Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Exploit:JS/Blacole.kh

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 11.12.2012, 21:58   #1
desperated
 
Exploit:JS/Blacole.kh - Böse

Exploit:JS/Blacole.kh



Exploit: Js/Blacole.kh

Hallo,

ich hoffe ich finde hier jemanden der mir helfen kann.
Ich habe seit längerer Zeit Probleme mit meinem Rechner. Mein Firefox möchte ständig im Abgesicherten Modus starten. Meist funktioniert es erst und plötzlich geht es dann los: Jedes Mal, wenn ich eine Seite lade, öffnet sich ein neues Fenster und wenn ich das Programm dann schließe und neu starten möchte kommt die Nachricht, dass Firefox im Abgesichtertem Modus starten möchte. Wenn ich Skype,Teamspeak oder Steam starte kann ich nach einiger Zeit plötzlich keine Nachrichten mehr abschicken.
Avira Antivirus funktionierte ganz oft nicht mehr ordnungsgemäß und konnte mein Problem nicht erkennen. Nun habe ich Microsoft Security Essentials auf den Rechner gepackt und gestern hat es mein mögliches Problem gefunden: Exploit: Js /Blacole.kh. Es sagte mir es seie ein Trojaner und ich habe diesen dummer Weise aus der Quarantäne entfernt. Jetzt bin ich mir nicht sicher, ob mein Problem geklärt ist. Ich muss umbedingt wissen, ob der Trojaner von meinem Rechner völlig entfernt werden konnte. Die Sicherung, in der der Trojaner sein sollte habe ich entfernt.

Ich hoffe jemand kann mir helfen.

Gruß desperated
Angehängte Dateien
Dateityp: txt Otl1.txt (74,1 KB, 148x aufgerufen)
Dateityp: txt Extrastxt.txt (83,4 KB, 182x aufgerufen)

Geändert von desperated (11.12.2012 um 22:14 Uhr)

Alt 13.12.2012, 16:16   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Exploit:JS/Blacole.kh - Standard

Exploit:JS/Blacole.kh



Hallo und

Hast du noch weitere Logs von Malwarebytes oder anderen Virenscannern? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
__________________

__________________

Alt 13.12.2012, 17:58   #3
desperated
 
Exploit:JS/Blacole.kh - Standard

Exploit:JS/Blacole.kh



Hallo ,

nein leider is das der einzige Scan, bei dem etwas gefunden worden ist. Alle vorherigen und nachfolgenden Scas waren negativ. Nachdem ich die Quarantäne geleert habe und die Option Löschen gewählt habe, hat mein Virenprogramm nichts mehr gefunden. Jetzt weiß ich nicht, ob der Trojaner ganz weg ist.

Ich hoffe du kannst mir trotzdem helfen und bedanke mich für deine nette Antwort.
__________________

Alt 13.12.2012, 19:22   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Exploit:JS/Blacole.kh - Standard

Exploit:JS/Blacole.kh



Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.


1. aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehlalarm!
  • Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.


2. TDSS-Killer

Download TDSS-Killer auf Desktop siehe => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 13.12.2012, 22:09   #5
desperated
 
Exploit:JS/Blacole.kh - Standard

Exploit:JS/Blacole.kh



Hallo,

danke für deine Hilfe .
Hier sind die gewünschten Logs:

Code:
ATTFilter
 aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-12-13 21:33:15
-----------------------------
21:33:15.530    OS Version: Windows x64 6.1.7601 Service Pack 1
21:33:15.530    Number of processors: 4 586 0x100
21:33:15.531    ComputerName: ***-PC  UserName: ***
21:33:16.285    Initialize success
21:34:45.799    AVAST engine defs: 12121301
21:34:50.237    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
21:34:50.243    Disk 0 Vendor: WDC_WD5000AZRX-00A8LB0 01.01A01 Size: 476940MB BusType: 3
21:34:50.264    Disk 0 MBR read successfully
21:34:50.267    Disk 0 MBR scan
21:34:50.274    Disk 0 Windows 7 default MBR code
21:34:50.278    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
21:34:50.286    Disk 0 Partition - 00     0F Extended LBA             64899 MB offset 206848
21:34:50.291    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       208068 MB offset 133120000
21:34:50.322    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       203870 MB offset 559243264
21:34:50.352    Disk 0 Partition 4 00     07    HPFS/NTFS NTFS        64898 MB offset 208896
21:34:50.393    Disk 0 scanning C:\Windows\system32\drivers
21:34:57.625    Service scanning
21:35:12.684    Modules scanning
21:35:12.693    Disk 0 trace - called modules:
21:35:12.718    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys 
21:35:12.724    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007db0060]
21:35:12.729    3 CLASSPNP.SYS[fffff8800196343f] -> nt!IofCallDriver -> [0xfffffa8007b04580]
21:35:12.734    5 ACPI.sys[fffff88000f5e7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8007af8060]
21:35:14.278    AVAST engine scan C:\Windows
21:35:16.965    AVAST engine scan C:\Windows\system32
21:37:40.539    AVAST engine scan C:\Windows\system32\drivers
21:37:48.963    AVAST engine scan C:\Users\Jasmin
21:48:28.512    AVAST engine scan C:\ProgramData
21:49:30.442    Scan finished successfully
21:52:03.808    Disk 0 MBR has been saved successfully to "C:\Users\Jasmin\Desktop\MBR.dat"
21:52:03.813    The log file has been saved successfully to "C:\Users\Jasmin\Desktop\aswMBR.txt"
         
Code:
ATTFilter
 21:55:15.0601 4676  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
21:55:15.0795 4676  ============================================================
21:55:15.0795 4676  Current date / time: 2012/12/13 21:55:15.0795
21:55:15.0795 4676  SystemInfo:
21:55:15.0796 4676  
21:55:15.0796 4676  OS Version: 6.1.7601 ServicePack: 1.0
21:55:15.0796 4676  Product type: Workstation
21:55:15.0796 4676  ComputerName: ***-PC
21:55:15.0796 4676  UserName: ***
21:55:15.0797 4676  Windows directory: C:\Windows
21:55:15.0797 4676  System windows directory: C:\Windows
21:55:15.0797 4676  Running under WOW64
21:55:15.0797 4676  Processor architecture: Intel x64
21:55:15.0797 4676  Number of processors: 4
21:55:15.0797 4676  Page size: 0x1000
21:55:15.0797 4676  Boot type: Normal boot
21:55:15.0797 4676  ============================================================
21:55:16.0661 4676  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:55:16.0700 4676  ============================================================
21:55:16.0700 4676  \Device\Harddisk0\DR0:
21:55:16.0700 4676  MBR partitions:
21:55:16.0700 4676  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
21:55:16.0708 4676  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x33000, BlocksNum 0x7EC1000
21:55:16.0708 4676  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x7EF4000, BlocksNum 0x19662000
21:55:16.0708 4676  \Device\Harddisk0\DR0\Partition4: MBR, Type 0x7, StartLBA 0x21556000, BlocksNum 0x18E2F000
21:55:16.0708 4676  ============================================================
21:55:16.0732 4676  C: <-> \Device\Harddisk0\DR0\Partition3
21:55:16.0759 4676  D: <-> \Device\Harddisk0\DR0\Partition4
21:55:16.0780 4676  K: <-> \Device\Harddisk0\DR0\Partition2
21:55:16.0780 4676  ============================================================
21:55:16.0780 4676  Initialize success
21:55:16.0780 4676  ============================================================
21:55:29.0615 3316  ============================================================
21:55:29.0615 3316  Scan started
21:55:29.0615 3316  Mode: Manual; SigCheck; TDLFS; 
21:55:29.0615 3316  ============================================================
21:55:30.0288 3316  ================ Scan system memory ========================
21:55:30.0288 3316  System memory - ok
21:55:30.0289 3316  ================ Scan services =============================
21:55:30.0406 3316  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
21:55:30.0459 3316  1394ohci - ok
21:55:30.0480 3316  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
21:55:30.0495 3316  ACPI - ok
21:55:30.0502 3316  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
21:55:30.0538 3316  AcpiPmi - ok
21:55:30.0648 3316  [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
21:55:30.0663 3316  AdobeFlashPlayerUpdateSvc - ok
21:55:30.0684 3316  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
21:55:30.0707 3316  adp94xx - ok
21:55:30.0727 3316  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
21:55:30.0741 3316  adpahci - ok
21:55:30.0761 3316  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
21:55:30.0772 3316  adpu320 - ok
21:55:30.0803 3316  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
21:55:30.0906 3316  AeLookupSvc - ok
21:55:30.0955 3316  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
21:55:30.0984 3316  AFD - ok
21:55:30.0995 3316  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
21:55:31.0005 3316  agp440 - ok
21:55:31.0041 3316  [ 8B6625D53C18774F0102F690E285B5E8 ] AiChargerPlus   C:\Windows\system32\DRIVERS\AiChargerPlus.sys
21:55:31.0053 3316  AiChargerPlus - ok
21:55:31.0075 3316  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
21:55:31.0096 3316  ALG - ok
21:55:31.0102 3316  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
21:55:31.0113 3316  aliide - ok
21:55:31.0160 3316  [ 4C1E3649C89C7D542CD18ECC5210099D ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
21:55:31.0203 3316  AMD External Events Utility - ok
21:55:31.0255 3316  AMD FUEL Service - ok
21:55:31.0260 3316  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
21:55:31.0269 3316  amdide - ok
21:55:31.0301 3316  [ 6A2EEB0C4133B20773BB3DD0B7B377B4 ] amdiox64        C:\Windows\system32\DRIVERS\amdiox64.sys
21:55:31.0310 3316  amdiox64 - ok
21:55:31.0323 3316  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
21:55:31.0333 3316  AmdK8 - ok
21:55:31.0542 3316  [ A3C0A15B39F979E8F3EABA901D72ECD7 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
21:55:31.0753 3316  amdkmdag - ok
21:55:31.0799 3316  [ 20F3CD38B107C1BD747C0EA37D450165 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
21:55:31.0817 3316  amdkmdap - ok
21:55:31.0841 3316  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
21:55:31.0851 3316  AmdPPM - ok
21:55:31.0880 3316  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
21:55:31.0889 3316  amdsata - ok
21:55:31.0905 3316  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
21:55:31.0917 3316  amdsbs - ok
21:55:31.0932 3316  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
21:55:31.0941 3316  amdxata - ok
21:55:31.0957 3316  [ 5A528A540B1AEE8B1C77ED65094E8CDF ] AODDriver4.2    C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
21:55:31.0965 3316  AODDriver4.2 - ok
21:55:31.0978 3316  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
21:55:32.0102 3316  AppID - ok
21:55:32.0121 3316  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
21:55:32.0148 3316  AppIDSvc - ok
21:55:32.0158 3316  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
21:55:32.0184 3316  Appinfo - ok
21:55:32.0196 3316  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\drivers\arc.sys
21:55:32.0205 3316  arc - ok
21:55:32.0222 3316  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\drivers\arcsas.sys
21:55:32.0232 3316  arcsas - ok
21:55:32.0278 3316  [ 6E3F4538B33BC19259E99BE1826286A3 ] asComSvc        C:\Program Files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe
21:55:32.0298 3316  asComSvc - ok
21:55:32.0330 3316  [ A63173897EA1A73A75D0E65036DE5B15 ] asHmComSvc      C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe
21:55:32.0350 3316  asHmComSvc - ok
21:55:32.0365 3316  [ FEF9DD9EA587F8886ADE43C1BEFBDAFE ] AsIO            C:\Windows\syswow64\drivers\AsIO.sys
21:55:32.0372 3316  AsIO - ok
21:55:32.0405 3316  [ 0AA7A996792FB0287B33A57A8093AE44 ] asmthub3        C:\Windows\system32\DRIVERS\asmthub3.sys
21:55:32.0429 3316  asmthub3 - ok
21:55:32.0444 3316  [ 125DC3ABF5BFCCFE82AD17D078E0B9EC ] asmtxhci        C:\Windows\system32\DRIVERS\asmtxhci.sys
21:55:32.0470 3316  asmtxhci - ok
21:55:32.0543 3316  [ 5C31DFB196CB3A488A041881634D86D2 ] AsSysCtrlService C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
21:55:32.0604 3316  AsSysCtrlService - ok
21:55:32.0679 3316  [ 1392B92179B07B672720763D9B1028A5 ] AsUpIO          C:\Windows\syswow64\drivers\AsUpIO.sys
21:55:32.0729 3316  AsUpIO - ok
21:55:32.0747 3316  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
21:55:32.0781 3316  AsyncMac - ok
21:55:32.0794 3316  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
21:55:32.0803 3316  atapi - ok
21:55:32.0830 3316  [ B0790FF0E25B7A2674296052F2162C1A ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
21:55:32.0838 3316  AtiHDAudioService - ok
21:55:32.0854 3316  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:55:32.0891 3316  AudioEndpointBuilder - ok
21:55:32.0910 3316  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
21:55:32.0942 3316  AudioSrv - ok
21:55:32.0965 3316  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
21:55:33.0001 3316  AxInstSV - ok
21:55:33.0025 3316  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
21:55:33.0044 3316  b06bdrv - ok
21:55:33.0061 3316  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
21:55:33.0073 3316  b57nd60a - ok
21:55:33.0089 3316  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
21:55:33.0112 3316  BDESVC - ok
21:55:33.0128 3316  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
21:55:33.0155 3316  Beep - ok
21:55:33.0206 3316  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
21:55:33.0242 3316  BFE - ok
21:55:33.0283 3316  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
21:55:33.0322 3316  BITS - ok
21:55:33.0332 3316  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
21:55:33.0341 3316  blbdrive - ok
21:55:33.0362 3316  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
21:55:33.0382 3316  bowser - ok
21:55:33.0395 3316  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
21:55:33.0406 3316  BrFiltLo - ok
21:55:33.0415 3316  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
21:55:33.0426 3316  BrFiltUp - ok
21:55:33.0452 3316  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
21:55:33.0470 3316  Browser - ok
21:55:33.0481 3316  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
21:55:33.0503 3316  Brserid - ok
21:55:33.0509 3316  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
21:55:33.0521 3316  BrSerWdm - ok
21:55:33.0538 3316  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
21:55:33.0549 3316  BrUsbMdm - ok
21:55:33.0558 3316  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
21:55:33.0567 3316  BrUsbSer - ok
21:55:33.0575 3316  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
21:55:33.0587 3316  BTHMODEM - ok
21:55:33.0612 3316  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
21:55:33.0640 3316  bthserv - ok
21:55:33.0659 3316  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
21:55:33.0687 3316  cdfs - ok
21:55:33.0704 3316  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
21:55:33.0715 3316  cdrom - ok
21:55:33.0729 3316  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
21:55:33.0756 3316  CertPropSvc - ok
21:55:33.0772 3316  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\drivers\circlass.sys
21:55:33.0783 3316  circlass - ok
21:55:33.0808 3316  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
21:55:33.0822 3316  CLFS - ok
21:55:33.0882 3316  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:55:33.0901 3316  clr_optimization_v2.0.50727_32 - ok
21:55:33.0969 3316  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:55:33.0993 3316  clr_optimization_v2.0.50727_64 - ok
21:55:34.0045 3316  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:55:34.0058 3316  clr_optimization_v4.0.30319_32 - ok
21:55:34.0095 3316  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:55:34.0109 3316  clr_optimization_v4.0.30319_64 - ok
21:55:34.0129 3316  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
21:55:34.0143 3316  CmBatt - ok
21:55:34.0154 3316  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
21:55:34.0166 3316  cmdide - ok
21:55:34.0201 3316  [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG             C:\Windows\system32\Drivers\cng.sys
21:55:34.0248 3316  CNG - ok
21:55:34.0261 3316  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
21:55:34.0269 3316  Compbatt - ok
21:55:34.0294 3316  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
21:55:34.0309 3316  CompositeBus - ok
21:55:34.0325 3316  COMSysApp - ok
21:55:34.0381 3316  [ C08063F052308B6F5882482615387F30 ] cpuz135         C:\Windows\system32\drivers\cpuz135_x64.sys
21:55:34.0389 3316  cpuz135 - ok
21:55:34.0401 3316  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
21:55:34.0411 3316  crcdisk - ok
21:55:34.0458 3316  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
21:55:34.0479 3316  CryptSvc - ok
21:55:34.0506 3316  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
21:55:34.0543 3316  DcomLaunch - ok
21:55:34.0564 3316  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
21:55:34.0595 3316  defragsvc - ok
21:55:34.0611 3316  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
21:55:34.0638 3316  DfsC - ok
21:55:34.0654 3316  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
21:55:34.0675 3316  Dhcp - ok
21:55:34.0694 3316  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
21:55:34.0722 3316  discache - ok
21:55:34.0734 3316  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\drivers\disk.sys
21:55:34.0743 3316  Disk - ok
21:55:34.0775 3316  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
21:55:34.0795 3316  Dnscache - ok
21:55:34.0814 3316  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
21:55:34.0843 3316  dot3svc - ok
21:55:34.0886 3316  [ B42ED0320C6E41102FDE0005154849BB ] Dot4            C:\Windows\system32\DRIVERS\Dot4.sys
21:55:34.0898 3316  Dot4 - ok
21:55:34.0934 3316  [ E9F5969233C5D89F3C35E3A66A52A361 ] Dot4Print       C:\Windows\system32\DRIVERS\Dot4Prt.sys
21:55:34.0944 3316  Dot4Print - ok
21:55:34.0969 3316  [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb         C:\Windows\system32\DRIVERS\dot4usb.sys
21:55:34.0981 3316  dot4usb - ok
21:55:34.0995 3316  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
21:55:35.0025 3316  DPS - ok
21:55:35.0047 3316  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
21:55:35.0059 3316  drmkaud - ok
21:55:35.0084 3316  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
21:55:35.0109 3316  DXGKrnl - ok
21:55:35.0136 3316  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
21:55:35.0165 3316  EapHost - ok
21:55:35.0229 3316  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\drivers\evbda.sys
21:55:35.0297 3316  ebdrv - ok
21:55:35.0321 3316  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
21:55:35.0339 3316  EFS - ok
21:55:35.0395 3316  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
21:55:35.0435 3316  ehRecvr - ok
21:55:35.0452 3316  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
21:55:35.0464 3316  ehSched - ok
21:55:35.0487 3316  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
21:55:35.0506 3316  elxstor - ok
21:55:35.0522 3316  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
21:55:35.0531 3316  ErrDev - ok
21:55:35.0554 3316  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
21:55:35.0589 3316  EventSystem - ok
21:55:35.0609 3316  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
21:55:35.0638 3316  exfat - ok
21:55:35.0655 3316  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
21:55:35.0684 3316  fastfat - ok
21:55:35.0710 3316  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
21:55:35.0735 3316  Fax - ok
21:55:35.0754 3316  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\drivers\fdc.sys
21:55:35.0763 3316  fdc - ok
21:55:35.0772 3316  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
21:55:35.0800 3316  fdPHost - ok
21:55:35.0814 3316  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
21:55:35.0842 3316  FDResPub - ok
21:55:35.0857 3316  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
21:55:35.0866 3316  FileInfo - ok
21:55:35.0881 3316  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
21:55:35.0909 3316  Filetrace - ok
21:55:35.0927 3316  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
21:55:35.0936 3316  flpydisk - ok
21:55:35.0957 3316  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
21:55:35.0970 3316  FltMgr - ok
21:55:36.0012 3316  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache       C:\Windows\system32\FntCache.dll
21:55:36.0041 3316  FontCache - ok
21:55:36.0079 3316  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:55:36.0087 3316  FontCache3.0.0.0 - ok
21:55:36.0099 3316  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
21:55:36.0108 3316  FsDepends - ok
21:55:36.0113 3316  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
21:55:36.0121 3316  Fs_Rec - ok
21:55:36.0131 3316  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
21:55:36.0145 3316  fvevol - ok
21:55:36.0161 3316  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
21:55:36.0170 3316  gagp30kx - ok
21:55:36.0202 3316  [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:55:36.0208 3316  GEARAspiWDM - ok
21:55:36.0231 3316  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
21:55:36.0269 3316  gpsvc - ok
21:55:36.0283 3316  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
21:55:36.0301 3316  hcw85cir - ok
21:55:36.0330 3316  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
21:55:36.0346 3316  HdAudAddService - ok
21:55:36.0371 3316  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
21:55:36.0385 3316  HDAudBus - ok
21:55:36.0397 3316  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
21:55:36.0408 3316  HidBatt - ok
21:55:36.0416 3316  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
21:55:36.0428 3316  HidBth - ok
21:55:36.0443 3316  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\drivers\hidir.sys
21:55:36.0455 3316  HidIr - ok
21:55:36.0467 3316  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
21:55:36.0497 3316  hidserv - ok
21:55:36.0523 3316  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
21:55:36.0532 3316  HidUsb - ok
21:55:36.0548 3316  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
21:55:36.0575 3316  hkmsvc - ok
21:55:36.0594 3316  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
21:55:36.0618 3316  HomeGroupListener - ok
21:55:36.0644 3316  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
21:55:36.0655 3316  HomeGroupProvider - ok
21:55:36.0778 3316  [ 1DAE5C46D42B02A6D5862E1482EFB390 ] hpqcxs08        C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
21:55:36.0788 3316  hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
21:55:36.0788 3316  hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
21:55:36.0825 3316  [ 99E8EEF42FE2F4AF29B08C3355DD7685 ] hpqddsvc        C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
21:55:36.0832 3316  hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
21:55:36.0832 3316  hpqddsvc - detected UnsignedFile.Multi.Generic (1)
21:55:36.0844 3316  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
21:55:36.0857 3316  HpSAMD - ok
21:55:36.0887 3316  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
21:55:36.0924 3316  HTTP - ok
21:55:36.0936 3316  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
21:55:36.0944 3316  hwpolicy - ok
21:55:36.0963 3316  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
21:55:36.0973 3316  i8042prt - ok
21:55:37.0003 3316  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
21:55:37.0018 3316  iaStorV - ok
21:55:37.0073 3316  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:55:37.0119 3316  idsvc - ok
21:55:37.0135 3316  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
21:55:37.0147 3316  iirsp - ok
21:55:37.0173 3316  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
21:55:37.0217 3316  IKEEXT - ok
21:55:37.0287 3316  [ EB5FA493A4B6EA290200AE39EBA2FBC6 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
21:55:37.0363 3316  IntcAzAudAddService - ok
21:55:37.0379 3316  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
21:55:37.0388 3316  intelide - ok
21:55:37.0408 3316  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\drivers\intelppm.sys
21:55:37.0417 3316  intelppm - ok
21:55:37.0428 3316  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
21:55:37.0457 3316  IPBusEnum - ok
21:55:37.0477 3316  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:55:37.0503 3316  IpFilterDriver - ok
21:55:37.0530 3316  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
21:55:37.0562 3316  iphlpsvc - ok
21:55:37.0581 3316  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
21:55:37.0591 3316  IPMIDRV - ok
21:55:37.0603 3316  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
21:55:37.0630 3316  IPNAT - ok
21:55:37.0700 3316  [ A9AB99EE7D39725EAFEC82732D2B3271 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
21:55:37.0749 3316  iPod Service - ok
21:55:37.0758 3316  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
21:55:37.0772 3316  IRENUM - ok
21:55:37.0794 3316  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
21:55:37.0803 3316  isapnp - ok
21:55:37.0827 3316  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
21:55:37.0839 3316  iScsiPrt - ok
21:55:37.0865 3316  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
21:55:37.0874 3316  kbdclass - ok
21:55:37.0890 3316  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
21:55:37.0899 3316  kbdhid - ok
21:55:37.0909 3316  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
21:55:37.0918 3316  KeyIso - ok
21:55:37.0946 3316  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
21:55:37.0957 3316  KSecDD - ok
21:55:37.0991 3316  [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
21:55:38.0003 3316  KSecPkg - ok
21:55:38.0016 3316  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
21:55:38.0046 3316  ksthunk - ok
21:55:38.0070 3316  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
21:55:38.0102 3316  KtmRm - ok
21:55:38.0130 3316  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
21:55:38.0163 3316  LanmanServer - ok
21:55:38.0167 3316  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:55:38.0195 3316  LanmanWorkstation - ok
21:55:38.0213 3316  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
21:55:38.0240 3316  lltdio - ok
21:55:38.0259 3316  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
21:55:38.0290 3316  lltdsvc - ok
21:55:38.0294 3316  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
21:55:38.0322 3316  lmhosts - ok
21:55:38.0337 3316  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
21:55:38.0346 3316  LSI_FC - ok
21:55:38.0357 3316  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
21:55:38.0367 3316  LSI_SAS - ok
21:55:38.0381 3316  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
21:55:38.0390 3316  LSI_SAS2 - ok
21:55:38.0399 3316  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
21:55:38.0409 3316  LSI_SCSI - ok
21:55:38.0425 3316  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
21:55:38.0453 3316  luafv - ok
21:55:38.0467 3316  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
21:55:38.0477 3316  Mcx2Svc - ok
21:55:38.0489 3316  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\drivers\megasas.sys
21:55:38.0498 3316  megasas - ok
21:55:38.0519 3316  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
21:55:38.0532 3316  MegaSR - ok
21:55:38.0546 3316  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
21:55:38.0574 3316  MMCSS - ok
21:55:38.0589 3316  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
21:55:38.0617 3316  Modem - ok
21:55:38.0637 3316  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
21:55:38.0648 3316  monitor - ok
21:55:38.0659 3316  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
21:55:38.0668 3316  mouclass - ok
21:55:38.0677 3316  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
21:55:38.0686 3316  mouhid - ok
21:55:38.0707 3316  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
21:55:38.0717 3316  mountmgr - ok
21:55:38.0762 3316  [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
21:55:38.0771 3316  MozillaMaintenance - ok
21:55:38.0825 3316  [ 05BF204EC0E82CC4A054DB189C8A3D84 ] MpFilter        C:\Windows\system32\DRIVERS\MpFilter.sys
21:55:38.0855 3316  MpFilter - ok
21:55:38.0872 3316  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
21:55:38.0885 3316  mpio - ok
21:55:38.0901 3316  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
21:55:38.0935 3316  mpsdrv - ok
21:55:38.0957 3316  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
21:55:38.0995 3316  MpsSvc - ok
21:55:39.0020 3316  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
21:55:39.0034 3316  MRxDAV - ok
21:55:39.0067 3316  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
21:55:39.0085 3316  mrxsmb - ok
21:55:39.0106 3316  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:55:39.0119 3316  mrxsmb10 - ok
21:55:39.0127 3316  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:55:39.0137 3316  mrxsmb20 - ok
21:55:39.0150 3316  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
21:55:39.0159 3316  msahci - ok
21:55:39.0178 3316  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
21:55:39.0189 3316  msdsm - ok
21:55:39.0209 3316  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
21:55:39.0222 3316  MSDTC - ok
21:55:39.0231 3316  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
21:55:39.0260 3316  Msfs - ok
21:55:39.0271 3316  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
21:55:39.0298 3316  mshidkmdf - ok
21:55:39.0307 3316  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
21:55:39.0315 3316  msisadrv - ok
21:55:39.0328 3316  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
21:55:39.0362 3316  MSiSCSI - ok
21:55:39.0366 3316  msiserver - ok
21:55:39.0390 3316  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
21:55:39.0417 3316  MSKSSRV - ok
21:55:39.0467 3316  [ CC8E4F72F21340A4D3A3D4DB50313EF5 ] MsMpSvc         C:\Program Files\Microsoft Security Client\MsMpEng.exe
21:55:39.0490 3316  MsMpSvc - ok
21:55:39.0510 3316  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
21:55:39.0547 3316  MSPCLOCK - ok
21:55:39.0554 3316  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
21:55:39.0582 3316  MSPQM - ok
21:55:39.0600 3316  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
21:55:39.0614 3316  MsRPC - ok
21:55:39.0631 3316  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
21:55:39.0640 3316  mssmbios - ok
21:55:39.0644 3316  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
21:55:39.0671 3316  MSTEE - ok
21:55:39.0682 3316  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
21:55:39.0691 3316  MTConfig - ok
21:55:39.0702 3316  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
21:55:39.0711 3316  Mup - ok
21:55:39.0740 3316  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
21:55:39.0773 3316  napagent - ok
21:55:39.0793 3316  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
21:55:39.0810 3316  NativeWifiP - ok
21:55:39.0864 3316  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
21:55:39.0889 3316  NDIS - ok
21:55:39.0909 3316  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
21:55:39.0936 3316  NdisCap - ok
21:55:39.0949 3316  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
21:55:39.0977 3316  NdisTapi - ok
21:55:39.0992 3316  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
21:55:40.0019 3316  Ndisuio - ok
21:55:40.0031 3316  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
21:55:40.0058 3316  NdisWan - ok
21:55:40.0069 3316  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
21:55:40.0096 3316  NDProxy - ok
21:55:40.0143 3316  [ D5AC41AE382738483FAFFBD7E373D49A ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
21:55:40.0147 3316  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
21:55:40.0147 3316  Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
21:55:40.0151 3316  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
21:55:40.0178 3316  NetBIOS - ok
21:55:40.0190 3316  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
21:55:40.0220 3316  NetBT - ok
21:55:40.0237 3316  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
21:55:40.0247 3316  Netlogon - ok
21:55:40.0276 3316  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
21:55:40.0309 3316  Netman - ok
21:55:40.0317 3316  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
21:55:40.0352 3316  netprofm - ok
21:55:40.0376 3316  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:55:40.0385 3316  NetTcpPortSharing - ok
21:55:40.0396 3316  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
21:55:40.0404 3316  nfrd960 - ok
21:55:40.0442 3316  [ 5FF89F20317309D28AC1EDEB0CD1BA72 ] NisDrv          C:\Windows\system32\DRIVERS\NisDrvWFP.sys
21:55:40.0475 3316  NisDrv - ok
21:55:40.0503 3316  [ 79E80B10FE8F6662E0C9162A68C43444 ] NisSrv          C:\Program Files\Microsoft Security Client\NisSrv.exe
21:55:40.0526 3316  NisSrv - ok
21:55:40.0549 3316  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
21:55:40.0561 3316  NlaSvc - ok
21:55:40.0575 3316  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
21:55:40.0603 3316  Npfs - ok
21:55:40.0606 3316  npggsvc - ok
21:55:40.0614 3316  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
21:55:40.0643 3316  nsi - ok
21:55:40.0657 3316  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
21:55:40.0685 3316  nsiproxy - ok
21:55:40.0732 3316  [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
21:55:40.0775 3316  Ntfs - ok
21:55:40.0779 3316  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
21:55:40.0807 3316  Null - ok
21:55:40.0836 3316  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
21:55:40.0847 3316  nvraid - ok
21:55:40.0864 3316  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
21:55:40.0875 3316  nvstor - ok
21:55:40.0893 3316  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
21:55:40.0902 3316  nv_agp - ok
21:55:40.0978 3316  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:55:41.0015 3316  odserv - ok
21:55:41.0033 3316  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
21:55:41.0047 3316  ohci1394 - ok
21:55:41.0094 3316  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:55:41.0108 3316  ose - ok
21:55:41.0140 3316  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
21:55:41.0173 3316  p2pimsvc - ok
21:55:41.0189 3316  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
21:55:41.0204 3316  p2psvc - ok
21:55:41.0222 3316  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\drivers\parport.sys
21:55:41.0232 3316  Parport - ok
21:55:41.0260 3316  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
21:55:41.0269 3316  partmgr - ok
21:55:41.0280 3316  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
21:55:41.0295 3316  PcaSvc - ok
21:55:41.0304 3316  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
21:55:41.0316 3316  pci - ok
21:55:41.0322 3316  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
21:55:41.0331 3316  pciide - ok
21:55:41.0350 3316  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
21:55:41.0361 3316  pcmcia - ok
21:55:41.0373 3316  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
21:55:41.0382 3316  pcw - ok
21:55:41.0405 3316  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
21:55:41.0441 3316  PEAUTH - ok
21:55:41.0501 3316  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
21:55:41.0523 3316  PerfHost - ok
21:55:41.0580 3316  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
21:55:41.0655 3316  pla - ok
21:55:41.0684 3316  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
21:55:41.0706 3316  PlugPlay - ok
21:55:41.0738 3316  [ 37F6046CDC630442D7DC087501FF6FC6 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
21:55:41.0743 3316  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
21:55:41.0743 3316  Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
21:55:41.0765 3316  PnkBstrA - ok
21:55:41.0784 3316  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
21:55:41.0795 3316  PNRPAutoReg - ok
21:55:41.0807 3316  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
21:55:41.0820 3316  PNRPsvc - ok
21:55:41.0847 3316  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
21:55:41.0880 3316  PolicyAgent - ok
21:55:41.0898 3316  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
21:55:41.0929 3316  Power - ok
21:55:41.0948 3316  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
21:55:41.0975 3316  PptpMiniport - ok
21:55:41.0986 3316  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\drivers\processr.sys
21:55:41.0996 3316  Processor - ok
21:55:42.0028 3316  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
21:55:42.0055 3316  ProfSvc - ok
21:55:42.0065 3316  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
21:55:42.0076 3316  ProtectedStorage - ok
21:55:42.0090 3316  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
21:55:42.0125 3316  Psched - ok
21:55:42.0151 3316  [ FB46E9A827A8799EBD7BFA9128C91F37 ] PSI             C:\Windows\system32\DRIVERS\psi_mf.sys
21:55:42.0159 3316  PSI - ok
21:55:42.0193 3316  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
21:55:42.0232 3316  ql2300 - ok
21:55:42.0246 3316  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
21:55:42.0255 3316  ql40xx - ok
21:55:42.0274 3316  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
21:55:42.0290 3316  QWAVE - ok
21:55:42.0303 3316  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
21:55:42.0316 3316  QWAVEdrv - ok
21:55:42.0327 3316  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
21:55:42.0354 3316  RasAcd - ok
21:55:42.0378 3316  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
21:55:42.0406 3316  RasAgileVpn - ok
21:55:42.0419 3316  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
21:55:42.0449 3316  RasAuto - ok
21:55:42.0457 3316  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
21:55:42.0484 3316  Rasl2tp - ok
21:55:42.0493 3316  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
21:55:42.0524 3316  RasMan - ok
21:55:42.0536 3316  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
21:55:42.0564 3316  RasPppoe - ok
21:55:42.0572 3316  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
21:55:42.0600 3316  RasSstp - ok
21:55:42.0611 3316  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
21:55:42.0641 3316  rdbss - ok
21:55:42.0656 3316  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
21:55:42.0667 3316  rdpbus - ok
21:55:42.0684 3316  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
21:55:42.0712 3316  RDPCDD - ok
21:55:42.0725 3316  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
21:55:42.0752 3316  RDPENCDD - ok
21:55:42.0763 3316  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
21:55:42.0790 3316  RDPREFMP - ok
21:55:42.0826 3316  [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
21:55:42.0867 3316  RdpVideoMiniport - ok
21:55:42.0924 3316  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
21:55:43.0019 3316  RDPWD - ok
21:55:43.0053 3316  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
21:55:43.0073 3316  rdyboost - ok
21:55:43.0103 3316  [ 84C83C7577407C4FF6AB1379EE944610 ] regi            C:\Windows\system32\drivers\regi.sys
21:55:43.0112 3316  regi - ok
21:55:43.0139 3316  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
21:55:43.0168 3316  RemoteAccess - ok
21:55:43.0183 3316  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
21:55:43.0213 3316  RemoteRegistry - ok
21:55:43.0226 3316  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
21:55:43.0255 3316  RpcEptMapper - ok
21:55:43.0276 3316  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
21:55:43.0286 3316  RpcLocator - ok
21:55:43.0305 3316  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
21:55:43.0337 3316  RpcSs - ok
21:55:43.0351 3316  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
21:55:43.0379 3316  rspndr - ok
21:55:43.0413 3316  [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
21:55:43.0429 3316  RTL8167 - ok
21:55:43.0442 3316  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
21:55:43.0451 3316  SamSs - ok
21:55:43.0471 3316  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
21:55:43.0481 3316  sbp2port - ok
21:55:43.0499 3316  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
21:55:43.0529 3316  SCardSvr - ok
21:55:43.0544 3316  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
21:55:43.0571 3316  scfilter - ok
21:55:43.0590 3316  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
21:55:43.0640 3316  Schedule - ok
21:55:43.0662 3316  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
21:55:43.0688 3316  SCPolicySvc - ok
21:55:43.0700 3316  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
21:55:43.0716 3316  SDRSVC - ok
21:55:43.0732 3316  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
21:55:43.0761 3316  secdrv - ok
21:55:43.0767 3316  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
21:55:43.0794 3316  seclogon - ok
21:55:43.0837 3316  [ 9044795E9D1A912D5F1B8DF6211850FD ] Secunia PSI Agent C:\Program Files (x86)\Secunia\PSI\PSIA.exe
21:55:43.0877 3316  Secunia PSI Agent - ok
21:55:43.0909 3316  [ 8B1A72E4FB63A9C068B08E1F9B70482A ] Secunia Update Agent C:\Program Files (x86)\Secunia\PSI\sua.exe
21:55:43.0928 3316  Secunia Update Agent - ok
21:55:43.0936 3316  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
21:55:43.0967 3316  SENS - ok
21:55:43.0978 3316  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
21:55:43.0999 3316  SensrSvc - ok
21:55:44.0012 3316  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
21:55:44.0021 3316  Serenum - ok
21:55:44.0029 3316  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
21:55:44.0038 3316  Serial - ok
21:55:44.0053 3316  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
21:55:44.0062 3316  sermouse - ok
21:55:44.0086 3316  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
21:55:44.0115 3316  SessionEnv - ok
21:55:44.0133 3316  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
21:55:44.0144 3316  sffdisk - ok
21:55:44.0153 3316  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
21:55:44.0164 3316  sffp_mmc - ok
21:55:44.0172 3316  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
21:55:44.0183 3316  sffp_sd - ok
21:55:44.0191 3316  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
21:55:44.0200 3316  sfloppy - ok
21:55:44.0233 3316  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
21:55:44.0265 3316  SharedAccess - ok
21:55:44.0282 3316  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:55:44.0313 3316  ShellHWDetection - ok
21:55:44.0335 3316  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
21:55:44.0343 3316  SiSRaid2 - ok
21:55:44.0360 3316  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
21:55:44.0369 3316  SiSRaid4 - ok
21:55:44.0416 3316  [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
21:55:44.0436 3316  SkypeUpdate - ok
21:55:44.0453 3316  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
21:55:44.0502 3316  Smb - ok
21:55:44.0510 3316  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
21:55:44.0520 3316  SNMPTRAP - ok
21:55:44.0532 3316  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
21:55:44.0541 3316  spldr - ok
21:55:44.0582 3316  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
21:55:44.0611 3316  Spooler - ok
21:55:44.0670 3316  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
21:55:44.0729 3316  sppsvc - ok
21:55:44.0745 3316  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
21:55:44.0774 3316  sppuinotify - ok
21:55:44.0808 3316  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
21:55:44.0837 3316  srv - ok
21:55:44.0845 3316  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
21:55:44.0859 3316  srv2 - ok
21:55:44.0873 3316  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
21:55:44.0882 3316  srvnet - ok
21:55:44.0906 3316  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
21:55:44.0936 3316  SSDPSRV - ok
21:55:44.0945 3316  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
21:55:44.0974 3316  SstpSvc - ok
21:55:44.0990 3316  Steam Client Service - ok
21:55:45.0001 3316  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\drivers\stexstor.sys
21:55:45.0009 3316  stexstor - ok
21:55:45.0034 3316  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
21:55:45.0056 3316  stisvc - ok
21:55:45.0064 3316  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
21:55:45.0073 3316  swenum - ok
21:55:45.0097 3316  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
21:55:45.0131 3316  swprv - ok
21:55:45.0166 3316  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
21:55:45.0220 3316  SysMain - ok
21:55:45.0231 3316  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:55:45.0245 3316  TabletInputService - ok
21:55:45.0264 3316  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
21:55:45.0295 3316  TapiSrv - ok
21:55:45.0302 3316  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
21:55:45.0331 3316  TBS - ok
21:55:45.0400 3316  [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
21:55:45.0457 3316  Tcpip - ok
21:55:45.0489 3316  [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
21:55:45.0520 3316  TCPIP6 - ok
21:55:45.0545 3316  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
21:55:45.0554 3316  tcpipreg - ok
21:55:45.0568 3316  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
21:55:45.0588 3316  TDPIPE - ok
21:55:45.0605 3316  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
21:55:45.0613 3316  TDTCP - ok
21:55:45.0633 3316  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
21:55:45.0661 3316  tdx - ok
21:55:45.0724 3316  [ 74FC70AE64A7B7DABEC9697CE0A1F4FA ] TeamViewer7     C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
21:55:45.0772 3316  TeamViewer7 - ok
21:55:45.0789 3316  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
21:55:45.0798 3316  TermDD - ok
21:55:45.0818 3316  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
21:55:45.0851 3316  TermService - ok
21:55:45.0863 3316  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
21:55:45.0878 3316  Themes - ok
21:55:45.0890 3316  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
21:55:45.0918 3316  THREADORDER - ok
21:55:45.0930 3316  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
21:55:45.0959 3316  TrkWks - ok
21:55:45.0995 3316  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:55:46.0026 3316  TrustedInstaller - ok
21:55:46.0032 3316  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
21:55:46.0058 3316  tssecsrv - ok
21:55:46.0087 3316  [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
21:55:46.0103 3316  TsUsbFlt - ok
21:55:46.0138 3316  [ AD64450A4ABE076F5CB34CC08EEACB07 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
21:55:46.0147 3316  TsUsbGD - ok
21:55:46.0178 3316  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
21:55:46.0205 3316  tunnel - ok
21:55:46.0216 3316  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
21:55:46.0225 3316  uagp35 - ok
21:55:46.0245 3316  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
21:55:46.0275 3316  udfs - ok
21:55:46.0284 3316  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
21:55:46.0294 3316  UI0Detect - ok
21:55:46.0304 3316  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
21:55:46.0313 3316  uliagpkx - ok
21:55:46.0335 3316  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
21:55:46.0344 3316  umbus - ok
21:55:46.0353 3316  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\drivers\umpass.sys
21:55:46.0362 3316  UmPass - ok
21:55:46.0379 3316  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
21:55:46.0411 3316  upnphost - ok
21:55:46.0430 3316  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
21:55:46.0451 3316  usbccgp - ok
21:55:46.0462 3316  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
21:55:46.0474 3316  usbcir - ok
21:55:46.0501 3316  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
21:55:46.0509 3316  usbehci - ok
21:55:46.0530 3316  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
21:55:46.0542 3316  usbhub - ok
21:55:46.0556 3316  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
21:55:46.0564 3316  usbohci - ok
21:55:46.0575 3316  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
21:55:46.0587 3316  usbprint - ok
21:55:46.0618 3316  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
21:55:46.0629 3316  usbscan - ok
21:55:46.0647 3316  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:55:46.0666 3316  USBSTOR - ok
21:55:46.0681 3316  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
21:55:46.0689 3316  usbuhci - ok
21:55:46.0709 3316  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
21:55:46.0737 3316  UxSms - ok
21:55:46.0742 3316  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
21:55:46.0752 3316  VaultSvc - ok
21:55:46.0766 3316  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
21:55:46.0775 3316  vdrvroot - ok
21:55:46.0788 3316  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
21:55:46.0822 3316  vds - ok
21:55:46.0831 3316  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
21:55:46.0842 3316  vga - ok
21:55:46.0857 3316  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
21:55:46.0885 3316  VgaSave - ok
21:55:46.0890 3316  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
21:55:46.0902 3316  vhdmp - ok
21:55:46.0915 3316  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
21:55:46.0924 3316  viaide - ok
21:55:46.0928 3316  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
21:55:46.0938 3316  volmgr - ok
21:55:46.0961 3316  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
21:55:46.0976 3316  volmgrx - ok
21:55:47.0006 3316  [ DF8126BD41180351A093A3AD2FC8903B ] volsnap         C:\Windows\system32\drivers\volsnap.sys
21:55:47.0020 3316  volsnap - ok
21:55:47.0046 3316  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
21:55:47.0057 3316  vsmraid - ok
21:55:47.0098 3316  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
21:55:47.0168 3316  VSS - ok
21:55:47.0178 3316  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
21:55:47.0188 3316  vwifibus - ok
21:55:47.0205 3316  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
21:55:47.0237 3316  W32Time - ok
21:55:47.0260 3316  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
21:55:47.0269 3316  WacomPen - ok
21:55:47.0291 3316  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
21:55:47.0318 3316  WANARP - ok
21:55:47.0326 3316  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
21:55:47.0353 3316  Wanarpv6 - ok
21:55:47.0372 3316  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
21:55:47.0405 3316  wbengine - ok
21:55:47.0417 3316  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
21:55:47.0434 3316  WbioSrvc - ok
21:55:47.0450 3316  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
21:55:47.0468 3316  wcncsvc - ok
21:55:47.0485 3316  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:55:47.0505 3316  WcsPlugInService - ok
21:55:47.0523 3316  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\drivers\wd.sys
21:55:47.0532 3316  Wd - ok
21:55:47.0562 3316  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
21:55:47.0586 3316  Wdf01000 - ok
21:55:47.0599 3316  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
21:55:47.0647 3316  WdiServiceHost - ok
21:55:47.0651 3316  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
21:55:47.0668 3316  WdiSystemHost - ok
21:55:47.0684 3316  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
21:55:47.0701 3316  WebClient - ok
21:55:47.0719 3316  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
21:55:47.0750 3316  Wecsvc - ok
21:55:47.0793 3316  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
21:55:47.0829 3316  wercplsupport - ok
21:55:47.0855 3316  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
21:55:47.0885 3316  WerSvc - ok
21:55:47.0895 3316  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
21:55:47.0923 3316  WfpLwf - ok
21:55:47.0937 3316  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
21:55:47.0946 3316  WIMMount - ok
21:55:47.0954 3316  WinDefend - ok
21:55:47.0958 3316  WinHttpAutoProxySvc - ok
21:55:47.0997 3316  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
21:55:48.0036 3316  Winmgmt - ok
21:55:48.0110 3316  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
21:55:48.0180 3316  WinRM - ok
21:55:48.0207 3316  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
21:55:48.0233 3316  Wlansvc - ok
21:55:48.0353 3316  [ 357CABBF155AFD1D3926E62539D2A3A7 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
21:55:48.0431 3316  wlidsvc - ok
21:55:48.0445 3316  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
21:55:48.0454 3316  WmiAcpi - ok
21:55:48.0469 3316  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
21:55:48.0482 3316  wmiApSrv - ok
21:55:48.0496 3316  WMPNetworkSvc - ok
21:55:48.0506 3316  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
21:55:48.0525 3316  WPCSvc - ok
21:55:48.0538 3316  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
21:55:48.0568 3316  WPDBusEnum - ok
21:55:48.0574 3316  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
21:55:48.0602 3316  ws2ifsl - ok
21:55:48.0621 3316  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
21:55:48.0636 3316  wscsvc - ok
21:55:48.0639 3316  WSearch - ok
21:55:48.0720 3316  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
21:55:48.0797 3316  wuauserv - ok
21:55:48.0826 3316  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
21:55:48.0850 3316  WudfPf - ok
21:55:48.0875 3316  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
21:55:48.0887 3316  WUDFRd - ok
21:55:48.0914 3316  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
21:55:48.0926 3316  wudfsvc - ok
21:55:48.0955 3316  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
21:55:48.0974 3316  WwanSvc - ok
21:55:49.0036 3316  [ 2EE48CFCE7CA8E0DB4C44C7476C0943B ] xusb21          C:\Windows\system32\DRIVERS\xusb21.sys
21:55:49.0053 3316  xusb21 - ok
21:55:49.0063 3316  ================ Scan global ===============================
21:55:49.0084 3316  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
21:55:49.0110 3316  [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
21:55:49.0118 3316  [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
21:55:49.0135 3316  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
21:55:49.0146 3316  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
21:55:49.0151 3316  [Global] - ok
21:55:49.0152 3316  ================ Scan MBR ==================================
21:55:49.0169 3316  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
21:55:49.0428 3316  \Device\Harddisk0\DR0 - ok
21:55:49.0428 3316  ================ Scan VBR ==================================
21:55:49.0431 3316  [ 6F9ECDE7D71942AA1336319E181DDC55 ] \Device\Harddisk0\DR0\Partition1
21:55:49.0432 3316  \Device\Harddisk0\DR0\Partition1 - ok
21:55:49.0436 3316  [ C42724744D0DEF8CA25C3240380B6468 ] \Device\Harddisk0\DR0\Partition2
21:55:49.0438 3316  \Device\Harddisk0\DR0\Partition2 - ok
21:55:49.0458 3316  [ 0E7BFB7610F2C2354638DCB3B987E929 ] \Device\Harddisk0\DR0\Partition3
21:55:49.0460 3316  \Device\Harddisk0\DR0\Partition3 - ok
21:55:49.0484 3316  [ D3F8465154C6D20D7C914D7E806F5D6D ] \Device\Harddisk0\DR0\Partition4
21:55:49.0486 3316  \Device\Harddisk0\DR0\Partition4 - ok
21:55:49.0486 3316  ============================================================
21:55:49.0486 3316  Scan finished
21:55:49.0486 3316  ============================================================
21:55:49.0499 2220  Detected object count: 4
21:55:49.0499 2220  Actual detected object count: 4
21:56:24.0375 2220  hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
21:56:24.0376 2220  hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:56:24.0379 2220  hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
21:56:24.0379 2220  hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:56:24.0381 2220  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
21:56:24.0382 2220  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:56:24.0384 2220  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
21:56:24.0384 2220  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
         


Alt 14.12.2012, 09:50   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Exploit:JS/Blacole.kh - Standard

Exploit:JS/Blacole.kh



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.
__________________
--> Exploit:JS/Blacole.kh

Alt 14.12.2012, 11:26   #7
desperated
 
Exploit:JS/Blacole.kh - Standard

Exploit:JS/Blacole.kh



Hallo,

was meinst du denn mit anderen Hintergrundwächtern? Hast du da ein Beispiel für mich?

Alt 14.12.2012, 11:41   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Exploit:JS/Blacole.kh - Standard

Exploit:JS/Blacole.kh



Hintergrundwächter sind die Echtzeitscanner von Virenscannern
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 14.12.2012, 12:58   #9
desperated
 
Exploit:JS/Blacole.kh - Standard

Exploit:JS/Blacole.kh



Hallo,

hier ist der Log. Beim durchlesen fiel mir etwas auf. Ich habe vor einigen Wochen Sweet Im von meinem Rechner entfernt, doch trotzdem taucht dieses Programm immer wieder auf. Kannst du mir sagen was das ist und warum es immer wieder auftaucht, obwohl ich es gelöscht habe?

Combofix Logfile:
Code:
ATTFilter
ComboFix 12-12-13.02 - *** 14.12.2012  12:48:18.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.8170.6399 [GMT 1:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\URTTemp
c:\windows\SysWow64\URTTemp\regtlib.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-11-14 bis 2012-12-14  ))))))))))))))))))))))))))))))
.
.
2012-12-14 11:52 . 2012-12-14 11:52	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-12-13 21:04 . 2012-11-08 17:24	9125352	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AF4DACBE-3476-437A-95DE-DA4FB566AD0D}\mpengine.dll
2012-12-12 20:02 . 2012-11-08 17:24	9125352	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-12-11 21:34 . 2012-11-14 05:52	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2012-12-11 21:34 . 2012-11-14 07:11	182816	----a-w-	c:\program files\Internet Explorer\sqmapi.dll
2012-12-11 21:34 . 2012-11-14 05:53	96768	----a-w-	c:\windows\system32\mshtmled.dll
2012-12-11 21:34 . 2012-11-14 02:56	149552	----a-w-	c:\program files (x86)\Internet Explorer\sqmapi.dll
2012-12-11 21:34 . 2012-11-14 01:48	420864	----a-w-	c:\windows\SysWow64\vbscript.dll
2012-12-11 21:34 . 2012-11-14 01:44	2382848	----a-w-	c:\windows\SysWow64\mshtml.tlb
2012-12-11 21:34 . 2012-11-14 06:00	304640	----a-w-	c:\program files\Internet Explorer\IEShims.dll
2012-12-11 21:34 . 2012-11-14 05:57	173056	----a-w-	c:\windows\system32\ieUnatt.exe
2012-12-11 21:34 . 2012-11-14 05:46	248320	----a-w-	c:\windows\system32\ieui.dll
2012-12-11 21:34 . 2012-11-14 01:51	194048	----a-w-	c:\program files (x86)\Internet Explorer\IEShims.dll
2012-12-11 21:32 . 2012-10-04 17:45	215040	----a-w-	c:\windows\system32\winsrv.dll
2012-12-07 21:58 . 2012-12-07 21:58	--------	d-----w-	c:\users\Jasmin\AppData\Local\ElevatedDiagnostics
2012-12-05 19:41 . 2012-12-05 19:41	208216	----a-w-	c:\windows\system32\drivers\16143417.sys
2012-12-05 19:30 . 2012-12-05 19:30	--------	d-----w-	c:\users\Jasmin\AppData\Roaming\Malwarebytes
2012-12-05 19:30 . 2012-12-05 19:30	--------	d-----w-	c:\programdata\Malwarebytes
2012-12-05 19:30 . 2012-12-05 19:30	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-12-05 19:30 . 2012-09-29 18:54	25928	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-11-29 17:59 . 2012-11-29 17:59	972264	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A78E98C6-43BF-4F82-AF18-FC2F05C488A7}\gapaengine.dll
2012-11-29 17:59 . 2012-11-16 19:59	972192	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-11-27 12:34 . 2009-03-16 13:18	24920	----a-w-	c:\windows\system32\X3DAudio1_6.dll
2012-11-16 22:14 . 2012-07-26 07:46	2560	----a-w-	c:\windows\system32\drivers\de-DE\wdf01000.sys.mui
2012-11-16 22:14 . 2012-07-26 04:55	785512	----a-w-	c:\windows\system32\drivers\Wdf01000.sys
2012-11-16 22:14 . 2012-07-26 04:55	54376	----a-w-	c:\windows\system32\drivers\WdfLdr.sys
2012-11-16 22:14 . 2012-07-26 02:36	9728	----a-w-	c:\windows\system32\Wdfres.dll
2012-11-16 22:05 . 2012-10-03 17:44	18944	----a-w-	c:\windows\system32\netevent.dll
2012-11-16 22:05 . 2012-10-03 16:42	18944	----a-w-	c:\windows\SysWow64\netevent.dll
2012-11-16 22:05 . 2012-10-09 18:17	55296	----a-w-	c:\windows\system32\dhcpcsvc6.dll
2012-11-16 22:05 . 2012-10-09 18:17	226816	----a-w-	c:\windows\system32\dhcpcore6.dll
2012-11-16 22:05 . 2012-10-09 17:40	193536	----a-w-	c:\windows\SysWow64\dhcpcore6.dll
2012-11-16 22:05 . 2012-10-09 17:40	44032	----a-w-	c:\windows\SysWow64\dhcpcsvc6.dll
2012-11-16 22:05 . 2012-09-25 22:47	78336	----a-w-	c:\windows\SysWow64\synceng.dll
2012-11-16 22:05 . 2012-09-25 22:46	95744	----a-w-	c:\windows\system32\synceng.dll
2012-11-16 19:56 . 2012-11-16 19:56	--------	d-----w-	c:\program files (x86)\Microsoft Security Client
2012-11-16 19:56 . 2012-11-16 19:56	--------	d-----w-	c:\program files\Microsoft Security Client
2012-11-16 19:36 . 2012-12-10 15:11	--------	d-----w-	c:\program files (x86)\Mozilla Maintenance Service
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-12 20:14 . 2012-04-10 17:49	697272	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-12-12 20:14 . 2012-03-12 21:05	73656	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-11 21:35 . 2012-03-12 00:26	67413224	----a-w-	c:\windows\system32\MRT.exe
2012-11-10 22:45 . 2012-11-10 22:45	916456	----a-w-	c:\windows\system32\deployJava1.dll
2012-11-10 22:45 . 2012-11-10 22:45	289768	----a-w-	c:\windows\system32\javaws.exe
2012-11-10 22:45 . 2012-11-10 22:45	1034216	----a-w-	c:\windows\system32\npDeployJava1.dll
2012-11-10 22:45 . 2012-11-10 22:45	189416	----a-w-	c:\windows\system32\javaw.exe
2012-11-10 22:45 . 2012-11-10 22:45	188904	----a-w-	c:\windows\system32\java.exe
2012-11-10 22:45 . 2012-11-10 22:45	108008	----a-w-	c:\windows\system32\WindowsAccessBridge-64.dll
2012-11-10 22:26 . 2012-11-10 22:26	821736	----a-w-	c:\windows\SysWow64\npDeployJava1.dll
2012-11-10 22:26 . 2012-11-10 22:26	746984	----a-w-	c:\windows\SysWow64\deployJava1.dll
2012-10-16 08:38 . 2012-11-28 19:24	135168	----a-w-	c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-28 19:24	350208	----a-w-	c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-28 19:24	561664	----a-w-	c:\windows\apppatch\AcLayers.dll
2012-10-12 07:19 . 2012-11-10 19:50	9291768	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{7384638C-6111-41B6-9CF0-29C9D32E44C5}\mpengine.dll
2012-10-04 16:40 . 2012-12-11 21:32	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2012-09-28 13:37 . 2012-09-28 13:37	221696	----a-w-	c:\windows\system32\clinfo.exe
2012-09-28 13:36 . 2012-09-28 13:36	75776	----a-w-	c:\windows\system32\OpenVideo64.dll
2012-09-28 13:36 . 2012-09-28 13:36	65536	----a-w-	c:\windows\SysWow64\OpenVideo.dll
2012-09-28 13:36 . 2012-09-28 13:36	63488	----a-w-	c:\windows\system32\OVDecode64.dll
2012-09-28 13:36 . 2012-09-28 13:36	56320	----a-w-	c:\windows\SysWow64\OVDecode.dll
2012-09-28 13:36 . 2012-09-28 13:36	32635904	----a-w-	c:\windows\system32\amdocl64.dll
2012-09-28 13:32 . 2012-09-28 13:32	27341824	----a-w-	c:\windows\SysWow64\amdocl.dll
2012-09-28 02:23 . 2012-09-28 02:23	5557928	----a-w-	c:\windows\SysWow64\atiumdag.dll
2012-09-28 02:21 . 2012-09-28 02:21	10697216	----a-w-	c:\windows\system32\drivers\atikmdag.sys
2012-09-28 02:05 . 2012-09-28 02:05	70144	----a-w-	c:\windows\system32\coinst_9.002.dll
2012-09-28 02:03 . 2012-09-28 02:03	163840	----a-w-	c:\windows\system32\atiapfxx.exe
2012-09-28 02:02 . 2012-09-28 02:02	51200	----a-w-	c:\windows\system32\aticalrt64.dll
2012-09-28 02:02 . 2012-09-28 02:02	46080	----a-w-	c:\windows\SysWow64\aticalrt.dll
2012-09-28 02:02 . 2012-09-28 02:02	44544	----a-w-	c:\windows\system32\aticalcl64.dll
2012-09-28 02:02 . 2012-09-28 02:02	44032	----a-w-	c:\windows\SysWow64\aticalcl.dll
2012-09-28 02:02 . 2012-09-28 02:02	16082432	----a-w-	c:\windows\system32\aticaldd64.dll
2012-09-28 01:59 . 2012-09-28 01:59	23825920	----a-w-	c:\windows\system32\atio6axx.dll
2012-09-28 01:57 . 2012-09-28 01:57	13703168	----a-w-	c:\windows\SysWow64\aticaldd.dll
2012-09-28 01:43 . 2012-09-28 01:43	935424	----a-w-	c:\windows\SysWow64\aticfx32.dll
2012-09-28 01:41 . 2011-12-06 03:16	1120768	----a-w-	c:\windows\system32\aticfx64.dll
2012-09-28 01:41 . 2012-09-28 01:41	19624960	----a-w-	c:\windows\SysWow64\atioglxx.dll
2012-09-28 01:39 . 2012-09-28 01:39	6536192	----a-w-	c:\windows\SysWow64\atidxx32.dll
2012-09-28 01:39 . 2012-09-28 01:39	442368	----a-w-	c:\windows\system32\atidemgy.dll
2012-09-28 01:39 . 2012-09-28 01:39	538112	----a-w-	c:\windows\system32\atieclxx.exe
2012-09-28 01:38 . 2012-09-28 01:38	239616	----a-w-	c:\windows\system32\atiesrxx.exe
2012-09-28 01:36 . 2012-09-28 01:36	120320	----a-w-	c:\windows\system32\atitmm64.dll
2012-09-28 01:36 . 2012-09-28 01:36	21504	----a-w-	c:\windows\system32\atimuixx.dll
2012-09-28 01:36 . 2012-09-28 01:36	59392	----a-w-	c:\windows\system32\atiedu64.dll
2012-09-28 01:36 . 2012-09-28 01:36	43520	----a-w-	c:\windows\SysWow64\ati2edxx.dll
2012-09-28 01:31 . 2012-09-28 01:31	3127296	----a-w-	c:\windows\system32\atiumd6a.dll
2012-09-28 01:25 . 2012-09-28 01:25	6704640	----a-w-	c:\windows\system32\atiumd64.dll
2012-09-28 01:22 . 2011-12-06 02:51	7167488	----a-w-	c:\windows\system32\atidxx64.dll
2012-09-28 01:22 . 2012-09-28 01:22	2691584	----a-w-	c:\windows\SysWow64\atiumdva.dll
2012-09-28 01:13 . 2012-09-28 01:13	595456	----a-w-	c:\windows\system32\atiadlxx.dll
2012-09-28 01:13 . 2012-09-28 01:13	405504	----a-w-	c:\windows\SysWow64\atiadlxy.dll
2012-09-28 01:13 . 2012-09-28 01:13	17920	----a-w-	c:\windows\system32\atig6pxx.dll
2012-09-28 01:13 . 2012-09-28 01:13	14848	----a-w-	c:\windows\SysWow64\atiglpxx.dll
2012-09-28 01:13 . 2012-09-28 01:13	14848	----a-w-	c:\windows\system32\atiglpxx.dll
2012-09-28 01:13 . 2012-09-28 01:13	41984	----a-w-	c:\windows\system32\atig6txx.dll
2012-09-28 01:13 . 2012-09-28 01:13	33280	----a-w-	c:\windows\SysWow64\atigktxx.dll
2012-09-28 01:12 . 2012-09-28 01:12	56320	----a-w-	c:\windows\system32\atimpc64.dll
2012-09-28 01:12 . 2012-09-28 01:12	56320	----a-w-	c:\windows\system32\amdpcom64.dll
2012-09-28 01:12 . 2012-09-28 01:12	460288	----a-w-	c:\windows\system32\drivers\atikmpag.sys
2012-09-28 01:12 . 2012-09-28 01:12	56832	----a-w-	c:\windows\SysWow64\atimpc32.dll
2012-09-28 01:12 . 2012-09-28 01:12	56832	----a-w-	c:\windows\SysWow64\amdpcom32.dll
2012-09-28 01:11 . 2012-03-09 03:57	129536	----a-w-	c:\windows\system32\atiuxp64.dll
2012-09-28 01:11 . 2012-09-28 01:11	109568	----a-w-	c:\windows\SysWow64\atiuxpag.dll
2012-09-28 01:11 . 2012-09-28 01:11	103424	----a-w-	c:\windows\system32\atiu9p64.dll
2012-09-28 01:10 . 2012-09-28 01:10	82944	----a-w-	c:\windows\SysWow64\atiu9pag.dll
2012-09-28 01:09 . 2012-09-28 01:09	53248	----a-w-	c:\windows\system32\drivers\ati2erec.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2012-07-04 13:03	1310040	----a-r-	c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2012-07-04 1310040]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496]
"HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2010-11-25 393216]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ASUS AiChargerPlus Execute"="c:\program files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe" [2010-11-08 465536]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"Sweetpacks Communicator"="c:\program files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe" [2012-08-15 231768]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-09-28 642728]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2012-7-25 572000]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-30 128456]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-12 368896]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-02-23 2886528]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
S0 AiChargerPlus;ASUS Charger Plus Driver;c:\windows\system32\DRIVERS\AiChargerPlus.sys [2010-11-08 14464]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-09-28 239616]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-09-28 361984]
S2 AODDriver4.2;AODDriver4.2;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-04-09 57472]
S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe [2011-06-13 922240]
S2 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe [2010-12-02 915584]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [2010-10-21 586880]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [2011-09-21 21992]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2010-11-16 15672]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2012-07-25 1326176]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2012-07-25 681056]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-06-02 128488]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-06-02 401896]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-05-14 96896]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 17976]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
2012-12-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 20:14]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-06-28 11905128]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-10-01 825184]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 1289704]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://home.sweetim.com/?st=6&barid={8167C154-0829-11E2-975F-14DAE9E09EE2}
mStart Page = hxxp://home.sweetim.com/?crg=3.1010000.10025&barid={8167C154-0829-11E2-975F-14DAE9E09EE2}
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Nach Microsoft E&xel exportieren - d:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\vf3oixee.default-1353093934439\
FF - prefs.js: browser.startup.homepage - hxxp://home.sweetim.com/?st=6&barid={8167C154-0829-11E2-975F-14DAE9E09EE2}
FF - ExtSQL: 2012-11-16 20:43; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\vf3oixee.default-1353093934439\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2012-11-16 23:40; ALone-live@ya.ru; c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\vf3oixee.default-1353093934439\extensions\ALone-live@ya.ru
FF - ExtSQL: !HIDDEN! 2012-06-14 20:24; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-12-14  12:54:02
ComboFix-quarantined-files.txt  2012-12-14 11:54
.
Vor Suchlauf: 8 Verzeichnis(se), 159.645.569.024 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 160.206.299.136 Bytes frei
.
- - End Of File - - D092F3268EDE18226F84F62CE47CD9AF
         
--- --- ---

Geändert von desperated (14.12.2012 um 13:06 Uhr)

Alt 14.12.2012, 14:49   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Exploit:JS/Blacole.kh - Standard

Exploit:JS/Blacole.kh



adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Suche.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Rx].txt. (x=fortlaufende Nummer)
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 14.12.2012, 15:07   #11
desperated
 
Exploit:JS/Blacole.kh - Standard

Exploit:JS/Blacole.kh



Hallo,

das ist der Log.

Code:
ATTFilter
 # AdwCleaner v2.100 - Datei am 14/12/2012 um 15:05:41 erstellt
# Aktualisiert am 09/12/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer :*** - ***-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\***\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gefunden : C:\Program Files (x86)\SweetIM
Ordner Gefunden : C:\ProgramData\SweetIM

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKCU\Software\SweetIM
Schlüssel Gefunden : HKLM\Software\SweetIM
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Sweetpacks Communicator]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll]
Wert Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{EEE6C35B-6118-11DC-9C72-001320C79847}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16457

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://home.sweetim.com/?st=6&barid={8167C154-0829-11E2-975F-14DAE9E09EE2}
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Start Page] = hxxp://home.sweetim.com/?crg=3.1010000.10025&barid={8167C154-0829-11E2-975F-14DAE9E09EE2}

-\\ Mozilla Firefox v17.0.1 (de)

Profilname : default-1353093934439 [Profil par défaut]
Datei : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\vf3oixee.default-1353093934439\prefs.js

Gefunden : user_pref("browser.startup.homepage", "hxxp://home.sweetim.com/?st=6&barid={8167C154-0829-11E2-975F-[...]
Gefunden : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
Gefunden : user_pref("sweetim.toolbar.urls.homepage", "hxxp://home.sweetim.com/?st=6&barid={8167C154-0829-11E2-[...]

*************************

AdwCleaner[R1].txt - [3287 octets] - [14/12/2012 15:05:41]

########## EOF - C:\AdwCleaner[R1].txt - [3347 octets] ##########
         

Alt 14.12.2012, 15:43   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Exploit:JS/Blacole.kh - Standard

Exploit:JS/Blacole.kh



adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Löschen.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Sx].txt. (x=fortlaufende Nummer)

Danach eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles in CODE-Tags hier in den Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 14.12.2012, 17:43   #13
desperated
 
Exploit:JS/Blacole.kh - Standard

Exploit:JS/Blacole.kh



Hallo,

ich habe die Scans durchgeführt. Ich habe noch eine Externe Festplatte. Nur hab ich die vom Rechner abgemacht, als ich den Fund auf der C und K Festplatte hatte. Ich hab das total vegessen. Tut mir total leid, dass ich das erst jetzt sage. . Sollte ich die auch irgendwie überprüfen? Ich danke dir für deine Hilfe.

Code:
ATTFilter
 # AdwCleaner v2.100 - Datei am 14/12/2012 um 17:05:41 erstellt
# Aktualisiert am 09/12/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : *** - ***-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\***\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gelöscht : C:\Program Files (x86)\SweetIM
Ordner Gelöscht : C:\ProgramData\SweetIM

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\SweetIM
Schlüssel Gelöscht : HKLM\Software\SweetIM
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Sweetpacks Communicator]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{EEE6C35B-6118-11DC-9C72-001320C79847}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16457

Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://home.sweetim.com/?st=6&barid={8167C154-0829-11E2-975F-14DAE9E09EE2} --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Start Page] = hxxp://home.sweetim.com/?crg=3.1010000.10025&barid={8167C154-0829-11E2-975F-14DAE9E09EE2} --> hxxp://www.google.com

-\\ Mozilla Firefox v17.0.1 (de)

Profilname : default-1353093934439 [Profil par défaut]
Datei : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\vf3oixee.default-1353093934439\prefs.js

Gelöscht : user_pref("browser.startup.homepage", "hxxp://home.sweetim.com/?st=6&barid={8167C154-0829-11E2-975F-[...]
Gelöscht : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
Gelöscht : user_pref("sweetim.toolbar.urls.homepage", "hxxp://home.sweetim.com/?st=6&barid={8167C154-0829-11E2-[...]

*************************

AdwCleaner[R1].txt - [3410 octets] - [14/12/2012 15:05:41]
AdwCleaner[S1].txt - [3421 octets] - [14/12/2012 17:05:41]

########## EOF - C:\AdwCleaner[S1].txt - [3481 octets] ##########
         
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 14.12.2012 17:10:39 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\***\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,98 Gb Total Physical Memory | 6,54 Gb Available Physical Memory | 81,96% Memory free
15,96 Gb Paging File | 14,30 Gb Available in Paging File | 89,60% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 203,19 Gb Total Space | 149,34 Gb Free Space | 73,50% Space Free | Partition Type: NTFS
Drive D: | 199,09 Gb Total Space | 63,96 Gb Free Space | 32,13% Space Free | Partition Type: NTFS
Drive K: | 63,38 Gb Total Space | 50,89 Gb Free Space | 80,30% Space Free | Partition Type: NTFS
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Secunia\PSI\PSIA.exe (Secunia)
PRC - C:\Program Files (x86)\Secunia\PSI\sua.exe (Secunia)
PRC - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
PRC - C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe ()
PRC - C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe ()
PRC - C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD)
PRC - C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe (ASUSTek Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe ()
PRC - C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe (ASUSTeK Computer Inc.)
PRC - C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\pngio.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\HookKey32.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\Sensor\Sensor.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\BarGadget\BarGadget.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\Sensor Graph\SensorGraph.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\MyLogo\MyLogo.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\ASUS Update\Update.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\AssistFunc.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\AI Charger+\AIChargerPlus.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\Settings\Settings.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\Probe_II\ProbeII.dll ()
MOD - C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMLib.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\TabGadget\TabGadget.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\Splitter\Splitter.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\ImageHelper.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\ImageHelper.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\pngio.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (NisSrv) -- C:\Programme\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- C:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (Secunia PSI Agent) -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe (Secunia)
SRV - (Secunia Update Agent) -- C:\Program Files (x86)\Secunia\PSI\sua.exe (Secunia)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (npggsvc) -- C:\Windows\SysWOW64\GameMon.des (INCA Internet Co., Ltd.)
SRV - (TeamViewer7) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (asComSvc) -- C:\Program Files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe ()
SRV - (asHmComSvc) -- C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe ()
SRV - (AsSysCtrlService) -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe ()
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (cpuz135) -- C:\Windows\SysNative\drivers\cpuz135_x64.sys (CPUID)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (asmtxhci) -- C:\Windows\SysNative\drivers\asmtxhci.sys (ASMedia Technology Inc)
DRV:64bit: - (asmthub3) -- C:\Windows\SysNative\drivers\asmthub3.sys (ASMedia Technology Inc)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (regi) -- C:\Windows\SysNative\drivers\regi.sys (InterVideo)
DRV:64bit: - (AiChargerPlus) -- C:\Windows\SysNative\drivers\AiChargerPlus.sys (ASUSTek Computer Inc.)
DRV:64bit: - (PSI) -- C:\Windows\SysNative\drivers\psi_mf.sys (Secunia)
DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices)
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (AODDriver4.2) -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys (Advanced Micro Devices)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-3123046600-2947581708-3659436244-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-3123046600-2947581708-3659436244-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-3123046600-2947581708-3659436244-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F2 D4 12 4F 6A 00 CD 01  [binary data]
IE - HKU\S-1-5-21-3123046600-2947581708-3659436244-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-3123046600-2947581708-3659436244-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: ALone-live%40ya.ru:1.3.8
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\ZEON/PDF,version=2.0: D:\Tools\bin\nppdf.dll (Zeon Corporation)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Jasmin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.06.14 19:24:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.09 19:50:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.12.09 19:50:15 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.06.14 19:24:32 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.09 19:50:49 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.12.09 19:50:15 | 000,000,000 | ---D | M]
 
[2012.12.11 20:10:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2012.11.24 19:39:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\vf3oixee.default-1353093934439\extensions
[2012.11.16 23:40:23 | 000,000,000 | ---D | M] (Roomy Bookmarks Toolbar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\vf3oixee.default-1353093934439\extensions\ALone-live@ya.ru
[2012.11.24 19:39:56 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\vf3oixee.default-1353093934439\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.12.09 19:50:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.12.09 19:50:49 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.20 17:14:20 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012.10.24 23:03:12 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.10.24 23:03:11 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.10.24 23:03:12 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.10.24 23:03:12 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.10.24 23:03:12 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.10.24 23:03:11 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.12.14 12:52:37 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ASUS AiChargerPlus Execute] C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-3123046600-2947581708-3659436244-1000..\Run: [HydraVisionDesktopManager] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD)
O4 - HKU\S-1-5-21-3123046600-2947581708-3659436244-1000..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3123046600-2947581708-3659436244-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3123046600-2947581708-3659436244-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - D:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - D:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3123046600-2947581708-3659436244-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-3123046600-2947581708-3659436244-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-3123046600-2947581708-3659436244-1000\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-3123046600-2947581708-3659436244-1000\..Trusted Domains: sony.com ([]* in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D9E84C75-117F-469B-8E49-02B4F54926D6}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.12.14 12:54:04 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.12.14 12:47:06 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.12.14 12:47:06 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.12.14 12:47:06 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.12.14 12:47:02 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.12.14 12:46:52 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.12.14 12:44:02 | 005,010,970 | R--- | C] (Swearware) -- C:\Users\***\Desktop\ComboFix.exe
[2012.12.13 21:28:10 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\***\Desktop\aswMBR.exe
[2012.12.11 22:34:01 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.12.11 22:34:01 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.12.11 22:34:00 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.12.11 22:34:00 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.12.11 22:34:00 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.12.11 22:33:59 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.12.11 22:33:59 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.12.11 22:33:59 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.12.11 22:33:58 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.12.11 22:33:58 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.12.11 22:33:58 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.12.11 22:33:58 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012.12.11 22:33:56 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.12.11 22:33:56 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.12.11 22:33:56 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012.12.11 22:32:55 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2012.12.11 22:32:55 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2012.12.11 22:32:55 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2012.12.11 22:32:54 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2012.12.11 22:32:54 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2012.12.11 22:32:54 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2012.12.11 22:32:54 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2012.12.11 22:32:54 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2012.12.11 22:32:54 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2012.12.11 22:32:54 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2012.12.11 22:32:54 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2012.12.11 22:32:54 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2012.12.11 22:32:54 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2012.12.11 22:32:54 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2012.12.11 22:32:54 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2012.12.11 22:32:54 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.12.11 22:32:54 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2012.12.11 22:32:53 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2012.12.11 22:32:53 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2012.12.11 22:32:53 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2012.12.11 22:32:53 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.12.11 22:32:53 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2012.12.11 22:32:53 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2012.12.11 22:32:53 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2012.12.11 22:32:53 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2012.12.11 22:32:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.12.11 22:32:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.12.11 22:32:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.12.11 22:32:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.12.11 22:32:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.12.11 22:32:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2012.12.11 22:32:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2012.12.11 22:32:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2012.12.11 22:32:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.12.11 22:32:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.12.11 22:32:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2012.12.11 22:32:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2012.12.11 22:32:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2012.12.11 22:32:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2012.12.11 22:32:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2012.12.11 22:32:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.12.11 22:32:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2012.12.11 22:32:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2012.12.11 22:32:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2012.12.11 22:32:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2012.12.11 22:32:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2012.12.11 22:32:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2012.12.11 22:32:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2012.12.11 22:32:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2012.12.11 22:32:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2012.12.11 22:32:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.12.11 22:32:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.12.11 22:32:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2012.12.11 22:32:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2012.12.11 22:32:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2012.12.11 22:32:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2012.12.11 22:32:52 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2012.12.11 22:32:52 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2012.12.11 22:32:52 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2012.12.11 22:32:52 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2012.12.11 22:32:52 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2012.12.11 22:32:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2012.12.11 22:32:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2012.12.11 22:32:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2012.12.11 22:32:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2012.12.11 22:32:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2012.12.11 22:32:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2012.12.11 22:32:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2012.12.11 22:32:52 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2012.12.11 22:32:44 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012.12.11 22:32:44 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2012.12.11 22:32:44 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2012.12.11 22:32:44 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2012.12.11 22:32:13 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll
[2012.12.11 22:32:13 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll
[2012.12.10 21:18:50 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Jasmin\Desktop\OTL.exe
[2012.12.09 19:50:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012.12.07 22:58:14 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\ElevatedDiagnostics
[2012.12.05 20:41:10 | 000,208,216 | ---- | C] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\16143417.sys
[2012.12.05 20:30:31 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2012.12.05 20:30:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.12.05 20:30:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.12.05 20:30:04 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.12.05 20:30:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.11.30 21:58:06 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Endless Space
[2012.11.27 13:35:22 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\SCE
[2012.11.27 13:35:22 | 000,000,000 | ---D | C] -- C:\Crash
[2012.11.27 13:35:21 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Sony Online Entertainment
[2012.11.27 13:35:16 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_7.dll
[2012.11.27 13:35:16 | 000,518,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_7.dll
[2012.11.27 13:35:16 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_7.dll
[2012.11.27 13:35:16 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_7.dll
[2012.11.27 13:35:16 | 000,077,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_5.dll
[2012.11.27 13:35:16 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_5.dll
[2012.11.27 13:35:15 | 002,526,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_43.dll
[2012.11.27 13:35:15 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_43.dll
[2012.11.27 13:35:14 | 001,907,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_43.dll
[2012.11.27 13:35:14 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_43.dll
[2012.11.27 13:35:14 | 000,276,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_43.dll
[2012.11.27 13:35:14 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_43.dll
[2012.11.27 13:35:13 | 000,511,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_43.dll
[2012.11.27 13:35:13 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_43.dll
[2012.11.27 13:35:12 | 002,401,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_43.dll
[2012.11.27 13:35:12 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_43.dll
[2012.11.27 13:35:11 | 000,530,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_6.dll
[2012.11.27 13:35:11 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_6.dll
[2012.11.27 13:35:11 | 000,078,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_4.dll
[2012.11.27 13:35:11 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_4.dll
[2012.11.27 13:35:10 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_6.dll
[2012.11.27 13:35:10 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_6.dll
[2012.11.27 13:35:10 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_7.dll
[2012.11.27 13:35:10 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_7.dll
[2012.11.27 13:35:09 | 000,517,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_5.dll
[2012.11.27 13:35:09 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_5.dll
[2012.11.27 13:35:08 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_5.dll
[2012.11.27 13:35:08 | 000,176,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_5.dll
[2012.11.27 13:35:07 | 002,582,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_42.dll
[2012.11.27 13:35:07 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_42.dll
[2012.11.27 13:35:06 | 005,554,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_42.dll
[2012.11.27 13:35:06 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_42.dll
[2012.11.27 13:35:05 | 000,523,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_42.dll
[2012.11.27 13:35:05 | 000,285,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_42.dll
[2012.11.27 13:35:04 | 002,475,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_42.dll
[2012.11.27 13:35:03 | 002,430,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_41.dll
[2012.11.27 13:35:03 | 000,520,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_41.dll
[2012.11.27 13:35:01 | 005,425,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_41.dll
[2012.11.27 13:35:01 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_41.dll
[2012.11.27 13:35:00 | 000,521,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_4.dll
[2012.11.27 13:35:00 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_4.dll
[2012.11.27 13:35:00 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_4.dll
[2012.11.27 13:35:00 | 000,174,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_4.dll
[2012.11.27 13:35:00 | 000,073,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_3.dll
[2012.11.27 13:35:00 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_3.dll
[2012.11.27 13:34:59 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_6.dll
[2012.11.27 13:34:59 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_6.dll
[2012.11.27 13:34:57 | 002,605,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_40.dll
[2012.11.27 13:34:57 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_40.dll
[2012.11.27 13:34:57 | 000,519,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_40.dll
[2012.11.27 13:34:57 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_40.dll
[2012.11.27 13:34:56 | 005,631,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_40.dll
[2012.11.27 13:34:56 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_40.dll
[2012.11.27 13:34:55 | 000,518,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_3.dll
[2012.11.27 13:34:55 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_3.dll
[2012.11.27 13:34:55 | 000,074,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_2.dll
[2012.11.27 13:34:55 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_2.dll
[2012.11.27 13:34:54 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_3.dll
[2012.11.27 13:34:54 | 000,175,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_3.dll
[2012.11.27 13:34:53 | 000,513,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_2.dll
[2012.11.27 13:34:53 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_2.dll
[2012.11.27 13:34:53 | 000,072,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_1.dll
[2012.11.27 13:34:53 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_1.dll
[2012.11.27 13:34:53 | 000,025,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_5.dll
[2012.11.27 13:34:53 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_5.dll
[2012.11.27 13:34:52 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_2.dll
[2012.11.27 13:34:52 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_2.dll
[2012.11.27 13:34:51 | 001,942,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_39.dll
[2012.11.27 13:34:51 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_39.dll
[2012.11.27 13:34:51 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_39.dll
[2012.11.27 13:34:51 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_39.dll
[2012.11.27 13:34:50 | 004,992,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_39.dll
[2012.11.27 13:34:50 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_39.dll
[2012.11.27 13:34:49 | 000,511,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_1.dll
[2012.11.27 13:34:49 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_1.dll
[2012.11.27 13:34:49 | 000,068,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_0.dll
[2012.11.27 13:34:49 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_0.dll
[2012.11.27 13:34:48 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_1.dll
[2012.11.27 13:34:48 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_1.dll
[2012.11.27 13:34:48 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_4.dll
[2012.11.27 13:34:48 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_4.dll
[2012.11.27 13:34:47 | 001,941,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_38.dll
[2012.11.27 13:34:47 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_38.dll
[2012.11.27 13:34:47 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_38.dll
[2012.11.27 13:34:47 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_38.dll
[2012.11.27 13:34:45 | 004,991,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_38.dll
[2012.11.27 13:34:45 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_38.dll
[2012.11.27 13:34:45 | 000,489,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_0.dll
[2012.11.27 13:34:45 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_0.dll
[2012.11.27 13:34:44 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_0.dll
[2012.11.27 13:34:44 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_0.dll
[2012.11.27 13:34:44 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_3.dll
[2012.11.27 13:34:44 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_3.dll
[2012.11.27 13:34:43 | 001,860,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_37.dll
[2012.11.27 13:34:43 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_37.dll
[2012.11.27 13:34:43 | 000,529,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_37.dll
[2012.11.27 13:34:43 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_37.dll
[2012.11.27 13:34:41 | 004,910,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_37.dll
[2012.11.27 13:34:41 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_37.dll
[2012.11.27 13:34:41 | 000,411,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_10.dll
[2012.11.27 13:34:41 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_10.dll
[2012.11.27 13:34:39 | 002,006,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_36.dll
[2012.11.27 13:34:39 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_36.dll
[2012.11.27 13:34:39 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_36.dll
[2012.11.27 13:34:39 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_36.dll
[2012.11.27 13:34:38 | 005,081,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_36.dll
[2012.11.27 13:34:38 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_36.dll
[2012.11.27 13:34:37 | 000,411,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_9.dll
[2012.11.27 13:34:37 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_9.dll
[2012.11.27 13:34:36 | 001,985,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_35.dll
[2012.11.27 13:34:36 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_35.dll
[2012.11.27 13:34:36 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_35.dll
[2012.11.27 13:34:36 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_35.dll
[2012.11.27 13:34:35 | 005,073,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_35.dll
[2012.11.27 13:34:35 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_35.dll
[2012.11.27 13:34:34 | 000,409,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_8.dll
[2012.11.27 13:34:34 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_8.dll
[2012.11.27 13:34:34 | 000,021,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_2.dll
[2012.11.27 13:34:34 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_2.dll
[2012.11.27 13:34:33 | 001,401,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_34.dll
[2012.11.27 13:34:33 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_34.dll
[2012.11.27 13:34:33 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_34.dll
[2012.11.27 13:34:33 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_34.dll
[2012.11.27 13:34:32 | 004,496,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_34.dll
[2012.11.27 13:34:32 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_34.dll
[2012.11.27 13:34:31 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_3.dll
[2012.11.27 13:34:30 | 000,403,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_7.dll
[2012.11.27 13:34:30 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_7.dll
[2012.11.27 13:34:29 | 001,400,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_33.dll
[2012.11.27 13:34:29 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_33.dll
[2012.11.27 13:34:29 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_33.dll
[2012.11.27 13:34:29 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_33.dll
[2012.11.27 13:34:28 | 004,494,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_33.dll
[2012.11.27 13:34:28 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_33.dll
[2012.11.27 13:34:27 | 000,393,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_6.dll
[2012.11.27 13:34:27 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_6.dll
[2012.11.27 13:34:26 | 000,390,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_5.dll
[2012.11.27 13:34:26 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_5.dll
[2012.11.27 13:34:25 | 000,469,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10.dll
[2012.11.27 13:34:25 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10.dll
[2012.11.27 13:34:24 | 004,398,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_32.dll
[2012.11.27 13:34:24 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_32.dll
[2012.11.27 13:34:23 | 000,364,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_4.dll
[2012.11.27 13:34:23 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_4.dll
[2012.11.27 13:34:23 | 000,017,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_1.dll
[2012.11.27 13:34:23 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_1.dll
[2012.11.27 13:34:22 | 003,977,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_31.dll
[2012.11.27 13:34:21 | 000,363,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_3.dll
[2012.11.27 13:34:21 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_3.dll
[2012.11.27 13:34:21 | 000,083,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_2.dll
[2012.11.27 13:34:21 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_2.dll
[2012.11.27 13:34:20 | 000,354,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_2.dll
[2012.11.27 13:34:20 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_2.dll
[2012.11.27 13:34:19 | 000,352,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_1.dll
[2012.11.27 13:34:19 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_1.dll
[2012.11.27 13:34:19 | 000,083,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_1.dll
[2012.11.27 13:34:19 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_1.dll
[2012.11.27 13:34:12 | 003,927,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_30.dll
[2012.11.27 13:34:12 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_30.dll
[2012.11.27 13:34:11 | 000,355,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_0.dll
[2012.11.27 13:34:11 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_0.dll
[2012.11.27 13:34:11 | 000,016,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_0.dll
[2012.11.27 13:34:11 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_0.dll
[2012.11.27 13:34:10 | 003,830,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_29.dll
[2012.11.27 13:34:10 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_29.dll
[2012.11.27 13:34:08 | 003,815,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_28.dll
[2012.11.27 13:34:08 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_28.dll
[2012.11.27 13:34:07 | 003,807,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_27.dll
[2012.11.27 13:34:07 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_27.dll
[2012.11.27 13:34:06 | 003,767,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_26.dll
[2012.11.27 13:34:06 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_26.dll
[2012.11.27 13:34:05 | 003,823,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_25.dll
[2012.11.27 13:34:05 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_25.dll
[2012.11.27 13:34:04 | 003,544,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_24.dll
[2012.11.27 13:34:04 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_24.dll
[2012.11.25 17:23:09 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Porta Möbel
[2012.11.16 23:14:35 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys
[2012.11.16 23:14:35 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll
[2012.11.16 23:06:36 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll
[2012.11.16 23:06:34 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll
[2012.11.16 23:06:34 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe
[2012.11.16 23:06:34 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll
[2012.11.16 23:06:00 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcorehc.dll
[2012.11.16 23:06:00 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll
[2012.11.16 23:06:00 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcorehc.dll
[2012.11.16 23:06:00 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncsi.dll
[2012.11.16 23:05:59 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll
[2012.11.16 23:05:59 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netevent.dll
[2012.11.16 23:05:56 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcore6.dll
[2012.11.16 23:05:56 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dhcpcore6.dll
[2012.11.16 23:05:56 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcsvc6.dll
[2012.11.16 23:05:05 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll
[2012.11.16 23:05:05 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll
[2012.11.16 20:56:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2012.11.16 20:56:17 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012.11.16 20:36:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012.11.16 20:35:44 | 018,090,960 | ---- | C] (Mozilla) -- C:\Users\***\Documents\Firefox Setup 16.0.2.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.12.14 17:14:15 | 000,021,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.12.14 17:14:15 | 000,021,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.12.14 17:14:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.12.14 17:06:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.12.14 17:06:47 | 2130,501,631 | -HS- | M] () -- C:\hiberfil.sys
[2012.12.14 15:05:15 | 000,545,819 | ---- | M] () -- C:\Users\***\Desktop\adwcleaner.exe
[2012.12.14 12:52:37 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012.12.14 12:44:33 | 005,010,970 | R--- | M] (Swearware) -- C:\Users\***\Desktop\ComboFix.exe
[2012.12.13 21:28:46 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\***\Desktop\aswMBR.exe
[2012.12.12 21:14:38 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.12.12 21:14:38 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.12.11 22:56:29 | 000,311,160 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.12.10 21:19:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.12.05 20:41:10 | 000,208,216 | ---- | M] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\16143417.sys
[2012.12.05 20:30:12 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.11.30 21:14:59 | 000,000,202 | ---- | M] () -- C:\Users\***\Desktop\Endless Space.url
[2012.11.22 00:14:04 | 001,527,550 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.11.22 00:14:04 | 000,664,618 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.11.22 00:14:04 | 000,624,800 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.11.22 00:14:04 | 000,134,786 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.11.22 00:14:04 | 000,110,438 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.11.16 20:56:45 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012.11.16 20:36:11 | 000,001,153 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.11.16 20:35:44 | 018,090,960 | ---- | M] (Mozilla) -- C:\Users\***\Documents\Firefox Setup 16.0.2.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.12.14 15:05:10 | 000,545,819 | ---- | C] () -- C:\Users\***\Desktop\adwcleaner.exe
[2012.12.14 12:47:06 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.12.14 12:47:06 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.12.14 12:47:06 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.12.14 12:47:06 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.12.14 12:47:06 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.12.05 20:30:12 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.11.30 21:14:59 | 000,000,202 | ---- | C] () -- C:\Users\***\Desktop\Endless Space.url
[2012.11.16 23:14:39 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012.11.16 23:06:34 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012.11.16 20:56:45 | 000,001,912 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012.11.16 20:56:32 | 000,002,119 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012.11.16 20:36:11 | 000,001,165 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.11.16 20:36:11 | 000,001,153 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.10.01 20:14:51 | 000,007,609 | ---- | C] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg
[2012.09.28 19:44:43 | 000,000,094 | ---- | C] () -- C:\Users\***\AppData\Local\fusioncache.dat
[2012.09.28 19:43:35 | 001,553,234 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.08.03 21:48:56 | 000,282,104 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.08.03 21:48:54 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.07.07 16:51:14 | 000,000,036 | ---- | C] () -- C:\Windows\ChssBase.ini
[2012.06.14 19:21:28 | 000,181,704 | ---- | C] () -- C:\Windows\hpoins28.dat
[2012.06.14 19:21:28 | 000,000,442 | ---- | C] () -- C:\Windows\hpomdl28.dat
[2012.05.02 13:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012.03.12 19:02:57 | 002,995,088 | ---- | C] () -- C:\Windows\PE_File.dll
[2012.03.12 19:00:40 | 002,929,552 | ---- | C] () -- C:\Windows\PE_Rom.dll
[2012.03.12 18:48:55 | 000,013,440 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2012.03.12 18:48:52 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2012.03.12 17:31:57 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.03.12 01:04:54 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2012.03.12 01:04:44 | 000,028,082 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2012.03.09 05:31:26 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.03.09 05:31:26 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2011.09.28 16:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.09.12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
         
--- --- ---
[/code]

Code:
ATTFilter
 # AdwCleaner v2.100 - Datei am 14/12/2012 um 17:05:41 erstellt
# Aktualisiert am 09/12/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Jasmin - JASMIN-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\***\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gelöscht : C:\Program Files (x86)\SweetIM
Ordner Gelöscht : C:\ProgramData\SweetIM

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\SweetIM
Schlüssel Gelöscht : HKLM\Software\SweetIM
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Sweetpacks Communicator]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{EEE6C35B-6118-11DC-9C72-001320C79847}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16457

Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://home.sweetim.com/?st=6&barid={8167C154-0829-11E2-975F-14DAE9E09EE2} --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Start Page] = hxxp://home.sweetim.com/?crg=3.1010000.10025&barid={8167C154-0829-11E2-975F-14DAE9E09EE2} --> hxxp://www.google.com

-\\ Mozilla Firefox v17.0.1 (de)

Profilname : default-1353093934439 [Profil par défaut]
Datei : C:\Users\Jasmin\AppData\Roaming\Mozilla\Firefox\Profiles\vf3oixee.default-1353093934439\prefs.js

Gelöscht : user_pref("browser.startup.homepage", "hxxp://home.sweetim.com/?st=6&barid={8167C154-0829-11E2-975F-[...]
Gelöscht : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
Gelöscht : user_pref("sweetim.toolbar.urls.homepage", "hxxp://home.sweetim.com/?st=6&barid={8167C154-0829-11E2-[...]

*************************

AdwCleaner[R1].txt - [3410 octets] - [14/12/2012 15:05:41]
AdwCleaner[S1].txt - [3421 octets] - [14/12/2012 17:05:41]

########## EOF - C:\AdwCleaner[S1].txt - [3481 octets] ##########
         

Alt 16.12.2012, 14:31   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Exploit:JS/Blacole.kh - Standard

Exploit:JS/Blacole.kh



Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 21.12.2012, 18:26   #15
desperated
 
Exploit:JS/Blacole.kh - Standard

Exploit:JS/Blacole.kh



Code:
ATTFilter
 ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6844
# api_version=3.0.2
# EOSSerial=d9f0a21a6603c54cb2635082db184158
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-12-21 05:08:00
# local_time=2012-12-21 06:08:00 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 3018903 107739530 0 0
# scanned=207144
# found=2
# cleaned=0
# scan_time=6071
C:\$Recycle.Bin\S-1-5-21-3123046600-2947581708-3659436244-1000\$RQVBBBF.exe	probably unknown NewHeur_PE virus (unable to clean)	3D094437316D9506CA15D2ED82B0145A33D3AF9C	I
D:\Spiele\Diaspora\fs2_open_Diaspora_R1.exe	probably unknown NewHeur_PE virus (unable to clean)	BFEE0D15F84D31E48C4E1D704B78736B49F5B00D	I
         
Code:
ATTFilter
 www.malwarebytes.org

Datenbank Version: v2012.12.21.14

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Jasmin :: ***-PC [Administrator]

21.12.2012 18:21:55
mbam-log-2012-12-21 (18-21-55).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 210860
Laufzeit: 3 Minute(n), 32 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         

Antwort

Themen zu Exploit:JS/Blacole.kh
antivirus, autorun, bho, exploit:js/blacole.kh, failed, firefox, flash player, format, helper, home, installation, kaspersky, logfile, mozilla, programm, realtek, registry, rundll, security, senden, software, svchost.exe, teamspeak, trojaner, udp, windows



Ähnliche Themen: Exploit:JS/Blacole.kh


  1. Exploit:JS/Blacole.GB entfernen, Wie?
    Plagegeister aller Art und deren Bekämpfung - 21.05.2013 (11)
  2. Exploit:JS/Blacole.GB wie entfernen?
    Plagegeister aller Art und deren Bekämpfung - 25.02.2013 (23)
  3. eMail mit Link, der auf php endet / schadhafte Datei gefunden (Exploit:JS/Blacole/GB)
    Log-Analyse und Auswertung - 12.02.2013 (11)
  4. Exploit:JS/Blacole.KH
    Plagegeister aller Art und deren Bekämpfung - 15.01.2013 (25)
  5. ich glaub ich habe einen virus(trojaner>JS/Exploit-Blacole.ht< unter anderen.)
    Plagegeister aller Art und deren Bekämpfung - 27.12.2012 (5)
  6. Problem:Found the Exploit-blacole.j trojan
    Log-Analyse und Auswertung - 23.10.2012 (1)
  7. Exploit-CVE2012-1723.f und Exploit-PDF!Blacole.o gefunden
    Log-Analyse und Auswertung - 02.10.2012 (11)
  8. Exploit JS Blacole!E2 gefunden - was kann ich tun?
    Plagegeister aller Art und deren Bekämpfung - 08.08.2012 (12)
  9. Exploit:JS/Blacole.HP
    Log-Analyse und Auswertung - 05.08.2012 (25)
  10. Überreste von JS/exploit.Blacole.ec
    Plagegeister aller Art und deren Bekämpfung - 01.08.2012 (11)
  11. Exploit:Java/Blacole.FY; Win32/Karagany.I; Verschlüsselung
    Log-Analyse und Auswertung - 29.06.2012 (7)
  12. Trojaner: Sirefef.X / Sirefef.E / Conedex.A und Exploit: JS/Blacole.FF
    Plagegeister aller Art und deren Bekämpfung - 13.06.2012 (37)
  13. Exploit:Java/Blacole.ET in C\Users\***\AppData\Local\Temp\jar_cache... gefunden
    Log-Analyse und Auswertung - 06.04.2012 (8)
  14. Java/Exploit.Blacole.AN Trojaner ? Gelöscht, was nu Sys clr oder nicht ?
    Log-Analyse und Auswertung - 23.03.2012 (7)
  15. Exploit:JS/Blacole.AR - heute zum 5. Mal von MS Forefront entfernt, kommt immer wieder
    Plagegeister aller Art und deren Bekämpfung - 08.03.2012 (13)
  16. Exploit.Java.Blacole
    Plagegeister aller Art und deren Bekämpfung - 31.10.2011 (10)
  17. Exploit:JS/Blacole.A
    Plagegeister aller Art und deren Bekämpfung - 22.10.2011 (5)

Zum Thema Exploit:JS/Blacole.kh - Exploit: Js/Blacole.kh Hallo, ich hoffe ich finde hier jemanden der mir helfen kann. Ich habe seit längerer Zeit Probleme mit meinem Rechner. Mein Firefox möchte ständig im Abgesicherten Modus starten. - Exploit:JS/Blacole.kh...
Archiv
Du betrachtest: Exploit:JS/Blacole.kh auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.