Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Ca. 50GB unerwarteter Traffic / Monat

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Alt 06.03.2013, 16:37   #1
STEPHANKO
 
Ca. 50GB unerwarteter Traffic / Monat - Standard

Ca. 50GB unerwarteter Traffic / Monat



Ein Rechner von mir produziert 50GB Traffic / Monat und ich kann nicht rausfinden, was es ist.

Code:
ATTFilter
OTL logfile created on: 06.03.2013 16:26:28 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Catcher\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
11,99 Gb Total Physical Memory | 10,49 Gb Available Physical Memory | 87,44% Memory free
23,98 Gb Paging File | 22,48 Gb Available in Paging File | 93,73% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 65,08 Gb Total Space | 8,76 Gb Free Space | 13,47% Space Free | Partition Type: NTFS
 
Computer Name: RS-8558B2 | User Name: Catcher | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.03.06 16:25:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Catcher\Desktop\OTL.exe
PRC - [2013.03.06 16:23:13 | 002,383,360 | ---- | M] () -- C:\Domain\server\Server.exe
PRC - [2013.02.22 13:32:59 | 007,862,624 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
PRC - [2013.02.22 13:32:59 | 002,849,120 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2013.02.22 13:24:58 | 000,106,848 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe
PRC - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.04.26 21:44:58 | 001,168,400 | ---- | M] (GlavSoft LLC.) -- C:\Program Files (x86)\TightVNC\tvnserver.exe
PRC - [2012.01.18 14:02:04 | 000,508,136 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
PRC - [2010.03.27 11:18:20 | 000,565,248 | ---- | M] () -- C:\Program Files (x86)\FreeProxy\FreeProxy.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.03.06 16:23:13 | 002,383,360 | ---- | M] () -- C:\Domain\server\Server.exe
MOD - [2010.05.28 22:14:08 | 001,578,787 | ---- | M] () -- C:\Domain\server\libeay32.dll
MOD - [2010.05.28 22:13:24 | 000,632,226 | ---- | M] () -- C:\Domain\server\libssl32.dll
MOD - [2010.05.28 22:09:48 | 000,734,208 | ---- | M] () -- C:\Domain\server\XB2NET.DLL
MOD - [2003.03.27 09:00:00 | 000,198,144 | ---- | M] () -- C:\Alaska\XPPW32\LIB\SOM.DLL
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009.05.12 00:09:44 | 001,780,224 | ---- | M] () [Auto | Running] -- C:\Program Files\AMCC\3DM2/3dm2.exe -- (3DM2)
SRV:64bit: - [2008.07.29 14:20:28 | 004,737,024 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe -- (msvsmon90)
SRV - [2013.03.06 15:25:08 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.02.22 13:32:59 | 002,849,120 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.04.26 21:44:58 | 001,168,400 | ---- | M] (GlavSoft LLC.) [Auto | Running] -- C:\Program Files (x86)\TightVNC\tvnserver.exe -- (tvnserver)
SRV - [2012.03.26 09:48:28 | 008,278,336 | ---- | M] (Cerberus, LLC) [Auto | Running] -- C:\Programme\Cerberus LLC\Cerberus FTP Server\CerberusGUI.exe -- (Cerberus FTP Server)
SRV - [2010.03.27 11:18:20 | 000,565,248 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\FreeProxy\FreeProxy.exe -- (FreeProxy)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.09.07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 15:34:04 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2010.11.20 15:34:04 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:35:34 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2010.11.20 13:35:22 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.05.20 15:13:28 | 000,034,840 | ---- | M] (Colasoft Co., Ltd.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\CSN5PDTS82x64.sys -- (CSN5PDTS82x64)
DRV:64bit: - [2010.05.17 13:03:16 | 000,025,640 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\superbmc.sys -- (superbmc)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:35:02 | 000,244,736 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1q60x64.sys -- (e1qexpress)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.03.25 06:11:34 | 000,102,400 | ---- | M] (AMCC) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\3wareDrv.sys -- (3wareDrv)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 84 F5 5D AA 88 65 CA 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {55D91C40-545E-49A7-82C8-74A3209D28DE}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{55D91C40-545E-49A7-82C8-74A3209D28DE}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
 
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4:64bit: - HKLM..\Run: [WinAVAlarm] C:\Programme\AMCC\3DM2\WinAVAlarm.exe (AMCC)
O4 - HKLM..\Run: [tvncontrol] C:\Program Files (x86)\TightVNC\tvnserver.exe (GlavSoft LLC.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1E823730-4FF7-4130-9608-8F493B5FCB9C}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A3A7BA25-82EC-4B77-990F-7B2AFCD0AD0F}: NameServer = 80.84.224.26,91.185.130.147,212.204.198.70,80.84.224.249
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{22dace7f-d2de-11de-8d22-003048b990f7}\Shell - "" = AutoRun
O33 - MountPoints2\{22dace7f-d2de-11de-8d22-003048b990f7}\Shell\AutoRun\command - "" = E:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.03.06 16:25:37 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Catcher\Desktop\OTL.exe
 
========== Files - Modified Within 30 Days ==========
 
[2013.03.06 16:25:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Catcher\Desktop\OTL.exe
[2013.03.06 16:25:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.03.06 16:24:45 | 000,000,000 | ---- | M] () -- C:\Users\Catcher\defogger_reenable
[2013.03.06 14:56:03 | 000,015,040 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.06 14:56:03 | 000,015,040 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.06 14:55:22 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.03.06 14:55:22 | 000,655,802 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.03.06 14:55:22 | 000,616,348 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.03.06 14:55:22 | 000,130,434 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.03.06 14:55:22 | 000,106,728 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.03.06 14:53:31 | 000,001,090 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 7.lnk
[2013.03.06 14:47:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.03.06 14:47:39 | 1066,762,238 | -HS- | M] () -- C:\hiberfil.sys
 
========== Files Created - No Company Name ==========
 
[2013.03.06 16:24:45 | 000,000,000 | ---- | C] () -- C:\Users\Catcher\defogger_reenable
[2011.10.28 13:26:36 | 000,136,192 | ---- | C] () -- C:\Windows\see32.dll
[2009.11.15 17:53:15 | 000,007,648 | ---- | C] () -- C:\Users\Catcher\AppData\Local\Resmon.ResmonCfg
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.03.27 13:01:09 | 000,000,000 | ---D | M] -- C:\Users\Catcher\AppData\Roaming\Cerberus LLC
[2012.04.11 03:56:59 | 000,000,000 | ---D | M] -- C:\Users\Catcher\AppData\Roaming\Colasoft Capsa 7 - Professional Edition
[2012.04.11 03:56:59 | 000,000,000 | ---D | M] -- C:\Users\Catcher\AppData\Roaming\Colasoft MAC Scanner
[2009.11.15 12:49:12 | 000,000,000 | ---D | M] -- C:\Users\Catcher\AppData\Roaming\GHISLER
[2012.04.20 13:16:15 | 000,000,000 | ---D | M] -- C:\Users\Catcher\AppData\Roaming\IrfanView
[2012.06.08 23:25:59 | 000,000,000 | ---D | M] -- C:\Users\Catcher\AppData\Roaming\TightVNC
 
========== Purity Check ==========
 
 

< End of report >
         
Code:
ATTFilter
OTL Extras logfile created on: 06.03.2013 16:26:28 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Catcher\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
11,99 Gb Total Physical Memory | 10,49 Gb Available Physical Memory | 87,44% Memory free
23,98 Gb Paging File | 22,48 Gb Available in Paging File | 93,73% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 65,08 Gb Total Space | 8,76 Gb Free Space | 13,47% Space Free | Partition Type: NTFS
 
Computer Name: RS-8558B2 | User Name: Catcher | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{043CB6FC-EB6C-40E3-89FE-289EAFCB4678}" = lport=5900 | protocol=6 | dir=in | name=vnc5900 | 
"{05619DC7-F7C7-4EDF-ABF2-D0C96F29B8FF}" = lport=137 | protocol=17 | dir=in | app=system | 
"{13774E89-7FF1-49ED-8466-B836C13C2647}" = lport=5800 | protocol=6 | dir=in | name=vnc5800 | 
"{1F586EC5-4A48-4E97-8825-E4B41F099EF6}" = lport=139 | protocol=6 | dir=in | app=system | 
"{2A9AA32D-DCAA-46D7-9429-814F4A7250A5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{2B1D2A3D-47D9-416C-A00E-A89B2CD2ABEE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{3912B483-D0F2-4A0A-B0E6-431667FBEA81}" = rport=445 | protocol=6 | dir=out | app=system | 
"{3E787ED9-B96F-40B5-A2E8-9730B67F7333}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{448411A8-436B-476D-A306-4DF19C375E34}" = rport=138 | protocol=17 | dir=out | app=system | 
"{65EF9971-F2E7-4BEF-8316-6C92DCD5DE60}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{6FEEA6EC-ECBC-45E2-830A-1528024B4F02}" = rport=139 | protocol=6 | dir=out | app=system | 
"{70350BB9-1DED-4A42-B8F2-0876A7BF6C2C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{71BFA7D0-2E02-4E68-B797-E44C46B831E8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{7FF6F93E-2CAE-4A9B-812B-7FA901315E74}" = lport=138 | protocol=17 | dir=in | app=system | 
"{815759DC-FE51-46ED-B82D-D54002D504F2}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{93911055-81EE-4AA3-89BC-410BCC76D706}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{98C76F1E-47B0-4515-BEC6-CBAB3527DDE5}" = rport=137 | protocol=17 | dir=out | app=system | 
"{B594CAB8-E6E9-4F8E-9462-1F6CDDB23E11}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{C02BA3CE-6525-4B30-9EF3-C39EA960D14C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{C5162402-4DF1-4918-A4A5-49147665E5AE}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{C537AB34-0432-418F-ACAB-B770E5177F72}" = lport=445 | protocol=6 | dir=in | app=system | 
"{C5D0772C-8711-4B73-A7EF-23E0EB585F7F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{C9A9757D-EA86-410C-8AC6-1DA0BBA0F719}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{EBA99C50-96AC-40D7-831A-D368AEE22CE7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C338D41-094F-483F-9D1D-4FC930978313}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{0D8E1B43-4B69-4863-8733-0E8E32CB6585}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | 
"{14346E2A-16F5-420C-8CE6-A3D888C804D5}" = dir=in | app=c:\program files\cerberus llc\cerberus ftp server\cerberusgui.exe | 
"{224C0887-52EF-41F0-A6FA-D00F3D233674}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{256CBF2C-BD90-4891-9A11-8FFC3B0E2695}" = dir=in | app=c:\program files (x86)\tightvnc\tvnserver.exe | 
"{2A1610B2-D5FB-4B0E-A263-8269BD73B91B}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | 
"{3DACA162-B9DB-4436-9490-30CA1D45C46B}" = protocol=6 | dir=in | app=c:\program files\cerberus ftp server\cerberusgui.exe | 
"{5461CD9C-147A-467D-9870-BDCB1178135F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{6ACBC888-9C98-49FC-A9F6-15F97A395A9A}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | 
"{6E1D5B9C-1F0B-4180-9267-67071EC2284F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{7F1E2608-2B4D-4BAB-A6BF-D696332CC3A8}" = protocol=17 | dir=in | app=c:\program files\cerberus ftp server\cerberusgui.exe | 
"{93C71ED4-020E-44CB-8708-1A66F90B521C}" = protocol=6 | dir=in | app=c:\program files\cerberus llc\cerberus ftp server\cerberusgui.exe | 
"{A88EF8E7-7E92-4CB7-9F84-DCE59BE387C2}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{C9AF3CB3-A089-4663-B766-7BF93F044815}" = protocol=17 | dir=in | app=c:\program files\cerberus llc\cerberus ftp server\cerberusgui.exe | 
"{D334CB96-5452-48B9-9E47-7646BEA5DF62}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | 
"TCP Query User{05CF8263-D43D-4162-BB8A-4073BDB6E549}C:\domain\server\server.exe" = protocol=6 | dir=in | app=c:\domain\server\server.exe | 
"TCP Query User{0AD85624-335E-4782-8DC1-A6EC10993D51}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
"TCP Query User{0BDB4B24-2980-4CD5-B364-67E95DFEAAEC}C:\program files\totalcmd\totalcmd.exe" = protocol=6 | dir=in | app=c:\program files\totalcmd\totalcmd.exe | 
"TCP Query User{66E4A4CF-DE9E-437F-8E2D-F3FC5171054D}C:\program files (x86)\tightvnc\winvnc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tightvnc\winvnc.exe | 
"TCP Query User{6E9894F6-D027-46BD-ACA4-70576179864D}C:\program files (x86)\freeproxy\freeproxy.exe" = protocol=6 | dir=in | app=c:\program files (x86)\freeproxy\freeproxy.exe | 
"TCP Query User{D8E2F8EF-AF05-427F-94B8-66325E866A2E}C:\program files\totalcmd\totalcmd.exe" = protocol=6 | dir=in | app=c:\program files\totalcmd\totalcmd.exe | 
"TCP Query User{FA54D479-EC5F-49BF-BA83-17705A58CD1D}C:\program files\ultravnc\winvnc.exe" = protocol=6 | dir=in | app=c:\program files\ultravnc\winvnc.exe | 
"UDP Query User{2A960065-178B-4956-A144-A133A53E38EC}C:\program files\ultravnc\winvnc.exe" = protocol=17 | dir=in | app=c:\program files\ultravnc\winvnc.exe | 
"UDP Query User{2E29E83A-B136-4B2E-9798-ACF8B5966260}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
"UDP Query User{45315411-5227-48D6-AE24-05E3DB903EC2}C:\program files\totalcmd\totalcmd.exe" = protocol=17 | dir=in | app=c:\program files\totalcmd\totalcmd.exe | 
"UDP Query User{631AC425-BD33-43D9-B40F-898367B00A89}C:\domain\server\server.exe" = protocol=17 | dir=in | app=c:\domain\server\server.exe | 
"UDP Query User{A95E4251-01D7-4C55-9070-915BD8A87E47}C:\program files\totalcmd\totalcmd.exe" = protocol=17 | dir=in | app=c:\program files\totalcmd\totalcmd.exe | 
"UDP Query User{DADECBEC-25FF-428A-8183-8ED14433BEEF}C:\program files (x86)\tightvnc\winvnc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tightvnc\winvnc.exe | 
"UDP Query User{E81BD2A9-C217-4BC9-AF84-F7E296CCF7A9}C:\program files (x86)\freeproxy\freeproxy.exe" = protocol=17 | dir=in | app=c:\program files (x86)\freeproxy\freeproxy.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode
"{5DE154DF-A55E-4FA5-BE59-32E78FCACF3E}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{74D1CD47-8943-4685-B53F-C7DF6599296B}" = Supermicro IPMI Configuration Utility
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{BFC1179C-74D1-4AF3-85CE-AF9060C49273}" = Cerberus FTP Server
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{DE2C9D5F-C55C-30E8-9322-2B8E8B5DF87C}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - deu
"{E6420CCB-92BE-3ACB-BDC3-69FBDD319C94}" = Microsoft Visual Studio 2008 Remote Debugger Light (x64) - DEU
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F5C819A5-E068-4f7d-B91A-1BD18702AFFB}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
"8c793da9f0aa7e94d3b4faba721006ff-1001563592" = 3ware Disk Management Tools
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Visual Studio 2008 Remote Debugger Light (x64) - DEU" = Microsoft Visual Studio 2008 Remote Debugger Light (x64) - DEU
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 35
"{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8A396897-3AC8-46BD-ABB8-95BE31419FDE}" = TightVNC
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.2 - Deutsch
"{B829E117-D072-41EA-9606-9826A38D34C1}" = Sophos Virus Removal Tool
"{D5A7D7AB-3093-3619-9261-74DB250ECF7B}" = Microsoft Visual C++ 2008 Express Edition with SP1 - DEU
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects
"7b22a4882850672b90d3153f64d71c3e" = IPMIView
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Colasoft Capsa 7 Professional_is1" = Colasoft Capsa 7 Professional
"FreeProxy/FreeWeb_is1" = FreeProxy version 4.10
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400
"Microsoft Visual C++ 2008 Express Edition with SP1 - DEU" = Microsoft Visual C++ 2008 Express Edition mit SP1 - DEU
"TeamViewer 7" = TeamViewer 7
"Tftpd64" = Tftpd64 Standalone Edition (remove only)
"Totalcmd" = Total Commander (Remove or Repair)
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 10.12.2012 16:39:33 | Computer Name = RS-8558B2 | Source = Winlogon | ID = 4005
Description = Der Windows-Anmeldeprozess wurde unerwartet beendet.
 
Error - 10.12.2012 17:00:47 | Computer Name = RS-8558B2 | Source = Winlogon | ID = 4005
Description = Der Windows-Anmeldeprozess wurde unerwartet beendet.
 
Error - 10.12.2012 17:08:01 | Computer Name = RS-8558B2 | Source = Winlogon | ID = 4005
Description = Der Windows-Anmeldeprozess wurde unerwartet beendet.
 
Error - 10.12.2012 17:15:34 | Computer Name = RS-8558B2 | Source = Winlogon | ID = 4005
Description = Der Windows-Anmeldeprozess wurde unerwartet beendet.
 
Error - 10.12.2012 17:27:07 | Computer Name = RS-8558B2 | Source = Winlogon | ID = 4005
Description = Der Windows-Anmeldeprozess wurde unerwartet beendet.
 
Error - 12.12.2012 10:14:33 | Computer Name = RS-8558B2 | Source = Winlogon | ID = 4005
Description = Der Windows-Anmeldeprozess wurde unerwartet beendet.
 
Error - 12.12.2012 17:32:41 | Computer Name = RS-8558B2 | Source = Winlogon | ID = 4005
Description = Der Windows-Anmeldeprozess wurde unerwartet beendet.
 
Error - 12.12.2012 19:36:20 | Computer Name = RS-8558B2 | Source = Winlogon | ID = 4005
Description = Der Windows-Anmeldeprozess wurde unerwartet beendet.
 
Error - 12.12.2012 19:37:45 | Computer Name = RS-8558B2 | Source = Winlogon | ID = 4005
Description = Der Windows-Anmeldeprozess wurde unerwartet beendet.
 
Error - 12.12.2012 22:45:22 | Computer Name = RS-8558B2 | Source = Winlogon | ID = 4005
Description = Der Windows-Anmeldeprozess wurde unerwartet beendet.
 
[ System Events ]
Error - 06.03.2013 09:23:56 | Computer Name = RS-8558B2 | Source = TermDD | ID = 655416
Description = 
 
Error - 06.03.2013 10:00:36 | Computer Name = RS-8558B2 | Source = UmrdpService | ID = 1111
Description = Der für den Drucker Brother MFC-7360N Printer (Hamburg) erforderliche
 Treiber Brother MFC-7360N Printer ist unbekannt. Wenden Sie sich an den Administrator,
 um den Treiber zu installieren, bevor Sie sich erneut anmelden.
 
Error - 06.03.2013 10:00:37 | Computer Name = RS-8558B2 | Source = UmrdpService | ID = 1111
Description = Der für den Drucker Brother MFC-7440N (Home) erforderliche Treiber
 Brother MFC-7440N Printer ist unbekannt. Wenden Sie sich an den Administrator, 
um den Treiber zu installieren, bevor Sie sich erneut anmelden.
 
Error - 06.03.2013 10:00:37 | Computer Name = RS-8558B2 | Source = UmrdpService | ID = 1111
Description = Der für den Drucker Brother MFC-7440N (Toner) erforderliche Treiber
 Brother MFC-7440N Printer ist unbekannt. Wenden Sie sich an den Administrator, 
um den Treiber zu installieren, bevor Sie sich erneut anmelden.
 
Error - 06.03.2013 10:00:37 | Computer Name = RS-8558B2 | Source = UmrdpService | ID = 1111
Description = Der für den Drucker Brother PC-FAX v.2.1 erforderliche Treiber Brother
 PC-FAX v.2.1 ist unbekannt. Wenden Sie sich an den Administrator, um den Treiber
 zu installieren, bevor Sie sich erneut anmelden.
 
Error - 06.03.2013 10:00:38 | Computer Name = RS-8558B2 | Source = UmrdpService | ID = 1111
Description = Der für den Drucker Brother PC-FAX v.2.1 #2 erforderliche Treiber 
Brother PC-FAX v.2.1 ist unbekannt. Wenden Sie sich an den Administrator, um den
 Treiber zu installieren, bevor Sie sich erneut anmelden.
 
Error - 06.03.2013 10:00:38 | Computer Name = RS-8558B2 | Source = UmrdpService | ID = 1111
Description = Der für den Drucker Dell Color Laser 3010cn (LP) erforderliche Treiber
 Dell Color Laser 3010cn ist unbekannt. Wenden Sie sich an den Administrator, um
 den Treiber zu installieren, bevor Sie sich erneut anmelden.
 
Error - 06.03.2013 10:00:39 | Computer Name = RS-8558B2 | Source = UmrdpService | ID = 1111
Description = Der für den Drucker eDocPrintPro erforderliche Treiber eDocPrintPro
 ist unbekannt. Wenden Sie sich an den Administrator, um den Treiber zu installieren,
 bevor Sie sich erneut anmelden.
 
Error - 06.03.2013 10:00:40 | Computer Name = RS-8558B2 | Source = UmrdpService | ID = 1111
Description = Der für den Drucker HP LaserJet 4050 (Toner) erforderliche Treiber
 HP LaserJet 4050 Series PCL 5 ist unbekannt. Wenden Sie sich an den Administrator,
 um den Treiber zu installieren, bevor Sie sich erneut anmelden.
 
Error - 06.03.2013 10:00:43 | Computer Name = RS-8558B2 | Source = UmrdpService | ID = 1111
Description = Der für den Drucker PaperPort Image Printer erforderliche Treiber 
Nuance Image Printer Driver ist unbekannt. Wenden Sie sich an den Administrator,
 um den Treiber zu installieren, bevor Sie sich erneut anmelden.
 
 
< End of report >
         
Code:
ATTFilter
GMER 2.1.19155 - hxxp://www.gmer.net
Rootkit scan 2013-03-06 17:35:52
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Scsi\3wareDrv1Port4Path0Target0Lun0 AMCC____ rev.4.08 65,18GB
Running: gmer_2.1.19155.exe; Driver: C:\Users\Catcher\AppData\Local\Temp\pfliipow.sys


---- User code sections - GMER 2.1 ----

.text   C:\Program Files (x86)\TightVNC\tvnserver.exe[1936] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                            0000000074a11465 2 bytes [A1, 74]
.text   C:\Program Files (x86)\TightVNC\tvnserver.exe[1936] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                           0000000074a114bb 2 bytes [A1, 74]
.text   ...                                                                                                                                                                                                    * 2
.text   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2572] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                           0000000074a11465 2 bytes [A1, 74]
.text   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2572] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                          0000000074a114bb 2 bytes [A1, 74]
.text   ...                                                                                                                                                                                                    * 2
.text   C:\Program Files (x86)\TightVNC\tvnserver.exe[2584] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                            0000000074a11465 2 bytes [A1, 74]
.text   C:\Program Files (x86)\TightVNC\tvnserver.exe[2584] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                           0000000074a114bb 2 bytes [A1, 74]
.text   ...                                                                                                                                                                                                    * 2
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[6028] C:\Windows\syswow64\USER32.dll!EnableWindow                                                                                                0000000076042da4 5 bytes JMP 000000016ebb9ebc
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[6028] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamW                                                                                     000000007605cbf3 5 bytes JMP 000000016ed0902e
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[6028] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                                                                             000000007605cfca 5 bytes JMP 000000016eb11893
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[6028] C:\Windows\syswow64\USER32.dll!DialogBoxParamA                                                                                             000000007607cb0c 5 bytes JMP 000000016ed08fc9
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[6028] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamA                                                                                     000000007607ce64 5 bytes JMP 000000016ed09093
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[6028] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectA                                                                                         000000007608fbd1 5 bytes JMP 000000016ed08f50
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[6028] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectW                                                                                         000000007608fc9d 5 bytes JMP 000000016ed08ed7
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[6028] C:\Windows\syswow64\USER32.dll!MessageBoxExA                                                                                               000000007608fcd6 5 bytes JMP 000000016ed08e73
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[6028] C:\Windows\syswow64\USER32.dll!MessageBoxExW                                                                                               000000007608fcfa 5 bytes JMP 000000016ed08e0f
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[6028] C:\Windows\syswow64\OLEAUT32.dll!OleCreatePropertyFrameIndirect                                                                            00000000748393ec 5 bytes JMP 000000016ed09248
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[6028] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                    0000000074a11465 2 bytes [A1, 74]
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[6028] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                   0000000074a114bb 2 bytes [A1, 74]
.text   ...                                                                                                                                                                                                    * 2
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[6028] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll!PropertySheetW  000000007298388e 5 bytes JMP 000000016ed090f8
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[6028] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll!PropertySheet   0000000072a27922 5 bytes JMP 000000016ed091a0
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[6028] C:\Windows\syswow64\comdlg32.dll!PageSetupDlgW                                                                                             00000000749a2694 5 bytes JMP 000000016ed09440
?       C:\Windows\system32\mssprxy.dll [6028] entry point in ".rdata" section                                                                                                                                 00000000737471e6
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[5156] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W                                                                                         00000000770625fd 6 bytes JMP 000000016ebd8042
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[5156] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A                                                                                         0000000077072a63 6 bytes JMP 000000016eb7980d
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[5156] C:\Windows\syswow64\kernel32.dll!CreateThread                                                                                              0000000074f934a5 5 bytes JMP 000000016eb775e3
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[5156] C:\Windows\syswow64\USER32.dll!CreateWindowExW                                                                                             0000000076038a29 5 bytes JMP 000000016ebe03cf
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[5156] C:\Windows\syswow64\USER32.dll!CreateWindowExA                                                                                             000000007603d22e 5 bytes JMP 000000016eb83643
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[5156] C:\Windows\syswow64\USER32.dll!EnableWindow                                                                                                0000000076042da4 5 bytes JMP 000000016ebb9ebc
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[5156] C:\Windows\syswow64\USER32.dll!CallNextHookEx                                                                                              0000000076046285 5 bytes JMP 000000016ebd7fdf
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[5156] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW                                                                                           0000000076047603 5 bytes JMP 000000016ebb25b4
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[5156] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamW                                                                                     000000007605cbf3 5 bytes JMP 000000016ed0902e
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[5156] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                                                                             000000007605cfca 5 bytes JMP 000000016eb11893
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[5156] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx                                                                                         000000007605f52b 5 bytes JMP 000000016ebfed00
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[5156] C:\Windows\syswow64\USER32.dll!DialogBoxParamA                                                                                             000000007607cb0c 5 bytes JMP 000000016ed08fc9
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[5156] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamA                                                                                     000000007607ce64 5 bytes JMP 000000016ed09093
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[5156] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectA                                                                                         000000007608fbd1 5 bytes JMP 000000016ed08f50
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[5156] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectW                                                                                         000000007608fc9d 5 bytes JMP 000000016ed08ed7
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[5156] C:\Windows\syswow64\USER32.dll!MessageBoxExA                                                                                               000000007608fcd6 5 bytes JMP 000000016ed08e73
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[5156] C:\Windows\syswow64\USER32.dll!MessageBoxExW                                                                                               000000007608fcfa 5 bytes JMP 000000016ed08e0f
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[5156] C:\Windows\syswow64\ole32.dll!OleLoadFromStream                                                                                            0000000074ad6143 5 bytes JMP 000000016ed097fc
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[5156] C:\Windows\syswow64\OLEAUT32.dll!SysFreeString                                                                                             00000000747d3e59 5 bytes JMP 000000016ed098f4
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[5156] C:\Windows\syswow64\OLEAUT32.dll!VariantClear                                                                                              00000000747d3eae 5 bytes JMP 000000016ed09972
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[5156] C:\Windows\syswow64\OLEAUT32.dll!SysAllocStringByteLen                                                                                     00000000747d4731 5 bytes JMP 000000016ed09866
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[5156] C:\Windows\syswow64\OLEAUT32.dll!VariantChangeType                                                                                         00000000747d5dee 5 bytes JMP 000000016ed09912
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[5156] C:\Windows\syswow64\OLEAUT32.dll!OleCreatePropertyFrameIndirect                                                                            00000000748393ec 5 bytes JMP 000000016ed09248
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[5156] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                    0000000074a11465 2 bytes [A1, 74]
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[5156] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                   0000000074a114bb 2 bytes [A1, 74]
.text   ...                                                                                                                                                                                                    * 2
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[5156] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll!PropertySheetW  000000007298388e 5 bytes JMP 000000016ed090f8
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[5156] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll!PropertySheet   0000000072a27922 5 bytes JMP 000000016ed091a0
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[5156] C:\Windows\syswow64\comdlg32.dll!PageSetupDlgW                                                                                             00000000749a2694 5 bytes JMP 000000016ed09440

---- Threads - GMER 2.1 ----

Thread  C:\Windows\System32\svchost.exe [1204:648]                                                                                                                                                             000007fef2b4239c
Thread  C:\Windows\System32\svchost.exe [1204:616]                                                                                                                                                             000007fef6be9688

---- EOF - GMER 2.1 ----
         

Alt 06.03.2013, 16:40   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Ca. 50GB unerwarteter Traffic / Monat - Standard

Ca. 50GB unerwarteter Traffic / Monat



Hallo,

könntest du uns vllt mal mitteilen wie genau du diese 50 GB ermittelt hast?
Was sol ldas sein, reiner WAN-Traffic (Internet) oder ist da auch LAN-Trafic mit drin?
__________________

__________________

Alt 08.03.2013, 14:00   #3
STEPHANKO
 
Ca. 50GB unerwarteter Traffic / Monat - Standard

Ca. 50GB unerwarteter Traffic / Monat



(Sorry, hatte eine Benachrichtigung bei einer Antwort erwartet, kam aber keine, deshalb die Verzögerung.)

Der Rechner ist zur Zeit bei meinem Arbeitgeber im Rechenzentrum geparkt. Er ist ansonsten nicht in Benutzung. Er produziert 40-50 GB Traffic pro Monat ins Internet. Wenn ich ihn ausschalte, dann gibts keinen Traffic. Alles nach der Software meines Arbeitegbers, der damit auch seine Kunden abrechnet. Wir haben schon endlose Diskusionen darum gehabt.

Es ist NICHT der Traffic von hereinkommenen Verbindungen als ehemaliger Webserver für ein gemeinnütziges Projekt.

Deshalb mein Versuch, mal nach Viren / Trojanern zu schauen.
__________________

Alt 08.03.2013, 15:36   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Ca. 50GB unerwarteter Traffic / Monat - Standard

Ca. 50GB unerwarteter Traffic / Monat



Firmenrechner werden hier eigentlich nicht bereinigt

Siehe => http://www.trojaner-board.de/108422-...-anfragen.html

Zitat:
3. Grundsätzlich bereinigen wir keine gewerblich genutzten Rechner. Dafür ist die IT Abteilung eurer Firma zuständig.

Bei Kleinunternehmen, welche keinen IT Support haben, machen wir da eine Ausnahme und helfen gerne ( kleine Spende hilft auch uns ).
Voraussetzung: Ihr teilt uns dies in eurer ersten Antwort mit.
Bedenkt jedoch, dass Logfiles viele heikle Informationen enthalten können ( Kundendaten, Bankdaten, etc ) sowie das Malware die Möglichkeit besitzt, diese auszuspähen und zu missbrauchen. Hier legen wir euch ein Formatieren und Neuaufsetzen nahe.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 08.03.2013, 21:15   #5
STEPHANKO
 
Ca. 50GB unerwarteter Traffic / Monat - Standard

Ca. 50GB unerwarteter Traffic / Monat



Hallo,

dies ist kein Firmenrechner, ich darf ihn nur da unterstellen. Hilfe von dort bekomme ich auch nicht.

Ich habe hier übrigens schon gesspendet (24.2.)

Viele Grüße

Stephan


Alt 08.03.2013, 23:40   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Ca. 50GB unerwarteter Traffic / Monat - Standard

Ca. 50GB unerwarteter Traffic / Monat



Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Die Logs der aufgegebenen Tools wie zB Malwarebytes sind immer zu posten - egal ob ein Fund dabei war oder nicht!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.


Bitte die drei Tools MBAR / aswMBR / TDSSkiller nun ausführen und die Logs in CODE-Tags posten


MBAR (Malwarebytes Anti-Rootkit)

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers


aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



TDSS-Killer

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
--> Ca. 50GB unerwarteter Traffic / Monat

Alt 09.03.2013, 19:43   #7
STEPHANKO
 
Ca. 50GB unerwarteter Traffic / Monat - Standard

Ca. 50GB unerwarteter Traffic / Monat



Ich schaffe es nicht, die drei Tools downzuloaden, werde es weiter versuchen.

Alt 10.03.2013, 15:51   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Ca. 50GB unerwarteter Traffic / Monat - Standard

Ca. 50GB unerwarteter Traffic / Monat



Wenn du vom befallenen Rechner das nicht runterladen kannst, dann lade die Tools von einem sauberen Rechner runter und dann alle zusammen gepackt hier hochladen => File-Upload.net - Ihr kostenloser File Hoster!

Mit dem Downloadlink solltest du die Tools vom befallenen Rechner runterladen können
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 11.03.2013, 02:22   #9
STEPHANKO
 
Ca. 50GB unerwarteter Traffic / Monat - Standard

Ca. 50GB unerwarteter Traffic / Monat



Ich hoffe ich habe die richtigen Log-Files:

Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.01.0.1021
www.malwarebytes.org

Database version: v2013.03.10.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Catcher :: RS-8558B2 [administrator]

10.03.2013 13:30:55
mbar-log-2013-03-10 (13-30-55).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 28928
Time elapsed: 4 minute(s), 

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
         
Code:
ATTFilter
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-03-10 14:05:48
-----------------------------
14:05:48.623    OS Version: Windows x64 6.1.7601 Service Pack 1
14:05:48.623    Number of processors: 8 586 0x1A05
14:05:48.623    ComputerName: RS-8558B2  UserName: Catcher
14:05:48.982    Initialize success
14:06:08.586    AVAST engine defs: 13031000
14:06:30.175    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Scsi\3wareDrv1Port4Path0Target0Lun0
14:06:30.177    Disk 0 Vendor: AMCC____ 4.08 Size: 66747MB BusType: 8
14:06:30.186    Disk 0 MBR read successfully
14:06:30.188    Disk 0 MBR scan
14:06:30.191    Disk 0 Windows 7 default MBR code
14:06:30.200    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
14:06:30.209    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS        66645 MB offset 206848
14:06:30.278    Disk 0 scanning C:\Windows\system32\drivers
14:06:38.044    Service scanning
14:06:51.151    Modules scanning
14:06:51.154    Disk 0 trace - called modules:
14:06:51.162    ntoskrnl.exe CLASSPNP.SYS disk.sys SCSIPORT.SYS hal.dll 3wareDrv.sys 
14:06:51.164    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800ad95790]
14:06:51.167    3 CLASSPNP.SYS[fffff8800145143f] -> nt!IofCallDriver -> \Device\Scsi\3wareDrv1Port4Path0Target0Lun0[0xfffffa800ab4f050]
14:06:51.508    AVAST engine scan C:\Windows
14:06:52.280    AVAST engine scan C:\Windows\system32
14:08:33.856    AVAST engine scan C:\Windows\system32\drivers
14:08:42.152    AVAST engine scan C:\Users\Catcher
14:09:04.947    AVAST engine scan C:\ProgramData
14:09:12.372    Scan finished successfully
14:31:57.401    Disk 0 MBR has been saved successfully to "C:\Users\Catcher\Desktop\MBR.dat"
14:31:57.417    The log file has been saved successfully to "C:\Users\Catcher\Desktop\aswMBR.txt"
         
Code:
ATTFilter
01:26:53.0517 132176  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
01:26:53.0627 132176  ============================================================
01:26:53.0627 132176  Current date / time: 2013/03/11 01:26:53.0627
01:26:53.0627 132176  SystemInfo:
01:26:53.0627 132176  
01:26:53.0627 132176  OS Version: 6.1.7601 ServicePack: 1.0
01:26:53.0627 132176  Product type: Workstation
01:26:53.0627 132176  ComputerName: RS-8558B2
01:26:53.0627 132176  UserName: Catcher
01:26:53.0627 132176  Windows directory: C:\Windows
01:26:53.0627 132176  System windows directory: C:\Windows
01:26:53.0627 132176  Running under WOW64
01:26:53.0627 132176  Processor architecture: Intel x64
01:26:53.0627 132176  Number of processors: 8
01:26:53.0627 132176  Page size: 0x1000
01:26:53.0627 132176  Boot type: Normal boot
01:26:53.0627 132176  ============================================================
01:26:53.0924 132176  Drive \Device\Harddisk0\DR0 - Size: 0x104BB00000 (65.18 Gb), SectorSize: 0x200, Cylinders: 0x7D76, SectorsPerTrack: 0x13, TracksPerCylinder: 0xE0, Type 'K0', Flags 0x00000048
01:26:53.0924 132176  ============================================================
01:26:53.0924 132176  \Device\Harddisk0\DR0:
01:26:53.0924 132176  MBR partitions:
01:26:53.0924 132176  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
01:26:53.0924 132176  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x822A800
01:26:53.0924 132176  ============================================================
01:26:53.0939 132176  C: <-> \Device\Harddisk0\DR0\Partition2
01:26:53.0939 132176  ============================================================
01:26:53.0939 132176  Initialize success
01:26:53.0939 132176  ============================================================
01:27:05.0549 120960  ============================================================
01:27:05.0549 120960  Scan started
01:27:05.0549 120960  Mode: Manual; SigCheck; TDLFS; 
01:27:05.0549 120960  ============================================================
01:27:05.0767 120960  ================ Scan system memory ========================
01:27:05.0767 120960  System memory - ok
01:27:05.0783 120960  ================ Scan services =============================
01:27:05.0892 120960  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
01:27:05.0924 120960  1394ohci - ok
01:27:05.0986 120960  [ A546426F04DD8AE6EE6FEFD30A1A2B12 ] 3DM2            C:\Program Files\AMCC\3DM2/3dm2.exe
01:27:05.0986 120960  Suspicious file (Hidden): C:\Program Files\AMCC\3DM2/3dm2.exe. md5: A546426F04DD8AE6EE6FEFD30A1A2B12
01:27:06.0002 120960  3DM2 ( HiddenFile.Multi.Generic ) - warning
01:27:06.0002 120960  3DM2 - detected HiddenFile.Multi.Generic (1)
01:27:06.0033 120960  [ C42D2BD350F6A86F4E30EEC5336C28C1 ] 3wareDrv        C:\Windows\system32\DRIVERS\3wareDrv.sys
01:27:06.0049 120960  3wareDrv - ok
01:27:06.0080 120960  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
01:27:06.0095 120960  ACPI - ok
01:27:06.0127 120960  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
01:27:06.0127 120960  AcpiPmi - ok
01:27:06.0205 120960  [ 9942DC4CC265CDA00486504444EF521D ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
01:27:06.0205 120960  AdobeFlashPlayerUpdateSvc - ok
01:27:06.0252 120960  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
01:27:06.0267 120960  adp94xx - ok
01:27:06.0283 120960  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
01:27:06.0299 120960  adpahci - ok
01:27:06.0314 120960  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
01:27:06.0330 120960  adpu320 - ok
01:27:06.0345 120960  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
01:27:06.0377 120960  AeLookupSvc - ok
01:27:06.0424 120960  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
01:27:06.0439 120960  AFD - ok
01:27:06.0455 120960  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
01:27:06.0470 120960  agp440 - ok
01:27:06.0470 120960  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
01:27:06.0486 120960  ALG - ok
01:27:06.0502 120960  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
01:27:06.0517 120960  aliide - ok
01:27:06.0517 120960  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
01:27:06.0533 120960  amdide - ok
01:27:06.0564 120960  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
01:27:06.0580 120960  AmdK8 - ok
01:27:06.0595 120960  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
01:27:06.0595 120960  AmdPPM - ok
01:27:06.0627 120960  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
01:27:06.0627 120960  amdsata - ok
01:27:06.0658 120960  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
01:27:06.0658 120960  amdsbs - ok
01:27:06.0674 120960  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
01:27:06.0689 120960  amdxata - ok
01:27:06.0705 120960  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
01:27:06.0736 120960  AppID - ok
01:27:06.0736 120960  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
01:27:06.0767 120960  AppIDSvc - ok
01:27:06.0799 120960  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
01:27:06.0830 120960  Appinfo - ok
01:27:06.0845 120960  [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt         C:\Windows\System32\appmgmts.dll
01:27:06.0861 120960  AppMgmt - ok
01:27:06.0877 120960  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
01:27:06.0892 120960  arc - ok
01:27:06.0908 120960  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
01:27:06.0908 120960  arcsas - ok
01:27:06.0924 120960  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
01:27:06.0955 120960  AsyncMac - ok
01:27:06.0986 120960  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
01:27:07.0002 120960  atapi - ok
01:27:07.0033 120960  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
01:27:07.0064 120960  AudioEndpointBuilder - ok
01:27:07.0080 120960  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
01:27:07.0111 120960  AudioSrv - ok
01:27:07.0127 120960  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
01:27:07.0142 120960  AxInstSV - ok
01:27:07.0174 120960  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
01:27:07.0189 120960  b06bdrv - ok
01:27:07.0205 120960  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
01:27:07.0220 120960  b57nd60a - ok
01:27:07.0236 120960  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
01:27:07.0236 120960  BDESVC - ok
01:27:07.0252 120960  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
01:27:07.0283 120960  Beep - ok
01:27:07.0330 120960  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
01:27:07.0345 120960  BFE - ok
01:27:07.0377 120960  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
01:27:07.0408 120960  BITS - ok
01:27:07.0424 120960  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
01:27:07.0439 120960  blbdrive - ok
01:27:07.0455 120960  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
01:27:07.0470 120960  bowser - ok
01:27:07.0486 120960  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
01:27:07.0502 120960  BrFiltLo - ok
01:27:07.0502 120960  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
01:27:07.0502 120960  BrFiltUp - ok
01:27:07.0533 120960  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
01:27:07.0549 120960  Browser - ok
01:27:07.0564 120960  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
01:27:07.0564 120960  Brserid - ok
01:27:07.0595 120960  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
01:27:07.0595 120960  BrSerWdm - ok
01:27:07.0611 120960  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
01:27:07.0611 120960  BrUsbMdm - ok
01:27:07.0627 120960  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
01:27:07.0627 120960  BrUsbSer - ok
01:27:07.0627 120960  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
01:27:07.0642 120960  BTHMODEM - ok
01:27:07.0674 120960  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
01:27:07.0689 120960  bthserv - ok
01:27:07.0705 120960  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
01:27:07.0736 120960  cdfs - ok
01:27:07.0767 120960  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\drivers\cdrom.sys
01:27:07.0783 120960  cdrom - ok
01:27:07.0939 120960  [ 811F92DE474D7BEC24314DD32E6980DF ] Cerberus FTP Server C:\Program Files\Cerberus LLC\Cerberus FTP Server\CerberusGUI.exe
01:27:08.0033 120960  Cerberus FTP Server - ok
01:27:08.0080 120960  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
01:27:08.0095 120960  CertPropSvc - ok
01:27:08.0095 120960  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
01:27:08.0111 120960  circlass - ok
01:27:08.0127 120960  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
01:27:08.0142 120960  CLFS - ok
01:27:08.0189 120960  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
01:27:08.0189 120960  clr_optimization_v2.0.50727_32 - ok
01:27:08.0236 120960  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
01:27:08.0236 120960  clr_optimization_v2.0.50727_64 - ok
01:27:08.0299 120960  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
01:27:08.0314 120960  clr_optimization_v4.0.30319_32 - ok
01:27:08.0330 120960  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
01:27:08.0345 120960  clr_optimization_v4.0.30319_64 - ok
01:27:08.0361 120960  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
01:27:08.0361 120960  CmBatt - ok
01:27:08.0377 120960  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
01:27:08.0392 120960  cmdide - ok
01:27:08.0424 120960  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
01:27:08.0439 120960  CNG - ok
01:27:08.0455 120960  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
01:27:08.0470 120960  Compbatt - ok
01:27:08.0486 120960  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
01:27:08.0502 120960  CompositeBus - ok
01:27:08.0502 120960  COMSysApp - ok
01:27:08.0517 120960  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
01:27:08.0533 120960  crcdisk - ok
01:27:08.0549 120960  [ 4F5414602E2544A4554D95517948B705 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
01:27:08.0674 120960  CryptSvc - ok
01:27:08.0705 120960  [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC             C:\Windows\system32\drivers\csc.sys
01:27:08.0705 120960  CSC - ok
01:27:08.0736 120960  [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService      C:\Windows\System32\cscsvc.dll
01:27:08.0752 120960  CscService - ok
01:27:08.0752 120960  CSN5PDTS82 - ok
01:27:08.0783 120960  [ E7956DB62954ECA3FFD2AC88F6B83BB4 ] CSN5PDTS82x64   C:\Windows\system32\Drivers\CSN5PDTS82x64.sys
01:27:08.0783 120960  CSN5PDTS82x64 - ok
01:27:08.0814 120960  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
01:27:08.0845 120960  DcomLaunch - ok
01:27:08.0845 120960  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
01:27:08.0877 120960  defragsvc - ok
01:27:08.0908 120960  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
01:27:08.0924 120960  DfsC - ok
01:27:08.0955 120960  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
01:27:08.0970 120960  Dhcp - ok
01:27:08.0986 120960  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
01:27:09.0236 120960  discache - ok
01:27:09.0236 120960  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
01:27:09.0252 120960  Disk - ok
01:27:09.0267 120960  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
01:27:09.0267 120960  Dnscache - ok
01:27:09.0299 120960  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
01:27:09.0330 120960  dot3svc - ok
01:27:09.0345 120960  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
01:27:09.0377 120960  DPS - ok
01:27:09.0408 120960  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
01:27:09.0424 120960  DXGKrnl - ok
01:27:09.0455 120960  [ 235C3283DDBFAD74FB451E268CBF0A5D ] e1qexpress      C:\Windows\system32\DRIVERS\e1q60x64.sys
01:27:09.0470 120960  e1qexpress - ok
01:27:09.0486 120960  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
01:27:09.0502 120960  EapHost - ok
01:27:09.0564 120960  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
01:27:09.0611 120960  ebdrv - ok
01:27:09.0611 120960  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
01:27:09.0627 120960  EFS - ok
01:27:09.0674 120960  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
01:27:09.0689 120960  ehRecvr - ok
01:27:09.0705 120960  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
01:27:09.0720 120960  ehSched - ok
01:27:09.0736 120960  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
01:27:09.0752 120960  elxstor - ok
01:27:09.0767 120960  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
01:27:09.0783 120960  ErrDev - ok
01:27:09.0799 120960  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
01:27:09.0830 120960  EventSystem - ok
01:27:09.0845 120960  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
01:27:09.0877 120960  exfat - ok
01:27:09.0892 120960  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
01:27:09.0924 120960  fastfat - ok
01:27:09.0970 120960  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
01:27:09.0970 120960  Fax - ok
01:27:10.0002 120960  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
01:27:10.0017 120960  fdc - ok
01:27:10.0033 120960  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
01:27:10.0049 120960  fdPHost - ok
01:27:10.0080 120960  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
01:27:10.0111 120960  FDResPub - ok
01:27:10.0127 120960  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
01:27:10.0127 120960  FileInfo - ok
01:27:10.0142 120960  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
01:27:10.0174 120960  Filetrace - ok
01:27:10.0174 120960  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
01:27:10.0189 120960  flpydisk - ok
01:27:10.0220 120960  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
01:27:10.0220 120960  FltMgr - ok
01:27:10.0267 120960  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache       C:\Windows\system32\FntCache.dll
01:27:10.0283 120960  FontCache - ok
01:27:10.0330 120960  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
01:27:10.0330 120960  FontCache3.0.0.0 - ok
01:27:10.0377 120960  FreeProxy - ok
01:27:10.0392 120960  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
01:27:10.0392 120960  FsDepends - ok
01:27:10.0408 120960  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
01:27:10.0424 120960  Fs_Rec - ok
01:27:10.0455 120960  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
01:27:10.0470 120960  fvevol - ok
01:27:10.0486 120960  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
01:27:10.0502 120960  gagp30kx - ok
01:27:10.0533 120960  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
01:27:10.0564 120960  gpsvc - ok
01:27:10.0580 120960  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
01:27:10.0580 120960  hcw85cir - ok
01:27:10.0611 120960  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
01:27:10.0611 120960  HDAudBus - ok
01:27:10.0627 120960  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
01:27:10.0627 120960  HidBatt - ok
01:27:10.0642 120960  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
01:27:10.0658 120960  HidBth - ok
01:27:10.0658 120960  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
01:27:10.0674 120960  HidIr - ok
01:27:10.0689 120960  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
01:27:10.0720 120960  hidserv - ok
01:27:10.0736 120960  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\drivers\hidusb.sys
01:27:10.0752 120960  HidUsb - ok
01:27:10.0767 120960  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
01:27:10.0799 120960  hkmsvc - ok
01:27:10.0814 120960  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
01:27:10.0830 120960  HomeGroupListener - ok
01:27:10.0845 120960  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
01:27:10.0861 120960  HomeGroupProvider - ok
01:27:10.0892 120960  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
01:27:10.0892 120960  HpSAMD - ok
01:27:10.0939 120960  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
01:27:10.0970 120960  HTTP - ok
01:27:11.0002 120960  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
01:27:11.0002 120960  hwpolicy - ok
01:27:11.0033 120960  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
01:27:11.0033 120960  i8042prt - ok
01:27:11.0064 120960  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
01:27:11.0080 120960  iaStorV - ok
01:27:11.0111 120960  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
01:27:11.0127 120960  idsvc - ok
01:27:11.0142 120960  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
01:27:11.0142 120960  iirsp - ok
01:27:11.0174 120960  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
01:27:11.0205 120960  IKEEXT - ok
01:27:11.0220 120960  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
01:27:11.0220 120960  intelide - ok
01:27:11.0236 120960  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
01:27:11.0252 120960  intelppm - ok
01:27:11.0252 120960  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
01:27:11.0283 120960  IPBusEnum - ok
01:27:11.0314 120960  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
01:27:11.0345 120960  IpFilterDriver - ok
01:27:11.0361 120960  [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
01:27:11.0392 120960  iphlpsvc - ok
01:27:11.0408 120960  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
01:27:11.0408 120960  IPMIDRV - ok
01:27:11.0424 120960  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
01:27:11.0455 120960  IPNAT - ok
01:27:11.0470 120960  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
01:27:11.0486 120960  IRENUM - ok
01:27:11.0486 120960  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
01:27:11.0502 120960  isapnp - ok
01:27:11.0517 120960  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
01:27:11.0517 120960  iScsiPrt - ok
01:27:11.0533 120960  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
01:27:11.0549 120960  kbdclass - ok
01:27:11.0564 120960  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
01:27:11.0580 120960  kbdhid - ok
01:27:11.0580 120960  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
01:27:11.0595 120960  KeyIso - ok
01:27:11.0611 120960  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
01:27:11.0627 120960  KSecDD - ok
01:27:11.0642 120960  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
01:27:11.0658 120960  KSecPkg - ok
01:27:11.0658 120960  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
01:27:11.0689 120960  ksthunk - ok
01:27:11.0720 120960  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
01:27:11.0752 120960  KtmRm - ok
01:27:11.0752 120960  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
01:27:11.0783 120960  LanmanServer - ok
01:27:11.0799 120960  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
01:27:11.0830 120960  LanmanWorkstation - ok
01:27:11.0845 120960  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
01:27:11.0877 120960  lltdio - ok
01:27:11.0908 120960  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
01:27:11.0939 120960  lltdsvc - ok
01:27:11.0955 120960  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
01:27:11.0986 120960  lmhosts - ok
01:27:12.0033 120960  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
01:27:12.0033 120960  LSI_FC - ok
01:27:12.0049 120960  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
01:27:12.0064 120960  LSI_SAS - ok
01:27:12.0095 120960  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
01:27:12.0095 120960  LSI_SAS2 - ok
01:27:12.0111 120960  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
01:27:12.0111 120960  LSI_SCSI - ok
01:27:12.0142 120960  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
01:27:12.0174 120960  luafv - ok
01:27:12.0220 120960  [ B9FC4CCE5758B816F27DD4D1EED11841 ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
01:27:12.0220 120960  MBAMProtector - ok
01:27:12.0267 120960  [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
01:27:12.0283 120960  MBAMScheduler - ok
01:27:12.0299 120960  [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
01:27:12.0314 120960  MBAMService - ok
01:27:12.0345 120960  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
01:27:12.0361 120960  Mcx2Svc - ok
01:27:12.0377 120960  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
01:27:12.0392 120960  megasas - ok
01:27:12.0392 120960  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
01:27:12.0408 120960  MegaSR - ok
01:27:12.0424 120960  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
01:27:12.0455 120960  MMCSS - ok
01:27:12.0470 120960  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
01:27:12.0486 120960  Modem - ok
01:27:12.0502 120960  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
01:27:12.0517 120960  monitor - ok
01:27:12.0533 120960  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\drivers\mouclass.sys
01:27:12.0549 120960  mouclass - ok
01:27:12.0564 120960  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
01:27:12.0564 120960  mouhid - ok
01:27:12.0580 120960  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
01:27:12.0595 120960  mountmgr - ok
01:27:12.0611 120960  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
01:27:12.0627 120960  mpio - ok
01:27:12.0642 120960  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
01:27:12.0658 120960  mpsdrv - ok
01:27:12.0736 120960  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
01:27:12.0767 120960  MpsSvc - ok
01:27:12.0799 120960  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
01:27:12.0814 120960  MRxDAV - ok
01:27:12.0830 120960  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
01:27:12.0845 120960  mrxsmb - ok
01:27:12.0861 120960  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
01:27:12.0861 120960  mrxsmb10 - ok
01:27:12.0892 120960  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
01:27:12.0908 120960  mrxsmb20 - ok
01:27:12.0924 120960  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
01:27:12.0939 120960  msahci - ok
01:27:12.0955 120960  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
01:27:12.0970 120960  msdsm - ok
01:27:12.0970 120960  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
01:27:12.0986 120960  MSDTC - ok
01:27:13.0002 120960  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
01:27:13.0033 120960  Msfs - ok
01:27:13.0049 120960  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
01:27:13.0064 120960  mshidkmdf - ok
01:27:13.0080 120960  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
01:27:13.0095 120960  msisadrv - ok
01:27:13.0111 120960  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
01:27:13.0142 120960  MSiSCSI - ok
01:27:13.0142 120960  msiserver - ok
01:27:13.0174 120960  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
01:27:13.0189 120960  MsRPC - ok
01:27:13.0205 120960  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
01:27:13.0220 120960  mssmbios - ok
01:27:13.0345 120960  [ CB4A082AF58D1A0969F931816D5CFB05 ] msvsmon90       C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe
01:27:13.0392 120960  msvsmon90 - ok
01:27:13.0408 120960  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
01:27:13.0424 120960  MTConfig - ok
01:27:13.0439 120960  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
01:27:13.0439 120960  Mup - ok
01:27:13.0455 120960  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
01:27:13.0486 120960  napagent - ok
01:27:13.0502 120960  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
01:27:13.0517 120960  NativeWifiP - ok
01:27:13.0564 120960  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
01:27:13.0580 120960  NDIS - ok
01:27:13.0580 120960  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
01:27:13.0611 120960  NdisCap - ok
01:27:13.0627 120960  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
01:27:13.0658 120960  NdisTapi - ok
01:27:13.0674 120960  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
01:27:13.0705 120960  Ndisuio - ok
01:27:13.0720 120960  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
01:27:13.0752 120960  NdisWan - ok
01:27:13.0767 120960  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
01:27:13.0799 120960  NDProxy - ok
01:27:13.0799 120960  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
01:27:13.0830 120960  NetBIOS - ok
01:27:13.0845 120960  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
01:27:13.0861 120960  NetBT - ok
01:27:13.0877 120960  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
01:27:13.0892 120960  Netlogon - ok
01:27:13.0908 120960  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
01:27:13.0939 120960  Netman - ok
01:27:13.0955 120960  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
01:27:13.0986 120960  netprofm - ok
01:27:14.0033 120960  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
01:27:14.0049 120960  NetTcpPortSharing - ok
01:27:14.0049 120960  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
01:27:14.0064 120960  nfrd960 - ok
01:27:14.0080 120960  [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc          C:\Windows\System32\nlasvc.dll
01:27:14.0111 120960  NlaSvc - ok
01:27:14.0111 120960  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
01:27:14.0142 120960  Npfs - ok
01:27:14.0142 120960  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
01:27:14.0174 120960  nsi - ok
01:27:14.0174 120960  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
01:27:14.0205 120960  nsiproxy - ok
01:27:14.0252 120960  [ A2F74975097F52A00745F9637451FDD8 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
01:27:14.0267 120960  Ntfs - ok
01:27:14.0299 120960  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
01:27:14.0314 120960  Null - ok
01:27:14.0345 120960  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
01:27:14.0361 120960  nvraid - ok
01:27:14.0392 120960  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
01:27:14.0392 120960  nvstor - ok
01:27:14.0424 120960  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
01:27:14.0424 120960  nv_agp - ok
01:27:14.0455 120960  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
01:27:14.0470 120960  ohci1394 - ok
01:27:14.0486 120960  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
01:27:14.0502 120960  p2pimsvc - ok
01:27:14.0517 120960  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
01:27:14.0533 120960  p2psvc - ok
01:27:14.0533 120960  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
01:27:14.0549 120960  Parport - ok
01:27:14.0580 120960  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
01:27:14.0595 120960  partmgr - ok
01:27:14.0611 120960  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
01:27:14.0627 120960  PcaSvc - ok
01:27:14.0627 120960  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
01:27:14.0642 120960  pci - ok
01:27:14.0642 120960  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
01:27:14.0658 120960  pciide - ok
01:27:14.0674 120960  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
01:27:14.0674 120960  pcmcia - ok
01:27:14.0689 120960  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
01:27:14.0705 120960  pcw - ok
01:27:14.0720 120960  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
01:27:14.0752 120960  PEAUTH - ok
01:27:14.0783 120960  [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
01:27:14.0799 120960  PeerDistSvc - ok
01:27:14.0845 120960  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
01:27:14.0861 120960  PerfHost - ok
01:27:14.0924 120960  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
01:27:14.0955 120960  pla - ok
01:27:14.0986 120960  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
01:27:15.0002 120960  PlugPlay - ok
01:27:15.0017 120960  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
01:27:15.0033 120960  PNRPAutoReg - ok
01:27:15.0064 120960  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
01:27:15.0064 120960  PNRPsvc - ok
01:27:15.0111 120960  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
01:27:15.0142 120960  PolicyAgent - ok
01:27:15.0158 120960  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
01:27:15.0189 120960  Power - ok
01:27:15.0220 120960  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
01:27:15.0252 120960  PptpMiniport - ok
01:27:15.0252 120960  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
01:27:15.0267 120960  Processor - ok
01:27:15.0299 120960  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
01:27:15.0314 120960  ProfSvc - ok
01:27:15.0330 120960  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
01:27:15.0345 120960  ProtectedStorage - ok
01:27:15.0361 120960  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
01:27:15.0392 120960  Psched - ok
01:27:15.0424 120960  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
01:27:15.0455 120960  ql2300 - ok
01:27:15.0470 120960  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
01:27:15.0470 120960  ql40xx - ok
01:27:15.0502 120960  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
01:27:15.0502 120960  QWAVE - ok
01:27:15.0533 120960  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
01:27:15.0549 120960  QWAVEdrv - ok
01:27:15.0549 120960  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
01:27:15.0580 120960  RasAcd - ok
01:27:15.0611 120960  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
01:27:15.0627 120960  RasAgileVpn - ok
01:27:15.0642 120960  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
01:27:15.0674 120960  RasAuto - ok
01:27:15.0689 120960  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
01:27:15.0720 120960  Rasl2tp - ok
01:27:15.0752 120960  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
01:27:15.0783 120960  RasMan - ok
01:27:15.0799 120960  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
01:27:15.0830 120960  RasPppoe - ok
01:27:15.0845 120960  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
01:27:15.0861 120960  RasSstp - ok
01:27:15.0892 120960  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
01:27:15.0908 120960  rdbss - ok
01:27:15.0924 120960  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
01:27:15.0924 120960  rdpbus - ok
01:27:15.0939 120960  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
01:27:15.0970 120960  RDPCDD - ok
01:27:16.0002 120960  [ 1B6163C503398B23FF8B939C67747683 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
01:27:16.0002 120960  RDPDR - ok
01:27:16.0017 120960  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
01:27:16.0049 120960  RDPENCDD - ok
01:27:16.0049 120960  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
01:27:16.0080 120960  RDPREFMP - ok
01:27:16.0111 120960  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
01:27:16.0111 120960  RDPWD - ok
01:27:16.0142 120960  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
01:27:16.0142 120960  rdyboost - ok
01:27:16.0158 120960  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
01:27:16.0189 120960  RemoteAccess - ok
01:27:16.0189 120960  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
01:27:16.0220 120960  RemoteRegistry - ok
01:27:16.0252 120960  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
01:27:16.0267 120960  RpcEptMapper - ok
01:27:16.0283 120960  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
01:27:16.0299 120960  RpcLocator - ok
01:27:16.0314 120960  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
01:27:16.0345 120960  RpcSs - ok
01:27:16.0345 120960  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
01:27:16.0377 120960  rspndr - ok
01:27:16.0392 120960  [ E60C0A09F997826C7627B244195AB581 ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
01:27:16.0392 120960  s3cap - ok
01:27:16.0408 120960  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
01:27:16.0408 120960  SamSs - ok
01:27:16.0439 120960  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
01:27:16.0439 120960  sbp2port - ok
01:27:16.0455 120960  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
01:27:16.0470 120960  SCardSvr - ok
01:27:16.0486 120960  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
01:27:16.0517 120960  scfilter - ok
01:27:16.0564 120960  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
01:27:16.0611 120960  Schedule - ok
01:27:16.0627 120960  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
01:27:16.0658 120960  SCPolicySvc - ok
01:27:16.0674 120960  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
01:27:16.0689 120960  SDRSVC - ok
01:27:16.0705 120960  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
01:27:16.0736 120960  secdrv - ok
01:27:16.0752 120960  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
01:27:16.0783 120960  seclogon - ok
01:27:16.0799 120960  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
01:27:16.0830 120960  SENS - ok
01:27:16.0830 120960  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
01:27:16.0845 120960  SensrSvc - ok
01:27:16.0845 120960  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
01:27:16.0861 120960  Serenum - ok
01:27:16.0861 120960  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
01:27:16.0877 120960  Serial - ok
01:27:16.0892 120960  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
01:27:16.0892 120960  sermouse - ok
01:27:16.0908 120960  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
01:27:16.0939 120960  SessionEnv - ok
01:27:16.0970 120960  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
01:27:16.0970 120960  sffdisk - ok
01:27:17.0033 120960  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
01:27:17.0033 120960  sffp_mmc - ok
01:27:17.0080 120960  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
01:27:17.0095 120960  sffp_sd - ok
01:27:17.0111 120960  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
01:27:17.0111 120960  sfloppy - ok
01:27:17.0127 120960  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
01:27:17.0158 120960  SharedAccess - ok
01:27:17.0189 120960  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
01:27:17.0220 120960  ShellHWDetection - ok
01:27:17.0236 120960  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
01:27:17.0236 120960  SiSRaid2 - ok
01:27:17.0252 120960  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
01:27:17.0252 120960  SiSRaid4 - ok
01:27:17.0267 120960  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
01:27:17.0283 120960  Smb - ok
01:27:17.0299 120960  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
01:27:17.0314 120960  SNMPTRAP - ok
01:27:17.0330 120960  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
01:27:17.0330 120960  spldr - ok
01:27:17.0361 120960  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
01:27:17.0377 120960  Spooler - ok
01:27:17.0439 120960  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
01:27:17.0502 120960  sppsvc - ok
01:27:17.0502 120960  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
01:27:17.0533 120960  sppuinotify - ok
01:27:17.0564 120960  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
01:27:17.0564 120960  srv - ok
01:27:17.0580 120960  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
01:27:17.0595 120960  srv2 - ok
01:27:17.0611 120960  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
01:27:17.0627 120960  srvnet - ok
01:27:17.0642 120960  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
01:27:17.0674 120960  SSDPSRV - ok
01:27:17.0674 120960  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
01:27:17.0705 120960  SstpSvc - ok
01:27:17.0705 120960  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
01:27:17.0720 120960  stexstor - ok
01:27:17.0752 120960  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
01:27:17.0767 120960  stisvc - ok
01:27:17.0799 120960  [ 7785DC213270D2FC066538DAF94087E7 ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
01:27:17.0799 120960  storflt - ok
01:27:17.0830 120960  [ C40841817EF57D491F22EB103DA587CC ] StorSvc         C:\Windows\system32\storsvc.dll
01:27:17.0830 120960  StorSvc - ok
01:27:17.0845 120960  [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
01:27:17.0861 120960  storvsc - ok
01:27:17.0877 120960  [ 7F258C0161E9EDCA8E7F85AC0DD68E46 ] superbmc        C:\Windows\system32\drivers\superbmc.sys
01:27:17.0877 120960  superbmc - ok
01:27:17.0908 120960  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
01:27:17.0908 120960  swenum - ok
01:27:17.0939 120960  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
01:27:17.0970 120960  swprv - ok
01:27:18.0017 120960  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
01:27:18.0049 120960  SysMain - ok
01:27:18.0064 120960  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
01:27:18.0080 120960  TabletInputService - ok
01:27:18.0111 120960  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
01:27:18.0127 120960  TapiSrv - ok
01:27:18.0142 120960  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
01:27:18.0174 120960  TBS - ok
01:27:18.0220 120960  [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
01:27:18.0252 120960  Tcpip - ok
01:27:18.0283 120960  [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
01:27:18.0314 120960  TCPIP6 - ok
01:27:18.0330 120960  [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
01:27:18.0361 120960  tcpipreg - ok
01:27:18.0377 120960  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
01:27:18.0377 120960  TDPIPE - ok
01:27:18.0392 120960  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
01:27:18.0408 120960  TDTCP - ok
01:27:18.0424 120960  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
01:27:18.0455 120960  tdx - ok
01:27:18.0533 120960  [ B1B546EA1D908A8F90EBEB02E5878AA0 ] TeamViewer7     C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
01:27:18.0580 120960  TeamViewer7 - ok
01:27:18.0580 120960  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
01:27:18.0595 120960  TermDD - ok
01:27:18.0627 120960  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
01:27:18.0658 120960  TermService - ok
01:27:18.0658 120960  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
01:27:18.0674 120960  Themes - ok
01:27:18.0674 120960  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
01:27:18.0705 120960  THREADORDER - ok
01:27:18.0720 120960  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
01:27:18.0752 120960  TrkWks - ok
01:27:18.0783 120960  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
01:27:18.0799 120960  TrustedInstaller - ok
01:27:18.0830 120960  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
01:27:18.0861 120960  tssecsrv - ok
01:27:18.0861 120960  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
01:27:18.0877 120960  TsUsbFlt - ok
01:27:18.0908 120960  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
01:27:18.0924 120960  tunnel - ok
01:27:19.0002 120960  [ 72534F43386F4EF243F22C4ADE3314AA ] tvnserver       C:\Program Files (x86)\TightVNC\tvnserver.exe
01:27:19.0033 120960  tvnserver - ok
01:27:19.0033 120960  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
01:27:19.0049 120960  uagp35 - ok
01:27:19.0064 120960  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
01:27:19.0095 120960  udfs - ok
01:27:19.0111 120960  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
01:27:19.0127 120960  UI0Detect - ok
01:27:19.0127 120960  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
01:27:19.0142 120960  uliagpkx - ok
01:27:19.0158 120960  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\drivers\umbus.sys
01:27:19.0158 120960  umbus - ok
01:27:19.0174 120960  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
01:27:19.0174 120960  UmPass - ok
01:27:19.0205 120960  [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService    C:\Windows\System32\umrdp.dll
01:27:19.0205 120960  UmRdpService - ok
01:27:19.0236 120960  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
01:27:19.0267 120960  upnphost - ok
01:27:19.0283 120960  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\drivers\usbccgp.sys
01:27:19.0299 120960  usbccgp - ok
01:27:19.0314 120960  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
01:27:19.0330 120960  usbcir - ok
01:27:19.0345 120960  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
01:27:19.0361 120960  usbehci - ok
01:27:19.0377 120960  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
01:27:19.0392 120960  usbhub - ok
01:27:19.0392 120960  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
01:27:19.0408 120960  usbohci - ok
01:27:19.0424 120960  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
01:27:19.0424 120960  usbprint - ok
01:27:19.0439 120960  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\drivers\USBSTOR.SYS
01:27:19.0439 120960  USBSTOR - ok
01:27:19.0455 120960  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
01:27:19.0455 120960  usbuhci - ok
01:27:19.0470 120960  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
01:27:19.0486 120960  UxSms - ok
01:27:19.0502 120960  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
01:27:19.0517 120960  VaultSvc - ok
01:27:19.0517 120960  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
01:27:19.0533 120960  vdrvroot - ok
01:27:19.0549 120960  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
01:27:19.0580 120960  vds - ok
01:27:19.0595 120960  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
01:27:19.0611 120960  vga - ok
01:27:19.0627 120960  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
01:27:19.0642 120960  VgaSave - ok
01:27:19.0674 120960  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
01:27:19.0674 120960  vhdmp - ok
01:27:19.0689 120960  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
01:27:19.0705 120960  viaide - ok
01:27:19.0705 120960  [ 86EA3E79AE350FEA5331A1303054005F ] vmbus           C:\Windows\system32\drivers\vmbus.sys
01:27:19.0720 120960  vmbus - ok
01:27:19.0736 120960  [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
01:27:19.0736 120960  VMBusHID - ok
01:27:19.0752 120960  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
01:27:19.0752 120960  volmgr - ok
01:27:19.0767 120960  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
01:27:19.0783 120960  volmgrx - ok
01:27:19.0799 120960  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
01:27:19.0814 120960  volsnap - ok
01:27:19.0830 120960  [ B4A73CA4EF9A02B9738CEA9AD5FE5917 ] vpcbus          C:\Windows\system32\DRIVERS\vpchbus.sys
01:27:19.0845 120960  vpcbus - ok
01:27:19.0861 120960  [ E675FB2B48C54F09895482E2253B289C ] vpcnfltr        C:\Windows\system32\DRIVERS\vpcnfltr.sys
01:27:19.0877 120960  vpcnfltr - ok
01:27:19.0877 120960  [ 5FB42082B0D19A0268705F1DD343DF20 ] vpcusb          C:\Windows\system32\DRIVERS\vpcusb.sys
01:27:19.0892 120960  vpcusb - ok
01:27:19.0924 120960  [ 207B6539799CC1C112661A9B620DD233 ] vpcvmm          C:\Windows\system32\drivers\vpcvmm.sys
01:27:19.0939 120960  vpcvmm - ok
01:27:19.0970 120960  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
01:27:19.0970 120960  vsmraid - ok
01:27:20.0017 120960  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
01:27:20.0049 120960  VSS - ok
01:27:20.0064 120960  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
01:27:20.0080 120960  vwifibus - ok
01:27:20.0095 120960  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
01:27:20.0127 120960  W32Time - ok
01:27:20.0142 120960  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
01:27:20.0142 120960  WacomPen - ok
01:27:20.0158 120960  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
01:27:20.0189 120960  WANARP - ok
01:27:20.0205 120960  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
01:27:20.0220 120960  Wanarpv6 - ok
01:27:20.0283 120960  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
01:27:20.0299 120960  WatAdminSvc - ok
01:27:20.0345 120960  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
01:27:20.0361 120960  wbengine - ok
01:27:20.0377 120960  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
01:27:20.0392 120960  WbioSrvc - ok
01:27:20.0424 120960  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
01:27:20.0439 120960  wcncsvc - ok
01:27:20.0455 120960  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
01:27:20.0455 120960  WcsPlugInService - ok
01:27:20.0470 120960  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
01:27:20.0486 120960  Wd - ok
01:27:20.0502 120960  [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
01:27:20.0517 120960  Wdf01000 - ok
01:27:20.0533 120960  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
01:27:20.0549 120960  WdiServiceHost - ok
01:27:20.0564 120960  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
01:27:20.0564 120960  WdiSystemHost - ok
01:27:20.0595 120960  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
01:27:20.0611 120960  WebClient - ok
01:27:20.0627 120960  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
01:27:20.0642 120960  Wecsvc - ok
01:27:20.0674 120960  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
01:27:20.0689 120960  wercplsupport - ok
01:27:20.0705 120960  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
01:27:20.0736 120960  WerSvc - ok
01:27:20.0752 120960  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
01:27:20.0767 120960  WfpLwf - ok
01:27:20.0783 120960  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
01:27:20.0799 120960  WIMMount - ok
01:27:20.0799 120960  WinDefend - ok
01:27:20.0814 120960  WinHttpAutoProxySvc - ok
01:27:20.0845 120960  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
01:27:20.0877 120960  Winmgmt - ok
01:27:20.0939 120960  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
01:27:20.0970 120960  WinRM - ok
01:27:21.0017 120960  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
01:27:21.0033 120960  Wlansvc - ok
01:27:21.0064 120960  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
01:27:21.0064 120960  WmiAcpi - ok
01:27:21.0095 120960  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
01:27:21.0111 120960  wmiApSrv - ok
01:27:21.0111 120960  WMPNetworkSvc - ok
01:27:21.0127 120960  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
01:27:21.0142 120960  WPCSvc - ok
01:27:21.0158 120960  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
01:27:21.0174 120960  WPDBusEnum - ok
01:27:21.0174 120960  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
01:27:21.0205 120960  ws2ifsl - ok
01:27:21.0220 120960  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
01:27:21.0236 120960  wscsvc - ok
01:27:21.0236 120960  WSearch - ok
01:27:21.0299 120960  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
01:27:21.0330 120960  wuauserv - ok
01:27:21.0361 120960  [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
01:27:21.0377 120960  WudfPf - ok
01:27:21.0392 120960  [ CF8D590BE3373029D57AF80914190682 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
01:27:21.0424 120960  WUDFRd - ok
01:27:21.0455 120960  [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
01:27:21.0470 120960  wudfsvc - ok
01:27:21.0502 120960  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
01:27:21.0502 120960  WwanSvc - ok
01:27:21.0517 120960  ================ Scan global ===============================
01:27:21.0533 120960  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
01:27:21.0564 120960  [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
01:27:21.0564 120960  [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
01:27:21.0580 120960  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
01:27:21.0595 120960  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
01:27:21.0595 120960  [Global] - ok
01:27:21.0595 120960  ================ Scan MBR ==================================
01:27:21.0611 120960  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
01:27:21.0783 120960  \Device\Harddisk0\DR0 - ok
01:27:21.0783 120960  ================ Scan VBR ==================================
01:27:21.0783 120960  [ AD8B2C5A5CCC2DF6EF3EE8FE5932B860 ] \Device\Harddisk0\DR0\Partition1
01:27:21.0783 120960  \Device\Harddisk0\DR0\Partition1 - ok
01:27:21.0799 120960  [ 98096B4B23F55F712DC01B66ACCE1CEC ] \Device\Harddisk0\DR0\Partition2
01:27:21.0799 120960  \Device\Harddisk0\DR0\Partition2 - ok
01:27:21.0799 120960  ============================================================
01:27:21.0799 120960  Scan finished
01:27:21.0799 120960  ============================================================
01:27:21.0814 132424  Detected object count: 1
01:27:21.0814 132424  Actual detected object count: 1
01:27:39.0564 132424  3DM2 ( HiddenFile.Multi.Generic ) - skipped by user
01:27:39.0564 132424  3DM2 ( HiddenFile.Multi.Generic ) - User select action: Skip
         

Alt 11.03.2013, 10:37   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Ca. 50GB unerwarteter Traffic / Monat - Standard

Ca. 50GB unerwarteter Traffic / Monat



Ist alles noch recht unauffällig
Du solltest mal mit einem Überwachungstool bzw. Trafficmeter nachsehen, welcher Prozess soviel Traffic erzeugt. Da könnte man zB NetLimiter nehmen, vllt reicht auch schon tcpview von Microsoft.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 11.03.2013, 20:40   #11
STEPHANKO
 
Ca. 50GB unerwarteter Traffic / Monat - Standard

Ca. 50GB unerwarteter Traffic / Monat



Danke, ja ich werde mal den Traffic weiter im Auge behalten, ich melde mich hierzu wieder, ich habe da noch einen Verdacht.

Alt 11.03.2013, 20:47   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Ca. 50GB unerwarteter Traffic / Monat - Standard

Ca. 50GB unerwarteter Traffic / Monat



Zitat:
ich habe da noch einen Verdacht.
Hm, welchen denn?
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 14.03.2013, 20:20   #13
STEPHANKO
 
Ca. 50GB unerwarteter Traffic / Monat - Standard

Ca. 50GB unerwarteter Traffic / Monat



Die Kiste hat ein Supermicro Board das eine IPMI eingebaut hat. (Remote Control).

Habe mal irgendwo gehört, dass die angegriffen werden konnte.

Bin mit Supermicro in Kontakt.

Alt 15.03.2013, 11:22   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Ca. 50GB unerwarteter Traffic / Monat - Standard

Ca. 50GB unerwarteter Traffic / Monat



Hm, IPMI kenn ich jetzt nur im Zusammenhang mit nagios
Was hat es denn mit der Schnittstelle auf sich, wozu genau brauchst du die, wie ist die von extern verfügbar, wird der Rechner überhaupt durch eine Firewall geschützt?

Und mit Firewall mein ich jetzt weder so ein Zeig wie zB ZoneAlarm, Kerio und auch nicht die Windows-Firewall, sondern eher etwas professionelleres wie zB eine extra-Kiste mit Sophos UTM
__________________
Logfiles bitte immer in CODE-Tags posten

Antwort

Themen zu Ca. 50GB unerwarteter Traffic / Monat
adobe, bho, error, explorer, firefox, flash player, format, ftp, helper, home, iexplore.exe, install.exe, logfile, ntdll.dll, object, plug-in, programme, registry, rundll, scan, security, server, software, svchost.exe, temp, total commander, udp, visual studio, windows, windows xp



Ähnliche Themen: Ca. 50GB unerwarteter Traffic / Monat


  1. Bestimmte Internetseiten öffnen sich nicht mehr - xml Verarbeitungsfehler: unerwarteter Parser-Status - wird angezeigt
    Plagegeister aller Art und deren Bekämpfung - 21.10.2015 (10)
  2. Unerwarteter Traffic - up und down
    Plagegeister aller Art und deren Bekämpfung - 12.08.2015 (11)
  3. RechnungOnline Monat November 2014 (Buchungskonto: 9942375929)
    Plagegeister aller Art und deren Bekämpfung - 18.11.2014 (13)
  4. Telekom Spam: RechnungOnline Monat November
    Diskussionsforum - 10.11.2014 (4)
  5. Unerwarteter Fehler bei Drahtlosnetzwerkverbindung
    Netzwerk und Hardware - 01.10.2013 (1)
  6. Telekom Spam: RechnungOnline Monat
    Diskussionsforum - 21.02.2013 (5)
  7. Oktober ist Office-Patch-Monat
    Nachrichten - 10.10.2012 (0)
  8. Seit ca. 1 Monat Internet erheblich langsam
    Plagegeister aller Art und deren Bekämpfung - 11.04.2012 (9)
  9. unerwarteter Fehler bei Drahtlosnetzwerkverbindung
    Alles rund um Windows - 20.01.2012 (1)
  10. 1 Monat alter Lenovo ThinkPad stürzt regelmäßig ab.
    Log-Analyse und Auswertung - 10.11.2011 (5)
  11. unerwarteter Virenfund?
    Log-Analyse und Auswertung - 11.09.2011 (6)
  12. Pc bootet nicht richtig-unerwarteter Fehler !
    Alles rund um Windows - 10.09.2010 (0)
  13. Unerwarteter Vista Systemcrash, Virus?
    Plagegeister aller Art und deren Bekämpfung - 05.09.2010 (1)
  14. c:\windows 50Gb gross
    Alles rund um Windows - 19.06.2008 (2)
  15. Festplatte knackt (bzw. 2 Platten in einem Monat kaputgegangen)
    Netzwerk und Hardware - 12.04.2007 (13)
  16. Unerwarteter Fehler
    Log-Analyse und Auswertung - 03.07.2005 (1)
  17. Suche hilfe, hab XP und nur 1000 MB im Monat
    Alles rund um Windows - 20.09.2004 (2)

Zum Thema Ca. 50GB unerwarteter Traffic / Monat - Ein Rechner von mir produziert 50GB Traffic / Monat und ich kann nicht rausfinden, was es ist. Code: Alles auswählen Aufklappen ATTFilter OTL logfile created on: 06.03.2013 16:26:28 - Run - Ca. 50GB unerwarteter Traffic / Monat...
Archiv
Du betrachtest: Ca. 50GB unerwarteter Traffic / Monat auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.