Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: JS/Blacole.GB.158 Infektion

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 16.06.2013, 14:49   #1
Forelli
 
JS/Blacole.GB.158 Infektion - Standard

JS/Blacole.GB.158 Infektion



Hallo Board,

ich benötige bitte Hilfe bei der Bereinigung einer JS/Blacole.GB.158 Infektion. Die Infektion besteht vermutlich seit dem 14.06. durch Besuch eines gehackten Forums. Der Admin hat darauf hingewiesen, dass das Forum gehackt wurde und Besucher möglicherweise mit Blacole infiziert sein könnten.

Ein Scan mit Avira verlief positiv; der TR/Offend im LazyNewbPack ist ein false positive.
JS/Blacole wurde in Quarantäne verschoben, TR/Offend ignoriert.
Hier das Avira logfile:
Code:
ATTFilter
Avira Free Antivirus
Erstellungsdatum der Reportdatei: Samstag, 15. Juni 2013  00:44


Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer   : Avira Free Antivirus
Seriennummer   : 0000149996-ADJIE-0000001
Plattform      : Windows Vista (TM) Home Premium
Windowsversion : (Service Pack 2)  [6.0.6002]
Boot Modus     : Normal gebootet
Benutzername   : Kolja
Computername   : KEN

Versionsinformationen:
BUILD.DAT      : 13.0.0.3640          Bytes  18.04.2013 13:29:00
AVSCAN.EXE     : 13.6.0.1262   636984 Bytes  08.05.2013 04:32:09
AVSCANRC.DLL   : 13.4.0.360     64800 Bytes  04.03.2013 16:10:07
LUKE.DLL       : 13.6.0.1262    65080 Bytes  08.05.2013 04:32:37
AVSCPLR.DLL    : 13.6.0.1262    92216 Bytes  08.05.2013 04:32:09
AVREG.DLL      : 13.6.0.1262   247864 Bytes  08.05.2013 04:32:07
avlode.dll     : 13.6.2.1262   432184 Bytes  08.05.2013 04:32:06
avlode.rdf     : 13.0.1.12      25921 Bytes  17.05.2013 21:16:46
VBASE000.VDF   : 7.11.70.0   66736640 Bytes  04.04.2013 18:21:29
VBASE001.VDF   : 7.11.74.226  2201600 Bytes  30.04.2013 14:54:46
VBASE002.VDF   : 7.11.80.60   2751488 Bytes  28.05.2013 14:52:52
VBASE003.VDF   : 7.11.80.61      2048 Bytes  28.05.2013 14:52:53
VBASE004.VDF   : 7.11.80.62      2048 Bytes  28.05.2013 14:52:53
VBASE005.VDF   : 7.11.80.63      2048 Bytes  28.05.2013 14:52:53
VBASE006.VDF   : 7.11.80.64      2048 Bytes  28.05.2013 14:52:53
VBASE007.VDF   : 7.11.80.65      2048 Bytes  28.05.2013 14:52:53
VBASE008.VDF   : 7.11.80.66      2048 Bytes  28.05.2013 14:52:53
VBASE009.VDF   : 7.11.80.67      2048 Bytes  28.05.2013 14:52:53
VBASE010.VDF   : 7.11.80.68      2048 Bytes  28.05.2013 14:52:53
VBASE011.VDF   : 7.11.80.69      2048 Bytes  28.05.2013 14:52:53
VBASE012.VDF   : 7.11.80.70      2048 Bytes  28.05.2013 14:52:53
VBASE013.VDF   : 7.11.80.71      2048 Bytes  28.05.2013 14:52:53
VBASE014.VDF   : 7.11.81.57    145408 Bytes  29.05.2013 10:24:11
VBASE015.VDF   : 7.11.81.137   130048 Bytes  30.05.2013 19:06:15
VBASE016.VDF   : 7.11.81.255   207360 Bytes  31.05.2013 05:25:03
VBASE017.VDF   : 7.11.82.91    156160 Bytes  03.06.2013 05:09:26
VBASE018.VDF   : 7.11.82.169   220160 Bytes  04.06.2013 11:09:24
VBASE019.VDF   : 7.11.83.27    325632 Bytes  06.06.2013 04:30:08
VBASE020.VDF   : 7.11.83.121   320512 Bytes  07.06.2013 04:30:09
VBASE021.VDF   : 7.11.83.210   244736 Bytes  10.06.2013 22:35:41
VBASE022.VDF   : 7.11.84.59    333824 Bytes  12.06.2013 13:04:08
VBASE023.VDF   : 7.11.84.163   264192 Bytes  14.06.2013 12:51:49
VBASE024.VDF   : 7.11.84.164     2048 Bytes  14.06.2013 12:51:49
VBASE025.VDF   : 7.11.84.165     2048 Bytes  14.06.2013 12:51:49
VBASE026.VDF   : 7.11.84.166     2048 Bytes  14.06.2013 12:51:49
VBASE027.VDF   : 7.11.84.167     2048 Bytes  14.06.2013 12:51:49
VBASE028.VDF   : 7.11.84.168     2048 Bytes  14.06.2013 12:51:49
VBASE029.VDF   : 7.11.84.169     2048 Bytes  14.06.2013 12:51:49
VBASE030.VDF   : 7.11.84.170     2048 Bytes  14.06.2013 12:51:49
VBASE031.VDF   : 7.11.84.208   112128 Bytes  14.06.2013 22:38:00
Engineversion  : 8.2.12.60 
AEVDF.DLL      : 8.1.3.4       102774 Bytes  13.06.2013 14:10:36
AESCRIPT.DLL   : 8.1.4.122     487806 Bytes  13.06.2013 14:10:36
AESCN.DLL      : 8.1.10.4      131446 Bytes  26.03.2013 20:12:44
AESBX.DLL      : 8.2.5.12      606578 Bytes  14.06.2012 19:24:02
AERDL.DLL      : 8.2.0.128     688504 Bytes  13.06.2013 14:10:36
AEPACK.DLL     : 8.3.2.16      754041 Bytes  11.06.2013 22:35:44
AEOFFICE.DLL   : 8.1.2.56      205180 Bytes  08.03.2013 15:43:23
AEHEUR.DLL     : 8.1.4.412    5955962 Bytes  13.06.2013 14:10:35
AEHELP.DLL     : 8.1.27.2      266617 Bytes  04.06.2013 22:02:04
AEGEN.DLL      : 8.1.7.4       442741 Bytes  08.05.2013 13:22:56
AEEXP.DLL      : 8.4.0.34      201079 Bytes  04.06.2013 22:02:14
AEEMU.DLL      : 8.1.3.2       393587 Bytes  10.07.2012 19:06:20
AECORE.DLL     : 8.1.31.2      201080 Bytes  19.02.2013 16:48:26
AEBB.DLL       : 8.1.1.4        53619 Bytes  05.11.2012 13:59:53
AVWINLL.DLL    : 13.6.0.480     26480 Bytes  04.03.2013 16:09:19
AVPREF.DLL     : 13.6.0.480     51056 Bytes  04.03.2013 16:10:06
AVREP.DLL      : 13.6.0.480    178544 Bytes  04.03.2013 16:11:32
AVARKT.DLL     : 13.6.0.1262   258104 Bytes  08.05.2013 04:31:58
AVEVTLOG.DLL   : 13.6.0.1262   164920 Bytes  08.05.2013 04:32:03
SQLITE3.DLL    : 3.7.0.1       397704 Bytes  04.03.2013 16:11:04
AVSMTP.DLL     : 13.6.0.480     62832 Bytes  04.03.2013 16:10:10
NETNT.DLL      : 13.6.0.480     16240 Bytes  04.03.2013 16:10:50
RCIMAGE.DLL    : 13.4.0.360   4780832 Bytes  04.03.2013 16:09:21
RCTEXT.DLL     : 13.6.0.976     69344 Bytes  27.03.2013 15:19:21

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\program files\avira\antivir desktop\sysscan.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, D:, 
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert
Abweichende Gefahrenkategorien........: -PHISH,

Beginn des Suchlaufs: Samstag, 15. Juni 2013  00:44

Der Suchlauf über die Masterbootsektoren wird begonnen:

Der Suchlauf über die Bootsektoren wird begonnen:

Der Suchlauf nach versteckten Objekten wird begonnen.
Versteckter Treiber
  [HINWEIS]   Eine Speicherveränderung wurde entdeckt, die möglicherweise zur versteckten Dateizugriffen missbraucht werden könnte.

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avscan.exe' - '105' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '107' Modul(e) wurden durchsucht
Durchsuche Prozess 'firefox.exe' - '102' Modul(e) wurden durchsucht
Durchsuche Prozess 'Last.fm Scrobbler.exe' - '93' Modul(e) wurden durchsucht
Durchsuche Prozess 'hpqSTE08.exe' - '77' Modul(e) wurden durchsucht
Durchsuche Prozess 'Apntex.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'HidFind.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'igfxsrvc.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'hpqtra08.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'DLG.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '81' Modul(e) wurden durchsucht
Durchsuche Prozess 'igfxpers.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'hkcmd.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'hpwuSchd2.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'fpassist.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'Monitor.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'sttray.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'PCMService.exe' - '61' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLTRAY.EXE' - '65' Modul(e) wurden durchsucht
Durchsuche Prozess 'IAAnotif.exe' - '48' Modul(e) wurden durchsucht
Durchsuche Prozess 'OpWareSE4.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'Apoint.exe' - '45' Modul(e) wurden durchsucht
Durchsuche Prozess 'TSVNCache.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '162' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'ForceField.exe' - '80' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '82' Modul(e) wurden durchsucht

Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '6017' Dateien ).


Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\' <OS>
    [0] Archivtyp: Runtime Packed
    --> C:\LazyNewbPack[0.31.25][V9.2].zip.vir
        [1] Archivtyp: ZIP
      --> LazyNewbPack[0.31.25][V9.2]/LNP/Utilities/B-Advanced/Quickfort/Quickfort 2.00/qfconvert.exe
          [2] Archivtyp: RSRC
        --> LazyNewbPack[0.31.25][V9.2]/LNP/Utilities/C-Hacks/DFhack 0.5.15/dfattachtest.exe
            [FUND]      Ist das Trojanische Pferd TR/Offend.6835015
            [WARNUNG]   Infizierte Dateien in Archiven können nicht repariert werden
        --> LazyNewbPack[0.31.25][V9.2]/LNP/Utilities/C-Hacks/DFhack 0.5.15/dfautodump.exe
            [FUND]      Ist das Trojanische Pferd TR/Offend.6834930
            [WARNUNG]   Infizierte Dateien in Archiven können nicht repariert werden
        --> LazyNewbPack[0.31.25][V9.2]/LNP/Utilities/C-Hacks/DFhack 0.5.15/dfcleanmap.exe
            [FUND]      Ist das Trojanische Pferd TR/Offend.6741778
            [WARNUNG]   Infizierte Dateien in Archiven können nicht repariert werden
        --> LazyNewbPack[0.31.25][V9.2]/LNP/Utilities/C-Hacks/DFhack 0.5.15/dfflows.exe
            [FUND]      Ist das Trojanische Pferd TR/Offend.6739421
            [WARNUNG]   Infizierte Dateien in Archiven können nicht repariert werden
        --> LazyNewbPack[0.31.25][V9.2]/LNP/Utilities/C-Hacks/DFhack 0.5.15/dflair.exe
            [FUND]      Ist das Trojanische Pferd TR/Offend.6877699
            [WARNUNG]   Infizierte Dateien in Archiven können nicht repariert werden
        --> LazyNewbPack[0.31.25][V9.2]/LNP/Utilities/C-Hacks/DFhack 0.5.15/dfposition.exe
            [FUND]      Enthält ein Erkennungsmuster des (gefährlichen) Backdoorprogrammes BDS/Offend.691503
            [WARNUNG]   Infizierte Dateien in Archiven können nicht repariert werden
        --> LazyNewbPack[0.31.25][V9.2]/LNP/Utilities/C-Hacks/DFhack 0.5.15/dftubefill.exe
            [FUND]      Ist das Trojanische Pferd TR/Offend.6739549
            [WARNUNG]   Infizierte Dateien in Archiven können nicht repariert werden
        --> LazyNewbPack[0.31.25][V9.2]/LNP/Utilities/C-Hacks/DFhack 0.5.15/dfunreveal.exe
            [FUND]      Ist das Trojanische Pferd TR/Offend.6959315.1
            [WARNUNG]   Infizierte Dateien in Archiven können nicht repariert werden
        --> LazyNewbPack[0.31.25][V9.2]/LNP/Utilities/C-Hacks/DFhack 0.5.15/dfvdig.exe
            [FUND]      Ist das Trojanische Pferd TR/Agent.25088.133
            [WARNUNG]   Infizierte Dateien in Archiven können nicht repariert werden
        --> LazyNewbPack[0.31.25][V9.2]/LNP/Utilities/C-Hacks/DFhack 0.5.15/dfweather.exe
            [FUND]      Ist das Trojanische Pferd TR/Offend.6744850
            [WARNUNG]   Infizierte Dateien in Archiven können nicht repariert werden
C:\LazyNewbPack[0.31.25][V9.2].zip.vir
  [FUND]      Ist das Trojanische Pferd TR/Offend.6744850
C:\Users\Kolja\AppData\Local\Mozilla\Firefox\Profiles\v8p38qw0.default\Cache\8\F4\6C76Bd01
  [FUND]      Enthält Erkennungsmuster des Java-Scriptvirus JS/Blacole.GB.158
Beginne mit der Suche in 'D:\' <RECOVERY>

Beginne mit der Desinfektion:
C:\Users\Kolja\AppData\Local\Mozilla\Firefox\Profiles\v8p38qw0.default\Cache\8\F4\6C76Bd01
  [FUND]      Enthält Erkennungsmuster des Java-Scriptvirus JS/Blacole.GB.158
  [HINWEIS]   Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '54653d65.qua' verschoben!
C:\LazyNewbPack[0.31.25][V9.2].zip.vir
  [FUND]      Ist das Trojanische Pferd TR/Offend.6744850
  [WARNUNG]   Die Datei wurde ignoriert.


Ende des Suchlaufs: Sonntag, 16. Juni 2013  12:24
Benötigte Zeit: 35:23:48 Stunde(n)

Der Suchlauf wurde vollständig durchgeführt.

  51224 Verzeichnisse wurden überprüft
 1383424 Dateien wurden geprüft
     12 Viren bzw. unerwünschte Programme wurden gefunden
      0 Dateien wurden als verdächtig eingestuft
      0 Dateien wurden gelöscht
      0 Viren bzw. unerwünschte Programme wurden repariert
      1 Dateien wurden in die Quarantäne verschoben
      0 Dateien wurden umbenannt
      0 Dateien konnten nicht durchsucht werden
 1383412 Dateien ohne Befall
  15048 Archive wurden durchsucht
     11 Warnungen
      2 Hinweise
 1002689 Objekte wurden beim Rootkitscan durchsucht
      1 Versteckte Objekte wurden gefunden
         
Ich habe defogger ausgeführt, hier ist das logfile
Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 12:29 on 16/06/2013 (Kolja)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...
Unable to read sptd.sys
SPTD -> Disabled (Service running -> reboot required)


-=E.O.F=-
         
Außerdem habe ich die Ergebnisse von OTL, OTL.txt:
Code:
ATTFilter
OTL logfile created on: 16.06.2013 12:44:12 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Kolja\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19437)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 1,94 Gb Available Physical Memory | 64,87% Memory free
6,20 Gb Paging File | 5,10 Gb Available in Paging File | 82,31% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220,28 Gb Total Space | 54,16 Gb Free Space | 24,59% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 4,24 Gb Free Space | 42,35% Space Free | Partition Type: NTFS
 
Computer Name: KEN | User Name: Kolja | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.06.16 12:41:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kolja\Desktop\OTL.exe
PRC - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013.05.08 06:32:04 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.03.27 17:19:53 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2013.03.27 17:19:31 | 000,079,584 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2013.03.27 17:19:27 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.08.22 14:01:18 | 004,412,872 | ---- | M] (SafeNet Inc.) -- C:\Windows\System32\hasplms.exe
PRC - [2011.11.03 16:44:28 | 000,497,280 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe
PRC - [2011.02.23 22:19:22 | 000,371,200 | ---- | M] (shbox.de) -- C:\Program Files\FreePDF_XP\fpassist.exe
PRC - [2010.07.16 17:32:34 | 000,619,800 | ---- | M] (hxxp://tortoisesvn.net) -- c:\Program Files\TortoiseSVN\bin\TSVNCache.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.11.03 21:04:01 | 000,072,704 | ---- | M] (Creative Labs) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
PRC - [2008.05.04 11:25:32 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2008.05.04 11:25:26 | 000,167,936 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2008.05.04 11:25:26 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2008.05.04 11:25:26 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2008.05.02 15:09:04 | 000,161,048 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2007.12.21 11:58:06 | 000,184,320 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Dell\MediaDirect\PCMService.exe
PRC - [2007.12.10 15:55:26 | 000,323,584 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\PixArt\PAC7302\Monitor.exe
PRC - [2007.11.12 13:07:24 | 000,405,504 | ---- | M] (IDT, Inc.) -- C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
PRC - [2007.11.12 13:07:20 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
PRC - [2007.11.12 13:07:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEstSrv.exe
PRC - [2007.06.28 15:05:40 | 000,131,072 | ---- | M] (Dell) -- C:\Program Files\Dell\MFP_DELL\deMntrService.exe
PRC - [2007.03.21 14:00:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007.03.21 14:00:00 | 000,174,872 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007.03.12 19:10:36 | 000,079,400 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.02.13 17:57:03 | 007,977,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\cc149d08e75f8c53cd28ac926b38c370\System.ni.dll
MOD - [2013.01.10 19:35:43 | 000,774,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\403900299d88edc5153065e5aed726e7\System.Runtime.Remoting.ni.dll
MOD - [2013.01.10 07:52:22 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\2227d1559f87943255069398608d5c56\mscorlib.ni.dll
MOD - [2011.07.18 23:04:08 | 000,296,448 | ---- | M] () -- C:\Program Files\Notepad++\NppShell_04.dll
MOD - [2009.03.30 06:42:12 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2009.03.30 06:42:11 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2008.07.03 14:28:14 | 000,055,808 | ---- | M] () -- C:\Windows\System32\bcmwlrmt.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2013.06.12 00:51:42 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.05.19 00:06:37 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013.03.27 17:19:53 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.03.27 17:19:27 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.08.22 14:01:18 | 004,412,872 | ---- | M] (SafeNet Inc.) [Auto | Running] -- C:\Windows\System32\hasplms.exe -- (hasplms)
SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011.12.18 21:08:42 | 002,420,616 | ---- | M] (Check Point Software Technologies LTD) [Auto | Stopped] -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon)
SRV - [2011.11.03 16:44:28 | 000,497,280 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe -- (IswSvc)
SRV - [2011.08.07 14:32:11 | 000,411,432 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011.06.29 16:59:18 | 000,155,344 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe -- (Sony Ericsson PCCompanion)
SRV - [2011.02.20 14:48:43 | 000,077,944 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2010.09.01 15:52:56 | 000,066,112 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper)
SRV - [2009.10.20 20:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2008.11.03 21:31:41 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2008.11.03 21:04:01 | 000,072,704 | ---- | M] (Creative Labs) [Auto | Running] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe -- (Creative Labs Licensing Service)
SRV - [2008.05.02 15:09:04 | 000,161,048 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.11.12 13:07:20 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2007.11.12 13:07:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)
SRV - [2007.06.28 15:05:40 | 000,131,072 | ---- | M] (Dell) [Auto | Running] -- C:\Program Files\Dell\MFP_DELL\deMntrService.exe -- (deMntrService)
SRV - [2007.03.21 14:00:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\vsdatant.win7.sys -- (vsdatant7)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\BCM42RLY.sys -- (BCM42RLY)
DRV - [2013.03.27 17:20:00 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2013.03.27 17:20:00 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2013.03.27 17:20:00 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2013.03.04 18:11:31 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2012.09.24 17:44:06 | 000,145,408 | ---- | M] (1&1 Internet AG) [File_System | System | Running] -- C:\Windows\System32\drivers\ui11drdr.SYS -- (ui11drdr)
DRV - [2012.08.07 13:50:58 | 000,365,056 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\aksfridge.sys -- (aksfridge)
DRV - [2012.06.15 11:39:24 | 000,289,152 | ---- | M] (SafeNet Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\aksusb.sys -- (aksusb)
DRV - [2012.04.18 22:04:40 | 000,017,408 | ---- | M] (MARX Datentechnik GmbH ) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CBN.SYS -- (CBN)
DRV - [2011.11.03 16:44:20 | 000,027,016 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV - [2011.08.25 13:58:48 | 000,046,720 | ---- | M] (SafeNet Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\akshhl.sys -- (akshhl)
DRV - [2011.08.10 16:05:24 | 000,596,424 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hardlock.sys -- (hardlock)
DRV - [2011.05.07 18:51:26 | 000,451,160 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\System32\drivers\vsdatant.sys -- (Vsdatant)
DRV - [2010.11.18 02:36:02 | 000,021,744 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Program Files\Dell Support Center\pcdsrvc.pkms -- (PCDSRVC{E9D79540-57D5953E-06020101}_0)
DRV - [2010.07.25 19:47:52 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2009.10.20 20:19:44 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (NPF)
DRV - [2009.06.17 14:20:34 | 000,012,648 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\psi_mf.sys -- (PSI)
DRV - [2009.03.25 17:48:00 | 000,114,728 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mdm.sys -- (s1018mdm)
DRV - [2009.03.25 17:48:00 | 000,109,864 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018unic.sys -- (s1018unic)
DRV - [2009.03.25 17:48:00 | 000,106,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mgmt.sys -- (s1018mgmt)
DRV - [2009.03.25 17:48:00 | 000,104,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018obex.sys -- (s1018obex)
DRV - [2009.03.25 17:48:00 | 000,086,824 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018bus.sys -- (s1018bus)
DRV - [2009.03.25 17:48:00 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018nd5.sys -- (s1018nd5)
DRV - [2009.03.25 17:48:00 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mdfl.sys -- (s1018mdfl)
DRV - [2009.03.13 12:55:26 | 000,238,208 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\akshasp.sys -- (akshasp)
DRV - [2008.06.23 14:45:44 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2008.05.04 11:25:24 | 000,164,400 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008.03.06 09:58:44 | 000,111,616 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV - [2008.02.29 13:51:30 | 000,460,544 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PAC7302.SYS -- (PAC7302)
DRV - [2008.01.21 04:23:25 | 000,251,904 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTBS23.SYS -- (VSTHWBS2)
DRV - [2008.01.21 04:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2007.11.12 13:07:28 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007.09.06 18:35:16 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007.09.06 18:35:14 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007.09.06 18:35:12 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007.07.06 07:59:24 | 000,017,536 | ---- | M] (Olivetti-Engineering SA) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\desrvusb.sys -- (DESVUSB)
DRV - [2006.11.02 09:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7DADE
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.de/ig/dell?hl=de&client=dell-row&channel=de&ibd=2081104
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7DADE_de
IE - HKCU\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = hxxp://127.0.0.1:4664/search&s=P9tCKqVvIH1B83UwTjy22RAjeXk?q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://partnerpage.google.com/dell.com/de_de?hl=de&client=dell-row&channel=de&ibd=2081104"
FF - prefs.js..extensions.enabledAddons: %7B59c81df5-4b7a-477b-912d-4e0fdf64e5f2%7D:0.9.90
FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.9
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.6.2
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.15
FF - prefs.js..extensions.enabledAddons: %7B19503e42-ca3c-4c27-b1e2-9cdb2170ee34%7D:1.5.5.5
FF - prefs.js..extensions.enabledAddons: %7Ba7c6cf7f-112c-4500-a7ea-39801a327e5f%7D:2.0.16
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}:0.9.86.1
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.9.2
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.2
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.1.0.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.91
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+(R),version=1.6.2.91: C:\Program Files\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2012.05.19 22:36:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.05.19 00:06:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.05.19 00:06:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 0.9\extensions\\Components: C:\Program Files\Mozilla Sunbird\components [2009.06.09 00:04:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 0.9\extensions\\Plugins: C:\Program Files\Mozilla Sunbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.05.27 20:41:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.05.19 00:06:40 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.05.19 00:06:22 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.05.27 20:41:24 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2008.11.17 11:15:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kolja\AppData\Roaming\mozilla\Extensions
[2009.09.22 20:35:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kolja\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions
[2009.09.22 20:13:44 | 000,000,000 | ---D | M] (CS Lite) -- C:\Users\Kolja\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\{00084897-021a-4361-8423-083407a033e0}
[2009.09.22 20:13:42 | 000,000,000 | ---D | M] (JonDoFox) -- C:\Users\Kolja\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\{437be45a-4114-11dd-b9ab-71d256d89593}
[2009.09.22 20:13:45 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\Kolja\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2009.09.22 20:13:44 | 000,000,000 | ---D | M] (Dr.Web anti-virus link checker) -- C:\Users\Kolja\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\{6614d11d-d21d-b211-ae23-815234e1ebb5}
[2008.12.28 19:57:25 | 000,000,000 | ---D | M] (SafeCache) -- C:\Users\Kolja\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\{670a77c5-010e-4476-a8ce-d09171318839}
[2009.09.22 20:22:04 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Kolja\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2008.12.28 19:57:25 | 000,000,000 | ---D | M] (Temporary Inbox) -- C:\Users\Kolja\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\{ac1e10b8-206d-4746-a18e-0483852dc20b}
[2009.09.22 20:13:44 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Kolja\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2008.12.28 19:57:24 | 000,000,000 | ---D | M] (Media Pirate - The video downloader) -- C:\Users\Kolja\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\{cc265d3d-3f6f-0170-a78b-bbbaef7a868c}
[2009.09.22 20:13:43 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Kolja\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2008.12.28 19:57:24 | 000,000,000 | ---D | M] (Menu Editor) -- C:\Users\Kolja\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\{EDA7B1D7-F793-4e03-B074-E6F303317FB0}
[2009.09.22 20:13:44 | 000,000,000 | ---D | M] (DT Whois) -- C:\Users\Kolja\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\beysim@beysim.net
[2009.09.22 20:13:43 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Kolja\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\elemhidehelper@adblockplus.org
[2008.12.28 19:58:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kolja\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\toolbar_extras@de.yahoo.com
[2013.06.16 08:40:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kolja\AppData\Roaming\mozilla\Firefox\Profiles\v8p38qw0.default\extensions
[2013.02.09 11:55:24 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\Kolja\AppData\Roaming\mozilla\Firefox\Profiles\v8p38qw0.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2013.05.31 12:26:43 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Kolja\AppData\Roaming\mozilla\Firefox\Profiles\v8p38qw0.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.04.25 11:31:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kolja\AppData\Roaming\mozilla\Firefox\Profiles\v8p38qw0.default\extensions\nostmp
[2009.10.15 10:28:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kolja\AppData\Roaming\mozilla\Sunbird\Profiles\2l39cm7p.default\extensions
[2009.06.09 10:37:02 | 000,000,000 | ---D | M] (MinimizeToTray [de]) -- C:\Users\Kolja\AppData\Roaming\mozilla\Sunbird\Profiles\2l39cm7p.default\extensions\{31513E58-F253-47ad-86DB-D5F21E905429}
[2009.07.09 23:00:50 | 000,000,000 | ---D | M] (Update Notifier [de]) -- C:\Users\Kolja\AppData\Roaming\mozilla\Sunbird\Profiles\2l39cm7p.default\extensions\{95f24680-9e31-11da-a746-0800200c9a66}
[2009.06.17 10:21:25 | 000,000,000 | ---D | M] (Minimize To Tray Enhancer) -- C:\Users\Kolja\AppData\Roaming\mozilla\Sunbird\Profiles\2l39cm7p.default\extensions\{de1b245c-de57-11da-ba2d-0050c2490048}
[2013.06.12 15:03:04 | 000,350,663 | ---- | M] () (No name found) -- C:\Users\Kolja\AppData\Roaming\mozilla\firefox\profiles\v8p38qw0.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi
[2013.05.27 14:13:54 | 000,534,261 | ---- | M] () (No name found) -- C:\Users\Kolja\AppData\Roaming\mozilla\firefox\profiles\v8p38qw0.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2013.06.16 08:40:42 | 000,868,738 | ---- | M] () (No name found) -- C:\Users\Kolja\AppData\Roaming\mozilla\firefox\profiles\v8p38qw0.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi
[2013.05.09 20:46:52 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\Kolja\AppData\Roaming\mozilla\firefox\profiles\v8p38qw0.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.05.24 15:44:17 | 000,269,448 | ---- | M] () (No name found) -- C:\Users\Kolja\AppData\Roaming\mozilla\firefox\profiles\v8p38qw0.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2009.05.21 14:43:50 | 000,000,931 | ---- | M] () -- C:\Users\Kolja\AppData\Roaming\mozilla\firefox\profiles\v8p38qw0.default\searchplugins\dictionary.xml
[2013.05.19 00:06:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013.05.19 00:06:20 | 000,000,000 | ---D | M] (Yahoo! Deutschland Toolbar und Extras) -- C:\Program Files\Mozilla Firefox\extensions\toolbar_extras@de.yahoo.com
[2013.05.19 00:06:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013.05.19 00:06:40 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [C:\Program Files\Free Video Zilla\FVZilla.exe]  File not found
O4 - HKLM..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter File not found
O4 - HKLM..\Run: [ECenter] C:\DELL\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [ISW]  File not found
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PAC7302_Monitor] C:\Windows\PixArt\PAC7302\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AD66A9BC-A675-4792-BF15-AD0D3DE488A0}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B132EC71-7A1A-4CAE-97C1-5ECE0779137E}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Users\Kolja\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Kolja\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.05.07 06:18:40 | 000,000,000 | ---D | M] - C:\AutoCAD 2006 -- [ NTFS ]
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{6c819991-1396-11e1-bbac-00219be5c505}\Shell - "" = AutoRun
O33 - MountPoints2\{6c819991-1396-11e1-bbac-00219be5c505}\Shell\AutoRun\command - "" = F:\Startme.exe
O33 - MountPoints2\{eec6e07a-57fb-11de-8a23-00219be5c505}\Shell\AutoRun\command - "" = F:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.06.16 12:41:48 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Kolja\Desktop\OTL.exe
[2013.06.16 12:25:12 | 000,000,000 | ---D | C] -- C:\Users\Kolja\Desktop\Blacole Scan
[2013.06.14 18:47:28 | 000,000,000 | ---D | C] -- C:\Users\Kolja\Desktop\Lexware Unterlagen
[2013.06.12 18:07:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\D-Fend Reloaded
[2013.06.12 18:06:54 | 000,000,000 | ---D | C] -- C:\Users\Kolja\D-Fend Reloaded
[2013.06.12 18:06:53 | 000,000,000 | ---D | C] -- C:\Program Files\D-Fend Reloaded
[2013.06.12 17:46:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Greenwood Entertainment
[2013.06.12 17:45:57 | 000,000,000 | ---D | C] -- C:\Program Files\Der Planer 1
[2013.05.27 20:41:24 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird
[2013.05.19 00:06:18 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.06.16 12:41:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kolja\Desktop\OTL.exe
[2013.06.16 12:33:10 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.16 12:33:10 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.16 12:33:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.06.16 12:32:52 | 3208,716,288 | -HS- | M] () -- C:\hiberfil.sys
[2013.06.16 12:30:02 | 000,000,020 | ---- | M] () -- C:\Users\Kolja\defogger_reenable
[2013.06.16 12:28:30 | 000,050,477 | ---- | M] () -- C:\Users\Kolja\Desktop\Defogger.exe
[2013.06.16 11:51:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.06.16 09:01:52 | 000,000,422 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2013.06.14 18:40:57 | 000,131,790 | ---- | M] () -- C:\Users\Kolja\Desktop\login_seite.jpg
[2013.06.12 17:48:49 | 000,000,770 | ---- | M] () -- C:\Users\Public\Desktop\Der Planer 1.lnk
[2013.06.08 23:57:14 | 000,304,160 | ---- | M] () -- C:\PA7302.DAT
[2013.06.01 21:07:48 | 000,006,156 | ---- | M] () -- C:\Users\Kolja\Desktop\C -Dokumente und Einstellungen-Mipo-Desktop-MIPOKOKO-Liege-1.pdf
[2013.05.27 20:41:59 | 000,384,187 | ---- | M] () -- C:\Users\Kolja\Desktop\RG Gutschein gemindert0001.pdf
[2013.05.24 21:32:41 | 000,644,298 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.05.24 21:32:41 | 000,609,156 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.05.24 21:32:41 | 000,134,004 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.05.24 21:32:41 | 000,110,290 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.05.20 22:37:47 | 009,274,969 | ---- | M] () -- C:\Users\Kolja\Desktop\pka.pdf
[2013.05.17 23:08:56 | 000,384,368 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.06.16 12:29:37 | 000,000,020 | ---- | C] () -- C:\Users\Kolja\defogger_reenable
[2013.06.16 12:28:29 | 000,050,477 | ---- | C] () -- C:\Users\Kolja\Desktop\Defogger.exe
[2013.06.14 18:40:57 | 000,131,790 | ---- | C] () -- C:\Users\Kolja\Desktop\login_seite.jpg
[2013.06.12 17:46:05 | 000,000,770 | ---- | C] () -- C:\Users\Public\Desktop\Der Planer 1.lnk
[2013.06.01 21:07:48 | 000,006,156 | ---- | C] () -- C:\Users\Kolja\Desktop\C -Dokumente und Einstellungen-Mipo-Desktop-MIPOKOKO-Liege-1.pdf
[2013.05.27 20:41:59 | 000,384,187 | ---- | C] () -- C:\Users\Kolja\Desktop\RG Gutschein gemindert0001.pdf
[2013.05.20 22:37:28 | 009,274,969 | ---- | C] () -- C:\Users\Kolja\Desktop\pka.pdf
[2013.01.07 21:58:30 | 000,000,218 | ---- | C] () -- C:\Users\Kolja\.recently-used.xbel
[2012.09.11 23:03:00 | 000,005,870 | ---- | C] () -- C:\Users\Kolja\AppData\Local\recently-used.xbel
[2012.05.01 21:49:26 | 000,164,193 | ---- | C] () -- C:\Windows\hpoins19.dat
[2012.05.01 21:48:51 | 000,026,952 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2012.04.18 22:06:06 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CBNDLL.DLL
[2012.04.18 22:03:11 | 000,343,040 | ---- | C] () -- C:\Windows\System32\lffpx7.dll
[2012.04.18 22:03:11 | 000,116,736 | ---- | C] () -- C:\Windows\System32\lfkodak.dll
[2012.04.18 22:03:11 | 000,068,096 | ---- | C] () -- C:\Windows\System32\lfplt11n.dll
[2012.04.17 21:52:31 | 000,032,256 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2012.03.05 12:46:48 | 000,000,600 | ---- | C] () -- C:\Users\Kolja\AppData\Roaming\winscp.rnd
[2011.08.29 20:43:55 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2011.08.29 20:43:55 | 000,045,056 | ---- | C] () -- C:\Windows\System32\unredmon.exe
[2011.02.20 14:52:54 | 000,000,093 | ---- | C] () -- C:\Users\Kolja\AppData\Local\fusioncache.dat
[2011.01.18 20:10:22 | 000,000,428 | ---- | C] () -- C:\Users\Kolja\cademia.ini
[2010.10.23 14:47:45 | 000,011,247 | ---- | C] () -- C:\Users\Kolja\gsview32.ini
[2010.08.31 15:49:51 | 000,000,106 | ---- | C] () -- C:\Users\Kolja\.bouml
[2010.08.31 15:48:19 | 000,000,150 | ---- | C] () -- C:\Users\Kolja\.boumlrc
[2009.05.15 11:30:23 | 000,010,599 | ---- | C] () -- C:\Users\Kolja\_elster_2048.pfx
[2009.01.28 10:28:39 | 000,000,600 | ---- | C] () -- C:\Users\Kolja\AppData\Local\PUTTY.RND
[2008.12.30 22:21:13 | 000,000,796 | ---- | C] () -- C:\Users\Kolja\AppData\Roaming\wklnhst.dat
[2008.12.28 20:05:13 | 000,403,052 | ---- | C] () -- C:\Users\Kolja\jap.conf
[2008.12.21 17:04:40 | 000,006,648 | ---- | C] () -- C:\Users\Kolja\AppData\Local\d3d9caps.dat
[2008.11.17 15:09:30 | 000,024,064 | ---- | C] () -- C:\Users\Kolja\AppData\Roaming\UserTile.png
[2008.11.17 12:22:07 | 000,120,832 | ---- | C] () -- C:\Users\Kolja\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012.03.28 15:44:38 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\1&1
[2012.05.05 22:57:44 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\Audacity
[2011.07.02 18:21:07 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\Autodesk
[2011.11.13 14:12:42 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\CheckPoint
[2008.12.21 17:07:08 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\DAEMON Tools
[2009.06.02 12:55:23 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\DAEMON Tools Lite
[2008.12.21 17:07:08 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\DAEMON Tools Pro
[2010.02.22 19:02:29 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\DeepBurner
[2011.02.15 21:21:20 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\DVDVideoSoft
[2011.05.19 17:55:24 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\elsterformular
[2009.10.05 15:42:27 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\FLV Extract
[2013.06.14 18:46:01 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\foobar2000
[2011.08.29 20:43:52 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\FreePDF
[2010.03.03 10:37:57 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\FVZilla
[2013.03.02 12:08:02 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\GrooveWalrus
[2012.09.03 20:54:52 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\gtk-2.0
[2012.09.12 21:35:38 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\inkscape
[2009.06.22 18:53:37 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\IrfanView
[2009.09.22 19:55:53 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\JonDo
[2009.03.16 16:14:23 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\KhomsanPh
[2009.08.10 17:29:39 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\Miranda
[2012.03.30 22:44:14 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\Notepad++
[2008.11.17 11:31:08 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\OpenOffice.org
[2010.12.12 15:23:46 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\PCDr
[2008.11.17 15:09:29 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\PeerNetworking
[2009.03.28 10:05:44 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\rockbox.org
[2011.11.20 20:16:27 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\Sony
[2011.11.20 20:23:41 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\Sony Setup
[2010.05.12 16:25:30 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\Subversion
[2008.12.30 22:21:14 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\Template
[2012.03.08 18:53:57 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\Thunderbird
[2010.04.30 15:11:41 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\Transcend
[2010.10.14 10:52:41 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\UDP Software
[2012.10.28 22:02:44 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\UFOAI
[2009.08.01 18:39:06 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\Uniblue
 
========== Purity Check ==========
 
 

< End of report >
         
und Extras.txt
Code:
ATTFilter
OTL Extras logfile created on: 16.06.2013 12:44:12 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Kolja\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19437)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 1,94 Gb Available Physical Memory | 64,87% Memory free
6,20 Gb Paging File | 5,10 Gb Available in Paging File | 82,31% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220,28 Gb Total Space | 54,16 Gb Free Space | 24,59% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 4,24 Gb Free Space | 42,35% Space Free | Partition Type: NTFS
 
Computer Name: KEN | User Name: Kolja | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.scr [@ = AutoCADScriptFile] -- C:\Program Files\Notepad++\notepad++.exe (Don HO don.h@free.fr)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [dm Fotowelt] -- "C:\Program Files\dm\dm Fotowelt\dm Fotowelt.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 1
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Free Video Zilla\FVZilla.exe" = C:\Program Files\Free Video Zilla\FVZilla.exe:*:Enabled:FVZilla -- ()
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1B6390C5-449B-4DD2-A2A7-48ABFE775754}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{433A9AAF-D2F3-4F07-9377-8D9F88C05A79}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{47AE5147-4EDD-4F65-A44F-F690627E92D7}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{6FF52260-FB37-47B2-8CA1-16F4FFD1AC7D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{746D91EB-8DD7-4FEC-90DF-A7D963094B62}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{AE31AF05-77F5-41AF-B044-D1D83EED9FCC}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{BDEC205E-BB07-4B32-A0AB-F8A43F03585C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{C522C89D-EAA6-4704-A4A7-25990CBFD485}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{D81A31E1-A993-4F79-8845-D5795CFB567E}" = rport=10243 | protocol=6 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{028FB875-F191-4192-B58D-DF0A310C51D9}" = dir=in | app=c:\windows\system32\hasplms.exe | 
"{04AE63A1-FC37-42CF-AED8-0D89648D4AFE}" = dir=in | app=c:\windows\system32\hasplms.exe | 
"{04EA802C-59BD-481A-9C3D-44B44DA885A2}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\mmm\counter-strike\hl.exe | 
"{0652E0AE-ED6E-4511-880A-341C65FEAA7C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{1A57E27F-D7E4-41EF-989B-7AE67087B4CF}" = dir=in | app=c:\windows\system32\hasplms.exe | 
"{1F0FCBB9-5EA7-4418-BC23-F6496AAC5373}" = dir=in | app=c:\program files\dell\mediadirect\mediadirect.exe | 
"{2DDD7258-A32A-4BE4-BD68-795B188C8C70}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\mmm\counter-strike\hl.exe | 
"{33F0EE8E-1F98-40D2-A3AA-B4DD36A31B51}" = protocol=6 | dir=in | app=c:\windows\system32\hasplms.exe | 
"{44978D35-09A9-4263-8664-3EE351914D00}" = dir=in | app=c:\windows\system32\hasplms.exe | 
"{453885A0-C26C-4900-B855-C246197D7128}" = protocol=17 | dir=in | app=c:\windows\system32\zonelabs\vsmon.exe | 
"{49ED0CC6-F097-4A67-8451-679CA5058E52}" = dir=in | app=c:\windows\system32\hasplms.exe | 
"{4B65D8F8-9ABF-4F7A-9484-723B9C94F379}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{5649739A-BA89-4572-AAB1-8069DCDA123F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{5B3D1C26-1A80-4BC6-9EB2-D41780544A51}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{5D6DA21D-6975-41E1-89BD-66ACB4CEFEB5}" = dir=in | app=c:\windows\system32\hasplms.exe | 
"{61FE656C-AE1D-404B-9199-225A60028DC9}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dms\clmsservice.exe | 
"{66C07633-7367-4766-9B0D-5CE2ECBAA410}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dmp\clbrowserengine.exe | 
"{6760E8DB-19DC-43A5-A6C9-27E1CA322D84}" = protocol=6 | dir=out | app=system | 
"{685B5C88-4202-4A40-947B-A4EC76CEE3EC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{72E90EA2-89AF-4BEB-A376-115AA76FE20C}" = dir=in | app=c:\windows\system32\hasplms.exe | 
"{78C7DDCD-117B-4CFE-9B19-07CCFC66518F}" = dir=in | app=c:\windows\system32\hasplms.exe | 
"{79CC6DF5-0C6A-4CBA-B747-9162E33F6D21}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{83B97AE6-0827-487F-BB8A-1F956CB5B78A}" = dir=in | app=c:\windows\system32\hasplms.exe | 
"{898F8F8A-E91D-4FD0-B8EE-E0E0EBB076E6}" = dir=in | app=c:\program files\dell\mediadirect\pcmservice.exe | 
"{8B78EB47-E046-49E0-BEDF-0795AE587A0E}" = protocol=17 | dir=in | app=c:\windows\system32\hasplms.exe | 
"{A310EF3A-77DF-40F9-9F26-6B749DC3C9E8}" = dir=in | app=c:\windows\system32\hasplms.exe | 
"{A6DA462C-EFBC-4B94-AF23-DF72A584A61E}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe | 
"{B0ED171B-C7C9-4050-8D11-740C9393A958}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{C1B47416-9FF1-4748-BCFC-0D8E746B312C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{C263726D-4FD9-460B-B0FC-91F2554ADC05}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{CFD817DE-D573-4FFF-B684-9504A3F11CCF}" = dir=in | app=c:\windows\system32\hasplms.exe | 
"{D52445DF-4696-46DA-A64B-DA669C0191AC}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe | 
"{D8C00789-E408-4081-829A-18132B811926}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{DF3217AF-0B2A-4466-B9B5-087FA13CD4F1}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E0701F89-1B9F-4402-8365-5D2A0CF59354}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe | 
"{E166DC6A-567C-41E2-9E8F-B11F04182F78}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe | 
"{E585ABB1-D157-4BB5-A07C-D639280FF8A8}" = dir=in | app=c:\windows\system32\hasplms.exe | 
"{EF06733F-D57A-43A5-BA15-3A721EF01D4D}" = protocol=6 | dir=in | app=c:\windows\system32\zonelabs\vsmon.exe | 
"{FC785247-E88C-4585-9627-F7A0D793375E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"TCP Query User{429A3810-A1D7-40E7-ACFE-A76ADAAB65C5}C:\program files\nwn\nwmain.exe" = protocol=6 | dir=in | app=c:\program files\nwn\nwmain.exe | 
"TCP Query User{C0543E5A-05D3-4B3D-9A85-3E39401953ED}C:\program files\nwn\nwserver.exe" = protocol=6 | dir=in | app=c:\program files\nwn\nwserver.exe | 
"UDP Query User{123871A1-14DA-4839-8ECE-3D84AAD15A2E}C:\program files\nwn\nwserver.exe" = protocol=17 | dir=in | app=c:\program files\nwn\nwserver.exe | 
"UDP Query User{BA858A72-564D-4B7A-B5F2-764DC328612D}C:\program files\nwn\nwmain.exe" = protocol=17 | dir=in | app=c:\program files\nwn\nwmain.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00762C8C-31A8-4892-9960-587872CAE77C}" = Dell All-In-One Center
"{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{044F9133-B8D7-4d11-BF39-803FA20F5C8B}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}" = ElsterFormular 2008/2009
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{0E592C31-09EF-3CA1-A7DE-05D13DFCF791}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - deu
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{13702021-43FB-480C-912F-D9B74A538288}" = OpenProj
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{294EAADF-E50F-4DD8-AD8D-19587EA10512}" = Modem Diagnostic Tool
"{2A414CBE-CDF3-48C6-A91B-D3D4522F8EB5}" = Sentinel Runtime
"{2ADE2157-7A5E-122C-B51D-EB8A01B15943}" = DeepBurner v1.9.0.228
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B6AD248-D3BF-426A-8D64-847288154F13}" = QuickSet
"{4C552FD3-2CCD-4E00-AC64-0681DBB3F8B5}" = OpenOffice.org 3.4
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{500ECB5F-B2E8-4A46-80FF-FFFDB7AFC103}" = ScanSoft OmniPage SE 4
"{53C6D09E-EAB6-49E5-BA4C-BA7FF13830FB}" = Sound Blaster Audigy ADVANCED MB
"{5783F2D7-4001-0407-0002-0060B0CE6BBA}" = AutoCAD 2006 - Deutsch
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{5D6C26B9-D9E7-4E77-A4DE-0C2B242E85FA}" = ZoneAlarm Firewall
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{6A23CD7D-7A85-4D3E-8CF9-006F98A60B9F}" = SEMA Holzbausoftware V12.1 (de)
"{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{738B0934-6676-44F6-AB52-32F4E60DCA7F}" = Microsoft SQL Server Compact 3.5 SP1 Design Tools (Deutsch)
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{75B9B1F8-0F07-11D6-A801-0050FC209733}" = Capitalism II
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax
"{7C503E58-B2BC-11D5-978A-0050BA84F5F7}" = Neverwinter Nights
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations
"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{9cc89170-000b-457d-91f1-53691f85b223}" = Python 2.6.1
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy
"{A3C76924-B911-4766-A1FD-367D13277CB3}_is1" = GrooveWalrus 0.382
"{A59AB961-BE82-41E0-B0FB-648DFA6DDEA4}" = PC VGA Camer@ Plus
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.7) - Deutsch
"{AFA20D47-69C3-4030-8DF8-D37466E70F13}" = Apple Mobile Device Support
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B935C985-A17F-484B-8470-09E4FC27DC26}" = Dell-eBay
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{BEC98AB1-991D-4A2D-9FDD-10F3DEBAF568}" = Dell Photo AIO 928
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C4BC01F3-B7E6-49FA-8FBE-6B62FDF9CED0}" = ZoneAlarm Security
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C7CA731B-BF9A-46D9-92CF-8A8737AE9240}" = System Requirements Lab for Intel
"{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}" = HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DEC2C123-3CE0-4669-B119-61519130CACD}" = TortoiseSVN 1.6.10.19898 (32 bit)
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E09575B2-498D-4C8B-A9D2-623F78574F29}" = AIO_CDB_Software
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{EC610A5F-4957-4CA3-8825-D91D5D492086}" = ActivePerl 5.12.2 Build 1202
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony Ericsson PC Companion 2.01.231
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects
"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8D315CF-615E-3AAC-ABF6-C0FA91EDDDBA}" = Microsoft Visual C# 2008 Express Edition with SP1 - DEU
"{FA440BE8-EC2F-4478-A01A-077DA0606501}" = Microsoft SQL Server Compact 3.5 SP1 (Deutsch)
"{FD023F61-65E9-465C-B558-7C64EB2B97E6}" = Dell Handbuch zum Einstieg
"{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"1&1 Office-Drive Manager" = 1&1 Office-Drive Manager
"7-Zip" = 7-Zip 4.64
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.6 (Unicode)
"Autodesk DWF Viewer" = Autodesk DWF Viewer
"Avira AntiVir Desktop" = Avira Free Antivirus
"B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind
"CDex" = CDex - Open Source Digital Audio CD Extractor
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"Dell Support Center" = Dell Support Center
"Der Planer 1" = Der Planer 1
"D-Fend Reloaded" = D-Fend Reloaded 1.3.3 (deinstallieren)
"dm Fotowelt" = dm Fotowelt
"ElsterFormular 11.4.1.4323" = ElsterFormular Upgrade
"foobar2000" = foobar2000 v1.2.3
"Free FLV to AVI MP4 3GP WMV MP3 Converter_is1" = Free FLV to AVI MP4 3GP WMV MP3 Converter v2.2
"Free Video Zilla_is1" = Free Video Zilla
"FreePDF_XP" = FreePDF (Remove only)
"GIMP-2_is1" = GIMP 2.8.2
"Google Desktop" = Google Desktop
"GoToAssist" = GoToAssist 8.0.0.514
"GPL Ghostscript 9.00" = GPL Ghostscript 9.00
"GSview 4.9" = GSview 4.9
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPOCR" = HP OCR Software 8.0
"Hydrogen" = Hydrogen
"Inkscape" = Inkscape 0.48.2
"IrfanView" = IrfanView (remove only)
"JAP" = JAP
"JDownloader" = JDownloader
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"LastFM_is1" = Last.fm Scrobbler 2.1.33
"MechCommander2 1.0" = Microsoft MechCommander 2
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Visual C# 2008 Express Edition with SP1 - DEU" = Microsoft Visual C# 2008 Express Edition mit SP1 - DEU
"MiKTeX 2.8" = MiKTeX 2.8
"Miranda IM" = Miranda IM 0.8.3
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"Mozilla Sunbird (0.9)" = Mozilla Sunbird (0.9)
"Mozilla Thunderbird 17.0.6 (x86 de)" = Mozilla Thunderbird 17.0.6 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"musikCube" = musikCube 1.0
"Notepad++" = Notepad++
"OptiPNG-UI1.0.0.2" = OptiPNG-UI
"PokerStars" = PokerStars
"PuTTY_is1" = PuTTY version 0.62
"R for Windows 2.11.1_is1" = R for Windows 2.11.1
"Recuva" = Recuva
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"RuckZuck 4.0" = RuckZuck 4.0
"Secunia PSI" = Secunia PSI
"SecureW2 EAP Suite" = SecureW2 EAP Suite 2.0.4 for Windows
"Steam App 10" = Counter-Strike
"SystemRequirementsLab" = System Requirements Lab
"TeXnicCenter_is1" = TeXnicCenter Version 1.0 Stable RC1
"VLC media player" = VLC media player 2.0.2
"WinMerge_is1" = WinMerge 2.12.4
"WinPcapInst" = WinPcap 4.1.1
"winscp3_is1" = WinSCP 4.3.7
"ZMBV" = Zip Motion Block Video codec (Remove Only)
"ZoneAlarm Free" = ZoneAlarm Free
"ZoneAlarm Toolbar" = ZoneAlarm Toolbar
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"0cb53dcd03c12ddd" = Blitzableiter
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
"uTorrent" = µTorrent
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 12.06.2013 11:47:47 | Computer Name = Ken | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung cmd.exe, Version 6.0.6001.18000, Zeitstempel
 0x47918bde, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
 Ausnahmecode 0xc0000005, Fehleroffset 0x033900a5,  Prozess-ID 0xa40, Anwendungsstartzeit
 01ce67842fa0b363.
 
Error - 12.06.2013 11:48:04 | Computer Name = Ken | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung cmd.exe, Version 6.0.6001.18000, Zeitstempel
 0x47918bde, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
 Ausnahmecode 0xc0000005, Fehleroffset 0x033600a5,  Prozess-ID 0x8d8, Anwendungsstartzeit
 01ce678439ade1c3.
 
Error - 13.06.2013 04:05:38 | Computer Name = Ken | Source = WinMgmt | ID = 10
Description = 
 
Error - 13.06.2013 04:18:09 | Computer Name = Ken | Source = Perflib | ID = 1010
Description = 
 
Error - 13.06.2013 04:18:11 | Computer Name = Ken | Source = Perflib | ID = 1008
Description = 
 
Error - 14.06.2013 02:47:20 | Computer Name = Ken | Source = WinMgmt | ID = 10
Description = 
 
Error - 15.06.2013 03:00:05 | Computer Name = Ken | Source = Perflib | ID = 1010
Description = 
 
Error - 15.06.2013 03:00:07 | Computer Name = Ken | Source = Perflib | ID = 1008
Description = 
 
Error - 16.06.2013 03:00:06 | Computer Name = Ken | Source = Perflib | ID = 1010
Description = 
 
Error - 16.06.2013 06:34:37 | Computer Name = Ken | Source = WinMgmt | ID = 10
Description = 
 
[ Broadcom Wireless LAN Events ]
Error - 08.06.2009 08:36:56 | Computer Name = Ken | Source = WLAN-Tray | ID = 0
Description = 14:36:56, Mon, Jun 08, 09 Error - User "" does not have administrative
 privileges on this system 
 
Error - 21.06.2009 09:38:22 | Computer Name = Ken | Source = WLAN-Tray | ID = 0
Description = 15:38:21, Sun, Jun 21, 09 Error - Unable to gain access to user store

 
Error - 05.11.2012 15:56:05 | Computer Name = Ken | Source = WLAN-Tray | ID = 0
Description = Error - Error in creating key container - -2146893809 (Broadcom Wireless
 Adapter Manager Container) 
 
[ System Events ]
Error - 12.06.2013 10:45:01 | Computer Name = Ken | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 12.06.2013 10:50:36 | Computer Name = Ken | Source = bowser | ID = 8003
Description = 
 
Error - 12.06.2013 15:14:40 | Computer Name = Ken | Source = bowser | ID = 8003
Description = 
 
Error - 13.06.2013 04:05:39 | Computer Name = Ken | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 13.06.2013 12:57:57 | Computer Name = Ken | Source = bowser | ID = 8003
Description = 
 
Error - 14.06.2013 02:47:21 | Computer Name = Ken | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 14.06.2013 13:41:29 | Computer Name = Ken | Source = bowser | ID = 8003
Description = 
 
Error - 15.06.2013 09:06:37 | Computer Name = Ken | Source = bowser | ID = 8003
Description = 
 
Error - 16.06.2013 06:19:30 | Computer Name = Ken | Source = bowser | ID = 8003
Description = 
 
Error - 16.06.2013 06:34:39 | Computer Name = Ken | Source = Service Control Manager | ID = 7000
Description = 
 
 
< End of report >
         
gmer.exe hat bei mir mehrmals nicht funktioniert mit dem Hinweis "gmer.exe funktioniert nicht mehr" von Windows. Nachdem ich versehentlich zwei Versuche ohne zwischenzeitlichen Reboot gestartet hatte, ist das ganze System mit Bluescreen abgestürzt.
Der Absturz kam jeweils während des laufenden Scans. Virenscanner war aus, Netzwerkkabel abgezogen.

Vielen Dank schonmal im Voraus für eure Hilfe.
:)

Alt 16.06.2013, 14:52   #2
markusg
/// Malware-holic
 
JS/Blacole.GB.158 Infektion - Standard

JS/Blacole.GB.158 Infektion



Hi,
Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________

__________________

Alt 16.06.2013, 16:11   #3
Forelli
 
JS/Blacole.GB.158 Infektion - Standard

JS/Blacole.GB.158 Infektion



Hi markusg,

danke für die schnelle Antwort.
Hier ist das TDSSKiller.log
Code:
ATTFilter
16:56:13.0535 5300  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
16:56:13.0597 5300  ============================================================
16:56:13.0597 5300  Current date / time: 2013/06/16 16:56:13.0597
16:56:13.0597 5300  SystemInfo:
16:56:13.0597 5300  
16:56:13.0597 5300  OS Version: 6.0.6002 ServicePack: 2.0
16:56:13.0597 5300  Product type: Workstation
16:56:13.0597 5300  ComputerName: KEN
16:56:13.0597 5300  UserName: Kolja
16:56:13.0597 5300  Windows directory: C:\Windows
16:56:13.0597 5300  System windows directory: C:\Windows
16:56:13.0597 5300  Processor architecture: Intel x86
16:56:13.0597 5300  Number of processors: 2
16:56:13.0597 5300  Page size: 0x1000
16:56:13.0597 5300  Boot type: Normal boot
16:56:13.0597 5300  ============================================================
16:56:14.0362 5300  Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
16:56:14.0362 5300  ============================================================
16:56:14.0362 5300  \Device\Harddisk0\DR0:
16:56:14.0362 5300  MBR partitions:
16:56:14.0362 5300  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x37000, BlocksNum 0x1400000
16:56:14.0362 5300  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1437000, BlocksNum 0x1B88DFF8
16:56:14.0393 5300  ============================================================
16:56:14.0471 5300  C: <-> \Device\Harddisk0\DR0\Partition2
16:56:14.0533 5300  D: <-> \Device\Harddisk0\DR0\Partition1
16:56:14.0533 5300  ============================================================
16:56:14.0533 5300  Initialize success
16:56:14.0533 5300  ============================================================
16:56:54.0313 3864  ============================================================
16:56:54.0313 3864  Scan started
16:56:54.0313 3864  Mode: Manual; SigCheck; TDLFS; 
16:56:54.0313 3864  ============================================================
16:56:55.0202 3864  ================ Scan system memory ========================
16:56:55.0202 3864  System memory - ok
16:56:55.0202 3864  ================ Scan services =============================
16:56:55.0623 3864  [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI            C:\Windows\system32\drivers\acpi.sys
16:56:55.0748 3864  ACPI - ok
16:56:55.0982 3864  [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
16:56:55.0998 3864  AdobeARMservice - ok
16:56:56.0138 3864  [ 9915504F602D277EE47FD843A677FD15 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
16:56:56.0154 3864  AdobeFlashPlayerUpdateSvc - ok
16:56:56.0232 3864  [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
16:56:56.0263 3864  adp94xx - ok
16:56:56.0325 3864  [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci         C:\Windows\system32\drivers\adpahci.sys
16:56:56.0357 3864  adpahci - ok
16:56:56.0372 3864  [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
16:56:56.0388 3864  adpu160m - ok
16:56:56.0419 3864  [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
16:56:56.0435 3864  adpu320 - ok
16:56:56.0497 3864  [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
16:56:56.0544 3864  AeLookupSvc - ok
16:56:56.0575 3864  [ EF1142512BEC12F1C2C87735DA1755BE ] AESTFilters     C:\Windows\system32\aestsrv.exe
16:56:56.0669 3864  AESTFilters - ok
16:56:56.0793 3864  [ 3911B972B55FEA0478476B2E777B29FA ] AFD             C:\Windows\system32\drivers\afd.sys
16:56:56.0809 3864  AFD - ok
16:56:56.0856 3864  [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440          C:\Windows\system32\drivers\agp440.sys
16:56:56.0871 3864  agp440 - ok
16:56:56.0903 3864  [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
16:56:56.0918 3864  aic78xx - ok
16:56:56.0965 3864  [ C6397472A8788505FB23C85441837978 ] aksfridge       C:\Windows\system32\DRIVERS\aksfridge.sys
16:56:56.0996 3864  aksfridge - ok
16:56:57.0059 3864  [ 64FC197D24A2B240598F29CE0A6660C0 ] akshasp         C:\Windows\system32\DRIVERS\akshasp.sys
16:56:57.0105 3864  akshasp - ok
16:56:57.0199 3864  [ DFD3C25A2AAB48668E14AEF0316A0522 ] akshhl          C:\Windows\system32\DRIVERS\akshhl.sys
16:56:57.0246 3864  akshhl - ok
16:56:57.0339 3864  [ 5934CF026DE26F5E3BA49B0CFD662B0F ] aksusb          C:\Windows\system32\DRIVERS\aksusb.sys
16:56:57.0386 3864  aksusb - ok
16:56:57.0417 3864  [ A1545B731579895D8CC44FC0481C1192 ] ALG             C:\Windows\System32\alg.exe
16:56:57.0464 3864  ALG - ok
16:56:57.0495 3864  [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide          C:\Windows\system32\drivers\aliide.sys
16:56:57.0511 3864  aliide - ok
16:56:57.0573 3864  [ C47344BC706E5F0B9DCE369516661578 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
16:56:57.0589 3864  amdagp - ok
16:56:57.0620 3864  [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide          C:\Windows\system32\drivers\amdide.sys
16:56:57.0636 3864  amdide - ok
16:56:57.0667 3864  [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7           C:\Windows\system32\drivers\amdk7.sys
16:56:57.0683 3864  AmdK7 - ok
16:56:57.0714 3864  [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
16:56:57.0776 3864  AmdK8 - ok
16:56:57.0963 3864  [ D9A92E6DD41C5ADC045AE485026AA40C ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
16:56:57.0979 3864  AntiVirSchedulerService - ok
16:56:58.0088 3864  [ 66A7A38F7C439153B758548375EB9E5E ] AntiVirService  C:\Program Files\Avira\AntiVir Desktop\avguard.exe
16:56:58.0104 3864  AntiVirService - ok
16:56:58.0151 3864  [ A80230BD04F0B8BF05185B369BB1CBB8 ] ApfiltrService  C:\Windows\system32\DRIVERS\Apfiltr.sys
16:56:58.0182 3864  ApfiltrService - ok
16:56:58.0244 3864  [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo         C:\Windows\System32\appinfo.dll
16:56:58.0307 3864  Appinfo - ok
16:56:58.0385 3864  [ 43DC4FC662DF064535E30B17C8B5AB00 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
16:56:58.0400 3864  Apple Mobile Device - ok
16:56:58.0463 3864  [ 5D2888182FB46632511ACEE92FDAD522 ] arc             C:\Windows\system32\drivers\arc.sys
16:56:58.0478 3864  arc - ok
16:56:58.0572 3864  [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
16:56:58.0587 3864  arcsas - ok
16:56:58.0728 3864  [ 40C145F12FF461A0220303BDA134F598 ] aspnet_state    C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
16:56:58.0743 3864  aspnet_state - ok
16:56:58.0775 3864  [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
16:56:58.0821 3864  AsyncMac - ok
16:56:58.0899 3864  [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi           C:\Windows\system32\drivers\atapi.sys
16:56:58.0915 3864  atapi - ok
16:56:59.0024 3864  [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:56:59.0071 3864  AudioEndpointBuilder - ok
16:56:59.0087 3864  [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv        C:\Windows\System32\Audiosrv.dll
16:56:59.0118 3864  Audiosrv - ok
16:56:59.0321 3864  [ 7CC8CD6F86054C563E47E7F063CE7A61 ] Autodesk Licensing Service C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
16:56:59.0336 3864  Autodesk Licensing Service - ok
16:56:59.0414 3864  [ 87425709A251386064C99B684BF96F72 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
16:56:59.0430 3864  avgntflt - ok
16:56:59.0539 3864  [ D50FBA68163BC498F2C136E0E5BA8E2F ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
16:56:59.0555 3864  avipbb - ok
16:56:59.0586 3864  [ CB8741CD7B126499FED40C9B197F6AC5 ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
16:56:59.0601 3864  avkmgr - ok
16:56:59.0617 3864  BCM42RLY - ok
16:56:59.0679 3864  [ FA6707A346CD122407F3B0BAD1C47639 ] BCM43XX         C:\Windows\system32\DRIVERS\bcmwl6.sys
16:56:59.0742 3864  BCM43XX - ok
16:56:59.0867 3864  [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep            C:\Windows\system32\drivers\Beep.sys
16:56:59.0898 3864  Beep - ok
16:56:59.0991 3864  [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE             C:\Windows\System32\bfe.dll
16:57:00.0023 3864  BFE - ok
16:57:00.0132 3864  [ 93952506C6D67330367F7E7934B6A02F ] BITS            C:\Windows\System32\qmgr.dll
16:57:00.0225 3864  BITS - ok
16:57:00.0319 3864  [ D4DF28447741FD3D953526E33A617397 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
16:57:00.0350 3864  blbdrive - ok
16:57:00.0444 3864  [ 35F376253F687BDE63976CCB3F2108CA ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
16:57:00.0459 3864  bowser - ok
16:57:00.0491 3864  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
16:57:00.0553 3864  BrFiltLo - ok
16:57:00.0584 3864  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
16:57:00.0615 3864  BrFiltUp - ok
16:57:00.0647 3864  [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser         C:\Windows\System32\browser.dll
16:57:00.0693 3864  Browser - ok
16:57:00.0756 3864  [ B304E75CFF293029EDDF094246747113 ] Brserid         C:\Windows\system32\drivers\brserid.sys
16:57:00.0927 3864  Brserid - ok
16:57:00.0959 3864  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
16:57:01.0052 3864  BrSerWdm - ok
16:57:01.0068 3864  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
16:57:01.0130 3864  BrUsbMdm - ok
16:57:01.0146 3864  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
16:57:01.0224 3864  BrUsbSer - ok
16:57:01.0302 3864  [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
16:57:01.0349 3864  BTHMODEM - ok
16:57:01.0473 3864  [ 946595DA193C5B49062FDF23BDE5C764 ] CBN             C:\Windows\System32\Drivers\CBN.SYS
16:57:01.0473 3864  CBN ( UnsignedFile.Multi.Generic ) - warning
16:57:01.0473 3864  CBN - detected UnsignedFile.Multi.Generic (1)
16:57:01.0505 3864  [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
16:57:01.0536 3864  cdfs - ok
16:57:01.0598 3864  [ 6B4BFFB9BECD728097024276430DB314 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
16:57:01.0614 3864  cdrom - ok
16:57:01.0707 3864  [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc     C:\Windows\System32\certprop.dll
16:57:01.0754 3864  CertPropSvc - ok
16:57:01.0785 3864  [ E5D4133F37219DBCFE102BC61072589D ] circlass        C:\Windows\system32\drivers\circlass.sys
16:57:01.0832 3864  circlass - ok
16:57:01.0910 3864  [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS            C:\Windows\system32\CLFS.sys
16:57:01.0926 3864  CLFS - ok
16:57:01.0973 3864  [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:57:01.0988 3864  clr_optimization_v2.0.50727_32 - ok
16:57:02.0191 3864  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:57:02.0222 3864  clr_optimization_v4.0.30319_32 - ok
16:57:02.0253 3864  [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
16:57:02.0285 3864  CmBatt - ok
16:57:02.0331 3864  [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
16:57:02.0347 3864  cmdide - ok
16:57:02.0378 3864  [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
16:57:02.0394 3864  Compbatt - ok
16:57:02.0394 3864  COMSysApp - ok
16:57:02.0409 3864  [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
16:57:02.0425 3864  crcdisk - ok
16:57:02.0441 3864  [ 0C629820AAD9C90E456B221C94D640CA ] Creative Labs Licensing Service C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
16:57:02.0456 3864  Creative Labs Licensing Service ( UnsignedFile.Multi.Generic ) - warning
16:57:02.0456 3864  Creative Labs Licensing Service - detected UnsignedFile.Multi.Generic (1)
16:57:02.0519 3864  [ 3C8B6609712F4FF78E521F6DCFC4032B ] Creative Service for CDROM Access C:\Windows\system32\CTsvcCDA.exe
16:57:02.0534 3864  Creative Service for CDROM Access ( UnsignedFile.Multi.Generic ) - warning
16:57:02.0534 3864  Creative Service for CDROM Access - detected UnsignedFile.Multi.Generic (1)
16:57:02.0565 3864  [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe          C:\Windows\system32\drivers\crusoe.sys
16:57:02.0628 3864  Crusoe - ok
16:57:02.0721 3864  [ 3EDE4C1F9672C972479201544969ADCB ] CryptSvc        C:\Windows\system32\cryptsvc.dll
16:57:02.0815 3864  CryptSvc - ok
16:57:02.0924 3864  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch      C:\Windows\system32\rpcss.dll
16:57:02.0987 3864  DcomLaunch - ok
16:57:03.0065 3864  [ 4B797AFC90A29C59308E260DBCCD5821 ] deMntrService   C:\Program Files\Dell\MFP_DELL\deMntrService.exe
16:57:03.0080 3864  deMntrService ( UnsignedFile.Multi.Generic ) - warning
16:57:03.0080 3864  deMntrService - detected UnsignedFile.Multi.Generic (1)
16:57:03.0127 3864  [ 92ADE7F1B2E1C69E85A3A9040EEC37B4 ] DESVUSB         C:\Windows\system32\DRIVERS\desrvusb.sys
16:57:03.0189 3864  DESVUSB - ok
16:57:03.0283 3864  [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
16:57:03.0299 3864  DfsC - ok
16:57:03.0423 3864  [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR            C:\Windows\system32\DFSR.exe
16:57:03.0564 3864  DFSR - ok
16:57:03.0704 3864  [ 9028559C132146FB75EB7ACF384B086A ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
16:57:03.0751 3864  Dhcp - ok
16:57:03.0829 3864  [ 5D4AEFC3386920236A548271F8F1AF6A ] disk            C:\Windows\system32\drivers\disk.sys
16:57:03.0845 3864  disk - ok
16:57:04.0063 3864  [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache        C:\Windows\System32\dnsrslvr.dll
16:57:04.0110 3864  Dnscache - ok
16:57:04.0157 3864  [ 13511564CAC5A005255765E322C16967 ] DockLoginService C:\Program Files\Dell\DellDock\DockLogin.exe
16:57:04.0172 3864  DockLoginService - ok
16:57:04.0235 3864  [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc         C:\Windows\System32\dot3svc.dll
16:57:04.0281 3864  dot3svc - ok
16:57:04.0344 3864  [ 4F59C172C094E1A1D46463A8DC061CBD ] Dot4            C:\Windows\system32\DRIVERS\Dot4.sys
16:57:04.0422 3864  Dot4 - ok
16:57:04.0453 3864  [ 80BF3BA09F6F2523C8F6B7CC6DBF7BD5 ] Dot4Print       C:\Windows\system32\DRIVERS\Dot4Prt.sys
16:57:04.0500 3864  Dot4Print - ok
16:57:04.0531 3864  [ C55004CA6B419B6695970DFE849B122F ] dot4usb         C:\Windows\system32\DRIVERS\dot4usb.sys
16:57:04.0578 3864  dot4usb - ok
16:57:04.0625 3864  [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS             C:\Windows\system32\dps.dll
16:57:04.0687 3864  DPS - ok
16:57:04.0765 3864  [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
16:57:04.0812 3864  drmkaud - ok
16:57:04.0905 3864  [ 5DE0FAEC9E5D1AAE74F8568897891A01 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
16:57:04.0952 3864  DXGKrnl - ok
16:57:05.0077 3864  [ 908ED85B7806E8AF3AF5E9B74F7809D4 ] e1express       C:\Windows\system32\DRIVERS\e1e6032.sys
16:57:05.0124 3864  e1express - ok
16:57:05.0171 3864  [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60           C:\Windows\system32\DRIVERS\E1G60I32.sys
16:57:05.0233 3864  E1G60 - ok
16:57:05.0264 3864  [ C0B95E40D85CD807D614E264248A45B9 ] EapHost         C:\Windows\System32\eapsvc.dll
16:57:05.0295 3864  EapHost - ok
16:57:05.0373 3864  [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache          C:\Windows\system32\drivers\ecache.sys
16:57:05.0389 3864  Ecache - ok
16:57:05.0436 3864  [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
16:57:05.0467 3864  ehRecvr - ok
16:57:05.0498 3864  [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched         C:\Windows\ehome\ehsched.exe
16:57:05.0545 3864  ehSched - ok
16:57:05.0561 3864  [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart         C:\Windows\ehome\ehstart.dll
16:57:05.0576 3864  ehstart - ok
16:57:05.0623 3864  [ 23B62471681A124889978F6295B3F4C6 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
16:57:05.0639 3864  elxstor - ok
16:57:05.0732 3864  [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt         C:\Windows\system32\emdmgmt.dll
16:57:05.0810 3864  EMDMgmt - ok
16:57:05.0873 3864  [ 3DB974F3935483555D7148663F726C61 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
16:57:05.0935 3864  ErrDev - ok
16:57:06.0013 3864  [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem     C:\Windows\system32\es.dll
16:57:06.0075 3864  EventSystem - ok
16:57:06.0169 3864  [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat           C:\Windows\system32\drivers\exfat.sys
16:57:06.0185 3864  exfat - ok
16:57:06.0231 3864  [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
16:57:06.0247 3864  fastfat - ok
16:57:06.0278 3864  [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
16:57:06.0325 3864  fdc - ok
16:57:06.0341 3864  [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost         C:\Windows\system32\fdPHost.dll
16:57:06.0372 3864  fdPHost - ok
16:57:06.0387 3864  [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub        C:\Windows\system32\fdrespub.dll
16:57:06.0481 3864  FDResPub - ok
16:57:06.0512 3864  [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
16:57:06.0528 3864  FileInfo - ok
16:57:06.0543 3864  [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
16:57:06.0590 3864  Filetrace - ok
16:57:06.0621 3864  [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
16:57:06.0653 3864  flpydisk - ok
16:57:06.0715 3864  [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
16:57:06.0731 3864  FltMgr - ok
16:57:06.0871 3864  [ 8CE364388C8ECA59B14B539179276D44 ] FontCache       C:\Windows\system32\FntCache.dll
16:57:06.0949 3864  FontCache - ok
16:57:07.0152 3864  [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
16:57:07.0152 3864  FontCache3.0.0.0 - ok
16:57:07.0245 3864  [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
16:57:07.0277 3864  Fs_Rec - ok
16:57:07.0339 3864  [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
16:57:07.0355 3864  gagp30kx - ok
16:57:07.0557 3864  [ 9F5F2F0FB0A7F5AA9F16B9A7B6DAD89F ] GoogleDesktopManager-051210-111108 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
16:57:07.0573 3864  GoogleDesktopManager-051210-111108 - ok
16:57:07.0635 3864  [ D3316F6E3C011435F36E3D6E49B3196C ] GoToAssist      C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
16:57:07.0651 3864  GoToAssist - ok
16:57:07.0713 3864  [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc           C:\Windows\System32\gpsvc.dll
16:57:07.0760 3864  gpsvc - ok
16:57:07.0916 3864  [ CC839E8D766CC31A7710C9F38CF3E375 ] gusvc           C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
16:57:07.0932 3864  gusvc - ok
16:57:07.0994 3864  [ 506097D91E96AEE4BAD61800782E8FB6 ] hardlock        C:\Windows\system32\drivers\hardlock.sys
16:57:08.0025 3864  hardlock - ok
16:57:08.0025 3864  hasplms - ok
16:57:08.0135 3864  [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
16:57:08.0197 3864  HdAudAddService - ok
16:57:08.0275 3864  [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
16:57:08.0322 3864  HDAudBus - ok
16:57:08.0384 3864  [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth          C:\Windows\system32\drivers\hidbth.sys
16:57:08.0431 3864  HidBth - ok
16:57:08.0447 3864  [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr           C:\Windows\system32\drivers\hidir.sys
16:57:08.0540 3864  HidIr - ok
16:57:08.0618 3864  [ 84067081F3318162797385E11A8F0582 ] hidserv         C:\Windows\system32\hidserv.dll
16:57:08.0665 3864  hidserv - ok
16:57:08.0727 3864  [ CCA4B519B17E23A00B826C55716809CC ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
16:57:08.0759 3864  HidUsb - ok
16:57:08.0774 3864  [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc          C:\Windows\system32\kmsvc.dll
16:57:08.0805 3864  hkmsvc - ok
16:57:08.0852 3864  [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys
16:57:08.0868 3864  HpCISSs - ok
16:57:08.0977 3864  [ FCB563B0A23643E5F80B6FF1E60F610F ] hpqcxs08        C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
16:57:08.0993 3864  hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
16:57:08.0993 3864  hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
16:57:09.0024 3864  [ 25E443E27165C652723A92D9BDFD4649 ] hpqddsvc        C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
16:57:09.0024 3864  hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
16:57:09.0024 3864  hpqddsvc - detected UnsignedFile.Multi.Generic (1)
16:57:09.0086 3864  [ 99F85640054BA65190B860D878A7C9AE ] HSF_DPV         C:\Windows\system32\DRIVERS\HSX_DPV.sys
16:57:09.0133 3864  HSF_DPV - ok
16:57:09.0164 3864  [ CFBC2B81972E298F0E19EE68FA9E73DA ] HSXHWAZL        C:\Windows\system32\DRIVERS\HSXHWAZL.sys
16:57:09.0180 3864  HSXHWAZL - ok
16:57:09.0242 3864  [ F870AA3E254628EBEAFE754108D664DE ] HTTP            C:\Windows\system32\drivers\HTTP.sys
16:57:09.0273 3864  HTTP - ok
16:57:09.0336 3864  [ C6B032D69650985468160FC9937CF5B4 ] i2omp           C:\Windows\system32\drivers\i2omp.sys
16:57:09.0351 3864  i2omp - ok
16:57:09.0398 3864  [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
16:57:09.0429 3864  i8042prt - ok
16:57:09.0523 3864  [ AE38A12F79A4980DDB88F36514F8A1DA ] IAANTMON        C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
16:57:09.0554 3864  IAANTMON - ok
16:57:09.0648 3864  [ 997E8F5939F2D12CD9F2E6B395724C16 ] iaStor          C:\Windows\system32\drivers\iastor.sys
16:57:09.0663 3864  iaStor - ok
16:57:09.0726 3864  [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys
16:57:09.0741 3864  iaStorV - ok
16:57:09.0835 3864  [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:57:09.0897 3864  idsvc - ok
16:57:10.0038 3864  [ C134E69CE901422D1F2D7EA8D69098FE ] igfx            C:\Windows\system32\DRIVERS\igdkmd32.sys
16:57:10.0116 3864  igfx - ok
16:57:10.0147 3864  [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
16:57:10.0163 3864  iirsp - ok
16:57:10.0256 3864  [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT          C:\Windows\System32\ikeext.dll
16:57:10.0287 3864  IKEEXT - ok
16:57:10.0350 3864  [ 98D303CCB3415E9202E82043B37D66DC ] IntcHdmiAddService C:\Windows\system32\drivers\IntcHdmi.sys
16:57:10.0365 3864  IntcHdmiAddService - ok
16:57:10.0397 3864  [ 83AA759F3189E6370C30DE5DC5590718 ] intelide        C:\Windows\system32\DRIVERS\intelide.sys
16:57:10.0412 3864  intelide - ok
16:57:10.0428 3864  [ 224191001E78C89DFA78924C3EA595FF ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
16:57:10.0459 3864  intelppm - ok
16:57:10.0490 3864  [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
16:57:10.0537 3864  IPBusEnum - ok
16:57:10.0599 3864  [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:57:10.0677 3864  IpFilterDriver - ok
16:57:10.0755 3864  [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
16:57:10.0787 3864  iphlpsvc - ok
16:57:10.0802 3864  IpInIp - ok
16:57:10.0865 3864  [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys
16:57:10.0896 3864  IPMIDRV - ok
16:57:10.0927 3864  [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys
16:57:10.0974 3864  IPNAT - ok
16:57:11.0005 3864  [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
16:57:11.0021 3864  IRENUM - ok
16:57:11.0052 3864  [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
16:57:11.0067 3864  isapnp - ok
16:57:11.0145 3864  [ 232FA340531D940AAC623B121A595034 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
16:57:11.0177 3864  iScsiPrt - ok
16:57:11.0317 3864  [ 08A811BFD207DFDEC588881C18BACBAA ] ISWKL           C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
16:57:11.0333 3864  ISWKL - ok
16:57:11.0395 3864  [ 5B2CCEF06F96DFB22893AB8F0B3F891D ] IswSvc          C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
16:57:11.0411 3864  IswSvc - ok
16:57:11.0473 3864  [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
16:57:11.0489 3864  iteatapi - ok
16:57:11.0535 3864  [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid         C:\Windows\system32\drivers\iteraid.sys
16:57:11.0551 3864  iteraid - ok
16:57:11.0582 3864  [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
16:57:11.0598 3864  kbdclass - ok
16:57:11.0660 3864  [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
16:57:11.0738 3864  kbdhid - ok
16:57:11.0801 3864  [ A3E186B4B935905B829219502557314E ] KeyIso          C:\Windows\system32\lsass.exe
16:57:11.0863 3864  KeyIso - ok
16:57:11.0972 3864  [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
16:57:12.0003 3864  KSecDD - ok
16:57:12.0050 3864  [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm           C:\Windows\system32\msdtckrm.dll
16:57:12.0191 3864  KtmRm - ok
16:57:12.0284 3864  [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer    C:\Windows\system32\srvsvc.dll
16:57:12.0378 3864  LanmanServer - ok
16:57:12.0456 3864  [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:57:12.0503 3864  LanmanWorkstation - ok
16:57:12.0534 3864  [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
16:57:12.0565 3864  lltdio - ok
16:57:12.0627 3864  [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
16:57:12.0674 3864  lltdsvc - ok
16:57:12.0690 3864  [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts         C:\Windows\System32\lmhsvc.dll
16:57:12.0737 3864  lmhosts - ok
16:57:12.0799 3864  [ C7E15E82879BF3235B559563D4185365 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
16:57:12.0815 3864  LSI_FC - ok
16:57:12.0830 3864  [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
16:57:12.0846 3864  LSI_SAS - ok
16:57:12.0908 3864  [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
16:57:12.0924 3864  LSI_SCSI - ok
16:57:12.0955 3864  [ 8F5C7426567798E62A3B3614965D62CC ] luafv           C:\Windows\system32\drivers\luafv.sys
16:57:12.0986 3864  luafv - ok
16:57:13.0033 3864  [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
16:57:13.0563 3864  Mcx2Svc - ok
16:57:13.0595 3864  [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk         C:\Windows\system32\DRIVERS\mdmxsdk.sys
16:57:13.0610 3864  mdmxsdk - ok
16:57:13.0657 3864  [ 0001CE609D66632FA17B84705F658879 ] megasas         C:\Windows\system32\drivers\megasas.sys
16:57:13.0673 3864  megasas - ok
16:57:13.0797 3864  [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR          C:\Windows\system32\drivers\megasr.sys
16:57:13.0829 3864  MegaSR - ok
16:57:13.0875 3864  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS           C:\Windows\system32\mmcss.dll
16:57:13.0907 3864  MMCSS - ok
16:57:13.0953 3864  [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem           C:\Windows\system32\drivers\modem.sys
16:57:14.0016 3864  Modem - ok
16:57:14.0047 3864  [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
16:57:14.0078 3864  monitor - ok
16:57:14.0094 3864  [ 5BF6A1326A335C5298477754A506D263 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
16:57:14.0109 3864  mouclass - ok
16:57:14.0125 3864  [ 93B8D4869E12CFBE663915502900876F ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
16:57:14.0156 3864  mouhid - ok
16:57:14.0172 3864  [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
16:57:14.0187 3864  MountMgr - ok
16:57:14.0328 3864  [ 825BF0E46B4470A463AEB641480C5FCA ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
16:57:14.0343 3864  MozillaMaintenance - ok
16:57:14.0375 3864  [ 511D011289755DD9F9A7579FB0B064E6 ] mpio            C:\Windows\system32\drivers\mpio.sys
16:57:14.0390 3864  mpio - ok
16:57:14.0406 3864  [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
16:57:14.0437 3864  mpsdrv - ok
16:57:14.0515 3864  [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc          C:\Windows\system32\mpssvc.dll
16:57:14.0562 3864  MpsSvc - ok
16:57:14.0593 3864  [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
16:57:14.0609 3864  Mraid35x - ok
16:57:14.0624 3864  [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
16:57:14.0640 3864  MRxDAV - ok
16:57:14.0733 3864  [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
16:57:14.0765 3864  mrxsmb - ok
16:57:14.0858 3864  [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:57:14.0874 3864  mrxsmb10 - ok
16:57:14.0889 3864  [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:57:14.0905 3864  mrxsmb20 - ok
16:57:14.0952 3864  [ F70590424EEFBF5C27A40C67AFDB8383 ] msahci          C:\Windows\system32\drivers\msahci.sys
16:57:14.0967 3864  msahci - ok
16:57:14.0983 3864  [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
16:57:14.0999 3864  msdsm - ok
16:57:15.0030 3864  [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC           C:\Windows\System32\msdtc.exe
16:57:15.0092 3864  MSDTC - ok
16:57:15.0108 3864  [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
16:57:15.0139 3864  Msfs - ok
16:57:15.0186 3864  [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
16:57:15.0201 3864  msisadrv - ok
16:57:15.0233 3864  [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
16:57:15.0264 3864  MSiSCSI - ok
16:57:15.0279 3864  msiserver - ok
16:57:15.0342 3864  [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
16:57:15.0373 3864  MSKSSRV - ok
16:57:15.0389 3864  [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
16:57:15.0420 3864  MSPCLOCK - ok
16:57:15.0435 3864  [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
16:57:15.0467 3864  MSPQM - ok
16:57:15.0498 3864  [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
16:57:15.0513 3864  MsRPC - ok
16:57:15.0529 3864  [ E384487CB84BE41D09711C30CA79646C ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
16:57:15.0545 3864  mssmbios - ok
16:57:15.0576 3864  [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
16:57:15.0623 3864  MSTEE - ok
16:57:15.0685 3864  [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup             C:\Windows\system32\Drivers\mup.sys
16:57:15.0701 3864  Mup - ok
16:57:15.0763 3864  [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent        C:\Windows\system32\qagentRT.dll
16:57:15.0825 3864  napagent - ok
16:57:15.0935 3864  [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
16:57:15.0950 3864  NativeWifiP - ok
16:57:16.0028 3864  [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS            C:\Windows\system32\drivers\ndis.sys
16:57:16.0059 3864  NDIS - ok
16:57:16.0091 3864  [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
16:57:16.0122 3864  NdisTapi - ok
16:57:16.0137 3864  [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
16:57:16.0169 3864  Ndisuio - ok
16:57:16.0215 3864  [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
16:57:16.0231 3864  NdisWan - ok
16:57:16.0262 3864  [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
16:57:16.0278 3864  NDProxy - ok
16:57:16.0340 3864  [ A081CB6FB9A12668F233EB5414BE3A0E ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
16:57:16.0356 3864  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
16:57:16.0356 3864  Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
16:57:16.0371 3864  [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
16:57:16.0403 3864  NetBIOS - ok
16:57:16.0465 3864  [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt           C:\Windows\system32\DRIVERS\netbt.sys
16:57:16.0496 3864  netbt - ok
16:57:16.0512 3864  [ A3E186B4B935905B829219502557314E ] Netlogon        C:\Windows\system32\lsass.exe
16:57:16.0527 3864  Netlogon - ok
16:57:16.0559 3864  [ C8052711DAECC48B982434C5116CA401 ] Netman          C:\Windows\System32\netman.dll
16:57:16.0590 3864  Netman - ok
16:57:16.0621 3864  [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm        C:\Windows\System32\netprofm.dll
16:57:16.0668 3864  netprofm - ok
16:57:16.0730 3864  [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:57:16.0746 3864  NetTcpPortSharing - ok
16:57:16.0793 3864  [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
16:57:16.0808 3864  nfrd960 - ok
16:57:16.0824 3864  [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc          C:\Windows\System32\nlasvc.dll
16:57:16.0871 3864  NlaSvc - ok
16:57:17.0042 3864  [ F44ADDBF29905CB19F52FC9FE6A0EFA1 ] nosGetPlusHelper C:\Program Files\NOS\bin\getPlus_Helper_3004.dll
16:57:17.0042 3864  nosGetPlusHelper - ok
16:57:17.0105 3864  [ B9730495E0CF674680121E34BD95A73B ] NPF             C:\Windows\system32\drivers\npf.sys
16:57:17.0120 3864  NPF - ok
16:57:17.0167 3864  [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
16:57:17.0183 3864  Npfs - ok
16:57:17.0229 3864  [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi             C:\Windows\system32\nsisvc.dll
16:57:17.0261 3864  nsi - ok
16:57:17.0307 3864  [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
16:57:17.0323 3864  nsiproxy - ok
16:57:17.0448 3864  [ 2C1121F2B87E9A6B12485DF53CD848C7 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
16:57:17.0526 3864  Ntfs - ok
16:57:17.0573 3864  [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi       C:\Windows\system32\drivers\ntrigdigi.sys
16:57:17.0651 3864  ntrigdigi - ok
16:57:17.0682 3864  [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null            C:\Windows\system32\drivers\Null.sys
16:57:17.0713 3864  Null - ok
16:57:17.0760 3864  [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
16:57:17.0775 3864  nvraid - ok
16:57:17.0807 3864  [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
16:57:17.0822 3864  nvstor - ok
16:57:17.0853 3864  [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
16:57:17.0869 3864  nv_agp - ok
16:57:17.0869 3864  NwlnkFlt - ok
16:57:17.0885 3864  NwlnkFwd - ok
16:57:17.0994 3864  [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
16:57:18.0009 3864  ohci1394 - ok
16:57:18.0103 3864  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc        C:\Windows\system32\p2psvc.dll
16:57:18.0165 3864  p2pimsvc - ok
16:57:18.0243 3864  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc          C:\Windows\system32\p2psvc.dll
16:57:18.0306 3864  p2psvc - ok
16:57:18.0509 3864  [ 5C823A7C8F8948EB44BDA2C9E724476B ] PAC7302         C:\Windows\system32\DRIVERS\PAC7302.SYS
16:57:18.0555 3864  PAC7302 - ok
16:57:18.0587 3864  [ 0FA9B5055484649D63C303FE404E5F4D ] Parport         C:\Windows\system32\drivers\parport.sys
16:57:18.0633 3864  Parport - ok
16:57:18.0727 3864  [ B9C2B89F08670E159F7181891E449CD9 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
16:57:18.0743 3864  partmgr - ok
16:57:18.0774 3864  [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm          C:\Windows\system32\drivers\parvdm.sys
16:57:18.0836 3864  Parvdm - ok
16:57:18.0867 3864  [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc          C:\Windows\System32\pcasvc.dll
16:57:18.0945 3864  PcaSvc - ok
16:57:19.0117 3864  [ 92FDDBED716BF5C3CB766101563CFCE5 ] PCDSRVC{E9D79540-57D5953E-06020101}_0 c:\program files\dell support center\pcdsrvc.pkms
16:57:19.0133 3864  PCDSRVC{E9D79540-57D5953E-06020101}_0 - ok
16:57:19.0195 3864  [ 941DC1D19E7E8620F40BBC206981EFDB ] pci             C:\Windows\system32\drivers\pci.sys
16:57:19.0211 3864  pci - ok
16:57:19.0242 3864  [ 1636D43F10416AEB483BC6001097B26C ] pciide          C:\Windows\system32\drivers\pciide.sys
16:57:19.0257 3864  pciide - ok
16:57:19.0289 3864  [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
16:57:19.0320 3864  pcmcia - ok
16:57:19.0367 3864  [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
16:57:19.0491 3864  PEAUTH - ok
16:57:19.0632 3864  [ B1689DF169143F57053F795390C99DB3 ] pla             C:\Windows\system32\pla.dll
16:57:19.0866 3864  pla - ok
16:57:19.0928 3864  [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
16:57:19.0975 3864  PlugPlay - ok
16:57:19.0991 3864  [ 65BC271F337637731D3C71455AE1F476 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
16:57:20.0006 3864  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
16:57:20.0006 3864  Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
16:57:20.0037 3864  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg     C:\Windows\system32\p2psvc.dll
16:57:20.0100 3864  PNRPAutoReg - ok
16:57:20.0193 3864  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc         C:\Windows\system32\p2psvc.dll
16:57:20.0256 3864  PNRPsvc - ok
16:57:20.0381 3864  [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
16:57:20.0427 3864  PolicyAgent - ok
16:57:20.0459 3864  [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
16:57:20.0490 3864  PptpMiniport - ok
16:57:20.0537 3864  [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor       C:\Windows\system32\drivers\processr.sys
16:57:20.0646 3864  Processor - ok
16:57:20.0724 3864  [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc         C:\Windows\system32\profsvc.dll
16:57:20.0755 3864  ProfSvc - ok
16:57:20.0755 3864  [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
16:57:20.0786 3864  ProtectedStorage - ok
16:57:20.0833 3864  [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
16:57:20.0864 3864  PSched - ok
16:57:20.0942 3864  [ 365622E1F0B6D5F9871D76E89BF0501A ] PSI             C:\Windows\system32\DRIVERS\psi_mf.sys
16:57:20.0958 3864  PSI ( UnsignedFile.Multi.Generic ) - warning
16:57:20.0958 3864  PSI - detected UnsignedFile.Multi.Generic (1)
16:57:21.0067 3864  [ 03E0FE281823BA64B3782F5B38950E73 ] PxHelp20        C:\Windows\system32\Drivers\PxHelp20.sys
16:57:21.0083 3864  PxHelp20 - ok
16:57:21.0161 3864  [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
16:57:21.0254 3864  ql2300 - ok
16:57:21.0317 3864  [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
16:57:21.0332 3864  ql40xx - ok
16:57:21.0379 3864  [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE           C:\Windows\system32\qwave.dll
16:57:21.0410 3864  QWAVE - ok
16:57:21.0426 3864  [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
16:57:21.0441 3864  QWAVEdrv - ok
16:57:21.0551 3864  [ E642B131FB74CAF4BB8A014F31113142 ] R300            C:\Windows\system32\DRIVERS\atikmdag.sys
16:57:21.0707 3864  R300 - ok
16:57:21.0722 3864  [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
16:57:21.0753 3864  RasAcd - ok
16:57:21.0769 3864  [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto         C:\Windows\System32\rasauto.dll
16:57:21.0816 3864  RasAuto - ok
16:57:21.0831 3864  [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
16:57:21.0863 3864  Rasl2tp - ok
16:57:21.0925 3864  [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan          C:\Windows\System32\rasmans.dll
16:57:21.0972 3864  RasMan - ok
16:57:22.0034 3864  [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
16:57:22.0050 3864  RasPppoe - ok
16:57:22.0112 3864  [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
16:57:22.0128 3864  RasSstp - ok
16:57:22.0190 3864  [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
16:57:22.0221 3864  rdbss - ok
16:57:22.0253 3864  [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
16:57:22.0284 3864  RDPCDD - ok
16:57:22.0331 3864  [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr           C:\Windows\system32\drivers\rdpdr.sys
16:57:22.0362 3864  rdpdr - ok
16:57:22.0393 3864  [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
16:57:22.0424 3864  RDPENCDD - ok
16:57:22.0502 3864  [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
16:57:22.0549 3864  RDPWD - ok
16:57:22.0596 3864  [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess    C:\Windows\System32\mprdim.dll
16:57:22.0627 3864  RemoteAccess - ok
16:57:22.0689 3864  [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry  C:\Windows\system32\regsvc.dll
16:57:22.0752 3864  RemoteRegistry - ok
16:57:22.0814 3864  [ 355AAC141B214BEF1DBC1483AFD9BD50 ] rimmptsk        C:\Windows\system32\DRIVERS\rimmptsk.sys
16:57:22.0830 3864  rimmptsk - ok
16:57:22.0830 3864  [ A4216C71DD4F60B26418CCFD99CD0815 ] rimsptsk        C:\Windows\system32\DRIVERS\rimsptsk.sys
16:57:22.0845 3864  rimsptsk - ok
16:57:22.0861 3864  [ D231B577024AA324AF13A42F3A807D10 ] rismxdp         C:\Windows\system32\DRIVERS\rixdptsk.sys
16:57:22.0877 3864  rismxdp - ok
16:57:22.0955 3864  [ A780D3EAA74582EA1DEB6BD9C7A3D9C9 ] rpcapd          C:\Program Files\WinPcap\rpcapd.exe
16:57:22.0970 3864  rpcapd - ok
16:57:23.0017 3864  [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator      C:\Windows\system32\locator.exe
16:57:23.0048 3864  RpcLocator - ok
16:57:23.0064 3864  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs           C:\Windows\system32\rpcss.dll
16:57:23.0111 3864  RpcSs - ok
16:57:23.0142 3864  [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
16:57:23.0173 3864  rspndr - ok
16:57:23.0267 3864  [ 1C5C2CB892553D2CF3F45A4BB323FCD6 ] s1018bus        C:\Windows\system32\DRIVERS\s1018bus.sys
16:57:23.0282 3864  s1018bus - ok
16:57:23.0329 3864  [ 38F5EA219593F19B6B3A1B9C169E3B61 ] s1018mdfl       C:\Windows\system32\DRIVERS\s1018mdfl.sys
16:57:23.0345 3864  s1018mdfl - ok
16:57:23.0391 3864  [ 666AF6B64FC7DF92D3CA4819EA91631D ] s1018mdm        C:\Windows\system32\DRIVERS\s1018mdm.sys
16:57:23.0407 3864  s1018mdm - ok
16:57:23.0469 3864  [ F4CEDA6E2DDFF2AF8BD745615A7CA9C0 ] s1018mgmt       C:\Windows\system32\DRIVERS\s1018mgmt.sys
16:57:23.0532 3864  s1018mgmt - ok
16:57:23.0563 3864  [ 3622D9FF2253DCBE885B10736609A4CA ] s1018nd5        C:\Windows\system32\DRIVERS\s1018nd5.sys
16:57:23.0579 3864  s1018nd5 - ok
16:57:23.0625 3864  [ 49431EFDA842B474531C29FFAE9F5D09 ] s1018obex       C:\Windows\system32\DRIVERS\s1018obex.sys
16:57:23.0641 3864  s1018obex - ok
16:57:23.0657 3864  [ AC6B514CB4474F4C867D7CDC9CD54F05 ] s1018unic       C:\Windows\system32\DRIVERS\s1018unic.sys
16:57:23.0672 3864  s1018unic - ok
16:57:23.0703 3864  [ A3E186B4B935905B829219502557314E ] SamSs           C:\Windows\system32\lsass.exe
16:57:23.0719 3864  SamSs - ok
16:57:23.0781 3864  [ 3CE8F073A557E172B330109436984E30 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
16:57:23.0797 3864  sbp2port - ok
16:57:23.0906 3864  [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
16:57:23.0922 3864  SCardSvr - ok
16:57:24.0078 3864  [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule        C:\Windows\system32\schedsvc.dll
16:57:24.0234 3864  Schedule - ok
16:57:24.0296 3864  [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc     C:\Windows\System32\certprop.dll
16:57:24.0327 3864  SCPolicySvc - ok
16:57:24.0390 3864  [ 8F36B54688C31EED4580129040C6A3D3 ] sdbus           C:\Windows\system32\DRIVERS\sdbus.sys
16:57:24.0405 3864  sdbus - ok
16:57:24.0437 3864  [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
16:57:24.0468 3864  SDRSVC - ok
16:57:24.0499 3864  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
16:57:24.0546 3864  secdrv - ok
16:57:24.0577 3864  [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon        C:\Windows\system32\seclogon.dll
16:57:24.0624 3864  seclogon - ok
16:57:24.0639 3864  [ A9BBAB5759771E523F55563D6CBE140F ] SENS            C:\Windows\System32\sens.dll
16:57:24.0671 3864  SENS - ok
16:57:24.0702 3864  [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum         C:\Windows\system32\drivers\serenum.sys
16:57:24.0749 3864  Serenum - ok
16:57:24.0764 3864  [ C70D69A918B178D3C3B06339B40C2E1B ] Serial          C:\Windows\system32\drivers\serial.sys
16:57:24.0827 3864  Serial - ok
16:57:24.0842 3864  [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
16:57:24.0873 3864  sermouse - ok
16:57:24.0920 3864  [ D2193326F729B163125610DBF3E17D57 ] SessionEnv      C:\Windows\system32\sessenv.dll
16:57:24.0951 3864  SessionEnv - ok
16:57:24.0967 3864  [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk         C:\Windows\system32\DRIVERS\sffdisk.sys
16:57:24.0998 3864  sffdisk - ok
16:57:25.0014 3864  [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
16:57:25.0061 3864  sffp_mmc - ok
16:57:25.0154 3864  [ 9F66A46C55D6F1CCABC79BB7AFCCC545 ] sffp_sd         C:\Windows\system32\DRIVERS\sffp_sd.sys
16:57:25.0185 3864  sffp_sd - ok
16:57:25.0201 3864  [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
16:57:25.0263 3864  sfloppy - ok
16:57:25.0295 3864  [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
16:57:25.0326 3864  SharedAccess - ok
16:57:25.0435 3864  [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:57:25.0466 3864  ShellHWDetection - ok
16:57:25.0497 3864  [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp          C:\Windows\system32\drivers\sisagp.sys
16:57:25.0513 3864  sisagp - ok
16:57:25.0591 3864  [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
16:57:25.0607 3864  SiSRaid2 - ok
16:57:25.0622 3864  [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
16:57:25.0638 3864  SiSRaid4 - ok
16:57:25.0778 3864  [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
16:57:25.0794 3864  SkypeUpdate - ok
16:57:25.0950 3864  [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc           C:\Windows\system32\SLsvc.exe
16:57:26.0184 3864  slsvc - ok
16:57:26.0246 3864  [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify      C:\Windows\system32\SLUINotify.dll
16:57:26.0293 3864  SLUINotify - ok
16:57:26.0355 3864  [ 7B75299A4D201D6A6533603D6914AB04 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
16:57:26.0371 3864  Smb - ok
16:57:26.0418 3864  [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
16:57:26.0433 3864  SNMPTRAP - ok
16:57:26.0589 3864  [ 1A623F2B69E1F182F995F963C55DB935 ] Sony Ericsson PCCompanion C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe
16:57:26.0605 3864  Sony Ericsson PCCompanion ( UnsignedFile.Multi.Generic ) - warning
16:57:26.0605 3864  Sony Ericsson PCCompanion - detected UnsignedFile.Multi.Generic (1)
16:57:26.0652 3864  [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr           C:\Windows\system32\drivers\spldr.sys
16:57:26.0667 3864  spldr - ok
16:57:26.0777 3864  [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler         C:\Windows\System32\spoolsv.exe
16:57:26.0823 3864  Spooler - ok
16:57:26.0933 3864  [ CDDDEC541BC3C96F91ECB48759673505 ] sptd            C:\Windows\System32\Drivers\sptd.sys
16:57:26.0964 3864  sptd - ok
16:57:27.0073 3864  [ 41987F9FC0E61ADF54F581E15029AD91 ] srv             C:\Windows\system32\DRIVERS\srv.sys
16:57:27.0089 3864  srv - ok
16:57:27.0151 3864  [ FF33AFF99564B1AA534F58868CBE41EF ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
16:57:27.0167 3864  srv2 - ok
16:57:27.0182 3864  [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
16:57:27.0198 3864  srvnet - ok
16:57:27.0260 3864  [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
16:57:27.0307 3864  SSDPSRV - ok
16:57:27.0401 3864  [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv          C:\Windows\system32\DRIVERS\ssmdrv.sys
16:57:27.0416 3864  ssmdrv - ok
16:57:27.0479 3864  [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
16:57:27.0494 3864  SstpSvc - ok
16:57:27.0525 3864  [ 7E6DD4B34ACD36AF6C711D2BDE91B040 ] STacSV          C:\Windows\system32\STacSV.exe
16:57:27.0557 3864  STacSV - ok
16:57:27.0635 3864  Steam Client Service - ok
16:57:27.0713 3864  [ 6A2A5E809C2C0178326D92B19EE4AAD3 ] STHDA           C:\Windows\system32\drivers\stwrt.sys
16:57:27.0775 3864  STHDA - ok
16:57:27.0837 3864  [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc          C:\Windows\System32\wiaservc.dll
16:57:27.0853 3864  stisvc - ok
16:57:28.0040 3864  [ 1D0063597C3666404FCF97698ABEB019 ] stllssvr        C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
16:57:28.0056 3864  stllssvr - ok
16:57:28.0087 3864  [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
16:57:28.0103 3864  swenum - ok
16:57:28.0181 3864  [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv           C:\Windows\System32\swprv.dll
16:57:28.0212 3864  swprv - ok
16:57:28.0243 3864  [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys
16:57:28.0259 3864  Symc8xx - ok
16:57:28.0305 3864  [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
16:57:28.0321 3864  Sym_hi - ok
16:57:28.0352 3864  [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
16:57:28.0368 3864  Sym_u3 - ok
16:57:28.0415 3864  [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain         C:\Windows\system32\sysmain.dll
16:57:28.0477 3864  SysMain - ok
16:57:28.0539 3864  [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
16:57:28.0571 3864  TabletInputService - ok
16:57:28.0649 3864  [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv         C:\Windows\System32\tapisrv.dll
16:57:28.0711 3864  TapiSrv - ok
16:57:28.0758 3864  [ CB05822CD9CC6C688168E113C603DBE7 ] TBS             C:\Windows\System32\tbssvc.dll
16:57:28.0805 3864  TBS - ok
16:57:28.0898 3864  [ 078218D74C4EFC2CE7E4C6DF22A94F2F ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
16:57:28.0961 3864  Tcpip - ok
16:57:29.0007 3864  [ 078218D74C4EFC2CE7E4C6DF22A94F2F ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
16:57:29.0039 3864  Tcpip6 - ok
16:57:29.0148 3864  [ 4C11A1820DDC37FA653913AD680ACCAE ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
16:57:29.0210 3864  tcpipreg - ok
16:57:29.0257 3864  [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
16:57:29.0288 3864  TDPIPE - ok
16:57:29.0319 3864  [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
16:57:29.0351 3864  TDTCP - ok
16:57:29.0429 3864  [ 76B06EB8A01FC8624D699E7045303E54 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
16:57:29.0444 3864  tdx - ok
16:57:29.0460 3864  [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
16:57:29.0491 3864  TermDD - ok
16:57:29.0569 3864  [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService     C:\Windows\System32\termsrv.dll
16:57:29.0647 3864  TermService - ok
16:57:29.0741 3864  [ C7230FBEE14437716701C15BE02C27B8 ] Themes          C:\Windows\system32\shsvcs.dll
16:57:29.0756 3864  Themes - ok
16:57:29.0772 3864  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER     C:\Windows\system32\mmcss.dll
16:57:29.0803 3864  THREADORDER - ok
16:57:29.0834 3864  [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks          C:\Windows\System32\trkwks.dll
16:57:29.0912 3864  TrkWks - ok
16:57:29.0990 3864  [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:57:30.0053 3864  TrustedInstaller - ok
16:57:30.0084 3864  [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
16:57:30.0131 3864  tssecsrv - ok
16:57:30.0146 3864  [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp           C:\Windows\system32\DRIVERS\tunmp.sys
16:57:30.0162 3864  tunmp - ok
16:57:30.0240 3864  [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
16:57:30.0255 3864  tunnel - ok
16:57:30.0287 3864  [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35          C:\Windows\system32\drivers\uagp35.sys
16:57:30.0302 3864  uagp35 - ok
16:57:30.0349 3864  [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
16:57:30.0380 3864  udfs - ok
16:57:30.0427 3864  [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
16:57:30.0474 3864  UI0Detect - ok
16:57:30.0583 3864  [ 9D186C0DF44013C5BAD83AF6F2DEBE29 ] ui11drdr        C:\Windows\system32\DRIVERS\ui11drdr.sys
16:57:30.0599 3864  ui11drdr ( UnsignedFile.Multi.Generic ) - warning
16:57:30.0599 3864  ui11drdr - detected UnsignedFile.Multi.Generic (1)
16:57:30.0645 3864  [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
16:57:30.0661 3864  uliagpkx - ok
16:57:30.0677 3864  [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci         C:\Windows\system32\drivers\uliahci.sys
16:57:30.0708 3864  uliahci - ok
16:57:30.0723 3864  [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata          C:\Windows\system32\drivers\ulsata.sys
16:57:30.0739 3864  UlSata - ok
16:57:30.0755 3864  [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys
16:57:30.0770 3864  ulsata2 - ok
16:57:30.0833 3864  [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
16:57:30.0864 3864  umbus - ok
16:57:30.0895 3864  [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost        C:\Windows\System32\upnphost.dll
16:57:30.0957 3864  upnphost - ok
16:57:31.0020 3864  [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
16:57:31.0051 3864  usbccgp - ok
16:57:31.0113 3864  [ E9476E6C486E76BC4898074768FB7131 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
16:57:31.0207 3864  usbcir - ok
16:57:31.0238 3864  [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
16:57:31.0269 3864  usbehci - ok
16:57:31.0332 3864  [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
16:57:31.0347 3864  usbhub - ok
16:57:31.0394 3864  [ 38DBC7DD6CC5A72011F187425384388B ] usbohci         C:\Windows\system32\drivers\usbohci.sys
16:57:31.0441 3864  usbohci - ok
16:57:31.0535 3864  [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
16:57:31.0613 3864  usbprint - ok
16:57:31.0659 3864  [ A508C9BD8724980512136B039BBA65E9 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
16:57:31.0691 3864  usbscan - ok
16:57:31.0753 3864  [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:57:31.0784 3864  USBSTOR - ok
16:57:31.0800 3864  [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
16:57:31.0831 3864  usbuhci - ok
16:57:31.0893 3864  [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms           C:\Windows\System32\uxsms.dll
16:57:31.0925 3864  UxSms - ok
16:57:31.0987 3864  [ CD88D1B7776DC17A119049742EC07EB4 ] vds             C:\Windows\System32\vds.exe
16:57:32.0034 3864  vds - ok
16:57:32.0159 3864  [ 87B06E1F30B749A114F74622D013F8D4 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
16:57:32.0205 3864  vga - ok
16:57:32.0252 3864  [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave         C:\Windows\System32\drivers\vga.sys
16:57:32.0268 3864  VgaSave - ok
16:57:32.0330 3864  [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp          C:\Windows\system32\drivers\viaagp.sys
16:57:32.0346 3864  viaagp - ok
16:57:32.0361 3864  [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7           C:\Windows\system32\drivers\viac7.sys
16:57:32.0393 3864  ViaC7 - ok
16:57:32.0408 3864  [ AADF5587A4063F52C2C3FED7887426FC ] viaide          C:\Windows\system32\drivers\viaide.sys
16:57:32.0424 3864  viaide - ok
16:57:32.0471 3864  [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
16:57:32.0486 3864  volmgr - ok
16:57:32.0549 3864  [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
16:57:32.0580 3864  volmgrx - ok
16:57:32.0751 3864  [ 786DB5771F05EF300390399F626BF30A ] volsnap         C:\Windows\system32\drivers\volsnap.sys
16:57:32.0783 3864  volsnap - ok
16:57:32.0892 3864  [ 6983D0BCAC64C2D7460C2125F804F118 ] Vsdatant        C:\Windows\system32\DRIVERS\vsdatant.sys
16:57:32.0954 3864  Vsdatant - ok
16:57:32.0985 3864  vsdatant7 - ok
16:57:33.0141 3864  vsmon - ok
16:57:33.0188 3864  [ 587253E09325E6BF226B299774B728A9 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
16:57:33.0204 3864  vsmraid - ok
16:57:33.0282 3864  [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS             C:\Windows\system32\vssvc.exe
16:57:33.0344 3864  VSS - ok
16:57:33.0422 3864  [ C466021D31FF6C0A6069D12299D80C0B ] VSTHWBS2        C:\Windows\system32\DRIVERS\VSTBS23.SYS
16:57:33.0469 3864  VSTHWBS2 - ok
16:57:33.0531 3864  [ EC36F1D542ED4252390D446BF6D4DFD0 ] VST_DPV         C:\Windows\system32\DRIVERS\VSTDPV3.SYS
16:57:33.0609 3864  VST_DPV - ok
16:57:33.0672 3864  [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time         C:\Windows\system32\w32time.dll
16:57:33.0719 3864  W32Time - ok
16:57:33.0750 3864  [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
16:57:33.0843 3864  WacomPen - ok
16:57:33.0875 3864  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
16:57:33.0890 3864  Wanarp - ok
16:57:33.0921 3864  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
16:57:33.0937 3864  Wanarpv6 - ok
16:57:34.0015 3864  [ A3CD60FD826381B49F03832590E069AF ] wcncsvc         C:\Windows\System32\wcncsvc.dll
16:57:34.0046 3864  wcncsvc - ok
16:57:34.0140 3864  [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:57:34.0187 3864  WcsPlugInService - ok
16:57:34.0218 3864  [ 78FE9542363F297B18C027B2D7E7C07F ] Wd              C:\Windows\system32\drivers\wd.sys
16:57:34.0233 3864  Wd - ok
16:57:34.0343 3864  [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
16:57:34.0389 3864  Wdf01000 - ok
16:57:34.0405 3864  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
16:57:34.0452 3864  WdiServiceHost - ok
16:57:34.0452 3864  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
16:57:34.0483 3864  WdiSystemHost - ok
16:57:34.0561 3864  [ 04C37D8107320312FBAE09926103D5E2 ] WebClient       C:\Windows\System32\webclnt.dll
16:57:34.0577 3864  WebClient - ok
16:57:34.0670 3864  [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc          C:\Windows\system32\wecsvc.dll
16:57:34.0717 3864  Wecsvc - ok
16:57:34.0779 3864  [ 670FF720071ED741206D69BD995EA453 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
16:57:34.0795 3864  wercplsupport - ok
16:57:34.0873 3864  [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc          C:\Windows\System32\WerSvc.dll
16:57:34.0904 3864  WerSvc - ok
16:57:34.0935 3864  [ 72CC6A8CA7891031D6380DB5025C773C ] winachsf        C:\Windows\system32\DRIVERS\HSX_CNXT.sys
16:57:34.0998 3864  winachsf - ok
16:57:35.0060 3864  [ 4575AA12561C5648483403541D0D7F2B ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
16:57:35.0091 3864  WinDefend - ok
16:57:35.0091 3864  WinHttpAutoProxySvc - ok
16:57:35.0247 3864  [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
16:57:35.0279 3864  Winmgmt - ok
16:57:35.0403 3864  [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM           C:\Windows\system32\WsmSvc.dll
16:57:35.0481 3864  WinRM - ok
16:57:35.0575 3864  [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc         C:\Windows\System32\wlansvc.dll
16:57:35.0637 3864  Wlansvc - ok
16:57:35.0856 3864  [ 5144AE67D60EC653F97DDF3FEED29E77 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
16:57:35.0918 3864  wlidsvc - ok
16:57:35.0996 3864  [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
16:57:36.0027 3864  WmiAcpi - ok
16:57:36.0090 3864  [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
16:57:36.0121 3864  wmiApSrv - ok
16:57:36.0199 3864  [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
16:57:36.0277 3864  WMPNetworkSvc - ok
16:57:36.0355 3864  [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
16:57:36.0433 3864  WPCSvc - ok
16:57:36.0495 3864  [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
16:57:36.0527 3864  WPDBusEnum - ok
16:57:36.0589 3864  [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb          C:\Windows\system32\DRIVERS\wpdusb.sys
16:57:36.0605 3864  WpdUsb - ok
16:57:36.0823 3864  [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
16:57:36.0854 3864  WPFFontCache_v0400 - ok
16:57:36.0901 3864  [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
16:57:36.0917 3864  ws2ifsl - ok
16:57:36.0995 3864  [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc          C:\Windows\System32\wscsvc.dll
16:57:37.0026 3864  wscsvc - ok
16:57:37.0026 3864  WSearch - ok
16:57:37.0166 3864  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
16:57:37.0322 3864  wuauserv - ok
16:57:37.0494 3864  [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
16:57:37.0541 3864  WudfPf - ok
16:57:37.0603 3864  [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
16:57:37.0634 3864  WUDFRd - ok
16:57:37.0697 3864  [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
16:57:37.0759 3864  wudfsvc - ok
16:57:37.0790 3864  [ DAB33CFA9DD24251AAA389FF36B64D4B ] XAudio          C:\Windows\system32\DRIVERS\xaudio.sys
16:57:37.0806 3864  XAudio - ok
16:57:37.0853 3864  [ CD5F291A1161F15896D1A4D63DAFF5DF ] XAudioService   C:\Windows\system32\DRIVERS\xaudio.exe
16:57:37.0884 3864  XAudioService - ok
16:57:38.0024 3864  [ 04E268ADFC81964C49DC0C082D520F7E ] yukonwlh        C:\Windows\system32\DRIVERS\yk60x86.sys
16:57:38.0087 3864  yukonwlh - ok
16:57:38.0118 3864  ================ Scan global ===============================
16:57:38.0149 3864  [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
16:57:38.0258 3864  [ A508314231C49AEE86987CEA3EAECAD1 ] C:\Windows\system32\winsrv.dll
16:57:38.0274 3864  [ A508314231C49AEE86987CEA3EAECAD1 ] C:\Windows\system32\winsrv.dll
16:57:38.0352 3864  [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
16:57:38.0352 3864  [Global] - ok
16:57:38.0352 3864  ================ Scan MBR ==================================
16:57:38.0383 3864  [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
16:57:38.0757 3864  \Device\Harddisk0\DR0 - ok
16:57:38.0757 3864  ================ Scan VBR ==================================
16:57:38.0804 3864  [ 91747838D539C0D206A264A018966638 ] \Device\Harddisk0\DR0\Partition1
16:57:38.0804 3864  \Device\Harddisk0\DR0\Partition1 - ok
16:57:38.0820 3864  [ 41BDF88E8612ACB9AAED0D92381DE50C ] \Device\Harddisk0\DR0\Partition2
16:57:38.0820 3864  \Device\Harddisk0\DR0\Partition2 - ok
16:57:38.0820 3864  ============================================================
16:57:38.0820 3864  Scan finished
16:57:38.0820 3864  ============================================================
16:57:38.0835 4860  Detected object count: 11
16:57:38.0835 4860  Actual detected object count: 11
16:58:42.0390 4860  CBN ( UnsignedFile.Multi.Generic ) - skipped by user
16:58:42.0390 4860  CBN ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:58:42.0390 4860  Creative Labs Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
16:58:42.0390 4860  Creative Labs Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:58:42.0390 4860  Creative Service for CDROM Access ( UnsignedFile.Multi.Generic ) - skipped by user
16:58:42.0390 4860  Creative Service for CDROM Access ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:58:42.0390 4860  deMntrService ( UnsignedFile.Multi.Generic ) - skipped by user
16:58:42.0390 4860  deMntrService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:58:42.0390 4860  hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
16:58:42.0390 4860  hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:58:42.0390 4860  hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
16:58:42.0390 4860  hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:58:42.0405 4860  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
16:58:42.0405 4860  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:58:42.0405 4860  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
16:58:42.0405 4860  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:58:42.0405 4860  PSI ( UnsignedFile.Multi.Generic ) - skipped by user
16:58:42.0405 4860  PSI ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:58:42.0405 4860  Sony Ericsson PCCompanion ( UnsignedFile.Multi.Generic ) - skipped by user
16:58:42.0405 4860  Sony Ericsson PCCompanion ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:58:42.0405 4860  ui11drdr ( UnsignedFile.Multi.Generic ) - skipped by user
16:58:42.0405 4860  ui11drdr ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:59:23.0059 5384  Deinitialize success
         
__________________

Alt 16.06.2013, 18:00   #4
markusg
/// Malware-holic
 
JS/Blacole.GB.158 Infektion - Standard

JS/Blacole.GB.158 Infektion



Hi,
Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 16.06.2013, 19:29   #5
Forelli
 
JS/Blacole.GB.158 Infektion - Standard

JS/Blacole.GB.158 Infektion



Combofix Logfile:
Code:
ATTFilter
ComboFix 13-06-15.01 - Kolja 16.06.2013  19:56:05.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3061.1697 [GMT 2:00]
ausgeführt von:: c:\users\Kolja\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
FW: ZoneAlarm Free Firewall *Disabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\DFREB96.tmp
c:\program files\SecureW2
c:\program files\SecureW2\Uninstall.exe
c:\programdata\1&1
c:\programdata\1&1\1&1 Office-Drive Manager\ULMSettings.xml
c:\programdata\Microsoft\Windows\Start Menu\Programs\SecureW2
c:\programdata\Microsoft\Windows\Start Menu\Programs\SecureW2\TTLS Manager.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\SecureW2\Uninstall.lnk
c:\users\Kolja\AppData\Roaming\1&1
c:\users\Kolja\AppData\Roaming\1&1\1&1 Office-Drive Manager\ULMSettings.xml
c:\users\Kolja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SecureW2
c:\windows\IsUn0407.exe
c:\windows\system32\drivers\~GLH0014.TMP
c:\windows\system32\SET9CDD.tmp
c:\windows\system32\SETA0B7.tmp
c:\windows\system32\Temp
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-05-16 bis 2013-06-16  ))))))))))))))))))))))))))))))
.
.
2013-06-16 18:07 . 2013-06-16 18:07	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-06-16 18:07 . 2013-06-16 18:07	--------	d-----w-	c:\users\Katja\AppData\Local\temp
2013-06-12 16:06 . 2013-06-12 16:08	--------	d-----w-	c:\users\Kolja\D-Fend Reloaded
2013-06-12 16:06 . 2013-06-12 16:07	--------	d-----w-	c:\program files\D-Fend Reloaded
2013-06-12 15:45 . 2013-06-15 18:58	--------	d-----w-	c:\program files\Der Planer 1
2013-06-12 13:15 . 2013-04-17 12:30	24576	----a-w-	c:\windows\system32\cryptdlg.dll
2013-05-27 18:41 . 2013-05-28 18:38	--------	d-----w-	c:\program files\Mozilla Thunderbird
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-11 22:51 . 2012-03-31 18:44	692104	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-06-11 22:51 . 2011-05-13 17:57	71048	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2013-04-15 14:20 . 2013-05-15 21:13	638328	----a-w-	c:\windows\system32\drivers\dxgkrnl.sys
2013-04-13 10:56 . 2013-05-15 21:13	37376	----a-w-	c:\windows\system32\cdd.dll
2013-04-09 01:36 . 2013-05-15 21:13	2049024	----a-w-	c:\windows\system32\win32k.sys
2013-04-04 03:35 . 2013-04-22 18:40	94112	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
2013-03-27 15:20 . 2013-03-04 17:47	84744	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2013-03-27 15:20 . 2013-03-04 17:47	37352	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2013-03-27 15:20 . 2013-03-04 17:47	135136	----a-w-	c:\windows\system32\drivers\avipbb.sys
2010-09-14 19:22 . 2013-05-18 22:06	119808	----a-w-	c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\!{6A86DAFA-242F-4E90-A4AD-D01E6B56E6EA}]
@="{6A86DAFA-242F-4E90-A4AD-D01E6B56E6EA}"
[HKEY_CLASSES_ROOT\CLSID\{6A86DAFA-242F-4E90-A4AD-D01E6B56E6EA}]
2012-09-24 15:47	868352	----a-w-	c:\program files\1&1\1&1 Office-Drive Manager\SHNDLERS.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55	87304	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55	87304	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55	87304	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55	87304	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55	87304	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55	87304	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55	87304	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55	87304	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55	87304	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2008-02-29 17920]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-05-04 167936]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-03-12 79400]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-07-03 3563520]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-12-21 184320]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-11-12 405504]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-09-14 30192]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2007-12-10 323584]
"FreePDF Assistant"="c:\program files\FreePDF_XP\fpassist.exe" [2011-02-23 371200]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"ZoneAlarm"="c:\program files\CheckPoint\ZoneAlarm\zatray.exe" [2011-12-18 73360]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-06 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-06 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-06 133656]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2013-05-08 345312]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
c:\users\Katja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-7-15 1226024]
Google Desktop.lnk - c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2008-11-3 30192]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-11-3 50688]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe /firstrun [2008-7-15 1226024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-11-03 19:31	10536	----a-w-	c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2010-09-14 19:22	30192	----a-w-	c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-11-03 19:22	68856	----a-w-	c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"FirewallOverride"=dword:00000001
.
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-11-12 73728]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WSEARCH
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
nosGetPlusHelper	REG_MULTI_SZ   	nosGetPlusHelper
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
2013-06-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 22:51]
.
2012-05-23 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2010-11-18 15:13]
.
2013-06-16 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\pcdrcui.exe [2010-11-18 15:13]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Kolja\AppData\Roaming\Mozilla\Firefox\Profiles\v8p38qw0.default\
FF - prefs.js: browser.startup.homepage - hxxp://partnerpage.google.com/dell.com/de_de?hl=de&client=dell-row&channel=de&ibd=2081104
FF - prefs.js: network.proxy.type - 0
.
.
------- Dateityp-Verknüpfung -------
.
.scr=AutoCADScriptFile
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-dellsupportcenter - c:\program files\Dell Support Center\bin\sprtcmd.exe
HKLM-Run-c:\program files\Free Video Zilla\FVZilla.exe - (no file)
HKLM-Run-ISW - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
AddRemove-DAEMON Tools Toolbar - c:\program files\DAEMON Tools Toolbar\uninst.exe
AddRemove-Der Planer 1 - c:\windows\IsUn0407.exe
AddRemove-RuckZuck 4.0 - c:\windows\IsUn0407.exe
AddRemove-SecureW2 EAP Suite - c:\program files\SecureW2\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2013-06-16 20:09
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
.
c:\users\Kolja\AppData\Local\Temp\catchme.dll 53248 bytes executable
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 1
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PCDSRVC{E9D79540-57D5953E-06020101}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc.pkms"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{14ca83e6-1d3f-4e46-aace-7c4715b990a1}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:10020054
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{6579633b-8878-4878-a556-48e5476eb2f5}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:1a028037
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{9c642153-bfe0-4511-a0b6-e778ddd5ea9e}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:07001422
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{ad66a9bc-a675-4792-bf15-ad0d3de488a0}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0c00234d
"Dhcpv6State"=dword:00000001
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{b132ec71-7a1a-4cae-97c1-5ece0779137e}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0f00219b
"Dhcpv6State"=dword:00000001
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{ba32a50a-3d27-4fae-8591-5916311409be}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0c001422
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{ec3edde2-5c5d-4a93-9cfd-2a44b16d5b54}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0f001372
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{f50c0996-5b4a-4c6a-a322-6e991d4caa0e}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:06001422
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{f70a361f-6437-4fcc-91a4-cd88d468d91b}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0e001422
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{fa7121e2-f01e-4404-89cb-8f0f813c8ce5}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:16000000
"Dhcpv6State"=dword:00000000
.
Zeit der Fertigstellung: 2013-06-16  20:12:38
ComboFix-quarantined-files.txt  2013-06-16 18:12
.
Vor Suchlauf: 36 Verzeichnis(se), 60.107.620.352 Bytes frei
Nach Suchlauf: 39 Verzeichnis(se), 62.197.030.912 Bytes frei
.
- - End Of File - - 3D7E49B45E69FA6F3208D7ADAEAAAF72
         
--- --- ---
5C616939100B85E558DA92B899A0FC36


Alt 17.06.2013, 14:15   #6
markusg
/// Malware-holic
 
JS/Blacole.GB.158 Infektion - Standard

JS/Blacole.GB.158 Infektion



Hi,
malwarebytes:
Downloade Dir bitte Malwarebytes
  • Installiere
    das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche
    nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere vollständiger Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet
    ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste
    das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.
__________________
--> JS/Blacole.GB.158 Infektion

Alt 18.06.2013, 05:40   #7
Forelli
 
JS/Blacole.GB.158 Infektion - Standard

JS/Blacole.GB.158 Infektion



Malwarebytes
Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.75.0.1300
Malwarebytes : Free Anti-Malware download

Datenbank Version: v2013.06.17.03

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.19437
Kolja :: KEN [Administrator]

Schutz: Aktiviert

17.06.2013 21:42:29
mbam-log-2013-06-17 (21-42-29).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 668304
Laufzeit: 3 Stunde(n), 59 Minute(n), 15 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\Kolja\Documents\mmm\mIRC_kolja\mirc.exe (Trojan.Downloader) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         

Alt 18.06.2013, 11:43   #8
markusg
/// Malware-holic
 
JS/Blacole.GB.158 Infektion - Standard

JS/Blacole.GB.158 Infektion



Hi,

lade den CCleaner standard:
CCleaner - Download - Filepony
falls der CCleaner
bereits instaliert, überspringen.
öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 18.06.2013, 14:08   #9
Forelli
 
JS/Blacole.GB.158 Infektion - Standard

JS/Blacole.GB.158 Infektion



CCleaner
Code:
ATTFilter
1&1 Office-Drive Manager	1&1 Internet AG	16.10.2012	9,05MB	2.0.687 notwendig
7-Zip 4.64		16.01.2009	3,13MB	notwendig
ActivePerl 5.12.2 Build 1202	ActiveState	13.09.2010	74,1MB	5.12.1202 unnötig
Adobe Download Manager	NOS Microsystems Ltd.	23.09.2010	456KB	1.6.2.91 unbekannt
Adobe Flash Player 10 ActiveX	Adobe Systems Incorporated	16.12.2009		10.0.42.34 unbekannt
Adobe Flash Player 11 Plugin	Adobe Systems Incorporated	12.06.2013		11.7.700.224 unbekannt
Adobe Reader X (10.1.7) - Deutsch	Adobe Systems Incorporated	15.05.2013	118MB	10.1.7 notwendig
Apple Mobile Device Support	Apple Inc.	28.05.2009	38,3MB	2.4.1.7 unbekannt
Audacity 1.3.6 (Unicode)	Audacity Team	27.01.2009	18,6MB	unnötig
AutoCAD 2006 - Deutsch	Autodesk	19.02.2011	357MB	16.2.54.10 notwendig
Autodesk DWF Viewer	Autodesk, Inc.	19.02.2011	15,7MB	5.1 notwendig
Avanquest update	Avanquest Software	19.11.2011	2,78MB	1.29 unbekannt
Avira Free Antivirus	Avira	16.06.2013	62,3MB	13.0.0.3640 notwendig
Blitzableiter	Microsoft	28.07.2010		1.0.0.0 unnötig
Browser Address Error Redirector	Dell	02.11.2008		1.00.0000 unbekannt
Capitalism II		20.12.2008	147MB	notwendig
CCleaner	Piriform	24.05.2013	5,62MB	4.02 notwendig
CDex - Open Source Digital Audio CD Extractor	Georgy Berdyshev	21.02.2010	10,3MB	1.70.4.2009 unbekannt
Cisco LEAP Module	Cisco Systems, Inc.	02.11.2008	1,04MB	1.0.12 unbekannt
Compatibility Pack für 2007 Office System	Microsoft Corporation	08.01.2013		12.0.6612.1000 unbekannt
Conexant HDA D330 MDC V.92 Modem	Conexant	02.11.2008	0,97MB	7.74.00 unbekannt
Counter-Strike	Valve	17.07.2011	81,0MB	unnötig
Creative MediaSource 5		02.11.2008	26,6MB	5.00 unbekannt
D-Fend Reloaded 1.3.3 (deinstallieren)	Alexander Herzog	12.06.2013	34,6MB	1.3.3 notwendig
DeepBurner v1.9.0.228		21.02.2010	8,46MB	notwendig
Dell All-In-One Center	Dell	02.11.2008		002.000.00032 notwendig
Dell Dock	Dell	02.11.2008		1.0.0 notwendig
Dell Handbuch zum Einstieg	Dell Inc.	02.11.2008		1.00.0000 notwendig
Dell Photo AIO 928	Dell	02.11.2008		002.000.00036 unnötig
Dell Support Center	Dell Inc.	11.12.2010	119MB	3.0.5744.02 notwendig
Dell Touchpad	Alps Electric	02.11.2008	7,68MB	7.1.103.4 notwendig
Dell-eBay	Dell	02.11.2008		1.00.0000 unbekannt
Digital Line Detect	BVRP Software, Inc	02.11.2008	272KB	1.21 unbekannt
dm Fotowelt		21.04.2009	201MB	unnötig
EDocs		02.11.2008	820KB	unbekannt
ElsterFormular 2008/2009	Steuerverwaltung des Bundes und der Länder	09.05.2009	168MB	10.2.1.0 notwendig
ElsterFormular Upgrade	Landesfinanzdirektion Thüringen	19.05.2011	288MB	12_1_0_6164k notwendig
foobar2000 v1.2.3	Peter Pawlowski	01.03.2013	8,23MB	1.2.3 notwendig
Free FLV to AVI MP4 3GP WMV MP3 Converter v2.2	www.appfree.net	21.06.2009	10,8MB	2.0 unnötig
Free Video Zilla	FreeVideoZilla.com	02.03.2010	2,29MB	unnötig
FreeMind		12.06.2009	15,8MB	0.9.0_RC_4 notwendig
FreePDF (Remove only)		29.08.2011	3,58MB	notwendig
GIMP 2.8.2	The GIMP Team	11.09.2012	227MB	2.8.2 notwendig
Google Desktop	Google	15.09.2010	6,64MB	5.9.1005.12335 unbekannt
Google Toolbar for Internet Explorer	Google Inc.	06.05.2009	11,0MB	unnötig
GoToAssist 8.0.0.514		02.11.2008	3,44MB	unbekannt
GPL Ghostscript 9.00		23.10.2010	29,0MB	notwendig
GrooveWalrus 0.382	Turnip-town.net	01.03.2013	44,3MB	unnötig
GSview 4.9		23.10.2010	3,21MB	notwendig
HP Imaging Device Functions 8.0	HP	01.05.2012	1,53MB	8.0 notwendig
HP OCR Software 8.0	HP	01.05.2012	1,52MB	8.0 notwendig
HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B	HP	01.05.2012	75,8MB	8.0 notwendig
HP Solution Center 8.0	HP	01.05.2012	1,52MB	8.0 notwendig
HP Update	Hewlett-Packard	02.05.2012	3,92MB	5.003.001.001 notwendig
Hydrogen		30.01.2009	75,7MB	unnötig
Inkscape 0.48.2		12.09.2012	167MB	0.48.2 unnötig
Intel(R) Graphics Media Accelerator Driver		24.06.2009 unbekannt	
Intel(R) Matrix Storage Manager		02.11.2008	3,77MB	unbekannt
IrfanView (remove only)	Irfan Skiljan	16.11.2010	1,53MB	4.27 notwendig
JAP	JAP-Team	27.12.2008	5,71MB	00.010.003 unnötig
Java 7 Update 21	Oracle	06.03.2013	129MB	7.0.210 notwendig
JavaFX 2.1.1	Oracle Corporation	13.06.2012	20,8MB	2.1.1 unbekannt
JDownloader	AppWork UG (haftungsbeschränkt)	01.10.2010	52,6MB	unnötig
LAME v3.98.2 for Audacity		14.02.2010	1,17MB	unnötig
Last.fm Scrobbler 2.1.33	Last.fm	30.01.2013	18,3MB	notwendig
Malwarebytes Anti-Malware Version 1.75.0.1300	Malwarebytes Corporation	17.06.2013	13,3MB	1.75.0.1300 notwendig
MediaDirect	Dell	02.11.2008	124MB	3.5 unbekannt
Microsoft .NET Framework 1.1		20.02.2011 unbekannt		
Microsoft .NET Framework 1.1 German Language Pack	Microsoft	19.02.2011	3,01MB	1.1.4322 unbekannt
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU	Microsoft Corporation	17.02.2009	36,9MB	unbekannt
Microsoft .NET Framework 3.5 SP1	Microsoft Corporation	16.02.2009	36,9MB	unbekannt
Microsoft .NET Framework 4 Client Profile	Microsoft Corporation	17.07.2010	120MB	4.0.30319 unbekannt
Microsoft .NET Framework 4 Client Profile DEU Language Pack	Microsoft Corporation	17.07.2010	24,5MB	4.0.30319 unbekannt
Microsoft Games for Windows - LIVE Redistributable	Microsoft Corporation	18.07.2011	31,3MB	3.5.88.0 unbekannt
Microsoft Games for Windows Marketplace	Microsoft Corporation	18.07.2011	6,03MB	3.5.50.0 unbekannt
Microsoft MechCommander 2		26.07.2010	405MB	unnötig
Microsoft Office PowerPoint Viewer 2007 (English)	Microsoft Corporation	08.01.2013		12.0.6612.1000 unbekannt
Microsoft Silverlight	Microsoft Corporation	12.03.2013	139MB	5.1.20125.0 unbekannt
Microsoft SQL Server 2008 Management Objects	Microsoft Corporation	24.02.2010	11,4MB	10.0.1600.22 unbekannt
Microsoft SQL Server Compact 3.5 SP1 (Deutsch)	Microsoft Corporation	24.02.2010	2,86MB	3.5.5692.0 unbekannt
Microsoft SQL Server Compact 3.5 SP1 Design Tools (Deutsch)	Microsoft Corporation	24.02.2010	9,10MB	3.5.5692.0 unbekannt
Microsoft Visual C# 2008 Express Edition mit SP1 - DEU	Microsoft Corporation	15.06.2011	125MB	unbekannt
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053	Microsoft Corporation	30.07.2009	251KB	8.0.50727.4053 unbekannt
Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	15.06.2011	294KB	8.0.59193 unbekannt
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148	Microsoft Corporation	30.07.2009	199KB	9.0.30729.4148 unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022	Microsoft Corporation	13.06.2009	1,41MB	9.0.21022 unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218	Microsoft Corporation	02.03.2010	226KB	9.0.21022.218 unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729	Microsoft Corporation	24.02.2010	585KB	9.0.30729 unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17	Microsoft Corporation	17.03.2009	590KB	9.0.30729 unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148	Microsoft Corporation	24.03.2010	589KB	9.0.30729.4148 unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161	Microsoft Corporation	15.06.2011	594KB	9.0.30729.6161 unbekannt
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219	Microsoft Corporation	13.11.2011	11,1MB	10.0.40219 unbekannt
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - deu	Microsoft Corporation	24.02.2010	5,74MB	3.5.30729 unbekannt
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32	Microsoft Corporation	24.02.2010	2,60MB	6.1.5295.17011 unbekannt
Microsoft Works	Microsoft Corporation	09.10.2012		9.7.0621 unbekannt
MiKTeX 2.8	MiKTeX.org	08.05.2010	1,72GB	2.8 notwendig
Miranda IM 0.8.3		10.08.2009	2,52MB	unnötig
Modem Diagnostic Tool	Dell	02.11.2008		1.0.24.0 unbekannt
Mozilla Firefox 21.0 (x86 de)	Mozilla	19.05.2013	45,3MB	21.0 notwendig
Mozilla Maintenance Service	Mozilla	28.05.2013	204KB	17.0.6 unbekannt
Mozilla Sunbird (0.9)	Mozilla	09.06.2009	17,8MB	0.9 (en-US) unnötig
Mozilla Thunderbird 17.0.6 (x86 de)	Mozilla	28.05.2013	42,1MB	17.0.6 notwendig
MSXML 4.0 SP2 (KB954430)	Microsoft Corporation	16.11.2008	1,27MB	4.20.9870.0 unbekannt
MSXML 4.0 SP2 (KB973688)	Microsoft Corporation	24.11.2009	1,33MB	4.20.9876.0 unbekannt
musikCube 1.0	Casey Langen	25.01.2009	7,97MB	1.0 unnötig
NetWaiting	BVRP Software, Inc	02.11.2008	5,23MB	2.5.53 unbekannt
Neverwinter Nights		02.06.2009	1,81MB	unnötig
Notepad++		30.03.2012	7,07MB	5.9.6.2 notwendig
Octoshape add-in for Adobe Flash Player		04.03.2009	1,18MB	unbekannt
OpenOffice.org 3.4	OpenOffice.org	22.08.2012	346MB	3.4.9590 notwendig
OpenProj	Serena Software Inc.	16.04.2010	7,15MB	1.4.0 notwendig
OptiPNG-UI	Vincenzo Fleri	27.07.2010	9,73MB	1.0.0.2 unnötig
OutlookAddinSetup	CyberLink	02.11.2008	0,98MB	1.0.0 unbekannt
PC VGA Camer@ Plus	Aecotech	01.04.2011	160KB	1.0.0.23 unbekannt
PokerStars	PokerStars	19.05.2009	41,0MB	unnötig
PuTTY version 0.62	Simon Tatham	04.03.2012	3,25MB	0.62 unnötig
Python 2.6.1	Python Software Foundation	17.02.2009	47,0MB	2.6.1150 unnötig
QuickSet	Dell Inc.	02.11.2008		8.2.20 unbekannt
R for Windows 2.11.1	R Development Core Team	11.09.2010	81,7MB	2.11.1 unnötig
Recuva	Piriform	19.10.2011	1,88MB	1.41 notwendig
RedMon - Redirection Port Monitor		29.08.2011 notwendig	
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01		24.06.2009	1,48MB	3.51.01 unbekannt
Roxio Creator DE	Roxio	02.11.2008	18,0MB	10.1 unbekannt
Roxio Update Manager	Roxio	14.06.2009	2,33MB	6.0.0 unbekannt
ScanSoft OmniPage SE 4	Nuance Communications, Inc.	02.11.2008		15.2.0020 unbekannt
Secunia PSI		14.01.2010	1,34MB	unbekannt
SEMA Holzbausoftware V12.1 (de)	SEMA	06.01.2013	2,64GB	12.1 notwendig
Sentinel Runtime	SafeNet Inc.	06.01.2013	10,9MB	6.3.1.28367 unbekannt
Skype™ 5.10	Skype Technologies S.A.	11.09.2012	19,4MB	5.10.116 unnötig
Sony Ericsson PC Companion 2.01.231	Sony Ericsson	19.11.2011	57,9MB	2.01.231 unbekannt
Sound Blaster Audigy ADVANCED MB		02.11.2008	11,5MB	1.0 unbekannt
SQL Server System CLR Types	Microsoft Corporation	24.02.2010	829KB	10.0.1600.22 unbekannt
Steam	Valve Corporation	17.07.2011	35,4MB	1.0.0.0 unnötig
System Requirements Lab		01.06.2009	1,26MB	unbekannt
System Requirements Lab for Intel	Husdawg, LLC	18.03.2013	1,02MB	4.5.13.0 unbekannt
TeXnicCenter Version 1.0 Stable RC1	TeXnicCenter.org	10.05.2010	11,9MB	Version 1.0 Stable RC1 notwendig
TortoiseSVN 1.6.10.19898 (32 bit)	TortoiseSVN	07.08.2010	18,4MB	1.6.19898 notwendig
VLC media player 2.0.2	VideoLAN	05.07.2012	60,8MB	2.0.2 notwendig
Windows Live ID Sign-in Assistant	Microsoft Corporation	18.07.2011	4,68MB	6.500.3165.0 unbekannt
WinMerge 2.12.4	Thingamahoochie Software	17.11.2010	4,39MB	2.12.4 notwendig
WinPcap 4.1.1	CACE Technologies	06.05.2010	240KB	4.1.0.1753 notwendig
WinSCP 4.3.7	Martin Prikryl	04.03.2012	8,73MB	4.3.7 notwendig
Zip Motion Block Video codec (Remove Only)	DOSBox Team	12.06.2013	100KB	notwendig
ZoneAlarm Free	Check Point	19.05.2012	24,7MB	10.1.079.000 notwendig
µTorrent		09.06.2009	268KB	1.8.2 unnötig
         

Alt 18.06.2013, 14:33   #10
markusg
/// Malware-holic
 
JS/Blacole.GB.158 Infektion - Standard

JS/Blacole.GB.158 Infektion



bdeinstaliere:
ActivePerl
Adobe Flash Player alle
Adobe - Adobe Flash Player installieren
neueste version laden, instalieren.
adobe reader:
Adobe - Adobe Reader herunterladen - Alle Versionen
haken bei mcafee security scan raus nehmen
bitte auch mal den adobe reader wie folgt konfigurieren:
adobe reader öffnen, bearbeiten, voreinstellungen.
allgemein:
nur zertifizierte zusatz module verwenden, anhaken.
Sicherheit (erweitert)
Erweiterte Sicherheit anhaken
und alle Dateien auswählen.
internet:
hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc.
es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht.
bei javascript den haken bei java script verwenden raus nehmen
bei updater, automatisch instalieren wählen.
übernehmen /ok

deinstaliere:
Audacity
Blitzableiter
Browser Address
Counter
dm
Free FLV
Free Video Zilla
Google : beide
GrooveWalrus
JAP
JavaFX
JDownloader
LAME
Miranda
Mozilla Sunbird
musikCube
Neverwinter
OptiPNG
PokerStars
PuTTY
Python
R for
Secunia
Skype™
Steam
ZoneAlarm : kann weg, die windows firewall ist mehr als ausreichend.
µTorrent
Öffne CCleaner, analysieren, starten, PC neustarten.
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 18.06.2013, 20:07   #11
Forelli
 
JS/Blacole.GB.158 Infektion - Standard

JS/Blacole.GB.158 Infektion



Alles deinstalliert außer GrooveWalrus 0.382: Der Prozedureinsprungpunkt "wcscat_s" wurde in der DLL "ntdll.dll" nicht gefunden.

AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v2.303 - Datei am 18/06/2013 um 20:46:37 erstellt
# Aktualisiert am 08/06/2013 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzer : Kolja - KEN
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Kolja\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Program Files\Mozilla Firefox\.autoreg
Datei Gelöscht : C:\Users\Kolja\AppData\Local\Temp\Uninstall.exe
Datei Gelöscht : C:\Users\Kolja\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\Askcom.xml
Ordner Gelöscht : C:\Program Files\DAEMON Tools Toolbar

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi
Schlüssel Gelöscht : HKLM\SOFTWARE\Software

***** [Internet Browser] *****

-\\ Internet Explorer v8.0.6001.19437

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v21.0 (de)

Datei : C:\Users\Katja\AppData\Roaming\Mozilla\Firefox\Profiles\icynt87o.default\prefs.js

[OK] Die Datei ist sauber.

Datei : C:\Users\Kolja\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\prefs.js

C:\Users\Kolja\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\user.js ... Gelöscht !

Gelöscht : user_pref("forecastfox.general.bar", "temporaryinbox_toolbar");
Gelöscht : user_pref("pttl.menu-search-groups-tab", false);
Gelöscht : user_pref("pttl.menu-search-groups-win", false);
Gelöscht : user_pref("temporaryinbox.hideContextMenu2", true);
Gelöscht : user_pref("temporaryinbox.language", "de");
Gelöscht : user_pref("temporaryinbox.usessl", true);

Datei : C:\Users\Kolja\AppData\Roaming\Mozilla\Firefox\Profiles\v8p38qw0.default\prefs.js

Gelöscht : user_pref("surfcanyon.fractions", "0.0_0.0\r\n");
Gelöscht : user_pref("surfcanyon.last_checked_ts", "1267027083910");

*************************

AdwCleaner[S1].txt - [1969 octets] - [18/06/2013 20:46:37]

########## EOF - C:\AdwCleaner[S1].txt - [2029 octets] ##########
         
--- --- ---

Alt 18.06.2013, 20:50   #12
markusg
/// Malware-holic
 
JS/Blacole.GB.158 Infektion - Standard

JS/Blacole.GB.158 Infektion



Hiho,
Revo Uninstaller - Download - Filepony

deinstalation mal mit Rewo versuchen.
neustarten.
Hitmanpro laden.
Hitman Pro - Download - Filepony
doppelklicken, Scan klicken.
Nichts löschen.
Log speichern und posten, bzw als XML exportieren, packen und anhängen
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 19.06.2013, 05:33   #13
Forelli
 
JS/Blacole.GB.158 Infektion - Standard

JS/Blacole.GB.158 Infektion



GrooveWalrus mit Revo deinstalliert.

HitmanPro
Code:
ATTFilter
HitmanPro 3.7.6.201
www.hitmanpro.com

   Computer name . . . . : KEN
   Windows . . . . . . . : 6.0.2.6002.X86/2
   User name . . . . . . : KEN\Kolja
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free

   Scan date . . . . . . : 2013-06-19 06:10:37
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 8m 55s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 0
   Traces  . . . . . . . : 14

   Objects scanned . . . : 2.349.276
   Files scanned . . . . : 50.768
   Remnants scanned  . . : 766.592 files / 1.531.916 keys

Suspicious files ____________________________________________________________

   C:\Windows\system32\hasplms.exe 
      Size . . . . . . . : 4.412.872 bytes
      Age  . . . . . . . : 300.7 days (2012-08-22 14:01:18)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 83BFF779018218B557853A7EE4F0D767B3E158C69BEB0864D8C0E1634277329E
      Product  . . . . . : LDK License Manager Service
      Publisher  . . . . : SafeNet Inc.
      Description  . . . : Sentinel LDK License Manager Service
      Version  . . . . . : 14.0.1.28295
      Copyright  . . . . : © 2012 SafeNet, Inc. All rights reserved.
      RSA Key Size . . . : 2048
      Service  . . . . . : hasplms
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 28.0
         The file name extension of this program is not common.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         The Entry Point of this file lies in a resource section. This is an indication of malware infection.
         Program starts automatically without user intervention.
         The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
         Starts automatically as a service during system bootup.
         Program contains PE structure anomalies. This is not typical for most programs.
         Program is code signed with a valid Authenticode certificate.
      Startup
         HKLM\SYSTEM\CurrentControlSet\Services\hasplms\
         

Alt 19.06.2013, 18:10   #14
markusg
/// Malware-holic
 
JS/Blacole.GB.158 Infektion - Standard

JS/Blacole.GB.158 Infektion



passt, frisches otl log bitte
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 19.06.2013, 21:36   #15
Forelli
 
JS/Blacole.GB.158 Infektion - Standard

JS/Blacole.GB.158 Infektion



OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 19.06.2013 21:51:15 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Kolja\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19437)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 1,89 Gb Available Physical Memory | 63,22% Memory free
6,20 Gb Paging File | 5,09 Gb Available in Paging File | 82,10% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220,28 Gb Total Space | 67,02 Gb Free Space | 30,42% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 4,24 Gb Free Space | 42,35% Space Free | Partition Type: NTFS
 
Computer Name: KEN | User Name: Kolja | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.06.16 12:41:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kolja\Desktop\OTL.exe
PRC - [2013.05.08 06:32:04 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013.04.04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013.03.27 17:19:53 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2013.03.27 17:19:31 | 000,079,584 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2013.03.27 17:19:27 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.08.22 14:01:18 | 004,412,872 | ---- | M] (SafeNet Inc.) -- C:\Windows\System32\hasplms.exe
PRC - [2011.02.23 22:19:22 | 000,371,200 | ---- | M] (shbox.de) -- C:\Program Files\FreePDF_XP\fpassist.exe
PRC - [2010.07.16 17:32:34 | 000,619,800 | ---- | M] (hxxp://tortoisesvn.net) -- c:\Program Files\TortoiseSVN\bin\TSVNCache.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.11.03 21:04:01 | 000,072,704 | ---- | M] (Creative Labs) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
PRC - [2008.05.04 11:25:32 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2008.05.04 11:25:26 | 000,167,936 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2008.05.04 11:25:26 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2008.05.04 11:25:26 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2008.05.02 15:09:04 | 000,161,048 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2007.12.21 11:58:06 | 000,184,320 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Dell\MediaDirect\PCMService.exe
PRC - [2007.12.10 15:55:26 | 000,323,584 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\PixArt\PAC7302\Monitor.exe
PRC - [2007.11.12 13:07:24 | 000,405,504 | ---- | M] (IDT, Inc.) -- C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
PRC - [2007.11.12 13:07:20 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
PRC - [2007.11.12 13:07:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEstSrv.exe
PRC - [2007.06.28 15:05:40 | 000,131,072 | ---- | M] (Dell) -- C:\Program Files\Dell\MFP_DELL\deMntrService.exe
PRC - [2007.03.21 14:00:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007.03.21 14:00:00 | 000,174,872 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007.03.12 19:10:36 | 000,079,400 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.02.13 17:57:03 | 007,977,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\cc149d08e75f8c53cd28ac926b38c370\System.ni.dll
MOD - [2013.01.10 19:35:43 | 000,774,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\403900299d88edc5153065e5aed726e7\System.Runtime.Remoting.ni.dll
MOD - [2013.01.10 07:52:22 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\2227d1559f87943255069398608d5c56\mscorlib.ni.dll
MOD - [2009.03.30 06:42:12 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2009.03.30 06:42:11 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2008.07.03 14:28:14 | 000,055,808 | ---- | M] () -- C:\Windows\System32\bcmwlrmt.dll
MOD - [2006.12.10 21:51:08 | 000,077,824 | R--- | M] () -- C:\Program Files\HP\Digital Imaging\bin\crm\xmltok.dll
MOD - [2006.12.10 21:51:08 | 000,065,536 | R--- | M] () -- C:\Program Files\HP\Digital Imaging\bin\crm\xmlparse.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2013.05.19 00:06:37 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013.03.27 17:19:53 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.03.27 17:19:27 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.08.22 14:01:18 | 004,412,872 | ---- | M] (SafeNet Inc.) [Auto | Running] -- C:\Windows\System32\hasplms.exe -- (hasplms)
SRV - [2011.06.29 16:59:18 | 000,155,344 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe -- (Sony Ericsson PCCompanion)
SRV - [2011.02.20 14:48:43 | 000,077,944 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2009.10.20 20:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2008.11.03 21:31:41 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2008.11.03 21:04:01 | 000,072,704 | ---- | M] (Creative Labs) [Auto | Running] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe -- (Creative Labs Licensing Service)
SRV - [2008.05.02 15:09:04 | 000,161,048 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.11.12 13:07:20 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2007.11.12 13:07:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)
SRV - [2007.06.28 15:05:40 | 000,131,072 | ---- | M] (Dell) [Auto | Running] -- C:\Program Files\Dell\MFP_DELL\deMntrService.exe -- (deMntrService)
SRV - [2007.03.21 14:00:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\vsdatant.win7.sys -- (vsdatant7)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Kolja\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\BCM42RLY.sys -- (BCM42RLY)
DRV - [2013.04.04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2013.03.27 17:20:00 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2013.03.27 17:20:00 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2013.03.27 17:20:00 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2013.03.04 18:11:31 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2012.09.24 17:44:06 | 000,145,408 | ---- | M] (1&1 Internet AG) [File_System | System | Running] -- C:\Windows\System32\drivers\ui11drdr.SYS -- (ui11drdr)
DRV - [2012.08.07 13:50:58 | 000,365,056 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\aksfridge.sys -- (aksfridge)
DRV - [2012.06.15 11:39:24 | 000,289,152 | ---- | M] (SafeNet Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\aksusb.sys -- (aksusb)
DRV - [2012.04.18 22:04:40 | 000,017,408 | ---- | M] (MARX Datentechnik GmbH ) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CBN.SYS -- (CBN)
DRV - [2011.08.25 13:58:48 | 000,046,720 | ---- | M] (SafeNet Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\akshhl.sys -- (akshhl)
DRV - [2011.08.10 16:05:24 | 000,596,424 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hardlock.sys -- (hardlock)
DRV - [2010.11.18 02:36:02 | 000,021,744 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Program Files\Dell Support Center\pcdsrvc.pkms -- (PCDSRVC{E9D79540-57D5953E-06020101}_0)
DRV - [2010.07.25 19:47:52 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2009.10.20 20:19:44 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (NPF)
DRV - [2009.03.25 17:48:00 | 000,114,728 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mdm.sys -- (s1018mdm)
DRV - [2009.03.25 17:48:00 | 000,109,864 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018unic.sys -- (s1018unic)
DRV - [2009.03.25 17:48:00 | 000,106,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mgmt.sys -- (s1018mgmt)
DRV - [2009.03.25 17:48:00 | 000,104,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018obex.sys -- (s1018obex)
DRV - [2009.03.25 17:48:00 | 000,086,824 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018bus.sys -- (s1018bus)
DRV - [2009.03.25 17:48:00 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018nd5.sys -- (s1018nd5)
DRV - [2009.03.25 17:48:00 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mdfl.sys -- (s1018mdfl)
DRV - [2009.03.13 12:55:26 | 000,238,208 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\akshasp.sys -- (akshasp)
DRV - [2008.06.23 14:45:44 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2008.05.04 11:25:24 | 000,164,400 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008.03.06 09:58:44 | 000,111,616 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV - [2008.02.29 13:51:30 | 000,460,544 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PAC7302.SYS -- (PAC7302)
DRV - [2008.01.21 04:23:25 | 000,251,904 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTBS23.SYS -- (VSTHWBS2)
DRV - [2008.01.21 04:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2007.11.12 13:07:28 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007.09.06 18:35:16 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007.09.06 18:35:14 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007.09.06 18:35:12 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007.07.06 07:59:24 | 000,017,536 | ---- | M] (Olivetti-Engineering SA) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\desrvusb.sys -- (DESVUSB)
DRV - [2006.11.02 09:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7DADE
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://partnerpage.google.com/dell.com/de_de?hl=de&client=dell-row&channel=de&ibd=2081104"
FF - prefs.js..extensions.enabledAddons: %7B59c81df5-4b7a-477b-912d-4e0fdf64e5f2%7D:0.9.90
FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.9
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.6.2
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.15
FF - prefs.js..extensions.enabledAddons: %7B19503e42-ca3c-4c27-b1e2-9cdb2170ee34%7D:1.5.5.5
FF - prefs.js..extensions.enabledAddons: %7Ba7c6cf7f-112c-4500-a7ea-39801a327e5f%7D:2.0.16
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}:0.9.86.1
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.9.2
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.2
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.1.0.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.91
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.06.18 17:11:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.06.18 17:36:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.05.27 20:41:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.06.18 17:11:45 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.06.18 17:36:01 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.05.27 20:41:24 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2008.11.17 11:15:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kolja\AppData\Roaming\mozilla\Extensions
[2009.09.22 20:35:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kolja\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions
[2009.09.22 20:13:44 | 000,000,000 | ---D | M] (CS Lite) -- C:\Users\Kolja\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\{00084897-021a-4361-8423-083407a033e0}
[2009.09.22 20:13:42 | 000,000,000 | ---D | M] (JonDoFox) -- C:\Users\Kolja\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\{437be45a-4114-11dd-b9ab-71d256d89593}
[2009.09.22 20:13:45 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\Kolja\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2009.09.22 20:13:44 | 000,000,000 | ---D | M] (Dr.Web anti-virus link checker) -- C:\Users\Kolja\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\{6614d11d-d21d-b211-ae23-815234e1ebb5}
[2008.12.28 19:57:25 | 000,000,000 | ---D | M] (SafeCache) -- C:\Users\Kolja\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\{670a77c5-010e-4476-a8ce-d09171318839}
[2009.09.22 20:22:04 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Kolja\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2008.12.28 19:57:25 | 000,000,000 | ---D | M] (Temporary Inbox) -- C:\Users\Kolja\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\{ac1e10b8-206d-4746-a18e-0483852dc20b}
[2009.09.22 20:13:44 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Kolja\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2008.12.28 19:57:24 | 000,000,000 | ---D | M] (Media Pirate - The video downloader) -- C:\Users\Kolja\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\{cc265d3d-3f6f-0170-a78b-bbbaef7a868c}
[2009.09.22 20:13:43 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Kolja\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2008.12.28 19:57:24 | 000,000,000 | ---D | M] (Menu Editor) -- C:\Users\Kolja\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\{EDA7B1D7-F793-4e03-B074-E6F303317FB0}
[2009.09.22 20:13:44 | 000,000,000 | ---D | M] (DT Whois) -- C:\Users\Kolja\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\beysim@beysim.net
[2009.09.22 20:13:43 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Kolja\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\elemhidehelper@adblockplus.org
[2008.12.28 19:58:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kolja\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\toolbar_extras@de.yahoo.com
[2013.06.16 08:40:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kolja\AppData\Roaming\mozilla\Firefox\Profiles\v8p38qw0.default\extensions
[2013.02.09 11:55:24 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\Kolja\AppData\Roaming\mozilla\Firefox\Profiles\v8p38qw0.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2013.05.31 12:26:43 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Kolja\AppData\Roaming\mozilla\Firefox\Profiles\v8p38qw0.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.04.25 11:31:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kolja\AppData\Roaming\mozilla\Firefox\Profiles\v8p38qw0.default\extensions\nostmp
[2009.10.15 10:28:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kolja\AppData\Roaming\mozilla\Sunbird\Profiles\2l39cm7p.default\extensions
[2009.06.09 10:37:02 | 000,000,000 | ---D | M] (MinimizeToTray [de]) -- C:\Users\Kolja\AppData\Roaming\mozilla\Sunbird\Profiles\2l39cm7p.default\extensions\{31513E58-F253-47ad-86DB-D5F21E905429}
[2009.07.09 23:00:50 | 000,000,000 | ---D | M] (Update Notifier [de]) -- C:\Users\Kolja\AppData\Roaming\mozilla\Sunbird\Profiles\2l39cm7p.default\extensions\{95f24680-9e31-11da-a746-0800200c9a66}
[2009.06.17 10:21:25 | 000,000,000 | ---D | M] (Minimize To Tray Enhancer) -- C:\Users\Kolja\AppData\Roaming\mozilla\Sunbird\Profiles\2l39cm7p.default\extensions\{de1b245c-de57-11da-ba2d-0050c2490048}
[2013.06.12 15:03:04 | 000,350,663 | ---- | M] () (No name found) -- C:\Users\Kolja\AppData\Roaming\mozilla\firefox\profiles\v8p38qw0.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi
[2013.05.27 14:13:54 | 000,534,261 | ---- | M] () (No name found) -- C:\Users\Kolja\AppData\Roaming\mozilla\firefox\profiles\v8p38qw0.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2013.06.16 08:40:42 | 000,868,738 | ---- | M] () (No name found) -- C:\Users\Kolja\AppData\Roaming\mozilla\firefox\profiles\v8p38qw0.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi
[2013.05.09 20:46:52 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\Kolja\AppData\Roaming\mozilla\firefox\profiles\v8p38qw0.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.05.24 15:44:17 | 000,269,448 | ---- | M] () (No name found) -- C:\Users\Kolja\AppData\Roaming\mozilla\firefox\profiles\v8p38qw0.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2009.05.21 14:43:50 | 000,000,931 | ---- | M] () -- C:\Users\Kolja\AppData\Roaming\mozilla\firefox\profiles\v8p38qw0.default\searchplugins\dictionary.xml
[2013.05.19 00:06:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013.05.19 00:06:20 | 000,000,000 | ---D | M] (Yahoo! Deutschland Toolbar und Extras) -- C:\Program Files\Mozilla Firefox\extensions\toolbar_extras@de.yahoo.com
[2013.05.19 00:06:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013.05.19 00:06:40 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
O1 HOSTS File: ([2013.06.16 20:09:10 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [ECenter] C:\DELL\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PAC7302_Monitor] C:\Windows\PixArt\PAC7302\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AD66A9BC-A675-4792-BF15-AD0D3DE488A0}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B132EC71-7A1A-4CAE-97C1-5ECE0779137E}: DhcpNameServer = 192.168.2.1
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll) -  File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Users\Kolja\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Kolja\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.05.07 06:18:40 | 000,000,000 | ---D | M] - C:\AutoCAD 2006 -- [ NTFS ]
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...com [@ = ComFile] -- Reg Error: Key error. File not found
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.06.18 22:37:50 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2013.06.18 22:24:06 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2013.06.18 22:24:06 | 000,000,000 | ---D | C] -- C:\Users\Kolja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2013.06.18 22:23:41 | 009,171,472 | ---- | C] (SurfRight B.V.) -- C:\Users\Kolja\Desktop\HitmanPro.exe
[2013.06.18 14:08:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013.06.18 14:08:10 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013.06.18 14:04:17 | 004,378,864 | ---- | C] (Piriform Ltd) -- C:\Users\Kolja\Desktop\ccsetup402.exe
[2013.06.17 15:26:48 | 000,000,000 | ---D | C] -- C:\Users\Kolja\AppData\Roaming\Malwarebytes
[2013.06.17 15:26:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.06.17 15:26:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.06.17 15:26:16 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.06.17 15:26:16 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013.06.17 15:24:30 | 010,285,040 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Kolja\Desktop\mbam-setup-1.75.0.1300.exe
[2013.06.16 20:12:45 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.06.16 19:51:58 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.06.16 19:51:58 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.06.16 19:51:58 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.06.16 19:51:52 | 000,000,000 | ---D | C] -- C:\ComboFix
[2013.06.16 19:51:48 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.06.16 19:51:05 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.06.16 19:48:35 | 005,080,151 | R--- | C] (Swearware) -- C:\Users\Kolja\Desktop\ComboFix.exe
[2013.06.16 16:51:05 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Kolja\Desktop\tdsskiller.exe
[2013.06.16 13:50:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2013.06.16 12:41:48 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Kolja\Desktop\OTL.exe
[2013.06.16 12:25:12 | 000,000,000 | ---D | C] -- C:\Users\Kolja\Desktop\Blacole Scan
[2013.06.14 18:47:28 | 000,000,000 | ---D | C] -- C:\Users\Kolja\Desktop\Lexware Unterlagen
[2013.06.12 18:07:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\D-Fend Reloaded
[2013.06.12 18:06:54 | 000,000,000 | ---D | C] -- C:\Users\Kolja\D-Fend Reloaded
[2013.06.12 18:06:53 | 000,000,000 | ---D | C] -- C:\Program Files\D-Fend Reloaded
[2013.06.12 17:46:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Greenwood Entertainment
[2013.06.12 17:45:57 | 000,000,000 | ---D | C] -- C:\Program Files\Der Planer 1
[2013.05.27 20:41:24 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird
 
========== Files - Modified Within 30 Days ==========
 
[2013.06.19 21:41:29 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.19 21:41:29 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.19 21:41:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.06.19 21:41:19 | 3210,784,768 | -HS- | M] () -- C:\hiberfil.sys
[2013.06.19 13:09:43 | 000,000,422 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2013.06.18 22:24:07 | 000,001,019 | ---- | M] () -- C:\Users\Kolja\Desktop\Revo Uninstaller.lnk
[2013.06.18 22:24:01 | 009,171,472 | ---- | M] (SurfRight B.V.) -- C:\Users\Kolja\Desktop\HitmanPro.exe
[2013.06.18 20:18:35 | 000,648,201 | ---- | M] () -- C:\Users\Kolja\Desktop\adwcleaner.exe
[2013.06.18 14:04:24 | 004,378,864 | ---- | M] (Piriform Ltd) -- C:\Users\Kolja\Desktop\ccsetup402.exe
[2013.06.18 03:04:25 | 000,644,298 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.06.18 03:04:25 | 000,609,156 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.06.18 03:04:25 | 000,134,004 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.06.18 03:04:25 | 000,110,290 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.06.17 15:24:54 | 010,285,040 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Kolja\Desktop\mbam-setup-1.75.0.1300.exe
[2013.06.16 20:09:10 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013.06.16 19:49:01 | 005,080,151 | R--- | M] (Swearware) -- C:\Users\Kolja\Desktop\ComboFix.exe
[2013.06.16 16:51:09 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Kolja\Desktop\tdsskiller.exe
[2013.06.16 13:27:50 | 000,377,856 | ---- | M] () -- C:\Users\Kolja\Desktop\gmer_2.1.19163.exe
[2013.06.16 12:41:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kolja\Desktop\OTL.exe
[2013.06.16 12:30:02 | 000,000,020 | ---- | M] () -- C:\Users\Kolja\defogger_reenable
[2013.06.16 12:28:30 | 000,050,477 | ---- | M] () -- C:\Users\Kolja\Desktop\Defogger.exe
[2013.06.14 18:40:57 | 000,131,790 | ---- | M] () -- C:\Users\Kolja\Desktop\login_seite.jpg
[2013.06.12 17:48:49 | 000,000,770 | ---- | M] () -- C:\Users\Public\Desktop\Der Planer 1.lnk
[2013.06.08 23:57:14 | 000,304,160 | ---- | M] () -- C:\PA7302.DAT
[2013.06.01 21:07:48 | 000,006,156 | ---- | M] () -- C:\Users\Kolja\Desktop\C -Dokumente und Einstellungen-Mipo-Desktop-MIPOKOKO-Liege-1.pdf
[2013.05.27 20:41:59 | 000,384,187 | ---- | M] () -- C:\Users\Kolja\Desktop\RG Gutschein gemindert0001.pdf
[2013.05.20 22:37:47 | 009,274,969 | ---- | M] () -- C:\Users\Kolja\Desktop\pka.pdf
 
========== Files Created - No Company Name ==========
 
[2013.06.18 22:24:07 | 000,001,019 | ---- | C] () -- C:\Users\Kolja\Desktop\Revo Uninstaller.lnk
[2013.06.18 20:18:35 | 000,648,201 | ---- | C] () -- C:\Users\Kolja\Desktop\adwcleaner.exe
[2013.06.16 19:51:58 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.06.16 19:51:58 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.06.16 19:51:58 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.06.16 19:51:58 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.06.16 19:51:58 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.06.16 13:27:49 | 000,377,856 | ---- | C] () -- C:\Users\Kolja\Desktop\gmer_2.1.19163.exe
[2013.06.16 12:29:37 | 000,000,020 | ---- | C] () -- C:\Users\Kolja\defogger_reenable
[2013.06.16 12:28:29 | 000,050,477 | ---- | C] () -- C:\Users\Kolja\Desktop\Defogger.exe
[2013.06.14 18:40:57 | 000,131,790 | ---- | C] () -- C:\Users\Kolja\Desktop\login_seite.jpg
[2013.06.12 17:46:05 | 000,000,770 | ---- | C] () -- C:\Users\Public\Desktop\Der Planer 1.lnk
[2013.06.01 21:07:48 | 000,006,156 | ---- | C] () -- C:\Users\Kolja\Desktop\C -Dokumente und Einstellungen-Mipo-Desktop-MIPOKOKO-Liege-1.pdf
[2013.05.27 20:41:59 | 000,384,187 | ---- | C] () -- C:\Users\Kolja\Desktop\RG Gutschein gemindert0001.pdf
[2013.05.20 22:37:28 | 009,274,969 | ---- | C] () -- C:\Users\Kolja\Desktop\pka.pdf
[2012.09.11 23:03:00 | 000,005,870 | ---- | C] () -- C:\Users\Kolja\AppData\Local\recently-used.xbel
[2012.05.01 21:49:26 | 000,164,193 | ---- | C] () -- C:\Windows\hpoins19.dat
[2012.05.01 21:48:51 | 000,026,952 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2012.04.18 22:06:06 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CBNDLL.DLL
[2012.04.18 22:03:11 | 000,343,040 | ---- | C] () -- C:\Windows\System32\lffpx7.dll
[2012.04.18 22:03:11 | 000,116,736 | ---- | C] () -- C:\Windows\System32\lfkodak.dll
[2012.04.18 22:03:11 | 000,068,096 | ---- | C] () -- C:\Windows\System32\lfplt11n.dll
[2012.04.17 21:52:31 | 000,032,256 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2012.03.05 12:46:48 | 000,000,600 | ---- | C] () -- C:\Users\Kolja\AppData\Roaming\winscp.rnd
[2011.08.29 20:43:55 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2011.08.29 20:43:55 | 000,045,056 | ---- | C] () -- C:\Windows\System32\unredmon.exe
[2011.02.20 14:52:54 | 000,000,093 | ---- | C] () -- C:\Users\Kolja\AppData\Local\fusioncache.dat
[2011.01.18 20:10:22 | 000,000,428 | ---- | C] () -- C:\Users\Kolja\cademia.ini
[2010.10.23 14:47:45 | 000,011,247 | ---- | C] () -- C:\Users\Kolja\gsview32.ini
[2010.08.31 15:49:51 | 000,000,106 | ---- | C] () -- C:\Users\Kolja\.bouml
[2010.08.31 15:48:19 | 000,000,150 | ---- | C] () -- C:\Users\Kolja\.boumlrc
[2009.05.15 11:30:23 | 000,010,599 | ---- | C] () -- C:\Users\Kolja\_elster_2048.pfx
[2008.12.30 22:21:13 | 000,000,796 | ---- | C] () -- C:\Users\Kolja\AppData\Roaming\wklnhst.dat
[2008.12.28 20:05:13 | 000,403,052 | ---- | C] () -- C:\Users\Kolja\jap.conf
[2008.12.21 17:04:40 | 000,006,648 | ---- | C] () -- C:\Users\Kolja\AppData\Local\d3d9caps.dat
[2008.11.17 15:09:30 | 000,024,064 | ---- | C] () -- C:\Users\Kolja\AppData\Roaming\UserTile.png
[2008.11.17 12:22:07 | 000,120,832 | ---- | C] () -- C:\Users\Kolja\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012.05.05 22:57:44 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\Audacity
[2011.07.02 18:21:07 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\Autodesk
[2011.11.13 14:12:42 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\CheckPoint
[2008.12.21 17:07:08 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\DAEMON Tools
[2013.06.18 20:38:35 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\DAEMON Tools Lite
[2008.12.21 17:07:08 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\DAEMON Tools Pro
[2010.02.22 19:02:29 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\DeepBurner
[2011.02.15 21:21:20 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\DVDVideoSoft
[2011.05.19 17:55:24 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\elsterformular
[2009.10.05 15:42:27 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\FLV Extract
[2013.06.14 18:46:01 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\foobar2000
[2011.08.29 20:43:52 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\FreePDF
[2013.06.18 17:10:12 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\FVZilla
[2013.06.18 19:58:19 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\GrooveWalrus
[2012.09.03 20:54:52 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\gtk-2.0
[2013.06.18 20:38:27 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\inkscape
[2009.06.22 18:53:37 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\IrfanView
[2009.09.22 19:55:53 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\JonDo
[2009.03.16 16:14:23 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\KhomsanPh
[2009.08.10 17:29:39 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\Miranda
[2012.03.30 22:44:14 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\Notepad++
[2008.11.17 11:31:08 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\OpenOffice.org
[2010.12.12 15:23:46 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\PCDr
[2008.11.17 15:09:29 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\PeerNetworking
[2009.03.28 10:05:44 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\rockbox.org
[2011.11.20 20:16:27 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\Sony
[2011.11.20 20:23:41 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\Sony Setup
[2010.05.12 16:25:30 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\Subversion
[2008.12.30 22:21:14 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\Template
[2010.08.18 10:12:07 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\TheLastRipper
[2012.03.08 18:53:57 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\Thunderbird
[2010.04.30 15:11:41 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\Transcend
[2010.10.14 10:52:41 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\UDP Software
[2012.10.28 22:02:44 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\UFOAI
[2009.08.01 18:39:06 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\Uniblue
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---

Antwort

Themen zu JS/Blacole.GB.158 Infektion
32 bit, bds/offend.691503, bluescreen, converter, downloader, dr.web, flash player, funktioniert nicht mehr, install.exe, js/blacole.gb.158, monitor.exe, officejet, programm, recuva, required, secunia psi, sttray.exe, svchost.exe, tr/agent.25088.133, tr/offend.6739421, tr/offend.6739549, tr/offend.6741778, tr/offend.6744850, tr/offend.6834930, tr/offend.6835015, tr/offend.6877699, tr/offend.6959315.1, trojan.downloader, visual studio, warnung, windows



Ähnliche Themen: JS/Blacole.GB.158 Infektion


  1. Avast: Infektion blockiert , Infektion: URL:Mal (bei Ebay.de)
    Plagegeister aller Art und deren Bekämpfung - 21.05.2014 (3)
  2. JS/Blacole.EB.11
    Plagegeister aller Art und deren Bekämpfung - 29.07.2013 (15)
  3. JS/Blacole.DH.2
    Plagegeister aller Art und deren Bekämpfung - 28.06.2013 (4)
  4. Exploit:JS/Blacole.GB entfernen, Wie?
    Plagegeister aller Art und deren Bekämpfung - 21.05.2013 (11)
  5. JS/Blacole.GB.105
    Log-Analyse und Auswertung - 01.03.2013 (17)
  6. Exploit:JS/Blacole.KH
    Plagegeister aller Art und deren Bekämpfung - 15.01.2013 (25)
  7. Exploit:JS/Blacole.kh
    Plagegeister aller Art und deren Bekämpfung - 22.12.2012 (23)
  8. EXP/JS.blacole.dt
    Plagegeister aller Art und deren Bekämpfung - 10.11.2012 (3)
  9. JS:Blacole-AR [TrJ] (Engine B) auf 2 PCs
    Plagegeister aller Art und deren Bekämpfung - 09.09.2012 (17)
  10. Kann nicht mehr auf die Kontoeinstellungen meines Google Accounts zugreifen ! Infektion: JS:Blacole-AV [Trj]
    Plagegeister aller Art und deren Bekämpfung - 04.09.2012 (21)
  11. AW: JS:Blacole-AR [TrJ] (Engine B) (auf 2. PC)
    Plagegeister aller Art und deren Bekämpfung - 04.09.2012 (9)
  12. Kein Zugriff auf die Kontoeinstellungen meines Google Accounts: Infektion: JS:Blacole-AV [Trj]
    Plagegeister aller Art und deren Bekämpfung - 31.08.2012 (1)
  13. Exploit:JS/Blacole.HP
    Log-Analyse und Auswertung - 05.08.2012 (25)
  14. (2x) JS/Blacole.P gefunden - was tun?
    Mülltonne - 02.07.2012 (1)
  15. JS/Blacole.P gefunden - was tun?
    Log-Analyse und Auswertung - 02.07.2012 (1)
  16. Exploit.Java.Blacole
    Plagegeister aller Art und deren Bekämpfung - 31.10.2011 (10)
  17. Exploit:JS/Blacole.A
    Plagegeister aller Art und deren Bekämpfung - 22.10.2011 (5)

Zum Thema JS/Blacole.GB.158 Infektion - Hallo Board, ich benötige bitte Hilfe bei der Bereinigung einer JS/Blacole.GB.158 Infektion. Die Infektion besteht vermutlich seit dem 14.06. durch Besuch eines gehackten Forums. Der Admin hat darauf hingewiesen, dass - JS/Blacole.GB.158 Infektion...
Archiv
Du betrachtest: JS/Blacole.GB.158 Infektion auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.