| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: JS/Blacole.GB.158 InfektionWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
16.06.2013, 14:49
| #1 |
 |  JS/Blacole.GB.158 Infektion Hallo Board, ich benötige bitte Hilfe bei der Bereinigung einer JS/Blacole.GB.158 Infektion. Die Infektion besteht vermutlich seit dem 14.06. durch Besuch eines gehackten Forums. Der Admin hat darauf hingewiesen, dass das Forum gehackt wurde und Besucher möglicherweise mit Blacole infiziert sein könnten. Ein Scan mit Avira verlief positiv; der TR/Offend im LazyNewbPack ist ein false positive. JS/Blacole wurde in Quarantäne verschoben, TR/Offend ignoriert. Hier das Avira logfile: Code:
ATTFilter Avira Free Antivirus
Erstellungsdatum der Reportdatei: Samstag, 15. Juni 2013 00:44
Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.
Lizenznehmer : Avira Free Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows Vista (TM) Home Premium
Windowsversion : (Service Pack 2) [6.0.6002]
Boot Modus : Normal gebootet
Benutzername : Kolja
Computername : KEN
Versionsinformationen:
BUILD.DAT : 13.0.0.3640 Bytes 18.04.2013 13:29:00
AVSCAN.EXE : 13.6.0.1262 636984 Bytes 08.05.2013 04:32:09
AVSCANRC.DLL : 13.4.0.360 64800 Bytes 04.03.2013 16:10:07
LUKE.DLL : 13.6.0.1262 65080 Bytes 08.05.2013 04:32:37
AVSCPLR.DLL : 13.6.0.1262 92216 Bytes 08.05.2013 04:32:09
AVREG.DLL : 13.6.0.1262 247864 Bytes 08.05.2013 04:32:07
avlode.dll : 13.6.2.1262 432184 Bytes 08.05.2013 04:32:06
avlode.rdf : 13.0.1.12 25921 Bytes 17.05.2013 21:16:46
VBASE000.VDF : 7.11.70.0 66736640 Bytes 04.04.2013 18:21:29
VBASE001.VDF : 7.11.74.226 2201600 Bytes 30.04.2013 14:54:46
VBASE002.VDF : 7.11.80.60 2751488 Bytes 28.05.2013 14:52:52
VBASE003.VDF : 7.11.80.61 2048 Bytes 28.05.2013 14:52:53
VBASE004.VDF : 7.11.80.62 2048 Bytes 28.05.2013 14:52:53
VBASE005.VDF : 7.11.80.63 2048 Bytes 28.05.2013 14:52:53
VBASE006.VDF : 7.11.80.64 2048 Bytes 28.05.2013 14:52:53
VBASE007.VDF : 7.11.80.65 2048 Bytes 28.05.2013 14:52:53
VBASE008.VDF : 7.11.80.66 2048 Bytes 28.05.2013 14:52:53
VBASE009.VDF : 7.11.80.67 2048 Bytes 28.05.2013 14:52:53
VBASE010.VDF : 7.11.80.68 2048 Bytes 28.05.2013 14:52:53
VBASE011.VDF : 7.11.80.69 2048 Bytes 28.05.2013 14:52:53
VBASE012.VDF : 7.11.80.70 2048 Bytes 28.05.2013 14:52:53
VBASE013.VDF : 7.11.80.71 2048 Bytes 28.05.2013 14:52:53
VBASE014.VDF : 7.11.81.57 145408 Bytes 29.05.2013 10:24:11
VBASE015.VDF : 7.11.81.137 130048 Bytes 30.05.2013 19:06:15
VBASE016.VDF : 7.11.81.255 207360 Bytes 31.05.2013 05:25:03
VBASE017.VDF : 7.11.82.91 156160 Bytes 03.06.2013 05:09:26
VBASE018.VDF : 7.11.82.169 220160 Bytes 04.06.2013 11:09:24
VBASE019.VDF : 7.11.83.27 325632 Bytes 06.06.2013 04:30:08
VBASE020.VDF : 7.11.83.121 320512 Bytes 07.06.2013 04:30:09
VBASE021.VDF : 7.11.83.210 244736 Bytes 10.06.2013 22:35:41
VBASE022.VDF : 7.11.84.59 333824 Bytes 12.06.2013 13:04:08
VBASE023.VDF : 7.11.84.163 264192 Bytes 14.06.2013 12:51:49
VBASE024.VDF : 7.11.84.164 2048 Bytes 14.06.2013 12:51:49
VBASE025.VDF : 7.11.84.165 2048 Bytes 14.06.2013 12:51:49
VBASE026.VDF : 7.11.84.166 2048 Bytes 14.06.2013 12:51:49
VBASE027.VDF : 7.11.84.167 2048 Bytes 14.06.2013 12:51:49
VBASE028.VDF : 7.11.84.168 2048 Bytes 14.06.2013 12:51:49
VBASE029.VDF : 7.11.84.169 2048 Bytes 14.06.2013 12:51:49
VBASE030.VDF : 7.11.84.170 2048 Bytes 14.06.2013 12:51:49
VBASE031.VDF : 7.11.84.208 112128 Bytes 14.06.2013 22:38:00
Engineversion : 8.2.12.60
AEVDF.DLL : 8.1.3.4 102774 Bytes 13.06.2013 14:10:36
AESCRIPT.DLL : 8.1.4.122 487806 Bytes 13.06.2013 14:10:36
AESCN.DLL : 8.1.10.4 131446 Bytes 26.03.2013 20:12:44
AESBX.DLL : 8.2.5.12 606578 Bytes 14.06.2012 19:24:02
AERDL.DLL : 8.2.0.128 688504 Bytes 13.06.2013 14:10:36
AEPACK.DLL : 8.3.2.16 754041 Bytes 11.06.2013 22:35:44
AEOFFICE.DLL : 8.1.2.56 205180 Bytes 08.03.2013 15:43:23
AEHEUR.DLL : 8.1.4.412 5955962 Bytes 13.06.2013 14:10:35
AEHELP.DLL : 8.1.27.2 266617 Bytes 04.06.2013 22:02:04
AEGEN.DLL : 8.1.7.4 442741 Bytes 08.05.2013 13:22:56
AEEXP.DLL : 8.4.0.34 201079 Bytes 04.06.2013 22:02:14
AEEMU.DLL : 8.1.3.2 393587 Bytes 10.07.2012 19:06:20
AECORE.DLL : 8.1.31.2 201080 Bytes 19.02.2013 16:48:26
AEBB.DLL : 8.1.1.4 53619 Bytes 05.11.2012 13:59:53
AVWINLL.DLL : 13.6.0.480 26480 Bytes 04.03.2013 16:09:19
AVPREF.DLL : 13.6.0.480 51056 Bytes 04.03.2013 16:10:06
AVREP.DLL : 13.6.0.480 178544 Bytes 04.03.2013 16:11:32
AVARKT.DLL : 13.6.0.1262 258104 Bytes 08.05.2013 04:31:58
AVEVTLOG.DLL : 13.6.0.1262 164920 Bytes 08.05.2013 04:32:03
SQLITE3.DLL : 3.7.0.1 397704 Bytes 04.03.2013 16:11:04
AVSMTP.DLL : 13.6.0.480 62832 Bytes 04.03.2013 16:10:10
NETNT.DLL : 13.6.0.480 16240 Bytes 04.03.2013 16:10:50
RCIMAGE.DLL : 13.4.0.360 4780832 Bytes 04.03.2013 16:09:21
RCTEXT.DLL : 13.6.0.976 69344 Bytes 27.03.2013 15:19:21
Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\program files\avira\antivir desktop\sysscan.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, D:,
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert
Abweichende Gefahrenkategorien........: -PHISH,
Beginn des Suchlaufs: Samstag, 15. Juni 2013 00:44
Der Suchlauf über die Masterbootsektoren wird begonnen:
Der Suchlauf über die Bootsektoren wird begonnen:
Der Suchlauf nach versteckten Objekten wird begonnen.
Versteckter Treiber
[HINWEIS] Eine Speicherveränderung wurde entdeckt, die möglicherweise zur versteckten Dateizugriffen missbraucht werden könnte.
Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avscan.exe' - '105' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '107' Modul(e) wurden durchsucht
Durchsuche Prozess 'firefox.exe' - '102' Modul(e) wurden durchsucht
Durchsuche Prozess 'Last.fm Scrobbler.exe' - '93' Modul(e) wurden durchsucht
Durchsuche Prozess 'hpqSTE08.exe' - '77' Modul(e) wurden durchsucht
Durchsuche Prozess 'Apntex.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'HidFind.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'igfxsrvc.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'hpqtra08.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'DLG.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '81' Modul(e) wurden durchsucht
Durchsuche Prozess 'igfxpers.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'hkcmd.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'hpwuSchd2.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'fpassist.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'Monitor.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'sttray.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'PCMService.exe' - '61' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLTRAY.EXE' - '65' Modul(e) wurden durchsucht
Durchsuche Prozess 'IAAnotif.exe' - '48' Modul(e) wurden durchsucht
Durchsuche Prozess 'OpWareSE4.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'Apoint.exe' - '45' Modul(e) wurden durchsucht
Durchsuche Prozess 'TSVNCache.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '162' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'ForceField.exe' - '80' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '82' Modul(e) wurden durchsucht
Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '6017' Dateien ).
Der Suchlauf über die ausgewählten Dateien wird begonnen:
Beginne mit der Suche in 'C:\' <OS>
[0] Archivtyp: Runtime Packed
--> C:\LazyNewbPack[0.31.25][V9.2].zip.vir
[1] Archivtyp: ZIP
--> LazyNewbPack[0.31.25][V9.2]/LNP/Utilities/B-Advanced/Quickfort/Quickfort 2.00/qfconvert.exe
[2] Archivtyp: RSRC
--> LazyNewbPack[0.31.25][V9.2]/LNP/Utilities/C-Hacks/DFhack 0.5.15/dfattachtest.exe
[FUND] Ist das Trojanische Pferd TR/Offend.6835015
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> LazyNewbPack[0.31.25][V9.2]/LNP/Utilities/C-Hacks/DFhack 0.5.15/dfautodump.exe
[FUND] Ist das Trojanische Pferd TR/Offend.6834930
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> LazyNewbPack[0.31.25][V9.2]/LNP/Utilities/C-Hacks/DFhack 0.5.15/dfcleanmap.exe
[FUND] Ist das Trojanische Pferd TR/Offend.6741778
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> LazyNewbPack[0.31.25][V9.2]/LNP/Utilities/C-Hacks/DFhack 0.5.15/dfflows.exe
[FUND] Ist das Trojanische Pferd TR/Offend.6739421
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> LazyNewbPack[0.31.25][V9.2]/LNP/Utilities/C-Hacks/DFhack 0.5.15/dflair.exe
[FUND] Ist das Trojanische Pferd TR/Offend.6877699
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> LazyNewbPack[0.31.25][V9.2]/LNP/Utilities/C-Hacks/DFhack 0.5.15/dfposition.exe
[FUND] Enthält ein Erkennungsmuster des (gefährlichen) Backdoorprogrammes BDS/Offend.691503
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> LazyNewbPack[0.31.25][V9.2]/LNP/Utilities/C-Hacks/DFhack 0.5.15/dftubefill.exe
[FUND] Ist das Trojanische Pferd TR/Offend.6739549
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> LazyNewbPack[0.31.25][V9.2]/LNP/Utilities/C-Hacks/DFhack 0.5.15/dfunreveal.exe
[FUND] Ist das Trojanische Pferd TR/Offend.6959315.1
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> LazyNewbPack[0.31.25][V9.2]/LNP/Utilities/C-Hacks/DFhack 0.5.15/dfvdig.exe
[FUND] Ist das Trojanische Pferd TR/Agent.25088.133
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> LazyNewbPack[0.31.25][V9.2]/LNP/Utilities/C-Hacks/DFhack 0.5.15/dfweather.exe
[FUND] Ist das Trojanische Pferd TR/Offend.6744850
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
C:\LazyNewbPack[0.31.25][V9.2].zip.vir
[FUND] Ist das Trojanische Pferd TR/Offend.6744850
C:\Users\Kolja\AppData\Local\Mozilla\Firefox\Profiles\v8p38qw0.default\Cache\8\F4\6C76Bd01
[FUND] Enthält Erkennungsmuster des Java-Scriptvirus JS/Blacole.GB.158
Beginne mit der Suche in 'D:\' <RECOVERY>
Beginne mit der Desinfektion:
C:\Users\Kolja\AppData\Local\Mozilla\Firefox\Profiles\v8p38qw0.default\Cache\8\F4\6C76Bd01
[FUND] Enthält Erkennungsmuster des Java-Scriptvirus JS/Blacole.GB.158
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '54653d65.qua' verschoben!
C:\LazyNewbPack[0.31.25][V9.2].zip.vir
[FUND] Ist das Trojanische Pferd TR/Offend.6744850
[WARNUNG] Die Datei wurde ignoriert.
Ende des Suchlaufs: Sonntag, 16. Juni 2013 12:24
Benötigte Zeit: 35:23:48 Stunde(n)
Der Suchlauf wurde vollständig durchgeführt.
51224 Verzeichnisse wurden überprüft
1383424 Dateien wurden geprüft
12 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
1 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
1383412 Dateien ohne Befall
15048 Archive wurden durchsucht
11 Warnungen
2 Hinweise
1002689 Objekte wurden beim Rootkitscan durchsucht
1 Versteckte Objekte wurden gefunden
Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 12:29 on 16/06/2013 (Kolja)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
Unable to read sptd.sys
SPTD -> Disabled (Service running -> reboot required)
-=E.O.F=-
Code:
ATTFilter OTL logfile created on: 16.06.2013 12:44:12 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Kolja\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19437) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 1,94 Gb Available Physical Memory | 64,87% Memory free 6,20 Gb Paging File | 5,10 Gb Available in Paging File | 82,31% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 220,28 Gb Total Space | 54,16 Gb Free Space | 24,59% Space Free | Partition Type: NTFS Drive D: | 10,00 Gb Total Space | 4,24 Gb Free Space | 42,35% Space Free | Partition Type: NTFS Computer Name: KEN | User Name: Kolja | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.06.16 12:41:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kolja\Desktop\OTL.exe PRC - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2013.05.08 06:32:04 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2013.03.27 17:19:53 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2013.03.27 17:19:31 | 000,079,584 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2013.03.27 17:19:27 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2012.08.22 14:01:18 | 004,412,872 | ---- | M] (SafeNet Inc.) -- C:\Windows\System32\hasplms.exe PRC - [2011.11.03 16:44:28 | 000,497,280 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe PRC - [2011.02.23 22:19:22 | 000,371,200 | ---- | M] (shbox.de) -- C:\Program Files\FreePDF_XP\fpassist.exe PRC - [2010.07.16 17:32:34 | 000,619,800 | ---- | M] (hxxp://tortoisesvn.net) -- c:\Program Files\TortoiseSVN\bin\TSVNCache.exe PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.11.03 21:04:01 | 000,072,704 | ---- | M] (Creative Labs) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe PRC - [2008.05.04 11:25:32 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe PRC - [2008.05.04 11:25:26 | 000,167,936 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe PRC - [2008.05.04 11:25:26 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe PRC - [2008.05.04 11:25:26 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe PRC - [2008.05.02 15:09:04 | 000,161,048 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe PRC - [2007.12.21 11:58:06 | 000,184,320 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Dell\MediaDirect\PCMService.exe PRC - [2007.12.10 15:55:26 | 000,323,584 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\PixArt\PAC7302\Monitor.exe PRC - [2007.11.12 13:07:24 | 000,405,504 | ---- | M] (IDT, Inc.) -- C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe PRC - [2007.11.12 13:07:20 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe PRC - [2007.11.12 13:07:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEstSrv.exe PRC - [2007.06.28 15:05:40 | 000,131,072 | ---- | M] (Dell) -- C:\Program Files\Dell\MFP_DELL\deMntrService.exe PRC - [2007.03.21 14:00:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2007.03.21 14:00:00 | 000,174,872 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2007.03.12 19:10:36 | 000,079,400 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe ========== Modules (No Company Name) ========== MOD - [2013.02.13 17:57:03 | 007,977,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\cc149d08e75f8c53cd28ac926b38c370\System.ni.dll MOD - [2013.01.10 19:35:43 | 000,774,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\403900299d88edc5153065e5aed726e7\System.Runtime.Remoting.ni.dll MOD - [2013.01.10 07:52:22 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\2227d1559f87943255069398608d5c56\mscorlib.ni.dll MOD - [2011.07.18 23:04:08 | 000,296,448 | ---- | M] () -- C:\Program Files\Notepad++\NppShell_04.dll MOD - [2009.03.30 06:42:12 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll MOD - [2009.03.30 06:42:11 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2008.07.03 14:28:14 | 000,055,808 | ---- | M] () -- C:\Windows\System32\bcmwlrmt.dll ========== Services (SafeList) ========== SRV - [2013.06.12 00:51:42 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.05.19 00:06:37 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013.03.27 17:19:53 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013.03.27 17:19:27 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.08.22 14:01:18 | 004,412,872 | ---- | M] (SafeNet Inc.) [Auto | Running] -- C:\Windows\System32\hasplms.exe -- (hasplms) SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2011.12.18 21:08:42 | 002,420,616 | ---- | M] (Check Point Software Technologies LTD) [Auto | Stopped] -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon) SRV - [2011.11.03 16:44:28 | 000,497,280 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe -- (IswSvc) SRV - [2011.08.07 14:32:11 | 000,411,432 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2011.06.29 16:59:18 | 000,155,344 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe -- (Sony Ericsson PCCompanion) SRV - [2011.02.20 14:48:43 | 000,077,944 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service) SRV - [2010.09.01 15:52:56 | 000,066,112 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) SRV - [2009.10.20 20:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) SRV - [2008.11.03 21:31:41 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist) SRV - [2008.11.03 21:04:01 | 000,072,704 | ---- | M] (Creative Labs) [Auto | Running] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe -- (Creative Labs Licensing Service) SRV - [2008.05.02 15:09:04 | 000,161,048 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService) SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007.11.12 13:07:20 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV) SRV - [2007.11.12 13:07:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters) SRV - [2007.06.28 15:05:40 | 000,131,072 | ---- | M] (Dell) [Auto | Running] -- C:\Program Files\Dell\MFP_DELL\deMntrService.exe -- (deMntrService) SRV - [2007.03.21 14:00:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\vsdatant.win7.sys -- (vsdatant7) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\BCM42RLY.sys -- (BCM42RLY) DRV - [2013.03.27 17:20:00 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2013.03.27 17:20:00 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2013.03.27 17:20:00 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2013.03.04 18:11:31 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2012.09.24 17:44:06 | 000,145,408 | ---- | M] (1&1 Internet AG) [File_System | System | Running] -- C:\Windows\System32\drivers\ui11drdr.SYS -- (ui11drdr) DRV - [2012.08.07 13:50:58 | 000,365,056 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\aksfridge.sys -- (aksfridge) DRV - [2012.06.15 11:39:24 | 000,289,152 | ---- | M] (SafeNet Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\aksusb.sys -- (aksusb) DRV - [2012.04.18 22:04:40 | 000,017,408 | ---- | M] (MARX Datentechnik GmbH ) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CBN.SYS -- (CBN) DRV - [2011.11.03 16:44:20 | 000,027,016 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL) DRV - [2011.08.25 13:58:48 | 000,046,720 | ---- | M] (SafeNet Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\akshhl.sys -- (akshhl) DRV - [2011.08.10 16:05:24 | 000,596,424 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hardlock.sys -- (hardlock) DRV - [2011.05.07 18:51:26 | 000,451,160 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\System32\drivers\vsdatant.sys -- (Vsdatant) DRV - [2010.11.18 02:36:02 | 000,021,744 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Program Files\Dell Support Center\pcdsrvc.pkms -- (PCDSRVC{E9D79540-57D5953E-06020101}_0) DRV - [2010.07.25 19:47:52 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd) DRV - [2009.10.20 20:19:44 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (NPF) DRV - [2009.06.17 14:20:34 | 000,012,648 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\psi_mf.sys -- (PSI) DRV - [2009.03.25 17:48:00 | 000,114,728 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mdm.sys -- (s1018mdm) DRV - [2009.03.25 17:48:00 | 000,109,864 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018unic.sys -- (s1018unic) DRV - [2009.03.25 17:48:00 | 000,106,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mgmt.sys -- (s1018mgmt) DRV - [2009.03.25 17:48:00 | 000,104,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018obex.sys -- (s1018obex) DRV - [2009.03.25 17:48:00 | 000,086,824 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018bus.sys -- (s1018bus) DRV - [2009.03.25 17:48:00 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018nd5.sys -- (s1018nd5) DRV - [2009.03.25 17:48:00 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mdfl.sys -- (s1018mdfl) DRV - [2009.03.13 12:55:26 | 000,238,208 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\akshasp.sys -- (akshasp) DRV - [2008.06.23 14:45:44 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio) DRV - [2008.05.04 11:25:24 | 000,164,400 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService) DRV - [2008.03.06 09:58:44 | 000,111,616 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) DRV - [2008.02.29 13:51:30 | 000,460,544 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PAC7302.SYS -- (PAC7302) DRV - [2008.01.21 04:23:25 | 000,251,904 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTBS23.SYS -- (VSTHWBS2) DRV - [2008.01.21 04:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) DRV - [2007.11.12 13:07:28 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA) DRV - [2007.09.06 18:35:16 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp) DRV - [2007.09.06 18:35:14 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk) DRV - [2007.09.06 18:35:12 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk) DRV - [2007.07.06 07:59:24 | 000,017,536 | ---- | M] (Olivetti-Engineering SA) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\desrvusb.sys -- (DESVUSB) DRV - [2006.11.02 09:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7DADE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.de/ig/dell?hl=de&client=dell-row&channel=de&ibd=2081104 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7DADE_de IE - HKCU\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = hxxp://127.0.0.1:4664/search&s=P9tCKqVvIH1B83UwTjy22RAjeXk?q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://partnerpage.google.com/dell.com/de_de?hl=de&client=dell-row&channel=de&ibd=2081104" FF - prefs.js..extensions.enabledAddons: %7B59c81df5-4b7a-477b-912d-4e0fdf64e5f2%7D:0.9.90 FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.9 FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.6.2 FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.15 FF - prefs.js..extensions.enabledAddons: %7B19503e42-ca3c-4c27-b1e2-9cdb2170ee34%7D:1.5.5.5 FF - prefs.js..extensions.enabledAddons: %7Ba7c6cf7f-112c-4500-a7ea-39801a327e5f%7D:2.0.16 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6 FF - prefs.js..extensions.enabledItems: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}:0.9.86.1 FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.9.2 FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.2 FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.1.0.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.91 FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+(R),version=1.6.2.91: C:\Program Files\NOS\bin\np_gp.dll (NOS Microsystems Ltd.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2012.05.19 22:36:13 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.05.19 00:06:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.05.19 00:06:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 0.9\extensions\\Components: C:\Program Files\Mozilla Sunbird\components [2009.06.09 00:04:20 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 0.9\extensions\\Plugins: C:\Program Files\Mozilla Sunbird\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.05.27 20:41:24 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.05.19 00:06:40 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.05.19 00:06:22 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.05.27 20:41:24 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2008.11.17 11:15:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kolja\AppData\Roaming\mozilla\Extensions [2009.09.22 20:35:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kolja\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions [2009.09.22 20:13:44 | 000,000,000 | ---D | M] (CS Lite) -- C:\Users\Kolja\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\{00084897-021a-4361-8423-083407a033e0} [2009.09.22 20:13:42 | 000,000,000 | ---D | M] (JonDoFox) -- C:\Users\Kolja\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\{437be45a-4114-11dd-b9ab-71d256d89593} [2009.09.22 20:13:45 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\Kolja\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2} [2009.09.22 20:13:44 | 000,000,000 | ---D | M] (Dr.Web anti-virus link checker) -- C:\Users\Kolja\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\{6614d11d-d21d-b211-ae23-815234e1ebb5} [2008.12.28 19:57:25 | 000,000,000 | ---D | M] (SafeCache) -- C:\Users\Kolja\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\{670a77c5-010e-4476-a8ce-d09171318839} [2009.09.22 20:22:04 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Kolja\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232} [2008.12.28 19:57:25 | 000,000,000 | ---D | M] (Temporary Inbox) -- C:\Users\Kolja\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\{ac1e10b8-206d-4746-a18e-0483852dc20b} [2009.09.22 20:13:44 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Kolja\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2008.12.28 19:57:24 | 000,000,000 | ---D | M] (Media Pirate - The video downloader) -- C:\Users\Kolja\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\{cc265d3d-3f6f-0170-a78b-bbbaef7a868c} [2009.09.22 20:13:43 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Kolja\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2008.12.28 19:57:24 | 000,000,000 | ---D | M] (Menu Editor) -- C:\Users\Kolja\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\{EDA7B1D7-F793-4e03-B074-E6F303317FB0} [2009.09.22 20:13:44 | 000,000,000 | ---D | M] (DT Whois) -- C:\Users\Kolja\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\beysim@beysim.net [2009.09.22 20:13:43 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Kolja\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\elemhidehelper@adblockplus.org [2008.12.28 19:58:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kolja\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\toolbar_extras@de.yahoo.com [2013.06.16 08:40:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kolja\AppData\Roaming\mozilla\Firefox\Profiles\v8p38qw0.default\extensions [2013.02.09 11:55:24 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\Kolja\AppData\Roaming\mozilla\Firefox\Profiles\v8p38qw0.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2} [2013.05.31 12:26:43 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Kolja\AppData\Roaming\mozilla\Firefox\Profiles\v8p38qw0.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2011.04.25 11:31:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kolja\AppData\Roaming\mozilla\Firefox\Profiles\v8p38qw0.default\extensions\nostmp [2009.10.15 10:28:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kolja\AppData\Roaming\mozilla\Sunbird\Profiles\2l39cm7p.default\extensions [2009.06.09 10:37:02 | 000,000,000 | ---D | M] (MinimizeToTray [de]) -- C:\Users\Kolja\AppData\Roaming\mozilla\Sunbird\Profiles\2l39cm7p.default\extensions\{31513E58-F253-47ad-86DB-D5F21E905429} [2009.07.09 23:00:50 | 000,000,000 | ---D | M] (Update Notifier [de]) -- C:\Users\Kolja\AppData\Roaming\mozilla\Sunbird\Profiles\2l39cm7p.default\extensions\{95f24680-9e31-11da-a746-0800200c9a66} [2009.06.17 10:21:25 | 000,000,000 | ---D | M] (Minimize To Tray Enhancer) -- C:\Users\Kolja\AppData\Roaming\mozilla\Sunbird\Profiles\2l39cm7p.default\extensions\{de1b245c-de57-11da-ba2d-0050c2490048} [2013.06.12 15:03:04 | 000,350,663 | ---- | M] () (No name found) -- C:\Users\Kolja\AppData\Roaming\mozilla\firefox\profiles\v8p38qw0.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2013.05.27 14:13:54 | 000,534,261 | ---- | M] () (No name found) -- C:\Users\Kolja\AppData\Roaming\mozilla\firefox\profiles\v8p38qw0.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013.06.16 08:40:42 | 000,868,738 | ---- | M] () (No name found) -- C:\Users\Kolja\AppData\Roaming\mozilla\firefox\profiles\v8p38qw0.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi [2013.05.09 20:46:52 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\Kolja\AppData\Roaming\mozilla\firefox\profiles\v8p38qw0.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.05.24 15:44:17 | 000,269,448 | ---- | M] () (No name found) -- C:\Users\Kolja\AppData\Roaming\mozilla\firefox\profiles\v8p38qw0.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2009.05.21 14:43:50 | 000,000,931 | ---- | M] () -- C:\Users\Kolja\AppData\Roaming\mozilla\firefox\profiles\v8p38qw0.default\searchplugins\dictionary.xml [2013.05.19 00:06:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2013.05.19 00:06:20 | 000,000,000 | ---D | M] (Yahoo! Deutschland Toolbar und Extras) -- C:\Program Files\Mozilla Firefox\extensions\toolbar_extras@de.yahoo.com [2013.05.19 00:06:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions [2013.05.19 00:06:40 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.) O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.) O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.) O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [C:\Program Files\Free Video Zilla\FVZilla.exe] File not found O4 - HKLM..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter File not found O4 - HKLM..\Run: [ECenter] C:\DELL\E-Center\EULALauncher.exe ( ) O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe (shbox.de) O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation) O4 - HKLM..\Run: [ISW] File not found O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [PAC7302_Monitor] C:\Windows\PixArt\PAC7302\Monitor.exe (PixArt Imaging Incorporation) O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.) O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe (IDT, Inc.) O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet) O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AD66A9BC-A675-4792-BF15-AD0D3DE488A0}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B132EC71-7A1A-4CAE-97C1-5ECE0779137E}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.) O24 - Desktop WallPaper: C:\Users\Kolja\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Kolja\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011.05.07 06:18:40 | 000,000,000 | ---D | M] - C:\AutoCAD 2006 -- [ NTFS ] O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{6c819991-1396-11e1-bbac-00219be5c505}\Shell - "" = AutoRun O33 - MountPoints2\{6c819991-1396-11e1-bbac-00219be5c505}\Shell\AutoRun\command - "" = F:\Startme.exe O33 - MountPoints2\{eec6e07a-57fb-11de-8a23-00219be5c505}\Shell\AutoRun\command - "" = F:\setup.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.06.16 12:41:48 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Kolja\Desktop\OTL.exe [2013.06.16 12:25:12 | 000,000,000 | ---D | C] -- C:\Users\Kolja\Desktop\Blacole Scan [2013.06.14 18:47:28 | 000,000,000 | ---D | C] -- C:\Users\Kolja\Desktop\Lexware Unterlagen [2013.06.12 18:07:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\D-Fend Reloaded [2013.06.12 18:06:54 | 000,000,000 | ---D | C] -- C:\Users\Kolja\D-Fend Reloaded [2013.06.12 18:06:53 | 000,000,000 | ---D | C] -- C:\Program Files\D-Fend Reloaded [2013.06.12 17:46:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Greenwood Entertainment [2013.06.12 17:45:57 | 000,000,000 | ---D | C] -- C:\Program Files\Der Planer 1 [2013.05.27 20:41:24 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird [2013.05.19 00:06:18 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.06.16 12:41:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kolja\Desktop\OTL.exe [2013.06.16 12:33:10 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013.06.16 12:33:10 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013.06.16 12:33:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.06.16 12:32:52 | 3208,716,288 | -HS- | M] () -- C:\hiberfil.sys [2013.06.16 12:30:02 | 000,000,020 | ---- | M] () -- C:\Users\Kolja\defogger_reenable [2013.06.16 12:28:30 | 000,050,477 | ---- | M] () -- C:\Users\Kolja\Desktop\Defogger.exe [2013.06.16 11:51:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.06.16 09:01:52 | 000,000,422 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job [2013.06.14 18:40:57 | 000,131,790 | ---- | M] () -- C:\Users\Kolja\Desktop\login_seite.jpg [2013.06.12 17:48:49 | 000,000,770 | ---- | M] () -- C:\Users\Public\Desktop\Der Planer 1.lnk [2013.06.08 23:57:14 | 000,304,160 | ---- | M] () -- C:\PA7302.DAT [2013.06.01 21:07:48 | 000,006,156 | ---- | M] () -- C:\Users\Kolja\Desktop\C -Dokumente und Einstellungen-Mipo-Desktop-MIPOKOKO-Liege-1.pdf [2013.05.27 20:41:59 | 000,384,187 | ---- | M] () -- C:\Users\Kolja\Desktop\RG Gutschein gemindert0001.pdf [2013.05.24 21:32:41 | 000,644,298 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.05.24 21:32:41 | 000,609,156 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.05.24 21:32:41 | 000,134,004 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.05.24 21:32:41 | 000,110,290 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.05.20 22:37:47 | 009,274,969 | ---- | M] () -- C:\Users\Kolja\Desktop\pka.pdf [2013.05.17 23:08:56 | 000,384,368 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.06.16 12:29:37 | 000,000,020 | ---- | C] () -- C:\Users\Kolja\defogger_reenable [2013.06.16 12:28:29 | 000,050,477 | ---- | C] () -- C:\Users\Kolja\Desktop\Defogger.exe [2013.06.14 18:40:57 | 000,131,790 | ---- | C] () -- C:\Users\Kolja\Desktop\login_seite.jpg [2013.06.12 17:46:05 | 000,000,770 | ---- | C] () -- C:\Users\Public\Desktop\Der Planer 1.lnk [2013.06.01 21:07:48 | 000,006,156 | ---- | C] () -- C:\Users\Kolja\Desktop\C -Dokumente und Einstellungen-Mipo-Desktop-MIPOKOKO-Liege-1.pdf [2013.05.27 20:41:59 | 000,384,187 | ---- | C] () -- C:\Users\Kolja\Desktop\RG Gutschein gemindert0001.pdf [2013.05.20 22:37:28 | 009,274,969 | ---- | C] () -- C:\Users\Kolja\Desktop\pka.pdf [2013.01.07 21:58:30 | 000,000,218 | ---- | C] () -- C:\Users\Kolja\.recently-used.xbel [2012.09.11 23:03:00 | 000,005,870 | ---- | C] () -- C:\Users\Kolja\AppData\Local\recently-used.xbel [2012.05.01 21:49:26 | 000,164,193 | ---- | C] () -- C:\Windows\hpoins19.dat [2012.05.01 21:48:51 | 000,026,952 | ---- | C] () -- C:\Windows\hpomdl19.dat [2012.04.18 22:06:06 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CBNDLL.DLL [2012.04.18 22:03:11 | 000,343,040 | ---- | C] () -- C:\Windows\System32\lffpx7.dll [2012.04.18 22:03:11 | 000,116,736 | ---- | C] () -- C:\Windows\System32\lfkodak.dll [2012.04.18 22:03:11 | 000,068,096 | ---- | C] () -- C:\Windows\System32\lfplt11n.dll [2012.04.17 21:52:31 | 000,032,256 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll [2012.03.05 12:46:48 | 000,000,600 | ---- | C] () -- C:\Users\Kolja\AppData\Roaming\winscp.rnd [2011.08.29 20:43:55 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll [2011.08.29 20:43:55 | 000,045,056 | ---- | C] () -- C:\Windows\System32\unredmon.exe [2011.02.20 14:52:54 | 000,000,093 | ---- | C] () -- C:\Users\Kolja\AppData\Local\fusioncache.dat [2011.01.18 20:10:22 | 000,000,428 | ---- | C] () -- C:\Users\Kolja\cademia.ini [2010.10.23 14:47:45 | 000,011,247 | ---- | C] () -- C:\Users\Kolja\gsview32.ini [2010.08.31 15:49:51 | 000,000,106 | ---- | C] () -- C:\Users\Kolja\.bouml [2010.08.31 15:48:19 | 000,000,150 | ---- | C] () -- C:\Users\Kolja\.boumlrc [2009.05.15 11:30:23 | 000,010,599 | ---- | C] () -- C:\Users\Kolja\_elster_2048.pfx [2009.01.28 10:28:39 | 000,000,600 | ---- | C] () -- C:\Users\Kolja\AppData\Local\PUTTY.RND [2008.12.30 22:21:13 | 000,000,796 | ---- | C] () -- C:\Users\Kolja\AppData\Roaming\wklnhst.dat [2008.12.28 20:05:13 | 000,403,052 | ---- | C] () -- C:\Users\Kolja\jap.conf [2008.12.21 17:04:40 | 000,006,648 | ---- | C] () -- C:\Users\Kolja\AppData\Local\d3d9caps.dat [2008.11.17 15:09:30 | 000,024,064 | ---- | C] () -- C:\Users\Kolja\AppData\Roaming\UserTile.png [2008.11.17 12:22:07 | 000,120,832 | ---- | C] () -- C:\Users\Kolja\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.03.28 15:44:38 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\1&1 [2012.05.05 22:57:44 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\Audacity [2011.07.02 18:21:07 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\Autodesk [2011.11.13 14:12:42 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\CheckPoint [2008.12.21 17:07:08 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\DAEMON Tools [2009.06.02 12:55:23 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\DAEMON Tools Lite [2008.12.21 17:07:08 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\DAEMON Tools Pro [2010.02.22 19:02:29 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\DeepBurner [2011.02.15 21:21:20 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\DVDVideoSoft [2011.05.19 17:55:24 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\elsterformular [2009.10.05 15:42:27 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\FLV Extract [2013.06.14 18:46:01 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\foobar2000 [2011.08.29 20:43:52 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\FreePDF [2010.03.03 10:37:57 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\FVZilla [2013.03.02 12:08:02 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\GrooveWalrus [2012.09.03 20:54:52 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\gtk-2.0 [2012.09.12 21:35:38 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\inkscape [2009.06.22 18:53:37 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\IrfanView [2009.09.22 19:55:53 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\JonDo [2009.03.16 16:14:23 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\KhomsanPh [2009.08.10 17:29:39 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\Miranda [2012.03.30 22:44:14 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\Notepad++ [2008.11.17 11:31:08 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\OpenOffice.org [2010.12.12 15:23:46 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\PCDr [2008.11.17 15:09:29 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\PeerNetworking [2009.03.28 10:05:44 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\rockbox.org [2011.11.20 20:16:27 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\Sony [2011.11.20 20:23:41 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\Sony Setup [2010.05.12 16:25:30 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\Subversion [2008.12.30 22:21:14 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\Template [2012.03.08 18:53:57 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\Thunderbird [2010.04.30 15:11:41 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\Transcend [2010.10.14 10:52:41 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\UDP Software [2012.10.28 22:02:44 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\UFOAI [2009.08.01 18:39:06 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\Uniblue ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 16.06.2013 12:44:12 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Kolja\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19437)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,99 Gb Total Physical Memory | 1,94 Gb Available Physical Memory | 64,87% Memory free
6,20 Gb Paging File | 5,10 Gb Available in Paging File | 82,31% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220,28 Gb Total Space | 54,16 Gb Free Space | 24,59% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 4,24 Gb Free Space | 42,35% Space Free | Partition Type: NTFS
Computer Name: KEN | User Name: Kolja | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.scr [@ = AutoCADScriptFile] -- C:\Program Files\Notepad++\notepad++.exe (Don HO don.h@free.fr)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [dm Fotowelt] -- "C:\Program Files\dm\dm Fotowelt\dm Fotowelt.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 1
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Free Video Zilla\FVZilla.exe" = C:\Program Files\Free Video Zilla\FVZilla.exe:*:Enabled:FVZilla -- ()
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1B6390C5-449B-4DD2-A2A7-48ABFE775754}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{433A9AAF-D2F3-4F07-9377-8D9F88C05A79}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{47AE5147-4EDD-4F65-A44F-F690627E92D7}" = lport=2869 | protocol=6 | dir=in | app=system |
"{6FF52260-FB37-47B2-8CA1-16F4FFD1AC7D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{746D91EB-8DD7-4FEC-90DF-A7D963094B62}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AE31AF05-77F5-41AF-B044-D1D83EED9FCC}" = lport=10243 | protocol=6 | dir=in | app=system |
"{BDEC205E-BB07-4B32-A0AB-F8A43F03585C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C522C89D-EAA6-4704-A4A7-25990CBFD485}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D81A31E1-A993-4F79-8845-D5795CFB567E}" = rport=10243 | protocol=6 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{028FB875-F191-4192-B58D-DF0A310C51D9}" = dir=in | app=c:\windows\system32\hasplms.exe |
"{04AE63A1-FC37-42CF-AED8-0D89648D4AFE}" = dir=in | app=c:\windows\system32\hasplms.exe |
"{04EA802C-59BD-481A-9C3D-44B44DA885A2}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\mmm\counter-strike\hl.exe |
"{0652E0AE-ED6E-4511-880A-341C65FEAA7C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1A57E27F-D7E4-41EF-989B-7AE67087B4CF}" = dir=in | app=c:\windows\system32\hasplms.exe |
"{1F0FCBB9-5EA7-4418-BC23-F6496AAC5373}" = dir=in | app=c:\program files\dell\mediadirect\mediadirect.exe |
"{2DDD7258-A32A-4BE4-BD68-795B188C8C70}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\mmm\counter-strike\hl.exe |
"{33F0EE8E-1F98-40D2-A3AA-B4DD36A31B51}" = protocol=6 | dir=in | app=c:\windows\system32\hasplms.exe |
"{44978D35-09A9-4263-8664-3EE351914D00}" = dir=in | app=c:\windows\system32\hasplms.exe |
"{453885A0-C26C-4900-B855-C246197D7128}" = protocol=17 | dir=in | app=c:\windows\system32\zonelabs\vsmon.exe |
"{49ED0CC6-F097-4A67-8451-679CA5058E52}" = dir=in | app=c:\windows\system32\hasplms.exe |
"{4B65D8F8-9ABF-4F7A-9484-723B9C94F379}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5649739A-BA89-4572-AAB1-8069DCDA123F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5B3D1C26-1A80-4BC6-9EB2-D41780544A51}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{5D6DA21D-6975-41E1-89BD-66ACB4CEFEB5}" = dir=in | app=c:\windows\system32\hasplms.exe |
"{61FE656C-AE1D-404B-9199-225A60028DC9}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dms\clmsservice.exe |
"{66C07633-7367-4766-9B0D-5CE2ECBAA410}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dmp\clbrowserengine.exe |
"{6760E8DB-19DC-43A5-A6C9-27E1CA322D84}" = protocol=6 | dir=out | app=system |
"{685B5C88-4202-4A40-947B-A4EC76CEE3EC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{72E90EA2-89AF-4BEB-A376-115AA76FE20C}" = dir=in | app=c:\windows\system32\hasplms.exe |
"{78C7DDCD-117B-4CFE-9B19-07CCFC66518F}" = dir=in | app=c:\windows\system32\hasplms.exe |
"{79CC6DF5-0C6A-4CBA-B747-9162E33F6D21}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{83B97AE6-0827-487F-BB8A-1F956CB5B78A}" = dir=in | app=c:\windows\system32\hasplms.exe |
"{898F8F8A-E91D-4FD0-B8EE-E0E0EBB076E6}" = dir=in | app=c:\program files\dell\mediadirect\pcmservice.exe |
"{8B78EB47-E046-49E0-BEDF-0795AE587A0E}" = protocol=17 | dir=in | app=c:\windows\system32\hasplms.exe |
"{A310EF3A-77DF-40F9-9F26-6B749DC3C9E8}" = dir=in | app=c:\windows\system32\hasplms.exe |
"{A6DA462C-EFBC-4B94-AF23-DF72A584A61E}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{B0ED171B-C7C9-4050-8D11-740C9393A958}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C1B47416-9FF1-4748-BCFC-0D8E746B312C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C263726D-4FD9-460B-B0FC-91F2554ADC05}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CFD817DE-D573-4FFF-B684-9504A3F11CCF}" = dir=in | app=c:\windows\system32\hasplms.exe |
"{D52445DF-4696-46DA-A64B-DA669C0191AC}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{D8C00789-E408-4081-829A-18132B811926}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DF3217AF-0B2A-4466-B9B5-087FA13CD4F1}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E0701F89-1B9F-4402-8365-5D2A0CF59354}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{E166DC6A-567C-41E2-9E8F-B11F04182F78}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{E585ABB1-D157-4BB5-A07C-D639280FF8A8}" = dir=in | app=c:\windows\system32\hasplms.exe |
"{EF06733F-D57A-43A5-BA15-3A721EF01D4D}" = protocol=6 | dir=in | app=c:\windows\system32\zonelabs\vsmon.exe |
"{FC785247-E88C-4585-9627-F7A0D793375E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{429A3810-A1D7-40E7-ACFE-A76ADAAB65C5}C:\program files\nwn\nwmain.exe" = protocol=6 | dir=in | app=c:\program files\nwn\nwmain.exe |
"TCP Query User{C0543E5A-05D3-4B3D-9A85-3E39401953ED}C:\program files\nwn\nwserver.exe" = protocol=6 | dir=in | app=c:\program files\nwn\nwserver.exe |
"UDP Query User{123871A1-14DA-4839-8ECE-3D84AAD15A2E}C:\program files\nwn\nwserver.exe" = protocol=17 | dir=in | app=c:\program files\nwn\nwserver.exe |
"UDP Query User{BA858A72-564D-4B7A-B5F2-764DC328612D}C:\program files\nwn\nwmain.exe" = protocol=17 | dir=in | app=c:\program files\nwn\nwmain.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00762C8C-31A8-4892-9960-587872CAE77C}" = Dell All-In-One Center
"{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{044F9133-B8D7-4d11-BF39-803FA20F5C8B}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}" = ElsterFormular 2008/2009
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{0E592C31-09EF-3CA1-A7DE-05D13DFCF791}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - deu
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{13702021-43FB-480C-912F-D9B74A538288}" = OpenProj
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{294EAADF-E50F-4DD8-AD8D-19587EA10512}" = Modem Diagnostic Tool
"{2A414CBE-CDF3-48C6-A91B-D3D4522F8EB5}" = Sentinel Runtime
"{2ADE2157-7A5E-122C-B51D-EB8A01B15943}" = DeepBurner v1.9.0.228
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B6AD248-D3BF-426A-8D64-847288154F13}" = QuickSet
"{4C552FD3-2CCD-4E00-AC64-0681DBB3F8B5}" = OpenOffice.org 3.4
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{500ECB5F-B2E8-4A46-80FF-FFFDB7AFC103}" = ScanSoft OmniPage SE 4
"{53C6D09E-EAB6-49E5-BA4C-BA7FF13830FB}" = Sound Blaster Audigy ADVANCED MB
"{5783F2D7-4001-0407-0002-0060B0CE6BBA}" = AutoCAD 2006 - Deutsch
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{5D6C26B9-D9E7-4E77-A4DE-0C2B242E85FA}" = ZoneAlarm Firewall
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{6A23CD7D-7A85-4D3E-8CF9-006F98A60B9F}" = SEMA Holzbausoftware V12.1 (de)
"{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{738B0934-6676-44F6-AB52-32F4E60DCA7F}" = Microsoft SQL Server Compact 3.5 SP1 Design Tools (Deutsch)
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{75B9B1F8-0F07-11D6-A801-0050FC209733}" = Capitalism II
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax
"{7C503E58-B2BC-11D5-978A-0050BA84F5F7}" = Neverwinter Nights
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations
"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{9cc89170-000b-457d-91f1-53691f85b223}" = Python 2.6.1
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy
"{A3C76924-B911-4766-A1FD-367D13277CB3}_is1" = GrooveWalrus 0.382
"{A59AB961-BE82-41E0-B0FB-648DFA6DDEA4}" = PC VGA Camer@ Plus
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.7) - Deutsch
"{AFA20D47-69C3-4030-8DF8-D37466E70F13}" = Apple Mobile Device Support
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B935C985-A17F-484B-8470-09E4FC27DC26}" = Dell-eBay
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{BEC98AB1-991D-4A2D-9FDD-10F3DEBAF568}" = Dell Photo AIO 928
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C4BC01F3-B7E6-49FA-8FBE-6B62FDF9CED0}" = ZoneAlarm Security
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C7CA731B-BF9A-46D9-92CF-8A8737AE9240}" = System Requirements Lab for Intel
"{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}" = HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DEC2C123-3CE0-4669-B119-61519130CACD}" = TortoiseSVN 1.6.10.19898 (32 bit)
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E09575B2-498D-4C8B-A9D2-623F78574F29}" = AIO_CDB_Software
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{EC610A5F-4957-4CA3-8825-D91D5D492086}" = ActivePerl 5.12.2 Build 1202
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony Ericsson PC Companion 2.01.231
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects
"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8D315CF-615E-3AAC-ABF6-C0FA91EDDDBA}" = Microsoft Visual C# 2008 Express Edition with SP1 - DEU
"{FA440BE8-EC2F-4478-A01A-077DA0606501}" = Microsoft SQL Server Compact 3.5 SP1 (Deutsch)
"{FD023F61-65E9-465C-B558-7C64EB2B97E6}" = Dell Handbuch zum Einstieg
"{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"1&1 Office-Drive Manager" = 1&1 Office-Drive Manager
"7-Zip" = 7-Zip 4.64
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.6 (Unicode)
"Autodesk DWF Viewer" = Autodesk DWF Viewer
"Avira AntiVir Desktop" = Avira Free Antivirus
"B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind
"CDex" = CDex - Open Source Digital Audio CD Extractor
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"Dell Support Center" = Dell Support Center
"Der Planer 1" = Der Planer 1
"D-Fend Reloaded" = D-Fend Reloaded 1.3.3 (deinstallieren)
"dm Fotowelt" = dm Fotowelt
"ElsterFormular 11.4.1.4323" = ElsterFormular Upgrade
"foobar2000" = foobar2000 v1.2.3
"Free FLV to AVI MP4 3GP WMV MP3 Converter_is1" = Free FLV to AVI MP4 3GP WMV MP3 Converter v2.2
"Free Video Zilla_is1" = Free Video Zilla
"FreePDF_XP" = FreePDF (Remove only)
"GIMP-2_is1" = GIMP 2.8.2
"Google Desktop" = Google Desktop
"GoToAssist" = GoToAssist 8.0.0.514
"GPL Ghostscript 9.00" = GPL Ghostscript 9.00
"GSview 4.9" = GSview 4.9
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPOCR" = HP OCR Software 8.0
"Hydrogen" = Hydrogen
"Inkscape" = Inkscape 0.48.2
"IrfanView" = IrfanView (remove only)
"JAP" = JAP
"JDownloader" = JDownloader
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"LastFM_is1" = Last.fm Scrobbler 2.1.33
"MechCommander2 1.0" = Microsoft MechCommander 2
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Visual C# 2008 Express Edition with SP1 - DEU" = Microsoft Visual C# 2008 Express Edition mit SP1 - DEU
"MiKTeX 2.8" = MiKTeX 2.8
"Miranda IM" = Miranda IM 0.8.3
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"Mozilla Sunbird (0.9)" = Mozilla Sunbird (0.9)
"Mozilla Thunderbird 17.0.6 (x86 de)" = Mozilla Thunderbird 17.0.6 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"musikCube" = musikCube 1.0
"Notepad++" = Notepad++
"OptiPNG-UI1.0.0.2" = OptiPNG-UI
"PokerStars" = PokerStars
"PuTTY_is1" = PuTTY version 0.62
"R for Windows 2.11.1_is1" = R for Windows 2.11.1
"Recuva" = Recuva
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"RuckZuck 4.0" = RuckZuck 4.0
"Secunia PSI" = Secunia PSI
"SecureW2 EAP Suite" = SecureW2 EAP Suite 2.0.4 for Windows
"Steam App 10" = Counter-Strike
"SystemRequirementsLab" = System Requirements Lab
"TeXnicCenter_is1" = TeXnicCenter Version 1.0 Stable RC1
"VLC media player" = VLC media player 2.0.2
"WinMerge_is1" = WinMerge 2.12.4
"WinPcapInst" = WinPcap 4.1.1
"winscp3_is1" = WinSCP 4.3.7
"ZMBV" = Zip Motion Block Video codec (Remove Only)
"ZoneAlarm Free" = ZoneAlarm Free
"ZoneAlarm Toolbar" = ZoneAlarm Toolbar
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"0cb53dcd03c12ddd" = Blitzableiter
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
"uTorrent" = µTorrent
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 12.06.2013 11:47:47 | Computer Name = Ken | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung cmd.exe, Version 6.0.6001.18000, Zeitstempel
0x47918bde, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
Ausnahmecode 0xc0000005, Fehleroffset 0x033900a5, Prozess-ID 0xa40, Anwendungsstartzeit
01ce67842fa0b363.
Error - 12.06.2013 11:48:04 | Computer Name = Ken | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung cmd.exe, Version 6.0.6001.18000, Zeitstempel
0x47918bde, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
Ausnahmecode 0xc0000005, Fehleroffset 0x033600a5, Prozess-ID 0x8d8, Anwendungsstartzeit
01ce678439ade1c3.
Error - 13.06.2013 04:05:38 | Computer Name = Ken | Source = WinMgmt | ID = 10
Description =
Error - 13.06.2013 04:18:09 | Computer Name = Ken | Source = Perflib | ID = 1010
Description =
Error - 13.06.2013 04:18:11 | Computer Name = Ken | Source = Perflib | ID = 1008
Description =
Error - 14.06.2013 02:47:20 | Computer Name = Ken | Source = WinMgmt | ID = 10
Description =
Error - 15.06.2013 03:00:05 | Computer Name = Ken | Source = Perflib | ID = 1010
Description =
Error - 15.06.2013 03:00:07 | Computer Name = Ken | Source = Perflib | ID = 1008
Description =
Error - 16.06.2013 03:00:06 | Computer Name = Ken | Source = Perflib | ID = 1010
Description =
Error - 16.06.2013 06:34:37 | Computer Name = Ken | Source = WinMgmt | ID = 10
Description =
[ Broadcom Wireless LAN Events ]
Error - 08.06.2009 08:36:56 | Computer Name = Ken | Source = WLAN-Tray | ID = 0
Description = 14:36:56, Mon, Jun 08, 09 Error - User "" does not have administrative
privileges on this system
Error - 21.06.2009 09:38:22 | Computer Name = Ken | Source = WLAN-Tray | ID = 0
Description = 15:38:21, Sun, Jun 21, 09 Error - Unable to gain access to user store
Error - 05.11.2012 15:56:05 | Computer Name = Ken | Source = WLAN-Tray | ID = 0
Description = Error - Error in creating key container - -2146893809 (Broadcom Wireless
Adapter Manager Container)
[ System Events ]
Error - 12.06.2013 10:45:01 | Computer Name = Ken | Source = Service Control Manager | ID = 7000
Description =
Error - 12.06.2013 10:50:36 | Computer Name = Ken | Source = bowser | ID = 8003
Description =
Error - 12.06.2013 15:14:40 | Computer Name = Ken | Source = bowser | ID = 8003
Description =
Error - 13.06.2013 04:05:39 | Computer Name = Ken | Source = Service Control Manager | ID = 7000
Description =
Error - 13.06.2013 12:57:57 | Computer Name = Ken | Source = bowser | ID = 8003
Description =
Error - 14.06.2013 02:47:21 | Computer Name = Ken | Source = Service Control Manager | ID = 7000
Description =
Error - 14.06.2013 13:41:29 | Computer Name = Ken | Source = bowser | ID = 8003
Description =
Error - 15.06.2013 09:06:37 | Computer Name = Ken | Source = bowser | ID = 8003
Description =
Error - 16.06.2013 06:19:30 | Computer Name = Ken | Source = bowser | ID = 8003
Description =
Error - 16.06.2013 06:34:39 | Computer Name = Ken | Source = Service Control Manager | ID = 7000
Description =
< End of report >
Der Absturz kam jeweils während des laufenden Scans. Virenscanner war aus, Netzwerkkabel abgezogen. Vielen Dank schonmal im Voraus für eure Hilfe. :) |
|
16.06.2013, 14:52
| #2 |
| /// Malware-holic   | JS/Blacole.GB.158 Infektion Hi,
__________________Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ |
|
16.06.2013, 16:11
| #3 |
| | JS/Blacole.GB.158 Infektion Hi markusg,
__________________danke für die schnelle Antwort. Hier ist das TDSSKiller.log Code:
ATTFilter 16:56:13.0535 5300 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
16:56:13.0597 5300 ============================================================
16:56:13.0597 5300 Current date / time: 2013/06/16 16:56:13.0597
16:56:13.0597 5300 SystemInfo:
16:56:13.0597 5300
16:56:13.0597 5300 OS Version: 6.0.6002 ServicePack: 2.0
16:56:13.0597 5300 Product type: Workstation
16:56:13.0597 5300 ComputerName: KEN
16:56:13.0597 5300 UserName: Kolja
16:56:13.0597 5300 Windows directory: C:\Windows
16:56:13.0597 5300 System windows directory: C:\Windows
16:56:13.0597 5300 Processor architecture: Intel x86
16:56:13.0597 5300 Number of processors: 2
16:56:13.0597 5300 Page size: 0x1000
16:56:13.0597 5300 Boot type: Normal boot
16:56:13.0597 5300 ============================================================
16:56:14.0362 5300 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
16:56:14.0362 5300 ============================================================
16:56:14.0362 5300 \Device\Harddisk0\DR0:
16:56:14.0362 5300 MBR partitions:
16:56:14.0362 5300 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x37000, BlocksNum 0x1400000
16:56:14.0362 5300 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1437000, BlocksNum 0x1B88DFF8
16:56:14.0393 5300 ============================================================
16:56:14.0471 5300 C: <-> \Device\Harddisk0\DR0\Partition2
16:56:14.0533 5300 D: <-> \Device\Harddisk0\DR0\Partition1
16:56:14.0533 5300 ============================================================
16:56:14.0533 5300 Initialize success
16:56:14.0533 5300 ============================================================
16:56:54.0313 3864 ============================================================
16:56:54.0313 3864 Scan started
16:56:54.0313 3864 Mode: Manual; SigCheck; TDLFS;
16:56:54.0313 3864 ============================================================
16:56:55.0202 3864 ================ Scan system memory ========================
16:56:55.0202 3864 System memory - ok
16:56:55.0202 3864 ================ Scan services =============================
16:56:55.0623 3864 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
16:56:55.0748 3864 ACPI - ok
16:56:55.0982 3864 [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
16:56:55.0998 3864 AdobeARMservice - ok
16:56:56.0138 3864 [ 9915504F602D277EE47FD843A677FD15 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
16:56:56.0154 3864 AdobeFlashPlayerUpdateSvc - ok
16:56:56.0232 3864 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
16:56:56.0263 3864 adp94xx - ok
16:56:56.0325 3864 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys
16:56:56.0357 3864 adpahci - ok
16:56:56.0372 3864 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
16:56:56.0388 3864 adpu160m - ok
16:56:56.0419 3864 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
16:56:56.0435 3864 adpu320 - ok
16:56:56.0497 3864 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
16:56:56.0544 3864 AeLookupSvc - ok
16:56:56.0575 3864 [ EF1142512BEC12F1C2C87735DA1755BE ] AESTFilters C:\Windows\system32\aestsrv.exe
16:56:56.0669 3864 AESTFilters - ok
16:56:56.0793 3864 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
16:56:56.0809 3864 AFD - ok
16:56:56.0856 3864 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys
16:56:56.0871 3864 agp440 - ok
16:56:56.0903 3864 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
16:56:56.0918 3864 aic78xx - ok
16:56:56.0965 3864 [ C6397472A8788505FB23C85441837978 ] aksfridge C:\Windows\system32\DRIVERS\aksfridge.sys
16:56:56.0996 3864 aksfridge - ok
16:56:57.0059 3864 [ 64FC197D24A2B240598F29CE0A6660C0 ] akshasp C:\Windows\system32\DRIVERS\akshasp.sys
16:56:57.0105 3864 akshasp - ok
16:56:57.0199 3864 [ DFD3C25A2AAB48668E14AEF0316A0522 ] akshhl C:\Windows\system32\DRIVERS\akshhl.sys
16:56:57.0246 3864 akshhl - ok
16:56:57.0339 3864 [ 5934CF026DE26F5E3BA49B0CFD662B0F ] aksusb C:\Windows\system32\DRIVERS\aksusb.sys
16:56:57.0386 3864 aksusb - ok
16:56:57.0417 3864 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
16:56:57.0464 3864 ALG - ok
16:56:57.0495 3864 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys
16:56:57.0511 3864 aliide - ok
16:56:57.0573 3864 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys
16:56:57.0589 3864 amdagp - ok
16:56:57.0620 3864 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys
16:56:57.0636 3864 amdide - ok
16:56:57.0667 3864 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
16:56:57.0683 3864 AmdK7 - ok
16:56:57.0714 3864 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
16:56:57.0776 3864 AmdK8 - ok
16:56:57.0963 3864 [ D9A92E6DD41C5ADC045AE485026AA40C ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
16:56:57.0979 3864 AntiVirSchedulerService - ok
16:56:58.0088 3864 [ 66A7A38F7C439153B758548375EB9E5E ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
16:56:58.0104 3864 AntiVirService - ok
16:56:58.0151 3864 [ A80230BD04F0B8BF05185B369BB1CBB8 ] ApfiltrService C:\Windows\system32\DRIVERS\Apfiltr.sys
16:56:58.0182 3864 ApfiltrService - ok
16:56:58.0244 3864 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
16:56:58.0307 3864 Appinfo - ok
16:56:58.0385 3864 [ 43DC4FC662DF064535E30B17C8B5AB00 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
16:56:58.0400 3864 Apple Mobile Device - ok
16:56:58.0463 3864 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys
16:56:58.0478 3864 arc - ok
16:56:58.0572 3864 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys
16:56:58.0587 3864 arcsas - ok
16:56:58.0728 3864 [ 40C145F12FF461A0220303BDA134F598 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
16:56:58.0743 3864 aspnet_state - ok
16:56:58.0775 3864 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
16:56:58.0821 3864 AsyncMac - ok
16:56:58.0899 3864 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys
16:56:58.0915 3864 atapi - ok
16:56:59.0024 3864 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:56:59.0071 3864 AudioEndpointBuilder - ok
16:56:59.0087 3864 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
16:56:59.0118 3864 Audiosrv - ok
16:56:59.0321 3864 [ 7CC8CD6F86054C563E47E7F063CE7A61 ] Autodesk Licensing Service C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
16:56:59.0336 3864 Autodesk Licensing Service - ok
16:56:59.0414 3864 [ 87425709A251386064C99B684BF96F72 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
16:56:59.0430 3864 avgntflt - ok
16:56:59.0539 3864 [ D50FBA68163BC498F2C136E0E5BA8E2F ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
16:56:59.0555 3864 avipbb - ok
16:56:59.0586 3864 [ CB8741CD7B126499FED40C9B197F6AC5 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
16:56:59.0601 3864 avkmgr - ok
16:56:59.0617 3864 BCM42RLY - ok
16:56:59.0679 3864 [ FA6707A346CD122407F3B0BAD1C47639 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl6.sys
16:56:59.0742 3864 BCM43XX - ok
16:56:59.0867 3864 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
16:56:59.0898 3864 Beep - ok
16:56:59.0991 3864 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
16:57:00.0023 3864 BFE - ok
16:57:00.0132 3864 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\System32\qmgr.dll
16:57:00.0225 3864 BITS - ok
16:57:00.0319 3864 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
16:57:00.0350 3864 blbdrive - ok
16:57:00.0444 3864 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
16:57:00.0459 3864 bowser - ok
16:57:00.0491 3864 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
16:57:00.0553 3864 BrFiltLo - ok
16:57:00.0584 3864 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
16:57:00.0615 3864 BrFiltUp - ok
16:57:00.0647 3864 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
16:57:00.0693 3864 Browser - ok
16:57:00.0756 3864 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
16:57:00.0927 3864 Brserid - ok
16:57:00.0959 3864 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
16:57:01.0052 3864 BrSerWdm - ok
16:57:01.0068 3864 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
16:57:01.0130 3864 BrUsbMdm - ok
16:57:01.0146 3864 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
16:57:01.0224 3864 BrUsbSer - ok
16:57:01.0302 3864 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
16:57:01.0349 3864 BTHMODEM - ok
16:57:01.0473 3864 [ 946595DA193C5B49062FDF23BDE5C764 ] CBN C:\Windows\System32\Drivers\CBN.SYS
16:57:01.0473 3864 CBN ( UnsignedFile.Multi.Generic ) - warning
16:57:01.0473 3864 CBN - detected UnsignedFile.Multi.Generic (1)
16:57:01.0505 3864 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
16:57:01.0536 3864 cdfs - ok
16:57:01.0598 3864 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
16:57:01.0614 3864 cdrom - ok
16:57:01.0707 3864 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
16:57:01.0754 3864 CertPropSvc - ok
16:57:01.0785 3864 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\drivers\circlass.sys
16:57:01.0832 3864 circlass - ok
16:57:01.0910 3864 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
16:57:01.0926 3864 CLFS - ok
16:57:01.0973 3864 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:57:01.0988 3864 clr_optimization_v2.0.50727_32 - ok
16:57:02.0191 3864 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:57:02.0222 3864 clr_optimization_v4.0.30319_32 - ok
16:57:02.0253 3864 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
16:57:02.0285 3864 CmBatt - ok
16:57:02.0331 3864 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys
16:57:02.0347 3864 cmdide - ok
16:57:02.0378 3864 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
16:57:02.0394 3864 Compbatt - ok
16:57:02.0394 3864 COMSysApp - ok
16:57:02.0409 3864 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
16:57:02.0425 3864 crcdisk - ok
16:57:02.0441 3864 [ 0C629820AAD9C90E456B221C94D640CA ] Creative Labs Licensing Service C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
16:57:02.0456 3864 Creative Labs Licensing Service ( UnsignedFile.Multi.Generic ) - warning
16:57:02.0456 3864 Creative Labs Licensing Service - detected UnsignedFile.Multi.Generic (1)
16:57:02.0519 3864 [ 3C8B6609712F4FF78E521F6DCFC4032B ] Creative Service for CDROM Access C:\Windows\system32\CTsvcCDA.exe
16:57:02.0534 3864 Creative Service for CDROM Access ( UnsignedFile.Multi.Generic ) - warning
16:57:02.0534 3864 Creative Service for CDROM Access - detected UnsignedFile.Multi.Generic (1)
16:57:02.0565 3864 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys
16:57:02.0628 3864 Crusoe - ok
16:57:02.0721 3864 [ 3EDE4C1F9672C972479201544969ADCB ] CryptSvc C:\Windows\system32\cryptsvc.dll
16:57:02.0815 3864 CryptSvc - ok
16:57:02.0924 3864 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
16:57:02.0987 3864 DcomLaunch - ok
16:57:03.0065 3864 [ 4B797AFC90A29C59308E260DBCCD5821 ] deMntrService C:\Program Files\Dell\MFP_DELL\deMntrService.exe
16:57:03.0080 3864 deMntrService ( UnsignedFile.Multi.Generic ) - warning
16:57:03.0080 3864 deMntrService - detected UnsignedFile.Multi.Generic (1)
16:57:03.0127 3864 [ 92ADE7F1B2E1C69E85A3A9040EEC37B4 ] DESVUSB C:\Windows\system32\DRIVERS\desrvusb.sys
16:57:03.0189 3864 DESVUSB - ok
16:57:03.0283 3864 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
16:57:03.0299 3864 DfsC - ok
16:57:03.0423 3864 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
16:57:03.0564 3864 DFSR - ok
16:57:03.0704 3864 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
16:57:03.0751 3864 Dhcp - ok
16:57:03.0829 3864 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
16:57:03.0845 3864 disk - ok
16:57:04.0063 3864 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
16:57:04.0110 3864 Dnscache - ok
16:57:04.0157 3864 [ 13511564CAC5A005255765E322C16967 ] DockLoginService C:\Program Files\Dell\DellDock\DockLogin.exe
16:57:04.0172 3864 DockLoginService - ok
16:57:04.0235 3864 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
16:57:04.0281 3864 dot3svc - ok
16:57:04.0344 3864 [ 4F59C172C094E1A1D46463A8DC061CBD ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
16:57:04.0422 3864 Dot4 - ok
16:57:04.0453 3864 [ 80BF3BA09F6F2523C8F6B7CC6DBF7BD5 ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys
16:57:04.0500 3864 Dot4Print - ok
16:57:04.0531 3864 [ C55004CA6B419B6695970DFE849B122F ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
16:57:04.0578 3864 dot4usb - ok
16:57:04.0625 3864 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
16:57:04.0687 3864 DPS - ok
16:57:04.0765 3864 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
16:57:04.0812 3864 drmkaud - ok
16:57:04.0905 3864 [ 5DE0FAEC9E5D1AAE74F8568897891A01 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
16:57:04.0952 3864 DXGKrnl - ok
16:57:05.0077 3864 [ 908ED85B7806E8AF3AF5E9B74F7809D4 ] e1express C:\Windows\system32\DRIVERS\e1e6032.sys
16:57:05.0124 3864 e1express - ok
16:57:05.0171 3864 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
16:57:05.0233 3864 E1G60 - ok
16:57:05.0264 3864 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
16:57:05.0295 3864 EapHost - ok
16:57:05.0373 3864 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
16:57:05.0389 3864 Ecache - ok
16:57:05.0436 3864 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
16:57:05.0467 3864 ehRecvr - ok
16:57:05.0498 3864 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
16:57:05.0545 3864 ehSched - ok
16:57:05.0561 3864 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
16:57:05.0576 3864 ehstart - ok
16:57:05.0623 3864 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys
16:57:05.0639 3864 elxstor - ok
16:57:05.0732 3864 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
16:57:05.0810 3864 EMDMgmt - ok
16:57:05.0873 3864 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys
16:57:05.0935 3864 ErrDev - ok
16:57:06.0013 3864 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
16:57:06.0075 3864 EventSystem - ok
16:57:06.0169 3864 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
16:57:06.0185 3864 exfat - ok
16:57:06.0231 3864 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
16:57:06.0247 3864 fastfat - ok
16:57:06.0278 3864 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
16:57:06.0325 3864 fdc - ok
16:57:06.0341 3864 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
16:57:06.0372 3864 fdPHost - ok
16:57:06.0387 3864 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
16:57:06.0481 3864 FDResPub - ok
16:57:06.0512 3864 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
16:57:06.0528 3864 FileInfo - ok
16:57:06.0543 3864 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
16:57:06.0590 3864 Filetrace - ok
16:57:06.0621 3864 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
16:57:06.0653 3864 flpydisk - ok
16:57:06.0715 3864 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
16:57:06.0731 3864 FltMgr - ok
16:57:06.0871 3864 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll
16:57:06.0949 3864 FontCache - ok
16:57:07.0152 3864 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
16:57:07.0152 3864 FontCache3.0.0.0 - ok
16:57:07.0245 3864 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
16:57:07.0277 3864 Fs_Rec - ok
16:57:07.0339 3864 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
16:57:07.0355 3864 gagp30kx - ok
16:57:07.0557 3864 [ 9F5F2F0FB0A7F5AA9F16B9A7B6DAD89F ] GoogleDesktopManager-051210-111108 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
16:57:07.0573 3864 GoogleDesktopManager-051210-111108 - ok
16:57:07.0635 3864 [ D3316F6E3C011435F36E3D6E49B3196C ] GoToAssist C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
16:57:07.0651 3864 GoToAssist - ok
16:57:07.0713 3864 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
16:57:07.0760 3864 gpsvc - ok
16:57:07.0916 3864 [ CC839E8D766CC31A7710C9F38CF3E375 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
16:57:07.0932 3864 gusvc - ok
16:57:07.0994 3864 [ 506097D91E96AEE4BAD61800782E8FB6 ] hardlock C:\Windows\system32\drivers\hardlock.sys
16:57:08.0025 3864 hardlock - ok
16:57:08.0025 3864 hasplms - ok
16:57:08.0135 3864 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
16:57:08.0197 3864 HdAudAddService - ok
16:57:08.0275 3864 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
16:57:08.0322 3864 HDAudBus - ok
16:57:08.0384 3864 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
16:57:08.0431 3864 HidBth - ok
16:57:08.0447 3864 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
16:57:08.0540 3864 HidIr - ok
16:57:08.0618 3864 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\system32\hidserv.dll
16:57:08.0665 3864 hidserv - ok
16:57:08.0727 3864 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
16:57:08.0759 3864 HidUsb - ok
16:57:08.0774 3864 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
16:57:08.0805 3864 hkmsvc - ok
16:57:08.0852 3864 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
16:57:08.0868 3864 HpCISSs - ok
16:57:08.0977 3864 [ FCB563B0A23643E5F80B6FF1E60F610F ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
16:57:08.0993 3864 hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
16:57:08.0993 3864 hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
16:57:09.0024 3864 [ 25E443E27165C652723A92D9BDFD4649 ] hpqddsvc C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
16:57:09.0024 3864 hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
16:57:09.0024 3864 hpqddsvc - detected UnsignedFile.Multi.Generic (1)
16:57:09.0086 3864 [ 99F85640054BA65190B860D878A7C9AE ] HSF_DPV C:\Windows\system32\DRIVERS\HSX_DPV.sys
16:57:09.0133 3864 HSF_DPV - ok
16:57:09.0164 3864 [ CFBC2B81972E298F0E19EE68FA9E73DA ] HSXHWAZL C:\Windows\system32\DRIVERS\HSXHWAZL.sys
16:57:09.0180 3864 HSXHWAZL - ok
16:57:09.0242 3864 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys
16:57:09.0273 3864 HTTP - ok
16:57:09.0336 3864 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys
16:57:09.0351 3864 i2omp - ok
16:57:09.0398 3864 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
16:57:09.0429 3864 i8042prt - ok
16:57:09.0523 3864 [ AE38A12F79A4980DDB88F36514F8A1DA ] IAANTMON C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
16:57:09.0554 3864 IAANTMON - ok
16:57:09.0648 3864 [ 997E8F5939F2D12CD9F2E6B395724C16 ] iaStor C:\Windows\system32\drivers\iastor.sys
16:57:09.0663 3864 iaStor - ok
16:57:09.0726 3864 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
16:57:09.0741 3864 iaStorV - ok
16:57:09.0835 3864 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:57:09.0897 3864 idsvc - ok
16:57:10.0038 3864 [ C134E69CE901422D1F2D7EA8D69098FE ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
16:57:10.0116 3864 igfx - ok
16:57:10.0147 3864 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
16:57:10.0163 3864 iirsp - ok
16:57:10.0256 3864 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
16:57:10.0287 3864 IKEEXT - ok
16:57:10.0350 3864 [ 98D303CCB3415E9202E82043B37D66DC ] IntcHdmiAddService C:\Windows\system32\drivers\IntcHdmi.sys
16:57:10.0365 3864 IntcHdmiAddService - ok
16:57:10.0397 3864 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\DRIVERS\intelide.sys
16:57:10.0412 3864 intelide - ok
16:57:10.0428 3864 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
16:57:10.0459 3864 intelppm - ok
16:57:10.0490 3864 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
16:57:10.0537 3864 IPBusEnum - ok
16:57:10.0599 3864 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:57:10.0677 3864 IpFilterDriver - ok
16:57:10.0755 3864 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
16:57:10.0787 3864 iphlpsvc - ok
16:57:10.0802 3864 IpInIp - ok
16:57:10.0865 3864 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
16:57:10.0896 3864 IPMIDRV - ok
16:57:10.0927 3864 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
16:57:10.0974 3864 IPNAT - ok
16:57:11.0005 3864 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
16:57:11.0021 3864 IRENUM - ok
16:57:11.0052 3864 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys
16:57:11.0067 3864 isapnp - ok
16:57:11.0145 3864 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
16:57:11.0177 3864 iScsiPrt - ok
16:57:11.0317 3864 [ 08A811BFD207DFDEC588881C18BACBAA ] ISWKL C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
16:57:11.0333 3864 ISWKL - ok
16:57:11.0395 3864 [ 5B2CCEF06F96DFB22893AB8F0B3F891D ] IswSvc C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
16:57:11.0411 3864 IswSvc - ok
16:57:11.0473 3864 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
16:57:11.0489 3864 iteatapi - ok
16:57:11.0535 3864 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
16:57:11.0551 3864 iteraid - ok
16:57:11.0582 3864 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
16:57:11.0598 3864 kbdclass - ok
16:57:11.0660 3864 [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
16:57:11.0738 3864 kbdhid - ok
16:57:11.0801 3864 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
16:57:11.0863 3864 KeyIso - ok
16:57:11.0972 3864 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
16:57:12.0003 3864 KSecDD - ok
16:57:12.0050 3864 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
16:57:12.0191 3864 KtmRm - ok
16:57:12.0284 3864 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\system32\srvsvc.dll
16:57:12.0378 3864 LanmanServer - ok
16:57:12.0456 3864 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:57:12.0503 3864 LanmanWorkstation - ok
16:57:12.0534 3864 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
16:57:12.0565 3864 lltdio - ok
16:57:12.0627 3864 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
16:57:12.0674 3864 lltdsvc - ok
16:57:12.0690 3864 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
16:57:12.0737 3864 lmhosts - ok
16:57:12.0799 3864 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
16:57:12.0815 3864 LSI_FC - ok
16:57:12.0830 3864 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
16:57:12.0846 3864 LSI_SAS - ok
16:57:12.0908 3864 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
16:57:12.0924 3864 LSI_SCSI - ok
16:57:12.0955 3864 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
16:57:12.0986 3864 luafv - ok
16:57:13.0033 3864 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
16:57:13.0563 3864 Mcx2Svc - ok
16:57:13.0595 3864 [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys
16:57:13.0610 3864 mdmxsdk - ok
16:57:13.0657 3864 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys
16:57:13.0673 3864 megasas - ok
16:57:13.0797 3864 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys
16:57:13.0829 3864 MegaSR - ok
16:57:13.0875 3864 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
16:57:13.0907 3864 MMCSS - ok
16:57:13.0953 3864 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
16:57:14.0016 3864 Modem - ok
16:57:14.0047 3864 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
16:57:14.0078 3864 monitor - ok
16:57:14.0094 3864 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
16:57:14.0109 3864 mouclass - ok
16:57:14.0125 3864 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
16:57:14.0156 3864 mouhid - ok
16:57:14.0172 3864 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
16:57:14.0187 3864 MountMgr - ok
16:57:14.0328 3864 [ 825BF0E46B4470A463AEB641480C5FCA ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
16:57:14.0343 3864 MozillaMaintenance - ok
16:57:14.0375 3864 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys
16:57:14.0390 3864 mpio - ok
16:57:14.0406 3864 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
16:57:14.0437 3864 mpsdrv - ok
16:57:14.0515 3864 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
16:57:14.0562 3864 MpsSvc - ok
16:57:14.0593 3864 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
16:57:14.0609 3864 Mraid35x - ok
16:57:14.0624 3864 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
16:57:14.0640 3864 MRxDAV - ok
16:57:14.0733 3864 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
16:57:14.0765 3864 mrxsmb - ok
16:57:14.0858 3864 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:57:14.0874 3864 mrxsmb10 - ok
16:57:14.0889 3864 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:57:14.0905 3864 mrxsmb20 - ok
16:57:14.0952 3864 [ F70590424EEFBF5C27A40C67AFDB8383 ] msahci C:\Windows\system32\drivers\msahci.sys
16:57:14.0967 3864 msahci - ok
16:57:14.0983 3864 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys
16:57:14.0999 3864 msdsm - ok
16:57:15.0030 3864 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
16:57:15.0092 3864 MSDTC - ok
16:57:15.0108 3864 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
16:57:15.0139 3864 Msfs - ok
16:57:15.0186 3864 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
16:57:15.0201 3864 msisadrv - ok
16:57:15.0233 3864 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
16:57:15.0264 3864 MSiSCSI - ok
16:57:15.0279 3864 msiserver - ok
16:57:15.0342 3864 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
16:57:15.0373 3864 MSKSSRV - ok
16:57:15.0389 3864 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
16:57:15.0420 3864 MSPCLOCK - ok
16:57:15.0435 3864 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
16:57:15.0467 3864 MSPQM - ok
16:57:15.0498 3864 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
16:57:15.0513 3864 MsRPC - ok
16:57:15.0529 3864 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
16:57:15.0545 3864 mssmbios - ok
16:57:15.0576 3864 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
16:57:15.0623 3864 MSTEE - ok
16:57:15.0685 3864 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
16:57:15.0701 3864 Mup - ok
16:57:15.0763 3864 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
16:57:15.0825 3864 napagent - ok
16:57:15.0935 3864 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
16:57:15.0950 3864 NativeWifiP - ok
16:57:16.0028 3864 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
16:57:16.0059 3864 NDIS - ok
16:57:16.0091 3864 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
16:57:16.0122 3864 NdisTapi - ok
16:57:16.0137 3864 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
16:57:16.0169 3864 Ndisuio - ok
16:57:16.0215 3864 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
16:57:16.0231 3864 NdisWan - ok
16:57:16.0262 3864 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
16:57:16.0278 3864 NDProxy - ok
16:57:16.0340 3864 [ A081CB6FB9A12668F233EB5414BE3A0E ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
16:57:16.0356 3864 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
16:57:16.0356 3864 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
16:57:16.0371 3864 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
16:57:16.0403 3864 NetBIOS - ok
16:57:16.0465 3864 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
16:57:16.0496 3864 netbt - ok
16:57:16.0512 3864 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
16:57:16.0527 3864 Netlogon - ok
16:57:16.0559 3864 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
16:57:16.0590 3864 Netman - ok
16:57:16.0621 3864 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
16:57:16.0668 3864 netprofm - ok
16:57:16.0730 3864 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:57:16.0746 3864 NetTcpPortSharing - ok
16:57:16.0793 3864 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
16:57:16.0808 3864 nfrd960 - ok
16:57:16.0824 3864 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
16:57:16.0871 3864 NlaSvc - ok
16:57:17.0042 3864 [ F44ADDBF29905CB19F52FC9FE6A0EFA1 ] nosGetPlusHelper C:\Program Files\NOS\bin\getPlus_Helper_3004.dll
16:57:17.0042 3864 nosGetPlusHelper - ok
16:57:17.0105 3864 [ B9730495E0CF674680121E34BD95A73B ] NPF C:\Windows\system32\drivers\npf.sys
16:57:17.0120 3864 NPF - ok
16:57:17.0167 3864 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
16:57:17.0183 3864 Npfs - ok
16:57:17.0229 3864 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
16:57:17.0261 3864 nsi - ok
16:57:17.0307 3864 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
16:57:17.0323 3864 nsiproxy - ok
16:57:17.0448 3864 [ 2C1121F2B87E9A6B12485DF53CD848C7 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
16:57:17.0526 3864 Ntfs - ok
16:57:17.0573 3864 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
16:57:17.0651 3864 ntrigdigi - ok
16:57:17.0682 3864 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
16:57:17.0713 3864 Null - ok
16:57:17.0760 3864 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys
16:57:17.0775 3864 nvraid - ok
16:57:17.0807 3864 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys
16:57:17.0822 3864 nvstor - ok
16:57:17.0853 3864 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
16:57:17.0869 3864 nv_agp - ok
16:57:17.0869 3864 NwlnkFlt - ok
16:57:17.0885 3864 NwlnkFwd - ok
16:57:17.0994 3864 [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
16:57:18.0009 3864 ohci1394 - ok
16:57:18.0103 3864 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
16:57:18.0165 3864 p2pimsvc - ok
16:57:18.0243 3864 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
16:57:18.0306 3864 p2psvc - ok
16:57:18.0509 3864 [ 5C823A7C8F8948EB44BDA2C9E724476B ] PAC7302 C:\Windows\system32\DRIVERS\PAC7302.SYS
16:57:18.0555 3864 PAC7302 - ok
16:57:18.0587 3864 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
16:57:18.0633 3864 Parport - ok
16:57:18.0727 3864 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
16:57:18.0743 3864 partmgr - ok
16:57:18.0774 3864 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
16:57:18.0836 3864 Parvdm - ok
16:57:18.0867 3864 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
16:57:18.0945 3864 PcaSvc - ok
16:57:19.0117 3864 [ 92FDDBED716BF5C3CB766101563CFCE5 ] PCDSRVC{E9D79540-57D5953E-06020101}_0 c:\program files\dell support center\pcdsrvc.pkms
16:57:19.0133 3864 PCDSRVC{E9D79540-57D5953E-06020101}_0 - ok
16:57:19.0195 3864 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
16:57:19.0211 3864 pci - ok
16:57:19.0242 3864 [ 1636D43F10416AEB483BC6001097B26C ] pciide C:\Windows\system32\drivers\pciide.sys
16:57:19.0257 3864 pciide - ok
16:57:19.0289 3864 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
16:57:19.0320 3864 pcmcia - ok
16:57:19.0367 3864 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
16:57:19.0491 3864 PEAUTH - ok
16:57:19.0632 3864 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
16:57:19.0866 3864 pla - ok
16:57:19.0928 3864 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
16:57:19.0975 3864 PlugPlay - ok
16:57:19.0991 3864 [ 65BC271F337637731D3C71455AE1F476 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
16:57:20.0006 3864 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
16:57:20.0006 3864 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
16:57:20.0037 3864 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
16:57:20.0100 3864 PNRPAutoReg - ok
16:57:20.0193 3864 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
16:57:20.0256 3864 PNRPsvc - ok
16:57:20.0381 3864 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
16:57:20.0427 3864 PolicyAgent - ok
16:57:20.0459 3864 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
16:57:20.0490 3864 PptpMiniport - ok
16:57:20.0537 3864 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\drivers\processr.sys
16:57:20.0646 3864 Processor - ok
16:57:20.0724 3864 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
16:57:20.0755 3864 ProfSvc - ok
16:57:20.0755 3864 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
16:57:20.0786 3864 ProtectedStorage - ok
16:57:20.0833 3864 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
16:57:20.0864 3864 PSched - ok
16:57:20.0942 3864 [ 365622E1F0B6D5F9871D76E89BF0501A ] PSI C:\Windows\system32\DRIVERS\psi_mf.sys
16:57:20.0958 3864 PSI ( UnsignedFile.Multi.Generic ) - warning
16:57:20.0958 3864 PSI - detected UnsignedFile.Multi.Generic (1)
16:57:21.0067 3864 [ 03E0FE281823BA64B3782F5B38950E73 ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys
16:57:21.0083 3864 PxHelp20 - ok
16:57:21.0161 3864 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
16:57:21.0254 3864 ql2300 - ok
16:57:21.0317 3864 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
16:57:21.0332 3864 ql40xx - ok
16:57:21.0379 3864 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
16:57:21.0410 3864 QWAVE - ok
16:57:21.0426 3864 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
16:57:21.0441 3864 QWAVEdrv - ok
16:57:21.0551 3864 [ E642B131FB74CAF4BB8A014F31113142 ] R300 C:\Windows\system32\DRIVERS\atikmdag.sys
16:57:21.0707 3864 R300 - ok
16:57:21.0722 3864 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
16:57:21.0753 3864 RasAcd - ok
16:57:21.0769 3864 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
16:57:21.0816 3864 RasAuto - ok
16:57:21.0831 3864 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
16:57:21.0863 3864 Rasl2tp - ok
16:57:21.0925 3864 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
16:57:21.0972 3864 RasMan - ok
16:57:22.0034 3864 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
16:57:22.0050 3864 RasPppoe - ok
16:57:22.0112 3864 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
16:57:22.0128 3864 RasSstp - ok
16:57:22.0190 3864 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
16:57:22.0221 3864 rdbss - ok
16:57:22.0253 3864 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
16:57:22.0284 3864 RDPCDD - ok
16:57:22.0331 3864 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
16:57:22.0362 3864 rdpdr - ok
16:57:22.0393 3864 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
16:57:22.0424 3864 RDPENCDD - ok
16:57:22.0502 3864 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
16:57:22.0549 3864 RDPWD - ok
16:57:22.0596 3864 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
16:57:22.0627 3864 RemoteAccess - ok
16:57:22.0689 3864 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
16:57:22.0752 3864 RemoteRegistry - ok
16:57:22.0814 3864 [ 355AAC141B214BEF1DBC1483AFD9BD50 ] rimmptsk C:\Windows\system32\DRIVERS\rimmptsk.sys
16:57:22.0830 3864 rimmptsk - ok
16:57:22.0830 3864 [ A4216C71DD4F60B26418CCFD99CD0815 ] rimsptsk C:\Windows\system32\DRIVERS\rimsptsk.sys
16:57:22.0845 3864 rimsptsk - ok
16:57:22.0861 3864 [ D231B577024AA324AF13A42F3A807D10 ] rismxdp C:\Windows\system32\DRIVERS\rixdptsk.sys
16:57:22.0877 3864 rismxdp - ok
16:57:22.0955 3864 [ A780D3EAA74582EA1DEB6BD9C7A3D9C9 ] rpcapd C:\Program Files\WinPcap\rpcapd.exe
16:57:22.0970 3864 rpcapd - ok
16:57:23.0017 3864 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
16:57:23.0048 3864 RpcLocator - ok
16:57:23.0064 3864 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
16:57:23.0111 3864 RpcSs - ok
16:57:23.0142 3864 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
16:57:23.0173 3864 rspndr - ok
16:57:23.0267 3864 [ 1C5C2CB892553D2CF3F45A4BB323FCD6 ] s1018bus C:\Windows\system32\DRIVERS\s1018bus.sys
16:57:23.0282 3864 s1018bus - ok
16:57:23.0329 3864 [ 38F5EA219593F19B6B3A1B9C169E3B61 ] s1018mdfl C:\Windows\system32\DRIVERS\s1018mdfl.sys
16:57:23.0345 3864 s1018mdfl - ok
16:57:23.0391 3864 [ 666AF6B64FC7DF92D3CA4819EA91631D ] s1018mdm C:\Windows\system32\DRIVERS\s1018mdm.sys
16:57:23.0407 3864 s1018mdm - ok
16:57:23.0469 3864 [ F4CEDA6E2DDFF2AF8BD745615A7CA9C0 ] s1018mgmt C:\Windows\system32\DRIVERS\s1018mgmt.sys
16:57:23.0532 3864 s1018mgmt - ok
16:57:23.0563 3864 [ 3622D9FF2253DCBE885B10736609A4CA ] s1018nd5 C:\Windows\system32\DRIVERS\s1018nd5.sys
16:57:23.0579 3864 s1018nd5 - ok
16:57:23.0625 3864 [ 49431EFDA842B474531C29FFAE9F5D09 ] s1018obex C:\Windows\system32\DRIVERS\s1018obex.sys
16:57:23.0641 3864 s1018obex - ok
16:57:23.0657 3864 [ AC6B514CB4474F4C867D7CDC9CD54F05 ] s1018unic C:\Windows\system32\DRIVERS\s1018unic.sys
16:57:23.0672 3864 s1018unic - ok
16:57:23.0703 3864 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
16:57:23.0719 3864 SamSs - ok
16:57:23.0781 3864 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
16:57:23.0797 3864 sbp2port - ok
16:57:23.0906 3864 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
16:57:23.0922 3864 SCardSvr - ok
16:57:24.0078 3864 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
16:57:24.0234 3864 Schedule - ok
16:57:24.0296 3864 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
16:57:24.0327 3864 SCPolicySvc - ok
16:57:24.0390 3864 [ 8F36B54688C31EED4580129040C6A3D3 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
16:57:24.0405 3864 sdbus - ok
16:57:24.0437 3864 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
16:57:24.0468 3864 SDRSVC - ok
16:57:24.0499 3864 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
16:57:24.0546 3864 secdrv - ok
16:57:24.0577 3864 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
16:57:24.0624 3864 seclogon - ok
16:57:24.0639 3864 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll
16:57:24.0671 3864 SENS - ok
16:57:24.0702 3864 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys
16:57:24.0749 3864 Serenum - ok
16:57:24.0764 3864 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
16:57:24.0827 3864 Serial - ok
16:57:24.0842 3864 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
16:57:24.0873 3864 sermouse - ok
16:57:24.0920 3864 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
16:57:24.0951 3864 SessionEnv - ok
16:57:24.0967 3864 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
16:57:24.0998 3864 sffdisk - ok
16:57:25.0014 3864 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
16:57:25.0061 3864 sffp_mmc - ok
16:57:25.0154 3864 [ 9F66A46C55D6F1CCABC79BB7AFCCC545 ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
16:57:25.0185 3864 sffp_sd - ok
16:57:25.0201 3864 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
16:57:25.0263 3864 sfloppy - ok
16:57:25.0295 3864 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
16:57:25.0326 3864 SharedAccess - ok
16:57:25.0435 3864 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:57:25.0466 3864 ShellHWDetection - ok
16:57:25.0497 3864 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys
16:57:25.0513 3864 sisagp - ok
16:57:25.0591 3864 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
16:57:25.0607 3864 SiSRaid2 - ok
16:57:25.0622 3864 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
16:57:25.0638 3864 SiSRaid4 - ok
16:57:25.0778 3864 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
16:57:25.0794 3864 SkypeUpdate - ok
16:57:25.0950 3864 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
16:57:26.0184 3864 slsvc - ok
16:57:26.0246 3864 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
16:57:26.0293 3864 SLUINotify - ok
16:57:26.0355 3864 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
16:57:26.0371 3864 Smb - ok
16:57:26.0418 3864 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
16:57:26.0433 3864 SNMPTRAP - ok
16:57:26.0589 3864 [ 1A623F2B69E1F182F995F963C55DB935 ] Sony Ericsson PCCompanion C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe
16:57:26.0605 3864 Sony Ericsson PCCompanion ( UnsignedFile.Multi.Generic ) - warning
16:57:26.0605 3864 Sony Ericsson PCCompanion - detected UnsignedFile.Multi.Generic (1)
16:57:26.0652 3864 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
16:57:26.0667 3864 spldr - ok
16:57:26.0777 3864 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
16:57:26.0823 3864 Spooler - ok
16:57:26.0933 3864 [ CDDDEC541BC3C96F91ECB48759673505 ] sptd C:\Windows\System32\Drivers\sptd.sys
16:57:26.0964 3864 sptd - ok
16:57:27.0073 3864 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
16:57:27.0089 3864 srv - ok
16:57:27.0151 3864 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
16:57:27.0167 3864 srv2 - ok
16:57:27.0182 3864 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
16:57:27.0198 3864 srvnet - ok
16:57:27.0260 3864 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
16:57:27.0307 3864 SSDPSRV - ok
16:57:27.0401 3864 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys
16:57:27.0416 3864 ssmdrv - ok
16:57:27.0479 3864 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
16:57:27.0494 3864 SstpSvc - ok
16:57:27.0525 3864 [ 7E6DD4B34ACD36AF6C711D2BDE91B040 ] STacSV C:\Windows\system32\STacSV.exe
16:57:27.0557 3864 STacSV - ok
16:57:27.0635 3864 Steam Client Service - ok
16:57:27.0713 3864 [ 6A2A5E809C2C0178326D92B19EE4AAD3 ] STHDA C:\Windows\system32\drivers\stwrt.sys
16:57:27.0775 3864 STHDA - ok
16:57:27.0837 3864 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
16:57:27.0853 3864 stisvc - ok
16:57:28.0040 3864 [ 1D0063597C3666404FCF97698ABEB019 ] stllssvr C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
16:57:28.0056 3864 stllssvr - ok
16:57:28.0087 3864 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
16:57:28.0103 3864 swenum - ok
16:57:28.0181 3864 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
16:57:28.0212 3864 swprv - ok
16:57:28.0243 3864 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
16:57:28.0259 3864 Symc8xx - ok
16:57:28.0305 3864 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
16:57:28.0321 3864 Sym_hi - ok
16:57:28.0352 3864 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
16:57:28.0368 3864 Sym_u3 - ok
16:57:28.0415 3864 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
16:57:28.0477 3864 SysMain - ok
16:57:28.0539 3864 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
16:57:28.0571 3864 TabletInputService - ok
16:57:28.0649 3864 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
16:57:28.0711 3864 TapiSrv - ok
16:57:28.0758 3864 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
16:57:28.0805 3864 TBS - ok
16:57:28.0898 3864 [ 078218D74C4EFC2CE7E4C6DF22A94F2F ] Tcpip C:\Windows\system32\drivers\tcpip.sys
16:57:28.0961 3864 Tcpip - ok
16:57:29.0007 3864 [ 078218D74C4EFC2CE7E4C6DF22A94F2F ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
16:57:29.0039 3864 Tcpip6 - ok
16:57:29.0148 3864 [ 4C11A1820DDC37FA653913AD680ACCAE ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
16:57:29.0210 3864 tcpipreg - ok
16:57:29.0257 3864 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
16:57:29.0288 3864 TDPIPE - ok
16:57:29.0319 3864 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
16:57:29.0351 3864 TDTCP - ok
16:57:29.0429 3864 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
16:57:29.0444 3864 tdx - ok
16:57:29.0460 3864 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
16:57:29.0491 3864 TermDD - ok
16:57:29.0569 3864 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
16:57:29.0647 3864 TermService - ok
16:57:29.0741 3864 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
16:57:29.0756 3864 Themes - ok
16:57:29.0772 3864 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
16:57:29.0803 3864 THREADORDER - ok
16:57:29.0834 3864 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
16:57:29.0912 3864 TrkWks - ok
16:57:29.0990 3864 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:57:30.0053 3864 TrustedInstaller - ok
16:57:30.0084 3864 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
16:57:30.0131 3864 tssecsrv - ok
16:57:30.0146 3864 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
16:57:30.0162 3864 tunmp - ok
16:57:30.0240 3864 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
16:57:30.0255 3864 tunnel - ok
16:57:30.0287 3864 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys
16:57:30.0302 3864 uagp35 - ok
16:57:30.0349 3864 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
16:57:30.0380 3864 udfs - ok
16:57:30.0427 3864 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
16:57:30.0474 3864 UI0Detect - ok
16:57:30.0583 3864 [ 9D186C0DF44013C5BAD83AF6F2DEBE29 ] ui11drdr C:\Windows\system32\DRIVERS\ui11drdr.sys
16:57:30.0599 3864 ui11drdr ( UnsignedFile.Multi.Generic ) - warning
16:57:30.0599 3864 ui11drdr - detected UnsignedFile.Multi.Generic (1)
16:57:30.0645 3864 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
16:57:30.0661 3864 uliagpkx - ok
16:57:30.0677 3864 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys
16:57:30.0708 3864 uliahci - ok
16:57:30.0723 3864 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
16:57:30.0739 3864 UlSata - ok
16:57:30.0755 3864 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
16:57:30.0770 3864 ulsata2 - ok
16:57:30.0833 3864 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
16:57:30.0864 3864 umbus - ok
16:57:30.0895 3864 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
16:57:30.0957 3864 upnphost - ok
16:57:31.0020 3864 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
16:57:31.0051 3864 usbccgp - ok
16:57:31.0113 3864 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
16:57:31.0207 3864 usbcir - ok
16:57:31.0238 3864 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
16:57:31.0269 3864 usbehci - ok
16:57:31.0332 3864 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
16:57:31.0347 3864 usbhub - ok
16:57:31.0394 3864 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys
16:57:31.0441 3864 usbohci - ok
16:57:31.0535 3864 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
16:57:31.0613 3864 usbprint - ok
16:57:31.0659 3864 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
16:57:31.0691 3864 usbscan - ok
16:57:31.0753 3864 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:57:31.0784 3864 USBSTOR - ok
16:57:31.0800 3864 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
16:57:31.0831 3864 usbuhci - ok
16:57:31.0893 3864 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
16:57:31.0925 3864 UxSms - ok
16:57:31.0987 3864 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
16:57:32.0034 3864 vds - ok
16:57:32.0159 3864 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
16:57:32.0205 3864 vga - ok
16:57:32.0252 3864 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
16:57:32.0268 3864 VgaSave - ok
16:57:32.0330 3864 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys
16:57:32.0346 3864 viaagp - ok
16:57:32.0361 3864 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys
16:57:32.0393 3864 ViaC7 - ok
16:57:32.0408 3864 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys
16:57:32.0424 3864 viaide - ok
16:57:32.0471 3864 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
16:57:32.0486 3864 volmgr - ok
16:57:32.0549 3864 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
16:57:32.0580 3864 volmgrx - ok
16:57:32.0751 3864 [ 786DB5771F05EF300390399F626BF30A ] volsnap C:\Windows\system32\drivers\volsnap.sys
16:57:32.0783 3864 volsnap - ok
16:57:32.0892 3864 [ 6983D0BCAC64C2D7460C2125F804F118 ] Vsdatant C:\Windows\system32\DRIVERS\vsdatant.sys
16:57:32.0954 3864 Vsdatant - ok
16:57:32.0985 3864 vsdatant7 - ok
16:57:33.0141 3864 vsmon - ok
16:57:33.0188 3864 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
16:57:33.0204 3864 vsmraid - ok
16:57:33.0282 3864 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
16:57:33.0344 3864 VSS - ok
16:57:33.0422 3864 [ C466021D31FF6C0A6069D12299D80C0B ] VSTHWBS2 C:\Windows\system32\DRIVERS\VSTBS23.SYS
16:57:33.0469 3864 VSTHWBS2 - ok
16:57:33.0531 3864 [ EC36F1D542ED4252390D446BF6D4DFD0 ] VST_DPV C:\Windows\system32\DRIVERS\VSTDPV3.SYS
16:57:33.0609 3864 VST_DPV - ok
16:57:33.0672 3864 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
16:57:33.0719 3864 W32Time - ok
16:57:33.0750 3864 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
16:57:33.0843 3864 WacomPen - ok
16:57:33.0875 3864 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
16:57:33.0890 3864 Wanarp - ok
16:57:33.0921 3864 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
16:57:33.0937 3864 Wanarpv6 - ok
16:57:34.0015 3864 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
16:57:34.0046 3864 wcncsvc - ok
16:57:34.0140 3864 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:57:34.0187 3864 WcsPlugInService - ok
16:57:34.0218 3864 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys
16:57:34.0233 3864 Wd - ok
16:57:34.0343 3864 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
16:57:34.0389 3864 Wdf01000 - ok
16:57:34.0405 3864 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
16:57:34.0452 3864 WdiServiceHost - ok
16:57:34.0452 3864 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
16:57:34.0483 3864 WdiSystemHost - ok
16:57:34.0561 3864 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
16:57:34.0577 3864 WebClient - ok
16:57:34.0670 3864 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
16:57:34.0717 3864 Wecsvc - ok
16:57:34.0779 3864 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
16:57:34.0795 3864 wercplsupport - ok
16:57:34.0873 3864 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
16:57:34.0904 3864 WerSvc - ok
16:57:34.0935 3864 [ 72CC6A8CA7891031D6380DB5025C773C ] winachsf C:\Windows\system32\DRIVERS\HSX_CNXT.sys
16:57:34.0998 3864 winachsf - ok
16:57:35.0060 3864 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
16:57:35.0091 3864 WinDefend - ok
16:57:35.0091 3864 WinHttpAutoProxySvc - ok
16:57:35.0247 3864 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
16:57:35.0279 3864 Winmgmt - ok
16:57:35.0403 3864 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
16:57:35.0481 3864 WinRM - ok
16:57:35.0575 3864 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
16:57:35.0637 3864 Wlansvc - ok
16:57:35.0856 3864 [ 5144AE67D60EC653F97DDF3FEED29E77 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
16:57:35.0918 3864 wlidsvc - ok
16:57:35.0996 3864 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
16:57:36.0027 3864 WmiAcpi - ok
16:57:36.0090 3864 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
16:57:36.0121 3864 wmiApSrv - ok
16:57:36.0199 3864 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
16:57:36.0277 3864 WMPNetworkSvc - ok
16:57:36.0355 3864 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
16:57:36.0433 3864 WPCSvc - ok
16:57:36.0495 3864 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
16:57:36.0527 3864 WPDBusEnum - ok
16:57:36.0589 3864 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
16:57:36.0605 3864 WpdUsb - ok
16:57:36.0823 3864 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
16:57:36.0854 3864 WPFFontCache_v0400 - ok
16:57:36.0901 3864 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
16:57:36.0917 3864 ws2ifsl - ok
16:57:36.0995 3864 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\System32\wscsvc.dll
16:57:37.0026 3864 wscsvc - ok
16:57:37.0026 3864 WSearch - ok
16:57:37.0166 3864 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
16:57:37.0322 3864 wuauserv - ok
16:57:37.0494 3864 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
16:57:37.0541 3864 WudfPf - ok
16:57:37.0603 3864 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
16:57:37.0634 3864 WUDFRd - ok
16:57:37.0697 3864 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
16:57:37.0759 3864 wudfsvc - ok
16:57:37.0790 3864 [ DAB33CFA9DD24251AAA389FF36B64D4B ] XAudio C:\Windows\system32\DRIVERS\xaudio.sys
16:57:37.0806 3864 XAudio - ok
16:57:37.0853 3864 [ CD5F291A1161F15896D1A4D63DAFF5DF ] XAudioService C:\Windows\system32\DRIVERS\xaudio.exe
16:57:37.0884 3864 XAudioService - ok
16:57:38.0024 3864 [ 04E268ADFC81964C49DC0C082D520F7E ] yukonwlh C:\Windows\system32\DRIVERS\yk60x86.sys
16:57:38.0087 3864 yukonwlh - ok
16:57:38.0118 3864 ================ Scan global ===============================
16:57:38.0149 3864 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
16:57:38.0258 3864 [ A508314231C49AEE86987CEA3EAECAD1 ] C:\Windows\system32\winsrv.dll
16:57:38.0274 3864 [ A508314231C49AEE86987CEA3EAECAD1 ] C:\Windows\system32\winsrv.dll
16:57:38.0352 3864 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
16:57:38.0352 3864 [Global] - ok
16:57:38.0352 3864 ================ Scan MBR ==================================
16:57:38.0383 3864 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
16:57:38.0757 3864 \Device\Harddisk0\DR0 - ok
16:57:38.0757 3864 ================ Scan VBR ==================================
16:57:38.0804 3864 [ 91747838D539C0D206A264A018966638 ] \Device\Harddisk0\DR0\Partition1
16:57:38.0804 3864 \Device\Harddisk0\DR0\Partition1 - ok
16:57:38.0820 3864 [ 41BDF88E8612ACB9AAED0D92381DE50C ] \Device\Harddisk0\DR0\Partition2
16:57:38.0820 3864 \Device\Harddisk0\DR0\Partition2 - ok
16:57:38.0820 3864 ============================================================
16:57:38.0820 3864 Scan finished
16:57:38.0820 3864 ============================================================
16:57:38.0835 4860 Detected object count: 11
16:57:38.0835 4860 Actual detected object count: 11
16:58:42.0390 4860 CBN ( UnsignedFile.Multi.Generic ) - skipped by user
16:58:42.0390 4860 CBN ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:58:42.0390 4860 Creative Labs Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
16:58:42.0390 4860 Creative Labs Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:58:42.0390 4860 Creative Service for CDROM Access ( UnsignedFile.Multi.Generic ) - skipped by user
16:58:42.0390 4860 Creative Service for CDROM Access ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:58:42.0390 4860 deMntrService ( UnsignedFile.Multi.Generic ) - skipped by user
16:58:42.0390 4860 deMntrService ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:58:42.0390 4860 hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
16:58:42.0390 4860 hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:58:42.0390 4860 hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
16:58:42.0390 4860 hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:58:42.0405 4860 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
16:58:42.0405 4860 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:58:42.0405 4860 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
16:58:42.0405 4860 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:58:42.0405 4860 PSI ( UnsignedFile.Multi.Generic ) - skipped by user
16:58:42.0405 4860 PSI ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:58:42.0405 4860 Sony Ericsson PCCompanion ( UnsignedFile.Multi.Generic ) - skipped by user
16:58:42.0405 4860 Sony Ericsson PCCompanion ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:58:42.0405 4860 ui11drdr ( UnsignedFile.Multi.Generic ) - skipped by user
16:58:42.0405 4860 ui11drdr ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:59:23.0059 5384 Deinitialize success
|
|
16.06.2013, 18:00
| #4 |
| /// Malware-holic | JS/Blacole.GB.158 Infektion Hi, Scan mit Combofix
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
16.06.2013, 19:29
| #5 |
| | JS/Blacole.GB.158 Infektion Combofix Logfile: Code:
ATTFilter ComboFix 13-06-15.01 - Kolja 16.06.2013 19:56:05.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3061.1697 [GMT 2:00]
ausgeführt von:: c:\users\Kolja\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
FW: ZoneAlarm Free Firewall *Disabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\DFREB96.tmp
c:\program files\SecureW2
c:\program files\SecureW2\Uninstall.exe
c:\programdata\1&1
c:\programdata\1&1\1&1 Office-Drive Manager\ULMSettings.xml
c:\programdata\Microsoft\Windows\Start Menu\Programs\SecureW2
c:\programdata\Microsoft\Windows\Start Menu\Programs\SecureW2\TTLS Manager.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\SecureW2\Uninstall.lnk
c:\users\Kolja\AppData\Roaming\1&1
c:\users\Kolja\AppData\Roaming\1&1\1&1 Office-Drive Manager\ULMSettings.xml
c:\users\Kolja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SecureW2
c:\windows\IsUn0407.exe
c:\windows\system32\drivers\~GLH0014.TMP
c:\windows\system32\SET9CDD.tmp
c:\windows\system32\SETA0B7.tmp
c:\windows\system32\Temp
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-05-16 bis 2013-06-16 ))))))))))))))))))))))))))))))
.
.
2013-06-16 18:07 . 2013-06-16 18:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-06-16 18:07 . 2013-06-16 18:07 -------- d-----w- c:\users\Katja\AppData\Local\temp
2013-06-12 16:06 . 2013-06-12 16:08 -------- d-----w- c:\users\Kolja\D-Fend Reloaded
2013-06-12 16:06 . 2013-06-12 16:07 -------- d-----w- c:\program files\D-Fend Reloaded
2013-06-12 15:45 . 2013-06-15 18:58 -------- d-----w- c:\program files\Der Planer 1
2013-06-12 13:15 . 2013-04-17 12:30 24576 ----a-w- c:\windows\system32\cryptdlg.dll
2013-05-27 18:41 . 2013-05-28 18:38 -------- d-----w- c:\program files\Mozilla Thunderbird
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-11 22:51 . 2012-03-31 18:44 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-06-11 22:51 . 2011-05-13 17:57 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-04-15 14:20 . 2013-05-15 21:13 638328 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-04-13 10:56 . 2013-05-15 21:13 37376 ----a-w- c:\windows\system32\cdd.dll
2013-04-09 01:36 . 2013-05-15 21:13 2049024 ----a-w- c:\windows\system32\win32k.sys
2013-04-04 03:35 . 2013-04-22 18:40 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-03-27 15:20 . 2013-03-04 17:47 84744 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-03-27 15:20 . 2013-03-04 17:47 37352 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2013-03-27 15:20 . 2013-03-04 17:47 135136 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-09-14 19:22 . 2013-05-18 22:06 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\!{6A86DAFA-242F-4E90-A4AD-D01E6B56E6EA}]
@="{6A86DAFA-242F-4E90-A4AD-D01E6B56E6EA}"
[HKEY_CLASSES_ROOT\CLSID\{6A86DAFA-242F-4E90-A4AD-D01E6B56E6EA}]
2012-09-24 15:47 868352 ----a-w- c:\program files\1&1\1&1 Office-Drive Manager\SHNDLERS.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2008-02-29 17920]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-05-04 167936]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-03-12 79400]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-07-03 3563520]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-12-21 184320]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-11-12 405504]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-09-14 30192]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2007-12-10 323584]
"FreePDF Assistant"="c:\program files\FreePDF_XP\fpassist.exe" [2011-02-23 371200]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"ZoneAlarm"="c:\program files\CheckPoint\ZoneAlarm\zatray.exe" [2011-12-18 73360]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-06 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-06 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-06 133656]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2013-05-08 345312]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
c:\users\Katja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-7-15 1226024]
Google Desktop.lnk - c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2008-11-3 30192]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-11-3 50688]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe /firstrun [2008-7-15 1226024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-11-03 19:31 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2010-09-14 19:22 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-11-03 19:22 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"FirewallOverride"=dword:00000001
.
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-11-12 73728]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WSEARCH
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
2013-06-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 22:51]
.
2012-05-23 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2010-11-18 15:13]
.
2013-06-16 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\pcdrcui.exe [2010-11-18 15:13]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Kolja\AppData\Roaming\Mozilla\Firefox\Profiles\v8p38qw0.default\
FF - prefs.js: browser.startup.homepage - hxxp://partnerpage.google.com/dell.com/de_de?hl=de&client=dell-row&channel=de&ibd=2081104
FF - prefs.js: network.proxy.type - 0
.
.
------- Dateityp-Verknüpfung -------
.
.scr=AutoCADScriptFile
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-dellsupportcenter - c:\program files\Dell Support Center\bin\sprtcmd.exe
HKLM-Run-c:\program files\Free Video Zilla\FVZilla.exe - (no file)
HKLM-Run-ISW - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
AddRemove-DAEMON Tools Toolbar - c:\program files\DAEMON Tools Toolbar\uninst.exe
AddRemove-Der Planer 1 - c:\windows\IsUn0407.exe
AddRemove-RuckZuck 4.0 - c:\windows\IsUn0407.exe
AddRemove-SecureW2 EAP Suite - c:\program files\SecureW2\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2013-06-16 20:09
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
.
c:\users\Kolja\AppData\Local\Temp\catchme.dll 53248 bytes executable
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 1
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PCDSRVC{E9D79540-57D5953E-06020101}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc.pkms"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{14ca83e6-1d3f-4e46-aace-7c4715b990a1}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:10020054
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{6579633b-8878-4878-a556-48e5476eb2f5}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:1a028037
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{9c642153-bfe0-4511-a0b6-e778ddd5ea9e}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:07001422
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{ad66a9bc-a675-4792-bf15-ad0d3de488a0}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0c00234d
"Dhcpv6State"=dword:00000001
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{b132ec71-7a1a-4cae-97c1-5ece0779137e}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0f00219b
"Dhcpv6State"=dword:00000001
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{ba32a50a-3d27-4fae-8591-5916311409be}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0c001422
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{ec3edde2-5c5d-4a93-9cfd-2a44b16d5b54}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0f001372
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{f50c0996-5b4a-4c6a-a322-6e991d4caa0e}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:06001422
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{f70a361f-6437-4fcc-91a4-cd88d468d91b}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0e001422
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{fa7121e2-f01e-4404-89cb-8f0f813c8ce5}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:16000000
"Dhcpv6State"=dword:00000000
.
Zeit der Fertigstellung: 2013-06-16 20:12:38
ComboFix-quarantined-files.txt 2013-06-16 18:12
.
Vor Suchlauf: 36 Verzeichnis(se), 60.107.620.352 Bytes frei
Nach Suchlauf: 39 Verzeichnis(se), 62.197.030.912 Bytes frei
.
- - End Of File - - 3D7E49B45E69FA6F3208D7ADAEAAAF72
5C616939100B85E558DA92B899A0FC36 |
|
17.06.2013, 14:15
| #6 |
| /// Malware-holic | JS/Blacole.GB.158 Infektion Hi, malwarebytes: Downloade Dir bitte Malwarebytes
__________________ --> JS/Blacole.GB.158 Infektion |
|
18.06.2013, 05:40
| #7 |
| | JS/Blacole.GB.158 Infektion Malwarebytes Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.75.0.1300 Malwarebytes : Free Anti-Malware download Datenbank Version: v2013.06.17.03 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 8.0.6001.19437 Kolja :: KEN [Administrator] Schutz: Aktiviert 17.06.2013 21:42:29 mbam-log-2013-06-17 (21-42-29).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 668304 Laufzeit: 3 Stunde(n), 59 Minute(n), 15 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Users\Kolja\Documents\mmm\mIRC_kolja\mirc.exe (Trojan.Downloader) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) |
|
18.06.2013, 11:43
| #8 |
| /// Malware-holic | JS/Blacole.GB.158 Infektion Hi, lade den CCleaner standard: CCleaner - Download - Filepony falls der CCleaner bereits instaliert, überspringen. öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
18.06.2013, 14:08
| #9 |
| | JS/Blacole.GB.158 Infektion CCleaner Code:
ATTFilter 1&1 Office-Drive Manager 1&1 Internet AG 16.10.2012 9,05MB 2.0.687 notwendig 7-Zip 4.64 16.01.2009 3,13MB notwendig ActivePerl 5.12.2 Build 1202 ActiveState 13.09.2010 74,1MB 5.12.1202 unnötig Adobe Download Manager NOS Microsystems Ltd. 23.09.2010 456KB 1.6.2.91 unbekannt Adobe Flash Player 10 ActiveX Adobe Systems Incorporated 16.12.2009 10.0.42.34 unbekannt Adobe Flash Player 11 Plugin Adobe Systems Incorporated 12.06.2013 11.7.700.224 unbekannt Adobe Reader X (10.1.7) - Deutsch Adobe Systems Incorporated 15.05.2013 118MB 10.1.7 notwendig Apple Mobile Device Support Apple Inc. 28.05.2009 38,3MB 2.4.1.7 unbekannt Audacity 1.3.6 (Unicode) Audacity Team 27.01.2009 18,6MB unnötig AutoCAD 2006 - Deutsch Autodesk 19.02.2011 357MB 16.2.54.10 notwendig Autodesk DWF Viewer Autodesk, Inc. 19.02.2011 15,7MB 5.1 notwendig Avanquest update Avanquest Software 19.11.2011 2,78MB 1.29 unbekannt Avira Free Antivirus Avira 16.06.2013 62,3MB 13.0.0.3640 notwendig Blitzableiter Microsoft 28.07.2010 1.0.0.0 unnötig Browser Address Error Redirector Dell 02.11.2008 1.00.0000 unbekannt Capitalism II 20.12.2008 147MB notwendig CCleaner Piriform 24.05.2013 5,62MB 4.02 notwendig CDex - Open Source Digital Audio CD Extractor Georgy Berdyshev 21.02.2010 10,3MB 1.70.4.2009 unbekannt Cisco LEAP Module Cisco Systems, Inc. 02.11.2008 1,04MB 1.0.12 unbekannt Compatibility Pack für 2007 Office System Microsoft Corporation 08.01.2013 12.0.6612.1000 unbekannt Conexant HDA D330 MDC V.92 Modem Conexant 02.11.2008 0,97MB 7.74.00 unbekannt Counter-Strike Valve 17.07.2011 81,0MB unnötig Creative MediaSource 5 02.11.2008 26,6MB 5.00 unbekannt D-Fend Reloaded 1.3.3 (deinstallieren) Alexander Herzog 12.06.2013 34,6MB 1.3.3 notwendig DeepBurner v1.9.0.228 21.02.2010 8,46MB notwendig Dell All-In-One Center Dell 02.11.2008 002.000.00032 notwendig Dell Dock Dell 02.11.2008 1.0.0 notwendig Dell Handbuch zum Einstieg Dell Inc. 02.11.2008 1.00.0000 notwendig Dell Photo AIO 928 Dell 02.11.2008 002.000.00036 unnötig Dell Support Center Dell Inc. 11.12.2010 119MB 3.0.5744.02 notwendig Dell Touchpad Alps Electric 02.11.2008 7,68MB 7.1.103.4 notwendig Dell-eBay Dell 02.11.2008 1.00.0000 unbekannt Digital Line Detect BVRP Software, Inc 02.11.2008 272KB 1.21 unbekannt dm Fotowelt 21.04.2009 201MB unnötig EDocs 02.11.2008 820KB unbekannt ElsterFormular 2008/2009 Steuerverwaltung des Bundes und der Länder 09.05.2009 168MB 10.2.1.0 notwendig ElsterFormular Upgrade Landesfinanzdirektion Thüringen 19.05.2011 288MB 12_1_0_6164k notwendig foobar2000 v1.2.3 Peter Pawlowski 01.03.2013 8,23MB 1.2.3 notwendig Free FLV to AVI MP4 3GP WMV MP3 Converter v2.2 www.appfree.net 21.06.2009 10,8MB 2.0 unnötig Free Video Zilla FreeVideoZilla.com 02.03.2010 2,29MB unnötig FreeMind 12.06.2009 15,8MB 0.9.0_RC_4 notwendig FreePDF (Remove only) 29.08.2011 3,58MB notwendig GIMP 2.8.2 The GIMP Team 11.09.2012 227MB 2.8.2 notwendig Google Desktop Google 15.09.2010 6,64MB 5.9.1005.12335 unbekannt Google Toolbar for Internet Explorer Google Inc. 06.05.2009 11,0MB unnötig GoToAssist 8.0.0.514 02.11.2008 3,44MB unbekannt GPL Ghostscript 9.00 23.10.2010 29,0MB notwendig GrooveWalrus 0.382 Turnip-town.net 01.03.2013 44,3MB unnötig GSview 4.9 23.10.2010 3,21MB notwendig HP Imaging Device Functions 8.0 HP 01.05.2012 1,53MB 8.0 notwendig HP OCR Software 8.0 HP 01.05.2012 1,52MB 8.0 notwendig HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B HP 01.05.2012 75,8MB 8.0 notwendig HP Solution Center 8.0 HP 01.05.2012 1,52MB 8.0 notwendig HP Update Hewlett-Packard 02.05.2012 3,92MB 5.003.001.001 notwendig Hydrogen 30.01.2009 75,7MB unnötig Inkscape 0.48.2 12.09.2012 167MB 0.48.2 unnötig Intel(R) Graphics Media Accelerator Driver 24.06.2009 unbekannt Intel(R) Matrix Storage Manager 02.11.2008 3,77MB unbekannt IrfanView (remove only) Irfan Skiljan 16.11.2010 1,53MB 4.27 notwendig JAP JAP-Team 27.12.2008 5,71MB 00.010.003 unnötig Java 7 Update 21 Oracle 06.03.2013 129MB 7.0.210 notwendig JavaFX 2.1.1 Oracle Corporation 13.06.2012 20,8MB 2.1.1 unbekannt JDownloader AppWork UG (haftungsbeschränkt) 01.10.2010 52,6MB unnötig LAME v3.98.2 for Audacity 14.02.2010 1,17MB unnötig Last.fm Scrobbler 2.1.33 Last.fm 30.01.2013 18,3MB notwendig Malwarebytes Anti-Malware Version 1.75.0.1300 Malwarebytes Corporation 17.06.2013 13,3MB 1.75.0.1300 notwendig MediaDirect Dell 02.11.2008 124MB 3.5 unbekannt Microsoft .NET Framework 1.1 20.02.2011 unbekannt Microsoft .NET Framework 1.1 German Language Pack Microsoft 19.02.2011 3,01MB 1.1.4322 unbekannt Microsoft .NET Framework 3.5 Language Pack SP1 - DEU Microsoft Corporation 17.02.2009 36,9MB unbekannt Microsoft .NET Framework 3.5 SP1 Microsoft Corporation 16.02.2009 36,9MB unbekannt Microsoft .NET Framework 4 Client Profile Microsoft Corporation 17.07.2010 120MB 4.0.30319 unbekannt Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 17.07.2010 24,5MB 4.0.30319 unbekannt Microsoft Games for Windows - LIVE Redistributable Microsoft Corporation 18.07.2011 31,3MB 3.5.88.0 unbekannt Microsoft Games for Windows Marketplace Microsoft Corporation 18.07.2011 6,03MB 3.5.50.0 unbekannt Microsoft MechCommander 2 26.07.2010 405MB unnötig Microsoft Office PowerPoint Viewer 2007 (English) Microsoft Corporation 08.01.2013 12.0.6612.1000 unbekannt Microsoft Silverlight Microsoft Corporation 12.03.2013 139MB 5.1.20125.0 unbekannt Microsoft SQL Server 2008 Management Objects Microsoft Corporation 24.02.2010 11,4MB 10.0.1600.22 unbekannt Microsoft SQL Server Compact 3.5 SP1 (Deutsch) Microsoft Corporation 24.02.2010 2,86MB 3.5.5692.0 unbekannt Microsoft SQL Server Compact 3.5 SP1 Design Tools (Deutsch) Microsoft Corporation 24.02.2010 9,10MB 3.5.5692.0 unbekannt Microsoft Visual C# 2008 Express Edition mit SP1 - DEU Microsoft Corporation 15.06.2011 125MB unbekannt Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 30.07.2009 251KB 8.0.50727.4053 unbekannt Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 15.06.2011 294KB 8.0.59193 unbekannt Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Corporation 30.07.2009 199KB 9.0.30729.4148 unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Corporation 13.06.2009 1,41MB 9.0.21022 unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 Microsoft Corporation 02.03.2010 226KB 9.0.21022.218 unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Corporation 24.02.2010 585KB 9.0.30729 unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 17.03.2009 590KB 9.0.30729 unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 24.03.2010 589KB 9.0.30729.4148 unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 15.06.2011 594KB 9.0.30729.6161 unbekannt Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 13.11.2011 11,1MB 10.0.40219 unbekannt Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - deu Microsoft Corporation 24.02.2010 5,74MB 3.5.30729 unbekannt Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32 Microsoft Corporation 24.02.2010 2,60MB 6.1.5295.17011 unbekannt Microsoft Works Microsoft Corporation 09.10.2012 9.7.0621 unbekannt MiKTeX 2.8 MiKTeX.org 08.05.2010 1,72GB 2.8 notwendig Miranda IM 0.8.3 10.08.2009 2,52MB unnötig Modem Diagnostic Tool Dell 02.11.2008 1.0.24.0 unbekannt Mozilla Firefox 21.0 (x86 de) Mozilla 19.05.2013 45,3MB 21.0 notwendig Mozilla Maintenance Service Mozilla 28.05.2013 204KB 17.0.6 unbekannt Mozilla Sunbird (0.9) Mozilla 09.06.2009 17,8MB 0.9 (en-US) unnötig Mozilla Thunderbird 17.0.6 (x86 de) Mozilla 28.05.2013 42,1MB 17.0.6 notwendig MSXML 4.0 SP2 (KB954430) Microsoft Corporation 16.11.2008 1,27MB 4.20.9870.0 unbekannt MSXML 4.0 SP2 (KB973688) Microsoft Corporation 24.11.2009 1,33MB 4.20.9876.0 unbekannt musikCube 1.0 Casey Langen 25.01.2009 7,97MB 1.0 unnötig NetWaiting BVRP Software, Inc 02.11.2008 5,23MB 2.5.53 unbekannt Neverwinter Nights 02.06.2009 1,81MB unnötig Notepad++ 30.03.2012 7,07MB 5.9.6.2 notwendig Octoshape add-in for Adobe Flash Player 04.03.2009 1,18MB unbekannt OpenOffice.org 3.4 OpenOffice.org 22.08.2012 346MB 3.4.9590 notwendig OpenProj Serena Software Inc. 16.04.2010 7,15MB 1.4.0 notwendig OptiPNG-UI Vincenzo Fleri 27.07.2010 9,73MB 1.0.0.2 unnötig OutlookAddinSetup CyberLink 02.11.2008 0,98MB 1.0.0 unbekannt PC VGA Camer@ Plus Aecotech 01.04.2011 160KB 1.0.0.23 unbekannt PokerStars PokerStars 19.05.2009 41,0MB unnötig PuTTY version 0.62 Simon Tatham 04.03.2012 3,25MB 0.62 unnötig Python 2.6.1 Python Software Foundation 17.02.2009 47,0MB 2.6.1150 unnötig QuickSet Dell Inc. 02.11.2008 8.2.20 unbekannt R for Windows 2.11.1 R Development Core Team 11.09.2010 81,7MB 2.11.1 unnötig Recuva Piriform 19.10.2011 1,88MB 1.41 notwendig RedMon - Redirection Port Monitor 29.08.2011 notwendig RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01 24.06.2009 1,48MB 3.51.01 unbekannt Roxio Creator DE Roxio 02.11.2008 18,0MB 10.1 unbekannt Roxio Update Manager Roxio 14.06.2009 2,33MB 6.0.0 unbekannt ScanSoft OmniPage SE 4 Nuance Communications, Inc. 02.11.2008 15.2.0020 unbekannt Secunia PSI 14.01.2010 1,34MB unbekannt SEMA Holzbausoftware V12.1 (de) SEMA 06.01.2013 2,64GB 12.1 notwendig Sentinel Runtime SafeNet Inc. 06.01.2013 10,9MB 6.3.1.28367 unbekannt Skype™ 5.10 Skype Technologies S.A. 11.09.2012 19,4MB 5.10.116 unnötig Sony Ericsson PC Companion 2.01.231 Sony Ericsson 19.11.2011 57,9MB 2.01.231 unbekannt Sound Blaster Audigy ADVANCED MB 02.11.2008 11,5MB 1.0 unbekannt SQL Server System CLR Types Microsoft Corporation 24.02.2010 829KB 10.0.1600.22 unbekannt Steam Valve Corporation 17.07.2011 35,4MB 1.0.0.0 unnötig System Requirements Lab 01.06.2009 1,26MB unbekannt System Requirements Lab for Intel Husdawg, LLC 18.03.2013 1,02MB 4.5.13.0 unbekannt TeXnicCenter Version 1.0 Stable RC1 TeXnicCenter.org 10.05.2010 11,9MB Version 1.0 Stable RC1 notwendig TortoiseSVN 1.6.10.19898 (32 bit) TortoiseSVN 07.08.2010 18,4MB 1.6.19898 notwendig VLC media player 2.0.2 VideoLAN 05.07.2012 60,8MB 2.0.2 notwendig Windows Live ID Sign-in Assistant Microsoft Corporation 18.07.2011 4,68MB 6.500.3165.0 unbekannt WinMerge 2.12.4 Thingamahoochie Software 17.11.2010 4,39MB 2.12.4 notwendig WinPcap 4.1.1 CACE Technologies 06.05.2010 240KB 4.1.0.1753 notwendig WinSCP 4.3.7 Martin Prikryl 04.03.2012 8,73MB 4.3.7 notwendig Zip Motion Block Video codec (Remove Only) DOSBox Team 12.06.2013 100KB notwendig ZoneAlarm Free Check Point 19.05.2012 24,7MB 10.1.079.000 notwendig µTorrent 09.06.2009 268KB 1.8.2 unnötig |
|
18.06.2013, 14:33
| #10 |
| /// Malware-holic | JS/Blacole.GB.158 Infektion bdeinstaliere: ActivePerl Adobe Flash Player alle Adobe - Adobe Flash Player installieren neueste version laden, instalieren. adobe reader: Adobe - Adobe Reader herunterladen - Alle Versionen haken bei mcafee security scan raus nehmen bitte auch mal den adobe reader wie folgt konfigurieren: adobe reader öffnen, bearbeiten, voreinstellungen. allgemein: nur zertifizierte zusatz module verwenden, anhaken. Sicherheit (erweitert) Erweiterte Sicherheit anhaken und alle Dateien auswählen. internet: hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc. es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht. bei javascript den haken bei java script verwenden raus nehmen bei updater, automatisch instalieren wählen. übernehmen /ok deinstaliere: Audacity Blitzableiter Browser Address Counter dm Free FLV Free Video Zilla Google : beide GrooveWalrus JAP JavaFX JDownloader LAME Miranda Mozilla Sunbird musikCube Neverwinter OptiPNG PokerStars PuTTY Python R for Secunia Skype™ Steam ZoneAlarm : kann weg, die windows firewall ist mehr als ausreichend. µTorrent Öffne CCleaner, analysieren, starten, PC neustarten. Downloade Dir bitte  AdwCleaner auf deinen Desktop.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
18.06.2013, 20:07
| #11 |
| | JS/Blacole.GB.158 Infektion Alles deinstalliert außer GrooveWalrus 0.382: Der Prozedureinsprungpunkt "wcscat_s" wurde in der DLL "ntdll.dll" nicht gefunden. AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v2.303 - Datei am 18/06/2013 um 20:46:37 erstellt
# Aktualisiert am 08/06/2013 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzer : Kolja - KEN
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Kolja\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Program Files\Mozilla Firefox\.autoreg
Datei Gelöscht : C:\Users\Kolja\AppData\Local\Temp\Uninstall.exe
Datei Gelöscht : C:\Users\Kolja\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\Askcom.xml
Ordner Gelöscht : C:\Program Files\DAEMON Tools Toolbar
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi
Schlüssel Gelöscht : HKLM\SOFTWARE\Software
***** [Internet Browser] *****
-\\ Internet Explorer v8.0.6001.19437
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v21.0 (de)
Datei : C:\Users\Katja\AppData\Roaming\Mozilla\Firefox\Profiles\icynt87o.default\prefs.js
[OK] Die Datei ist sauber.
Datei : C:\Users\Kolja\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\prefs.js
C:\Users\Kolja\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\user.js ... Gelöscht !
Gelöscht : user_pref("forecastfox.general.bar", "temporaryinbox_toolbar");
Gelöscht : user_pref("pttl.menu-search-groups-tab", false);
Gelöscht : user_pref("pttl.menu-search-groups-win", false);
Gelöscht : user_pref("temporaryinbox.hideContextMenu2", true);
Gelöscht : user_pref("temporaryinbox.language", "de");
Gelöscht : user_pref("temporaryinbox.usessl", true);
Datei : C:\Users\Kolja\AppData\Roaming\Mozilla\Firefox\Profiles\v8p38qw0.default\prefs.js
Gelöscht : user_pref("surfcanyon.fractions", "0.0_0.0\r\n");
Gelöscht : user_pref("surfcanyon.last_checked_ts", "1267027083910");
*************************
AdwCleaner[S1].txt - [1969 octets] - [18/06/2013 20:46:37]
########## EOF - C:\AdwCleaner[S1].txt - [2029 octets] ##########
|
|
18.06.2013, 20:50
| #12 |
| /// Malware-holic | JS/Blacole.GB.158 Infektion Hiho, Revo Uninstaller - Download - Filepony deinstalation mal mit Rewo versuchen. neustarten. Hitmanpro laden. Hitman Pro - Download - Filepony doppelklicken, Scan klicken. Nichts löschen. Log speichern und posten, bzw als XML exportieren, packen und anhängen
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
19.06.2013, 05:33
| #13 |
| | JS/Blacole.GB.158 Infektion GrooveWalrus mit Revo deinstalliert. HitmanPro Code:
ATTFilter HitmanPro 3.7.6.201
www.hitmanpro.com
Computer name . . . . : KEN
Windows . . . . . . . : 6.0.2.6002.X86/2
User name . . . . . . : KEN\Kolja
UAC . . . . . . . . . : Enabled
License . . . . . . . : Free
Scan date . . . . . . : 2013-06-19 06:10:37
Scan mode . . . . . . : Normal
Scan duration . . . . : 8m 55s
Disk access mode . . : Direct disk access (SRB)
Cloud . . . . . . . . : Internet
Reboot . . . . . . . : No
Threats . . . . . . . : 0
Traces . . . . . . . : 14
Objects scanned . . . : 2.349.276
Files scanned . . . . : 50.768
Remnants scanned . . : 766.592 files / 1.531.916 keys
Suspicious files ____________________________________________________________
C:\Windows\system32\hasplms.exe
Size . . . . . . . : 4.412.872 bytes
Age . . . . . . . : 300.7 days (2012-08-22 14:01:18)
Entropy . . . . . : 7.6
SHA-256 . . . . . : 83BFF779018218B557853A7EE4F0D767B3E158C69BEB0864D8C0E1634277329E
Product . . . . . : LDK License Manager Service
Publisher . . . . : SafeNet Inc.
Description . . . : Sentinel LDK License Manager Service
Version . . . . . : 14.0.1.28295
Copyright . . . . : © 2012 SafeNet, Inc. All rights reserved.
RSA Key Size . . . : 2048
Service . . . . . : hasplms
Authenticode . . . : Valid
Fuzzy . . . . . . : 28.0
The file name extension of this program is not common.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
The Entry Point of this file lies in a resource section. This is an indication of malware infection.
Program starts automatically without user intervention.
The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
Starts automatically as a service during system bootup.
Program contains PE structure anomalies. This is not typical for most programs.
Program is code signed with a valid Authenticode certificate.
Startup
HKLM\SYSTEM\CurrentControlSet\Services\hasplms\
|
|
19.06.2013, 18:10
| #14 |
| /// Malware-holic | JS/Blacole.GB.158 Infektion passt, frisches otl log bitte
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
19.06.2013, 21:36
| #15 |
| | JS/Blacole.GB.158 Infektion OTL Logfile: Code:
ATTFilter OTL logfile created on: 19.06.2013 21:51:15 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Kolja\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19437) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 1,89 Gb Available Physical Memory | 63,22% Memory free 6,20 Gb Paging File | 5,09 Gb Available in Paging File | 82,10% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 220,28 Gb Total Space | 67,02 Gb Free Space | 30,42% Space Free | Partition Type: NTFS Drive D: | 10,00 Gb Total Space | 4,24 Gb Free Space | 42,35% Space Free | Partition Type: NTFS Computer Name: KEN | User Name: Kolja | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.06.16 12:41:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kolja\Desktop\OTL.exe PRC - [2013.05.08 06:32:04 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2013.04.04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2013.03.27 17:19:53 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2013.03.27 17:19:31 | 000,079,584 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2013.03.27 17:19:27 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2012.08.22 14:01:18 | 004,412,872 | ---- | M] (SafeNet Inc.) -- C:\Windows\System32\hasplms.exe PRC - [2011.02.23 22:19:22 | 000,371,200 | ---- | M] (shbox.de) -- C:\Program Files\FreePDF_XP\fpassist.exe PRC - [2010.07.16 17:32:34 | 000,619,800 | ---- | M] (hxxp://tortoisesvn.net) -- c:\Program Files\TortoiseSVN\bin\TSVNCache.exe PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.11.03 21:04:01 | 000,072,704 | ---- | M] (Creative Labs) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe PRC - [2008.05.04 11:25:32 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe PRC - [2008.05.04 11:25:26 | 000,167,936 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe PRC - [2008.05.04 11:25:26 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe PRC - [2008.05.04 11:25:26 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe PRC - [2008.05.02 15:09:04 | 000,161,048 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe PRC - [2007.12.21 11:58:06 | 000,184,320 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Dell\MediaDirect\PCMService.exe PRC - [2007.12.10 15:55:26 | 000,323,584 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\PixArt\PAC7302\Monitor.exe PRC - [2007.11.12 13:07:24 | 000,405,504 | ---- | M] (IDT, Inc.) -- C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe PRC - [2007.11.12 13:07:20 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe PRC - [2007.11.12 13:07:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEstSrv.exe PRC - [2007.06.28 15:05:40 | 000,131,072 | ---- | M] (Dell) -- C:\Program Files\Dell\MFP_DELL\deMntrService.exe PRC - [2007.03.21 14:00:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2007.03.21 14:00:00 | 000,174,872 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2007.03.12 19:10:36 | 000,079,400 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe ========== Modules (No Company Name) ========== MOD - [2013.02.13 17:57:03 | 007,977,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\cc149d08e75f8c53cd28ac926b38c370\System.ni.dll MOD - [2013.01.10 19:35:43 | 000,774,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\403900299d88edc5153065e5aed726e7\System.Runtime.Remoting.ni.dll MOD - [2013.01.10 07:52:22 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\2227d1559f87943255069398608d5c56\mscorlib.ni.dll MOD - [2009.03.30 06:42:12 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll MOD - [2009.03.30 06:42:11 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2008.07.03 14:28:14 | 000,055,808 | ---- | M] () -- C:\Windows\System32\bcmwlrmt.dll MOD - [2006.12.10 21:51:08 | 000,077,824 | R--- | M] () -- C:\Program Files\HP\Digital Imaging\bin\crm\xmltok.dll MOD - [2006.12.10 21:51:08 | 000,065,536 | R--- | M] () -- C:\Program Files\HP\Digital Imaging\bin\crm\xmlparse.dll ========== Services (SafeList) ========== SRV - [2013.05.19 00:06:37 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2013.03.27 17:19:53 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013.03.27 17:19:27 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.08.22 14:01:18 | 004,412,872 | ---- | M] (SafeNet Inc.) [Auto | Running] -- C:\Windows\System32\hasplms.exe -- (hasplms) SRV - [2011.06.29 16:59:18 | 000,155,344 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe -- (Sony Ericsson PCCompanion) SRV - [2011.02.20 14:48:43 | 000,077,944 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service) SRV - [2009.10.20 20:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) SRV - [2008.11.03 21:31:41 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist) SRV - [2008.11.03 21:04:01 | 000,072,704 | ---- | M] (Creative Labs) [Auto | Running] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe -- (Creative Labs Licensing Service) SRV - [2008.05.02 15:09:04 | 000,161,048 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService) SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007.11.12 13:07:20 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV) SRV - [2007.11.12 13:07:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters) SRV - [2007.06.28 15:05:40 | 000,131,072 | ---- | M] (Dell) [Auto | Running] -- C:\Program Files\Dell\MFP_DELL\deMntrService.exe -- (deMntrService) SRV - [2007.03.21 14:00:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\vsdatant.win7.sys -- (vsdatant7) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Kolja\AppData\Local\Temp\catchme.sys -- (catchme) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\BCM42RLY.sys -- (BCM42RLY) DRV - [2013.04.04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2013.03.27 17:20:00 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2013.03.27 17:20:00 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2013.03.27 17:20:00 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2013.03.04 18:11:31 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2012.09.24 17:44:06 | 000,145,408 | ---- | M] (1&1 Internet AG) [File_System | System | Running] -- C:\Windows\System32\drivers\ui11drdr.SYS -- (ui11drdr) DRV - [2012.08.07 13:50:58 | 000,365,056 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\aksfridge.sys -- (aksfridge) DRV - [2012.06.15 11:39:24 | 000,289,152 | ---- | M] (SafeNet Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\aksusb.sys -- (aksusb) DRV - [2012.04.18 22:04:40 | 000,017,408 | ---- | M] (MARX Datentechnik GmbH ) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CBN.SYS -- (CBN) DRV - [2011.08.25 13:58:48 | 000,046,720 | ---- | M] (SafeNet Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\akshhl.sys -- (akshhl) DRV - [2011.08.10 16:05:24 | 000,596,424 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hardlock.sys -- (hardlock) DRV - [2010.11.18 02:36:02 | 000,021,744 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Program Files\Dell Support Center\pcdsrvc.pkms -- (PCDSRVC{E9D79540-57D5953E-06020101}_0) DRV - [2010.07.25 19:47:52 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd) DRV - [2009.10.20 20:19:44 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (NPF) DRV - [2009.03.25 17:48:00 | 000,114,728 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mdm.sys -- (s1018mdm) DRV - [2009.03.25 17:48:00 | 000,109,864 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018unic.sys -- (s1018unic) DRV - [2009.03.25 17:48:00 | 000,106,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mgmt.sys -- (s1018mgmt) DRV - [2009.03.25 17:48:00 | 000,104,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018obex.sys -- (s1018obex) DRV - [2009.03.25 17:48:00 | 000,086,824 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018bus.sys -- (s1018bus) DRV - [2009.03.25 17:48:00 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018nd5.sys -- (s1018nd5) DRV - [2009.03.25 17:48:00 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mdfl.sys -- (s1018mdfl) DRV - [2009.03.13 12:55:26 | 000,238,208 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\akshasp.sys -- (akshasp) DRV - [2008.06.23 14:45:44 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio) DRV - [2008.05.04 11:25:24 | 000,164,400 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService) DRV - [2008.03.06 09:58:44 | 000,111,616 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) DRV - [2008.02.29 13:51:30 | 000,460,544 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PAC7302.SYS -- (PAC7302) DRV - [2008.01.21 04:23:25 | 000,251,904 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTBS23.SYS -- (VSTHWBS2) DRV - [2008.01.21 04:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) DRV - [2007.11.12 13:07:28 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA) DRV - [2007.09.06 18:35:16 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp) DRV - [2007.09.06 18:35:14 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk) DRV - [2007.09.06 18:35:12 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk) DRV - [2007.07.06 07:59:24 | 000,017,536 | ---- | M] (Olivetti-Engineering SA) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\desrvusb.sys -- (DESVUSB) DRV - [2006.11.02 09:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7DADE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\SearchScopes,DefaultScope = IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://partnerpage.google.com/dell.com/de_de?hl=de&client=dell-row&channel=de&ibd=2081104" FF - prefs.js..extensions.enabledAddons: %7B59c81df5-4b7a-477b-912d-4e0fdf64e5f2%7D:0.9.90 FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.9 FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.6.2 FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.15 FF - prefs.js..extensions.enabledAddons: %7B19503e42-ca3c-4c27-b1e2-9cdb2170ee34%7D:1.5.5.5 FF - prefs.js..extensions.enabledAddons: %7Ba7c6cf7f-112c-4500-a7ea-39801a327e5f%7D:2.0.16 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6 FF - prefs.js..extensions.enabledItems: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}:0.9.86.1 FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.9.2 FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.2 FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.1.0.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.91 FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.06.18 17:11:45 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.06.18 17:36:01 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.05.27 20:41:24 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.06.18 17:11:45 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.06.18 17:36:01 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.05.27 20:41:24 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2008.11.17 11:15:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kolja\AppData\Roaming\mozilla\Extensions [2009.09.22 20:35:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kolja\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions [2009.09.22 20:13:44 | 000,000,000 | ---D | M] (CS Lite) -- C:\Users\Kolja\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\{00084897-021a-4361-8423-083407a033e0} [2009.09.22 20:13:42 | 000,000,000 | ---D | M] (JonDoFox) -- C:\Users\Kolja\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\{437be45a-4114-11dd-b9ab-71d256d89593} [2009.09.22 20:13:45 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\Kolja\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2} [2009.09.22 20:13:44 | 000,000,000 | ---D | M] (Dr.Web anti-virus link checker) -- C:\Users\Kolja\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\{6614d11d-d21d-b211-ae23-815234e1ebb5} [2008.12.28 19:57:25 | 000,000,000 | ---D | M] (SafeCache) -- C:\Users\Kolja\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\{670a77c5-010e-4476-a8ce-d09171318839} [2009.09.22 20:22:04 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Kolja\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232} [2008.12.28 19:57:25 | 000,000,000 | ---D | M] (Temporary Inbox) -- C:\Users\Kolja\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\{ac1e10b8-206d-4746-a18e-0483852dc20b} [2009.09.22 20:13:44 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Kolja\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2008.12.28 19:57:24 | 000,000,000 | ---D | M] (Media Pirate - The video downloader) -- C:\Users\Kolja\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\{cc265d3d-3f6f-0170-a78b-bbbaef7a868c} [2009.09.22 20:13:43 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Kolja\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2008.12.28 19:57:24 | 000,000,000 | ---D | M] (Menu Editor) -- C:\Users\Kolja\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\{EDA7B1D7-F793-4e03-B074-E6F303317FB0} [2009.09.22 20:13:44 | 000,000,000 | ---D | M] (DT Whois) -- C:\Users\Kolja\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\beysim@beysim.net [2009.09.22 20:13:43 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Kolja\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\elemhidehelper@adblockplus.org [2008.12.28 19:58:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kolja\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\toolbar_extras@de.yahoo.com [2013.06.16 08:40:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kolja\AppData\Roaming\mozilla\Firefox\Profiles\v8p38qw0.default\extensions [2013.02.09 11:55:24 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\Kolja\AppData\Roaming\mozilla\Firefox\Profiles\v8p38qw0.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2} [2013.05.31 12:26:43 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Kolja\AppData\Roaming\mozilla\Firefox\Profiles\v8p38qw0.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2011.04.25 11:31:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kolja\AppData\Roaming\mozilla\Firefox\Profiles\v8p38qw0.default\extensions\nostmp [2009.10.15 10:28:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kolja\AppData\Roaming\mozilla\Sunbird\Profiles\2l39cm7p.default\extensions [2009.06.09 10:37:02 | 000,000,000 | ---D | M] (MinimizeToTray [de]) -- C:\Users\Kolja\AppData\Roaming\mozilla\Sunbird\Profiles\2l39cm7p.default\extensions\{31513E58-F253-47ad-86DB-D5F21E905429} [2009.07.09 23:00:50 | 000,000,000 | ---D | M] (Update Notifier [de]) -- C:\Users\Kolja\AppData\Roaming\mozilla\Sunbird\Profiles\2l39cm7p.default\extensions\{95f24680-9e31-11da-a746-0800200c9a66} [2009.06.17 10:21:25 | 000,000,000 | ---D | M] (Minimize To Tray Enhancer) -- C:\Users\Kolja\AppData\Roaming\mozilla\Sunbird\Profiles\2l39cm7p.default\extensions\{de1b245c-de57-11da-ba2d-0050c2490048} [2013.06.12 15:03:04 | 000,350,663 | ---- | M] () (No name found) -- C:\Users\Kolja\AppData\Roaming\mozilla\firefox\profiles\v8p38qw0.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2013.05.27 14:13:54 | 000,534,261 | ---- | M] () (No name found) -- C:\Users\Kolja\AppData\Roaming\mozilla\firefox\profiles\v8p38qw0.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013.06.16 08:40:42 | 000,868,738 | ---- | M] () (No name found) -- C:\Users\Kolja\AppData\Roaming\mozilla\firefox\profiles\v8p38qw0.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi [2013.05.09 20:46:52 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\Kolja\AppData\Roaming\mozilla\firefox\profiles\v8p38qw0.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.05.24 15:44:17 | 000,269,448 | ---- | M] () (No name found) -- C:\Users\Kolja\AppData\Roaming\mozilla\firefox\profiles\v8p38qw0.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2009.05.21 14:43:50 | 000,000,931 | ---- | M] () -- C:\Users\Kolja\AppData\Roaming\mozilla\firefox\profiles\v8p38qw0.default\searchplugins\dictionary.xml [2013.05.19 00:06:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2013.05.19 00:06:20 | 000,000,000 | ---D | M] (Yahoo! Deutschland Toolbar und Extras) -- C:\Program Files\Mozilla Firefox\extensions\toolbar_extras@de.yahoo.com [2013.05.19 00:06:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions [2013.05.19 00:06:40 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} O1 HOSTS File: ([2013.06.16 20:09:10 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found. O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [ECenter] C:\DELL\E-Center\EULALauncher.exe ( ) O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe (shbox.de) O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation) O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [PAC7302_Monitor] C:\Windows\PixArt\PAC7302\Monitor.exe (PixArt Imaging Incorporation) O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.) O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe (IDT, Inc.) O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AD66A9BC-A675-4792-BF15-AD0D3DE488A0}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B132EC71-7A1A-4CAE-97C1-5ECE0779137E}: DhcpNameServer = 192.168.2.1 O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll) - File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.) O24 - Desktop WallPaper: C:\Users\Kolja\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Kolja\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011.05.07 06:18:40 | 000,000,000 | ---D | M] - C:\AutoCAD 2006 -- [ NTFS ] O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKCU\...com [@ = ComFile] -- Reg Error: Key error. File not found O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.06.18 22:37:50 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro [2013.06.18 22:24:06 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group [2013.06.18 22:24:06 | 000,000,000 | ---D | C] -- C:\Users\Kolja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller [2013.06.18 22:23:41 | 009,171,472 | ---- | C] (SurfRight B.V.) -- C:\Users\Kolja\Desktop\HitmanPro.exe [2013.06.18 14:08:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2013.06.18 14:08:10 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2013.06.18 14:04:17 | 004,378,864 | ---- | C] (Piriform Ltd) -- C:\Users\Kolja\Desktop\ccsetup402.exe [2013.06.17 15:26:48 | 000,000,000 | ---D | C] -- C:\Users\Kolja\AppData\Roaming\Malwarebytes [2013.06.17 15:26:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.06.17 15:26:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.06.17 15:26:16 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2013.06.17 15:26:16 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2013.06.17 15:24:30 | 010,285,040 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Kolja\Desktop\mbam-setup-1.75.0.1300.exe [2013.06.16 20:12:45 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013.06.16 19:51:58 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013.06.16 19:51:58 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013.06.16 19:51:58 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013.06.16 19:51:52 | 000,000,000 | ---D | C] -- C:\ComboFix [2013.06.16 19:51:48 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.06.16 19:51:05 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.06.16 19:48:35 | 005,080,151 | R--- | C] (Swearware) -- C:\Users\Kolja\Desktop\ComboFix.exe [2013.06.16 16:51:05 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Kolja\Desktop\tdsskiller.exe [2013.06.16 13:50:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2013.06.16 12:41:48 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Kolja\Desktop\OTL.exe [2013.06.16 12:25:12 | 000,000,000 | ---D | C] -- C:\Users\Kolja\Desktop\Blacole Scan [2013.06.14 18:47:28 | 000,000,000 | ---D | C] -- C:\Users\Kolja\Desktop\Lexware Unterlagen [2013.06.12 18:07:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\D-Fend Reloaded [2013.06.12 18:06:54 | 000,000,000 | ---D | C] -- C:\Users\Kolja\D-Fend Reloaded [2013.06.12 18:06:53 | 000,000,000 | ---D | C] -- C:\Program Files\D-Fend Reloaded [2013.06.12 17:46:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Greenwood Entertainment [2013.06.12 17:45:57 | 000,000,000 | ---D | C] -- C:\Program Files\Der Planer 1 [2013.05.27 20:41:24 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird ========== Files - Modified Within 30 Days ========== [2013.06.19 21:41:29 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013.06.19 21:41:29 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013.06.19 21:41:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.06.19 21:41:19 | 3210,784,768 | -HS- | M] () -- C:\hiberfil.sys [2013.06.19 13:09:43 | 000,000,422 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job [2013.06.18 22:24:07 | 000,001,019 | ---- | M] () -- C:\Users\Kolja\Desktop\Revo Uninstaller.lnk [2013.06.18 22:24:01 | 009,171,472 | ---- | M] (SurfRight B.V.) -- C:\Users\Kolja\Desktop\HitmanPro.exe [2013.06.18 20:18:35 | 000,648,201 | ---- | M] () -- C:\Users\Kolja\Desktop\adwcleaner.exe [2013.06.18 14:04:24 | 004,378,864 | ---- | M] (Piriform Ltd) -- C:\Users\Kolja\Desktop\ccsetup402.exe [2013.06.18 03:04:25 | 000,644,298 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.06.18 03:04:25 | 000,609,156 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.06.18 03:04:25 | 000,134,004 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.06.18 03:04:25 | 000,110,290 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.06.17 15:24:54 | 010,285,040 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Kolja\Desktop\mbam-setup-1.75.0.1300.exe [2013.06.16 20:09:10 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2013.06.16 19:49:01 | 005,080,151 | R--- | M] (Swearware) -- C:\Users\Kolja\Desktop\ComboFix.exe [2013.06.16 16:51:09 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Kolja\Desktop\tdsskiller.exe [2013.06.16 13:27:50 | 000,377,856 | ---- | M] () -- C:\Users\Kolja\Desktop\gmer_2.1.19163.exe [2013.06.16 12:41:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kolja\Desktop\OTL.exe [2013.06.16 12:30:02 | 000,000,020 | ---- | M] () -- C:\Users\Kolja\defogger_reenable [2013.06.16 12:28:30 | 000,050,477 | ---- | M] () -- C:\Users\Kolja\Desktop\Defogger.exe [2013.06.14 18:40:57 | 000,131,790 | ---- | M] () -- C:\Users\Kolja\Desktop\login_seite.jpg [2013.06.12 17:48:49 | 000,000,770 | ---- | M] () -- C:\Users\Public\Desktop\Der Planer 1.lnk [2013.06.08 23:57:14 | 000,304,160 | ---- | M] () -- C:\PA7302.DAT [2013.06.01 21:07:48 | 000,006,156 | ---- | M] () -- C:\Users\Kolja\Desktop\C -Dokumente und Einstellungen-Mipo-Desktop-MIPOKOKO-Liege-1.pdf [2013.05.27 20:41:59 | 000,384,187 | ---- | M] () -- C:\Users\Kolja\Desktop\RG Gutschein gemindert0001.pdf [2013.05.20 22:37:47 | 009,274,969 | ---- | M] () -- C:\Users\Kolja\Desktop\pka.pdf ========== Files Created - No Company Name ========== [2013.06.18 22:24:07 | 000,001,019 | ---- | C] () -- C:\Users\Kolja\Desktop\Revo Uninstaller.lnk [2013.06.18 20:18:35 | 000,648,201 | ---- | C] () -- C:\Users\Kolja\Desktop\adwcleaner.exe [2013.06.16 19:51:58 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.06.16 19:51:58 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.06.16 19:51:58 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.06.16 19:51:58 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.06.16 19:51:58 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.06.16 13:27:49 | 000,377,856 | ---- | C] () -- C:\Users\Kolja\Desktop\gmer_2.1.19163.exe [2013.06.16 12:29:37 | 000,000,020 | ---- | C] () -- C:\Users\Kolja\defogger_reenable [2013.06.16 12:28:29 | 000,050,477 | ---- | C] () -- C:\Users\Kolja\Desktop\Defogger.exe [2013.06.14 18:40:57 | 000,131,790 | ---- | C] () -- C:\Users\Kolja\Desktop\login_seite.jpg [2013.06.12 17:46:05 | 000,000,770 | ---- | C] () -- C:\Users\Public\Desktop\Der Planer 1.lnk [2013.06.01 21:07:48 | 000,006,156 | ---- | C] () -- C:\Users\Kolja\Desktop\C -Dokumente und Einstellungen-Mipo-Desktop-MIPOKOKO-Liege-1.pdf [2013.05.27 20:41:59 | 000,384,187 | ---- | C] () -- C:\Users\Kolja\Desktop\RG Gutschein gemindert0001.pdf [2013.05.20 22:37:28 | 009,274,969 | ---- | C] () -- C:\Users\Kolja\Desktop\pka.pdf [2012.09.11 23:03:00 | 000,005,870 | ---- | C] () -- C:\Users\Kolja\AppData\Local\recently-used.xbel [2012.05.01 21:49:26 | 000,164,193 | ---- | C] () -- C:\Windows\hpoins19.dat [2012.05.01 21:48:51 | 000,026,952 | ---- | C] () -- C:\Windows\hpomdl19.dat [2012.04.18 22:06:06 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CBNDLL.DLL [2012.04.18 22:03:11 | 000,343,040 | ---- | C] () -- C:\Windows\System32\lffpx7.dll [2012.04.18 22:03:11 | 000,116,736 | ---- | C] () -- C:\Windows\System32\lfkodak.dll [2012.04.18 22:03:11 | 000,068,096 | ---- | C] () -- C:\Windows\System32\lfplt11n.dll [2012.04.17 21:52:31 | 000,032,256 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll [2012.03.05 12:46:48 | 000,000,600 | ---- | C] () -- C:\Users\Kolja\AppData\Roaming\winscp.rnd [2011.08.29 20:43:55 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll [2011.08.29 20:43:55 | 000,045,056 | ---- | C] () -- C:\Windows\System32\unredmon.exe [2011.02.20 14:52:54 | 000,000,093 | ---- | C] () -- C:\Users\Kolja\AppData\Local\fusioncache.dat [2011.01.18 20:10:22 | 000,000,428 | ---- | C] () -- C:\Users\Kolja\cademia.ini [2010.10.23 14:47:45 | 000,011,247 | ---- | C] () -- C:\Users\Kolja\gsview32.ini [2010.08.31 15:49:51 | 000,000,106 | ---- | C] () -- C:\Users\Kolja\.bouml [2010.08.31 15:48:19 | 000,000,150 | ---- | C] () -- C:\Users\Kolja\.boumlrc [2009.05.15 11:30:23 | 000,010,599 | ---- | C] () -- C:\Users\Kolja\_elster_2048.pfx [2008.12.30 22:21:13 | 000,000,796 | ---- | C] () -- C:\Users\Kolja\AppData\Roaming\wklnhst.dat [2008.12.28 20:05:13 | 000,403,052 | ---- | C] () -- C:\Users\Kolja\jap.conf [2008.12.21 17:04:40 | 000,006,648 | ---- | C] () -- C:\Users\Kolja\AppData\Local\d3d9caps.dat [2008.11.17 15:09:30 | 000,024,064 | ---- | C] () -- C:\Users\Kolja\AppData\Roaming\UserTile.png [2008.11.17 12:22:07 | 000,120,832 | ---- | C] () -- C:\Users\Kolja\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.05.05 22:57:44 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\Audacity [2011.07.02 18:21:07 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\Autodesk [2011.11.13 14:12:42 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\CheckPoint [2008.12.21 17:07:08 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\DAEMON Tools [2013.06.18 20:38:35 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\DAEMON Tools Lite [2008.12.21 17:07:08 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\DAEMON Tools Pro [2010.02.22 19:02:29 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\DeepBurner [2011.02.15 21:21:20 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\DVDVideoSoft [2011.05.19 17:55:24 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\elsterformular [2009.10.05 15:42:27 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\FLV Extract [2013.06.14 18:46:01 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\foobar2000 [2011.08.29 20:43:52 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\FreePDF [2013.06.18 17:10:12 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\FVZilla [2013.06.18 19:58:19 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\GrooveWalrus [2012.09.03 20:54:52 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\gtk-2.0 [2013.06.18 20:38:27 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\inkscape [2009.06.22 18:53:37 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\IrfanView [2009.09.22 19:55:53 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\JonDo [2009.03.16 16:14:23 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\KhomsanPh [2009.08.10 17:29:39 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\Miranda [2012.03.30 22:44:14 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\Notepad++ [2008.11.17 11:31:08 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\OpenOffice.org [2010.12.12 15:23:46 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\PCDr [2008.11.17 15:09:29 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\PeerNetworking [2009.03.28 10:05:44 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\rockbox.org [2011.11.20 20:16:27 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\Sony [2011.11.20 20:23:41 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\Sony Setup [2010.05.12 16:25:30 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\Subversion [2008.12.30 22:21:14 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\Template [2010.08.18 10:12:07 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\TheLastRipper [2012.03.08 18:53:57 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\Thunderbird [2010.04.30 15:11:41 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\Transcend [2010.10.14 10:52:41 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\UDP Software [2012.10.28 22:02:44 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\UFOAI [2009.08.01 18:39:06 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\Uniblue ========== Purity Check ========== < End of report > |
|
WARNUNG an die MITLESER: 
Linear-Darstellung
