| |
| |||||||
Log-Analyse und Auswertung: Diverse E-Mail Konten gehacktWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
29.03.2013, 14:39
| #1 | |
 |  Diverse E-Mail Konten gehackt Hi, gestern Mittag erhielt ich beim Versuch mich bei meinem Google Konto einzuloggen die Meldung das sich ein Hacker aus Russland an meinem E-Mail Konto versucht hat. Hab ich nicht ernst genommen und mich normal eingeloggt. Heute meldete mir Thunderbird das bei 2 Hotmail Konten die Passwörter nicht stimmen. Habe die Passwörter an einem anderen sauberen Rechner erfolgreich zurückgesetzt. Hab dann noch bei Paypal und diverse andere wichtige Konten Passwörter geändert. Was habe ich gemacht? Naja zugegeben ich hab mir Nacktbiler  vom mygully.com Forum heruntergeladen. Es war nur 1 .rar Datei mit ca. 50 Bildern. Kurz darauf ging das los. Also vermute ich es lag daran? Den gesamten Ordner habe ich bereits sofort gelöscht.Ich hoffe nur das ich mein System nicht wieder neu aufsetzen muss, das nervt mich das ich das inzwischen alle 2 Monate machen darf :/ Natürlich hab ich mich hier auch schlau gemacht. Ein Scan mit tdsskiller hat nichts hervorgebracht. Hjackthis Auswertung zeigt nichts verdächtiges. Die Logfile von OTL.exe (hat aber nur 1 Logfile ausgeworfen?) sieht so aus: OTL Logfile: Code:
ATTFilter OTL logfile created on: 29.03.2013 14:31:10 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\*******\Downloads Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,93 Gb Total Physical Memory | 1,08 Gb Available Physical Memory | 36,83% Memory free 5,86 Gb Paging File | 3,60 Gb Available in Paging File | 61,33% Paging File free Paging file location(s): c:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 119,14 Gb Total Space | 66,11 Gb Free Space | 55,49% Space Free | Partition Type: NTFS Computer Name: *******-PC | User Name: ******* | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\*******\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) PRC - C:\Programme\Common Files\Logishrd\KHAL3\KHALMNPR.exe (Logitech, Inc.) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Programme\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe (Adobe Systems Incorporated) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Samsung\Easy Display Manager\dmhkcore.exe (Samsung Electronics Co., Ltd.) PRC - C:\Programme\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe (Samsung Electronics Co., Ltd.) PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) ========== Modules (No Company Name) ========== MOD - C:\Users\*******\AppData\Local\Google\Chrome\Application\25.0.1364.172\ppGoogleNaClPluginChrome.dll () MOD - C:\Users\*******\AppData\Local\Google\Chrome\Application\25.0.1364.172\PepperFlash\pepflashplayer.dll () MOD - C:\Users\*******\AppData\Local\Google\Chrome\Application\25.0.1364.172\pdf.dll () MOD - C:\Users\*******\AppData\Local\Google\Chrome\Application\25.0.1364.172\libglesv2.dll () MOD - C:\Users\*******\AppData\Local\Google\Chrome\Application\25.0.1364.172\libegl.dll () MOD - C:\Users\*******\AppData\Local\Google\Chrome\Application\25.0.1364.172\ffmpegsumo.dll () MOD - C:\Programme\FileZilla FTP Client\fzshellext.dll () MOD - C:\Programme\Notepad++\NppShell_05.dll () MOD - C:\Programme\Samsung\Easy Display Manager\HookDllPS2.dll () ========== Services (SafeList) ========== SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (LBTServ) -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.) SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (SwitchBoard) -- C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (IAANTMON) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) ========== Driver Services (SafeList) ========== DRV - (WinRing0_1_2_0) -- C:\Users\*******\AppData\Local\Temp\tmp493F.tmp File not found DRV - (IntcAzAudAddService) -- system32\drivers\RTKVHDA.sys File not found DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV - (dtsoftbus01) -- C:\Windows\System32\drivers\dtsoftbus01.sys (DT Soft Ltd) DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.) DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2100955007-3637390453-2697659314-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-2100955007-3637390453-2697659314-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKU\S-1-5-21-2100955007-3637390453-2697659314-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B5 3C B7 B9 B4 2B CE 01 [binary data] IE - HKU\S-1-5-21-2100955007-3637390453-2697659314-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-2100955007-3637390453-2697659314-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\*******\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\*******\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F003DA68-8256-4b37-A6C4-350FA04494DF}: C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013.03.13 12:47:09 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.4\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.03.13 20:09:52 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.4\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.03.13 20:09:52 | 000,000,000 | ---D | M] [2012.12.20 02:23:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*******\AppData\Roaming\mozilla\Extensions ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}, CHR - homepage: hxxp://www.google.com/ CHR - plugin: Shockwave Flash (Enabled) = C:\Users\*******\AppData\Local\Google\Chrome\Application\25.0.1364.172\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\*******\AppData\Local\Google\Chrome\Application\25.0.1364.172\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\*******\AppData\Local\Google\Chrome\Application\25.0.1364.172\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll CHR - plugin: Java(TM) Platform SE 7 U17 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll CHR - plugin: Google Update (Enabled) = C:\Users\*******\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll CHR - plugin: Java Deployment Toolkit 7.0.170.2 (Enabled) = C:\Windows\system32\npDeployJava1.dll CHR - Extension: SEOquake = C:\Users\*******\AppData\Local\Google\Chrome\User Data\Default\Extensions\akdgnmcogleenhbclghghlkkdndkjdjc\1.0.14_0\ CHR - Extension: Google Drive = C:\Users\*******\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: Bookmark Sentry = C:\Users\*******\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdglbbcbmgnimogcmcdenggkpdmihlga\1.7.13_0\ CHR - Extension: YouTube = C:\Users\*******\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Firebug Lite for Google Chrome\u2122 = C:\Users\*******\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmagokdooijbeehmkpknfglimnifench\1.4.0.11967_0\ CHR - Extension: Adblock Plus = C:\Users\*******\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.4_0\ CHR - Extension: Google-Suche = C:\Users\*******\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Google-Suche = C:\Users\*******\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: iMacros for Chrome = C:\Users\*******\AppData\Local\Google\Chrome\User Data\Default\Extensions\cplklnmnlbnpmjogncfgfijoopmnlemp\6.0.1_0\ CHR - Extension: NoFollow = C:\Users\*******\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfogidghaigoomjdeacndafapdijmiid\3.3.5_0\ CHR - Extension: Link2Clip = C:\Users\*******\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmieebpnfbcjdackmfajcbbknaikebla\1.1_0\ CHR - Extension: PageRank Status = C:\Users\*******\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdkkfheckcdppiaiabobmennhijkknn\7.3.0_1\ CHR - Extension: Change Colors = C:\Users\*******\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbmkekhehjedonbhoikhhkmlapalklgn\2.144_0\ CHR - Extension: Copy Links = C:\Users\*******\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcpoommnneaebpfgaoejklgemonkmjpc\1.2.1_0\ CHR - Extension: Premiumize.me = C:\Users\*******\AppData\Local\Google\Chrome\User Data\Default\Extensions\lojbjecfjcnaledoelddkcjlifhhfebm\0.0.16_0\ CHR - Extension: Color Picker = C:\Users\*******\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohcpnigalekghcmgcdcenkpelffpdolg\0.0.1.48_1\ CHR - Extension: Google Reader = C:\Users\*******\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjjhlfkghdhmijklfnahfkpgmhcmfgcm\4.4_0\ CHR - Extension: Google Mail = C:\Users\*******\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Logitech SetPoint) - {AF949550-9094-4807-95EC-D1C317803333} - C:\Programme\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - Startup: C:\Users\*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung SSD Magician.lnk = C:\Programme\Samsung SSD Magician\Samsung SSD Magician.exe (Samsung Electronics.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O13 - gopher Prefix: missing O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 82.212.62.62 78.42.43.62 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{935C30C2-6AEA-4DC0-B3C7-1742CC23C44B}: DhcpNameServer = 82.212.62.62 78.42.43.62 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E4905C36-BE12-4D5A-A2C9-82B8F867D164}: DhcpNameServer = 82.212.62.62 78.42.43.62 O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.03.29 14:17:42 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2013.03.26 10:08:36 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usb8023.sys [2013.03.24 13:13:32 | 000,000,000 | ---D | C] -- C:\Users\*******\AppData\Roaming\TuneUp Software [2013.03.24 13:13:29 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUp Utilities 2013 [2013.03.24 13:13:16 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software [2013.03.24 13:12:57 | 000,000,000 | -HSD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} [2013.03.24 13:12:57 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files [2013.03.24 00:05:21 | 000,000,000 | ---D | C] -- C:\Users\*******\AppData\Roaming\com.adobe.WidgetBrowser [2013.03.20 21:01:24 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache [2013.03.19 15:53:14 | 000,000,000 | ---D | C] -- C:\Users\*******\AppData\Local\Programs [2013.03.14 14:42:41 | 000,000,000 | ---D | C] -- C:\Users\*******\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2013.03.14 14:42:41 | 000,000,000 | ---D | C] -- C:\Users\*******\AppData\Roaming\Adobe Mini Bridge CS5 [2013.03.14 13:12:03 | 000,000,000 | ---D | C] -- C:\Users\*******\Desktop\dealsdestages [2013.03.13 20:09:52 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird [2013.03.13 19:26:39 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2013.03.13 19:26:38 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2013.03.13 19:26:38 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2013.03.13 19:26:38 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2013.03.13 19:26:38 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2013.03.13 19:26:37 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2013.03.13 19:26:37 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2013.03.13 19:26:36 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2013.03.13 12:47:42 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Logishrd [2013.03.13 12:47:37 | 000,000,000 | ---D | C] -- C:\Users\*******\AppData\Roaming\Leadertech [2013.03.13 12:47:27 | 000,016,400 | ---- | C] (Logitech, Inc.) -- C:\Windows\System32\drivers\LNonPnP.sys [2013.03.13 12:47:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech [2013.03.13 12:47:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Logitech [2013.03.13 12:47:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Logishrd [2013.03.13 12:46:59 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech [2013.03.13 12:46:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Logishrd [2013.03.13 12:46:23 | 000,000,000 | ---D | C] -- C:\Users\*******\AppData\Roaming\Logitech [2013.03.13 12:46:23 | 000,000,000 | ---D | C] -- C:\Users\*******\AppData\Roaming\Logishrd [2013.03.10 16:21:25 | 000,000,000 | ---D | C] -- C:\Users\*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR [2013.03.10 16:21:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR [2013.03.09 16:00:13 | 000,000,000 | ---D | C] -- C:\Minimal and House [2013.03.05 12:22:02 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe [2013.03.05 12:21:56 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2013.03.05 12:21:56 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe [2013.03.05 12:21:56 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2013.03.05 12:21:50 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2013.02.28 03:00:31 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll [2013.02.28 03:00:27 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll [2013.02.28 03:00:25 | 001,988,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll [2013.02.28 03:00:25 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll [2013.02.28 03:00:25 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll [2013.02.28 03:00:25 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll [2013.02.28 03:00:25 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll [2013.02.28 03:00:25 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll [2013.02.28 03:00:25 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll [2013.02.28 03:00:25 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll [2013.02.28 03:00:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll [2013.02.28 03:00:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll [2013.02.28 03:00:25 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll [2013.02.28 03:00:24 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msmpeg2vdec.dll [2013.02.28 03:00:24 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll [2013.02.28 03:00:24 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll [2013.02.28 03:00:24 | 001,080,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll [2013.02.28 03:00:24 | 000,604,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll [2013.02.28 03:00:24 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll [2013.02.28 03:00:24 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll [2013.02.28 03:00:24 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll [2013.02.28 03:00:24 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll [2013.02.28 03:00:23 | 003,419,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll [2013.02.28 03:00:23 | 001,247,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll [2013.02.28 03:00:23 | 000,207,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll ========== Files - Modified Within 30 Days ========== [2013.03.29 14:04:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.03.29 13:55:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2100955007-3637390453-2697659314-1000UA.job [2013.03.29 12:54:13 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2100955007-3637390453-2697659314-1000Core.job [2013.03.29 12:39:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.03.28 13:11:22 | 000,275,620 | ---- | M] () -- C:\Users\*******\Desktop\1-13.pdf [2013.03.27 17:46:15 | 000,022,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.03.27 17:46:15 | 000,022,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.03.27 17:42:53 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.03.27 17:42:53 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.03.27 17:42:53 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.03.27 17:42:53 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.03.27 17:38:08 | 2362,920,960 | -HS- | M] () -- C:\hiberfil.sys [2013.03.26 15:52:07 | 000,001,456 | ---- | M] () -- C:\Users\*******\AppData\Local\Adobe Save for Web 12.0 Prefs [2013.03.25 13:29:56 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys [2013.03.25 13:29:56 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys [2013.03.25 13:29:56 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys [2013.03.21 20:34:03 | 000,197,160 | ---- | M] () -- C:\Users\*******\Desktop\gutschein ab in den urlaub.pdf [2013.03.21 20:20:17 | 003,648,600 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013.03.15 20:50:50 | 000,001,456 | ---- | M] () -- C:\Users\*******\AppData\Local\Adobe Für Web speichern 12.0 Prefs [2013.03.13 12:47:27 | 000,016,400 | ---- | M] (Logitech, Inc.) -- C:\Windows\System32\drivers\LNonPnP.sys [2013.03.13 12:10:40 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2013.03.13 12:10:40 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2013.03.08 00:51:11 | 001,416,329 | ---- | M] () -- C:\Users\*******\Desktop\ipad tarife-de 2 wort.pdf [2013.03.08 00:36:32 | 001,494,410 | ---- | M] () -- C:\Users\*******\Desktop\ipad tarife-de.pdf [2013.03.07 23:52:08 | 000,000,000 | ---- | M] () -- C:\END [2013.03.05 12:21:52 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll [2013.03.05 12:21:52 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll [2013.03.05 12:21:52 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe [2013.03.05 12:21:52 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2013.03.05 12:21:52 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe [2013.03.05 12:21:52 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll ========== Files Created - No Company Name ========== [2013.03.28 13:11:22 | 000,275,620 | ---- | C] () -- C:\Users\*******\Desktop\1-13.pdf [2013.03.21 23:56:41 | 000,001,193 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Dreamweaver CS6.lnk [2013.03.21 23:55:18 | 000,001,315 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS6.lnk [2013.03.21 23:55:15 | 000,001,481 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS6.lnk [2013.03.21 23:55:04 | 000,000,967 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk [2013.03.21 23:54:40 | 000,001,067 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Widget Browser.lnk [2013.03.21 20:34:02 | 000,197,160 | ---- | C] () -- C:\Users\*******\Desktop\gutschein ab in den urlaub.pdf [2013.03.19 14:28:59 | 000,001,456 | ---- | C] () -- C:\Users\*******\AppData\Local\Adobe Save for Web 12.0 Prefs [2013.03.08 00:51:10 | 001,416,329 | ---- | C] () -- C:\Users\*******\Desktop\ipad tarife-de 2 wort.pdf [2013.03.08 00:36:32 | 001,494,410 | ---- | C] () -- C:\Users\*******\Desktop\ipad tarife-de.pdf [2013.03.06 23:51:55 | 000,000,000 | ---- | C] () -- C:\END [2013.02.03 03:31:49 | 000,000,132 | ---- | C] () -- C:\Users\*******\AppData\Roaming\Adobe PNG Format CS5 Prefs [2013.01.17 20:05:11 | 000,001,456 | ---- | C] () -- C:\Users\*******\AppData\Local\Adobe Für Web speichern 12.0 Prefs [2013.01.07 20:13:12 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI [2013.01.07 20:13:12 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI [2012.12.20 17:58:23 | 000,000,017 | ---- | C] () -- C:\Users\*******\AppData\Local\resmon.resmoncfg [2012.12.20 02:00:59 | 000,001,366 | ---- | C] () -- C:\Windows\Sandboxie.ini [2012.12.20 01:50:45 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll ========== ZeroAccess Check ========== [2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2013.03.24 00:05:21 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\com.adobe.WidgetBrowser [2013.01.17 19:49:17 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\DAEMON Tools Lite [2013.03.23 02:58:11 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\FileZilla [2013.02.14 22:04:14 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\GSA Search Engine Ranker [2013.03.13 12:47:37 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\Leadertech [2013.03.29 14:36:48 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\NetSpeedMonitor [2013.02.24 13:39:10 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\Notepad++ [2012.12.21 13:32:03 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\OpenOffice.org [2013.03.14 14:42:41 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2012.12.20 02:23:06 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\Thunderbird [2013.03.24 13:13:32 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\TuneUp Software ========== Purity Check ========== < End of report > Was könnte ich denn noch machen? Vielen Dank schon einmal im voraus. EDIT: Malware Bytes hat eine Datei namens "PUP.RiskwareTool.ck" gefunden. Diese wurde nun in Quarantäne gestellt. Hmm ich kann meinen Post nicht mehr editieren? Ich habe nun folgenden Rat befolgt. Und Logfile sieht so aus: Zitat:
ADWCleaner zeigt folgendes AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v2.115 - Datei am 29/03/2013 um 15:54:47 erstellt
# Aktualisiert am 17/03/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzer : *** - ***-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\***\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\END
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASMANCS
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16470
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Google Chrome v25.0.1364.172
Datei : C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [986 octets] - [29/03/2013 15:54:47]
########## EOF - C:\AdwCleaner[S1].txt - [1045 octets] ##########
Bin ich damit jetzt sauber und kann mir eine Neuinstallation sparen? Ich kann die Beiträge nicht editieren? Bei folgenden Beitrag meine ich diesen hier http://www.trojaner-board.de/131503-...unden-tun.html EDIT: Ich war wohl zu schnell, sorry. Wollte das einfach weg haben vom PC. Falls mir nun doch jemand helfen mag, werde ich alle Schritte brav einhalten  Gruß Geändert von Doggy81 (29.03.2013 um 15:32 Uhr) |
|
30.03.2013, 16:45
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Diverse E-Mail Konten gehackt Hallo,
__________________woher hast du das OTL-Fixscript? Dir ist klar, dass derartige Scripte individuell und nur für einen ganz bestimmten Rechner und daher nicht einfach so auf andere übertragbar sind? Zitat:
 Solche Angaben reichen nicht, bitte poste die vollständigen Angaben/Logs der Virenscanner siehe http://www.trojaner-board.de/125889-...tml#post941520 Bitte alles nach Möglichkeit hier in CODE-Tags posten.  Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
08.04.2013, 21:16
| #3 |
| | Diverse E-Mail Konten gehackt Hi,
__________________sorry war im Urlaub. Also die Logs hab ich leider nicht mehr und die Datei ist in Quarantäne. |
|
08.04.2013, 21:27
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Diverse E-Mail Konten gehackt Natürlich hast du die Logs noch, sieh bitte richtig nach 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
09.04.2013, 15:41
| #5 |
| | Diverse E-Mail Konten gehackt Tatsächlich! Danke! Code:
ATTFilter Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.03.29.05 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 xxx:: xxx-PC [Administrator] 29.03.2013 14:44:13 mbam-log-2013-03-29 (14-44-13).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 308560 Laufzeit: 35 Minute(n), 21 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Program Files\AutoClickerbyShocker\conf\ext\icons.dll (PUP.RiskwareTool.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Wo ich das heruntergeladen habe? Keine Ahnung weiß ich nicht mehr genau. Ich glaube aber, wenn ich mich recht erinnere, es war ein US Forum. Dort wurde es als Download empfohlen. |
|
09.04.2013, 16:06
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Diverse E-Mail Konten gehackt Sind das alle Logs mit Funden? Hat nur Malwarybtes etwas gefunden? Oder gab es auch von anderen Scannern noch Funde? Bitte keine neuen Virenscans erstmal machen
__________________ --> Diverse E-Mail Konten gehackt |
|
09.04.2013, 16:08
| #7 |
| | Diverse E-Mail Konten gehackt Malwarebytes war das Erste was ich gemacht hatte. Danach fanden die anderen Tools nichts mehr. |
|
09.04.2013, 16:12
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Diverse E-Mail Konten gehackt Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Rootkitscan mit GMER Bitte lade dir  GMER herunter: (Dateiname zufällig)
Tauchen Probleme auf?
Anschließend bitte MBAR ausführen: Malwarebytes Anti-Rootkit (MBAR) Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ Logfiles bitte immer in CODE-Tags posten |
|
09.04.2013, 16:35
| #9 |
| | Diverse E-Mail Konten gehackt Danke sehr! Hab alles genau so befolgt. Logfile von GMER Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-04-09 17:26:09
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 SAMSUNG_ rev.CXM0 119,24GB
Running: eie89vfw.exe; Driver: C:\Users\xxx\AppData\Local\Temp\pfdiqpog.sys
---- System - GMER 2.1 ----
SSDT 8E760986 ZwCreateSection
SSDT 8E760990 ZwRequestWaitReplyPort
SSDT 8E76098B ZwSetContextThread
SSDT 8E760995 ZwSetSecurityObject
SSDT 8E76099A ZwSystemDebugControl
SSDT 8E760927 ZwTerminateProcess
---- Kernel code sections - GMER 2.1 ----
.text ntoskrnl.exe!ZwRollbackEnlistment + 1401 82C359A9 1 Byte [06]
.text ntoskrnl.exe!KiDispatchInterrupt + 5A2 82C554D2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntoskrnl.exe!KeRemoveQueueEx + 14BF 82C5C87C 4 Bytes [86, 09, 76, 8E] {XCHG [ECX], CL; JBE 0xffffff92}
.text ntoskrnl.exe!KeRemoveQueueEx + 181B 82C5CBD8 4 Bytes [90, 09, 76, 8E] {NOP ; OR [ESI-0x72], ESI}
.text ntoskrnl.exe!KeRemoveQueueEx + 185F 82C5CC1C 4 Bytes [8B, 09, 76, 8E] {MOV ECX, [ECX]; JBE 0xffffff92}
.text ntoskrnl.exe!KeRemoveQueueEx + 18DB 82C5CC98 4 Bytes [95, 09, 76, 8E] {XCHG EBP, EAX; OR [ESI-0x72], ESI}
.text ntoskrnl.exe!KeRemoveQueueEx + 192F 82C5CCEC 4 Bytes CALL F8CF6773
.text ...
---- Devices - GMER 2.1 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys
---- EOF - GMER 2.1 ----
Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.01.0.1022
www.malwarebytes.org
Database version: v2013.04.09.06
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
xxx :: xxx-PC [administrator]
09.04.2013 17:33:23
mbar-log-2013-04-09 (17-33-23).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 27112
Time elapsed: 4 minute(s), 28 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
|
|
09.04.2013, 16:41
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Diverse E-Mail Konten gehackt aswMBR Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). TDSS-Killer Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ Logfiles bitte immer in CODE-Tags posten |
|
09.04.2013, 16:58
| #11 |
| | Diverse E-Mail Konten gehackt aswMBR ist abgestürzt und Windows wurde neu gestartet. Daraufhin hab ich den Scan mit der AV Einstellung None durchgeführt. Dies ist die Logfile dazu: Code:
ATTFilter aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-04-09 17:56:23
-----------------------------
17:56:23.795 OS Version: Windows 6.1.7601 Service Pack 1
17:56:23.795 Number of processors: 2 586 0x170A
17:56:23.811 ComputerName: xxx-PC UserName: xxx
17:56:23.998 Initialize success
17:56:34.107 AVAST engine defs: 13040900
17:56:42.203 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
17:56:42.203 Disk 0 Vendor: SAMSUNG_ CXM0 Size: 122104MB BusType: 3
17:56:42.219 Disk 0 MBR read successfully
17:56:42.234 Disk 0 MBR scan
17:56:42.234 Disk 0 Windows 7 default MBR code
17:56:42.250 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
17:56:42.250 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 122002 MB offset 206848
17:56:42.265 Disk 0 scanning sectors +250066944
17:56:42.281 Disk 0 scanning C:\Windows\system32\drivers
17:56:46.571 Service scanning
17:56:56.149 Modules scanning
17:56:58.677 Disk 0 trace - called modules:
17:56:58.692 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll
17:56:58.692 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86136670]
17:56:58.708 3 CLASSPNP.SYS[8be6659e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x85329028]
17:56:58.708 Scan finished successfully
17:57:05.353 Disk 0 MBR has been saved successfully to "C:\Users\xxx\Desktop\MBR.dat"
17:57:05.369 The log file has been saved successfully to "C:\Users\xxx\Desktop\aswMBR.txt"
Code:
ATTFilter 18:23:36.0233 3656 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
18:23:36.0397 3656 ============================================================
18:23:36.0397 3656 Current date / time: 2013/04/09 18:23:36.0396
18:23:36.0397 3656 SystemInfo:
18:23:36.0397 3656
18:23:36.0397 3656 OS Version: 6.1.7601 ServicePack: 1.0
18:23:36.0397 3656 Product type: Workstation
18:23:36.0397 3656 ComputerName: xxx-PC
18:23:36.0397 3656 UserName: xxx
18:23:36.0397 3656 Windows directory: C:\Windows
18:23:36.0397 3656 System windows directory: C:\Windows
18:23:36.0397 3656 Processor architecture: Intel x86
18:23:36.0397 3656 Number of processors: 2
18:23:36.0397 3656 Page size: 0x1000
18:23:36.0397 3656 Boot type: Normal boot
18:23:36.0397 3656 ============================================================
18:23:36.0775 3656 Drive \Device\Harddisk0\DR0 - Size: 0x1DCF856000 (119.24 Gb), SectorSize: 0x200, Cylinders: 0x3CCE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
18:23:36.0777 3656 ============================================================
18:23:36.0777 3656 \Device\Harddisk0\DR0:
18:23:36.0777 3656 MBR partitions:
18:23:36.0777 3656 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
18:23:36.0777 3656 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xEE49000
18:23:36.0777 3656 ============================================================
18:23:36.0779 3656 C: <-> \Device\Harddisk0\DR0\Partition2
18:23:36.0780 3656 ============================================================
18:23:36.0780 3656 Initialize success
18:23:36.0780 3656 ============================================================
18:24:12.0928 1620 ============================================================
18:24:12.0928 1620 Scan started
18:24:12.0928 1620 Mode: Manual; SigCheck; TDLFS;
18:24:12.0928 1620 ============================================================
18:24:13.0023 1620 ================ Scan system memory ========================
18:24:13.0023 1620 System memory - ok
18:24:13.0024 1620 ================ Scan services =============================
18:24:13.0073 1620 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
18:24:13.0139 1620 1394ohci - ok
18:24:13.0148 1620 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
18:24:13.0175 1620 ACPI - ok
18:24:13.0181 1620 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
18:24:13.0202 1620 AcpiPmi - ok
18:24:13.0209 1620 [ B1EA9681502EE57F87DB71D726288A5B ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
18:24:13.0230 1620 AdobeARMservice - ok
18:24:13.0240 1620 [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
18:24:13.0267 1620 AdobeFlashPlayerUpdateSvc - ok
18:24:13.0278 1620 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
18:24:13.0308 1620 adp94xx - ok
18:24:13.0318 1620 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
18:24:13.0343 1620 adpahci - ok
18:24:13.0351 1620 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
18:24:13.0372 1620 adpu320 - ok
18:24:13.0381 1620 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
18:24:13.0405 1620 AeLookupSvc - ok
18:24:13.0414 1620 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
18:24:13.0446 1620 AFD - ok
18:24:13.0453 1620 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
18:24:13.0473 1620 agp440 - ok
18:24:13.0480 1620 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
18:24:13.0501 1620 aic78xx - ok
18:24:13.0507 1620 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
18:24:13.0530 1620 ALG - ok
18:24:13.0535 1620 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
18:24:13.0554 1620 aliide - ok
18:24:13.0560 1620 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
18:24:13.0581 1620 amdagp - ok
18:24:13.0587 1620 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
18:24:13.0605 1620 amdide - ok
18:24:13.0611 1620 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
18:24:13.0634 1620 AmdK8 - ok
18:24:13.0640 1620 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
18:24:13.0661 1620 AmdPPM - ok
18:24:13.0668 1620 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
18:24:13.0689 1620 amdsata - ok
18:24:13.0697 1620 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
18:24:13.0720 1620 amdsbs - ok
18:24:13.0725 1620 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
18:24:13.0745 1620 amdxata - ok
18:24:13.0756 1620 [ C2170E010C9B6739A136211FC0427527 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
18:24:13.0776 1620 AntiVirSchedulerService - ok
18:24:13.0782 1620 [ 47EB3F0EF84E0AF8AE75DB98EEF34255 ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
18:24:13.0803 1620 AntiVirService - ok
18:24:13.0810 1620 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
18:24:13.0844 1620 AppID - ok
18:24:13.0850 1620 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
18:24:13.0884 1620 AppIDSvc - ok
18:24:13.0891 1620 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
18:24:13.0926 1620 Appinfo - ok
18:24:13.0932 1620 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
18:24:13.0954 1620 arc - ok
18:24:13.0961 1620 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
18:24:13.0983 1620 arcsas - ok
18:24:13.0989 1620 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
18:24:14.0022 1620 AsyncMac - ok
18:24:14.0028 1620 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
18:24:14.0047 1620 atapi - ok
18:24:14.0078 1620 [ 49F17A2E79469BE6581D491706720671 ] athr C:\Windows\system32\DRIVERS\athr.sys
18:24:14.0138 1620 athr - ok
18:24:14.0151 1620 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:24:14.0199 1620 AudioEndpointBuilder - ok
18:24:14.0209 1620 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
18:24:14.0241 1620 Audiosrv - ok
18:24:14.0247 1620 [ 87425709A251386064C99B684BF96F72 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
18:24:14.0272 1620 avgntflt - ok
18:24:14.0279 1620 [ D50FBA68163BC498F2C136E0E5BA8E2F ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
18:24:14.0302 1620 avipbb - ok
18:24:14.0308 1620 [ CB8741CD7B126499FED40C9B197F6AC5 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
18:24:14.0327 1620 avkmgr - ok
18:24:14.0334 1620 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
18:24:14.0362 1620 AxInstSV - ok
18:24:14.0374 1620 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
18:24:14.0403 1620 b06bdrv - ok
18:24:14.0412 1620 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
18:24:14.0435 1620 b57nd60x - ok
18:24:14.0445 1620 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
18:24:14.0469 1620 BDESVC - ok
18:24:14.0475 1620 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
18:24:14.0508 1620 Beep - ok
18:24:14.0520 1620 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
18:24:14.0572 1620 BFE - ok
18:24:14.0585 1620 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\System32\qmgr.dll
18:24:14.0634 1620 BITS - ok
18:24:14.0641 1620 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
18:24:14.0660 1620 blbdrive - ok
18:24:14.0666 1620 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
18:24:14.0687 1620 bowser - ok
18:24:14.0693 1620 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:24:14.0714 1620 BrFiltLo - ok
18:24:14.0719 1620 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:24:14.0739 1620 BrFiltUp - ok
18:24:16.0908 1620 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
18:24:16.0934 1620 Browser - ok
18:24:16.0943 1620 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
18:24:16.0969 1620 Brserid - ok
18:24:16.0975 1620 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
18:24:16.0997 1620 BrSerWdm - ok
18:24:17.0003 1620 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
18:24:17.0023 1620 BrUsbMdm - ok
18:24:17.0028 1620 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
18:24:17.0047 1620 BrUsbSer - ok
18:24:17.0053 1620 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
18:24:17.0074 1620 BTHMODEM - ok
18:24:17.0083 1620 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
18:24:17.0122 1620 bthserv - ok
18:24:17.0129 1620 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
18:24:17.0171 1620 cdfs - ok
18:24:17.0178 1620 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
18:24:17.0206 1620 cdrom - ok
18:24:17.0213 1620 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
18:24:17.0251 1620 CertPropSvc - ok
18:24:17.0260 1620 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
18:24:17.0282 1620 circlass - ok
18:24:17.0290 1620 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
18:24:17.0315 1620 CLFS - ok
18:24:17.0324 1620 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:24:17.0344 1620 clr_optimization_v2.0.50727_32 - ok
18:24:17.0354 1620 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:24:17.0379 1620 clr_optimization_v4.0.30319_32 - ok
18:24:17.0387 1620 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
18:24:17.0404 1620 CmBatt - ok
18:24:17.0410 1620 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
18:24:17.0431 1620 cmdide - ok
18:24:17.0444 1620 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys
18:24:17.0484 1620 CNG - ok
18:24:17.0491 1620 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
18:24:17.0513 1620 Compbatt - ok
18:24:17.0520 1620 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
18:24:17.0546 1620 CompositeBus - ok
18:24:17.0554 1620 COMSysApp - ok
18:24:17.0562 1620 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
18:24:17.0584 1620 crcdisk - ok
18:24:17.0596 1620 [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc C:\Windows\system32\cryptsvc.dll
18:24:17.0623 1620 CryptSvc - ok
18:24:17.0635 1620 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
18:24:17.0670 1620 DcomLaunch - ok
18:24:17.0678 1620 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
18:24:17.0720 1620 defragsvc - ok
18:24:17.0727 1620 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
18:24:17.0760 1620 DfsC - ok
18:24:17.0769 1620 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
18:24:17.0797 1620 Dhcp - ok
18:24:17.0803 1620 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
18:24:17.0837 1620 discache - ok
18:24:17.0843 1620 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
18:24:17.0863 1620 Disk - ok
18:24:17.0871 1620 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
18:24:17.0895 1620 Dnscache - ok
18:24:17.0903 1620 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
18:24:17.0944 1620 dot3svc - ok
18:24:17.0953 1620 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
18:24:17.0992 1620 DPS - ok
18:24:17.0997 1620 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
18:24:18.0017 1620 drmkaud - ok
18:24:18.0026 1620 [ 687AF6BB383885FF6A64071B189A7F3E ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
18:24:18.0048 1620 dtsoftbus01 - ok
18:24:18.0063 1620 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
18:24:18.0099 1620 DXGKrnl - ok
18:24:18.0106 1620 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
18:24:18.0144 1620 EapHost - ok
18:24:18.0186 1620 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
18:24:18.0256 1620 ebdrv - ok
18:24:18.0263 1620 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
18:24:18.0283 1620 EFS - ok
18:24:18.0296 1620 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
18:24:18.0333 1620 ehRecvr - ok
18:24:18.0338 1620 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
18:24:18.0362 1620 ehSched - ok
18:24:18.0375 1620 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
18:24:18.0404 1620 elxstor - ok
18:24:18.0410 1620 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
18:24:18.0428 1620 ErrDev - ok
18:24:18.0444 1620 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
18:24:18.0486 1620 EventSystem - ok
18:24:18.0493 1620 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
18:24:18.0531 1620 exfat - ok
18:24:18.0539 1620 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
18:24:18.0579 1620 fastfat - ok
18:24:18.0594 1620 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
18:24:18.0633 1620 Fax - ok
18:24:18.0640 1620 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
18:24:18.0666 1620 fdc - ok
18:24:18.0672 1620 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
18:24:18.0713 1620 fdPHost - ok
18:24:18.0723 1620 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
18:24:18.0759 1620 FDResPub - ok
18:24:18.0767 1620 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
18:24:18.0787 1620 FileInfo - ok
18:24:18.0792 1620 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
18:24:18.0826 1620 Filetrace - ok
18:24:18.0832 1620 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
18:24:18.0851 1620 flpydisk - ok
18:24:18.0859 1620 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
18:24:18.0883 1620 FltMgr - ok
18:24:18.0900 1620 [ E12C4928B32ACE04610259647F072635 ] FontCache C:\Windows\system32\FntCache.dll
18:24:18.0940 1620 FontCache - ok
18:24:18.0947 1620 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
18:24:18.0965 1620 FontCache3.0.0.0 - ok
18:24:18.0971 1620 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
18:24:18.0990 1620 FsDepends - ok
18:24:18.0995 1620 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
18:24:19.0014 1620 Fs_Rec - ok
18:24:19.0022 1620 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
18:24:19.0051 1620 fvevol - ok
18:24:19.0058 1620 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
18:24:19.0077 1620 gagp30kx - ok
18:24:19.0090 1620 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
18:24:19.0139 1620 gpsvc - ok
18:24:19.0145 1620 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
18:24:19.0164 1620 hcw85cir - ok
18:24:19.0173 1620 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
18:24:19.0203 1620 HdAudAddService - ok
18:24:19.0210 1620 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
18:24:19.0234 1620 HDAudBus - ok
18:24:19.0240 1620 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
18:24:19.0260 1620 HidBatt - ok
18:24:19.0266 1620 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
18:24:19.0289 1620 HidBth - ok
18:24:19.0295 1620 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
18:24:19.0320 1620 HidIr - ok
18:24:19.0327 1620 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll
18:24:19.0369 1620 hidserv - ok
18:24:19.0376 1620 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
18:24:19.0398 1620 HidUsb - ok
18:24:19.0406 1620 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
18:24:19.0446 1620 hkmsvc - ok
18:24:19.0454 1620 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
18:24:19.0482 1620 HomeGroupListener - ok
18:24:19.0490 1620 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
18:24:19.0518 1620 HomeGroupProvider - ok
18:24:19.0524 1620 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
18:24:19.0544 1620 HpSAMD - ok
18:24:19.0557 1620 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
18:24:19.0601 1620 HTTP - ok
18:24:19.0607 1620 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
18:24:19.0625 1620 hwpolicy - ok
18:24:19.0632 1620 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
18:24:19.0653 1620 i8042prt - ok
18:24:19.0665 1620 [ 7548066DF68A8A1A56B043359F915F37 ] IAANTMON C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
18:24:19.0695 1620 IAANTMON - ok
18:24:19.0708 1620 [ D483687EACE0C065EE772481A96E05F5 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
18:24:19.0722 1620 iaStor - ok
18:24:19.0733 1620 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
18:24:19.0759 1620 iaStorV - ok
18:24:19.0775 1620 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:24:19.0826 1620 idsvc - ok
18:24:19.0939 1620 [ DCE0B53570703CCE580D066F89EF58CD ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
18:24:20.0107 1620 igfx - ok
18:24:20.0116 1620 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
18:24:20.0137 1620 iirsp - ok
18:24:20.0151 1620 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
18:24:20.0202 1620 IKEEXT - ok
18:24:20.0210 1620 IntcAzAudAddService - ok
18:24:20.0217 1620 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
18:24:20.0235 1620 intelide - ok
18:24:20.0241 1620 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
18:24:20.0263 1620 intelppm - ok
18:24:20.0269 1620 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
18:24:20.0307 1620 IPBusEnum - ok
18:24:20.0313 1620 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:24:20.0349 1620 IpFilterDriver - ok
18:24:20.0360 1620 [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
18:24:20.0393 1620 iphlpsvc - ok
18:24:20.0400 1620 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
18:24:20.0422 1620 IPMIDRV - ok
18:24:20.0428 1620 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
18:24:20.0464 1620 IPNAT - ok
18:24:20.0470 1620 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
18:24:20.0491 1620 IRENUM - ok
18:24:20.0497 1620 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
18:24:20.0517 1620 isapnp - ok
18:24:20.0525 1620 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
18:24:20.0551 1620 iScsiPrt - ok
18:24:20.0556 1620 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
18:24:20.0576 1620 kbdclass - ok
18:24:20.0582 1620 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
18:24:20.0602 1620 kbdhid - ok
18:24:20.0607 1620 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
18:24:20.0623 1620 KeyIso - ok
18:24:20.0629 1620 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
18:24:20.0650 1620 KSecDD - ok
18:24:20.0658 1620 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
18:24:20.0681 1620 KSecPkg - ok
18:24:20.0691 1620 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
18:24:20.0736 1620 KtmRm - ok
18:24:20.0744 1620 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\system32\srvsvc.dll
18:24:20.0784 1620 LanmanServer - ok
18:24:20.0791 1620 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:24:20.0828 1620 LanmanWorkstation - ok
18:24:20.0837 1620 [ 7AC2D769C4C29D0C8D58C0FB8528FD82 ] LBTServ C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
18:24:20.0865 1620 LBTServ - ok
18:24:20.0874 1620 [ 006540C9CDC7E72ADD1435CF778EC674 ] LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys
18:24:20.0894 1620 LHidFilt - ok
18:24:20.0900 1620 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
18:24:20.0934 1620 lltdio - ok
18:24:20.0942 1620 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
18:24:20.0983 1620 lltdsvc - ok
18:24:20.0989 1620 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
18:24:21.0021 1620 lmhosts - ok
18:24:21.0027 1620 [ 3C5BA4B2E4D1180BF9810963A494799A ] LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys
18:24:21.0045 1620 LMouFilt - ok
18:24:21.0055 1620 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
18:24:21.0076 1620 LSI_FC - ok
18:24:21.0083 1620 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
18:24:21.0103 1620 LSI_SAS - ok
18:24:21.0109 1620 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:24:21.0129 1620 LSI_SAS2 - ok
18:24:21.0136 1620 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:24:21.0157 1620 LSI_SCSI - ok
18:24:21.0163 1620 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
18:24:21.0200 1620 luafv - ok
18:24:21.0206 1620 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
18:24:21.0230 1620 Mcx2Svc - ok
18:24:21.0236 1620 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
18:24:21.0255 1620 megasas - ok
18:24:21.0264 1620 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
18:24:21.0287 1620 MegaSR - ok
18:24:21.0293 1620 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
18:24:21.0329 1620 MMCSS - ok
18:24:21.0337 1620 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
18:24:21.0370 1620 Modem - ok
18:24:21.0375 1620 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
18:24:21.0397 1620 monitor - ok
18:24:21.0408 1620 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
18:24:21.0437 1620 mouclass - ok
18:24:21.0443 1620 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
18:24:21.0464 1620 mouhid - ok
18:24:21.0471 1620 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
18:24:21.0491 1620 mountmgr - ok
18:24:21.0497 1620 [ 9CE4C8A46B585EB5103EFE5FDEF3703F ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
18:24:21.0511 1620 MozillaMaintenance - ok
18:24:21.0519 1620 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
18:24:21.0542 1620 mpio - ok
18:24:21.0551 1620 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
18:24:21.0587 1620 mpsdrv - ok
18:24:21.0602 1620 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
18:24:21.0658 1620 MpsSvc - ok
18:24:21.0667 1620 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
18:24:21.0700 1620 MRxDAV - ok
18:24:21.0709 1620 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
18:24:21.0732 1620 mrxsmb - ok
18:24:21.0740 1620 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:24:21.0765 1620 mrxsmb10 - ok
18:24:21.0772 1620 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:24:21.0793 1620 mrxsmb20 - ok
18:24:21.0799 1620 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
18:24:21.0818 1620 msahci - ok
18:24:21.0824 1620 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
18:24:21.0847 1620 msdsm - ok
18:24:21.0854 1620 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
18:24:21.0879 1620 MSDTC - ok
18:24:21.0891 1620 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
18:24:21.0924 1620 Msfs - ok
18:24:21.0929 1620 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
18:24:21.0962 1620 mshidkmdf - ok
18:24:21.0971 1620 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
18:24:21.0992 1620 msisadrv - ok
18:24:22.0000 1620 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
18:24:22.0041 1620 MSiSCSI - ok
18:24:22.0046 1620 msiserver - ok
18:24:22.0055 1620 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
18:24:22.0093 1620 MSKSSRV - ok
18:24:22.0100 1620 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
18:24:22.0135 1620 MSPCLOCK - ok
18:24:22.0142 1620 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
18:24:22.0174 1620 MSPQM - ok
18:24:22.0183 1620 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
18:24:22.0206 1620 MsRPC - ok
18:24:22.0214 1620 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
18:24:22.0234 1620 mssmbios - ok
18:24:22.0239 1620 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
18:24:22.0271 1620 MSTEE - ok
18:24:22.0277 1620 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
18:24:22.0296 1620 MTConfig - ok
18:24:22.0302 1620 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
18:24:22.0321 1620 Mup - ok
18:24:22.0331 1620 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
18:24:22.0373 1620 napagent - ok
18:24:22.0382 1620 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
18:24:22.0409 1620 NativeWifiP - ok
18:24:22.0424 1620 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys
18:24:22.0467 1620 NDIS - ok
18:24:22.0473 1620 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
18:24:22.0506 1620 NdisCap - ok
18:24:22.0512 1620 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
18:24:22.0543 1620 NdisTapi - ok
18:24:22.0549 1620 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
18:24:22.0581 1620 Ndisuio - ok
18:24:22.0588 1620 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
18:24:22.0625 1620 NdisWan - ok
18:24:22.0633 1620 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
18:24:22.0667 1620 NDProxy - ok
18:24:22.0673 1620 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
18:24:22.0709 1620 NetBIOS - ok
18:24:22.0718 1620 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
18:24:22.0755 1620 NetBT - ok
18:24:22.0761 1620 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
18:24:22.0777 1620 Netlogon - ok
18:24:22.0786 1620 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
18:24:22.0831 1620 Netman - ok
18:24:22.0841 1620 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
18:24:22.0888 1620 netprofm - ok
18:24:22.0895 1620 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:24:22.0918 1620 NetTcpPortSharing - ok
18:24:22.0924 1620 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
18:24:22.0944 1620 nfrd960 - ok
18:24:22.0953 1620 [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc C:\Windows\System32\nlasvc.dll
18:24:22.0983 1620 NlaSvc - ok
18:24:22.0989 1620 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
18:24:23.0025 1620 Npfs - ok
18:24:23.0033 1620 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
18:24:23.0070 1620 nsi - ok
18:24:23.0077 1620 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
18:24:23.0111 1620 nsiproxy - ok
18:24:23.0136 1620 [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
18:24:23.0186 1620 Ntfs - ok
18:24:23.0192 1620 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
18:24:23.0227 1620 Null - ok
18:24:23.0234 1620 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
18:24:23.0257 1620 nvraid - ok
18:24:23.0265 1620 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
18:24:23.0288 1620 nvstor - ok
18:24:23.0298 1620 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
18:24:23.0321 1620 nv_agp - ok
18:24:23.0331 1620 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
18:24:23.0355 1620 ohci1394 - ok
18:24:23.0367 1620 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
18:24:23.0399 1620 p2pimsvc - ok
18:24:23.0412 1620 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
18:24:23.0444 1620 p2psvc - ok
18:24:23.0453 1620 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
18:24:23.0476 1620 Parport - ok
18:24:23.0486 1620 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
18:24:23.0508 1620 partmgr - ok
18:24:23.0519 1620 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
18:24:23.0539 1620 Parvdm - ok
18:24:23.0550 1620 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
18:24:23.0579 1620 PcaSvc - ok
18:24:23.0587 1620 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
18:24:23.0611 1620 pci - ok
18:24:23.0617 1620 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
18:24:23.0636 1620 pciide - ok
18:24:23.0651 1620 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
18:24:23.0684 1620 pcmcia - ok
18:24:23.0690 1620 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
18:24:23.0761 1620 pcw - ok
18:24:23.0776 1620 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
18:24:23.0830 1620 PEAUTH - ok
18:24:23.0867 1620 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
18:24:23.0933 1620 pla - ok
18:24:23.0943 1620 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
18:24:23.0976 1620 PlugPlay - ok
18:24:23.0982 1620 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
18:24:24.0005 1620 PNRPAutoReg - ok
18:24:24.0014 1620 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
18:24:24.0032 1620 PNRPsvc - ok
18:24:24.0044 1620 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
18:24:24.0088 1620 PolicyAgent - ok
18:24:24.0101 1620 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
18:24:24.0139 1620 Power - ok
18:24:24.0153 1620 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
18:24:24.0195 1620 PptpMiniport - ok
18:24:24.0203 1620 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
18:24:24.0226 1620 Processor - ok
18:24:24.0236 1620 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
18:24:24.0265 1620 ProfSvc - ok
18:24:24.0271 1620 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
18:24:24.0287 1620 ProtectedStorage - ok
18:24:24.0294 1620 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
18:24:24.0334 1620 Psched - ok
18:24:24.0357 1620 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
18:24:24.0409 1620 ql2300 - ok
18:24:24.0417 1620 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
18:24:24.0439 1620 ql40xx - ok
18:24:24.0449 1620 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
18:24:24.0486 1620 QWAVE - ok
18:24:24.0492 1620 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
18:24:24.0518 1620 QWAVEdrv - ok
18:24:24.0525 1620 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
18:24:24.0566 1620 RasAcd - ok
18:24:24.0574 1620 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
18:24:24.0609 1620 RasAgileVpn - ok
18:24:24.0616 1620 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
18:24:24.0655 1620 RasAuto - ok
18:24:24.0661 1620 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
18:24:24.0702 1620 Rasl2tp - ok
18:24:24.0712 1620 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
18:24:24.0757 1620 RasMan - ok
18:24:24.0764 1620 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
18:24:24.0800 1620 RasPppoe - ok
18:24:24.0807 1620 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
18:24:24.0843 1620 RasSstp - ok
18:24:24.0853 1620 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
18:24:24.0892 1620 rdbss - ok
18:24:24.0900 1620 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
18:24:24.0920 1620 rdpbus - ok
18:24:24.0925 1620 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
18:24:24.0958 1620 RDPCDD - ok
18:24:24.0967 1620 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
18:24:25.0000 1620 RDPENCDD - ok
18:24:25.0011 1620 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
18:24:25.0047 1620 RDPREFMP - ok
18:24:25.0055 1620 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
18:24:25.0077 1620 RDPWD - ok
18:24:25.0085 1620 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
18:24:25.0108 1620 rdyboost - ok
18:24:25.0116 1620 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
18:24:25.0151 1620 RemoteAccess - ok
18:24:25.0158 1620 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
18:24:25.0198 1620 RemoteRegistry - ok
18:24:25.0204 1620 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
18:24:25.0243 1620 RpcEptMapper - ok
18:24:25.0250 1620 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
18:24:25.0271 1620 RpcLocator - ok
18:24:25.0281 1620 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
18:24:25.0316 1620 RpcSs - ok
18:24:25.0323 1620 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
18:24:25.0360 1620 rspndr - ok
18:24:25.0372 1620 [ 05C2613F661584190C752F6184D1C8EF ] RTL8167 C:\Windows\system32\DRIVERS\Rt86win7.sys
18:24:25.0399 1620 RTL8167 - ok
18:24:25.0406 1620 [ 6E5FBB7CBAEC47038B945D5E9B144A64 ] SABI C:\Windows\system32\Drivers\SABI.sys
18:24:25.0424 1620 SABI - ok
18:24:25.0433 1620 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
18:24:25.0449 1620 SamSs - ok
18:24:25.0457 1620 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
18:24:25.0479 1620 sbp2port - ok
18:24:25.0487 1620 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
18:24:25.0527 1620 SCardSvr - ok
18:24:25.0534 1620 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
18:24:25.0567 1620 scfilter - ok
18:24:25.0583 1620 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
18:24:25.0640 1620 Schedule - ok
18:24:25.0647 1620 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
18:24:25.0676 1620 SCPolicySvc - ok
18:24:25.0685 1620 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
18:24:25.0713 1620 SDRSVC - ok
18:24:25.0721 1620 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
18:24:25.0758 1620 secdrv - ok
18:24:25.0766 1620 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
18:24:25.0802 1620 seclogon - ok
18:24:25.0809 1620 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll
18:24:25.0849 1620 SENS - ok
18:24:25.0855 1620 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
18:24:25.0879 1620 SensrSvc - ok
18:24:25.0885 1620 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
18:24:25.0904 1620 Serenum - ok
18:24:25.0910 1620 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
18:24:25.0935 1620 Serial - ok
18:24:25.0943 1620 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
18:24:25.0963 1620 sermouse - ok
18:24:25.0981 1620 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
18:24:26.0026 1620 SessionEnv - ok
18:24:26.0033 1620 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
18:24:26.0054 1620 sffdisk - ok
18:24:26.0059 1620 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
18:24:26.0084 1620 sffp_mmc - ok
18:24:26.0089 1620 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
18:24:26.0113 1620 sffp_sd - ok
18:24:26.0119 1620 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
18:24:26.0138 1620 sfloppy - ok
18:24:26.0148 1620 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
18:24:26.0192 1620 SharedAccess - ok
18:24:26.0203 1620 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:24:26.0249 1620 ShellHWDetection - ok
18:24:26.0256 1620 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
18:24:26.0278 1620 sisagp - ok
18:24:26.0284 1620 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:24:26.0305 1620 SiSRaid2 - ok
18:24:26.0311 1620 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
18:24:26.0334 1620 SiSRaid4 - ok
18:24:26.0341 1620 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
18:24:26.0380 1620 Smb - ok
18:24:26.0394 1620 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
18:24:26.0418 1620 SNMPTRAP - ok
18:24:26.0426 1620 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
18:24:26.0449 1620 spldr - ok
18:24:26.0459 1620 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
18:24:26.0492 1620 Spooler - ok
18:24:26.0539 1620 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
18:24:26.0615 1620 sppsvc - ok
18:24:26.0625 1620 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
18:24:26.0664 1620 sppuinotify - ok
18:24:26.0674 1620 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
18:24:26.0704 1620 srv - ok
18:24:26.0715 1620 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
18:24:26.0746 1620 srv2 - ok
18:24:26.0753 1620 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
18:24:26.0778 1620 srvnet - ok
18:24:26.0789 1620 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
18:24:26.0833 1620 SSDPSRV - ok
18:24:26.0839 1620 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys
18:24:26.0857 1620 ssmdrv - ok
18:24:26.0865 1620 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
18:24:26.0902 1620 SstpSvc - ok
18:24:26.0907 1620 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
18:24:26.0927 1620 stexstor - ok
18:24:26.0940 1620 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
18:24:26.0982 1620 StiSvc - ok
18:24:26.0990 1620 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
18:24:27.0014 1620 swenum - ok
18:24:27.0029 1620 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
18:24:27.0066 1620 SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
18:24:27.0067 1620 SwitchBoard - detected UnsignedFile.Multi.Generic (1)
18:24:27.0080 1620 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
18:24:27.0126 1620 swprv - ok
18:24:27.0139 1620 [ 069E5728E565BD401347CB94732C4733 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
18:24:27.0160 1620 SynTP - ok
18:24:27.0185 1620 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
18:24:27.0239 1620 SysMain - ok
18:24:27.0248 1620 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:24:27.0281 1620 TabletInputService - ok
18:24:27.0290 1620 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
18:24:27.0333 1620 TapiSrv - ok
18:24:27.0339 1620 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
18:24:27.0379 1620 TBS - ok
18:24:27.0405 1620 [ 7C0507D2391AF5933600CBCED799F277 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
18:24:27.0458 1620 Tcpip - ok
18:24:27.0484 1620 [ 7C0507D2391AF5933600CBCED799F277 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
18:24:27.0518 1620 TCPIP6 - ok
18:24:27.0527 1620 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
18:24:27.0547 1620 tcpipreg - ok
18:24:27.0556 1620 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
18:24:27.0575 1620 TDPIPE - ok
18:24:27.0581 1620 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
18:24:27.0599 1620 TDTCP - ok
18:24:27.0605 1620 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
18:24:27.0641 1620 tdx - ok
18:24:27.0649 1620 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
18:24:27.0669 1620 TermDD - ok
18:24:27.0681 1620 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
18:24:27.0737 1620 TermService - ok
18:24:27.0748 1620 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
18:24:27.0781 1620 Themes - ok
18:24:27.0787 1620 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
18:24:27.0819 1620 THREADORDER - ok
18:24:27.0826 1620 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
18:24:27.0869 1620 TrkWks - ok
18:24:27.0882 1620 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:24:27.0921 1620 TrustedInstaller - ok
18:24:27.0932 1620 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
18:24:27.0964 1620 tssecsrv - ok
18:24:27.0970 1620 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
18:24:27.0991 1620 TsUsbFlt - ok
18:24:27.0998 1620 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
18:24:28.0035 1620 tunnel - ok
18:24:28.0041 1620 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
18:24:28.0066 1620 uagp35 - ok
18:24:28.0078 1620 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
18:24:28.0127 1620 udfs - ok
18:24:28.0141 1620 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
18:24:28.0168 1620 UI0Detect - ok
18:24:28.0176 1620 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
18:24:28.0197 1620 uliagpkx - ok
18:24:28.0206 1620 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\DRIVERS\umbus.sys
18:24:28.0229 1620 umbus - ok
18:24:28.0236 1620 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
18:24:28.0255 1620 UmPass - ok
18:24:28.0268 1620 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
18:24:28.0311 1620 upnphost - ok
18:24:28.0318 1620 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
18:24:28.0341 1620 usbccgp - ok
18:24:28.0349 1620 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
18:24:28.0375 1620 usbcir - ok
18:24:28.0382 1620 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
18:24:28.0401 1620 usbehci - ok
18:24:28.0410 1620 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
18:24:28.0437 1620 usbhub - ok
18:24:28.0446 1620 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\drivers\usbohci.sys
18:24:28.0465 1620 usbohci - ok
18:24:28.0471 1620 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
18:24:28.0492 1620 usbprint - ok
18:24:28.0498 1620 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
18:24:28.0521 1620 usbscan - ok
18:24:28.0531 1620 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:24:28.0552 1620 USBSTOR - ok
18:24:28.0559 1620 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
18:24:28.0578 1620 usbuhci - ok
18:24:28.0584 1620 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
18:24:28.0620 1620 UxSms - ok
18:24:28.0626 1620 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
18:24:28.0642 1620 VaultSvc - ok
18:24:28.0648 1620 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
18:24:28.0668 1620 vdrvroot - ok
18:24:28.0680 1620 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
18:24:28.0727 1620 vds - ok
18:24:28.0734 1620 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
18:24:28.0755 1620 vga - ok
18:24:28.0762 1620 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
18:24:28.0798 1620 VgaSave - ok
18:24:28.0807 1620 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
18:24:28.0831 1620 vhdmp - ok
18:24:28.0837 1620 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
18:24:28.0857 1620 viaagp - ok
18:24:28.0865 1620 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
18:24:28.0886 1620 ViaC7 - ok
18:24:28.0891 1620 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
18:24:28.0911 1620 viaide - ok
18:24:28.0917 1620 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
18:24:28.0937 1620 volmgr - ok
18:24:28.0948 1620 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
18:24:28.0975 1620 volmgrx - ok
18:24:28.0984 1620 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
18:24:29.0010 1620 volsnap - ok
18:24:29.0019 1620 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
18:24:29.0042 1620 vsmraid - ok
18:24:29.0062 1620 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
18:24:29.0120 1620 VSS - ok
18:24:29.0125 1620 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
18:24:29.0148 1620 vwifibus - ok
18:24:29.0154 1620 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
18:24:29.0179 1620 vwififlt - ok
18:24:29.0185 1620 [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
18:24:29.0206 1620 vwifimp - ok
18:24:29.0215 1620 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
18:24:29.0261 1620 W32Time - ok
18:24:29.0269 1620 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
18:24:29.0291 1620 WacomPen - ok
18:24:29.0297 1620 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
18:24:29.0331 1620 WANARP - ok
18:24:29.0335 1620 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
18:24:29.0364 1620 Wanarpv6 - ok
18:24:29.0384 1620 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
18:24:29.0433 1620 wbengine - ok
18:24:29.0441 1620 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
18:24:29.0469 1620 WbioSrvc - ok
18:24:29.0478 1620 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
18:24:29.0509 1620 wcncsvc - ok
18:24:29.0515 1620 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:24:29.0537 1620 WcsPlugInService - ok
18:24:29.0543 1620 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
18:24:29.0563 1620 Wd - ok
18:24:29.0575 1620 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
18:24:29.0610 1620 Wdf01000 - ok
18:24:29.0618 1620 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
18:24:29.0645 1620 WdiServiceHost - ok
18:24:29.0650 1620 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
18:24:29.0670 1620 WdiSystemHost - ok
18:24:29.0679 1620 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
18:24:29.0716 1620 WebClient - ok
18:24:29.0725 1620 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
18:24:29.0764 1620 Wecsvc - ok
18:24:29.0771 1620 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
18:24:29.0807 1620 wercplsupport - ok
18:24:29.0814 1620 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
18:24:29.0853 1620 WerSvc - ok
18:24:29.0859 1620 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
18:24:29.0891 1620 WfpLwf - ok
18:24:29.0897 1620 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
18:24:29.0916 1620 WIMMount - ok
18:24:29.0930 1620 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
18:24:29.0967 1620 WinDefend - ok
18:24:29.0974 1620 WinHttpAutoProxySvc - ok
18:24:29.0987 1620 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
18:24:30.0027 1620 Winmgmt - ok
18:24:30.0034 1620 WinRing0_1_2_0 - ok
18:24:30.0056 1620 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
18:24:30.0116 1620 WinRM - ok
18:24:30.0131 1620 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
18:24:30.0153 1620 WinUsb - ok
18:24:30.0171 1620 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
18:24:30.0215 1620 Wlansvc - ok
18:24:30.0221 1620 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
18:24:30.0240 1620 WmiAcpi - ok
18:24:30.0251 1620 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
18:24:30.0275 1620 wmiApSrv - ok
18:24:30.0295 1620 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
18:24:30.0338 1620 WMPNetworkSvc - ok
18:24:30.0345 1620 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
18:24:30.0366 1620 WPCSvc - ok
18:24:30.0372 1620 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
18:24:30.0398 1620 WPDBusEnum - ok
18:24:30.0404 1620 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
18:24:30.0437 1620 ws2ifsl - ok
18:24:30.0443 1620 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\System32\wscsvc.dll
18:24:30.0471 1620 wscsvc - ok
18:24:30.0476 1620 WSearch - ok
18:24:30.0511 1620 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
18:24:30.0580 1620 wuauserv - ok
18:24:30.0586 1620 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
18:24:30.0608 1620 WudfPf - ok
18:24:30.0615 1620 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
18:24:30.0641 1620 WUDFRd - ok
18:24:30.0651 1620 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
18:24:30.0680 1620 wudfsvc - ok
18:24:30.0698 1620 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
18:24:30.0759 1620 WwanSvc - ok
18:24:30.0779 1620 ================ Scan global ===============================
18:24:30.0785 1620 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
18:24:30.0801 1620 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
18:24:30.0824 1620 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
18:24:30.0833 1620 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
18:24:30.0848 1620 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
18:24:30.0860 1620 [Global] - ok
18:24:30.0860 1620 ================ Scan MBR ==================================
18:24:30.0864 1620 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
18:24:31.0195 1620 \Device\Harddisk0\DR0 - ok
18:24:31.0199 1620 ================ Scan VBR ==================================
18:24:31.0204 1620 [ 20656614DD59C31A79F1054B42D63CE3 ] \Device\Harddisk0\DR0\Partition1
18:24:31.0205 1620 \Device\Harddisk0\DR0\Partition1 - ok
18:24:31.0215 1620 [ 912C670AAFE2F78C25BD6DDF42331094 ] \Device\Harddisk0\DR0\Partition2
18:24:31.0216 1620 \Device\Harddisk0\DR0\Partition2 - ok
18:24:31.0217 1620 ============================================================
18:24:31.0217 1620 Scan finished
18:24:31.0217 1620 ============================================================
18:24:31.0235 1556 Detected object count: 1
18:24:31.0235 1556 Actual detected object count: 1
18:24:55.0058 1556 SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user
18:24:55.0058 1556 SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:25:01.0046 2336 Deinitialize success
Geändert von Doggy81 (09.04.2013 um 17:39 Uhr) |
|
09.04.2013, 22:25
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Diverse E-Mail Konten gehackt Ich seh da nichts. Du hast selbstverständlich schon sicherheitshalber die Passwörter gewechselt? Und bitte nicht sowas wie 12234 oder qwertz nehmen 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
10.04.2013, 09:32
| #13 |
| | Diverse E-Mail Konten gehackt Ja einige Passwörter sind gewechselt. Also du meinst der Rechner ist sauber und ich kann ihn wieder normal nutzen? Auch Bank usw.? |
|
10.04.2013, 10:53
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Diverse E-Mail Konten gehackt 100% Sicherheit gibt es nicht, ich hab nur gesagt, dass die Logs bislang unuffällig sind JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Im Anschluss: adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Danach eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
10.04.2013, 12:05
| #15 |
| | Diverse E-Mail Konten gehackt Danke sehr! JRT Logfile Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.8.3 (04.05.2013:1)
OS: Windows 7 Home Premium x86
Ran by xxx on 10.04.2013 at 12:44:42,13
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 10.04.2013 at 12:47:12,02
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter # AdwCleaner v2.200 - Datei am 10/04/2013 um 12:52:17 erstellt
# Aktualisiert am 02/04/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzer : xxx - xxx-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\xxx\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
***** [Registrierungsdatenbank] *****
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16470
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Google Chrome v26.0.1410.64
Datei : C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S2].txt - [719 octets] - [10/04/2013 12:52:17]
########## EOF - C:\AdwCleaner[S2].txt - [778 octets] ##########
Code:
ATTFilter OTL logfile created on: 10.04.2013 12:57:39 - Run 4 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\xxx\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,93 Gb Total Physical Memory | 1,68 Gb Available Physical Memory | 57,26% Memory free 5,86 Gb Paging File | 4,42 Gb Available in Paging File | 75,44% Paging File free Paging file location(s): c:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 119,14 Gb Total Space | 25,15 Gb Free Space | 21,11% Space Free | Partition Type: NTFS Computer Name: xxx-PC | User Name: xxx | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\xxx\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) PRC - C:\Programme\Common Files\Logishrd\KHAL3\KHALMNPR.exe (Logitech, Inc.) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Samsung\Samsung Update Plus\SUPBackGround.exe () PRC - C:\Programme\Samsung\Easy Display Manager\dmhkcore.exe (Samsung Electronics Co., Ltd.) PRC - C:\Programme\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe (Samsung Electronics Co., Ltd.) PRC - \\?\C:\Windows\System32\wbem\WMIADAP.EXE () PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) ========== Modules (No Company Name) ========== MOD - C:\Users\xxx\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll () MOD - C:\Users\xxx\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll () MOD - C:\Users\xxx\AppData\Local\Google\Chrome\Application\26.0.1410.64\libglesv2.dll () MOD - C:\Users\xxx\AppData\Local\Google\Chrome\Application\26.0.1410.64\libegl.dll () MOD - C:\Users\xxx\AppData\Local\Google\Chrome\Application\26.0.1410.64\ffmpegsumo.dll () MOD - C:\Programme\FileZilla FTP Client\fzshellext.dll () MOD - C:\Programme\Notepad++\NppShell_05.dll () MOD - C:\Programme\Samsung\Samsung Update Plus\SUPBackGround.exe () MOD - C:\Programme\Samsung\Samsung Update Plus\HMXML.dll () MOD - C:\Programme\Samsung\Easy Display Manager\HookDllPS2.dll () ========== Services (SafeList) ========== SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (LBTServ) -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.) SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (SwitchBoard) -- C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (IAANTMON) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) ========== Driver Services (SafeList) ========== DRV - (WinRing0_1_2_0) -- C:\Users\xxx\AppData\Local\Temp\tmp493F.tmp File not found DRV - (IntcAzAudAddService) -- system32\drivers\RTKVHDA.sys File not found DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV - (dtsoftbus01) -- C:\Windows\System32\drivers\dtsoftbus01.sys (DT Soft Ltd) DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.) DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2100955007-3637390453-2697659314-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-2100955007-3637390453-2697659314-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKU\S-1-5-21-2100955007-3637390453-2697659314-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B5 3C B7 B9 B4 2B CE 01 [binary data] IE - HKU\S-1-5-21-2100955007-3637390453-2697659314-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2100955007-3637390453-2697659314-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-2100955007-3637390453-2697659314-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-2100955007-3637390453-2697659314-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\xxx\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\xxx\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F003DA68-8256-4b37-A6C4-350FA04494DF}: C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013.03.13 13:47:09 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.04.08 23:13:15 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.04.08 23:13:15 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2012.12.20 03:23:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxx\AppData\Roaming\mozilla\Extensions ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}, CHR - homepage: hxxp://www.google.com/ CHR - plugin: Shockwave Flash (Enabled) = C:\Users\xxx\AppData\Local\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\xxx\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\xxx\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll CHR - plugin: Java(TM) Platform SE 7 U17 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll CHR - plugin: Google Update (Enabled) = C:\Users\xxx\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll CHR - plugin: Java Deployment Toolkit 7.0.170.2 (Enabled) = C:\Windows\system32\npDeployJava1.dll CHR - Extension: SEOquake = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\akdgnmcogleenhbclghghlkkdndkjdjc\1.0.14_0\ CHR - Extension: Google Drive = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: Bookmark Sentry = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdglbbcbmgnimogcmcdenggkpdmihlga\1.7.13_0\ CHR - Extension: YouTube = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Firebug Lite for Google Chrome\u2122 = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmagokdooijbeehmkpknfglimnifench\1.4.0.11967_0\ CHR - Extension: Adblock Plus = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.4_0\ CHR - Extension: Google-Suche = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: iMacros for Chrome = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\cplklnmnlbnpmjogncfgfijoopmnlemp\6.0.1_0\ CHR - Extension: NoFollow = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfogidghaigoomjdeacndafapdijmiid\3.3.6_0\ CHR - Extension: Link2Clip = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmieebpnfbcjdackmfajcbbknaikebla\1.1_0\ CHR - Extension: PageRank Status = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdkkfheckcdppiaiabobmennhijkknn\7.3.0_1\ CHR - Extension: Change Colors = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbmkekhehjedonbhoikhhkmlapalklgn\2.144_0\ CHR - Extension: Copy Links = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcpoommnneaebpfgaoejklgemonkmjpc\1.2.1_0\ CHR - Extension: Premiumize.me = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\lojbjecfjcnaledoelddkcjlifhhfebm\0.0.16_0\ CHR - Extension: Color Picker = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohcpnigalekghcmgcdcenkpelffpdolg\0.0.1.51_0\ CHR - Extension: Google Reader = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjjhlfkghdhmijklfnahfkpgmhcmfgcm\4.4_0\ CHR - Extension: Google Mail = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Logitech SetPoint) - {AF949550-9094-4807-95EC-D1C317803333} - C:\Programme\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - Startup: C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung SSD Magician.lnk = C:\Programme\Samsung SSD Magician\Samsung SSD Magician.exe (Samsung Electronics.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O13 - gopher Prefix: missing O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 82.212.62.62 78.42.43.62 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{935C30C2-6AEA-4DC0-B3C7-1742CC23C44B}: DhcpNameServer = 82.212.62.62 78.42.43.62 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E4905C36-BE12-4D5A-A2C9-82B8F867D164}: DhcpNameServer = 82.212.62.62 78.42.43.62 O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.04.10 12:56:37 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\xxx\Desktop\OTL.exe [2013.04.10 12:44:41 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013.04.10 12:44:37 | 000,000,000 | ---D | C] -- C:\JRT [2013.04.10 12:44:16 | 000,551,587 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\xxx\Desktop\JRT.exe [2013.04.10 09:35:42 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\Diagnostics [2013.04.09 17:53:02 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2013.04.09 17:27:41 | 000,000,000 | ---D | C] -- C:\Users\xxx\Desktop\mbar [2013.04.09 16:38:13 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\SimilarImages [2013.04.09 16:38:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SimilarImages [2013.04.09 16:38:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MaierSoft [2013.04.09 16:38:04 | 000,000,000 | ---D | C] -- C:\Program Files\SimilarImages [2013.04.08 23:13:15 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird [2013.03.29 16:33:44 | 000,000,000 | ---D | C] -- C:\_OTL [2013.03.29 16:23:57 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\PDAppFlex [2013.03.29 15:43:50 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Malwarebytes [2013.03.29 15:43:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.03.29 15:43:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.03.29 15:43:41 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2013.03.29 15:43:41 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2013.03.26 11:08:36 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usb8023.sys [2013.03.24 14:13:32 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\TuneUp Software [2013.03.24 14:13:29 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUp Utilities 2013 [2013.03.24 14:13:16 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software [2013.03.24 14:12:57 | 000,000,000 | -HSD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} [2013.03.24 14:12:57 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files [2013.03.24 01:05:21 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\com.adobe.WidgetBrowser [2013.03.20 22:01:24 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache [2013.03.19 16:53:14 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\Programs [2013.03.14 15:42:41 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2013.03.14 15:42:41 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Adobe Mini Bridge CS5 [2013.03.14 14:12:03 | 000,000,000 | ---D | C] -- C:\Users\xxx\Desktop\dealsdestages [2013.03.13 20:26:39 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2013.03.13 20:26:38 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2013.03.13 20:26:38 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2013.03.13 20:26:38 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2013.03.13 20:26:38 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2013.03.13 20:26:37 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2013.03.13 20:26:37 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2013.03.13 20:26:36 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2013.03.13 13:47:42 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Logishrd [2013.03.13 13:47:37 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Leadertech [2013.03.13 13:47:27 | 000,016,400 | ---- | C] (Logitech, Inc.) -- C:\Windows\System32\drivers\LNonPnP.sys [2013.03.13 13:47:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech [2013.03.13 13:47:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Logitech [2013.03.13 13:47:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Logishrd [2013.03.13 13:46:59 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech [2013.03.13 13:46:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Logishrd [2013.03.13 13:46:23 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Logitech [2013.03.13 13:46:23 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Logishrd ========== Files - Modified Within 30 Days ========== [2013.04.10 12:58:41 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.04.10 12:58:41 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.04.10 12:58:41 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.04.10 12:58:41 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.04.10 12:56:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\xxx\Desktop\OTL.exe [2013.04.10 12:55:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2100955007-3637390453-2697659314-1000UA.job [2013.04.10 12:53:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.04.10 12:53:24 | 2362,920,960 | -HS- | M] () -- C:\hiberfil.sys [2013.04.10 12:51:54 | 000,613,083 | ---- | M] () -- C:\Users\xxx\Desktop\adwcleaner.exe [2013.04.10 12:44:16 | 000,551,587 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\xxx\Desktop\JRT.exe [2013.04.10 12:04:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.04.10 11:25:05 | 000,029,391 | ---- | M] () -- C:\Users\xxx\Desktop\indexed google com.csv [2013.04.10 11:05:00 | 000,045,044 | ---- | M] () -- C:\Users\xxx\Desktop\www-ipaddatentarife-de_20130410T090431Z_ExternalLinks_AllLinks.csv [2013.04.10 00:41:11 | 000,001,456 | ---- | M] () -- C:\Users\xxx\AppData\Local\Adobe Save for Web 12.0 Prefs [2013.04.09 23:55:00 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2100955007-3637390453-2697659314-1000Core.job [2013.04.09 18:00:15 | 000,022,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.04.09 18:00:15 | 000,022,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.04.09 17:52:56 | 243,978,118 | ---- | M] () -- C:\Windows\MEMORY.DMP [2013.04.09 16:38:13 | 000,000,045 | ---- | M] () -- C:\ProgramData\.SimImages [2013.04.08 22:51:12 | 000,038,205 | ---- | M] () -- C:\Users\xxx\Desktop\kwdomainlist.pdf [2013.03.29 15:43:43 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.03.28 14:11:22 | 000,275,620 | ---- | M] () -- C:\Users\xxx\Desktop\1-13.pdf [2013.03.25 14:29:56 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys [2013.03.25 14:29:56 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys [2013.03.25 14:29:56 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys [2013.03.21 21:34:03 | 000,197,160 | ---- | M] () -- C:\Users\xxx\Desktop\gutschein ab in den urlaub.pdf [2013.03.21 21:20:17 | 003,648,600 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013.03.15 21:50:50 | 000,001,456 | ---- | M] () -- C:\Users\xxx\AppData\Local\Adobe Für Web speichern 12.0 Prefs [2013.03.13 13:47:27 | 000,016,400 | ---- | M] (Logitech, Inc.) -- C:\Windows\System32\drivers\LNonPnP.sys [2013.03.13 13:10:40 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2013.03.13 13:10:40 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl ========== Files Created - No Company Name ========== [2013.04.10 12:51:54 | 000,613,083 | ---- | C] () -- C:\Users\xxx\Desktop\adwcleaner.exe [2013.04.10 11:25:05 | 000,029,391 | ---- | C] () -- C:\Users\xxx\Desktop\indexed google com.csv [2013.04.10 11:04:59 | 000,045,044 | ---- | C] () -- C:\Users\xxx\Desktop\www-ipaddatentarife-de_20130410T090431Z_ExternalLinks_AllLinks.csv [2013.04.09 17:52:56 | 243,978,118 | ---- | C] () -- C:\Windows\MEMORY.DMP [2013.04.09 16:38:13 | 000,000,045 | ---- | C] () -- C:\ProgramData\.SimImages [2013.04.08 22:51:12 | 000,038,205 | ---- | C] () -- C:\Users\xxx\Desktop\kwdomainlist.pdf [2013.03.29 15:43:43 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.03.28 14:11:22 | 000,275,620 | ---- | C] () -- C:\Users\xxx\Desktop\1-13.pdf [2013.03.21 21:34:02 | 000,197,160 | ---- | C] () -- C:\Users\xxx\Desktop\gutschein ab in den urlaub.pdf [2013.03.19 15:28:59 | 000,001,456 | ---- | C] () -- C:\Users\xxx\AppData\Local\Adobe Save for Web 12.0 Prefs [2013.02.03 04:31:49 | 000,000,132 | ---- | C] () -- C:\Users\xxx\AppData\Roaming\Adobe PNG Format CS5 Prefs [2013.01.17 21:05:11 | 000,001,456 | ---- | C] () -- C:\Users\xxx\AppData\Local\Adobe Für Web speichern 12.0 Prefs [2013.01.07 21:13:12 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI [2013.01.07 21:13:12 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI [2012.12.20 18:58:23 | 000,000,017 | ---- | C] () -- C:\Users\xxx\AppData\Local\resmon.resmoncfg [2012.12.20 03:00:59 | 000,001,366 | ---- | C] () -- C:\Windows\Sandboxie.ini [2012.12.20 02:50:45 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll ========== ZeroAccess Check ========== [2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > Code:
ATTFilter OTL Extras logfile created on: 10.04.2013 12:57:40 - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\xxx\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,93 Gb Total Physical Memory | 1,68 Gb Available Physical Memory | 57,26% Memory free
5,86 Gb Paging File | 4,42 Gb Available in Paging File | 75,44% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 119,14 Gb Total Space | 25,15 Gb Free Space | 21,11% Space Free | Partition Type: NTFS
Computer Name: xxx-PC | User Name: xxx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01EFA6E6-8447-425D-83C6-9A50771CE948}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1971C4AB-E42B-41B5-B98F-A263D313B78E}" = rport=10243 | protocol=6 | dir=out | app=system |
"{20FA5E62-75D3-4ADD-BA3C-3102A0AD7ADB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3FE4D001-9A35-45A5-8AD0-EECE64C40B01}" = lport=10243 | protocol=6 | dir=in | app=system |
"{419B8DA8-EEB0-492A-8DF1-6836FD188688}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{446AE113-C676-4282-93AE-39B8E2716966}" = lport=2869 | protocol=6 | dir=in | app=system |
"{4B2379C6-3CFE-48DA-8EB6-9962A907817B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{59FB9A03-3428-42F4-9FFE-657D48BA4B1C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{661F43DC-AD1A-45BA-99FC-8719EDEB59FF}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{89C9A960-9BB3-45B8-801F-22127E92C543}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{91E8F083-B0C4-4188-89F7-975C16977C3B}" = rport=138 | protocol=17 | dir=out | app=system |
"{AA800EDC-52D2-4535-B955-0A1CF25FB2FD}" = lport=139 | protocol=6 | dir=in | app=system |
"{B2496B15-3748-4B97-BF53-B0E04F0BA1FE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B3F09C66-C11C-4C59-A30F-6556492DA656}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BABC0F74-474D-4A6D-A123-42B18E8118BF}" = rport=139 | protocol=6 | dir=out | app=system |
"{CA7B7DE8-747A-4867-9339-4CCEAB632D14}" = lport=138 | protocol=17 | dir=in | app=system |
"{CD8481D3-E0E2-41F1-BA8F-2CE1D181D69D}" = lport=137 | protocol=17 | dir=in | app=system |
"{D4AF30CE-757F-4433-A479-E806B31C60B8}" = rport=137 | protocol=17 | dir=out | app=system |
"{E453224D-9A76-4BD0-B524-EE9E1E144FD6}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E5013AFA-88B4-4FBC-A61F-B27015897DF4}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{EAE03202-0F6D-4B31-843A-934B999ACE21}" = rport=445 | protocol=6 | dir=out | app=system |
"{EF865A7A-23DF-4DAF-9203-37FEA238CA32}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F8258E8F-6974-4F59-9DC7-4680B77F13C3}" = lport=445 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{14665412-6677-40AE-9D4E-B0FAA029549C}" = dir=out | app=%programfiles%\adobe\adobe illustrator cs5.1\support files\contents\windows\illustrator.exe |
"{4058C61A-F646-41D6-98C7-4721C91933DF}" = protocol=17 | dir=in | app=c:\program files\gsa search engine ranker\search_engine_ranker.exe |
"{4F8EE637-38D3-4E68-8C9B-9012DCD80DA3}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{51D66FCF-6B25-4998-BFE6-707963BFF8C9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{56784A30-E42A-430C-8725-DF35506291BB}" = dir=out | app=c:\program files\gsa search engine ranker\search_engine_ranker.exe |
"{6DC09F8E-780E-46B4-AC12-68352F5CF604}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6F601ABC-BD8B-4CFE-8364-9DC98D4F5AEF}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{7385CB66-185C-42EE-85C9-0E08E28A6EC8}" = dir=out | app=c:\program files\gsa search engine ranker\search_engine_ranker.exe |
"{796C7788-22FE-4106-A9DF-290DC97C6B82}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{889CE8B5-42FC-4CC1-A8E6-537D243A6D4E}" = dir=out | app=%programfiles%\adobe\adobe dreamweaver cs6\dreamweaver.exe |
"{A10C7000-03F2-4288-8FC5-A69CF9896F0A}" = protocol=6 | dir=out | app=system |
"{A29A0F54-7239-4607-9520-DBE467E2623E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A69EE37F-A1B3-4F57-99E9-3E04D5B37104}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AA3E20B1-A7D2-4AA0-8506-F610B00BF38E}" = protocol=6 | dir=in | app=c:\program files\gsa search engine ranker\search_engine_ranker.exe |
"{B5CD539C-9278-4D01-99BB-D8CF4A9A9AAF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B789CD90-B733-4CEA-9681-DB6A5137A89D}" = dir=out | app=%programfiles%\adobe\adobe photoshop cs5\photoshop.exe |
"{DF4620B3-6E64-4E1E-A2E1-FF5CE8B9FDC3}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{E1C7554B-5A8E-4F82-A24D-EF6E46C723FE}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{E6402DA8-72D7-4087-8547-DF4F12789327}" = dir=out | app=c:\program files\gsa search engine ranker\search_engine_ranker.exe |
"{F09AC1A4-4039-4FE7-8FC4-58B63A1C5C37}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F2CBE5FB-3A02-4C13-AB87-ABDF2DA630DE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F644E99F-F608-4125-8D9B-B2178A663DDA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F6FD3105-6886-48B4-9F2F-DB56DBDF007F}" = dir=out | app=c:\program files\gsa search engine ranker\search_engine_ranker.exe |
"{F76EABA8-7C0F-4D53-9394-A5A346680040}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F8970A6E-846B-43C8-B04E-747E5824A656}" = dir=out | app=c:\program files\gsa search engine ranker\search_engine_ranker.exe |
"{FEE46946-02D3-4A31-86A3-79ADEC2FEB02}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"TCP Query User{0191B92D-8F64-440A-A87A-34CF1F354A6C}C:\users\xxx\appdata\local\jdownloader 2.0\jdownloader2.exe" = protocol=6 | dir=in | app=c:\users\xxx\appdata\local\jdownloader 2.0\jdownloader2.exe |
"TCP Query User{82B9B3FC-A469-4B9F-8182-483485493D3D}C:\program files\common files\i4j_jres\1.6.0_27\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\common files\i4j_jres\1.6.0_27\bin\javaw.exe |
"TCP Query User{921BEA41-1291-4D92-BEE2-0738ECB13324}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{D4CFE6DF-6835-4ACF-AB30-68954C0DF32A}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{2B57D267-440A-449D-A4BD-F3A353670185}C:\program files\common files\i4j_jres\1.6.0_27\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\common files\i4j_jres\1.6.0_27\bin\javaw.exe |
"UDP Query User{74D40267-0A9F-4C94-A187-11D216A7C0A3}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{A3A50408-2006-4952-B090-A7FC116A0CC1}C:\users\xxx\appdata\local\jdownloader 2.0\jdownloader2.exe" = protocol=17 | dir=in | app=c:\users\xxx\appdata\local\jdownloader 2.0\jdownloader2.exe |
"UDP Query User{D1C8098F-F884-466A-8940-DF8FA9314108}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{23767F5D-A80C-4264-B8EA-ED4085FC332A}" = Adobe Illustrator CS5.1
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1" = Samsung SSD Magician
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{853F8A41-A3C9-43FA-87FA-1AE74FC6F3F7}" = BatteryLifeExtender
"{86501894-E722-4385-A792-B7C2F28FAE7B}" = NetSpeedMonitor 2.5.4.0 x86
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista and Later
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI - Deutsch
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{D1434266-0486-4469-B338-A60082CC04E1}" = Atheros Client Installation Program
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Alt.Binz" = Alt.Binz 0.39.4
"Auto Clicker by Shocker_is1" = Auto Clicker by Shocker
"Avira AntiVir Desktop" = Avira Free Antivirus
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DAEMON Tools Lite" = DAEMON Tools Lite
"FileZilla Client" = FileZilla Client 3.6.0.2
"GSA Search Engine Ranker_is1" = GSA Search Engine Ranker v5.16
"jdownloader2" = JDownloader 2.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Thunderbird 17.0.5 (x86 de)" = Mozilla Thunderbird 17.0.5 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Notepad++" = Notepad++
"SimilarImages" = SimilarImages
"sp6" = Logitech SetPoint 6.52
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 2.0.5
"WinRAR archiver" = WinRAR 4.20 (32-Bit)
"Xenu's Link Sleuth" = Xenu's Link Sleuth
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2100955007-3637390453-2697659314-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
< End of report >
|
|
| Themen zu Diverse E-Mail Konten gehackt |
| adblock, adobe, antivir, applaus, autorun, avg, avira, browser, defender, desktop, e-mail, firefox, flash player, format, ftp, google, helper, home, homepage, internet browser, logfile, malware bytes, neu aufsetzen, object, plug-in, registrierungsdatenbank, registry, scan, software, system, taskhost.exe, updates, windows |
Linear-Darstellung
