Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Mail Account gehackt?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 25.04.2013, 19:39   #1
Mr.Green
 
Mail Account gehackt? - Standard

Mail Account gehackt?



Hallo,

ich beschreibe mal mein Problem: Ich hatte mich gerade auf meinem Mailaccount eingeloggt, da sehe ich, dass der letzte Login zu einer Uhrzeit stattgefunden hat, zu der ich mich sicher nicht eingeloggt hatte. Lies mich natürlich stutzig werden. Ich wähle meine pw schon mit Bedacht aus, wie also sollte jemand da rankommen? Jetzt würde ich gerne wissen, ob mein PC sauber ist. Hoffe ich bin hier bei euch richtig.

Hier die Logfiles nach eurer Anleitung:


OTL:

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 25.04.2013 19:42:04 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = F:\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
6,00 Gb Total Physical Memory | 3,79 Gb Available Physical Memory | 63,18% Memory free
11,99 Gb Paging File | 9,70 Gb Available in Paging File | 80,88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 74,43 Gb Total Space | 13,43 Gb Free Space | 18,04% Space Free | Partition Type: NTFS
Drive D: | 323,74 Gb Total Space | 112,53 Gb Free Space | 34,76% Space Free | Partition Type: NTFS
Drive E: | 292,97 Gb Total Space | 281,78 Gb Free Space | 96,18% Space Free | Partition Type: NTFS
Drive F: | 314,80 Gb Total Space | 261,97 Gb Free Space | 83,22% Space Free | Partition Type: NTFS
Drive G: | 2,80 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive H: | 1,75 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: PC | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.04.25 18:41:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- F:\Downloads\OTL.exe
PRC - [2013.04.12 21:01:16 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013.03.29 20:09:49 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2013.03.29 20:09:39 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.03.29 20:09:39 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2013.03.15 07:53:06 | 001,266,464 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2013.03.14 22:07:46 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.10.08 18:04:18 | 000,166,912 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2012.10.08 17:15:50 | 000,039,808 | ---- | M] (Wacom Technology) -- C:\Programme\Tablet\Wacom\WacomHost.exe
PRC - [2012.09.26 19:14:10 | 000,168,864 | ---- | M] () -- F:\HTC Sync\HTC Sync\adb.exe
PRC - [2012.08.13 12:08:08 | 010,376,704 | ---- | M] (OpenOffice.org) -- F:\Open Office\program\soffice.exe
PRC - [2012.08.13 12:08:08 | 010,368,512 | ---- | M] (OpenOffice.org) -- F:\Open Office\program\soffice.bin
PRC - [2012.08.13 12:08:08 | 000,103,936 | ---- | M] (OpenOffice.org) -- F:\Open Office\program\swriter.exe
PRC - [2012.07.16 17:49:10 | 000,087,368 | ---- | M] (Nero AG) -- F:\HTC Sync\HSMServiceEntry.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.04.12 21:01:16 | 003,133,336 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012.09.26 19:14:10 | 000,168,864 | ---- | M] () -- F:\HTC Sync\HTC Sync\adb.exe
MOD - [2012.08.10 17:51:32 | 000,985,088 | ---- | M] () -- F:\Open Office\program\libxml2.dll
MOD - [2012.08.10 17:50:56 | 000,170,496 | ---- | M] () -- F:\Open Office\program\libxslt.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2013.04.16 10:31:57 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.04.12 21:01:16 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.03.29 20:09:49 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.03.29 20:09:39 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013.03.15 18:29:10 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013.03.15 07:53:06 | 001,266,464 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013.03.14 22:07:46 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2013.01.08 13:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.10.29 09:14:18 | 000,613,760 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Programme\Tablet\Wacom\WTabletServicePro.exe -- (WTabletServicePro)
SRV - [2012.10.08 18:04:18 | 000,166,912 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2012.10.01 09:22:52 | 000,359,224 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2012.07.17 16:14:44 | 002,292,480 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2012.07.16 17:49:10 | 000,087,368 | ---- | M] (Nero AG) [Auto | Running] -- F:\HTC Sync\HSMServiceEntry.exe -- (HTCMonitorService)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.04.13 21:53:09 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2013.04.13 21:53:09 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2013.03.29 20:09:53 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2013.03.29 20:09:53 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2013.03.29 20:09:53 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.10.12 10:54:54 | 000,015,776 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wacomrouterfilter.sys -- (wacomrouterfilter)
DRV:64bit: - [2012.10.12 10:20:38 | 000,081,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wachidrouter.sys -- (WacHidRouter)
DRV:64bit: - [2012.10.12 10:20:38 | 000,013,728 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidkmdf.sys -- (hidkmdf)
DRV:64bit: - [2012.09.25 23:46:20 | 000,036,928 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot)
DRV:64bit: - [2012.09.18 11:32:44 | 000,042,808 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV:64bit: - [2012.09.18 11:32:32 | 000,078,648 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV:64bit: - [2012.09.18 11:32:32 | 000,075,064 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2012.09.18 11:32:32 | 000,061,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2012.09.18 11:32:32 | 000,015,160 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidEqd.sys -- (LHidEqd)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.12.12 16:19:52 | 000,019,840 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hcw95rc.sys -- (hcw95rc)
DRV:64bit: - [2011.12.12 16:19:22 | 000,658,944 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hcw95bda.sys -- (hcw95bda)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2009.11.02 12:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:35:42 | 000,187,392 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2007.09.10 09:50:26 | 000,527,360 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PAC7302.SYS -- (PAC7302)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3772093366-415461289-3751294527-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3772093366-415461289-3751294527-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-3772093366-415461289-3751294527-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 6E 2B FF 4D DE EC CD 01  [binary data]
IE - HKU\S-1-5-21-3772093366-415461289-3751294527-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3772093366-415461289-3751294527-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3772093366-415461289-3751294527-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-3772093366-415461289-3751294527-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3772093366-415461289-3751294527-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-3772093366-415461289-3751294527-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 4D 31 E4 4F 06 0E CE 01  [binary data]
IE - HKU\S-1-5-21-3772093366-415461289-3751294527-1004\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3772093366-415461289-3751294527-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledAddons: %7BF003DA68-8256-4b37-A6C4-350FA04494DF%7D:6.5
FF - prefs.js..extensions.enabledAddons: %7Be001c731-5e37-4538-a5cb-8168736a2360%7D:0.9.9.119
FF - prefs.js..extensions.enabledAddons: stealthyextension%40gmail.com:2.4
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1
FF - prefs.js..network.proxy.ftp: "178.48.2.237"
FF - prefs.js..network.proxy.ftp_port: 8080
FF - prefs.js..network.proxy.http: "178.48.2.237"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "178.48.2.237"
FF - prefs.js..network.proxy.socks_port: 8080
FF - prefs.js..network.proxy.ssl: "178.48.2.237"
FF - prefs.js..network.proxy.ssl_port: 8080
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: F:\VLC Player\VLC\npvlc.dll (VideoLAN)
FF:64bit: - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.1.0.2: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.1.0.2: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: F:\amazonMP3downloader\npAmazonMP3DownloaderPlugin101799.dll (Amazon.com, Inc.)
FF - HKCU\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F003DA68-8256-4b37-A6C4-350FA04494DF}: C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013.01.07 16:28:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}: C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ [2013.01.18 21:24:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.12 21:01:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.04.12 21:01:15 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.12 21:01:16 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.04.12 21:01:15 | 000,000,000 | ---D | M]
 
[2013.01.07 15:55:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Extensions
[2013.02.01 17:40:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\7p5dpez1.default\extensions
[2013.01.07 21:53:37 | 000,000,000 | ---D | M] (Bitdefender QuickScan) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\7p5dpez1.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2013.01.19 21:14:42 | 000,183,174 | ---- | M] () (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\7p5dpez1.default\extensions\stealthyextension@gmail.com.xpi
[2013.02.01 17:40:44 | 000,817,973 | ---- | M] () (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\7p5dpez1.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.04.12 21:01:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.01.07 16:28:50 | 000,000,000 | ---D | M] (Logitech SetPoint) -- C:\PROGRAM FILES\LOGITECH\SETPOINTP\LOGISMOOTHFIREFOXEXT
[2013.04.12 21:01:16 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.28 17:42:00 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012.11.29 11:19:31 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.11.29 11:19:31 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.11.29 11:19:31 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.11.29 11:19:32 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.11.29 11:19:31 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.11.29 11:19:31 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Logitech SetPoint) - {AF949550-9094-4807-95EC-D1C317803333} - C:\Programme\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [sketchmanager] C:\Program Files (x86)\Wacom\Inkling Sketch Manager\SketchManager.exe ()
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [WinampAgent] C:\Users\Admin\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3772093366-415461289-3751294527-1000..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-3772093366-415461289-3751294527-1004..\Run: [AdobeBridge]  File not found
O4 - HKU\S-1-5-21-3772093366-415461289-3751294527-1005..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-3772093366-415461289-3751294527-1005..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Standard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Standard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = F:\Open Office\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E75F0DEC-90A7-4FDA-9C40-9DE0E2634A96}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013.03.18 17:56:51 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2009.05.23 20:26:32 | 001,713,448 | R--- | M] () - G:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2006.03.02 18:58:48 | 000,000,047 | R--- | M] () - G:\Autorun.inf -- [ UDF ]
O33 - MountPoints2\{1258b817-621e-11e2-98a0-00241d191b91}\Shell - "" = AutoRun
O33 - MountPoints2\{1258b817-621e-11e2-98a0-00241d191b91}\Shell\AutoRun\command - "" = I:\HTC_Sync_Manager_PC.exe
O33 - MountPoints2\{e0793777-5e4e-11e2-aa38-00241d191b91}\Shell - "" = AutoRun
O33 - MountPoints2\{e0793777-5e4e-11e2-aa38-00241d191b91}\Shell\AutoRun\command - "" = I:\HTC_Sync_Manager_PC.exe
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\HTC_Sync_Manager_PC.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.04.14 19:46:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies
[2013.04.14 00:47:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2013.04.13 22:27:54 | 000,000,000 | ---D | C] -- C:\Users\Admin\Documents\Anno 1404
[2013.04.13 22:10:49 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Ubisoft
[2013.04.13 22:07:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Tages
[2013.04.12 21:01:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.04.02 23:10:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
[2013.04.02 23:10:42 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZip
[2013.04.02 23:10:41 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip
[2013.03.29 20:10:03 | 000,130,016 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013.03.29 20:10:03 | 000,100,712 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013.03.29 20:10:03 | 000,028,600 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
 
========== Files - Modified Within 30 Days ==========
 
[2013.04.25 18:53:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.04.25 18:40:27 | 000,000,000 | ---- | M] () -- C:\Users\Admin\defogger_reenable
[2013.04.25 18:28:24 | 000,021,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.25 18:28:24 | 000,021,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.25 18:25:26 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.04.25 18:25:26 | 000,696,620 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.04.25 18:25:26 | 000,651,938 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.04.25 18:25:26 | 000,147,916 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.04.25 18:25:26 | 000,120,870 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.04.25 18:21:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.25 18:21:08 | 535,535,615 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.17 16:23:08 | 004,854,392 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.04.13 21:53:09 | 000,314,016 | ---- | M] () -- C:\Windows\SysNative\drivers\atksgt.sys
[2013.04.13 21:53:09 | 000,043,680 | ---- | M] () -- C:\Windows\SysNative\drivers\lirsgt.sys
[2013.03.29 20:09:53 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013.03.29 20:09:53 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013.03.29 20:09:53 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
 
========== Files Created - No Company Name ==========
 
[2013.04.25 18:40:27 | 000,000,000 | ---- | C] () -- C:\Users\Admin\defogger_reenable
[2013.04.13 21:53:09 | 000,314,016 | ---- | C] () -- C:\Windows\SysNative\drivers\atksgt.sys
[2013.04.13 21:53:09 | 000,043,680 | ---- | C] () -- C:\Windows\SysNative\drivers\lirsgt.sys
[2013.01.08 15:12:24 | 000,001,456 | ---- | C] () -- C:\Users\Admin\AppData\Local\Adobe Save for Web 12.0 Prefs
[2013.01.07 23:34:25 | 000,000,679 | ---- | C] () -- C:\Users\Admin\Admin - Verknüpfung.lnk
[2013.01.07 19:51:42 | 000,000,052 | ---- | C] () -- C:\Users\Admin\temppics.adob
[2013.01.07 16:24:05 | 001,589,442 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.01.22 09:49:38 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2013.02.12 18:25:55 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\doublefine
[2013.02.12 18:25:50 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Dropbox
[2013.01.18 21:24:55 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DVDVideoSoft
[2013.01.18 21:24:52 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers
[2013.01.28 18:17:43 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\FileZilla
[2013.01.19 19:25:01 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\HTC
[2013.01.19 19:25:00 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\HTC Sync
[2013.01.07 16:29:08 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Leadertech
[2013.01.22 11:24:32 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\QuickScan
[2013.04.13 22:10:49 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Ubisoft
[2013.01.08 12:44:29 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Windows Live Writer
[2013.03.19 21:25:28 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\Amazon
[2013.03.18 17:58:19 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\Autodesk
[2013.03.13 23:51:39 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2013.03.04 13:25:04 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\com.adobe.DC3Module.AdobeADC
[2013.02.09 16:43:52 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\Doublefine
[2013.04.25 18:26:54 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\Dropbox
[2013.01.29 15:37:09 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\DVDVideoSoft
[2013.04.03 01:07:34 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\FileZilla
[2013.02.25 11:02:27 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\HTC
[2013.02.20 10:34:29 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\HTC Sync
[2013.02.17 14:36:49 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\OpenOffice.org
[2013.04.25 18:37:09 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\QuickScan
[2013.03.04 13:37:01 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2013.04.13 22:08:50 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\Ubisoft
[2013.01.22 13:41:27 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\Windows Live Writer
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---






Extras:

OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 25.04.2013 18:42:21 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = F:\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
6,00 Gb Total Physical Memory | 4,49 Gb Available Physical Memory | 74,80% Memory free
11,99 Gb Paging File | 10,31 Gb Available in Paging File | 85,95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 74,43 Gb Total Space | 13,42 Gb Free Space | 18,04% Space Free | Partition Type: NTFS
Drive D: | 323,74 Gb Total Space | 112,53 Gb Free Space | 34,76% Space Free | Partition Type: NTFS
Drive E: | 292,97 Gb Total Space | 281,78 Gb Free Space | 96,18% Space Free | Partition Type: NTFS
Drive F: | 314,80 Gb Total Space | 261,97 Gb Free Space | 83,22% Space Free | Partition Type: NTFS
Drive G: | 2,80 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive H: | 1,75 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: PC | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "F:\VLC Player\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Bridge] -- F:\Adobe PS CS 5\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "F:\VLC Player\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Winamp.Bookmark] -- "C:\Users\Admin\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Users\Admin\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Users\Admin\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "F:\VLC Player\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Bridge] -- F:\Adobe PS CS 5\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "F:\VLC Player\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Winamp.Bookmark] -- "C:\Users\Admin\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Users\Admin\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Users\Admin\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3B96F402-E75A-411B-82ED-62E287F74655}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{58200025-CE05-48C1-BBC4-34DB62A92E1D}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{024C4E84-12BA-4F4C-AE9C-D5CBAE20B9C9}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{05C8F473-1998-44BA-AFFE-115A43C22D89}" = protocol=6 | dir=in | app=c:\users\standard\appdata\roaming\dropbox\bin\dropbox.exe | 
"{09A94653-890B-49CB-ACE0-9279F7B25552}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe | 
"{0BE70DE9-BF99-4F91-9694-79037208B284}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{0F824A0B-0FA4-4CCC-AD83-BC9BAFDF5DE7}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{124D3BF2-161B-40FE-91E8-DE1AF7890466}" = protocol=6 | dir=in | app=f:\winamp\winamp.exe | 
"{18AE5D67-DDC3-47D1-8370-32879BBCA23A}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{1AAB6B57-10D2-4CAE-8722-F1FCBCAB1F0A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{20C4A545-301C-4EB4-A8A9-28591BFF6B2C}" = protocol=17 | dir=in | app=d:\anno1404\anno4.exe | 
"{2BF1132C-8A8B-478A-912D-EAC597410CB9}" = protocol=6 | dir=in | app=c:\users\admin\appdata\roaming\dropbox\bin\dropbox.exe | 
"{3348B65E-8393-4537-B725-F00679C1D38E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{344C558D-D50D-489A-A401-EFE7D8A21643}" = protocol=17 | dir=in | app=f:\winamp\winamp.exe | 
"{38B3A06D-D94A-4845-814E-52A37FCC022C}" = protocol=17 | dir=in | app=d:\starcraft ii\starcraft ii\starcraft ii.exe | 
"{3CB25CAD-FBC1-428D-B2AF-2496B11EAA92}" = protocol=6 | dir=in | app=d:\anno1404\tools\anno4web.exe | 
"{435D50F2-474D-464C-A096-E6FBF37C9215}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{4B568E9D-A5EE-4E2A-9588-EEA66D097CCD}" = protocol=17 | dir=in | app=d:\starcraft ii\starcraft ii\starcraft ii public test.exe | 
"{573F4603-3176-48BC-B32C-0F920254744A}" = protocol=17 | dir=in | app=c:\users\standard\appdata\roaming\dropbox\bin\dropbox.exe | 
"{64B6C216-DCEF-4BE2-8AD2-2D3FB1EE66AC}" = dir=in | app=f:\htc sync\htcsyncmanager.exe | 
"{64F8C1EA-1B40-40B1-912A-87C0855B0347}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{79571069-A404-4949-949B-FFD58D3FD661}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{7A6EE2F4-E63C-4641-9587-256E17782E4D}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe | 
"{830041B7-D8D7-4252-A7E1-A181703B0D7D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{A9BD55EF-48B2-4D98-9DC0-A6D6FF123429}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe | 
"{B8907588-426A-4CCC-9BD1-92F3B16BC923}" = protocol=6 | dir=in | app=d:\starcraft ii\starcraft ii\starcraft ii.exe | 
"{BDA4C975-68C7-48FA-83F6-51AFA22F0BC4}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe | 
"{C92909C4-B1CD-46C2-B0C7-9445687001E6}" = protocol=6 | dir=in | app=d:\starcraft ii\starcraft ii\starcraft ii public test.exe | 
"{CF32CD0A-FE3B-455E-97FD-3D5E333DB9F7}" = dir=in | app=c:\users\admin\appdata\local\microsoft\skydrive\skydrive.exe | 
"{D6F5543F-DF79-4D13-B84D-3AAF029E0E93}" = protocol=17 | dir=in | app=c:\users\admin\appdata\roaming\dropbox\bin\dropbox.exe | 
"{EA9DC502-64E7-40BB-B3F6-2DFF6E7B665F}" = protocol=6 | dir=in | app=d:\anno1404\anno4.exe | 
"{F607701C-A7FD-4DC3-84E8-A4550C039F2A}" = protocol=17 | dir=in | app=d:\anno1404\tools\anno4web.exe | 
"TCP Query User{44C81DA0-AF31-425A-9B2C-2506B5FC4BE2}D:\starcraft ii\starcraft ii\versions\base24944\sc2.exe" = protocol=6 | dir=in | app=d:\starcraft ii\starcraft ii\versions\base24944\sc2.exe | 
"TCP Query User{74F971BB-FF26-4B6E-A70B-0726BFB4246E}F:\winamp\winamp.exe" = protocol=6 | dir=in | app=f:\winamp\winamp.exe | 
"TCP Query User{7F46E9C4-7C10-4D7D-9CB0-1FB07B05A262}C:\users\standard\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\standard\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{83DA70E4-74BF-429D-9F72-0623FB76BD5F}D:\anno1404\tools\anno4web.exe" = protocol=6 | dir=in | app=d:\anno1404\tools\anno4web.exe | 
"TCP Query User{E2A9626F-D194-4850-946F-0DB7C2E7466B}C:\users\admin\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\users\admin\winamp\winamp.exe | 
"TCP Query User{EE4F182A-F762-43EF-A4A5-63F08A0A16B8}D:\totalmedia theatre\totalmedia server\tm server.exe" = protocol=6 | dir=in | app=d:\totalmedia theatre\totalmedia server\tm server.exe | 
"UDP Query User{221195CC-A801-4D09-8328-CA8EE887EF82}F:\winamp\winamp.exe" = protocol=17 | dir=in | app=f:\winamp\winamp.exe | 
"UDP Query User{39060FC0-4FA9-4ECF-96B8-85DFF3C3BE0E}C:\users\admin\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\users\admin\winamp\winamp.exe | 
"UDP Query User{5796D409-C2AE-4D9D-AD68-DC131654C436}D:\anno1404\tools\anno4web.exe" = protocol=17 | dir=in | app=d:\anno1404\tools\anno4web.exe | 
"UDP Query User{7CDD673F-621E-42BC-B53F-976D26A0F7F3}C:\users\standard\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\standard\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{B8B9C4F9-7591-4CA4-8A61-FBDCF25C7CE6}D:\totalmedia theatre\totalmedia server\tm server.exe" = protocol=17 | dir=in | app=d:\totalmedia theatre\totalmedia server\tm server.exe | 
"UDP Query User{E4ABCE88-3E19-452C-B936-DA004A136127}D:\starcraft ii\starcraft ii\versions\base24944\sc2.exe" = protocol=17 | dir=in | app=d:\starcraft ii\starcraft ii\versions\base24944\sc2.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.12.12
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240D9}" = WinZip 17.0
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6822EFD-3F7D-4B35-8845-757A26AEC8E2}" = Windows Live MIME IFilter
"{F857B02C-B22C-42BC-9C78-F18BB7C6A55A}" = InklingSketchManager
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"sp6" = Logitech SetPoint 6.51
"VLC media player" = VLC media player 2.0.5
"Wacom Tablet Driver" = Wacom Tablett
"Wacom WebTabletPlugin for Internet Explorer and Netscape" = WebTablet FB Plugin 64 bit
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0513EE35-E0FB-4166-B663-BD1AE3A803DE}" = Anno 1404
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{15F3A6F5-06AE-4332-AE3E-21CD0416827A}" = Windows Live Mail
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{400C31E4-796F-4E86-8FDC-C3C4FACC6847}" = Junk Mail filter update
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{4CEEE5D0-F905-4688-B9F9-ECC710507796}" = HTC Driver Installer
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{5AF4B3C4-C393-48D7-AC7E-8E7615579548}" = Adobe AIR
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{690F5BA3-5DEB-42CD-962B-F687EE59FAA7}" = Windows Live Essentials
"{6965F2F4-1CD2-4F42-A8EF-9EF433F9AA72}" = IPTInstaller
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{70854FE6-3BF1-4C69-94D0-BEB821102E34}" = Windows Live Mail
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7477F26F-CC6A-4F68-8C9D-496DBFF45E05}" = HTC Sync Manager
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8913AC02-67B8-4B52-91B2-BBA7B9C265B5}" = Windows Live Writer Resources
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A127C3C0-055E-38CF-B38F-1E85F8BBBFFE}" = Adobe Community Help
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{B727564C-47D3-473A-AC9E-F4BE7B1BD5D3}" = Windows Live UX Platform Language Pack
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2C146B1-948D-47EF-8387-5D1C6B980F7C}" = Windows Live Writer
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1203F8C-FF34-4968-A4A5-B4F1F8533DAB}" = Photo Common
"{EB87378B-E64A-4D27-8AB6-0786BAB3AC84}" = Autodesk SketchBook Express 2011
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17
"Avira AntiVir Desktop" = Avira Free Antivirus
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"EPSON Scanner" = EPSON Scan
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.37.1212
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"StarCraft II" = StarCraft II
"Steam App 207170" = Legend of Grimrock
"Steam App 221810" = The Cave
"Wacom WebTabletPlugin for Internet Explorer and Netscape" = WebTablet FB Plugin 32 bit
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"FileZilla Client" = FileZilla Client 3.6.0.2
"SkyDriveSetup.exe" = Microsoft SkyDrive
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 17.04.2013 10:24:50 | Computer Name = PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 17.04.2013 10:53:09 | Computer Name = PC | Source = SideBySide | ID = 16842761
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\WinZip\adxloader.dll.Manifest".
 Fehler in Manifest- oder Richtliniendatei "C:\Program Files\WinZip\adxloader.dll.Manifest"
 in Zeile 2.  Das Stammelement der Manifestdatei muss assembliert sein.
 
Error - 19.04.2013 11:38:23 | Computer Name = PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 20.04.2013 08:41:42 | Computer Name = PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 20.04.2013 09:46:58 | Computer Name = PC | Source = SideBySide | ID = 16842761
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\WinZip\adxloader.dll.Manifest".
 Fehler in Manifest- oder Richtliniendatei "C:\Program Files\WinZip\adxloader.dll.Manifest"
 in Zeile 2.  Das Stammelement der Manifestdatei muss assembliert sein.
 
Error - 21.04.2013 04:23:48 | Computer Name = PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 21.04.2013 04:33:20 | Computer Name = PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 22.04.2013 03:16:58 | Computer Name = PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 22.04.2013 10:38:24 | Computer Name = PC | Source = SideBySide | ID = 16842761
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\WinZip\adxloader.dll.Manifest".
 Fehler in Manifest- oder Richtliniendatei "C:\Program Files\WinZip\adxloader.dll.Manifest"
 in Zeile 2.  Das Stammelement der Manifestdatei muss assembliert sein.
 
Error - 24.04.2013 03:35:50 | Computer Name = PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 24.04.2013 12:12:32 | Computer Name = PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 25.04.2013 12:23:01 | Computer Name = PC | Source = WinMgmt | ID = 10
Description = 
 
[ Media Center Events ]
Error - 09.03.2013 13:28:45 | Computer Name = PC | Source = MCUpdate | ID = 0
Description = 18:28:45 - Fehler beim Herstellen der Internetverbindung.  18:28:45 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 09.03.2013 13:28:53 | Computer Name = PC | Source = MCUpdate | ID = 0
Description = 18:28:50 - Fehler beim Herstellen der Internetverbindung.  18:28:50 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 15.03.2013 14:27:10 | Computer Name = PC | Source = MCUpdate | ID = 0
Description = 19:27:10 - Fehler beim Herstellen der Internetverbindung.  19:27:10 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 15.03.2013 14:27:21 | Computer Name = PC | Source = MCUpdate | ID = 0
Description = 19:27:15 - Fehler beim Herstellen der Internetverbindung.  19:27:15 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 31.03.2013 05:26:15 | Computer Name = PC | Source = MCUpdate | ID = 0
Description = 11:26:10 - Fehler beim Herstellen der Internetverbindung.  11:26:10 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 31.03.2013 06:26:23 | Computer Name = PC | Source = MCUpdate | ID = 0
Description = 12:26:20 - Fehler beim Herstellen der Internetverbindung.  12:26:20 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 31.03.2013 07:26:29 | Computer Name = PC | Source = MCUpdate | ID = 0
Description = 13:26:27 - Fehler beim Herstellen der Internetverbindung.  13:26:27 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 31.03.2013 08:26:36 | Computer Name = PC | Source = MCUpdate | ID = 0
Description = 14:26:34 - Fehler beim Herstellen der Internetverbindung.  14:26:34 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 12.04.2013 13:24:48 | Computer Name = PC | Source = MCUpdate | ID = 0
Description = 19:24:48 - Fehler beim Herstellen der Internetverbindung.  19:24:48 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 12.04.2013 13:24:59 | Computer Name = PC | Source = MCUpdate | ID = 0
Description = 19:24:53 - Fehler beim Herstellen der Internetverbindung.  19:24:53 
-     Serververbindung konnte nicht hergestellt werden..  
 
[ System Events ]
Error - 19.04.2013 11:36:44 | Computer Name = PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   ArcCtrl  archlp
 
Error - 20.04.2013 08:40:03 | Computer Name = PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   ArcCtrl  archlp
 
Error - 21.04.2013 04:22:10 | Computer Name = PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   ArcCtrl  archlp
 
Error - 21.04.2013 04:31:39 | Computer Name = PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   ArcCtrl  archlp
 
Error - 21.04.2013 07:15:40 | Computer Name = PC | Source = Microsoft-Windows-HAL | ID = 12
Description = Der Speicher wurde beim letzten Leistungsübergang des Systems von 
der Plattformfirmware beschädigt. Überprüfen Sie, ob für Ihr System aktualisierte
 Firmware verfügbar ist.
 
Error - 22.04.2013 03:15:18 | Computer Name = PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   ArcCtrl  archlp
 
Error - 22.04.2013 09:00:58 | Computer Name = PC | Source = Microsoft-Windows-HAL | ID = 12
Description = Der Speicher wurde beim letzten Leistungsübergang des Systems von 
der Plattformfirmware beschädigt. Überprüfen Sie, ob für Ihr System aktualisierte
 Firmware verfügbar ist.
 
Error - 24.04.2013 03:34:12 | Computer Name = PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   ArcCtrl  archlp
 
Error - 24.04.2013 12:10:53 | Computer Name = PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   ArcCtrl  archlp
 
Error - 25.04.2013 12:21:19 | Computer Name = PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   ArcCtrl  archlp
 
 
< End of report >
         
--- --- ---



GMER

Code:
ATTFilter
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-04-25 19:29:08
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 INTEL_SSDSA2CW080G3 rev.4PC10302 74,53GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Admin\AppData\Local\Temp\fgldapow.sys


---- User code sections - GMER 2.1 ----

.text   C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[1816] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69          00000000764a1465 2 bytes [4A, 76]
.text   C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[1816] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155         00000000764a14bb 2 bytes [4A, 76]
.text   ...                                                                                                                                     * 2
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[620] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69   00000000764a1465 2 bytes [4A, 76]
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[620] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  00000000764a14bb 2 bytes [4A, 76]
.text   ...                                                                                                                                     * 2
.text   F:\Open Office\program\soffice.bin[1136] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                        00000000764a1465 2 bytes [4A, 76]
.text   F:\Open Office\program\soffice.bin[1136] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                       00000000764a14bb 2 bytes [4A, 76]
.text   ...                                                                                                                                     * 2

---- Threads - GMER 2.1 ----

Thread  C:\Windows\System32\svchost.exe [1632:3648]                                                                                             000007feeedf9688

---- EOF - GMER 2.1 ----
         

Geändert von Mr.Green (25.04.2013 um 19:54 Uhr) Grund: gmer.txt eingefügt

Alt 26.04.2013, 08:57   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Mail Account gehackt? - Standard

Mail Account gehackt?



Hallo und

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die jemals fündig geworden?
Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 27.04.2013, 14:43   #3
Mr.Green
 
Mail Account gehackt? - Standard

Mail Account gehackt?



Hallo Cosinus, danke für deine Antwort. Nein bisher habe ich keine Funde, ich hatte gleich hier gepostet. Scan läuft aber gerade. Die Logs dann hier posten?
__________________

Alt 27.04.2013, 17:32   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Mail Account gehackt? - Standard

Mail Account gehackt?



Warum läuft da ein Scan, ich hab doch gepostet du sollst keine neuen Scans starten
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 27.04.2013, 17:48   #5
Mr.Green
 
Mail Account gehackt? - Standard

Mail Account gehackt?



Hi, ich dachte, ohne Virenfund eine Log zu posten mache wenig Sinn. Also schien es mir einleuchtend zu gucken, ob der Rechner befallen ist. In deinem Link stand auch, es nütze nichts nur Logs zu posten und dann zu fragen, ob der Rechner clean sei. Daher der Scan. Also wie gehabt, keine Funde zum Zeitpunkt des Posts hier.


Alt 27.04.2013, 17:50   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Mail Account gehackt? - Standard

Mail Account gehackt?



Ich glaube wir reden aneinander vorbei
Ich hatte dich im ersten Posting gebeten, keine neuen Scans zu machen, sondern nur Logs zu posten falls es Funde gab. Du solltest keinen neuen Scan starten, hast du aber.
Was kam denn da jetzt raus, wo ist das Log dazu?
__________________
--> Mail Account gehackt?

Alt 27.04.2013, 17:56   #7
Mr.Green
 
Mail Account gehackt? - Standard

Mail Account gehackt?



Sorry, dann hab ich das wohl mißverstanden.

Avira hat nichts gefunden und hier der Log von malwarebytes:

Code:
ATTFilter
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.04.27.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Standard :: PC [limited]

27.04.2013 18:53:06
mbam-log-2013-04-27 (18-53-06).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 161790
Time elapsed: 1 minute(s), 18 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
         

Alt 27.04.2013, 17:59   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Mail Account gehackt? - Standard

Mail Account gehackt?



Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Die Logs der aufgegebenen Tools wie zB Malwarebytes sind immer zu posten - egal ob ein Fund dabei war oder nicht!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.


Bitte die drei Tools MBAR / aswMBR / TDSSkiller nun ausführen und die Logs in CODE-Tags posten


MBAR (Malwarebytes Anti-Rootkit)

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers


aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



TDSS-Killer

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 27.04.2013, 18:10   #9
Mr.Green
 
Mail Account gehackt? - Standard

Mail Account gehackt?



Zitat:
Grundsätzlich bereinigen wir keine gewerblich genutzen Rechner. Dafür ist die IT Abteilung eurer Firma zuständig.

Bei Kleinunternehmen, welche keinen IT Support haben, machen wir da eine Ausnahme und helfen gerne ( kleine Spende hilft auch uns ).
Voraussetzung: Ihr teilt uns dies in eurer ersten Antwort mit.
Das trifft bei mir zu, geht das trotzdem klar? Ich würde mich dann mit einer Spende bei euch bedanken.

Alt 27.04.2013, 18:12   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Mail Account gehackt? - Standard

Mail Account gehackt?



Wo bitte hast du vorher erwähnt, dass das ein gewerblich genutzer Rechner ist?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 27.04.2013, 18:17   #11
Mr.Green
 
Mail Account gehackt? - Standard

Mail Account gehackt?



Ich bin deinen letzten Post durchgegangen, dann eben auf diesen Hinweis gestossen und daraufhin hab ichs dir mitgeteilt. Das sollte doch korrekt sein? Edit: Den Kleinunternehmerpassus hatte ich vorher nicht gesehen, es steckt da von mir sicher keine schlechte Absicht hinter.

Geändert von Mr.Green (27.04.2013 um 19:11 Uhr)

Alt 28.04.2013, 17:55   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Mail Account gehackt? - Standard

Mail Account gehackt?



Ja bei Kleinunternehmern helfen wir natürlich auch weiter, nur solltest du dir darüber bewusst sein:

Zitat:
Bedenkt jedoch, dass Logfiles viele heikle Informationen enthalten können ( Kundendaten, Bankdaten, etc ) sowie das Malware die Möglichkeit besitzt, diese auszuspähen und zu missbrauchen. Hier legen wir euch ein Formatieren und Neuaufsetzen nahe.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 29.04.2013, 05:39   #13
Mr.Green
 
Mail Account gehackt? - Standard

Mail Account gehackt?



Ok, hier also die Logs:

Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org

Database version: v2013.04.27.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Admin :: PC [administrator]

27.04.2013 19:28:17
mbar-log-2013-04-27 (19-28-17).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 28943
Time elapsed: 3 minute(s), 22 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
         

Code:
ATTFilter
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-04-27 19:34:23
-----------------------------
19:34:23.902    OS Version: Windows x64 6.1.7601 Service Pack 1
19:34:23.902    Number of processors: 8 586 0x1A04
19:34:23.903    ComputerName: PC  UserName: 
19:34:24.051    Initialize success
19:39:43.951    AVAST engine defs: 13042700
19:41:26.944    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
19:41:26.946    Disk 0 Vendor: INTEL_SSDSA2CW080G3 4PC10302 Size: 76318MB BusType: 3
19:41:26.949    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP3T0L0-4
19:41:26.951    Disk 1 Vendor: Hitachi_HDS721010CLA332 JP4OA3MA Size: 953869MB BusType: 3
19:41:26.967    Disk 0 MBR read successfully
19:41:26.970    Disk 0 MBR scan
19:41:26.976    Disk 0 Windows 7 default MBR code
19:41:26.980    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
19:41:26.986    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS        76216 MB offset 206848
19:41:27.001    Disk 0 scanning C:\Windows\system32\drivers
19:41:30.993    Service scanning
19:41:39.336    Modules scanning
19:41:39.344    Disk 0 trace - called modules:
19:41:39.352    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys 
19:41:39.357    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800622e790]
19:41:39.363    3 CLASSPNP.SYS[fffff8800191a43f] -> nt!IofCallDriver -> [0xfffffa8005ffae40]
19:41:39.368    5 ACPI.sys[fffff88000f237a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0xfffffa800600a060]
19:41:39.543    AVAST engine scan C:\Windows
19:41:39.961    AVAST engine scan C:\Windows\system32
19:43:06.280    AVAST engine scan C:\Windows\system32\drivers
19:43:10.719    AVAST engine scan C:\Users\Admin
19:43:34.031    AVAST engine scan C:\ProgramData
19:43:52.217    Scan finished successfully
19:44:36.242    Disk 0 MBR has been saved successfully to "F:\Downloads\MBR.dat"
19:44:36.245    The log file has been saved successfully to "F:\Downloads\aswMBR_27-04-13.txt"
         
Code:
ATTFilter
19:49:47.0101 3676  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
19:49:47.0437 3676  ============================================================
19:49:47.0437 3676  Current date / time: 2013/04/27 19:49:47.0437
19:49:47.0437 3676  SystemInfo:
19:49:47.0437 3676  
19:49:47.0437 3676  OS Version: 6.1.7601 ServicePack: 1.0
19:49:47.0437 3676  Product type: Workstation
19:49:47.0437 3676  ComputerName: PC
19:49:47.0437 3676  UserName: Admin
19:49:47.0437 3676  Windows directory: C:\Windows
19:49:47.0437 3676  System windows directory: C:\Windows
19:49:47.0437 3676  Running under WOW64
19:49:47.0437 3676  Processor architecture: Intel x64
19:49:47.0437 3676  Number of processors: 8
19:49:47.0437 3676  Page size: 0x1000
19:49:47.0437 3676  Boot type: Normal boot
19:49:47.0437 3676  ============================================================
19:49:47.0630 3676  Drive \Device\Harddisk0\DR0 - Size: 0x12A1E0DE00 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2861, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
19:49:47.0645 3676  Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:49:47.0649 3676  ============================================================
19:49:47.0649 3676  \Device\Harddisk0\DR0:
19:49:47.0649 3676  MBR partitions:
19:49:47.0649 3676  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
19:49:47.0649 3676  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x94DC000
19:49:47.0649 3676  \Device\Harddisk1\DR1:
19:49:47.0650 3676  MBR partitions:
19:49:47.0650 3676  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x2877B000
19:49:47.0650 3676  \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x2877B800, BlocksNum 0x249F0000
19:49:47.0650 3676  \Device\Harddisk1\DR1\Partition3: MBR, Type 0x7, StartLBA 0x4D16B800, BlocksNum 0x2759A000
19:49:47.0650 3676  ============================================================
19:49:47.0651 3676  C: <-> \Device\Harddisk0\DR0\Partition2
19:49:47.0668 3676  D: <-> \Device\Harddisk1\DR1\Partition1
19:49:47.0697 3676  E: <-> \Device\Harddisk1\DR1\Partition2
19:49:47.0731 3676  F: <-> \Device\Harddisk1\DR1\Partition3
19:49:47.0731 3676  ============================================================
19:49:47.0731 3676  Initialize success
19:49:47.0731 3676  ============================================================
19:52:45.0809 4604  ============================================================
19:52:45.0809 4604  Scan started
19:52:45.0809 4604  Mode: Manual; SigCheck; TDLFS; 
19:52:45.0809 4604  ============================================================
19:52:46.0136 4604  ================ Scan system memory ========================
19:52:46.0136 4604  System memory - ok
19:52:46.0136 4604  ================ Scan services =============================
19:52:46.0168 4604  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\DRIVERS\1394ohci.sys
19:52:46.0199 4604  1394ohci - ok
19:52:46.0214 4604  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
19:52:46.0214 4604  ACPI - ok
19:52:46.0230 4604  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
19:52:46.0246 4604  AcpiPmi - ok
19:52:46.0261 4604  ADExchange - ok
19:52:46.0261 4604  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
19:52:46.0261 4604  AdobeARMservice - ok
19:52:46.0277 4604  [ 479901C99FA62D1C3261B7ACB1228DAD ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
19:52:46.0292 4604  AdobeFlashPlayerUpdateSvc - ok
19:52:46.0308 4604  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
19:52:46.0324 4604  adp94xx - ok
19:52:46.0324 4604  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
19:52:46.0339 4604  adpahci - ok
19:52:46.0339 4604  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
19:52:46.0355 4604  adpu320 - ok
19:52:46.0355 4604  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
19:52:46.0417 4604  AeLookupSvc - ok
19:52:46.0417 4604  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
19:52:46.0433 4604  AFD - ok
19:52:46.0448 4604  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
19:52:46.0448 4604  agp440 - ok
19:52:46.0448 4604  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
19:52:46.0464 4604  ALG - ok
19:52:46.0480 4604  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
19:52:46.0480 4604  aliide - ok
19:52:46.0480 4604  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
19:52:46.0495 4604  amdide - ok
19:52:46.0495 4604  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
19:52:46.0511 4604  AmdK8 - ok
19:52:46.0511 4604  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
19:52:46.0526 4604  AmdPPM - ok
19:52:46.0526 4604  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
19:52:46.0542 4604  amdsata - ok
19:52:46.0542 4604  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
19:52:46.0558 4604  amdsbs - ok
19:52:46.0558 4604  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
19:52:46.0573 4604  amdxata - ok
19:52:46.0573 4604  [ D9A92E6DD41C5ADC045AE485026AA40C ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
19:52:46.0589 4604  AntiVirSchedulerService - ok
19:52:46.0589 4604  [ 66A7A38F7C439153B758548375EB9E5E ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
19:52:46.0589 4604  AntiVirService - ok
19:52:46.0604 4604  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
19:52:46.0651 4604  AppID - ok
19:52:46.0667 4604  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
19:52:46.0682 4604  AppIDSvc - ok
19:52:46.0682 4604  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
19:52:46.0714 4604  Appinfo - ok
19:52:46.0714 4604  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\drivers\arc.sys
19:52:46.0729 4604  arc - ok
19:52:46.0729 4604  ArcCtrl - ok
19:52:46.0729 4604  archlp - ok
19:52:46.0745 4604  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\drivers\arcsas.sys
19:52:46.0745 4604  arcsas - ok
19:52:46.0760 4604  [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
19:52:46.0760 4604  aspnet_state - ok
19:52:46.0760 4604  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
19:52:46.0792 4604  AsyncMac - ok
19:52:46.0792 4604  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
19:52:46.0807 4604  atapi - ok
19:52:46.0807 4604  [ FC0E8778C000291CAF60EB88C011E931 ] atksgt          C:\Windows\system32\DRIVERS\atksgt.sys
19:52:46.0823 4604  atksgt - ok
19:52:46.0838 4604  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:52:46.0870 4604  AudioEndpointBuilder - ok
19:52:46.0885 4604  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
19:52:46.0901 4604  AudioSrv - ok
19:52:46.0916 4604  [ 09E6069EF94B345061B4BD3CEBD974C8 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
19:52:46.0916 4604  avgntflt - ok
19:52:46.0916 4604  [ 488486DAD09A5B6C6DBB8B990A8B2307 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
19:52:46.0932 4604  avipbb - ok
19:52:46.0932 4604  [ 490FA25161BF3E51993EB724ECF0ACEB ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
19:52:46.0948 4604  avkmgr - ok
19:52:46.0948 4604  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
19:52:46.0979 4604  AxInstSV - ok
19:52:46.0979 4604  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
19:52:46.0994 4604  b06bdrv - ok
19:52:46.0994 4604  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
19:52:47.0010 4604  b57nd60a - ok
19:52:47.0026 4604  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
19:52:47.0026 4604  BDESVC - ok
19:52:47.0026 4604  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
19:52:47.0057 4604  Beep - ok
19:52:47.0072 4604  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
19:52:47.0119 4604  BFE - ok
19:52:47.0119 4604  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
19:52:47.0166 4604  BITS - ok
19:52:47.0166 4604  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
19:52:47.0166 4604  blbdrive - ok
19:52:47.0182 4604  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
19:52:47.0182 4604  bowser - ok
19:52:47.0182 4604  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
19:52:47.0197 4604  BrFiltLo - ok
19:52:47.0197 4604  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
19:52:47.0213 4604  BrFiltUp - ok
19:52:47.0213 4604  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
19:52:47.0228 4604  Browser - ok
19:52:47.0244 4604  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
19:52:47.0260 4604  Brserid - ok
19:52:47.0260 4604  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
19:52:47.0275 4604  BrSerWdm - ok
19:52:47.0275 4604  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
19:52:47.0291 4604  BrUsbMdm - ok
19:52:47.0291 4604  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
19:52:47.0306 4604  BrUsbSer - ok
19:52:47.0306 4604  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
19:52:47.0322 4604  BTHMODEM - ok
19:52:47.0322 4604  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
19:52:47.0353 4604  bthserv - ok
19:52:47.0353 4604  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
19:52:47.0384 4604  cdfs - ok
19:52:47.0384 4604  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
19:52:47.0384 4604  cdrom - ok
19:52:47.0400 4604  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
19:52:47.0416 4604  CertPropSvc - ok
19:52:47.0431 4604  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\drivers\circlass.sys
19:52:47.0431 4604  circlass - ok
19:52:47.0447 4604  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
19:52:47.0462 4604  CLFS - ok
19:52:47.0462 4604  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:52:47.0478 4604  clr_optimization_v2.0.50727_32 - ok
19:52:47.0478 4604  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:52:47.0478 4604  clr_optimization_v2.0.50727_64 - ok
19:52:47.0494 4604  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:52:47.0494 4604  clr_optimization_v4.0.30319_32 - ok
19:52:47.0509 4604  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:52:47.0509 4604  clr_optimization_v4.0.30319_64 - ok
19:52:47.0509 4604  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
19:52:47.0525 4604  CmBatt - ok
19:52:47.0525 4604  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
19:52:47.0540 4604  cmdide - ok
19:52:47.0540 4604  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
19:52:47.0572 4604  CNG - ok
19:52:47.0572 4604  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
19:52:47.0572 4604  Compbatt - ok
19:52:47.0587 4604  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
19:52:47.0587 4604  CompositeBus - ok
19:52:47.0587 4604  COMSysApp - ok
19:52:47.0603 4604  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
19:52:47.0603 4604  crcdisk - ok
19:52:47.0618 4604  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
19:52:47.0634 4604  CryptSvc - ok
19:52:47.0634 4604  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
19:52:47.0665 4604  DcomLaunch - ok
19:52:47.0665 4604  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
19:52:47.0712 4604  defragsvc - ok
19:52:47.0712 4604  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
19:52:47.0728 4604  DfsC - ok
19:52:47.0743 4604  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
19:52:47.0759 4604  Dhcp - ok
19:52:47.0759 4604  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
19:52:47.0790 4604  discache - ok
19:52:47.0790 4604  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\drivers\disk.sys
19:52:47.0806 4604  Disk - ok
19:52:47.0806 4604  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
19:52:47.0821 4604  Dnscache - ok
19:52:47.0821 4604  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
19:52:47.0852 4604  dot3svc - ok
19:52:47.0852 4604  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
19:52:47.0884 4604  DPS - ok
19:52:47.0884 4604  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
19:52:47.0899 4604  drmkaud - ok
19:52:47.0915 4604  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
19:52:47.0946 4604  DXGKrnl - ok
19:52:47.0946 4604  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
19:52:47.0977 4604  EapHost - ok
19:52:48.0008 4604  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\drivers\evbda.sys
19:52:48.0055 4604  ebdrv - ok
19:52:48.0055 4604  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
19:52:48.0071 4604  EFS - ok
19:52:48.0086 4604  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
19:52:48.0102 4604  ehRecvr - ok
19:52:48.0102 4604  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
19:52:48.0118 4604  ehSched - ok
19:52:48.0133 4604  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
19:52:48.0149 4604  elxstor - ok
19:52:48.0149 4604  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
19:52:48.0149 4604  ErrDev - ok
19:52:48.0164 4604  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
19:52:48.0196 4604  EventSystem - ok
19:52:48.0196 4604  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
19:52:48.0227 4604  exfat - ok
19:52:48.0227 4604  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
19:52:48.0258 4604  fastfat - ok
19:52:48.0274 4604  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
19:52:48.0289 4604  Fax - ok
19:52:48.0305 4604  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
19:52:48.0305 4604  fdc - ok
19:52:48.0305 4604  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
19:52:48.0336 4604  fdPHost - ok
19:52:48.0336 4604  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
19:52:48.0367 4604  FDResPub - ok
19:52:48.0367 4604  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
19:52:48.0383 4604  FileInfo - ok
19:52:48.0383 4604  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
19:52:48.0414 4604  Filetrace - ok
19:52:48.0414 4604  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
19:52:48.0430 4604  flpydisk - ok
19:52:48.0430 4604  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
19:52:48.0445 4604  FltMgr - ok
19:52:48.0461 4604  [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\Windows\system32\FntCache.dll
19:52:48.0492 4604  FontCache - ok
19:52:48.0492 4604  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:52:48.0492 4604  FontCache3.0.0.0 - ok
19:52:48.0508 4604  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
19:52:48.0508 4604  FsDepends - ok
19:52:48.0508 4604  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
19:52:48.0523 4604  Fs_Rec - ok
19:52:48.0523 4604  [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
19:52:48.0539 4604  fvevol - ok
19:52:48.0539 4604  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
19:52:48.0554 4604  gagp30kx - ok
19:52:48.0570 4604  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
19:52:48.0601 4604  gpsvc - ok
19:52:48.0601 4604  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
19:52:48.0617 4604  hcw85cir - ok
19:52:48.0632 4604  [ C4A20A7C685FE8EB60ED9564F25DE298 ] hcw95bda        C:\Windows\system32\Drivers\hcw95bda.sys
19:52:48.0648 4604  hcw95bda - ok
19:52:48.0648 4604  [ F6EFDCF33CD1CB40F3F623CF9E077D1F ] hcw95rc         C:\Windows\system32\DRIVERS\hcw95rc.sys
19:52:48.0648 4604  hcw95rc - ok
19:52:48.0664 4604  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:52:48.0679 4604  HdAudAddService - ok
19:52:48.0679 4604  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
19:52:48.0695 4604  HDAudBus - ok
19:52:48.0695 4604  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
19:52:48.0710 4604  HidBatt - ok
19:52:48.0710 4604  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
19:52:48.0726 4604  HidBth - ok
19:52:48.0726 4604  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\drivers\hidir.sys
19:52:48.0726 4604  HidIr - ok
19:52:48.0742 4604  [ 957BD482212B77624E63A54EDDB414F8 ] hidkmdf         C:\Windows\system32\DRIVERS\hidkmdf.sys
19:52:48.0742 4604  hidkmdf - ok
19:52:48.0742 4604  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
19:52:48.0773 4604  hidserv - ok
19:52:48.0773 4604  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
19:52:48.0788 4604  HidUsb - ok
19:52:48.0788 4604  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
19:52:48.0820 4604  hkmsvc - ok
19:52:48.0820 4604  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:52:48.0835 4604  HomeGroupListener - ok
19:52:48.0835 4604  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:52:48.0851 4604  HomeGroupProvider - ok
19:52:48.0851 4604  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
19:52:48.0866 4604  HpSAMD - ok
19:52:48.0866 4604  [ F47CEC45FB85791D4AB237563AD0FA8F ] HTCAND64        C:\Windows\system32\Drivers\ANDROIDUSB.sys
19:52:48.0882 4604  HTCAND64 - ok
19:52:48.0913 4604  [ 5C8BC8A28798FD010E7ABC4E0D588CAA ] HTCMonitorService F:\HTC Sync\HSMServiceEntry.exe
19:52:48.0929 4604  HTCMonitorService - ok
19:52:48.0929 4604  [ B8B1B284362E1D8135112573395D5DA5 ] htcnprot        C:\Windows\system32\DRIVERS\htcnprot.sys
19:52:48.0944 4604  htcnprot - ok
19:52:48.0944 4604  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
19:52:48.0991 4604  HTTP - ok
19:52:48.0991 4604  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
19:52:48.0991 4604  hwpolicy - ok
19:52:49.0007 4604  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
19:52:49.0007 4604  i8042prt - ok
19:52:49.0022 4604  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
19:52:49.0038 4604  iaStorV - ok
19:52:49.0054 4604  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:52:49.0069 4604  idsvc - ok
19:52:49.0069 4604  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
19:52:49.0085 4604  iirsp - ok
19:52:49.0085 4604  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
19:52:49.0132 4604  IKEEXT - ok
19:52:49.0132 4604  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
19:52:49.0147 4604  intelide - ok
19:52:49.0147 4604  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
19:52:49.0147 4604  intelppm - ok
19:52:49.0163 4604  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
19:52:49.0194 4604  IPBusEnum - ok
19:52:49.0194 4604  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:52:49.0210 4604  IpFilterDriver - ok
19:52:49.0225 4604  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
19:52:49.0241 4604  iphlpsvc - ok
19:52:49.0241 4604  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
19:52:49.0256 4604  IPMIDRV - ok
19:52:49.0256 4604  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
19:52:49.0288 4604  IPNAT - ok
19:52:49.0288 4604  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
19:52:49.0303 4604  IRENUM - ok
19:52:49.0303 4604  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
19:52:49.0319 4604  isapnp - ok
19:52:49.0319 4604  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
19:52:49.0334 4604  iScsiPrt - ok
19:52:49.0334 4604  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
19:52:49.0350 4604  kbdclass - ok
19:52:49.0350 4604  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
19:52:49.0366 4604  kbdhid - ok
19:52:49.0366 4604  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
19:52:49.0381 4604  KeyIso - ok
19:52:49.0381 4604  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
19:52:49.0381 4604  KSecDD - ok
19:52:49.0397 4604  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
19:52:49.0397 4604  KSecPkg - ok
19:52:49.0412 4604  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
19:52:49.0428 4604  ksthunk - ok
19:52:49.0444 4604  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
19:52:49.0475 4604  KtmRm - ok
19:52:49.0475 4604  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
19:52:49.0506 4604  LanmanServer - ok
19:52:49.0522 4604  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:52:49.0553 4604  LanmanWorkstation - ok
19:52:49.0553 4604  [ 70FB6254E29150A7A4A39FDFFD306C33 ] LBTServ         C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
19:52:49.0568 4604  LBTServ - ok
19:52:49.0568 4604  [ A03B765FF67E58BA75333C7C8C0D7706 ] LEqdUsb         C:\Windows\system32\DRIVERS\LEqdUsb.Sys
19:52:49.0584 4604  LEqdUsb - ok
19:52:49.0584 4604  [ 389588725D419476F365370BED4FFE5A ] LHidEqd         C:\Windows\system32\DRIVERS\LHidEqd.Sys
19:52:49.0584 4604  LHidEqd - ok
19:52:49.0600 4604  [ 1470EF17E02E82E4F43346DF9E9F11E1 ] LHidFilt        C:\Windows\system32\DRIVERS\LHidFilt.Sys
19:52:49.0600 4604  LHidFilt - ok
19:52:49.0615 4604  [ 156AB2E56DC3CA0B582E3362E07CDED7 ] lirsgt          C:\Windows\system32\DRIVERS\lirsgt.sys
19:52:49.0615 4604  lirsgt - ok
19:52:49.0615 4604  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
19:52:49.0646 4604  lltdio - ok
19:52:49.0662 4604  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
19:52:49.0678 4604  lltdsvc - ok
19:52:49.0693 4604  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
19:52:49.0709 4604  lmhosts - ok
19:52:49.0724 4604  [ 12814AE119E959437BEA3110F81BD188 ] LMouFilt        C:\Windows\system32\DRIVERS\LMouFilt.Sys
19:52:49.0724 4604  LMouFilt - ok
19:52:49.0724 4604  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
19:52:49.0740 4604  LSI_FC - ok
19:52:49.0740 4604  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
19:52:49.0756 4604  LSI_SAS - ok
19:52:49.0756 4604  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
19:52:49.0771 4604  LSI_SAS2 - ok
19:52:49.0771 4604  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
19:52:49.0787 4604  LSI_SCSI - ok
19:52:49.0787 4604  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
19:52:49.0818 4604  luafv - ok
19:52:49.0818 4604  [ 67DC00F1EA2743A9CA4CDA5CA89AD2CB ] LUsbFilt        C:\Windows\system32\Drivers\LUsbFilt.Sys
19:52:49.0834 4604  LUsbFilt - ok
19:52:49.0834 4604  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
19:52:49.0834 4604  Mcx2Svc - ok
19:52:49.0849 4604  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\drivers\megasas.sys
19:52:49.0849 4604  megasas - ok
19:52:49.0865 4604  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
19:52:49.0880 4604  MegaSR - ok
19:52:49.0880 4604  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
19:52:49.0896 4604  MMCSS - ok
19:52:49.0912 4604  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
19:52:49.0927 4604  Modem - ok
19:52:49.0943 4604  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
19:52:49.0943 4604  monitor - ok
19:52:49.0943 4604  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
19:52:49.0958 4604  mouclass - ok
19:52:49.0958 4604  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
19:52:49.0974 4604  mouhid - ok
19:52:49.0974 4604  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
19:52:49.0990 4604  mountmgr - ok
19:52:49.0990 4604  [ 7EDBBB9351A38C6BB0FE98CFD44DB430 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
19:52:50.0005 4604  MozillaMaintenance - ok
19:52:50.0005 4604  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
19:52:50.0021 4604  mpio - ok
19:52:50.0021 4604  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
19:52:50.0052 4604  mpsdrv - ok
19:52:50.0068 4604  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
19:52:50.0099 4604  MpsSvc - ok
19:52:50.0114 4604  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
19:52:50.0114 4604  MRxDAV - ok
19:52:50.0130 4604  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
19:52:50.0130 4604  mrxsmb - ok
19:52:50.0146 4604  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:52:50.0161 4604  mrxsmb10 - ok
19:52:50.0161 4604  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:52:50.0177 4604  mrxsmb20 - ok
19:52:50.0177 4604  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
19:52:50.0177 4604  msahci - ok
19:52:50.0192 4604  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
19:52:50.0192 4604  msdsm - ok
19:52:50.0192 4604  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
19:52:50.0208 4604  MSDTC - ok
19:52:50.0224 4604  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
19:52:50.0239 4604  Msfs - ok
19:52:50.0239 4604  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
19:52:50.0270 4604  mshidkmdf - ok
19:52:50.0270 4604  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
19:52:50.0286 4604  msisadrv - ok
19:52:50.0286 4604  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
19:52:50.0317 4604  MSiSCSI - ok
19:52:50.0317 4604  msiserver - ok
19:52:50.0317 4604  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
19:52:50.0348 4604  MSKSSRV - ok
19:52:50.0348 4604  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
19:52:50.0380 4604  MSPCLOCK - ok
19:52:50.0380 4604  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
19:52:50.0411 4604  MSPQM - ok
19:52:50.0411 4604  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
19:52:50.0426 4604  MsRPC - ok
19:52:50.0426 4604  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
19:52:50.0442 4604  mssmbios - ok
19:52:50.0442 4604  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
19:52:50.0473 4604  MSTEE - ok
19:52:50.0473 4604  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
19:52:50.0473 4604  MTConfig - ok
19:52:50.0489 4604  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
19:52:50.0489 4604  Mup - ok
19:52:50.0504 4604  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
19:52:50.0536 4604  napagent - ok
19:52:50.0536 4604  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
19:52:50.0551 4604  NativeWifiP - ok
19:52:50.0567 4604  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
19:52:50.0582 4604  NDIS - ok
19:52:50.0598 4604  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
19:52:50.0614 4604  NdisCap - ok
19:52:50.0629 4604  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
19:52:50.0645 4604  NdisTapi - ok
19:52:50.0645 4604  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
19:52:50.0676 4604  Ndisuio - ok
19:52:50.0676 4604  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
19:52:50.0707 4604  NdisWan - ok
19:52:50.0707 4604  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
19:52:50.0738 4604  NDProxy - ok
19:52:50.0738 4604  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
19:52:50.0770 4604  NetBIOS - ok
19:52:50.0770 4604  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
19:52:50.0801 4604  NetBT - ok
19:52:50.0801 4604  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
19:52:50.0816 4604  Netlogon - ok
19:52:50.0816 4604  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
19:52:50.0848 4604  Netman - ok
19:52:50.0848 4604  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:52:50.0863 4604  NetMsmqActivator - ok
19:52:50.0863 4604  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:52:50.0879 4604  NetPipeActivator - ok
19:52:50.0879 4604  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
19:52:50.0910 4604  netprofm - ok
19:52:50.0910 4604  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:52:50.0926 4604  NetTcpActivator - ok
19:52:50.0926 4604  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:52:50.0941 4604  NetTcpPortSharing - ok
19:52:50.0941 4604  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
19:52:50.0941 4604  nfrd960 - ok
19:52:50.0957 4604  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
19:52:50.0972 4604  NlaSvc - ok
19:52:50.0972 4604  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
19:52:51.0004 4604  Npfs - ok
19:52:51.0004 4604  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
19:52:51.0019 4604  nsi - ok
19:52:51.0035 4604  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
19:52:51.0050 4604  nsiproxy - ok
19:52:51.0082 4604  [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
19:52:51.0113 4604  Ntfs - ok
19:52:51.0113 4604  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
19:52:51.0144 4604  Null - ok
19:52:51.0253 4604  [ 4EE399576F76D38C04745DB739BBC8C7 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
19:52:51.0440 4604  nvlddmkm - ok
19:52:51.0440 4604  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
19:52:51.0456 4604  nvraid - ok
19:52:51.0456 4604  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
19:52:51.0472 4604  nvstor - ok
19:52:51.0487 4604  [ 7335C3D78A7746D76D37F6722CC4A466 ] nvsvc           C:\Windows\system32\nvvsvc.exe
19:52:51.0503 4604  nvsvc - ok
19:52:51.0518 4604  [ B7C53DA1C73FF39F4A6248643EFD979A ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
19:52:51.0550 4604  nvUpdatusService - ok
19:52:51.0550 4604  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
19:52:51.0565 4604  nv_agp - ok
19:52:51.0565 4604  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
19:52:51.0581 4604  ohci1394 - ok
19:52:51.0581 4604  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
19:52:51.0596 4604  p2pimsvc - ok
19:52:51.0612 4604  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
19:52:51.0628 4604  p2psvc - ok
19:52:51.0628 4604  [ B87EFC9994F53124622FA2A0CAA6D828 ] PAC7302         C:\Windows\system32\DRIVERS\PAC7302.SYS
19:52:51.0643 4604  PAC7302 - ok
19:52:51.0659 4604  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\drivers\parport.sys
19:52:51.0659 4604  Parport - ok
19:52:51.0674 4604  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
19:52:51.0674 4604  partmgr - ok
19:52:51.0674 4604  [ 5F731DD45D3B176C071E4CCEEB87B06B ] PassThru Service C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
19:52:51.0690 4604  PassThru Service ( UnsignedFile.Multi.Generic ) - warning
19:52:51.0690 4604  PassThru Service - detected UnsignedFile.Multi.Generic (1)
19:52:51.0690 4604  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
19:52:51.0706 4604  PcaSvc - ok
19:52:51.0706 4604  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
19:52:51.0721 4604  pci - ok
19:52:51.0721 4604  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
19:52:51.0737 4604  pciide - ok
19:52:51.0737 4604  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
19:52:51.0752 4604  pcmcia - ok
19:52:51.0752 4604  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
19:52:51.0768 4604  pcw - ok
19:52:51.0784 4604  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
19:52:51.0815 4604  PEAUTH - ok
19:52:51.0830 4604  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
19:52:51.0846 4604  PerfHost - ok
19:52:51.0862 4604  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
19:52:51.0908 4604  pla - ok
19:52:51.0908 4604  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
19:52:51.0924 4604  PlugPlay - ok
19:52:51.0924 4604  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
19:52:51.0940 4604  PNRPAutoReg - ok
19:52:51.0940 4604  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
19:52:51.0955 4604  PNRPsvc - ok
19:52:51.0971 4604  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
19:52:52.0002 4604  PolicyAgent - ok
19:52:52.0002 4604  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
19:52:52.0033 4604  Power - ok
19:52:52.0033 4604  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
19:52:52.0064 4604  PptpMiniport - ok
19:52:52.0064 4604  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\drivers\processr.sys
19:52:52.0080 4604  Processor - ok
19:52:52.0080 4604  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
19:52:52.0096 4604  ProfSvc - ok
19:52:52.0096 4604  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
19:52:52.0111 4604  ProtectedStorage - ok
19:52:52.0111 4604  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
19:52:52.0142 4604  Psched - ok
19:52:52.0158 4604  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
19:52:52.0189 4604  ql2300 - ok
19:52:52.0189 4604  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
19:52:52.0205 4604  ql40xx - ok
19:52:52.0205 4604  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
19:52:52.0220 4604  QWAVE - ok
19:52:52.0220 4604  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
19:52:52.0236 4604  QWAVEdrv - ok
19:52:52.0236 4604  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
19:52:52.0267 4604  RasAcd - ok
19:52:52.0267 4604  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
19:52:52.0298 4604  RasAgileVpn - ok
19:52:52.0298 4604  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
19:52:52.0330 4604  RasAuto - ok
19:52:52.0330 4604  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
19:52:52.0361 4604  Rasl2tp - ok
19:52:52.0361 4604  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
19:52:52.0392 4604  RasMan - ok
19:52:52.0408 4604  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
19:52:52.0423 4604  RasPppoe - ok
19:52:52.0439 4604  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
19:52:52.0454 4604  RasSstp - ok
19:52:52.0470 4604  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
19:52:52.0501 4604  rdbss - ok
19:52:52.0501 4604  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
19:52:52.0517 4604  rdpbus - ok
19:52:52.0517 4604  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
19:52:52.0532 4604  RDPCDD - ok
19:52:52.0548 4604  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
19:52:52.0564 4604  RDPENCDD - ok
19:52:52.0564 4604  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
19:52:52.0595 4604  RDPREFMP - ok
19:52:52.0595 4604  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
19:52:52.0610 4604  RDPWD - ok
19:52:52.0626 4604  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
19:52:52.0626 4604  rdyboost - ok
19:52:52.0642 4604  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
19:52:52.0657 4604  RemoteAccess - ok
19:52:52.0673 4604  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
19:52:52.0704 4604  RemoteRegistry - ok
19:52:52.0704 4604  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
19:52:52.0735 4604  RpcEptMapper - ok
19:52:52.0735 4604  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
19:52:52.0751 4604  RpcLocator - ok
19:52:52.0751 4604  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
19:52:52.0782 4604  RpcSs - ok
19:52:52.0782 4604  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
19:52:52.0813 4604  rspndr - ok
19:52:52.0813 4604  [ BAEFEE35D27A5440D35092CE10267BEC ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
19:52:52.0829 4604  RTL8167 - ok
19:52:52.0829 4604  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
19:52:52.0844 4604  SamSs - ok
19:52:52.0844 4604  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
19:52:52.0844 4604  sbp2port - ok
19:52:52.0860 4604  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
19:52:52.0891 4604  SCardSvr - ok
19:52:52.0891 4604  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
19:52:52.0907 4604  scfilter - ok
19:52:52.0922 4604  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
19:52:52.0969 4604  Schedule - ok
19:52:52.0969 4604  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
19:52:53.0000 4604  SCPolicySvc - ok
19:52:53.0000 4604  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
19:52:53.0016 4604  SDRSVC - ok
19:52:53.0016 4604  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
19:52:53.0047 4604  secdrv - ok
19:52:53.0047 4604  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
19:52:53.0078 4604  seclogon - ok
19:52:53.0078 4604  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
19:52:53.0110 4604  SENS - ok
19:52:53.0110 4604  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
19:52:53.0110 4604  SensrSvc - ok
19:52:53.0125 4604  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\drivers\serenum.sys
19:52:53.0125 4604  Serenum - ok
19:52:53.0141 4604  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\drivers\serial.sys
19:52:53.0141 4604  Serial - ok
19:52:53.0141 4604  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
19:52:53.0156 4604  sermouse - ok
19:52:53.0172 4604  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
19:52:53.0188 4604  SessionEnv - ok
19:52:53.0203 4604  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
19:52:53.0203 4604  sffdisk - ok
19:52:53.0219 4604  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
19:52:53.0219 4604  sffp_mmc - ok
19:52:53.0234 4604  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
19:52:53.0234 4604  sffp_sd - ok
19:52:53.0234 4604  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
19:52:53.0250 4604  sfloppy - ok
19:52:53.0250 4604  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
19:52:53.0281 4604  SharedAccess - ok
19:52:53.0297 4604  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:52:53.0328 4604  ShellHWDetection - ok
19:52:53.0328 4604  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
19:52:53.0344 4604  SiSRaid2 - ok
19:52:53.0344 4604  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
19:52:53.0344 4604  SiSRaid4 - ok
19:52:53.0359 4604  [ 8C4F0DCC6A5100D48F9B2F950CDD220F ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
19:52:53.0359 4604  SkypeUpdate - ok
19:52:53.0375 4604  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
19:52:53.0390 4604  Smb - ok
19:52:53.0406 4604  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
19:52:53.0406 4604  SNMPTRAP - ok
19:52:53.0422 4604  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
19:52:53.0422 4604  spldr - ok
19:52:53.0437 4604  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
19:52:53.0453 4604  Spooler - ok
19:52:53.0484 4604  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
19:52:53.0546 4604  sppsvc - ok
19:52:53.0562 4604  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
19:52:53.0578 4604  sppuinotify - ok
19:52:53.0593 4604  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
19:52:53.0609 4604  srv - ok
19:52:53.0609 4604  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
19:52:53.0624 4604  srv2 - ok
19:52:53.0640 4604  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
19:52:53.0640 4604  srvnet - ok
19:52:53.0656 4604  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
19:52:53.0687 4604  SSDPSRV - ok
19:52:53.0687 4604  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
19:52:53.0718 4604  SstpSvc - ok
19:52:53.0718 4604  Steam Client Service - ok
19:52:53.0718 4604  [ 81F177C1954453AF407604160BD149CB ] Stereo Service  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
19:52:53.0734 4604  Stereo Service - ok
19:52:53.0734 4604  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\drivers\stexstor.sys
19:52:53.0749 4604  stexstor - ok
19:52:53.0765 4604  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
19:52:53.0780 4604  stisvc - ok
19:52:53.0780 4604  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
19:52:53.0796 4604  swenum - ok
19:52:53.0796 4604  [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard     C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
19:52:53.0812 4604  SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
19:52:53.0812 4604  SwitchBoard - detected UnsignedFile.Multi.Generic (1)
19:52:53.0827 4604  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
19:52:53.0858 4604  swprv - ok
19:52:53.0874 4604  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
19:52:53.0905 4604  SysMain - ok
19:52:53.0921 4604  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:52:53.0936 4604  TabletInputService - ok
19:52:53.0936 4604  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
19:52:53.0968 4604  TapiSrv - ok
19:52:53.0968 4604  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
19:52:53.0999 4604  TBS - ok
19:52:54.0014 4604  [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
19:52:54.0061 4604  Tcpip - ok
19:52:54.0092 4604  [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
19:52:54.0124 4604  TCPIP6 - ok
19:52:54.0124 4604  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
19:52:54.0139 4604  tcpipreg - ok
19:52:54.0139 4604  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
19:52:54.0155 4604  TDPIPE - ok
19:52:54.0155 4604  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
19:52:54.0170 4604  TDTCP - ok
19:52:54.0170 4604  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
19:52:54.0202 4604  tdx - ok
19:52:54.0202 4604  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
19:52:54.0202 4604  TermDD - ok
19:52:54.0217 4604  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
19:52:54.0248 4604  TermService - ok
19:52:54.0248 4604  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
19:52:54.0264 4604  Themes - ok
19:52:54.0264 4604  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
19:52:54.0295 4604  THREADORDER - ok
19:52:54.0295 4604  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
19:52:54.0326 4604  TrkWks - ok
19:52:54.0326 4604  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:52:54.0358 4604  TrustedInstaller - ok
19:52:54.0358 4604  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
19:52:54.0389 4604  tssecsrv - ok
19:52:54.0389 4604  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
19:52:54.0404 4604  TsUsbFlt - ok
19:52:54.0404 4604  [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
19:52:54.0420 4604  TsUsbGD - ok
19:52:54.0420 4604  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
19:52:54.0451 4604  tunnel - ok
19:52:54.0451 4604  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
19:52:54.0467 4604  uagp35 - ok
19:52:54.0467 4604  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
19:52:54.0498 4604  udfs - ok
19:52:54.0514 4604  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
19:52:54.0514 4604  UI0Detect - ok
19:52:54.0529 4604  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
19:52:54.0529 4604  uliagpkx - ok
19:52:54.0545 4604  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
19:52:54.0545 4604  umbus - ok
19:52:54.0545 4604  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\drivers\umpass.sys
19:52:54.0560 4604  UmPass - ok
19:52:54.0560 4604  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
19:52:54.0607 4604  upnphost - ok
19:52:54.0607 4604  [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
19:52:54.0623 4604  usbaudio - ok
19:52:54.0623 4604  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
19:52:54.0638 4604  usbccgp - ok
19:52:54.0638 4604  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
19:52:54.0654 4604  usbcir - ok
19:52:54.0654 4604  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
19:52:54.0670 4604  usbehci - ok
19:52:54.0670 4604  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
19:52:54.0685 4604  usbhub - ok
19:52:54.0685 4604  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
19:52:54.0701 4604  usbohci - ok
19:52:54.0701 4604  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
19:52:54.0716 4604  usbprint - ok
19:52:54.0716 4604  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
19:52:54.0732 4604  usbscan - ok
19:52:54.0732 4604  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:52:54.0748 4604  USBSTOR - ok
19:52:54.0748 4604  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
19:52:54.0763 4604  usbuhci - ok
19:52:54.0763 4604  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
19:52:54.0794 4604  UxSms - ok
19:52:54.0794 4604  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
19:52:54.0794 4604  VaultSvc - ok
19:52:54.0810 4604  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
19:52:54.0810 4604  vdrvroot - ok
19:52:54.0826 4604  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
19:52:54.0857 4604  vds - ok
19:52:54.0857 4604  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
19:52:54.0872 4604  vga - ok
19:52:54.0872 4604  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
19:52:54.0904 4604  VgaSave - ok
19:52:54.0904 4604  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
19:52:54.0919 4604  vhdmp - ok
19:52:54.0919 4604  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
19:52:54.0935 4604  viaide - ok
19:52:54.0935 4604  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
19:52:54.0950 4604  volmgr - ok
19:52:54.0950 4604  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
19:52:54.0966 4604  volmgrx - ok
19:52:54.0982 4604  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
19:52:54.0982 4604  volsnap - ok
19:52:54.0997 4604  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
19:52:54.0997 4604  vsmraid - ok
19:52:55.0013 4604  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
19:52:55.0060 4604  VSS - ok
19:52:55.0075 4604  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
19:52:55.0091 4604  vwifibus - ok
19:52:55.0106 4604  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
19:52:55.0138 4604  W32Time - ok
19:52:55.0138 4604  [ 2F4B66BAB9F4C9D0FF4FCAA6D8888991 ] WacHidRouter    C:\Windows\system32\DRIVERS\wachidrouter.sys
19:52:55.0153 4604  WacHidRouter - ok
19:52:55.0153 4604  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
19:52:55.0169 4604  WacomPen - ok
19:52:55.0169 4604  [ 366669F53F8CAF96AF9264EF9BC95084 ] wacomrouterfilter C:\Windows\system32\DRIVERS\wacomrouterfilter.sys
19:52:55.0169 4604  wacomrouterfilter - ok
19:52:55.0169 4604  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
19:52:55.0200 4604  WANARP - ok
19:52:55.0200 4604  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
19:52:55.0231 4604  Wanarpv6 - ok
19:52:55.0247 4604  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
19:52:55.0278 4604  wbengine - ok
19:52:55.0278 4604  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
19:52:55.0294 4604  WbioSrvc - ok
19:52:55.0309 4604  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
19:52:55.0325 4604  wcncsvc - ok
19:52:55.0325 4604  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:52:55.0340 4604  WcsPlugInService - ok
19:52:55.0340 4604  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\drivers\wd.sys
19:52:55.0340 4604  Wd - ok
19:52:55.0356 4604  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
19:52:55.0387 4604  Wdf01000 - ok
19:52:55.0387 4604  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
19:52:55.0418 4604  WdiServiceHost - ok
19:52:55.0418 4604  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
19:52:55.0434 4604  WdiSystemHost - ok
19:52:55.0434 4604  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
19:52:55.0450 4604  WebClient - ok
19:52:55.0465 4604  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
19:52:55.0496 4604  Wecsvc - ok
19:52:55.0496 4604  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
19:52:55.0528 4604  wercplsupport - ok
19:52:55.0528 4604  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
19:52:55.0559 4604  WerSvc - ok
19:52:55.0559 4604  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
19:52:55.0590 4604  WfpLwf - ok
19:52:55.0590 4604  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
19:52:55.0590 4604  WIMMount - ok
19:52:55.0590 4604  WinDefend - ok
19:52:55.0606 4604  WinHttpAutoProxySvc - ok
19:52:55.0606 4604  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
19:52:55.0637 4604  Winmgmt - ok
19:52:55.0668 4604  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
19:52:55.0715 4604  WinRM - ok
19:52:55.0715 4604  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
19:52:55.0730 4604  WinUsb - ok
19:52:55.0730 4604  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
19:52:55.0762 4604  Wlansvc - ok
19:52:55.0824 4604  [ 357CABBF155AFD1D3926E62539D2A3A7 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:52:55.0886 4604  wlidsvc - ok
19:52:55.0886 4604  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
19:52:55.0902 4604  WmiAcpi - ok
19:52:55.0902 4604  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
19:52:55.0918 4604  wmiApSrv - ok
19:52:55.0918 4604  WMPNetworkSvc - ok
19:52:55.0918 4604  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
19:52:55.0933 4604  WPCSvc - ok
19:52:55.0933 4604  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
19:52:55.0964 4604  WPDBusEnum - ok
19:52:55.0964 4604  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
19:52:55.0980 4604  ws2ifsl - ok
19:52:55.0996 4604  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
19:52:56.0011 4604  wscsvc - ok
19:52:56.0011 4604  WSearch - ok
19:52:56.0027 4604  [ 6719C1A34D946370B5F735A8F2915474 ] WTabletServicePro C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
19:52:56.0042 4604  WTabletServicePro - ok
19:52:56.0074 4604  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
19:52:56.0136 4604  wuauserv - ok
19:52:56.0152 4604  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
19:52:56.0167 4604  WudfPf - ok
19:52:56.0167 4604  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
19:52:56.0183 4604  WUDFRd - ok
19:52:56.0183 4604  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
19:52:56.0183 4604  wudfsvc - ok
19:52:56.0198 4604  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
19:52:56.0214 4604  WwanSvc - ok
19:52:56.0214 4604  ================ Scan global ===============================
19:52:56.0214 4604  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
19:52:56.0214 4604  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
19:52:56.0230 4604  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
19:52:56.0230 4604  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
19:52:56.0245 4604  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
19:52:56.0245 4604  [Global] - ok
19:52:56.0245 4604  ================ Scan MBR ==================================
19:52:56.0245 4604  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
19:52:56.0386 4604  \Device\Harddisk0\DR0 - ok
19:52:56.0401 4604  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
19:52:56.0479 4604  \Device\Harddisk1\DR1 - ok
19:52:56.0479 4604  ================ Scan VBR ==================================
19:52:56.0479 4604  [ 7DCD984EDF3E04B5C5CF663AB0FED1BA ] \Device\Harddisk0\DR0\Partition1
19:52:56.0479 4604  \Device\Harddisk0\DR0\Partition1 - ok
19:52:56.0479 4604  [ 887B1AA153AC076AA9A20171EE73DDC8 ] \Device\Harddisk0\DR0\Partition2
19:52:56.0495 4604  \Device\Harddisk0\DR0\Partition2 - ok
19:52:56.0495 4604  [ 6FBC96A5B1ECC3E1C2A53347A0A71536 ] \Device\Harddisk1\DR1\Partition1
19:52:56.0495 4604  \Device\Harddisk1\DR1\Partition1 - ok
19:52:56.0510 4604  [ 8BC1E828B9778A922FC4A23CDA41EB4A ] \Device\Harddisk1\DR1\Partition2
19:52:56.0510 4604  \Device\Harddisk1\DR1\Partition2 - ok
19:52:56.0526 4604  [ 56474D06901548567C16D366E8B51ABA ] \Device\Harddisk1\DR1\Partition3
19:52:56.0526 4604  \Device\Harddisk1\DR1\Partition3 - ok
19:52:56.0526 4604  ============================================================
19:52:56.0526 4604  Scan finished
19:52:56.0526 4604  ============================================================
19:52:56.0542 5980  Detected object count: 2
19:52:56.0542 5980  Actual detected object count: 2
19:53:18.0740 5980  PassThru Service ( UnsignedFile.Multi.Generic ) - skipped by user
19:53:18.0740 5980  PassThru Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:53:18.0740 5980  SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user
19:53:18.0740 5980  SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:53:25.0620 4280  Deinitialize success
         

Alt 29.04.2013, 10:05   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Mail Account gehackt? - Standard

Mail Account gehackt?



Dann bitte jetzt Combofix ausführen:

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 29.04.2013, 13:15   #15
Mr.Green
 
Mail Account gehackt? - Standard

Mail Account gehackt?



Avira war zwar ausgeschaltet, kurz gemeckert hat er aber trotzdem wie von dir beschrieben. Windows defender hatte ich für den scan zwar deaktiviert, wird aber dennoch als aktiviert angezeigt im log.

Code:
ATTFilter
ComboFix 13-04-28.01 - Admin 29.04.2013  13:36:25.2.8 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.6142.4278 [GMT 2:00]
ausgeführt von:: c:\users\Standard\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-03-28 bis 2013-04-29  ))))))))))))))))))))))))))))))
.
.
2013-04-29 11:39 . 2013-04-29 11:39	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-04-29 11:39 . 2013-04-29 11:39	--------	d-----w-	c:\users\Admin\AppData\Local\temp
2013-04-29 09:53 . 2013-04-29 09:53	--------	d-----w-	c:\program files (x86)\Common Files\Skype
2013-04-28 17:58 . 2013-04-28 17:59	--------	d-----w-	c:\users\Admin\AppData\Roaming\MyPhoneExplorer
2013-04-28 17:58 . 2013-04-28 17:58	--------	d-----w-	c:\program files (x86)\MyPhoneExplorer
2013-04-28 17:10 . 2013-04-28 18:22	5	----a-w-	c:\windows\SysWow64\lMMLDeleteUserData42107612FX.tmp
2013-04-28 17:01 . 2013-04-28 17:01	--------	d-----w-	c:\users\Standard\.android
2013-04-28 17:01 . 2013-04-28 18:14	--------	d-----w-	c:\users\Standard\AppData\Roaming\MyPhoneExplorer
2013-04-27 16:51 . 2013-04-27 16:51	--------	d-----w-	c:\users\Standard\AppData\Roaming\Malwarebytes
2013-04-27 16:06 . 2013-04-27 16:06	--------	d-----w-	c:\program files (x86)\ESET
2013-04-27 15:26 . 2013-04-27 15:26	--------	d-----w-	c:\users\Admin\AppData\Roaming\Malwarebytes
2013-04-27 15:26 . 2013-04-27 15:26	--------	d-----w-	c:\programdata\Malwarebytes
2013-04-27 15:26 . 2013-04-04 12:50	25928	----a-w-	c:\windows\system32\drivers\mbam.sys
2013-04-27 15:26 . 2013-04-27 15:26	--------	d-----w-	c:\users\Admin\AppData\Local\Programs
2013-04-26 15:45 . 2013-04-10 03:46	9317456	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{06266BFA-06D4-4D1B-ADB5-019220F1AB22}\mpengine.dll
2013-04-25 18:46 . 2013-04-25 18:46	53248	----a-r-	c:\users\Admin\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2013-04-25 18:46 . 2013-04-25 18:46	--------	d-----w-	c:\users\Admin\AppData\Local\Logishrd
2013-04-24 22:12 . 2013-04-24 22:18	--------	d-----w-	c:\users\Standard\AppData\Local\Microsoft Games
2013-04-24 16:14 . 2013-04-12 14:45	1656680	----a-w-	c:\windows\system32\drivers\ntfs.sys
2013-04-14 17:46 . 2013-04-14 17:46	--------	d-----w-	c:\program files (x86)\AGEIA Technologies
2013-04-13 22:47 . 2013-04-13 22:47	--------	d-----w-	c:\users\UpdatusUser
2013-04-13 22:47 . 2013-04-14 17:46	--------	d-----w-	c:\program files (x86)\NVIDIA Corporation
2013-04-13 20:10 . 2013-04-13 20:10	--------	d-----w-	c:\users\Admin\AppData\Roaming\Ubisoft
2013-04-13 20:08 . 2013-04-13 20:08	--------	d-----w-	c:\users\Standard\AppData\Roaming\Ubisoft
2013-04-13 20:07 . 2013-04-13 20:08	--------	d-----w-	c:\programdata\Tages
2013-04-13 19:52 . 2007-05-16 14:45	506728	----a-w-	c:\windows\system32\d3dx10_34.dll
2013-04-10 11:19 . 2013-02-22 06:22	887808	----a-w-	c:\program files\Internet Explorer\iedvtool.dll
2013-04-10 11:19 . 2013-02-22 06:21	499200	----a-w-	c:\program files\Internet Explorer\jsdbgui.dll
2013-04-10 11:19 . 2013-02-22 06:13	2147840	----a-w-	c:\windows\system32\iertutil.dll
2013-04-10 11:19 . 2013-02-22 03:39	678912	----a-w-	c:\program files (x86)\Internet Explorer\iedvtool.dll
2013-04-10 11:19 . 2013-02-22 03:38	387584	----a-w-	c:\program files (x86)\Internet Explorer\jsdbgui.dll
2013-04-10 11:19 . 2013-02-22 06:57	17817088	----a-w-	c:\windows\system32\mshtml.dll
2013-04-10 11:19 . 2013-02-22 06:29	10925568	----a-w-	c:\windows\system32\ieframe.dll
2013-04-02 21:26 . 2013-04-02 23:07	--------	d-----w-	c:\users\Standard\AppData\Roaming\FileZilla
2013-04-02 21:11 . 2013-04-02 21:11	--------	d-----w-	c:\users\Standard\AppData\Local\WinZip
2013-04-02 21:10 . 2013-04-02 21:11	--------	d-----w-	c:\programdata\WinZip
2013-04-02 21:10 . 2013-04-02 21:10	--------	d-----w-	c:\program files\WinZip
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-27 13:45 . 2013-01-14 14:14	893552	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2013-04-27 13:45 . 2013-01-14 14:14	42776	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2013-04-27 13:45 . 2013-01-07 14:45	1236816	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2013-04-25 18:46 . 2013-01-07 14:28	18960	----a-w-	c:\windows\system32\drivers\LNonPnP.sys
2013-04-16 08:31 . 2013-01-07 14:26	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-04-16 08:31 . 2013-01-07 14:26	691592	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-04-12 18:25 . 2013-01-07 14:46	893552	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2013-04-12 18:25 . 2013-01-07 14:45	42776	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2013-04-10 11:20 . 2013-01-07 15:33	72702784	----a-w-	c:\windows\system32\MRT.exe
2013-03-29 18:09 . 2013-03-29 18:10	28600	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2013-03-29 18:09 . 2013-03-29 18:10	130016	----a-w-	c:\windows\system32\drivers\avipbb.sys
2013-03-29 18:09 . 2013-03-29 18:10	100712	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2013-03-23 13:53 . 2013-03-23 13:53	861088	----a-w-	c:\windows\SysWow64\npDeployJava1.dll
2013-03-23 13:53 . 2013-03-23 13:53	782240	----a-w-	c:\windows\SysWow64\deployJava1.dll
2013-03-23 13:53 . 2013-03-23 13:53	95648	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-15 05:53 . 2013-02-25 22:32	2539128	----a-w-	c:\windows\SysWow64\nvapi.dll
2013-03-15 05:53 . 2013-02-25 22:32	2864144	----a-w-	c:\windows\system32\nvapi64.dll
2013-03-15 05:53 . 2013-02-25 22:32	17990800	----a-w-	c:\windows\system32\nvd3dumx.dll
2013-03-15 05:53 . 2013-02-25 22:32	15508512	----a-w-	c:\windows\system32\nvwgf2umx.dll
2013-03-15 05:53 . 2013-02-25 22:32	13088000	----a-w-	c:\windows\SysWow64\nvwgf2um.dll
2013-03-15 04:16 . 2013-01-07 14:17	3477280	----a-w-	c:\windows\system32\nvsvc64.dll
2013-03-15 04:16 . 2013-01-07 14:17	6398240	----a-w-	c:\windows\system32\nvcpl.dll
2013-03-15 04:16 . 2013-01-07 14:17	877856	----a-w-	c:\windows\system32\nvvsvc.exe
2013-03-15 04:16 . 2013-01-07 14:17	63776	----a-w-	c:\windows\system32\nvshext.dll
2013-03-15 04:16 . 2013-01-07 14:17	2555680	----a-w-	c:\windows\system32\nvsvcr.dll
2013-03-15 04:16 . 2013-01-07 14:17	237856	----a-w-	c:\windows\system32\nvmctray.dll
2013-03-14 20:07 . 2013-03-14 20:07	559904	----a-w-	c:\windows\SysWow64\nvStreaming.exe
2013-03-11 23:10 . 2010-11-21 03:27	282744	------w-	c:\windows\system32\MpSigStub.exe
2013-03-10 14:19 . 2013-01-14 14:14	1236816	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2013-02-25 22:32 . 2012-10-10 20:22	1814304	----a-w-	c:\windows\system32\nvdispco64.dll
2013-02-25 22:32 . 2012-10-10 20:23	1510176	----a-w-	c:\windows\system32\nvdispgenco64.dll
2013-02-12 05:45 . 2013-03-12 18:24	135168	----a-w-	c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-12 18:24	350208	----a-w-	c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45 . 2013-03-12 18:24	308736	----a-w-	c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-12 18:24	111104	----a-w-	c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48 . 2013-03-12 18:24	474112	----a-w-	c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-12 18:24	2176512	----a-w-	c:\windows\apppatch\AcGenral.dll
2013-02-12 04:12 . 2013-03-20 19:48	19968	----a-w-	c:\windows\system32\drivers\usb8023.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-01-07 14:20	220632	----a-w-	c:\users\Admin\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-01-07 14:20	220632	----a-w-	c:\users\Admin\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-01-07 14:20	220632	----a-w-	c:\users\Admin\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-02-28 18642024]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2013-03-15 1632680]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-03-29 345312]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"sketchmanager"="c:\program files (x86)\Wacom\Inkling Sketch Manager\SketchManager.exe" [2012-10-17 3662336]
"WinampAgent"="c:\users\Admin\Winamp\winampa.exe" [2012-06-28 74752]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
" Malwarebytes Anti-Malware "="f:\malwarebytes' anti-malware\mbamgui.exe" [2013-04-04 532040]
.
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-1-20 28539272]
Logitech . Produktregistrierung.lnk - c:\program files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe [2009-11-16 517384]
.
c:\users\Standard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-1-20 28539272]
OpenOffice.org 3.4.1.lnk - f:\open office\program\quickstart.exe [2012-8-13 1199104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
R1 ArcCtrl;ArcCtrl;c:\windows\system32\drivers\ArcCtrl.sys [x]
R1 archlp;archlp;SysWOW64\drivers\archlp.sys [x]
R2 ADExchange;ArcSoft Exchange Service;c:\program files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-02-28 161384]
R3 hidkmdf;KMDF Driver;c:\windows\system32\DRIVERS\hidkmdf.sys [2012-10-12 13728]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-11-02 33736]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WacHidRouter;Wacom Hid Router;c:\windows\system32\DRIVERS\wachidrouter.sys [2012-10-12 81312]
R3 wacomrouterfilter;Wacom Router Filter Driver;c:\windows\system32\DRIVERS\wacomrouterfilter.sys [2012-10-12 15776]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2013-03-29 28600]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2013-03-29 86752]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2012-12-07 167424]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-03-14 383264]
S2 WTabletServicePro;Wacom Professional Service;c:\program files\Tablet\Wacom\WTabletServicePro.exe [2012-10-29 613760]
S3 hcw95bda;Hauppauge MOD7700 Tuner Driver;c:\windows\system32\Drivers\hcw95bda.sys [2011-12-12 658944]
S3 hcw95rc;Hauppauge MOD7700 IR Driver;c:\windows\system32\DRIVERS\hcw95rc.sys [2011-12-12 19840]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys [2013-01-03 79240]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys [2013-01-03 15752]
S3 RTL8167;Realtek 8167 NT-Treiber;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-04-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-07 08:31]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-01-07 14:20	244696	----a-w-	c:\users\Admin\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-01-07 14:20	244696	----a-w-	c:\users\Admin\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-01-07 14:20	244696	----a-w-	c:\users\Admin\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	162552	----a-w-	c:\users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	162552	----a-w-	c:\users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	162552	----a-w-	c:\users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	162552	----a-w-	c:\users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2012-11-04 2419512]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Free YouTube to MP3 Converter - c:\users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7p5dpez1.default\
FF - prefs.js: browser.startup.homepage - www.google.de
FF - prefs.js: network.proxy.ftp - 178.48.2.237
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.http - 178.48.2.237
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - 178.48.2.237
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - 178.48.2.237
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3772093366-415461289-3751294527-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-3772093366-415461289-3751294527-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-04-29  13:40:21
ComboFix-quarantined-files.txt  2013-04-29 11:40
ComboFix2.txt  2013-04-29 11:30
.
Vor Suchlauf: 15 Verzeichnis(se), 15.741.825.024 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 15.690.829.824 Bytes frei
.
- - End Of File - - EEE839B166D8C8EFF6CA6BFE4BC45587
         

Antwort

Themen zu Mail Account gehackt?
adobe reader xi, antivir, autorun, avg, avira, battle.net, bho, converter, desktop, error, fehler, firefox, flash player, format, helper, home, install.exe, mozilla, msvcrt, port, problem, realtek, registry, richtlinie, rundll, scan, security, software, tablet, udp, windows



Ähnliche Themen: Mail Account gehackt?


  1. E-Mail Account gehackt?
    Überwachung, Datenschutz und Spam - 28.10.2015 (57)
  2. Spam Mail vom eigenen Yahoo Account erhalten - Account gehackt?
    Log-Analyse und Auswertung - 28.08.2015 (8)
  3. Email Account gehackt? Mail Delivery
    Plagegeister aller Art und deren Bekämpfung - 29.05.2014 (24)
  4. E-Mail Account gehackt - unauthorisierte Mails von meinem Account werden verschickt
    Log-Analyse und Auswertung - 19.04.2014 (5)
  5. E-Mail-Account auf Mac gehackt ?
    Plagegeister aller Art und deren Bekämpfung - 12.12.2013 (5)
  6. Mail account gehackt?
    Plagegeister aller Art und deren Bekämpfung - 31.07.2013 (11)
  7. E-Mail Account gehackt? mailer-daemon@gmx.de
    Plagegeister aller Art und deren Bekämpfung - 24.07.2013 (17)
  8. AOL E-Mail Account gehackt?
    Überwachung, Datenschutz und Spam - 08.07.2013 (23)
  9. Gmx Mail Account gehackt? Virus?
    Plagegeister aller Art und deren Bekämpfung - 10.04.2013 (38)
  10. Amazon + E-mail account gehackt
    Log-Analyse und Auswertung - 26.02.2013 (13)
  11. E- Mail Account gehackt?
    Plagegeister aller Art und deren Bekämpfung - 29.11.2012 (82)
  12. Mail Account gehackt? Was ist tokenserver?
    Überwachung, Datenschutz und Spam - 10.06.2012 (87)
  13. AOL E-Mail Account gehackt? Nr. 2
    Überwachung, Datenschutz und Spam - 14.02.2012 (0)
  14. In Yahoo Mail Account gehackt
    Log-Analyse und Auswertung - 18.01.2012 (18)
  15. E-Mail Account gehackt
    Plagegeister aller Art und deren Bekämpfung - 13.05.2011 (28)
  16. Web.de Account gehackt? (Mail Delivery System)
    Überwachung, Datenschutz und Spam - 27.02.2009 (4)
  17. Amazon Account gehackt + E-mail gehackt !
    Plagegeister aller Art und deren Bekämpfung - 05.05.2008 (16)

Zum Thema Mail Account gehackt? - Hallo, ich beschreibe mal mein Problem: Ich hatte mich gerade auf meinem Mailaccount eingeloggt, da sehe ich, dass der letzte Login zu einer Uhrzeit stattgefunden hat, zu der ich mich - Mail Account gehackt?...
Archiv
Du betrachtest: Mail Account gehackt? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.