel Corporation)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (tosrfusb) -- C:\Windows\System32\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV - (TosRfSnd) -- C:\Windows\System32\drivers\TosRfSnd.sys (TOSHIBA Corporation)
DRV - (Tosrfcom) -- C:\Windows\System32\drivers\tosrfcom.sys (TOSHIBA Corporation)
DRV - (tosrfnds) -- C:\Windows\System32\drivers\tosrfnds.sys (TOSHIBA Corporation.)
DRV - (Serial) -- C:\Windows\system32\DRIVERS\serial.sys (Brother Industries Ltd.)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (LSI Corp)
DRV - (netw5v32) Intel(R) -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation)
DRV - (tosrfbd) -- C:\Windows\System32\drivers\tosrfbd.sys (TOSHIBA CORPORATION)
DRV - (Tosrfhid) -- C:\Windows\System32\drivers\Tosrfhid.sys (TOSHIBA Corporation.)
DRV - (tosrfbnp) -- C:\Windows\System32\drivers\tosrfbnp.sys (TOSHIBA Corporation)
DRV - (tosporte) -- C:\Windows\System32\drivers\tosporte.sys (TOSHIBA Corporation)
DRV - (AtiHdmiService) -- C:\Windows\System32\drivers\AtiHdmi.sys (ATI Research Inc.)
DRV - (vflt) -- C:\Windows\System32\drivers\vfilter.sys (Shrew Soft Inc)
DRV - (LUsbFilt) -- C:\Windows\System32\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation )
DRV - (MosIrUsb) -- C:\Windows\System32\drivers\MosIrUsb.sys ()
DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys ()
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (ghaio) -- C:\Programme\ASUS\NB Probe\SPM\ghaio.sys ()
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (ASMMAP) -- C:\Programme\ATKGFNEX\ASMMAP.sys ()
DRV - (kbfiltr) -- C:\Windows\System32\drivers\kbfiltr.sys ( )
DRV - (MTsensor) -- C:\Windows\System32\drivers\ATKACPI.sys (ATK0100)
DRV - (giveio) -- C:\Windows\system32\giveio.sys ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain ... &bmod=ASUS
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain ... &bmod=ASUS


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-4032107180-2028311288-862190038-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain ... &bmod=ASUS
IE - HKU\S-1-5-21-4032107180-2028311288-862190038-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ch/
IE - HKU\S-1-5-21-4032107180-2028311288-862190038-1000\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-4032107180-2028311288-862190038-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4032107180-2028311288-862190038-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "tagesanzeiger.ch"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.77
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.03.06 08:53:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.03.04 23:09:42 | 000,000,000 | ---D | M]

[2009.11.07 17:16:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Maximilian E. Muelle\AppData\Roaming\mozilla\Extensions
[2009.05.26 17:48:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Maximilian E. Muelle\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2011.03.20 09:36:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Maximilian E. Muelle\AppData\Roaming\mozilla\Firefox\Profiles\w29d14ch.default\extensions
[2011.03.18 23:53:10 | 000,000,000 | ---D | M] (BitDefender QuickScan) -- C:\Users\Maximilian E. Muelle\AppData\Roaming\mozilla\Firefox\Profiles\w29d14ch.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2011.03.20 09:36:14 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.04.21 22:13:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011.03.19 00:13:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2010.04.21 22:13:33 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011.03.19 00:13:48 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2009.03.05 17:08:04 | 000,049,664 | ---- | M] () -- C:\Programme\Mozilla Firefox\components\FFComm.dll
[2011.02.02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.07.12 17:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npwachk.dll
[2007.03.10 00:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Programme\Mozilla Firefox\plugins\npyaxmpb.dll
[2010.09.16 20:33:42 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.09.16 20:33:42 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.09.16 20:33:42 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.09.16 20:33:42 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.09.16 20:33:42 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2011.03.18 21:46:06 | 000,000,808 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-4032107180-2028311288-862190038-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files\ATKOSD2\ATKOSD2.exe ()
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HControlUser] C:\Program Files\ATK Hotkey\HcontrolUser.exe ()
O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKU\S-1-5-21-4032107180-2028311288-862190038-1000..\Run: [Polar Sync] File not found
O4 - HKU\S-1-5-21-4032107180-2028311288-862190038-1000..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-4032107180-2028311288-862190038-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resourc ... oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (acaptuser32.dll) - C:\Windows\System32\acaptuser32.dll (Adobe Systems, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O24 - Desktop WallPaper: C:\Users\Maximilian E. Muelle\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Maximilian E. Muelle\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010.04.05 09:09:33 | 000,000,000 | ---D | M] - D:\auto -- [ NTFS ]
O32 - AutoRun File - [2003.06.16 20:46:01 | 000,024,064 | ---- | M] () - F:\autonamen.doc -- [ NTFS ]
O32 - AutoRun File - [2011.03.19 02:21:43 | 000,000,000 | ---D | M] - G:\auto -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011.03.20 15:25:30 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Maximilian E. Muelle\Desktop\OTL.exe
[2011.03.19 02:25:02 | 000,000,000 | ---D | C] -- C:\Users\Maximilian E. Muelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan
[2011.03.19 02:25:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan
[2011.03.19 01:25:34 | 000,000,000 | ---D | C] -- C:\Users\Maximilian E. Muelle\AppData\Local\MigWiz
[2011.03.19 00:14:01 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Java
[2011.03.19 00:13:46 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011.03.19 00:13:46 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011.03.19 00:13:46 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011.03.18 23:53:21 | 000,000,000 | ---D | C] -- C:\Users\Maximilian E. Muelle\AppData\Roaming\QuickScan
[2011.03.18 22:34:06 | 000,000,000 | ---D | C] -- C:\Users\Maximilian E. Muelle\DoctorWeb
[2011.03.18 21:54:47 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Maximilian E. Muelle\Desktop\HiJackThis204.exe
[2011.03.18 21:52:26 | 000,000,000 | ---D | C] -- C:\Users\Maximilian E. Muelle\AppData\Roaming\Malwarebytes
[2011.03.18 21:29:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.03.18 21:29:55 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.03.18 21:29:54 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.03.18 21:29:54 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.03.18 21:29:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.03.18 21:10:49 | 000,000,000 | ---D | C] -- C:\Programme\Sophos
[2011.03.17 23:29:55 | 000,000,000 | ---D | C] -- C:\Users\Maximilian E. Muelle\AppData\Roaming\Avira
[2011.03.17 22:37:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011.03.17 22:35:16 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2011.03.17 22:35:14 | 000,137,656 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011.03.17 22:35:14 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2011.03.17 22:35:13 | 000,000,000 | ---D | C] -- C:\Programme\Avira
[2011.03.17 22:35:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011.03.17 20:59:05 | 000,000,000 | ---D | C] -- C:\Windows\System32\%LocalAppData%
[2011.03.12 21:25:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011.03.12 21:24:51 | 000,000,000 | ---D | C] -- C:\Programme\iPod
[2011.03.12 21:24:50 | 000,000,000 | ---D | C] -- C:\Programme\iTunes
[2011.03.08 22:46:41 | 000,642,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CPFilters.dll
[2011.03.08 22:46:41 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011.03.08 22:46:40 | 000,850,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll
[2011.03.08 22:46:40 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2011.03.05 17:04:20 | 000,000,000 | ---D | C] -- C:\Programme\Bonjour
[2011.02.26 07:36:49 | 000,000,000 | ---D | C] -- C:\Windows\System32\SPReview
[2011.02.26 07:35:42 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2011.02.26 07:33:00 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\TsUsbFlt.sys
[2011.02.26 07:33:00 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
[2011.02.26 07:32:54 | 001,171,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2011.02.26 07:32:54 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll
[2011.02.26 07:32:54 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll
[2011.02.26 07:32:50 | 000,870,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011.02.26 07:32:49 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2011.02.26 07:32:48 | 000,423,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2011.02.26 07:32:46 | 000,327,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2011.02.26 07:32:44 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2011.02.26 07:32:42 | 000,322,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2011.02.26 07:32:40 | 000,253,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwizui.dll
[2011.02.26 07:32:36 | 003,207,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2011.02.26 07:32:35 | 003,966,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011.02.26 07:32:35 | 000,520,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mcupdate_GenuineIntel.dll
[2011.02.26 07:32:34 | 001,334,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertEnroll.dll
[2011.02.26 07:32:33 | 001,401,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssrch.dll
[2011.02.26 07:32:31 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2011.02.26 07:32:31 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2011.02.26 07:32:30 | 003,911,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011.02.26 07:32:30 | 001,698,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\esent.dll
[2011.02.26 07:32:29 | 001,548,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tquery.dll
[2011.02.26 07:32:27 | 001,115,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RacEngn.dll
[2011.02.26 07:32:26 | 005,066,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuthFWSnapin.dll
[2011.02.26 07:32:22 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ExplorerFrame.dll
[2011.02.26 07:32:20 | 002,616,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2011.02.26 07:32:20 | 001,828,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d9.dll
[2011.02.26 07:32:20 | 001,076,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2011.02.26 07:32:19 | 000,505,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll
[2011.02.26 07:32:16 | 000,280,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spreview.exe
[2011.02.26 07:32:15 | 000,456,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spinstall.exe
[2011.02.26 07:32:14 | 001,038,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll
[2011.02.26 07:32:14 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wer.dll
[2011.02.26 07:32:14 | 000,342,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certcli.dll
[2011.02.26 07:32:12 | 001,371,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dwmcore.dll
[2011.02.26 07:32:12 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll
[2011.02.26 07:32:11 | 000,863,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diagperf.dll
[2011.02.26 07:32:10 | 003,367,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinSAT.exe
[2011.02.26 07:32:10 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scavengeui.dll
[2011.02.26 07:32:09 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2011.02.26 07:32:09 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TSWorkspace.dll
[2011.02.26 07:32:09 | 000,270,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsmf.dll
[2011.02.26 07:32:09 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3api.dll
[2011.02.26 07:32:08 | 000,768,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\localspl.dll
[2011.02.26 07:32:08 | 000,283,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2011.02.26 07:32:06 | 002,522,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dbgeng.dll
[2011.02.26 07:32:05 | 000,563,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netlogon.dll
[2011.02.26 07:32:05 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
[2011.02.26 07:32:05 | 000,406,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcfgx.dll
[2011.02.26 07:32:04 | 001,619,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVDECOD.DLL
[2011.02.26 07:32:03 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webio.dll
[2011.02.26 07:32:02 | 001,363,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Query.dll
[2011.02.26 07:32:02 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\upnp.dll
[2011.02.26 07:32:01 | 002,151,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmcndmgr.dll
[2011.02.26 07:32:01 | 000,252,928 | ---- | C] (Microsoft) -- C:\Windows\System32\DShowRdpFilter.dll
[2011.02.26 07:32:01 | 000,049,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2011.02.26 07:32:00 | 000,732,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imapi2fs.dll
[2011.02.26 07:32:00 | 000,341,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll
[2011.02.26 07:31:59 | 001,792,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
[2011.02.26 07:31:59 | 000,974,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sppobjs.dll
[2011.02.26 07:31:58 | 000,547,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
[2011.02.26 07:31:57 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mcbuilder.exe
[2011.02.26 07:31:56 | 001,712,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll
[2011.02.26 07:31:56 | 001,555,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certmgr.dll
[2011.02.26 07:31:56 | 000,508,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winload.exe
[2011.02.26 07:31:56 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2011.02.26 07:31:55 | 000,412,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sppwinob.dll
[2011.02.26 07:31:54 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmd.exe
[2011.02.26 07:31:52 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32spl.dll
[2011.02.26 07:31:52 | 000,296,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfds.dll
[2011.02.26 07:31:52 | 000,206,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\framedynos.dll
[2011.02.26 07:31:51 | 000,551,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\samsrv.dll
[2011.02.26 07:31:51 | 000,240,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2011.02.26 07:31:50 | 002,414,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2011.02.26 07:31:50 | 001,063,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\werconcpl.dll
[2011.02.26 07:31:50 | 000,762,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\azroles.dll
[2011.02.26 07:31:50 | 000,442,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winresume.exe
[2011.02.26 07:31:50 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncsi.dll
[2011.02.26 07:31:47 | 000,168,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\credui.dll
[2011.02.26 07:31:47 | 000,148,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\storport.sys
[2011.02.26 07:31:46 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll
[2011.02.26 07:31:46 | 000,144,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\basecsp.dll
[2011.02.26 07:31:45 | 000,854,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dbghelp.dll
[2011.02.26 07:31:45 | 000,801,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NaturalLanguage6.dll
[2011.02.26 07:31:45 | 000,508,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2011.02.26 07:31:45 | 000,488,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\evr.dll
[2011.02.26 07:31:45 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll
[2011.02.26 07:31:44 | 000,776,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\calc.exe
[2011.02.26 07:31:44 | 000,335,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinSATAPI.dll
[2011.02.26 07:31:42 | 000,778,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sqlsrv32.dll
[2011.02.26 07:31:42 | 000,242,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vpnike.dll
[2011.02.26 07:31:41 | 002,983,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbon.dll
[2011.02.26 07:31:41 | 000,477,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lpksetup.exe
[2011.02.26 07:31:41 | 000,271,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fveapi.dll
[2011.02.26 07:31:40 | 000,380,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sxs.dll
[2011.02.26 07:31:39 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hgprint.dll
[2011.02.26 07:31:37 | 000,126,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetpp.dll
[2011.02.26 07:31:37 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prncache.dll
[2011.02.26 07:31:36 | 000,352,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpeffects.dll
[2011.02.26 07:31:35 | 000,690,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ci.dll
[2011.02.26 07:31:35 | 000,458,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDApi.dll
[2011.02.26 07:31:35 | 000,321,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aepdu.dll
[2011.02.26 07:31:35 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\net1.exe
[2011.02.26 07:31:35 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rpchttp.dll
[2011.02.26 07:31:35 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aitagent.exe
[2011.02.26 07:31:34 | 001,163,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2011.02.26 07:31:34 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scansetting.dll
[2011.02.26 07:31:32 | 002,504,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVCORE.DLL
[2011.02.26 07:31:32 | 000,213,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MMDevAPI.dll
[2011.02.26 07:31:32 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2011.02.26 07:31:32 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\davclnt.dll
[2011.02.26 07:31:31 | 000,411,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlangpui.dll
[2011.02.26 07:31:31 | 000,167,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\QSHVHOST.DLL
[2011.02.26 07:31:31 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aaclient.dll
[2011.02.26 07:31:31 | 000,101,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2011.02.26 07:31:30 | 001,750,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pnidui.dll
[2011.02.26 07:31:30 | 000,782,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webservices.dll
[2011.02.26 07:31:30 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2011.02.26 07:31:29 | 002,146,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SyncCenter.dll
[2011.02.26 07:31:29 | 000,225,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netdiagfx.dll
[2011.02.26 07:31:29 | 000,124,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fde.dll
[2011.02.26 07:31:29 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbGDCoInstaller.dll
[2011.02.26 07:31:27 | 000,907,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdengin2.dll
[2011.02.26 07:31:27 | 000,560,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2011.02.26 07:31:27 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscapi.dll
[2011.02.26 07:31:26 | 000,802,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WFS.exe
[2011.02.26 07:31:26 | 000,134,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinSCard.dll
[2011.02.26 07:31:25 | 000,830,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSMPEG2ENC.DLL
[2011.02.26 07:31:25 | 000,727,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mcmde.dll
[2011.02.26 07:31:24 | 000,826,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcore.dll
[2011.02.26 07:31:24 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
[2011.02.26 07:31:24 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsta.dll
[2011.02.26 07:31:23 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\setupcl.exe
[2011.02.26 07:31:22 | 000,630,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DXPTaskRingtone.dll
[2011.02.26 07:31:22 | 000,392,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imapi2.dll
[2011.02.26 07:31:22 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aeinv.dll
[2011.02.26 07:31:22 | 000,027,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Diskdump.sys
[2011.02.26 07:31:21 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2011.02.26 07:31:20 | 001,624,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPEncEn.dll
[2011.02.26 07:31:20 | 000,199,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\onex.dll
[2011.02.26 07:31:20 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dwmredir.dll
[2011.02.26 07:31:19 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssvp.dll
[2011.02.26 07:31:19 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hbaapi.dll
[2011.02.26 07:31:18 | 000,658,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autofmt.exe
[2011.02.26 07:31:18 | 000,196,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vaultsvc.dll
[2011.02.26 07:31:17 | 002,217,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bootres.dll
[2011.02.26 07:31:17 | 001,077,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Narrator.exe
[2011.02.26 07:31:17 | 000,166,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiohlp.dll
[2011.02.26 07:31:17 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
[2011.02.26 07:31:16 | 000,679,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autoconv.exe
[2011.02.26 07:31:16 | 000,303,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msinfo32.exe
[2011.02.26 07:31:16 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AudioSes.dll
[2011.02.26 07:31:16 | 000,194,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\halmacpi.dll
[2011.02.26 07:31:16 | 000,194,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hal.dll
[2011.02.26 07:31:16 | 000,167,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msutb.dll
[2011.02.26 07:31:16 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IPHLPAPI.DLL
[2011.02.26 07:31:16 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\regapi.dll
[2011.02.26 07:31:16 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mimefilt.dll
[2011.02.26 07:31:16 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\proquota.exe
[2011.02.26 07:31:15 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\powercpl.dll
[2011.02.26 07:31:15 | 000,400,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ipsmsnap.dll
[2011.02.26 07:31:15 | 000,301,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srchadmin.dll
[2011.02.26 07:31:15 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eapphost.dll
[2011.02.26 07:31:15 | 000,181,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tcpipcfg.dll
[2011.02.26 07:31:15 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\schtasks.exe
[2011.02.26 07:31:14 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msihnd.dll
[2011.02.26 07:31:14 | 000,202,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\framedyn.dll
[2011.02.26 07:31:14 | 000,190,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FXSCOVER.exe
[2011.02.26 07:31:14 | 000,155,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscorier.dll
[2011.02.26 07:31:12 | 000,665,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuxiliaryDisplayCpl.dll
[2011.02.26 07:31:12 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
[2011.02.26 07:31:12 | 000,171,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\QAGENT.DLL
[2011.02.26 07:31:12 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netid.dll
[2011.02.26 07:31:11 | 001,227,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdc.dll
[2011.02.26 07:31:11 | 000,399,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DXP.dll
[2011.02.26 07:31:11 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2011.02.26 07:31:10 | 000,372,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rastls.dll
[2011.02.26 07:31:10 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\untfs.dll
[2011.02.26 07:31:10 | 000,307,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scesrv.dll
[2011.02.26 07:31:10 | 000,132,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ataport.sys
[2011.02.26 07:31:09 | 001,131,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe
[2011.02.26 07:31:09 | 000,933,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Vault.dll
[2011.02.26 07:31:09 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nci.dll
[2011.02.26 07:31:08 | 001,326,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanpref.dll
[2011.02.26 07:31:07 | 001,003,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMNetMgr.dll
[2011.02.26 07:31:07 | 000,098,816 | ---- | C] (Microsoft) -- C:\Windows\System32\Robocopy.exe
[2011.02.26 07:31:06 | 001,400,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DxpTaskSync.dll
[2011.02.26 07:31:06 | 000,187,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS
[2011.02.26 07:31:05 | 001,040,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Display.dll
[2011.02.26 07:31:05 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdri.dll
[2011.02.26 07:31:05 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mtxclu.dll
[2011.02.26 07:31:04 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\puiobj.dll
[2011.02.26 07:31:04 | 000,316,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sharemediacpl.dll
[2011.02.26 07:31:04 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssphtb.dll
[2011.02.26 07:31:04 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2011.02.26 07:31:03 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\termmgr.dll
[2011.02.26 07:31:02 | 001,188,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DiagCpl.dll
[2011.02.26 07:31:02 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eudcedit.exe
[2011.02.26 07:31:02 | 000,140,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\scsiport.sys
[2011.02.26 07:31:00 | 001,066,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtctm.dll
[2011.02.26 07:31:00 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\biocpl.dll
[2011.02.26 07:31:00 | 000,416,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wiadefui.dll
[2011.02.26 07:31:00 | 000,233,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msconfig.exe
[2011.02.26 07:31:00 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sppcomapi.dll
[2011.02.26 07:31:00 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasppp.dll
[2011.02.26 07:31:00 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logoncli.dll
[2011.02.26 07:31:00 | 000,111,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shsetup.dll
[2011.02.26 07:30:59 | 000,856,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FirewallControlPanel.dll
[2011.02.26 07:30:58 | 002,202,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SensorsCpl.dll
[2011.02.26 07:30:58 | 002,157,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\themecpl.dll
[2011.02.26 07:30:57 | 000,766,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpccpl.dll
[2011.02.26 07:30:57 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FWPUCLNT.DLL
[2011.02.26 07:30:57 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscmmc.dll
[2011.02.26 07:30:56 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoScreensaver.scr
[2011.02.26 07:30:56 | 000,312,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hgcpl.dll
[2011.02.26 07:30:55 | 000,175,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scecli.dll
[2011.02.26 07:30:55 | 000,169,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2011.02.26 07:30:54 | 000,481,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscms.dll
[2011.02.26 07:30:54 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\localsec.dll
[2011.02.26 07:30:54 | 000,268,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mprddm.dll
[2011.02.26 07:30:54 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SndVolSSO.dll
[2011.02.26 07:30:54 | 000,080,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscories.dll
[2011.02.26 07:30:54 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasacct.dll
[2011.02.26 07:30:53 | 000,400,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srcore.dll
[2011.02.26 07:30:53 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bcdsrv.dll
[2011.02.26 07:30:52 | 000,740,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\batmeter.dll
[2011.02.26 07:30:52 | 000,638,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VAN.dll
[2011.02.26 07:30:52 | 000,600,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PerfCenterCPL.dll
[2011.02.26 07:30:52 | 000,600,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\usercpl.dll
[2011.02.26 07:30:52 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qedit.dll
[2011.02.26 07:30:52 | 000,410,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanui.dll
[2011.02.26 07:30:51 | 001,644,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcenter.dll
[2011.02.26 07:30:51 | 000,941,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mblctr.exe
[2011.02.26 07:30:51 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
[2011.02.26 07:30:51 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SndVol.exe
[2011.02.26 07:30:51 | 000,120,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prntvpt.dll
[2011.02.26 07:30:51 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\w32tm.exe
[2011.02.26 07:30:50 | 003,727,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\accessibilitycpl.dll
[2011.02.26 07:30:50 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwizeng.dll
[2011.02.26 07:30:50 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\azroleui.dll
[2011.02.26 07:30:50 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wksprt.exe
[2011.02.26 07:30:49 | 000,190,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ks.sys
[2011.02.26 07:30:49 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdeploy.dll
[2011.02.26 07:30:48 | 000,516,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\main.cpl
[2011.02.26 07:30:48 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSAC3ENC.DLL
[2011.02.26 07:30:47 | 000,186,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adsldp.dll
[2011.02.26 07:30:47 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netjoin.dll
[2011.02.26 07:30:46 | 002,130,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\networkmap.dll
[2011.02.26 07:30:46 | 000,414,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mspbda.dll
[2011.02.26 07:30:46 | 000,395,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prnfldr.dll
[2011.02.26 07:30:46 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Faultrep.dll
[2011.02.26 07:30:46 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wusa.exe
[2011.02.26 07:30:46 | 000,312,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MCEWMDRMNDBootstrap.dll
[2011.02.26 07:30:45 | 000,755,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sud.dll
[2011.02.26 07:30:45 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ActionCenter.dll
[2011.02.26 07:30:45 | 000,218,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OnLineIDCpl.dll
[2011.02.26 07:30:44 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sysmon.ocx
[2011.02.26 07:30:44 | 000,325,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slui.exe
[2011.02.26 07:30:44 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iprtrmgr.dll
[2011.02.26 07:30:44 | 000,266,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MediaMetadataHandler.dll
[2011.02.26 07:30:44 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskbarcpl.dll
[2011.02.26 07:30:44 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrad.dll
[2011.02.26 07:30:44 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidclass.sys
[2011.02.26 07:30:44 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
[2011.02.26 07:30:43 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\defaultlocationcpl.dll
[2011.02.26 07:30:43 | 000,137,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\halacpi.dll
[2011.02.26 07:30:43 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorekmts.dll
[2011.02.26 07:30:43 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3cfg.dll
[2011.02.26 07:30:42 | 000,692,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bthprops.cpl
[2011.02.26 07:30:42 | 000,345,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\intl.cpl
[2011.02.26 07:30:42 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ftp.exe
[2011.02.26 07:30:42 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sisbkup.dll
[2011.02.26 07:30:41 | 000,577,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpd_ci.dll
[2011.02.26 07:30:41 | 000,428,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shwebsvc.dll
[2011.02.26 07:30:41 | 000,205,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\efscore.dll
[2011.02.26 07:30:41 | 000,148,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ifsutil.dll
[2011.02.26 07:30:40 | 000,750,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdcpl.dll
[2011.02.26 07:30:40 | 000,600,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TabletPC.cpl
[2011.02.26 07:30:40 | 000,537,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ActionCenterCPL.dll
[2011.02.26 07:30:40 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbcjt32.dll
[2011.02.26 07:30:40 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fsquirt.exe
[2011.02.26 07:30:40 | 000,146,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autoplay.dll
[2011.02.26 07:30:40 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\recovery.dll
[2011.02.26 07:30:40 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpwsx.dll
[2011.02.26 07:30:39 | 000,484,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DeviceCenter.dll
[2011.02.26 07:30:39 | 000,295,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bcdedit.exe
[2011.02.26 07:30:39 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sppnp.dll
[2011.02.26 07:30:39 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntlanman.dll
[2011.02.26 07:30:38 | 000,738,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll
[2011.02.26 07:30:38 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSTPager.ax
[2011.02.26 07:30:37 | 000,859,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OobeFldr.dll
[2011.02.26 07:30:37 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll
[2011.02.26 07:30:36 | 000,656,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshwfp.dll
[2011.02.26 07:30:36 | 000,473,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\riched20.dll
[2011.02.26 07:30:36 | 000,410,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\systemcpl.dll
[2011.02.26 07:30:36 | 000,297,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntprint.dll
[2011.02.26 07:30:36 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sethc.exe
[2011.02.26 07:30:36 | 000,210,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\recdisc.exe
[2011.02.26 07:30:36 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SmartcardCredentialProvider.dll
[2011.02.26 07:30:36 | 000,151,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdsutil.dll
[2011.02.26 07:30:36 | 000,146,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bcdboot.exe
[2011.02.26 07:30:35 | 000,262,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rstrui.exe
[2011.02.26 07:30:34 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\blackbox.dll
[2011.02.26 07:30:34 | 000,202,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\activeds.dll
[2011.02.26 07:30:34 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ksproxy.ax
[2011.02.26 07:30:34 | 000,182,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpsrcwp.dll
[2011.02.26 07:30:34 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuxiliaryDisplayServices.dll
[2011.02.26 07:30:34 | 000,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NAPHLPR.DLL
[2011.02.26 07:30:34 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\migisol.dll
[2011.02.26 07:30:34 | 000,093,696 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\System32\fms.dll
[2011.02.26 07:30:33 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdosys.dll
[2011.02.26 07:30:33 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\httpapi.dll
[2011.02.26 07:30:32 | 000,346,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshipsec.dll
[2011.02.26 07:30:32 | 000,254,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsqmcons.exe
[2011.02.26 07:30:32 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll
[2011.02.26 07:30:31 | 000,592,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msftedit.dll
[2011.02.26 07:30:31 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanmsm.dll
[2011.02.26 07:30:31 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ReAgent.dll
[2011.02.26 07:30:31 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wavemsp.dll
[2011.02.26 07:30:31 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2011.02.26 07:30:31 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\isoburn.exe
[2011.02.26 07:30:30 | 000,586,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dfrgui.exe
[2011.02.26 07:30:30 | 000,333,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3ui.dll
[2011.02.26 07:30:30 | 000,198,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sysclass.dll
[2011.02.26 07:30:30 | 000,197,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ocsetup.exe
[2011.02.26 07:30:30 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzutil.exe
[2011.02.26 07:30:30 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wtsapi32.dll
[2011.02.26 07:30:29 | 000,444,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wvc.dll
[2011.02.26 07:30:29 | 000,406,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wimgapi.dll
[2011.02.26 07:30:29 | 000,281,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unimdm.tsp
[2011.02.26 07:30:27 | 000,190,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qcap.dll
[2011.02.26 07:30:27 | 000,113,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\setupugc.exe
[2011.02.26 07:30:27 | 000,051,200 | ---- | C] (Twain Working Group) -- C:\Windows\twain_32.dll
maxdermeister
Active Member
 
Posts: 6
Joined: March 18th, 2011, 7:39 pm

Re: Removal of Sinowal rootkit successful?

Unread postby maxdermeister » March 20th, 2011, 11:06 am

Second part of the first OTL-Log

[2011.02.26 07:30:26 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qasf.dll
[2011.02.26 07:30:26 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\uxlib.dll
[2011.02.26 07:30:26 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slwga.dll
[2011.02.26 07:30:25 | 000,293,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ssText3d.scr
[2011.02.26 07:30:25 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srrstr.dll
[2011.02.26 07:30:25 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wwanconn.dll
[2011.02.26 07:30:24 | 000,616,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmdrmsdk.dll
[2011.02.26 07:30:24 | 000,230,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\clusapi.dll
[2011.02.26 07:30:24 | 000,120,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvfw32.dll
[2011.02.26 07:30:24 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nslookup.exe
[2011.02.26 07:30:24 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2011.02.26 07:30:23 | 000,211,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DevicePairingFolder.dll
[2011.02.26 07:30:22 | 000,504,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscp.dll
[2011.02.26 07:30:22 | 000,327,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wimserv.exe
[2011.02.26 07:30:22 | 000,276,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diskraid.exe
[2011.02.26 07:30:21 | 000,402,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drmmgrtn.dll
[2011.02.26 07:30:21 | 000,318,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\raschap.dll
[2011.02.26 07:30:21 | 000,202,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\input.dll
[2011.02.26 07:30:21 | 000,186,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpencom.dll
[2011.02.26 07:30:21 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\perfmon.exe
[2011.02.26 07:30:21 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\QUTIL.DLL
[2011.02.26 07:30:21 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\acppage.dll
[2011.02.26 07:30:20 | 000,292,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsAnytimeUpgradeResults.exe
[2011.02.26 07:30:20 | 000,174,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ocsetapi.dll
[2011.02.26 07:30:20 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccp32.dll
[2011.02.26 07:30:20 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UserAccountControlSettings.dll
[2011.02.26 07:30:20 | 000,046,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NAPCRYPT.DLL
[2011.02.26 07:30:20 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vpnikeapi.dll
[2011.02.26 07:30:19 | 001,111,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\onexui.dll
[2011.02.26 07:30:19 | 000,327,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nltest.exe
[2011.02.26 07:30:19 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iTVData.dll
[2011.02.26 07:30:19 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdsbas.dll
[2011.02.26 07:30:18 | 000,198,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpdwcn.dll
[2011.02.26 07:30:18 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\bfsvc.exe
[2011.02.26 07:30:18 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\runonce.exe
[2011.02.26 07:30:17 | 000,210,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiagn.dll
[2011.02.26 07:30:16 | 000,176,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFPlay.dll
[2011.02.26 07:30:16 | 000,095,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logagent.exe
[2011.02.26 07:30:16 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sspisrv.dll
[2011.02.26 07:30:15 | 000,489,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2011.02.26 07:30:15 | 000,242,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eapp3hst.dll
[2011.02.26 07:30:15 | 000,117,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rmcast.sys
[2011.02.26 07:30:15 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PnPUnattend.exe
[2011.02.26 07:30:14 | 000,507,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmdrmdev.dll
[2011.02.26 07:30:14 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shacct.dll
[2011.02.26 07:30:12 | 000,878,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Bubbles.scr
[2011.02.26 07:30:12 | 000,309,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sqlcese30.dll
[2011.02.26 07:30:12 | 000,186,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bitsadmin.exe
[2011.02.26 07:30:12 | 000,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2011.02.26 07:30:12 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unimdmat.dll
[2011.02.26 07:30:12 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpd3d.dll
[2011.02.26 07:30:12 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iscsium.dll
[2011.02.26 07:30:12 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsmproxy.dll
[2011.02.26 07:30:11 | 001,160,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll
[2011.02.26 07:30:11 | 000,236,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pdh.dll
[2011.02.26 07:30:11 | 000,211,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys
[2011.02.26 07:30:11 | 000,183,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceSyncProvider.dll
[2011.02.26 07:30:11 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mprapi.dll
[2011.02.26 07:30:11 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kstvtune.ax
[2011.02.26 07:30:11 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tabcal.exe
[2011.02.26 07:30:10 | 000,427,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceStatus.dll
[2011.02.26 07:30:10 | 000,350,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDSp.dll
[2011.02.26 07:30:10 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Ribbons.scr
[2011.02.26 07:30:10 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbctrac.dll
[2011.02.26 07:30:10 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFPlatform.dll
[2011.02.26 07:30:10 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MdSched.exe
[2011.02.26 07:30:10 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logman.exe
[2011.02.26 07:30:10 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\olethk32.dll
[2011.02.26 07:30:10 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lpremove.exe
[2011.02.26 07:30:10 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncryptui.dll
[2011.02.26 07:30:10 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\djoin.exe
[2011.02.26 07:30:10 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wwanprotdim.dll
[2011.02.26 07:30:09 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mystify.scr
[2011.02.26 07:30:09 | 000,179,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ActionQueue.dll
[2011.02.26 07:30:09 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\powercfg.cpl
[2011.02.26 07:30:09 | 000,099,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\QSVRMGMT.DLL
[2011.02.26 07:30:09 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mapistub.dll
[2011.02.26 07:30:09 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mapi32.dll
[2011.02.26 07:30:09 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsgqec.dll
[2011.02.26 07:30:08 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMADMOD.DLL
[2011.02.26 07:30:08 | 000,318,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2011.02.26 07:30:08 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mpeg2Data.ax
[2011.02.26 07:30:08 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\utildll.dll
[2011.02.26 07:30:07 | 000,115,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3msm.dll
[2011.02.26 07:30:07 | 000,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wiavideo.dll
[2011.02.26 07:30:07 | 000,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Kswdmcap.ax
[2011.02.26 07:30:07 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fphc.dll
[2011.02.26 07:30:07 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2011.02.26 07:30:06 | 000,541,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVSDECD.DLL
[2011.02.26 07:30:06 | 000,436,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmdrmnet.dll
[2011.02.26 07:30:06 | 000,257,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsAnytimeUpgrade.exe
[2011.02.26 07:30:06 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sqmapi.dll
[2011.02.26 07:30:06 | 000,153,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VBICodec.ax
[2011.02.26 07:30:06 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2011.02.26 07:30:06 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\takeown.exe
[2011.02.26 07:30:06 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe
[2011.02.26 07:30:05 | 000,283,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdv.dll
[2011.02.26 07:30:05 | 000,265,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msnetobj.dll
[2011.02.26 07:30:05 | 000,128,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EhStorAPI.dll
[2011.02.26 07:30:05 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sppinst.dll
[2011.02.26 07:30:04 | 000,567,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFx.dll
[2011.02.26 07:30:04 | 000,202,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unattend.dll
[2011.02.26 07:30:04 | 000,182,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RelPost.exe
[2011.02.26 07:30:04 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmstp.exe
[2011.02.26 07:30:04 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\QCLIPROV.DLL
[2011.02.26 07:30:04 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MuiUnattend.exe
[2011.02.26 07:30:04 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cca.dll
[2011.02.26 07:30:04 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vfwwdm32.dll
[2011.02.26 07:30:03 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pdhui.dll
[2011.02.26 07:30:01 | 000,739,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMSPDMOD.DLL
[2011.02.26 07:30:01 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\setupcln.dll
[2011.02.26 07:30:01 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsnmp32.dll
[2011.02.26 07:30:01 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\basesrv.dll
[2011.02.26 07:30:00 | 000,176,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msorcl32.dll
[2011.02.26 07:30:00 | 000,128,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\desk.cpl
[2011.02.26 07:30:00 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrecst.dll
[2011.02.26 07:30:00 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\umb.dll
[2011.02.26 07:30:00 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PrintIsolationProxy.dll
[2011.02.26 07:30:00 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AzSqlExt.dll
[2011.02.26 07:29:59 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iscsicli.exe
[2011.02.26 07:29:59 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amstream.dll
[2011.02.26 07:29:59 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spbcd.dll
[2011.02.26 07:29:59 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wkscli.dll
[2011.02.26 07:29:59 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WavDest.dll
[2011.02.26 07:29:59 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\relog.exe
[2011.02.26 07:29:59 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiougc.exe
[2011.02.26 07:29:58 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diskpart.exe
[2011.02.26 07:29:58 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rastapi.dll
[2011.02.26 07:29:58 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netbtugc.exe
[2011.02.26 07:29:57 | 001,027,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IMJP10.IME
[2011.02.26 07:29:57 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\itircl.dll
[2011.02.26 07:29:57 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2011.02.26 07:29:57 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2011.02.26 07:29:57 | 000,071,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\resutils.dll
[2011.02.26 07:29:57 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertPolEng.dll
[2011.02.26 07:29:57 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MultiDigiMon.exe
[2011.02.26 07:29:57 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\setbcdlocale.dll
[2011.02.26 07:29:57 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ksxbar.ax
[2011.02.26 07:29:57 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\syssetup.dll
[2011.02.26 07:29:57 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nrpsrv.dll
[2011.02.26 07:29:56 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FXSTIFF.dll
[2011.02.26 07:29:56 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpps.dll
[2011.02.26 07:29:56 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2011.02.26 07:29:56 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WerFaultSecure.exe
[2011.02.26 07:29:55 | 000,278,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2011.02.26 07:29:55 | 000,094,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eappgnui.dll
[2011.02.26 07:29:55 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tlscsp.dll
[2011.02.26 07:29:55 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\findstr.exe
[2011.02.26 07:29:55 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ReAgentc.exe
[2011.02.26 07:29:54 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2011.02.26 07:29:54 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciqtz32.dll
[2011.02.26 07:29:54 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wiarpc.dll
[2011.02.26 07:29:54 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2011.02.26 07:29:53 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cabinet.dll
[2011.02.26 07:29:53 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSDvbNP.ax
[2011.02.26 07:29:53 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\muifontsetup.dll
[2011.02.26 07:29:52 | 000,121,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sppc.dll
[2011.02.26 07:29:52 | 000,082,944 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[2011.02.26 07:29:52 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prevhost.exe
[2011.02.26 07:29:52 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\tdi.sys
[2011.02.26 07:29:52 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spopk.dll
[2011.02.26 07:29:51 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\manage-bde.exe
[2011.02.26 07:29:51 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\repair-bde.exe
[2011.02.26 07:29:51 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\luainstall.dll
[2011.02.26 07:29:51 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unlodctr.exe
[2011.02.26 07:29:51 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbisurf.ax
[2011.02.26 07:29:51 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdiasqmmodule.dll
[2011.02.26 07:29:51 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdmo.dll
[2011.02.26 07:29:51 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbrpm.sys
[2011.02.26 07:29:51 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcfg.exe
[2011.02.26 07:29:51 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\HotStartUserAgent.dll
[2011.02.26 07:29:50 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetmib1.dll
[2011.02.26 07:29:50 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\g711codc.ax
[2011.02.26 07:29:50 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdprefdrvapi.dll
[2011.02.26 07:29:49 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbonRes.dll
[2011.02.26 07:29:49 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browcli.dll
[2011.02.26 07:29:49 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbcconf.dll
[2011.02.26 07:29:49 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFCoinstaller.dll
[2011.02.26 07:29:49 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\profprov.dll
[2011.02.26 07:29:49 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2011.02.26 07:29:48 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\perfts.dll
[2011.02.26 07:29:48 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icaapi.dll
[2011.02.26 07:29:47 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FXSMON.dll
[2011.02.26 07:29:46 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RDPENCDD.dll
[2011.02.26 07:29:46 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\elsTrans.dll
[2011.02.26 07:29:46 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TRAPI.dll
[2011.02.26 07:29:46 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bitsperf.dll
[2011.02.26 07:29:46 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\schedcli.dll
[2011.02.26 07:29:45 | 000,068,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\napdsnap.dll
[2011.02.26 07:29:45 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dsauth.dll
[2011.02.26 07:29:44 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imkr80.ime
[2011.02.26 07:29:44 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsdchngr.dll
[2011.02.26 07:29:44 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sscore.dll
[2011.02.26 07:29:43 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2011.02.26 07:29:43 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shgina.dll
[2011.02.26 07:29:43 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\riched32.dll
[2011.02.26 07:29:42 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcfgex.dll
[2011.02.26 07:29:40 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshirda.dll
[2011.02.26 07:29:39 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBCAMD2.sys
[2011.02.26 07:29:39 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBCAMD.sys
[2011.02.26 07:29:38 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll
[2011.02.26 07:29:36 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RDPREFDD.dll
[2011.02.26 07:29:36 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\C_ISCII.DLL
[2011.02.26 07:29:36 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shunimpl.dll
[2011.02.26 07:29:36 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx
[2011.02.26 07:29:36 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll
[2011.02.26 07:29:34 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2011.02.26 07:29:33 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDUS.DLL
[2011.02.26 07:29:33 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDUGHR1.DLL
[2011.02.26 07:29:33 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDTURME.DLL
[2011.02.26 07:29:33 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDTAJIK.DLL
[2011.02.26 07:29:33 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDMON.DLL
[2011.02.26 07:29:33 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDMAORI.DLL
[2011.02.26 07:29:33 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDLT1.DLL
[2011.02.26 07:29:33 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDINTEL.DLL
[2011.02.26 07:29:33 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDINORI.DLL
[2011.02.26 07:29:33 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDINKAN.DLL
[2011.02.26 07:29:32 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nlsbres.dll
[2011.02.26 07:29:32 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\BlbEvents.dll
[2011.02.26 07:29:32 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pifmgr.dll
[2011.02.26 07:29:32 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDSG.DLL
[2011.02.26 07:29:32 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kbdlk41a.dll
[2011.02.26 07:29:32 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDCZ1.DLL
[2011.02.26 07:29:32 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDTUQ.DLL
[2011.02.26 07:29:32 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDTUF.DLL
[2011.02.26 07:29:32 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDSF.DLL
[2011.02.26 07:29:32 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDPO.DLL
[2011.02.26 07:29:32 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDNEPR.DLL
[2011.02.26 07:29:32 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDINBEN.DLL
[2011.02.26 07:29:32 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDGR1.DLL
[2011.02.26 07:29:32 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDGKL.DLL
[2011.02.26 07:29:32 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDINTAM.DLL
[2011.02.26 07:29:32 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDINMAR.DLL
[2011.02.26 07:29:32 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDINHIN.DLL
[2011.02.26 07:29:32 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDBULG.DLL
[2011.02.26 07:29:32 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDBLR.DLL
[2011.02.26 07:29:32 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDBASH.DLL
[2011.02.26 07:29:32 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDGEO.DLL
[2011.02.26 07:29:32 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpnaddr.dll
[2011.02.26 07:29:32 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2011.02.26 07:29:31 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwizres.dll
[2011.02.26 07:28:40 | 000,363,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wbemcomn.dll
[2011.02.26 07:28:40 | 000,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll
[2011.02.26 07:28:18 | 000,697,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SmiEngine.dll
[2011.02.26 07:28:02 | 000,209,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PkgMgr.exe
[2011.02.26 07:28:02 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdscore.dll
[2011.02.26 07:26:59 | 000,323,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drvstore.dll
[2011.02.26 07:26:58 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpx.dll
[2011.02.18 20:42:31 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2011.02.18 20:42:31 | 000,161,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2011.02.18 20:42:31 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2011.02.18 20:42:31 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2011.02.18 20:42:31 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.02.18 20:42:30 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2011.02.18 20:42:30 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011.02.18 20:42:30 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011.02.18 20:42:30 | 000,356,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011.02.18 20:42:30 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2011.02.18 20:42:30 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011.02.18 20:42:30 | 000,223,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2011.02.18 20:42:30 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011.02.18 20:42:30 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2011.02.18 20:42:30 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011.02.18 20:42:30 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2011.02.18 20:42:30 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011.02.18 20:42:30 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011.02.18 20:42:30 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2011.02.18 20:42:30 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011.02.18 20:42:29 | 002,382,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.02.18 20:42:29 | 001,791,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011.02.18 20:42:29 | 001,426,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011.02.18 20:42:29 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011.02.18 20:42:29 | 000,580,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011.02.18 20:42:29 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011.02.18 20:42:29 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2011.02.18 20:42:29 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2011.02.18 20:42:29 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2011.02.18 20:42:29 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2011.02.18 20:42:29 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011.02.18 20:42:29 | 000,117,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011.02.18 20:42:29 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2011.02.18 20:42:29 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2011.02.18 20:42:29 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2011.02.18 20:42:29 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2011.02.18 20:42:29 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011.02.18 20:42:28 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011.02.18 20:42:28 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2007.08.13 17:46:00 | 000,102,912 | ---- | C] (Albert L Faber) -- C:\Users\Maximilian E. Muelle\AppData\Local\CDRip.dll
[2007.01.25 02:08:39 | 000,005,632 | ---- | C] ( ) -- C:\Windows\System32\drivers\kbfiltr.sys
[2007.01.18 21:09:54 | 000,623,616 | ---- | C] (Ivan Bischof ©2003 - 2005) -- C:\Users\Maximilian E. Muelle\AppData\Local\No23 Recorder.exe
[2006.12.11 19:13:14 | 000,013,872 | ---- | C] (Un4seen Developments) -- C:\Users\Maximilian E. Muelle\AppData\Local\basscd.dll
[2006.12.11 19:13:12 | 000,097,336 | ---- | C] (Un4seen Developments) -- C:\Users\Maximilian E. Muelle\AppData\Local\bass.dll
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011.03.20 15:25:30 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Maximilian E. Muelle\Desktop\OTL.exe
[2011.03.20 15:22:54 | 000,080,384 | ---- | M] () -- C:\Users\Maximilian E. Muelle\Desktop\MBRCheck.exe
[2011.03.20 15:14:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.03.20 09:32:32 | 000,009,728 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.03.20 09:32:32 | 000,009,728 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.03.20 09:31:25 | 000,659,338 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.03.20 09:31:25 | 000,620,962 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.03.20 09:31:25 | 000,133,002 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.03.20 09:31:25 | 000,109,438 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.03.20 09:25:39 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe
[2011.03.20 09:24:58 | 2415,218,688 | -HS- | M] () -- C:\hiberfil.sys
[2011.03.19 18:32:56 | 002,117,632 | ---- | M] () -- C:\Users\Maximilian E. Muelle\AppData\Local\filesync.metadata
[2011.03.19 02:25:03 | 000,000,972 | ---- | M] () -- C:\Users\Maximilian E. Muelle\Desktop\SpeedFan.lnk
[2011.03.19 02:25:00 | 000,000,045 | ---- | M] () -- C:\Windows\System32\initdebug.nfo
[2011.03.19 02:23:01 | 000,007,598 | ---- | M] () -- C:\Users\Maximilian E. Muelle\AppData\Local\Resmon.ResmonCfg
[2011.03.19 01:34:57 | 413,271,000 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011.03.19 01:08:12 | 000,017,408 | ---- | M] () -- C:\Users\Maximilian E. Muelle\AppData\Local\WebpageIcons.db
[2011.03.19 00:16:35 | 000,000,016 | -H-- | M] () -- C:\Users\Maximilian E. Muelle\Desktop\SyncToy_bf055eec-b617-41e0-b737-0246c3115fc1.dat
[2011.03.18 21:46:06 | 000,000,808 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011.03.18 21:29:57 | 000,000,986 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.03.18 08:29:10 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Maximilian E. Muelle\Desktop\HiJackThis204.exe
[2011.03.17 21:21:46 | 000,000,000 | ---- | M] () -- C:\Windows\nsreg.dat
[2011.03.12 22:04:28 | 000,083,709 | ---- | M] () -- C:\Users\Maximilian E. Muelle\Desktop\4_quartal_2010_pdf.File.pdf
[2011.03.04 21:49:34 | 000,460,824 | ---- | M] () -- C:\snp2uvc-001.raw
[2011.03.04 16:11:12 | 000,137,656 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011.03.04 14:36:34 | 000,061,960 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2011.02.26 16:47:47 | 002,414,208 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.02.26 07:44:39 | 000,152,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msclmd.dll
[2011.02.18 20:42:31 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2011.02.18 20:42:31 | 000,161,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2011.02.18 20:42:31 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2011.02.18 20:42:31 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2011.02.18 20:42:31 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.02.18 20:42:30 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2011.02.18 20:42:30 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011.02.18 20:42:30 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011.02.18 20:42:30 | 000,356,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011.02.18 20:42:30 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2011.02.18 20:42:30 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011.02.18 20:42:30 | 000,223,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2011.02.18 20:42:30 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011.02.18 20:42:30 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2011.02.18 20:42:30 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011.02.18 20:42:30 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2011.02.18 20:42:30 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011.02.18 20:42:30 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011.02.18 20:42:30 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2011.02.18 20:42:30 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2011.02.18 20:42:30 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011.02.18 20:42:29 | 002,382,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.02.18 20:42:29 | 001,791,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011.02.18 20:42:29 | 001,426,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011.02.18 20:42:29 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011.02.18 20:42:29 | 000,580,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011.02.18 20:42:29 | 000,420,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011.02.18 20:42:29 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2011.02.18 20:42:29 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2011.02.18 20:42:29 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2011.02.18 20:42:29 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2011.02.18 20:42:29 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011.02.18 20:42:29 | 000,117,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011.02.18 20:42:29 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2011.02.18 20:42:29 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2011.02.18 20:42:29 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2011.02.18 20:42:29 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2011.02.18 20:42:29 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011.02.18 20:42:28 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011.02.18 20:42:28 | 000,010,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011.03.20 15:23:05 | 000,080,384 | ---- | C] () -- C:\Users\Maximilian E. Muelle\Desktop\MBRCheck.exe
[2011.03.19 02:25:03 | 000,000,972 | ---- | C] () -- C:\Users\Maximilian E. Muelle\Desktop\SpeedFan.lnk
[2011.03.19 01:34:57 | 413,271,000 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011.03.19 00:16:35 | 000,000,016 | -H-- | C] () -- C:\Users\Maximilian E. Muelle\Desktop\SyncToy_bf055eec-b617-41e0-b737-0246c3115fc1.dat
[2011.03.18 21:54:31 | 000,292,864 | ---- | C] () -- C:\Users\Maximilian E. Muelle\Desktop\gmer.exe
[2011.03.18 21:29:57 | 000,000,986 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.03.17 21:21:46 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011.03.12 22:04:28 | 000,083,709 | ---- | C] () -- C:\Users\Maximilian E. Muelle\Desktop\4_quartal_2010_pdf.File.pdf
[2011.02.26 07:32:24 | 000,146,852 | ---- | C] () -- C:\Windows\System32\systemsf.ebd
[2011.02.26 07:29:47 | 000,010,429 | ---- | C] () -- C:\Windows\System32\ScavengeSpace.xml
[2011.02.26 07:29:30 | 000,105,559 | ---- | C] () -- C:\Windows\System32\RacRules.xml
[2011.02.18 20:42:30 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011.01.01 22:32:31 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2010.11.25 23:57:10 | 000,001,428 | ---- | C] () -- C:\Users\Maximilian E. Muelle\AppData\Local\RecConfig.xml
[2010.10.08 22:05:40 | 000,022,016 | ---- | C] () -- C:\Windows\System32\drivers\MosIrUsb.sys
[2010.04.14 23:41:30 | 000,003,584 | ---- | C] () -- C:\Users\Maximilian E. Muelle\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.04.02 20:13:00 | 000,017,408 | ---- | C] () -- C:\Users\Maximilian E. Muelle\AppData\Local\WebpageIcons.db
[2009.12.24 14:48:23 | 000,397,312 | ---- | C] () -- C:\Windows\iwexec.exe
[2009.11.26 22:29:21 | 000,007,598 | ---- | C] () -- C:\Users\Maximilian E. Muelle\AppData\Local\Resmon.ResmonCfg
[2009.11.08 08:30:04 | 002,117,632 | ---- | C] () -- C:\Users\Maximilian E. Muelle\AppData\Local\filesync.metadata
[2009.11.07 17:25:05 | 000,022,140 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
[2009.11.07 16:57:38 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009.11.07 15:39:09 | 000,000,000 | ---- | C] () -- C:\Windows\QuickInstall.INI
[2009.08.03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009.08.03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009.07.25 10:25:01 | 000,119,474 | ---- | C] () -- C:\Windows\hpqins00.dat.temp
[2009.07.18 10:56:23 | 000,139,294 | ---- | C] () -- C:\Windows\hppins01.dat.temp
[2009.07.18 10:56:23 | 000,002,235 | ---- | C] () -- C:\Windows\hppmdl01.dat.temp
[2009.07.14 09:47:43 | 000,659,338 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.07.14 09:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.07.14 09:47:43 | 000,133,002 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.07.14 09:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.07.14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 05:33:53 | 002,414,208 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 03:05:48 | 000,620,962 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 03:05:48 | 000,109,438 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.07.11 10:08:13 | 000,020,992 | ---- | C] () -- C:\Windows\jestertb.dll
[2009.07.02 14:52:03 | 000,000,224 | ---- | C] () -- C:\Windows\hpbafd.ini
[2009.06.26 10:57:17 | 000,000,000 | ---- | C] () -- C:\Windows\tosOBEX.INI
[2009.06.26 09:18:04 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2009.06.19 17:50:56 | 000,000,048 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2009.06.18 19:29:04 | 000,197,654 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2009.06.18 14:54:47 | 000,000,067 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009.05.30 10:37:49 | 000,168,448 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009.05.30 10:37:49 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2009.05.30 10:37:46 | 000,084,480 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009.05.29 21:56:48 | 000,000,012 | ---- | C] () -- C:\Windows\dirsaver.ini
[2009.05.28 16:33:52 | 000,166,411 | ---- | C] () -- C:\Windows\hpqins00.dat
[2009.05.27 15:18:30 | 000,000,158 | ---- | C] () -- C:\Windows\System32\AddPort.ini
[2009.05.27 14:55:16 | 000,000,355 | ---- | C] () -- C:\Windows\hpntwksetup.ini
[2009.05.27 09:23:38 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini
[2009.05.27 09:07:36 | 000,081,984 | ---- | C] () -- C:\Windows\System32\bdod.bin
[2009.05.26 18:20:06 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2009.05.26 17:01:18 | 000,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009.05.26 17:01:18 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009.05.26 13:01:34 | 000,045,056 | ---- | C] () -- C:\Windows\System32\acovcnt.exe
[2009.02.18 17:55:22 | 000,294,912 | ---- | C] () -- C:\Windows\System32\ATIODE.exe
[2009.02.03 20:52:04 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe
[2008.10.25 06:35:21 | 000,047,672 | ---- | C] () -- C:\Windows\AsScrProlog.exe
[2008.08.29 12:58:26 | 000,197,408 | ---- | C] () -- C:\Windows\System32\vpnapi.dll
[2008.04.16 11:43:39 | 000,000,010 | ---- | C] () -- C:\Windows\System32\ABLKSR.ini
[2007.10.01 22:59:45 | 001,769,984 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2007.08.13 17:46:00 | 000,155,136 | ---- | C] () -- C:\Users\Maximilian E. Muelle\AppData\Local\lame_enc.dll
[2007.05.09 23:16:39 | 000,028,160 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys
[2006.10.26 01:06:48 | 000,064,000 | ---- | C] () -- C:\Users\Maximilian E. Muelle\AppData\Local\vorbisenc.dll
[2006.10.26 01:06:48 | 000,019,456 | ---- | C] () -- C:\Users\Maximilian E. Muelle\AppData\Local\vorbisfile.dll
[2006.10.26 01:06:46 | 000,143,872 | ---- | C] () -- C:\Users\Maximilian E. Muelle\AppData\Local\vorbis.dll
[2006.10.26 01:06:36 | 000,015,872 | ---- | C] () -- C:\Users\Maximilian E. Muelle\AppData\Local\ogg.dll
[2006.07.25 11:28:38 | 000,000,485 | ---- | C] () -- C:\Windows\System32\hpp2800V.dat
[2006.05.25 00:22:06 | 000,053,248 | ---- | C] () -- C:\Windows\bdoscandel.exe
[2006.03.09 17:57:59 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005.08.23 22:34:06 | 000,029,184 | ---- | C] () -- C:\Users\Maximilian E. Muelle\AppData\Local\no23xwrapper.dll
[2005.03.02 12:12:14 | 000,000,483 | ---- | C] () -- C:\Windows\bdoscandellang.ini
[2005.02.03 10:31:00 | 000,032,768 | ---- | C] () -- C:\Windows\System32\compJNI.dll
[2004.08.20 06:02:52 | 000,102,400 | ---- | C] () -- C:\Windows\System32\PMLJNI.dll
[2002.03.19 06:18:54 | 000,120,832 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2001.07.07 03:00:00 | 000,003,254 | ---- | C] () -- C:\Windows\System32\HPTCPMON.INI
[1996.04.03 20:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys

< End of report >
maxdermeister
Active Member
 
Posts: 6
Joined: March 18th, 2011, 7:39 pm

Re: Removal of Sinowal rootkit successful?

Unread postby maxdermeister » March 20th, 2011, 11:07 am

Followed by the second OTL-log:

Thank you!

OTL Extras logfile created on: 20.03.2011 15:27:27 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Maximilian E. Muelle\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8080.16413)
Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy

3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 30,00% Memory free
6,00 Gb Paging File | 4,00 Gb Available in Paging File | 70,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149,04 Gb Total Space | 112,87 Gb Free Space | 75,73% Space Free | Partition Type: NTFS
Drive D: | 139,28 Gb Total Space | 89,26 Gb Free Space | 64,09% Space Free | Partition Type: NTFS
Drive F: | 465,75 Gb Total Space | 102,65 Gb Free Space | 22,04% Space Free | Partition Type: NTFS
Drive G: | 372,61 Gb Total Space | 291,43 Gb Free Space | 78,21% Space Free | Partition Type: NTFS

Computer Name: MAXDERMEISTER | User Name: Maximilian E. Muelle | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-4032107180-2028311288-862190038-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00F3D43F-B5A9-4C8D-B5A1-5FD2DE16CC21}" = Polar IrDA USB 1.1 Adapter
"{03CAB33F-D1C2-48C6-8766-DAE84DFC25FE}" = Microsoft Sync Framework Services v1.0 (x86)
"{0733409B-F4AC-CE4B-29A2-6780AE0B31C0}" = Skins
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{0A4429CE-6364-D7BB-B256-4872BE4F3D9E}" = Catalyst Control Center Localization Russian
"{0AA35E34-8F21-5749-6F2D-E951D3CDFDFE}" = Catalyst Control Center Graphics Full Existing
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0DF72BB0-1987-B5C5-A60C-0CA92748C274}" = Catalyst Control Center Localization Chinese Traditional
"{0E16D92F-F281-5EC8-98E7-724FB00ECE98}" = Catalyst Control Center Localization Danish
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP3600_series" = Canon iP3600 series Printer Driver
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2411" = CanoScan LiDE 70
"{135108A2-EE1C-85B3-C344-1E80087E5EA6}" = CCC Help Hungarian
"{139B0FFA-187E-4BA1-BCA6-6B56B2B6AB8C}" = ATK Media
"{13A5E785-5197-4EAD-8EE3-D660271E49BC}" = Feedback Tool
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{19CD2BFF-6104-F902-D257-38CFF32E6B6A}" = ccc-utility
"{1CA4F25C-491E-B759-4639-5EDDACE361DD}" = CCC Help Italian
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20F5A78C-611D-E54D-B4FA-A602CF310FA3}" = Catalyst Control Center Localization French
"{214D83A9-E08A-9E5C-C6FB-0F0D207F6C5B}" = Catalyst Control Center Localization Spanish
"{22B0E143-2B0B-435B-9F56-136A3D16065F}" = No23 Recorder
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 24
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{2862A3C1-0CD9-4D8B-A28C-8C337D4DD5EB}" = Express Gate
"{293BE8D0-7FE1-83BF-3BBA-2809B91A8E07}" = CCC Help Finnish
"{2A697B53-0DE3-42DA-B41D-C3F804B1C538}" = iTunes
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3825FAAB-E1BC-C226-505C-E83E211D7599}" = CCC Help Norwegian
"{387368F4-8190-D6F5-67AE-F0E8B6EAEC1A}" = Catalyst Control Center Localization Finnish
"{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}" = ATK Hotkey
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{41F166E3-9320-7C84-A46B-5512961BBEDC}" = Catalyst Control Center Localization Thai
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4DF2EED9-7369-A220-325E-50B70F5ED455}" = CCC Help Greek
"{4E86CC69-D727-21EF-E131-E85715E92B02}" = CCC Help Russian
"{4F760C04-80A7-24A7-AC60-4EE66AC47A39}" = CCC Help Spanish
"{51FB15F4-AD27-43BC-AD4B-DD0354FB6BBD}" = Cisco Systems VPN Client 5.0.04.0300
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{565CB281-B789-34A0-6145-012AC0A08C85}" = CCC Help German
"{5664434C-B68F-8563-9709-B2EDF78A0920}" = Catalyst Control Center Graphics Previews Common
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{57DA304D-27B0-40D1-A796-92CEFF20FA32}" = hppIOFiles
"{59BBB3C7-B020-F02F-27B4-DA52B6AB8ADF}" = Catalyst Control Center Localization Greek
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02
"{5C1DB4ED-E9B4-402D-BB14-D75D97D6C1A6}" = ATKOSD2
"{5DB5B034-5EE9-9F5B-7A30-E0C51F96529B}" = Catalyst Control Center Localization Polish
"{5E1263C5-7EAC-2F91-EC96-095FF28CB680}" = CCC Help Thai
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{6324A1EF-CEF4-43E3-8BCD-9EF3F67317FD}" = NB Probe
"{65227FF2-D50A-231B-D30F-3358D61DA10F}" = CCC Help Korean
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{686A032A-2855-B333-3551-64943D174A3A}" = Catalyst Control Center Localization Hungarian
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6DED41BC-C9EF-4330-B4E5-46CB2C5C6E2D}" = No23 Recorder
"{6E32B134-CA8D-49DD-B94C-0DB155CE70B5}" = ccc-Branding
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{7782916E-3D46-4F1F-AC4B-3FB9D17049F4}" = Microsoft Antimalware Service DE-DE Language Pack
"{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client
"{7BB522AD-28EE-674D-A046-2F108849359B}" = Catalyst Control Center Localization Dutch
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{83F73CB1-7705-49D1-9852-84D839CA2A45}" = Wireless Console 2
"{84ED5482-CFB0-4DD9-BF18-489FFDACD18A}" = Microsoft Antimalware Service DE-DE Language Pack
"{852B4B87-C487-6A08-FCB8-31F6A870E59E}" = Catalyst Control Center Core Implementation
"{859B9BCA-5376-4566-9F88-C6C9DAA7A925}" = Microsoft Security Client DE-DE Language Pack
"{882A56F6-8DCA-0A30-9C68-46A926BB24A6}" = ccc-core-static
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{8B445CD1-2388-4E18-1A30-E7D493B464DA}" = CCC Help Portuguese
"{8B6F528B-2F58-F931-47C4-A935C02624DF}" = Catalyst Control Center Localization Norwegian
"{8D8DA4EC-7F07-9E99-21A2-DA635EC48AD3}" = CCC Help Dutch
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90024193-9F13-4877-89D5-A1CDF0CBBF28}" = Feedback Tool
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97040054-AEC3-E198-E6D0-F4BB9352278E}" = CCC Help English
"{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear eXtreme
"{A6DBBE54-CCB6-2347-74CF-D0F7E3C49316}" = Catalyst Control Center Localization Czech
"{A8BD5A60-E843-46DC-8271-ABF20756BE0F}" = Microsoft Sync Framework Runtime v1.0 (x86)
"{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{AC76BA86-1033-F400-7761-000000000004}_912" = Adobe Acrobat 9.1.2 - CPSID_49166
"{AC76BA86-1033-F400-7761-000000000004}{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-A81200000003}" = Adobe Reader 8.1.2 - Deutsch
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{AD6B37CD-781E-2E5E-D17B-F4141DF3A811}" = Catalyst Control Center Localization Italian
"{AFDFC350-C142-4790-BE12-8357AECD028F}" = SyncToy 2.0 (x86)
"{B0EA9DD7-ABD6-832A-6C4D-AFFB353879A7}" = CCC Help Czech
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B66C4937-65C3-78AA-1BFF-47DF439FC379}" = Catalyst Control Center Localization Turkish
"{B8808D7E-8117-03C9-91BD-1AC9355297B7}" = Catalyst Control Center Graphics Full New
"{BC2342D0-66CC-E877-FF74-2CCB4093EB67}" = Catalyst Control Center Localization German
"{BDFD0E5D-51B1-EB29-E2F4-3DAA88A2409A}" = CCC Help Chinese Traditional
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C4437790-923C-5A7D-70CE-36C96C03FC34}" = Catalyst Control Center Localization Korean
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C653515F-58F7-F90B-7AA8-91DFC9B50BF9}" = Catalyst Control Center Localization Portuguese
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CAD00ED2-0B6D-02D8-FF61-AFE2D106F742}" = CCC Help Swedish
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{CF02F0E8-2293-B1D3-CF88-F5A5F70C12A4}" = Catalyst Control Center Localization Japanese
"{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service
"{D6BE54C0-947B-D867-1143-30CD92468F74}" = Catalyst Control Center Graphics Light
"{D8AC1EB5-E8B0-44A0-B113-899407188A2F}" = hppFonts
"{D9FF51F9-58E6-D71E-51DA-C2653669D95A}" = Catalyst Control Center Localization Chinese Standard
"{DD4D99AD-3F4B-CFA7-D22A-0F7AE61706C9}" = CCC Help Chinese Standard
"{DE10AB76-4756-4913-BE25-55D1C1051F9A}" = WinFlash
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{DF7DBA84-0A55-11D6-A0A6-6A7573736972}" = Polar ProTrainer
"{E03DD0E3-682A-B142-3BA9-0647DB801624}" = Catalyst Control Center Localization Swedish
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E40CE517-0D42-4198-96B4-C8232B257EB5}" = Data Lifeguard Diagnostic for Windows
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{E6EFD3F2-68AE-573F-EBD9-E7815813584C}" = Catalyst Control Center Graphics Previews Vista
"{E8BAC393-B023-48A1-F80F-BF3480AC20D3}" = CCC Help French
"{EB823850-BC46-5B5A-4298-FEE391601797}" = CCC Help Polish
"{EC870F56-6157-2547-43E7-963285E07BDB}" = CCC Help Turkish
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F2A2B193-6837-8DEE-39D0-D5AE5F5DDC2B}" = ATI Catalyst Install Manager
"{F3CA9611-CD42-4562-ADAB-A554CF8E17F1}" = Microsoft WSE 2.0 SP3 Runtime
"{F56996B6-B0D0-813B-92BD-2B5E24DA1632}" = CCC Help Danish
"{F850707C-B6A0-4B56-8709-F89CF8F9AC6D}" = Eraser
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"{FEEA55B6-FB60-50C2-35F4-03336FFA8810}" = CCC Help Japanese
"{FEF0CDFF-2C85-A9DF-702E-D83D54BF9BB9}" = HydraVision
"AC3Filter" = AC3Filter (remove only)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Alive MP3 WAV Converter_is1" = Alive MP3 WAV Converter version 1.6.8.3
"Anti-Twin 2010-06-21 10.00.19" = Anti-Twin (Installation 21.06.2010)
"Asus_Camera_ScreenSaver" = Asus_Camera_ScreenSaver
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CamStudio" = CamStudio
"Canon iP3600 series Benutzerregistrierung" = Canon iP3600 series Benutzerregistrierung
"CanonMyPrinter" = Canon Utilities My Printer
"CanoScan Toolbox 5.0" = Canon CanoScan Toolbox 5.0
"CCleaner" = CCleaner
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"ENTERPRISER" = Microsoft Office Enterprise 2007
"Eraser" = Eraser
"gBurner" = gBurner
"Hardcopy(C__Program Files_Hardcopy)" = Hardcopy (C:\Program Files\Hardcopy)
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 4.8.5
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox (3.6.15)" = Mozilla Firefox (3.6.15)
"Opera 11.01.1190" = Opera 11.01
"SpeedFan" = SpeedFan (remove only)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TomTom HOME" = TomTom HOME 2.7.6.2056
"USB 2.0 1.3M UVC WebCam" = USB 2.0 1.3M UVC WebCam
"VLC media player" = VLC media player 1.1.5
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"Xvid_is1" = Xvid 1.2.2 final uninstall
"Zattoo4" = Zattoo4 4.0.5

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-4032107180-2028311288-862190038-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Erkennungs-Plug-in

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >
maxdermeister
Active Member
 
Posts: 6
Joined: March 18th, 2011, 7:39 pm

Re: Removal of Sinowal rootkit successful?

Unread postby Dakeyras » March 20th, 2011, 12:24 pm

Hi. :)

Thank you!
You're welcome!

The MBR(Master Boot Record) with your machines main drive appears to be fine. However MBRCheck has detected a non standard MBR on both Drives F and G...Now actually this is not necessarily a bad thing and no further action will be required on my behalf as long as you never use the aforementioned drives to actually load a Operating System and merely use them as a storage medium only.

It appears to myself they are actually external drives rather than internal ones and this will account for the unknown MBR. I have two external drives myself and one has a unknown MBR and the other a Windows 2008 strangely enough but either way as I mentioned yours are fine. Just bare in mind if you ever decide to use one of them to install a Operating System on it would be prudent to rebuild the MBR on them as you did with the main drive as a precaution. If worried about a infection spreading in my experience this should not occur unless they are actually used to load a Operating System as I mentioned prior.

Anyway lets proceed as follows shall we...

Out of date Adobe Reader installations pose a security risk. They can be used by malware as a means to infect a computer and or re-infect. We will update this course.

Now please go to Start(Windows 7 Orb) >> Control Panel >> Programs and Features and remove the following (if present):

Adobe Reader 8.1.2 - Deutsch
Adobe Reader 8.1.2


To do so click once on each of the above to highlight then click on Uninstall and follow the prompts.

Temp' Disable Windows Defender:

This is so it will not hinder the Malware Removal process.

  • Launch Windows Defender via Start(Windows 7 Orb), Control Panel, Windows Defender and go to Tools >> Options.
  • There will be a list of configuration options.
  • Scroll down to the end of the list to Administrator options.
  • De-select the Use Windows Defender box and press the Save button.
  • Now you will receive a notification saying that Windows Defender is turned off.
  • Click on Save then Close on the Notification that appears.

A graphical tutorial explaining the above can be viewed ]here.

You may re-enable this when I give the all clear, though personally I would leave it disabled as it is not a particularly effective application and unfortunately it cannot be uninstalled because it is a integral part of the Windows 7 Operating System.

Backup the Registry:

Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

  • Please go here and download ERUNT.
  • ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
  • Right-click on erunt-setup.exe and select Run as Administrator to Install ERUNT by following the prompts.
  • Use the default install settings but say No to the portion that asks you to add ERUNT to the Start-Up folder.
  • Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  • Choose a location for the backup. Note: the default location is C:\WINDOWS\ERDNT which is acceptable.
  • Make sure that at least the first two check boxes are selected.
  • Click on OK
  • Then click on YES to create the folder.

Note: If it is necessary to restore the registry, open the backup folder and start ERDNT.exe

Custom OTL Script:

  • Right-click OTL.exe and select Run as Administrator to start the program.
  • Copy the lines from the codebox to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
Code: Select all
:OTL
IE - HKU\S-1-5-21-4032107180-2028311288-862190038-1000\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-4032107180-2028311288-862190038-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

:Files
ipconfig /flushdns /c

:Commands
[Purity]
[ResetHosts]
[EmptyFlash]
[EmptyTemp]
[CreateRestorePoint]
[Reboot]
  • Return to OTL, right-click in the Custom Scans/Fixes window (under the cyan bar) and choose Paste.
  • Then click the red Run Fix button.
  • Let the program run unhindered.
  • If OTL asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.

Note: The logfile can also be located C: >> _OTL >> MovedFiles >> DD/DD/DD TT/TT.txt <-- denotes date/time log created.

Malwarebytes Anti-Malware:

Note: Remember to right click MBAM and select Run As Administrator.

  • Launch the application, Check for Updates >> Perform full scan. <-- Select Drives C, D, F & G.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Check(select) all items except those in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

When completed the above, please post back the following in the order asked for:

  • How is your computer performing now, any further symptoms and or problems encountered?
  • OTL Log from the Custom Script.
  • Malwarebytes Anti-Malware Log.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8804
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: Removal of Sinowal rootkit successful?

Unread postby Cypher » March 24th, 2011, 11:25 am

Due to a lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 305 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware