|
Log-Analyse und Auswertung: JS/BlacoleRef.CZ.19 in Browsercache innerhalb SandboxWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
31.05.2013, 12:56 | #1 |
| JS/BlacoleRef.CZ.19 in Browsercache innerhalb Sandbox Hallo zusammen, da ihr mir beim letzten mal so unheimlich gut geholfen habt, als ich ein größeres Problem hatte, wende ich mich erneut an euch. Ich habe seit dem letzten größeren Vorfall meinen Rechner mit diversen Sicherheitsmaßnahmen, die ihr mir empfohlen habt, aufgerüstet. Das hat auch bestens gewirkt, ich war ganze 2 Jahre frei von jeglichen Viren trotz intensivem Internetgebrauch. Gestern Abend war es dann leider wieder einmal soweit und Avira hat Alarm geschlagen. Ich habe bei der interaktiven Meldung jedesmal auf "entfernen" geklickt, etwa 20 sekunden später wurde erneut ein Fund derselben Datei gemeldet. Das ganze hat sich etwa 10 mal wiederholt. Die Dateien sind alle in der Avira-Quarantäne gelandet, wo sie auch jetzt noch liegen. Ich habe den Browsercache (Opera) und den Inhalt der Sandbox (Sandboxie) gelöscht. Anschließend folgte ein Quickscan mit Malwarebytes - kein Fund. Da ich auf Nummer sicher gehen möchte, würde ich euch bitten, mal über die nachfolgenden Logfiles drüberzuschauen, die ich nach eurer Anleitung angefertigt habe. Screenshot der Avira-Quarantäne mit Dateiname und Pfad siehe Anhang. Der Defogger hat keine Fehlermeldung ausgegeben, hier trotzdem der Inhalt des logfile: defogger_disable by jpshortstuff (23.02.10.1) Log created at 11:22 on 31/05/2013 (Admin OD) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- ___________________________________________________________________________ OTL.txt: OTL logfile created on: 31.05.2013 11:25:11 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Oli\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,87 Gb Total Physical Memory | 1,02 Gb Available Physical Memory | 54,47% Memory free 3,99 Gb Paging File | 2,99 Gb Available in Paging File | 74,96% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 92,21 Gb Total Space | 50,32 Gb Free Space | 54,57% Space Free | Partition Type: NTFS Drive D: | 45,12 Gb Total Space | 31,26 Gb Free Space | 69,28% Space Free | Partition Type: NTFS Computer Name: HOME | User Name: Admin OD | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.05.31 11:23:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Oli\Desktop\OTL.exe PRC - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2013.05.07 17:46:04 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2013.04.05 17:02:38 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2013.04.05 17:02:11 | 000,079,584 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2013.04.05 17:02:06 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2013.01.09 18:36:06 | 000,795,208 | ---- | M] (pdfforge GbR) -- C:\Programme\PDF Architect\ConversionService.exe PRC - [2013.01.09 18:34:26 | 001,324,104 | ---- | M] (pdfforge GbR) -- C:\Programme\PDF Architect\HelperService.exe PRC - [2012.02.06 14:24:20 | 000,451,856 | ---- | M] (SANDBOXIE L.T.D) -- C:\Programme\Sandboxie\SbieCtrl.exe PRC - [2012.02.06 14:24:18 | 000,074,512 | ---- | M] (SANDBOXIE L.T.D) -- C:\Programme\Sandboxie\SbieSvc.exe PRC - [2012.01.17 19:49:08 | 000,270,672 | ---- | M] () -- C:\Programme\1&1 Surf-Stick\AssistantServices.exe PRC - [2011.04.19 08:44:40 | 000,993,848 | ---- | M] (Secunia) -- C:\Programme\Secunia\PSI\psia.exe PRC - [2011.04.19 08:44:40 | 000,399,416 | ---- | M] (Secunia) -- C:\Programme\Secunia\PSI\sua.exe PRC - [2011.04.19 08:44:40 | 000,291,896 | ---- | M] (Secunia) -- C:\Programme\Secunia\PSI\psi_tray.exe PRC - [2011.03.28 20:31:16 | 000,193,920 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE PRC - [2011.03.28 20:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE PRC - [2011.03.28 11:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft\BingBar\SeaPort.EXE PRC - [2010.05.04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Programme\Nero\Update\NASvc.exe PRC - [2010.03.23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe PRC - [2009.04.10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.04.10 23:27:30 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2008.01.18 23:33:40 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2008.01.18 23:33:40 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe ========== Modules (No Company Name) ========== MOD - [2013.05.16 19:44:22 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\3da65115bf9debbf564861f6b123a2e4\System.Configuration.ni.dll MOD - [2013.05.16 19:20:44 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\e9ea3e70247b4aa4a8b260426db3aa6b\System.Windows.Forms.ni.dll MOD - [2013.02.15 16:42:52 | 011,820,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\421cb77e6a4c21f94e3c5ddf766de23b\System.Web.ni.dll MOD - [2013.01.13 22:43:57 | 000,011,776 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.HydraVision.Runtime\2.0.3693.42552__90ba9c70f846762e\CLI.Caste.HydraVision.Runtime.dll MOD - [2013.01.13 22:43:57 | 000,008,704 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.HydraVision.Shared\2.0.3693.42552__90ba9c70f846762e\CLI.Caste.HydraVision.Shared.dll MOD - [2013.01.13 22:43:57 | 000,007,680 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.HydraVision.Wizard\2.0.3693.42556__90ba9c70f846762e\CLI.Caste.HydraVision.Wizard.dll MOD - [2013.01.13 22:43:57 | 000,007,680 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.HydraVision.Dashboard\2.0.3693.42552__90ba9c70f846762e\CLI.Caste.HydraVision.Dashboard.dll MOD - [2013.01.13 22:43:56 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3693.42456__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll MOD - [2013.01.13 22:43:55 | 001,728,512 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3693.42460__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dl l MOD - [2013.01.13 22:43:55 | 000,290,816 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3693.42442__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll MOD - [2013.01.13 22:43:55 | 000,204,800 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3693.42461__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll MOD - [2013.01.13 22:43:55 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3693.42451__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime. dll MOD - [2013.01.13 22:43:54 | 000,364,544 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Wizard\2.0.3693.42522__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Wizard.dll MOD - [2013.01.13 22:43:54 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3693.42517__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll MOD - [2013.01.13 22:43:54 | 000,069,632 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3693.42499__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll MOD - [2013.01.13 22:43:54 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3693.42486__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dl l MOD - [2013.01.13 22:43:53 | 000,491,520 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3693.42537__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll MOD - [2013.01.13 22:43:53 | 000,139,264 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3693.42537__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll MOD - [2013.01.13 22:43:53 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3693.42450__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll MOD - [2013.01.13 22:43:52 | 000,364,544 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3693.42504__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll MOD - [2013.01.13 22:43:52 | 000,094,208 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3693.42504__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll MOD - [2013.01.13 22:43:52 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3693.42503__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll MOD - [2013.01.13 22:43:51 | 000,147,456 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2.0.3693.42536__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard. dll MOD - [2013.01.13 22:43:51 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlay3.Graphics.Runtime\2.0.3693.42499__90ba9c70f846762e\CLI.Aspect.PowerPlay3.Graphics.Runtime.dll MOD - [2013.01.13 22:43:51 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3693.42536__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll MOD - [2013.01.13 22:43:48 | 000,811,008 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3693.42488__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll MOD - [2013.01.13 22:43:48 | 000,712,704 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3693.42452__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashbo ard.dll MOD - [2013.01.13 22:43:48 | 000,405,504 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3693.42512__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll MOD - [2013.01.13 22:43:48 | 000,225,280 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3693.42462__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll MOD - [2013.01.13 22:43:48 | 000,126,976 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3693.42496__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashbo ard.dll MOD - [2013.01.13 22:43:48 | 000,081,920 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3693.42487__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll MOD - [2013.01.13 22:43:48 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3693.42496__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime. dll MOD - [2013.01.13 22:43:47 | 000,798,720 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Dashboard\2.0.3693.42518__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Dashboard.dll MOD - [2013.01.13 22:43:47 | 000,589,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3693.42462__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashbo ard.dll MOD - [2013.01.13 22:43:47 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3693.42498__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll MOD - [2013.01.13 22:43:47 | 000,307,200 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3693.42466__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll MOD - [2013.01.13 22:43:47 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3693.42466__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime. dll MOD - [2013.01.13 22:43:47 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3693.42497__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll MOD - [2013.01.13 22:43:46 | 000,438,272 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3693.42487__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll MOD - [2013.01.13 22:43:46 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3693.42486__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll MOD - [2013.01.13 22:43:46 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3693.42487__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll MOD - [2013.01.13 22:43:45 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3309.28617__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll MOD - [2013.01.13 22:43:45 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3309.28608__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll MOD - [2013.01.13 22:43:45 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3309.28629__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll MOD - [2013.01.13 22:43:45 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3309.28645__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll MOD - [2013.01.13 22:43:45 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3309.28647__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll MOD - [2013.01.13 22:43:45 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3309.28627__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll MOD - [2013.01.13 22:43:44 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3309.28647__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll MOD - [2013.01.13 22:43:44 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll MOD - [2013.01.13 22:43:42 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3309.28601__90ba9c70f846762e\LOG.Foundation.dll MOD - [2013.01.13 22:43:42 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3309.28603__90ba9c70f846762e\NEWAEM.Foundation.dll MOD - [2013.01.13 22:43:42 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3309.28630__90ba9c70f846762e\DEM.OS.I0602.dll MOD - [2013.01.13 22:43:42 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3309.28626__90ba9c70f846762e\MOM.Foundation.dll MOD - [2013.01.13 22:43:42 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.3309.28645__90ba9c70f846762e\DEM.OS.dll MOD - [2013.01.13 22:43:42 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll MOD - [2013.01.13 22:43:41 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3309.28604__90ba9c70f846762e\CLI.Foundation.dll MOD - [2013.01.13 22:43:41 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll MOD - [2013.01.13 22:43:41 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3309.28669__90ba9c70f846762e\CLI.Foundation.XManifest.dll MOD - [2013.01.13 22:43:41 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3309.28620__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll MOD - [2013.01.13 22:43:41 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3309.28617__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll MOD - [2013.01.13 22:43:41 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3309.28630__90ba9c70f846762e\DEM.Graphics.dll MOD - [2013.01.13 22:43:41 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll MOD - [2013.01.13 22:43:40 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3309.28618__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll MOD - [2013.01.13 22:43:40 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3309.28611__90ba9c70f846762e\CLI.Component.Client.Shared.dll MOD - [2013.01.13 22:43:40 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3309.28617__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll MOD - [2013.01.13 22:43:40 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3309.28631__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll MOD - [2013.01.13 22:43:40 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3309.28630__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll MOD - [2013.01.13 22:43:39 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3309.28636__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll MOD - [2013.01.13 22:43:39 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3309.28644__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll MOD - [2013.01.13 22:43:39 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.3309.28644__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll MOD - [2013.01.13 22:43:39 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlay3.Graphics.Shared\2.0.3309.28635__90ba9c70f846762e\CLI.Aspect.PowerPlay3.Graphics.Shared.dll MOD - [2013.01.13 22:43:38 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3309.28634__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll MOD - [2013.01.13 22:43:38 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3309.28632__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dl l MOD - [2013.01.13 22:43:38 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3309.28635__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dl l MOD - [2013.01.13 22:43:38 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3309.28630__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dl l MOD - [2013.01.13 22:43:37 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3309.28636__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll MOD - [2013.01.13 22:43:37 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3309.28634__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll MOD - [2013.01.13 22:43:37 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3309.28634__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll MOD - [2013.01.13 22:43:37 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3309.28636__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll MOD - [2013.01.13 22:43:37 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3309.28624__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll MOD - [2013.01.13 22:43:37 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3309.28630__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll MOD - [2013.01.13 22:43:36 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3309.28627__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll MOD - [2013.01.13 22:43:36 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3309.28626__90ba9c70f846762e\APM.Foundation.dll MOD - [2013.01.13 22:43:36 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3309.28617__90ba9c70f846762e\AEM.Server.Shared.dll MOD - [2013.01.13 22:43:35 | 000,503,808 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Implementation\2.0.3693.42564__90ba9c70f846762e\ResourceManagement.Foundation.Implementatio n.dll MOD - [2013.01.13 22:43:35 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3693.42545__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll MOD - [2013.01.13 22:43:35 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll MOD - [2013.01.13 22:43:35 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3693.42437__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll MOD - [2013.01.13 22:43:34 | 000,106,496 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3693.42531__90ba9c70f846762e\MOM.Implementation.dll MOD - [2013.01.13 22:43:34 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3309.28612__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll MOD - [2013.01.13 22:43:34 | 000,014,848 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll MOD - [2013.01.13 22:43:34 | 000,013,312 | ---- | M] () -- C:\Windows\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll MOD - [2013.01.13 22:43:32 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3693.42530__90ba9c70f846762e\LOG.Foundation.Implementation.dll MOD - [2013.01.13 22:43:32 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3309.28614__90ba9c70f846762e\LOG.Foundation.Private.dll MOD - [2013.01.13 22:43:32 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3309.28626__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll MOD - [2013.01.13 22:43:31 | 000,544,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3693.42525__90ba9c70f846762e\CLI.Component.Systemtray.dll MOD - [2013.01.13 22:43:31 | 000,405,504 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3693.42455__90ba9c70f846762e\CLI.Component.Wizard.dll MOD - [2013.01.13 22:43:31 | 000,081,920 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3693.42440__90ba9c70f846762e\CLI.Component.Runtime.dll MOD - [2013.01.13 22:43:31 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3693.42441__90ba9c70f846762e\CLI.Component.SkinFactory.dll MOD - [2013.01.13 22:43:31 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3309.28628__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll MOD - [2013.01.13 22:43:31 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3309.28608__90ba9c70f846762e\CLI.Foundation.Private.dll MOD - [2013.01.13 22:43:31 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3309.28627__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll MOD - [2013.01.13 22:43:30 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3309.28624__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll MOD - [2013.01.13 22:43:29 | 001,142,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3693.42446__90ba9c70f846762e\CLI.Component.Dashboard.dll MOD - [2013.01.13 22:43:29 | 000,081,920 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.3693.42440__90ba9c70f846762e\ATIDEMOS.dll MOD - [2013.01.13 22:43:29 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3693.42439__90ba9c70f846762e\APM.Server.dll MOD - [2013.01.13 22:43:29 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3309.28621__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll MOD - [2013.01.13 22:43:29 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll MOD - [2013.01.13 22:43:29 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3693.42531__90ba9c70f846762e\CCC.Implementation.dll MOD - [2013.01.13 22:43:29 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3309.28637__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll MOD - [2013.01.13 22:43:28 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3693.42438__90ba9c70f846762e\AEM.Server.dll MOD - [2013.01.10 19:14:59 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\9b2eef59d0cfc5aff182d0951de5f040\Accessibility.ni.dll MOD - [2013.01.10 19:14:50 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b5df40c22ab563a816103629e2ca99d4\System.Runtime.Remoting.ni.dll MOD - [2013.01.10 19:12:40 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\b757806657fa5db2b1ed1a89b026b463\System.Xml.ni.dll MOD - [2013.01.10 19:09:31 | 001,593,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\78157a494dc9a7e52be8840decfcd9cc\System.Drawing.ni.dll MOD - [2013.01.10 19:04:22 | 007,977,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\cc149d08e75f8c53cd28ac926b38c370\System.ni.dll MOD - [2013.01.10 19:04:04 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\2227d1559f87943255069398608d5c56\mscorlib.ni.dll MOD - [2012.02.20 22:29:04 | 000,087,912 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2012.02.20 22:28:42 | 001,242,472 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2012.02.17 21:55:35 | 000,166,912 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll MOD - [2010.02.11 07:30:38 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll MOD - [2009.11.24 14:36:36 | 000,016,384 | R--- | M] () -- C:\Programme\ATI Technologies\ATI.ACE\Branding\Branding.dll MOD - [2009.03.29 21:42:14 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll MOD - [2009.03.29 21:42:12 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ========== Services (SafeList) ========== SRV - [2013.05.14 22:12:02 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013.04.05 17:02:38 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013.04.05 17:02:06 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2013.01.09 18:36:06 | 000,795,208 | ---- | M] (pdfforge GbR) [Auto | Running] -- C:\Programme\PDF Architect\ConversionService.exe -- (PDF Architect Service) SRV - [2013.01.09 18:34:26 | 001,324,104 | ---- | M] (pdfforge GbR) [Auto | Running] -- C:\Programme\PDF Architect\HelperService.exe -- (PDF Architect Helper Service) SRV - [2012.03.08 18:32:24 | 001,492,840 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Live\Family Safety\fsssvc.exe -- (fsssvc) SRV - [2012.02.06 14:24:18 | 000,074,512 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Programme\Sandboxie\SbieSvc.exe -- (SbieSvc) SRV - [2012.01.17 19:49:08 | 000,270,672 | ---- | M] () [Auto | Running] -- C:\Programme\1&1 Surf-Stick\AssistantServices.exe -- (UI Assistant Service) SRV - [2011.04.19 08:44:40 | 000,993,848 | ---- | M] (Secunia) [Auto | Running] -- C:\Programme\Secunia\PSI\psia.exe -- (Secunia PSI Agent) SRV - [2011.04.19 08:44:40 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Programme\Secunia\PSI\sua.exe -- (Secunia Update Agent) SRV - [2011.04.01 11:14:30 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Programme\Microsoft\BingBar\BBSvc.EXE -- (BBSvc) SRV - [2011.03.28 20:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2011.03.28 11:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft\BingBar\SeaPort.EXE -- (SeaPort) SRV - [2010.09.22 16:33:04 | 000,051,040 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV - [2010.05.04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Programme\Nero\Update\NASvc.exe -- (NAUpdate) SRV - [2010.03.23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND) SRV - [2008.01.18 23:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008.01.18 23:33:40 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive) DRV - [2013.04.05 17:02:43 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2013.04.05 17:02:43 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2013.04.05 17:02:43 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2012.08.27 15:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2012.02.06 14:24:16 | 000,133,392 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Programme\Sandboxie\SbieDrv.sys -- (SbieDrv) DRV - [2011.03.26 11:37:12 | 000,107,776 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k) DRV - [2011.03.26 11:37:12 | 000,107,776 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea) DRV - [2011.03.26 11:37:12 | 000,107,776 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k) DRV - [2011.03.26 11:37:12 | 000,009,216 | ---- | M] (MBB Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter) DRV - [2010.09.01 10:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\psi_mf.sys -- (PSI) DRV - [2010.06.23 09:21:32 | 000,259,176 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2010.03.23 13:15:36 | 000,308,859 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA) DRV - [2010.02.11 09:42:22 | 004,450,816 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300) DRV - [2010.02.11 09:42:22 | 004,450,816 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2009.10.26 15:09:06 | 001,095,936 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial) DRV - [2009.09.05 14:25:36 | 001,183,744 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2008.11.16 18:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE) DRV - [2008.10.09 15:42:42 | 000,017,408 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\KMWDFILTER.sys -- (KMWDFILTER) DRV - [2007.11.02 13:22:38 | 000,105,896 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s217unic.sys -- (s217unic) DRV - [2007.11.02 13:22:38 | 000,100,008 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s217obex.sys -- (s217obex) DRV - [2007.11.02 13:22:36 | 000,109,992 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s217mdm.sys -- (s217mdm) DRV - [2007.11.02 13:22:36 | 000,083,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s217bus.sys -- (s217bus) DRV - [2007.11.02 13:22:36 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s217mdfl.sys -- (s217mdfl) DRV - [2007.05.09 17:33:00 | 000,048,640 | ---- | M] (JMicron Technology Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\jraid.sys -- (JRAID) DRV - [2007.01.18 20:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.11.06 00:31:33 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\FFPDFArchitectConverter@pdfarchitect.com: C:\Program Files\PDF Architect\FFPDFArchitectExt [2013.02.04 20:41:13 | 000,000,000 | ---D | M] O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (PDF Architect Helper) - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Programme\PDF Architect\PDFIEHelper.dll (pdfforge GbR) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (PDF Architect Toolbar) - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Programme\PDF Architect\PDFIEPlugin.dll (pdfforge GbR) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\RunOnce: [*WerKernelReporting] C:\Windows\System32\WerFault.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation) O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab (Java Plug-in 10.21.2) O16 - DPF: {CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab (Java Plug-in 1.6.0_45) O16 - DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab (Java Plug-in 1.7.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab (Java Plug-in 1.7.0_21) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CA1EDF1D-15F7-49A9-AE12-B6FF5177D79D}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011.06.29 16:19:08 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ] O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.05.31 00:55:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.05.31 00:55:51 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2013.05.13 19:55:45 | 000,000,000 | ---D | C] -- C:\TEMP [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.05.31 11:22:21 | 000,000,000 | ---- | M] () -- C:\Users\Admin OD\defogger_reenable [2013.05.31 11:11:15 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.05.31 11:01:40 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013.05.31 11:01:40 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013.05.31 11:01:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.05.31 11:01:27 | 2011,283,456 | -HS- | M] () -- C:\hiberfil.sys [2013.05.21 12:14:41 | 000,628,746 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.05.21 12:14:41 | 000,596,000 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.05.21 12:14:41 | 000,126,264 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.05.21 12:14:41 | 000,104,074 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.05.16 19:16:09 | 000,260,232 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.05.31 11:22:21 | 000,000,000 | ---- | C] () -- C:\Users\Admin OD\defogger_reenable [2013.01.13 22:38:26 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.06.02 14:19:58 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll [2011.05.24 19:18:00 | 000,000,680 | ---- | C] () -- C:\Users\Admin OD\AppData\Local\d3d9caps.dat ========== ZeroAccess Check ========== [2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.10 23:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.10 23:28:26 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2013.04.07 12:15:29 | 000,000,000 | ---D | M] -- C:\Users\Admin OD\AppData\Roaming\elsterformular [2011.06.03 14:39:42 | 000,000,000 | ---D | M] -- C:\Users\Admin OD\AppData\Roaming\IrfanView [2011.06.02 14:15:17 | 000,000,000 | ---D | M] -- C:\Users\Admin OD\AppData\Roaming\OpenOffice.org [2011.05.25 12:28:43 | 000,000,000 | ---D | M] -- C:\Users\Admin OD\AppData\Roaming\Opera [2013.02.04 20:40:46 | 000,000,000 | ---D | M] -- C:\Users\Admin OD\AppData\Roaming\pdfforge ========== Purity Check ========== < End of report > _____________________________________________________________________________ Und Extras.txt: OTL Extras logfile created on: 31.05.2013 11:25:11 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Oli\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,87 Gb Total Physical Memory | 1,02 Gb Available Physical Memory | 54,47% Memory free 3,99 Gb Paging File | 2,99 Gb Available in Paging File | 74,96% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 92,21 Gb Total Space | 50,32 Gb Free Space | 54,57% Space Free | Partition Type: NTFS Drive D: | 45,12 Gb Total Space | 31,26 Gb Free Space | 69,28% Space Free | Partition Type: NTFS Computer Name: HOME | User Name: Admin OD | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software) https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{25A4C126-11F5-4410-A097-82E51A7004F2}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{D6EEDC8A-4BDC-4183-83F2-BFD74DA76B9E}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{24E7AADA-937C-434A-8381-9A53C836DA2D}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | "{38BDE4A9-B8ED-4F7F-8FE0-FA91304F64CD}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | "{53D4C678-2CBC-4E19-B3F5-7513AA6BC4DD}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | "{7D14E71C-367C-4743-8A4A-854BD8189BC8}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{7EC1E1F2-9E42-4DC6-A7F4-2DE34A467ABA}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | "{97C60BC3-CB86-4D8D-8562-45098C3898FD}" = dir=in | app=c:\program files\windows live\mesh\moe.exe | "{AF66168A-DE88-4919-ACBC-AF82F7AA1786}" = dir=in | app=c:\program files\itunes\itunes.exe | "{BC6E78B8-1716-4670-B0D8-5874CAEC177B}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{C14EEB08-8BD2-4523-96D3-5518286A9D8E}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{C673D8FF-DC0E-43E5-9321-8E1227409F57}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{C9E4A7F2-8C3B-4F32-BA91-F52F9F273ECC}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "TCP Query User{5ECB25D6-5FDA-41BC-B6CB-738288C448D7}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | "TCP Query User{64C7E58E-FE5D-4513-AF4C-50FD52E2F703}C:\users\oli\appdata\local\programs\opera\opera.exe" = protocol=6 | dir=in | app=c:\users\oli\appdata\local\programs\opera\opera.exe | "TCP Query User{8FDA510D-8EFF-4DB7-8E68-A38897103815}C:\users\oli\appdata\local\programs\opera\opera.exe" = protocol=6 | dir=in | app=c:\users\oli\appdata\local\programs\opera\opera.exe | "UDP Query User{13F2E8E6-136E-4F88-A514-DEB8BDE8E051}C:\users\oli\appdata\local\programs\opera\opera.exe" = protocol=17 | dir=in | app=c:\users\oli\appdata\local\programs\opera\opera.exe | "UDP Query User{6C2FE855-EE94-465E-94B8-5F1A29E94DDA}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | "UDP Query User{EA2E3814-A476-41CE-A0A2-D5FF361DA7D7}C:\users\oli\appdata\local\programs\opera\opera.exe" = protocol=17 | dir=in | app=c:\users\oli\appdata\local\programs\opera\opera.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator "{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources "{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0FFAC7BB-50DC-CB54-6CA7-A8B74513280B}" = CCC Help Chinese Traditional "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP210_series" = Canon MP210 series "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser "{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client "{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger "{1C802083-6D79-78ED-BF1C-601DDF908DD1}" = Catalyst Control Center Core Implementation "{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service "{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10 "{268278CF-FB69-4D98-B70E-BFEC1CDCA225}" = iTunes "{26A24AE4-039D-4CA4-87B4-2F83216045FF}" = Java(TM) 6 Update 45 "{26A24AE4-039D-4CA4-87B4-2F83217021FF}" = Java 7 Update 21 "{282C4EAA-F162-F52F-7BAF-C7B50DAAA00A}" = ccc-utility "{28728178-FF15-218B-0B63-012692F42C28}" = CCC Help Danish "{2D6E3D97-1FDF-4993-AC75-72F59EC445C5}" = Windows Live Family Safety "{32851025-1E46-83A3-1320-471619254E39}" = Catalyst Control Center Localization All "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack "{38F2E726-1FF5-4AAB-96AD-CAB5079E8846}" = Autodesk DirectConnect 2010 "{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{40217B2F-462B-94A4-E84E-6A1C6EDBCE2F}" = CCC Help Swedish "{449CE12D-E2C7-4B97-B19E-55D163EA9435}" = Bing Bar "{47FDEFC7-BFE6-FD75-41D1-28DD572BD2D9}" = ATI Catalyst Install Manager "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{5343A801-92E5-C234-9F27-AB27EC738BF6}" = CCC Help Japanese "{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support "{5D22226D-EBC1-C95F-7746-2E3A9F4C97BA}" = CCC Help Russian "{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI "{600C37F2-098B-A165-C1DB-6AE2B89D8D49}" = Catalyst Control Center Graphics Previews Common "{61F8CA2C-9A80-8A1B-D3B9-347530CB387F}" = CCC Help Norwegian "{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update "{674B407D-EAB1-B6B6-F9BF-C34CEE4CD83F}" = Catalyst Control Center Graphics Light "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{69F411C5-4851-6DA9-EA4C-160BEF8788AA}" = CCC Help French "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6DD27E54-2598-0FEC-7CE1-BE00924C0570}" = Catalyst Control Center Graphics Previews Vista "{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour "{7C27114E-6FC8-21F5-E501-FE48F09243DF}" = CCC Help Dutch "{80237C20-CBF3-F841-4AD5-E727AA86FBD1}" = CCC Help Italian "{802EE127-D32A-1447-09DC-77419772BCDC}" = CCC Help Portuguese "{80A07844-CA64-4DE4-AB61-D37DDBE8074F}" = PDF Architect "{81CD6232-10F5-4832-B3DA-1B88B1571031}" = Nero 7 Essentials "{836AFA32-7B8B-2C19-99D9-36EF32B42EB8}" = CCC Help Thai "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{842BEE12-CCCB-43F4-ABAF-CBA6DFE2583D}" = Nero BurnLite 10 "{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista "{8842825B-C865-40D3-89FD-A48A942195B4}" = Wireless LAN Driver "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195 "{946942CB-D078-F33A-A3CD-27E0393507FD}" = CCC Help Turkish "{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German) "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9682B99B-BB28-AD37-CA50-C1CB5BFF0FA6}" = Catalyst Control Center Graphics Full New "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{9DBCF44B-77AC-81D8-0F8E-1E60D6330AC2}" = Catalyst Control Center InstallProxy "{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}" = OpenOffice.org 3.4.1 "{A02CC93A-134F-0319-1438-B1E895B52577}" = CCC Help German "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A7E1ADB8-162B-7C33-60FB-0561A17BD876}" = CCC Help Spanish "{A96EEF55-155C-552E-ABB1-6FDAEF5BD944}" = CCC Help Polish "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}" = 1&1 Surf-Stick "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AB627AF2-9C7E-4DBD-816B-3B2646B81E89}" = Nero BurnLite 10 "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.7) - Deutsch "{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh "{ADB25FF0-AEC4-2CFB-130C-2C60D80C5934}" = CCC Help Greek "{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime "{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter "{B04D5DA5-11DA-830C-85C6-0FF9185787E7}" = Skins "{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}" = Cisco Systems VPN Client 5.0.07.0290 "{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie "{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail "{BB603E9F-ECE8-7713-B0AC-7E0614E8C058}" = Catalyst Control Center HydraVision Full "{BE232D60-AEA5-502F-ACBF-9AC188A82C21}" = CCC Help Finnish "{C15C4AB5-EF5D-5050-273C-4636E3FBE301}" = CCC Help Czech "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections "{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E09CD13D-7CE3-351C-1625-8DC7F21A99C0}" = ccc-core-static "{E0BA659A-45CC-4EC2-AA1C-E73CAFC6408B}" = Autodesk Alias 2010 "{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support "{E2EF186D-5853-4734-8758-1E1B843E5DF1}" = Autodesk Alias 2010 Documentation "{E373E0E2-20F5-90DF-B315-615EA6E52101}" = Catalyst Control Center Graphics Full Existing "{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger "{E6DA746E-1175-88BD-2B16-1DC62018E060}" = CCC Help Chinese Standard "{F053BFD9-4357-6A82-6042-CF919667448F}" = CCC Help English "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F17EB02C-DA0D-EDEF-2E16-501FB700A710}" = CCC Help Hungarian "{F5A4F780-DF0C-444F-BA82-637CCF5C8052}" = Windows Live Family Safety "{F5DDC0CD-F13A-83F0-5103-563A17EA306F}" = CCC Help Korean "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Avira AntiVir Desktop" = Avira Free Antivirus "Canon MP210 series Benutzerregistrierung" = Canon MP210 series Benutzerregistrierung "CanonMyPrinter" = Canon My Printer "DivX Setup" = DivX-Setup "ElsterFormular 13.2.0.8623p" = ElsterFormular "FileHippo.com" = FileHippo.com Update Checker "IrfanView" = IrfanView (remove only) "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300 "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "MP Navigator EX 1.0" = Canon MP Navigator EX 1.0 "Opera 12.15.1748" = Opera 12.15 "Sandboxie" = Sandboxie 3.64 (32-bit) "Secunia PSI" = Secunia PSI (2.0.0.3003) "SMSERIAL" = Motorola SM56 Speakerphone Modem "WinLiveSuite" = Windows Live Essentials "WinRAR archiver" = WinRAR 4.11 (32-bit) ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 26.05.2013 11:38:49 | Computer Name = home | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung OperaUpgrader.exe, Version 12.2.1578.0, Zeitstempel 0x503cc74d, fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18541, Zeitstempel 0x4ec3e3d5, Ausnahmecode 0xc000010a, Fehleroffset 0x00009f5d, Prozess-ID 0xe6c, Anwendungsstartzeit 01ce5a271dd04138. Error - 26.05.2013 20:04:04 | Computer Name = home | Source = EventSystem | ID = 4621 Description = Error - 28.05.2013 18:22:04 | Computer Name = home | Source = EventSystem | ID = 4621 Description = Error - 29.05.2013 04:01:18 | Computer Name = home | Source = EventSystem | ID = 4621 Description = Error - 29.05.2013 09:35:36 | Computer Name = home | Source = EventSystem | ID = 4621 Description = Error - 29.05.2013 15:54:38 | Computer Name = home | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung opera_autoupdate.exe, Version 0.0.0.0, Zeitstempel 0x515aca90, fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18541, Zeitstempel 0x4ec3e3d5, Ausnahmecode 0xc000010a, Fehleroffset 0x00009f5d, Prozess-ID 0xd40, Anwendungsstartzeit 01ce5ca65373264a. Error - 29.05.2013 19:02:04 | Computer Name = home | Source = EventSystem | ID = 4621 Description = Error - 30.05.2013 18:34:06 | Computer Name = home | Source = VSS | ID = 12289 Description = Error - 30.05.2013 18:36:02 | Computer Name = home | Source = VSS | ID = 12289 Description = Error - 30.05.2013 19:48:38 | Computer Name = home | Source = EventSystem | ID = 4621 Description = [ System Events ] Error - 30.05.2013 07:35:17 | Computer Name = home | Source = Service Control Manager | ID = 7000 Description = Error - 30.05.2013 07:36:47 | Computer Name = home | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001 Description = Error - 30.05.2013 15:32:32 | Computer Name = home | Source = Service Control Manager | ID = 7000 Description = Error - 30.05.2013 15:33:50 | Computer Name = home | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001 Description = Error - 30.05.2013 16:10:18 | Computer Name = home | Source = Service Control Manager | ID = 7011 Description = Error - 30.05.2013 19:25:01 | Computer Name = home | Source = DCOM | ID = 10005 Description = Error - 30.05.2013 19:25:02 | Computer Name = home | Source = Service Control Manager | ID = 7009 Description = Error - 30.05.2013 19:25:02 | Computer Name = home | Source = Service Control Manager | ID = 7000 Description = Error - 31.05.2013 05:03:06 | Computer Name = home | Source = Service Control Manager | ID = 7000 Description = Error - 31.05.2013 05:06:24 | Computer Name = home | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001 Description = < End of report > _____________________________________________________________________________ Und zuletzt Gmer.txt: GMER 2.1.19163 - hxxp://www.gmer.net Rootkit scan 2013-05-31 13:27:29 Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 FUJITSU_MHW2160BH rev.0000001C 149,05GB Running: gmer_2.1.19163.exe; Driver: C:\Users\ADMINO~1\AppData\Local\Temp\pxldipow.sys ---- System - GMER 2.1 ---- SSDT 89C1B4FE ZwCreateSection SSDT 89C1B508 ZwRequestWaitReplyPort SSDT 89C1B503 ZwSetContextThread SSDT 89C1B50D ZwSetSecurityObject SSDT 89C1B512 ZwSystemDebugControl SSDT 89C1B49F ZwTerminateProcess Code 89CBDBFC ZwTraceEvent Code 89CBDBFB NtTraceEvent ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!NtTraceEvent 8242C326 5 Bytes JMP 89CBDC00 .text ntkrnlpa.exe!KeSetEvent + 215 824AD958 4 Bytes [FE, B4, C1, 89] .text ntkrnlpa.exe!KeSetEvent + 539 824ADC7C 4 Bytes [08, B5, C1, 89] .text ntkrnlpa.exe!KeSetEvent + 56D 824ADCB0 4 Bytes [03, B5, C1, 89] .text ntkrnlpa.exe!KeSetEvent + 5D1 824ADD14 4 Bytes [0D, B5, C1, 89] .text ntkrnlpa.exe!KeSetEvent + 619 824ADD5C 4 Bytes [12, B5, C1, 89] .text ... PAGE ntkrnlpa.exe!NtRequestPort + 2 8260D3AA 5 Bytes JMP 89CBDCA0 PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 2 8263EB74 5 Bytes JMP 89CBDDE0 .text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8B607000, 0x267978, 0xE8000020] ---- User code sections - GMER 2.1 ---- .text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3456] ntdll.dll!NtCreateFile + 6 7773424A 4 Bytes [28, 38, 3F, 00] .text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3456] ntdll.dll!NtCreateFile + B 7773424F 1 Byte [E2] .text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3456] ntdll.dll!NtCreateKey + 6 7773428A 4 Bytes [68, 39, 3F, 00] .text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3456] ntdll.dll!NtCreateKey + B 7773428F 1 Byte [E2] .text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3456] ntdll.dll!NtCreateMutant + 6 777342BA 4 Bytes [28, 3A, 3F, 00] .text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3456] ntdll.dll!NtCreateMutant + B 777342BF 1 Byte [E2] .text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3456] ntdll.dll!NtCreateSection + 6 7773433A 4 Bytes [68, 3A, 3F, 00] .text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3456] ntdll.dll!NtCreateSection + B 7773433F 1 Byte [E2] .text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3456] ntdll.dll!NtDeleteValueKey + B 7773466F 1 Byte [E2] .text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3456] ntdll.dll!NtMapViewOfSection + B 7773499F 1 Byte [E2] .text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3456] ntdll.dll!NtOpenFile + 6 77734A2A 4 Bytes [68, 38, 3F, 00] .text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3456] ntdll.dll!NtOpenFile + B 77734A2F 1 Byte [E2] .text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3456] ntdll.dll!NtOpenKey + 6 77734A5A 4 Bytes [A8, 39, 3F, 00] .text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3456] ntdll.dll!NtOpenKey + B 77734A5F 1 Byte [E2] .text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3456] ntdll.dll!NtOpenMutant + B 77734A7F 1 Byte [E2] .text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3456] ntdll.dll!NtOpenProcess + 6 77734AAA 4 Bytes [68, 3B, 3F, 00] .text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3456] ntdll.dll!NtOpenProcess + B 77734AAF 1 Byte [E2] .text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3456] ntdll.dll!NtOpenProcessToken + 6 77734ABA 4 Bytes [A8, 3B, 3F, 00] .text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3456] ntdll.dll!NtOpenProcessToken + B 77734ABF 1 Byte [E2] .text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3456] ntdll.dll!NtOpenProcessTokenEx + 6 77734ACA 4 Bytes [68, 3C, 3F, 00] .text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3456] ntdll.dll!NtOpenProcessTokenEx + B 77734ACF 1 Byte [E2] .text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3456] ntdll.dll!NtOpenSection + 6 77734ADA 4 Bytes [A8, 3A, 3F, 00] .text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3456] ntdll.dll!NtOpenSection + B 77734ADF 1 Byte [E2] .text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3456] ntdll.dll!NtOpenThread + 6 77734B1A 4 Bytes [28, 3B, 3F, 00] .text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3456] ntdll.dll!NtOpenThread + B 77734B1F 1 Byte [E2] .text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3456] ntdll.dll!NtOpenThreadToken + 6 77734B2A 4 Bytes [28, 3C, 3F, 00] .text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3456] ntdll.dll!NtOpenThreadToken + B 77734B2F 1 Byte [E2] .text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3456] ntdll.dll!NtOpenThreadTokenEx + 6 77734B3A 4 Bytes [A8, 3C, 3F, 00] .text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3456] ntdll.dll!NtOpenThreadTokenEx + B 77734B3F 1 Byte [E2] .text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3456] ntdll.dll!NtQueryAttributesFile + 6 77734BCA 4 Bytes [A8, 38, 3F, 00] .text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3456] ntdll.dll!NtQueryAttributesFile + B 77734BCF 1 Byte [E2] .text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3456] ntdll.dll!NtQueryFullAttributesFile + B 77734C7F 1 Byte [E2] .text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3456] ntdll.dll!NtSetInformationFile + 6 7773515A 4 Bytes [28, 39, 3F, 00] .text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3456] ntdll.dll!NtSetInformationFile + B 7773515F 1 Byte [E2] .text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3456] ntdll.dll!NtSetInformationThread + B 777351AF 1 Byte [E2] .text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3456] ntdll.dll!NtUnmapViewOfSection + 6 7773544A 4 Bytes [28, 3D, 3F, 00] .text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3456] ntdll.dll!NtUnmapViewOfSection + B 7773544F 1 Byte [E2] .text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3456] kernel32.dll!CreateProcessW 77851BF3 5 Bytes JMP 000100B0 .text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3456] kernel32.dll!CreateProcessA 77851C28 5 Bytes JMP 000100F0 .text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3456] kernel32.dll!OpenEventW 7786C023 5 Bytes JMP 00010070 .text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3456] kernel32.dll!CreateEventW 7789B85E 5 Bytes JMP 00010030 .text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3456] USER32.dll!RegisterClipboardFormatW 764FD6AC 1 Byte [E9] .text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3456] USER32.dll!RegisterClipboardFormatW 764FD6AC 5 Bytes JMP 004002B0 .text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3456] USER32.dll!ActivateKeyboardLayout 7650478C 5 Bytes JMP 004004F0 .text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3456] USER32.dll!RegisterClipboardFormatA 7650A111 5 Bytes JMP 004002F0 .text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3456] USER32.dll!GetClipboardFormatNameA 7650A552 5 Bytes JMP 00400270 .text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3456] USER32.dll!GetOpenClipboardWindow 765126A6 5 Bytes JMP 004003F0 .text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3456] USER32.dll!SetClipboardViewer 7651BA2D 5 Bytes JMP 004004B0 .text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3456] USER32.dll!IsClipboardFormatAvailable 7651C2E3 5 Bytes JMP 004000F0 .text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3456] USER32.dll!CloseClipboard 7651C2F7 5 Bytes JMP 004000B0 .text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3456] USER32.dll!OpenClipboard 7651C31D 5 Bytes JMP 00400070 .text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3456] USER32.dll!GetClipboardSequenceNumber 7651D8B7 5 Bytes JMP 00400330 .text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3456] USER32.dll!ChangeClipboardChain 7651DF83 5 Bytes JMP 00400430 .text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3456] USER32.dll!CountClipboardFormats 76520048 5 Bytes JMP 004001F0 .text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3456] USER32.dll!GetClipboardOwner 765226EF 5 Bytes JMP 00400370 .text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3456] USER32.dll!SetClipboardData 76536410 5 Bytes JMP 00400170 .text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3456] USER32.dll!EnumClipboardFormats 76536D16 5 Bytes JMP 004001B0 .text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3456] USER32.dll!GetClipboardData 7653715A 5 Bytes JMP 00400030 .text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3456] USER32.dll!GetClipboardFormatNameW 7653A99F 5 Bytes JMP 00400230 .text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3456] USER32.dll!EmptyClipboard 7655398B 5 Bytes JMP 00400130 .text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3456] USER32.dll!GetClipboardViewer 765539ED 5 Bytes JMP 00400470 .text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3456] USER32.dll!GetPriorityClipboardFormat 76553AEF 5 Bytes JMP 004003B0 .text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3456] GDI32.dll!DeleteObject 77805A37 5 Bytes JMP 004101B0 .text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3456] GDI32.dll!GetDeviceCaps 7780617F 5 Bytes JMP 00410370 .text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3456] GDI32.dll!SelectObject 778062A0 5 Bytes JMP 004105B0 .text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3456] GDI32.dll!SetTextColor 7780666B 5 Bytes JMP 00410970 .text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3456] GDI32.dll!SetBkMode 77806716 5 Bytes JMP 00410830 .text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3456] GDI32.dll!DeleteDC 778068CD 5 Bytes JMP 00410170 .text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3456] GDI32.dll!SetStretchBltMode 77807206 5 Bytes JMP 004105F0 .text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3456] GDI32.dll!SaveDC 778075BA 5 Bytes JMP 00410530 .text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3456] GDI32.dll!RestoreDC 77807675 5 Bytes JMP 004104F0 .text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3456] GDI32.dll!StretchDIBits 778078CF 5 Bytes JMP 004106B0 .text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3456] GDI32.dll!ExtSelectClipRgn 778079F8 5 Bytes JMP 004102F0 .text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3456] GDI32.dll!SelectClipRgn 77807AF9 5 Bytes JMP 00410570 .text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3456] GDI32.dll!MoveToEx 77807C33 5 Bytes JMP 00410430 .text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3456] GDI32.dll!Rectangle 77807EA9 5 Bytes JMP 004108F0 .text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3456] GDI32.dll!SetTextAlign 778085CB 5 Bytes JMP 00410930 .text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3456] GDI32.dll!ExtTextOutW 7780872B 5 Bytes JMP 004108B0 .text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3456] GDI32.dll!GetTextMetricsW 77808A81 5 Bytes JMP 00410D30 .text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3456] GDI32.dll!IntersectClipRect 77808B64 5 Bytes JMP 004103B0 .text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3456] GDI32.dll!GetClipBox 77809071 5 Bytes JMP 00410330 .text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3456] GDI32.dll!SetICMMode 778094E7 5 Bytes JMP 00410CB0 .text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3456] GDI32.dll!CreateDCW 7780A91D 5 Bytes JMP 004100F0 .text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3456] GDI32.dll!CreateDCA 7780AA49 5 Bytes JMP 004100B0 .text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3456] GDI32.dll!CreateICW 7780B2E9 5 Bytes JMP 00410130 .text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3456] GDI32.dll!GetTextFaceW 7780B637 5 Bytes JMP 00410C70 .text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3456] GDI32.dll!GetFontData 7780BA6C 5 Bytes JMP 00410BB0 .text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3456] GDI32.dll!SetWorldTransform 7780C46A 5 Bytes JMP 00410630 .text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3456] GDI32.dll!LineTo 7780C65E 5 Bytes JMP 004103F0 .text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3456] GDI32.dll!GetTextMetricsA 7780CCEB 5 Bytes JMP 00410CF0 .text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3456] GDI32.dll!ExtTextOutA 778100A5 5 Bytes JMP 00410870 .text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3456] GDI32.dll!ExtEscape 778122A7 5 Bytes JMP 004102B0 .text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3456] GDI32.dll!Escape 778127F1 5 Bytes JMP 00410270 .text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3456] GDI32.dll!ResetDCW 77813132 5 Bytes JMP 004109F0 .text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3456] GDI32.dll!EndPage 7781375E 5 Bytes JMP 00410230 .text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3456] GDI32.dll!SetPolyFillMode 778161D3 5 Bytes JMP 00410A70 .text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3456] GDI32.dll!SetMiterLimit 778162E2 5 Bytes JMP 00410AB0 .text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3456] GDI32.dll!GetTextFaceA 7781F4C5 5 Bytes JMP 00410C30 .text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3456] GDI32.dll!GetGlyphOutlineW 7782A41F 5 Bytes JMP 00410BF0 .text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3456] GDI32.dll!CreateScalableFontResourceW 7782C88B 5 Bytes JMP 00410AF0 .text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3456] GDI32.dll!AddFontResourceW 7782CC93 5 Bytes JMP 00410B30 .text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3456] GDI32.dll!RemoveFontResourceW 7782D129 5 Bytes JMP 00410B70 .text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3456] GDI32.dll!AbortDoc 77832CC4 5 Bytes JMP 00410030 .text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3456] GDI32.dll!EndDoc 778330D8 5 Bytes JMP 004101F0 .text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3456] GDI32.dll!StartPage 778331C3 5 Bytes JMP 00410670 .text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3456] GDI32.dll!StartDocW 77833CA7 5 Bytes JMP 00410730 .text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3456] GDI32.dll!BeginPath 77834465 5 Bytes JMP 00410770 .text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3456] GDI32.dll!SelectClipPath 778344BC 5 Bytes JMP 00410A30 .text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3456] GDI32.dll!CloseFigure 77834517 5 Bytes JMP 00410070 .text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3456] GDI32.dll!EndPath 7783456E 5 Bytes JMP 004109B0 .text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3456] GDI32.dll!StrokePath 778347A0 5 Bytes JMP 004106F0 .text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3456] GDI32.dll!FillPath 7783482C 5 Bytes JMP 004107B0 .text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3456] GDI32.dll!PolylineTo 77834C95 5 Bytes JMP 004104B0 .text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3456] GDI32.dll!PolyBezierTo 77834D25 5 Bytes JMP 00410470 .text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3456] GDI32.dll!PolyDraw 77834DD6 5 Bytes JMP 004107F0 .text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3456] ole32.dll!OleSetClipboard 769111E3 5 Bytes JMP 00530030 ---- EOF - GMER 2.1 ---- Wenn ihr weitere Infos benötigt, lasst es mich wissen. Übrigens habe ich vergessen, nach dem OTL-Scan den Rechner neu zu starten, ich hoffe das hat keine negativen Auswirkungen auf das Ergebnis des anschließend durchgeführten Scans mit Gmer. Wenn doch, bitte Bescheid geben, dann mache ich das nochmal. Danke schonmal im Voraus für eure Zeit & Unterstützung! VG Oliver |
31.05.2013, 13:05 | #2 |
/// Malware-holic | JS/BlacoleRef.CZ.19 in Browsercache innerhalb Sandbox Hi, bist du so gut und postest mir die Meldungen als Text?
__________________http://www.trojaner-board.de/125889-...en-posten.html
__________________ |
31.05.2013, 13:33 | #3 |
| JS/BlacoleRef.CZ.19 in Browsercache innerhalb Sandbox Hallo Markus,
__________________sehr gerne, siehe unten. Eine Sache ist mir noch eingefallen, vielleicht ist das eine wichtige Info. Ich habe gestern zwei .mp3-Dateien erzeugt mithilfe eines converters, das war allerdings viele Stunden bevor Avira Alarm geschlagen hat. Die Dateien liegen aktuell auf meinem Desktop außerhalb der sandbox. Kann das mit dem Vorfall zusammenhängen? Und hier die Logfiles: Malwarebytes (das logfile von gestern ist nicht gespeichert worden, habe gerade eben den Quickscan wiederholt, nachfolgend ist also der neue report): Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2013.05.30.06 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Oli :: HOME [limited] 31.05.2013 14:12:42 mbam-log-2013-05-31 (14-12-42).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 180250 Time elapsed: 7 minute(s), 29 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) _____________________________________________________________________________ Avira: Die Ereignisberichte von Avira lassen sich mit der Funktion "Ereignisse exportieren" nicht kopieren, der Inhalt wird nicht in den Zwischenspeicher geschrieben. Daher habe ich die einzelnen Ereignisse jeweils geöffnet und den Text kopiert. In chronologischer Reihenfolge der Ereignisse: In der Datei 'C:\Sandbox\Oli\DefaultBox\user\current\AppData\Local\Opera\Opera\cache\sesn\opr0128A.tmp' wurde ein Virus oder unerwünschtes Programm 'JS/BlacoleRef.CZ.19' [virus] gefunden. Ausgeführte Aktion: Übergeben an Scanner In der Datei 'C:\Sandbox\Oli\DefaultBox\user\current\AppData\Local\Opera\Opera\cache\sesn\opr01289.tmp' wurde ein Virus oder unerwünschtes Programm 'JS/BlacoleRef.CZ.19' [virus] gefunden. Ausgeführte Aktion: Übergeben an Scanner In der Datei 'C:\Sandbox\Oli\DefaultBox\user\current\AppData\Local\Opera\Opera\cache\sesn\opr012BY.tmp' wurde ein Virus oder unerwünschtes Programm 'JS/BlacoleRef.CZ.19' [virus] gefunden. Ausgeführte Aktion: Übergeben an Scanner In der Datei 'C:\Sandbox\Oli\DefaultBox\user\current\AppData\Local\Opera\Opera\cache\sesn\opr012DH.tmp' wurde ein Virus oder unerwünschtes Programm 'JS/BlacoleRef.CZ.19' [virus] gefunden. Ausgeführte Aktion: Übergeben an Scanner Die Datei 'C:\Sandbox\Oli\DefaultBox\user\current\AppData\Local\Opera\Opera\cache\sesn\opr012DH.tmp' enthielt einen Virus oder unerwünschtes Programm 'JS/BlacoleRef.CZ.19' [virus]. Durchgeführte Aktion(en): Eine Sicherungskopie wurde unter dem Namen 596b7fd7.qua erstellt ( QUARANTÄNE ). Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '41fc5008.qua' verschoben! Die Datei 'C:\Sandbox\Oli\DefaultBox\user\current\AppData\Local\Opera\Opera\cache\sesn\opr012BY.tmp' enthielt einen Virus oder unerwünschtes Programm 'JS/BlacoleRef.CZ.19' [virus]. Durchgeführte Aktion(en): Eine Sicherungskopie wurde unter dem Namen 56b67827.qua erstellt ( QUARANTÄNE ). Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4e215798.qua' verschoben! Die Datei 'C:\Sandbox\Oli\DefaultBox\user\current\AppData\Local\Opera\Opera\cache\sesn\opr0128A.tmp' enthielt einen Virus oder unerwünschtes Programm 'JS/BlacoleRef.CZ.19' [virus]. Durchgeführte Aktion(en): Eine Sicherungskopie wurde unter dem Namen 1e5a0d67.qua erstellt ( QUARANTÄNE ). Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '786d429d.qua' verschoben! Die Datei 'C:\Sandbox\Oli\DefaultBox\user\current\AppData\Local\Opera\Opera\cache\sesn\opr01289.tmp' enthielt einen Virus oder unerwünschtes Programm 'JS/BlacoleRef.CZ.19' [virus]. Durchgeführte Aktion(en): Eine Sicherungskopie wurde unter dem Namen 54927828.qua erstellt ( QUARANTÄNE ). Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4c0557b7.qua' verschoben! In der Datei 'C:\Sandbox\Oli\DefaultBox\user\current\AppData\Local\Opera\Opera\cache\sesn\opr012GP.tmp' wurde ein Virus oder unerwünschtes Programm 'JS/BlacoleRef.CZ.19' [virus] gefunden. Ausgeführte Aktion: Übergeben an Scanner In der Datei 'C:\Sandbox\Oli\DefaultBox\user\current\AppData\Local\Opera\Opera\cache\sesn\opr012GP.tmp' wurde ein Virus oder unerwünschtes Programm 'JS/BlacoleRef.CZ.19' [virus] gefunden. Ausgeführte Aktion: Zugriff verweigern In der Datei 'C:\Sandbox\Oli\DefaultBox\user\current\AppData\Local\Opera\Opera\cache\sesn\opr012GP.tmp' wurde ein Virus oder unerwünschtes Programm 'JS/BlacoleRef.CZ.19' [virus] gefunden. Ausgeführte Aktion: Zugriff verweigern Die Datei 'C:\Sandbox\Oli\DefaultBox\user\current\AppData\Local\Opera\Opera\cache\sesn\opr012GP.tmp' enthielt einen Virus oder unerwünschtes Programm 'JS/BlacoleRef.CZ.19' [virus]. Durchgeführte Aktion(en): Eine Sicherungskopie wurde unter dem Namen 5661761a.qua erstellt ( QUARANTÄNE ). Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4ef65995.qua' verschoben! Die Datei 'C:\Sandbox\Oli\DefaultBox\user\current\AppData\Local\Opera\Opera\cache\sesn\opr012GP.tmp' enthielt einen Virus oder unerwünschtes Programm 'JS/BlacoleRef.CZ.19' [virus]. Durchgeführte Aktion(en): Beim Versuch eine Sicherungskopie der Datei anzulegen ist ein Fehler aufgetreten und die Datei wurde nicht gelöscht. Fehlernummer: 26004. Die Quelldatei konnte nicht gefunden werden. Es wird versucht die Aktion mit Hilfe der ARK Library durchzuführen. Die Datei konnte nicht ins Quarantäneverzeichnis verschoben werden! Die Datei existiert nicht! Ich hoffe es sind alle benötigten Infos enthalten. |
31.05.2013, 13:41 | #4 |
/// Malware-holic | JS/BlacoleRef.CZ.19 in Browsercache innerhalb Sandbox Hi, filehippo und secunia zeigen keine benötigten Updates? dann würd ich einmal die Sandbox leeren. Mit der MP3 wird das wohl nichts zu tun haben, eher ne infizierte website hattest du in der sandbox, bei programmstart und internetzugriff die Opera.exe eingetragen, würde die Sandbox noch mal was sicherer machen, da dann nur opera bzw von dir freigegebene Programme starten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
31.05.2013, 13:52 | #5 |
| JS/BlacoleRef.CZ.19 in Browsercache innerhalb Sandbox Doch, secunia zeigt was an (IRFANview, iTunes, Quicktime). Ich aktualisiere grade alles. Gestern habe ich noch zwei JAVA-updates durchgeführt nach dem Vorfall. In der Sandbox sind bei programmstart und internetzugriff jeweils opera.exe eingetragen, neben einigen weiteren Ausnahmen (z.B. adobereader, java, operaupgrader, etc.). Die sandbox habe ich gestern direkt nach den Avirameldungen geleert (rechtsklick auf Sandbox Defaultbox --> Inhalte löschen). Zum Zeitpunkt des Vorfalles gestern war ich definitiv nicht auf unsicheren Seiten unterwegs, allerdings einige Stunden vorher. Können solche Viren auch zeitversetzt "zuschlagen"? |
31.05.2013, 13:59 | #6 |
| JS/BlacoleRef.CZ.19 in Browsercache innerhalb Sandbox Hier noch zur Konfiguration von Sandboxie, ist das so in Ordnung? |
31.05.2013, 14:00 | #7 |
/// Malware-holic | JS/BlacoleRef.CZ.19 in Browsercache innerhalb Sandbox evtl. hat avira erst später auf die Datei zugegriffen, bitte ab sofort updates schneller instalieren, sobald sie angezeigt werden. du bist zwar mit der Sandbox ziemlich sicher, aber so minimierst du die Chance einer Infektion weiter. auch mal Windows update besuchen, Internet explorer 10 fehlt. Aber wir können festhalten, die Arbeit hat sich vor 2 Jahren gelohnt, mit dem pc ist alles klar.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
31.05.2013, 14:08 | #8 |
| JS/BlacoleRef.CZ.19 in Browsercache innerhalb Sandbox Das sind sehr gute Neuigkeiten, vielen herzlichen Dank für deine Hilfe, Markus! Ich update jetzt mal alles, was noch nicht auf dem neuesten Stand ist, und werde versuchen, das in Zukunft etwas konsequenter zu tun. Dann bis zum nächsten Mal, hoffentlich erst in ein paar Jahren, nichts für Ungut Schönes Wochennede! Gruß Oliver |
31.05.2013, 14:11 | #9 |
/// Malware-holic | JS/BlacoleRef.CZ.19 in Browsercache innerhalb Sandbox Hehe, wie gesagt, ich möchtejeden möglichst nur einmal sehen, das mit der Sandbox scheinsst du ja durchzuziehen, nun noch regelmäßig updaten und alles ist schick.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
31.05.2013, 14:50 | #10 |
| JS/BlacoleRef.CZ.19 in Browsercache innerhalb Sandbox Sooo, alles up to date. Nur den IE kann ich nicht updaten. Ist es möglich, dass es keine Version 10 für Vista gibt? Windows update, Filehippo und Secunia finden keine updates für den IE. Ja an die Sandbox hab ich mich gewöhnt. Gelegentlich spinnt sie etwas rum, sie kommt mit dem operaupgrader nicht klar obwohl ich den Zugriff bestätigt habe. Aber wenn es ein update gibt, starte ich opera einfach außerhalb der sb und installiere es eben so, geht auch. |
31.05.2013, 14:58 | #11 |
/// Malware-holic | JS/BlacoleRef.CZ.19 in Browsercache innerhalb Sandbox ja das is ja eh nötig. Opera muss außerhalb mit Updates versorgt werden. hast recht, für vista gibts kein ie10, also alles gut.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
31.05.2013, 15:33 | #12 |
| JS/BlacoleRef.CZ.19 in Browsercache innerhalb Sandbox Super, also danke nochmal für alles! |
31.05.2013, 16:50 | #13 |
/// Malware-holic | JS/BlacoleRef.CZ.19 in Browsercache innerhalb Sandbox bis in 2 jahren :d
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
Themen zu JS/BlacoleRef.CZ.19 in Browsercache innerhalb Sandbox |
antivir, autorun, avg, bho, bingbar, bonjour, branding, canon, converter, entfernen, fehlermeldung, firefox, flash player, format, home, install.exe, js/blacoleref.cz.19, ntdll.dll, plug-in, problem, realtek, registry, rundll, secunia psi, security, sekunden, software, starten |