|
Log-Analyse und Auswertung: Mein GMX-Account verschickt SpammailsWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
05.05.2012, 20:07 | #1 |
| Mein GMX-Account verschickt Spammails Hallo! Ich hab wenig Ahnung dafür aber ein Problem... Mein GMX Account verschickt seit dem 1. Mai so ca. 7.00Uhr Spammails an mein gesamtes Adressbuch und an Teile meines "gesendet"- Ordners. Hab es an diesen "Mail Delivery System"-Mails gemerkt. Diese kommen jetzt übrigens regelmäßig täglich von 8.00-9.00 immer an dieselben Adressen. Hab Adressbuch und alle Ordner gelöscht. Wechsel fast täglich mein Passwort und mache es immer komplizierter. Kontakt mit GMX-Support aufgenommen aber noch keine Antwort bekommen. Ich lock mich immer direkt bei GMX ein und benutz kein Outlook oder sowas. Ich hab AntiVir, Malwarebytes (Vollscan), Spybot, CCleaner und TuneUp "drüber" laufen lassen. Ohne Funde soweit ich das erkenne. Hab jetzt die hier im Forum Empfohlenen Scan-Programme (Eset, OTL und diese drei für alle Hilfsuchenden) mir schon mal besorgt und freue mich auf Ratschläge. Bei defogger gab es keine Fehlermeldung. Schon mal im vorraus vielen Dank für die Mühe und Geduld mit mir! [code] .DDS Logfile: Code:
ATTFilter DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 7.0.6000.16982 Run by Matze at 20:04:59 on 2012-05-05 Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.49.1031.18.3071.2142 [GMT 2:00] . . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\taskeng.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Microsoft IntelliType Pro\itype.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe C:\Windows\system32\WUDFHost.exe C:\Program Files\Avira\AntiVir Desktop\avshadow.exe C:\Windows\system32\taskeng.exe C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe C:\Windows\system32\wuauclt.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.gmx.de/ mStart Page = hxxp://search.searchonme.com/ BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide mRun: [RtHDVCpl] RtHDVCpl.exe mRun: [Skytel] Skytel.exe mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe" mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe" mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab TCP: DhcpNameServer = 192.168.220.1 TCP: Interfaces\{4C3C6723-963E-4E09-A060-452EE71E4B9C} : DhcpNameServer = 192.168.220.1 . ================= FIREFOX =================== . FF - ProfilePath - c:\users\matze\appdata\roaming\mozilla\firefox\profiles\uig1ebrz.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - www.gmx.de FF - prefs.js: keyword.URL - hxxp://search.searchonme.com/?q= FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_235.dll . ============= SERVICES / DRIVERS =============== . R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2012-4-24 36000] R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928] R2 AntiVirSchedulerService;Avira Planer;c:\program files\avira\antivir desktop\sched.exe [2012-4-24 86224] R2 AntiVirService;Avira Echtzeit Scanner;c:\program files\avira\antivir desktop\avguard.exe [2012-4-24 110032] R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2012-4-24 74640] R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-9-8 2253120] R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2012-5-3 1153368] R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\tuneup utilities 2010\TuneUpUtilitiesService32.exe [2011-11-21 1052480] R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\drivers\dc3d.sys [2010-12-15 44416] R3 PhilCap;Pinnacle PCTV service;c:\windows\system32\drivers\PhilCap.sys [2011-9-8 908832] R3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;c:\windows\system32\drivers\sis163u.sys [2011-9-8 218624] R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\tuneup utilities 2010\TuneUpUtilitiesDriver32.sys [2010-2-24 10064] S2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe" /mccoresvc --> c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [?] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-3-31 257696] S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-25 129976] . =============== Created Last 30 ================ . 2012-05-04 13:45:52 -------- d-----w- c:\program files\Trend Micro 2012-05-04 08:43:38 6734704 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{105d6e60-8865-4bf0-8ab9-138e4067c89a}\mpengine.dll 2012-05-03 17:20:32 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2012-05-03 17:20:32 -------- d-----w- c:\program files\Spybot - Search & Destroy 2012-05-02 15:15:42 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll 2012-05-02 15:15:35 868952 ----a-w- c:\program files\mozilla firefox\uninstall\helper.exe 2012-05-01 13:04:38 -------- d-----w- c:\users\matze\appdata\roaming\ESET 2012-05-01 13:04:38 -------- d-----w- c:\users\matze\appdata\local\ESET 2012-04-25 18:48:22 -------- d-----w- c:\program files\Mozilla Maintenance Service 2012-04-25 18:48:19 157352 ----a-w- c:\program files\mozilla firefox\maintenanceservice_installer.exe 2012-04-25 18:48:19 129976 ----a-w- c:\program files\mozilla firefox\maintenanceservice.exe 2012-04-24 05:13:34 -------- d-----w- c:\users\matze\appdata\roaming\Avira 2012-04-24 05:09:57 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2012-04-24 05:09:57 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys 2012-04-24 05:09:52 -------- d-----w- c:\programdata\Avira 2012-04-24 05:09:52 -------- d-----w- c:\program files\Avira . ==================== Find3M ==================== . 2012-05-05 09:09:24 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-05-05 09:09:24 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-04-04 13:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-02-23 08:18:36 237072 ------w- c:\windows\system32\MpSigStub.exe 2012-02-09 20:43:00 881984 ----a-w- c:\windows\system32\nvgenco32.dll 2012-02-09 20:43:00 7713088 ----a-w- c:\windows\system32\nvwgf2um.dll 2012-02-09 20:43:00 61248 ----a-w- c:\windows\system32\OpenCL.dll 2012-02-09 20:43:00 5892928 ----a-w- c:\windows\system32\nvcuda.dll 2012-02-09 20:43:00 2517312 ----a-w- c:\windows\system32\nvcuvid.dll 2012-02-09 20:43:00 2437440 ----a-w- c:\windows\system32\nvcuvenc.dll 2012-02-09 20:43:00 2301248 ----a-w- c:\windows\system32\nvapi.dll 2012-02-09 20:43:00 19443520 ----a-w- c:\windows\system32\nvoglv32.dll 2012-02-09 20:43:00 17543488 ----a-w- c:\windows\system32\nvcompiler.dll 2012-02-09 20:43:00 15009600 ----a-w- c:\windows\system32\nvd3dum.dll 2012-02-09 20:43:00 10816832 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys 2012-02-09 20:43:00 1000256 ----a-w- c:\windows\system32\nvdispco32.dll . ============= FINISH: 20:06:12,34 =============== Hier der Vollscan von malwarebytes Code:
ATTFilter Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.05.05.07 Windows Vista x86 NTFS Internet Explorer 7.0.6000.16982 Matze :: MATZE-PC [Administrator] 05.05.2012 21:31:35 mbam-log-2012-05-05 (21-31-35).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 264934 Laufzeit: 29 Minute(n), 14 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Geändert von matjes80 (05.05.2012 um 21:06 Uhr) |
08.05.2012, 12:15 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Mein GMX-Account verschickt Spammails Führ bitte auch ESET aus, danach sehen wir weiter:
__________________ESET Online Scanner
__________________ |
08.05.2012, 15:56 | #3 |
| Mein GMX-Account verschickt Spammails Cool das du antwortets.
__________________Kleine Vorabinfo: Seit Sonntag sind keine Mails mehr rausgegangen. Meine Feunde haben das bestätigt. Aber das heißt ja noch nicht das der PC sauber ist. GMX hat auch geantwortet, aber nichts weltbewegendes beigesteuert. Nach Viren/Trojaner scannen, Passwörter ändern, etc.... Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=cc7574fc31d1cb459c101fd88af0c444 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-05-08 02:49:42 # local_time=2012-05-08 04:49:42 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=6.0.6000 NT # compatibility_mode=1792 16777191 100 0 1242506 1242506 0 0 # compatibility_mode=5892 16776573 100 100 275509 174019426 0 0 # compatibility_mode=8192 67108863 100 0 277 277 0 0 # scanned=80856 # found=0 # cleaned=0 # scan_time=1884 Matjes Geändert von matjes80 (08.05.2012 um 16:03 Uhr) |
08.05.2012, 17:51 | #4 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Mein GMX-Account verschickt Spammails Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %SYSTEMDRIVE%\*.exe /md5start wininit.exe userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten |
08.05.2012, 18:23 | #5 |
| Mein GMX-Account verschickt Spammails OTL Logfile: Code:
ATTFilter OTL logfile created on: 08.05.2012 19:04:25 - Run 2 OTL by OldTimer - Version 3.2.42.2 Folder = C:\Users\Matze\Desktop Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation Internet Explorer (Version = 7.0.6000.16982) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,30 Gb Available Physical Memory | 76,66% Memory free 6,15 Gb Paging File | 5,15 Gb Available in Paging File | 83,74% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 156,86 Gb Total Space | 97,66 Gb Free Space | 62,26% Space Free | Partition Type: NTFS Drive D: | 146,48 Gb Total Space | 146,37 Gb Free Space | 99,92% Space Free | Partition Type: NTFS Drive E: | 150,69 Gb Total Space | 150,41 Gb Free Space | 99,81% Space Free | Partition Type: NTFS Computer Name: MATZE-PC | User Name: Matze | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Matze\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe (TuneUp Software) PRC - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software) PRC - C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation) PRC - C:\Programme\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation) PRC - C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation) PRC - C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) ========== Modules (No Company Name) ========== ========== Win32 Services (SafeList) ========== SRV - (SBSDWSCService) -- C:\Program Files\Spybot File not found SRV - (McMPFSvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe /McCoreSvc File not found SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (TuneUp.Defrag) -- C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software) SRV - (TuneUp.UtilitiesSvc) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software) SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software) SRV - (nvUpdatusService) -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (OpenVPNService) -- C:\Programme\Astaro\Astaro SSL VPN Client\bin\openvpnserv.exe () SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found DRV - (aaudstum) -- C:\Users\Matze\AppData\Local\Temp\aaudstum.sys File not found DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH) DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys () DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys () DRV - (dc3d) MS Hardware Device Detection Driver (USB) -- C:\Windows\System32\drivers\dc3d.sys (Microsoft Corporation) DRV - (tap0901) -- C:\Windows\System32\drivers\tap0901.sys (The OpenVPN Project) DRV - (TuneUpUtilitiesDrv) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys (TuneUp Software) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation) DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation) DRV - (PhilCap) -- C:\Windows\System32\drivers\PhilCap.sys (NXP Semiconductors Germany GmbH) DRV - (JRAID) -- C:\Windows\System32\drivers\jraid.sys (JMicron Technology Corp.) DRV - (SIS163u) -- C:\Windows\System32\drivers\sis163u.sys (Silicon Integrated Systems Corp.) DRV - (sfsync04) StarForce Protection Synchronization Driver (version 4.x) -- C:\Windows\System32\drivers\sfsync04.sys (Protection Technology (StarForce)) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.searchonme.com/ IE - HKLM\..\SearchScopes,DefaultScope = {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = hxxp://search.searchonme.com/?q={searchTerms} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-534847706-395394252-3581119422-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.gmx.de/ IE - HKU\S-1-5-21-534847706-395394252-3581119422-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-534847706-395394252-3581119422-1000\..\SearchScopes,DefaultScope = {CB614197-6077-44CF-87BA-E3950197C1D4} IE - HKU\S-1-5-21-534847706-395394252-3581119422-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\S-1-5-21-534847706-395394252-3581119422-1000\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = hxxp://search.searchonme.com/?q={searchTerms} IE - HKU\S-1-5-21-534847706-395394252-3581119422-1000\..\SearchScopes\{CB614197-6077-44CF-87BA-E3950197C1D4}: "URL" = hxxp://www.google.de/search?q={searchTerms} IE - HKU\S-1-5-21-534847706-395394252-3581119422-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "SearchOnMe" FF - prefs.js..browser.search.order.1: "SearchOnMe" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "www.gmx.de" FF - prefs.js..keyword.URL: "hxxp://search.searchonme.com/?q=" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.05.02 17:15:42 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.04.13 11:07:54 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2011.09.09 12:11:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matze\AppData\Roaming\mozilla\Extensions [2012.05.02 10:56:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matze\AppData\Roaming\mozilla\Firefox\Profiles\uig1ebrz.default\extensions [2011.10.29 15:26:41 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\Matze\AppData\Roaming\mozilla\Firefox\Profiles\uig1ebrz.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2012.03.18 08:45:03 | 000,000,000 | ---D | M] (Codec-C) -- C:\Users\Matze\AppData\Roaming\mozilla\Firefox\Profiles\uig1ebrz.default\extensions\info@allpremiumplay.info [2012.03.18 08:45:02 | 000,000,448 | ---- | M] () -- C:\Users\Matze\AppData\Roaming\Mozilla\Firefox\Profiles\uig1ebrz.default\searchplugins\SearchOnMe.xml [2012.05.02 17:15:35 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.05.02 17:15:35 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\distribution\extensions [2012.05.02 17:15:35 | 000,000,000 | ---D | M] (GMX Toolbar) -- C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net () (No name found) -- C:\USERS\MATZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UIG1EBRZ.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI [2012.04.21 03:18:00 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.04.21 03:54:08 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.09.13 17:19:39 | 000,002,288 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml [2012.04.21 03:54:08 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.04.21 03:54:08 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.04.21 03:54:08 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.04.21 03:54:08 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.04.21 03:54:08 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-534847706-395394252-3581119422-1000..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - HKU\S-1-5-21-534847706-395394252-3581119422-1001..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O13 - gopher Prefix: missing O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.220.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4C3C6723-963E-4E09-A060-452EE71E4B9C}: DhcpNameServer = 192.168.220.1 O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Matze\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Matze\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2011.10.17 16:54:03 | 000,000,000 | ---D | M] - E:\Autorun -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software) NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: MCODS - Reg Error: Value error. SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: McMPFSvc - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe /McCoreSvc File not found SafeBootNet: MCODS - Reg Error: Value error. SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.05.08 16:13:41 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2012.05.05 20:31:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip [2012.05.05 20:31:11 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip [2012.05.05 19:51:55 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Matze\Desktop\dds.com [2012.05.04 16:04:45 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.05.04 16:02:33 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\Matze\Desktop\OTL.exe [2012.05.04 15:45:52 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro [2012.05.04 14:40:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2012.05.03 19:20:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy [2012.05.03 19:20:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2012.05.03 19:20:32 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy [2012.05.02 17:22:40 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee [2012.05.01 15:04:38 | 000,000,000 | ---D | C] -- C:\Users\Matze\AppData\Roaming\ESET [2012.05.01 15:04:38 | 000,000,000 | ---D | C] -- C:\Users\Matze\AppData\Local\ESET [2012.04.25 20:48:22 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service [2012.04.25 20:48:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2012.04.24 07:13:34 | 000,000,000 | ---D | C] -- C:\Users\Matze\AppData\Roaming\Avira [2012.04.24 07:10:02 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys [2012.04.24 07:09:57 | 000,137,416 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2012.04.24 07:09:57 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [2012.04.24 07:09:57 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys [2012.04.24 07:09:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2012.04.24 07:09:52 | 000,000,000 | ---D | C] -- C:\Program Files\Avira [2012.04.10 17:21:25 | 000,000,000 | ---D | C] -- C:\Users\Matze\Desktop\Suse Bank [4 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.05.08 19:03:07 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.05.08 19:03:07 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.05.08 18:09:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.05.08 17:25:13 | 000,016,278 | ---- | M] () -- C:\Users\Matze\Desktop\image.png [2012.05.08 17:12:43 | 000,033,499 | ---- | M] () -- C:\Users\Matze\Desktop\Protokoll Triathlon 02052012.pdf [2012.05.08 17:12:37 | 000,472,357 | ---- | M] () -- C:\Users\Matze\Desktop\Flyer Triathlon 2012 (2).pdf [2012.05.08 16:08:31 | 000,641,106 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.05.08 16:08:31 | 000,609,944 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.05.08 16:08:31 | 000,116,500 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.05.08 16:08:31 | 000,103,726 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.05.08 16:03:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.05.08 16:02:31 | 3220,430,848 | -HS- | M] () -- C:\hiberfil.sys [2012.05.08 13:49:04 | 000,196,608 | ---- | M] () -- C:\Windows\ocsetup_install_NetFx3.etl [2012.05.06 09:39:44 | 000,058,003 | ---- | M] () -- C:\Users\Matze\Desktop\052.jpg [2012.05.06 09:33:04 | 000,012,800 | ---- | M] () -- C:\Users\Matze\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.05.05 22:05:50 | 000,002,820 | ---- | M] () -- C:\Users\Matze\Desktop\Gmer und Attach.zip [2012.05.05 20:11:55 | 000,302,592 | ---- | M] () -- C:\Users\Matze\Desktop\ge02kcv6.exe [2012.05.05 19:52:00 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Matze\Desktop\dds.com [2012.05.05 19:50:50 | 000,000,000 | ---- | M] () -- C:\Users\Matze\defogger_reenable [2012.05.05 19:50:02 | 000,050,477 | ---- | M] () -- C:\Users\Matze\Desktop\Defogger.exe [2012.05.04 16:02:40 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Matze\Desktop\OTL.exe [2012.05.04 14:40:02 | 000,001,847 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.05.04 12:36:43 | 000,000,804 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.05.03 19:20:47 | 000,001,055 | ---- | M] () -- C:\Users\Matze\Desktop\Spybot - Search & Destroy.lnk [2012.05.02 17:52:44 | 001,447,858 | ---- | M] () -- C:\Users\Matze\Desktop\Servicebogen Neuwinger.jpg [2012.05.02 17:15:51 | 000,000,846 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012.04.21 16:14:14 | 000,027,446 | ---- | M] () -- C:\Users\Matze\Desktop\010017710.jpg [2012.04.21 08:20:01 | 000,080,349 | ---- | M] () -- C:\Users\Matze\Desktop\Herzinfakt+und+Schlaganfall+erkennen.pdf [2012.04.18 18:04:50 | 000,015,414 | ---- | M] () -- C:\Users\Matze\Desktop\22288nc_23.jpg [2012.04.13 07:18:05 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.04.11 16:31:59 | 000,640,118 | ---- | M] () -- C:\Users\Matze\Desktop\IMG_2608.JPG [2012.04.11 16:31:57 | 000,473,814 | ---- | M] () -- C:\Users\Matze\Desktop\IMG_2610.JPG [2012.04.11 16:31:57 | 000,410,658 | ---- | M] () -- C:\Users\Matze\Desktop\IMG_2609.JPG [2012.04.11 16:31:57 | 000,385,571 | ---- | M] () -- C:\Users\Matze\Desktop\IMG_2612.JPG [2012.04.11 16:31:56 | 000,372,905 | ---- | M] () -- C:\Users\Matze\Desktop\IMG_2611.JPG [2012.04.11 16:31:53 | 124,281,402 | ---- | M] () -- C:\Users\Matze\Desktop\MVI_2613.AVI [4 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.05.08 17:25:13 | 000,016,278 | ---- | C] () -- C:\Users\Matze\Desktop\image.png [2012.05.08 17:12:42 | 000,033,499 | ---- | C] () -- C:\Users\Matze\Desktop\Protokoll Triathlon 02052012.pdf [2012.05.08 17:12:34 | 000,472,357 | ---- | C] () -- C:\Users\Matze\Desktop\Flyer Triathlon 2012 (2).pdf [2012.05.06 09:34:31 | 000,058,003 | ---- | C] () -- C:\Users\Matze\Desktop\052.jpg [2012.05.05 22:05:50 | 000,002,820 | ---- | C] () -- C:\Users\Matze\Desktop\Gmer und Attach.zip [2012.05.05 20:11:53 | 000,302,592 | ---- | C] () -- C:\Users\Matze\Desktop\ge02kcv6.exe [2012.05.05 19:50:50 | 000,000,000 | ---- | C] () -- C:\Users\Matze\defogger_reenable [2012.05.05 19:50:01 | 000,050,477 | ---- | C] () -- C:\Users\Matze\Desktop\Defogger.exe [2012.05.03 19:20:47 | 000,001,055 | ---- | C] () -- C:\Users\Matze\Desktop\Spybot - Search & Destroy.lnk [2012.05.02 18:28:03 | 3220,430,848 | -HS- | C] () -- C:\hiberfil.sys [2012.05.02 17:52:41 | 001,447,858 | ---- | C] () -- C:\Users\Matze\Desktop\Servicebogen Neuwinger.jpg [2012.04.24 07:10:19 | 000,001,847 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.04.21 16:14:14 | 000,027,446 | ---- | C] () -- C:\Users\Matze\Desktop\010017710.jpg [2012.04.21 08:19:59 | 000,080,349 | ---- | C] () -- C:\Users\Matze\Desktop\Herzinfakt+und+Schlaganfall+erkennen.pdf [2012.04.18 18:04:50 | 000,015,414 | ---- | C] () -- C:\Users\Matze\Desktop\22288nc_23.jpg [2012.04.15 12:30:07 | 001,899,032 | ---- | C] () -- C:\Users\Matze\Desktop\CIMG1520.JPG [2012.04.15 12:29:53 | 001,864,557 | ---- | C] () -- C:\Users\Matze\Desktop\CIMG1479.JPG [2012.04.15 12:29:12 | 001,890,448 | ---- | C] () -- C:\Users\Matze\Desktop\CIMG1480.JPG [2012.04.11 16:31:57 | 000,473,814 | ---- | C] () -- C:\Users\Matze\Desktop\IMG_2610.JPG [2012.04.11 16:31:57 | 000,410,658 | ---- | C] () -- C:\Users\Matze\Desktop\IMG_2609.JPG [2012.04.11 16:31:56 | 000,385,571 | ---- | C] () -- C:\Users\Matze\Desktop\IMG_2612.JPG [2012.04.11 16:31:56 | 000,372,905 | ---- | C] () -- C:\Users\Matze\Desktop\IMG_2611.JPG [2012.04.11 16:31:45 | 000,640,118 | ---- | C] () -- C:\Users\Matze\Desktop\IMG_2608.JPG [2012.04.11 16:31:38 | 124,281,402 | ---- | C] () -- C:\Users\Matze\Desktop\MVI_2613.AVI [2012.02.01 18:23:36 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat [2012.01.21 11:52:26 | 000,284,160 | ---- | C] () -- C:\Windows\unin0407.exe [2012.01.19 20:29:40 | 000,000,600 | ---- | C] () -- C:\Windows\Rtcw.INI [2011.11.18 20:19:10 | 000,000,103 | ---- | C] () -- C:\Windows\wiso.ini [2011.10.15 01:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe [2011.10.05 21:00:44 | 000,000,025 | ---- | C] () -- C:\Windows\CDE DX8400DEFGIPS.ini [2011.09.13 17:13:58 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll [2011.09.10 18:57:12 | 000,278,728 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2011.09.10 18:57:12 | 000,025,416 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2011.09.10 12:36:13 | 000,040,960 | ---- | C] () -- C:\Windows\System32\psfind.dll [2011.09.09 05:06:32 | 000,641,106 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2011.09.09 05:06:32 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2011.09.09 05:06:32 | 000,116,500 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2011.09.09 05:06:32 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2011.09.08 20:30:24 | 000,012,800 | ---- | C] () -- C:\Users\Matze\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.09.08 19:26:18 | 000,009,760 | ---- | C] () -- C:\Windows\System32\716xCoInstaller.dll [2011.09.08 19:26:01 | 000,009,216 | ---- | C] () -- C:\Windows\System32\unwlsdrv.exe [2011.09.08 19:25:54 | 000,003,636 | R--- | C] () -- C:\Windows\System32\drivers\nvphy.bin [2011.09.08 19:19:55 | 000,000,680 | ---- | C] () -- C:\Users\Matze\AppData\Local\d3d9caps.dat ========== LOP Check ========== [2011.11.18 20:33:11 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\Buhl Data Service [2011.10.15 08:50:44 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\DesktopIconForAmazon [2012.03.28 13:32:40 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\elsterformular [2012.05.01 15:04:38 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\ESET [2011.10.29 15:26:52 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\Garmin [2011.09.09 13:15:32 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\Opera [2012.01.25 17:40:30 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\TeamViewer [2011.09.09 13:53:46 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\TuneUp Software [2012.05.08 14:08:18 | 000,032,638 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2011.10.05 20:53:00 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\Adobe [2012.04.24 07:13:34 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\Avira [2011.11.18 20:33:11 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\Buhl Data Service [2011.10.15 08:50:44 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\DesktopIconForAmazon [2011.09.13 18:41:47 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\DivX [2012.03.28 13:32:40 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\elsterformular [2012.05.01 15:04:38 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\ESET [2011.10.29 15:26:52 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\Garmin [2011.09.08 19:19:59 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\Identities [2011.09.08 19:30:07 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\Macromedia [2011.09.09 12:55:54 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\Malwarebytes [2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\Media Center Programs [2011.09.13 21:59:10 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\Media Player Classic [2012.01.21 12:36:55 | 000,000,000 | --SD | M] -- C:\Users\Matze\AppData\Roaming\Microsoft [2011.09.09 12:11:54 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\Mozilla [2011.11.17 23:55:40 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\NVIDIA [2011.09.09 13:15:32 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\Opera [2012.01.25 17:40:30 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\TeamViewer [2011.09.09 13:53:46 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\TuneUp Software [2012.05.01 22:05:42 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\vlc [2011.11.22 18:01:52 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\WinRAR < %APPDATA%\*.exe /s > [2011.10.15 08:50:44 | 000,753,664 | ---- | M] (Microsoft) -- C:\Users\Matze\AppData\Roaming\DesktopIconForAmazon\IconForAmazon.exe [2011.09.10 17:47:14 | 000,010,134 | R--- | M] () -- C:\Users\Matze\AppData\Roaming\Microsoft\Installer\{1A4E47DC-6701-4A85-AA16-C1F99A44598C}\ARPPRODUCTICON.exe [2011.09.10 17:47:14 | 000,045,056 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Matze\AppData\Roaming\Microsoft\Installer\{1A4E47DC-6701-4A85-AA16-C1F99A44598C}\NewShortcut1_1A4E47DC67014A85AA16C1F99A44598C.exe [2011.09.10 17:47:14 | 000,045,056 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Matze\AppData\Roaming\Microsoft\Installer\{1A4E47DC-6701-4A85-AA16-C1F99A44598C}\NewShortcut5_1A4E47DC67014A85AA16C1F99A44598C.exe [2011.11.10 20:09:15 | 000,015,360 | R--- | M] () -- C:\Users\Matze\AppData\Roaming\Microsoft\Installer\{DD8408E9-9421-484F-979D-DB6361E3E828}\IconDD8408E910.exe [2011.11.10 20:09:15 | 000,011,264 | R--- | M] () -- C:\Users\Matze\AppData\Roaming\Microsoft\Installer\{DD8408E9-9421-484F-979D-DB6361E3E828}\IconDD8408E96.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys [2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: ATAPI.SYS > [2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys [2007.08.01 16:22:24 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=78620BDA3EC87816E5D1FA86F920BC3A -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c2a1b5ae\atapi.sys [2007.08.01 16:22:24 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=78620BDA3EC87816E5D1FA86F920BC3A -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20518_none_dbd8b4d73d81c9d0\atapi.sys [2011.09.10 08:24:16 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys [2011.09.10 08:24:16 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys [2011.09.10 08:24:16 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\System32\drivers\atapi.sys [2011.09.10 08:24:16 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_64dfd8ea\atapi.sys [2011.09.10 08:24:16 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: IASTORV.SYS > [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\System32\netlogon.dll [2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll < MD5 for: NVSTOR.SYS > [2007.01.05 22:59:42 | 000,035,920 | ---- | M] (NVIDIA Corporation) MD5=4A5FCAB82D9BF6AF8A023A66802FE9E9 -- C:\Windows\System32\drivers\nvstor.sys [2007.01.05 22:59:42 | 000,035,920 | ---- | M] (NVIDIA Corporation) MD5=4A5FCAB82D9BF6AF8A023A66802FE9E9 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_45f67928\nvstor.sys [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys < MD5 for: SCECLI.DLL > [2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\System32\scecli.dll [2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll < MD5 for: USER32.DLL > [2011.09.09 12:28:48 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll [2006.11.02 11:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll [2011.09.09 12:28:48 | 000,633,856 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll [2011.09.09 12:28:48 | 000,633,856 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll < MD5 for: USERINIT.EXE > [2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\System32\userinit.exe [2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe < MD5 for: WININIT.EXE > [2006.11.02 11:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\System32\wininit.exe [2006.11.02 11:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe < MD5 for: WINLOGON.EXE > [2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\System32\winlogon.exe [2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe < MD5 for: WS2IFSL.SYS > [2006.11.02 10:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\System32\drivers\ws2ifsl.sys [2006.11.02 10:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2006.11.02 12:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [4 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ] < End of report > |
08.05.2012, 18:28 | #6 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Mein GMX-Account verschickt Spammails Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found DRV - (aaudstum) -- C:\Users\Matze\AppData\Local\Temp\aaudstum.sys File not found IE - HKU\S-1-5-21-534847706-395394252-3581119422-1000\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://search.searchonme.com/?q={searchTerms} FF - prefs.js..browser.search.defaultenginename: "SearchOnMe" FF - prefs.js..browser.search.order.1: "SearchOnMe" FF - prefs.js..keyword.URL: "http://search.searchonme.com/?q=" FF - user.js - File not found [2012.03.18 08:45:03 | 000,000,000 | ---D | M] (Codec-C) -- C:\Users\Matze\AppData\Roaming\mozilla\Firefox\Profiles\uig1ebrz.default\extensions\info@allpremiumplay.info [2012.03.18 08:45:02 | 000,000,448 | ---- | M] () -- C:\Users\Matze\AppData\Roaming\Mozilla\Firefox\Profiles\uig1ebrz.default\searchplugins\SearchOnMe.xml [2012.05.02 17:15:35 | 000,000,000 | ---D | M] (GMX Toolbar) -- C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net [2011.09.13 17:19:39 | 000,002,288 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml O4 - HKU\S-1-5-21-534847706-395394252-3581119422-1000..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2011.10.17 16:54:03 | 000,000,000 | ---D | M] - E:\Autorun -- [ NTFS ] :Commands [purity] [emptytemp] [emptyflash] [resethosts] Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ --> Mein GMX-Account verschickt Spammails |
08.05.2012, 22:54 | #7 |
| Mein GMX-Account verschickt Spammails PC wurde neu gestartet Code:
ATTFilter All processes killed ========== OTL ========== Service blbdrive stopped successfully! Service blbdrive deleted successfully! File C:\Windows\system32\drivers\blbdrive.sys File not found not found. Service aaudstum stopped successfully! Service aaudstum deleted successfully! File C:\Users\Matze\AppData\Local\Temp\aaudstum.sys File not found not found. Registry key HKEY_USERS\S-1-5-21-534847706-395394252-3581119422-1000\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}\ not found. Prefs.js: "SearchOnMe" removed from browser.search.defaultenginename Prefs.js: "SearchOnMe" removed from browser.search.order.1 Prefs.js: "hxxp://search.searchonme.com/?q=" removed from keyword.URL C:\Users\Matze\AppData\Roaming\mozilla\Firefox\Profiles\uig1ebrz.default\extensions\info@allpremiumplay.info\content folder moved successfully. C:\Users\Matze\AppData\Roaming\mozilla\Firefox\Profiles\uig1ebrz.default\extensions\info@allpremiumplay.info folder moved successfully. C:\Users\Matze\AppData\Roaming\Mozilla\Firefox\Profiles\uig1ebrz.default\searchplugins\SearchOnMe.xml moved successfully. C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\skin\weather folder moved successfully. C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\skin\ticker folder moved successfully. C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\skin\shopping folder moved successfully. C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\skin\search folder moved successfully. C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\skin\pref folder moved successfully. C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\skin\phish folder moved successfully. C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\skin\newtab\initial-thumbs folder moved successfully. C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\skin\newtab folder moved successfully. C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\skin\neterror folder moved successfully. C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\skin\horoscope folder moved successfully. C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\skin\homebutton folder moved successfully. C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\skin\highlight folder moved successfully. C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\skin\help folder moved successfully. C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\skin\email folder moved successfully. C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\skin\ebay folder moved successfully. C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\skin\brand folder moved successfully. C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\skin folder moved successfully. C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\locale\en-US\weather folder moved successfully. C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\locale\en-US\ticker folder moved successfully. C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\locale\en-US\shopping folder moved successfully. C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\locale\en-US\search folder moved successfully. C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\locale\en-US\pref folder moved successfully. C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\locale\en-US\phish folder moved successfully. C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\locale\en-US\newtab folder moved successfully. C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\locale\en-US\neterror folder moved successfully. C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\locale\en-US\main folder moved successfully. C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\locale\en-US\horoscope folder moved successfully. C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\locale\en-US\highlight folder moved successfully. C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\locale\en-US\help folder moved successfully. C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\locale\en-US\email folder moved successfully. C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\locale\en-US\ebay folder moved successfully. C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\locale\en-US folder moved successfully. C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\locale\de-DE\weather folder moved successfully. C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\locale\de-DE\ticker folder moved successfully. C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\locale\de-DE\shopping folder moved successfully. C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\locale\de-DE\search folder moved successfully. C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\locale\de-DE\pref folder moved successfully. C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\locale\de-DE\phish folder moved successfully. C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\locale\de-DE\newtab folder moved successfully. C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\locale\de-DE\neterror folder moved successfully. C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\locale\de-DE\main folder moved successfully. C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\locale\de-DE\horoscope folder moved successfully. C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\locale\de-DE\highlight folder moved successfully. C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\locale\de-DE\help\page folder moved successfully. C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\locale\de-DE\help folder moved successfully. C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\locale\de-DE\email folder moved successfully. C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\locale\de-DE\ebay folder moved successfully. C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\locale\de-DE folder moved successfully. C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\locale folder moved successfully. C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\defaults\preferences folder moved successfully. C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\defaults folder moved successfully. C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\content\weather folder moved successfully. C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\content\util folder moved successfully. C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\content\tracking folder moved successfully. C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\content\ticker folder moved successfully. C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\content\shopping folder moved successfully. C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\content\search\mcollect folder moved successfully. C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\content\search folder moved successfully. C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\content\pref folder moved successfully. C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\content\phish folder moved successfully. C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\content\newtab folder moved successfully. C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\content\neterror folder moved successfully. C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\content\main folder moved successfully. C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\content\hotnews folder moved successfully. C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\content\horoscope folder moved successfully. C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\content\highlight folder moved successfully. C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\content\help folder moved successfully. C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\content\email folder moved successfully. C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\content\ebay folder moved successfully. C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\content folder moved successfully. C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\components folder moved successfully. C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net folder moved successfully. C:\Programme\Mozilla Firefox\searchplugins\babylon.xml moved successfully. Registry value HKEY_USERS\S-1-5-21-534847706-395394252-3581119422-1000\Software\Microsoft\Windows\CurrentVersion\Run\\SpybotSD TeaTimer deleted successfully. C:\Programme\Spybot - Search & Destroy\TeaTimer.exe moved successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully! C:\autoexec.bat moved successfully. File not found. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Matze ->Temp folder emptied: 100502 bytes ->Temporary Internet Files folder emptied: 417633 bytes ->FireFox cache emptied: 143018372 bytes ->Opera cache emptied: 3601131 bytes ->Flash cache emptied: 1334 bytes User: Public User: UpdatusUser ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 17460992 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 107870 bytes RecycleBin emptied: 31744 bytes Total Files Cleaned = 157,00 mb [EMPTYFLASH] User: All Users User: Default User: Default User User: Matze ->Flash cache emptied: 0 bytes User: Public User: UpdatusUser Total Flash Files Cleaned = 0,00 mb C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTL by OldTimer - Version 3.2.42.2 log created on 05082012_234908 Files\Folders moved on Reboot... Registry entries deleted on Reboot... Gruß Matjes |
11.05.2012, 10:15 | #8 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Mein GMX-Account verschickt Spammails Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten, Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!
__________________ Logfiles bitte immer in CODE-Tags posten |
11.05.2012, 12:33 | #9 |
| Mein GMX-Account verschickt Spammails Ah, supi man kommt wieder auf Trojaner-Board. weiter geht´s... Code:
ATTFilter 13:27:12.0706 2448 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18 13:27:12.0851 2448 ============================================================ 13:27:12.0851 2448 Current date / time: 2012/05/11 13:27:12.0851 13:27:12.0851 2448 SystemInfo: 13:27:12.0851 2448 13:27:12.0851 2448 OS Version: 6.0.6000 ServicePack: 0.0 13:27:12.0851 2448 Product type: Workstation 13:27:12.0851 2448 ComputerName: MATZE-PC 13:27:12.0851 2448 UserName: Matze 13:27:12.0851 2448 Windows directory: C:\Windows 13:27:12.0851 2448 System windows directory: C:\Windows 13:27:12.0851 2448 Processor architecture: Intel x86 13:27:12.0851 2448 Number of processors: 4 13:27:12.0851 2448 Page size: 0x1000 13:27:12.0851 2448 Boot type: Normal boot 13:27:12.0851 2448 ============================================================ 13:27:13.0760 2448 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 13:27:13.0777 2448 ============================================================ 13:27:13.0777 2448 \Device\Harddisk0\DR0: 13:27:13.0777 2448 MBR partitions: 13:27:13.0777 2448 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1770800, BlocksNum 0x139B9800 13:27:13.0777 2448 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1512A000, BlocksNum 0x124F8000 13:27:13.0777 2448 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x27622000, BlocksNum 0x12D63800 13:27:13.0777 2448 ============================================================ 13:27:13.0813 2448 C: <-> \Device\Harddisk0\DR0\Partition0 13:27:13.0849 2448 D: <-> \Device\Harddisk0\DR0\Partition1 13:27:13.0961 2448 E: <-> \Device\Harddisk0\DR0\Partition2 13:27:13.0961 2448 ============================================================ 13:27:13.0961 2448 Initialize success 13:27:13.0961 2448 ============================================================ 13:27:39.0405 3000 ============================================================ 13:27:39.0406 3000 Scan started 13:27:39.0406 3000 Mode: Manual; SigCheck; TDLFS; 13:27:39.0406 3000 ============================================================ 13:27:39.0815 3000 ACPI (84fc6df81212d16be5c4f441682feccc) C:\Windows\system32\drivers\acpi.sys 13:27:39.0905 3000 ACPI - ok 13:27:39.0966 3000 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe 13:27:39.0973 3000 AdobeARMservice - ok 13:27:40.0041 3000 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe 13:27:40.0049 3000 AdobeFlashPlayerUpdateSvc - ok 13:27:40.0089 3000 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys 13:27:40.0118 3000 adp94xx - ok 13:27:40.0200 3000 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys 13:27:40.0211 3000 adpahci - ok 13:27:40.0225 3000 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys 13:27:40.0233 3000 adpu160m - ok 13:27:40.0254 3000 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys 13:27:40.0262 3000 adpu320 - ok 13:27:40.0286 3000 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll 13:27:40.0460 3000 AeLookupSvc - ok 13:27:40.0525 3000 AFD (5d24caf8efd924a875698ff28384db8b) C:\Windows\system32\drivers\afd.sys 13:27:40.0588 3000 AFD - ok 13:27:40.0625 3000 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys 13:27:40.0632 3000 agp440 - ok 13:27:40.0650 3000 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys 13:27:40.0658 3000 aic78xx - ok 13:27:40.0673 3000 ALG (e69fb0e3112c40fdc0ef7d21a52dc951) C:\Windows\System32\alg.exe 13:27:40.0723 3000 ALG - ok 13:27:40.0736 3000 aliide (496eda16a127ac9a38bb285bef17dbb5) C:\Windows\system32\drivers\aliide.sys 13:27:40.0744 3000 aliide - ok 13:27:40.0761 3000 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys 13:27:40.0768 3000 amdagp - ok 13:27:40.0776 3000 amdide (6f65f4147c54398d7280b18cebbed215) C:\Windows\system32\drivers\amdide.sys 13:27:40.0783 3000 amdide - ok 13:27:40.0826 3000 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys 13:27:40.0881 3000 AmdK7 - ok 13:27:40.0901 3000 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys 13:27:40.0954 3000 AmdK8 - ok 13:27:41.0064 3000 AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files\Avira\AntiVir Desktop\sched.exe 13:27:41.0072 3000 AntiVirSchedulerService - ok 13:27:41.0101 3000 AntiVirService (a489be6bb0aa1ff406b488b60542314b) C:\Program Files\Avira\AntiVir Desktop\avguard.exe 13:27:41.0108 3000 AntiVirService - ok 13:27:41.0133 3000 Appinfo (cfa455816879f06f1c4e5bbf9e8aef7d) C:\Windows\System32\appinfo.dll 13:27:41.0182 3000 Appinfo - ok 13:27:41.0210 3000 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys 13:27:41.0217 3000 arc - ok 13:27:41.0262 3000 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys 13:27:41.0269 3000 arcsas - ok 13:27:41.0313 3000 AsyncMac (e86cf7ce67d5de898f27ef884dc357d8) C:\Windows\system32\DRIVERS\asyncmac.sys 13:27:41.0362 3000 AsyncMac - ok 13:27:41.0378 3000 atapi (e03e8c99d15d0381e02743c36afc7c6f) C:\Windows\system32\drivers\atapi.sys 13:27:41.0386 3000 atapi - ok 13:27:41.0451 3000 atksgt (72bc628af75c4c3250f2a3bac260265a) C:\Windows\system32\DRIVERS\atksgt.sys 13:27:41.0476 3000 atksgt - ok 13:27:41.0502 3000 AudioEndpointBuilder (e760fc1bd68f7f6f1b17eb4e8d9480b0) C:\Windows\System32\Audiosrv.dll 13:27:41.0555 3000 AudioEndpointBuilder - ok 13:27:41.0560 3000 Audiosrv (e760fc1bd68f7f6f1b17eb4e8d9480b0) C:\Windows\System32\Audiosrv.dll 13:27:41.0598 3000 Audiosrv - ok 13:27:41.0649 3000 avgntflt (d5541f0afb767e85fc412fc609d96a74) C:\Windows\system32\DRIVERS\avgntflt.sys 13:27:41.0657 3000 avgntflt - ok 13:27:41.0705 3000 avipbb (7d967a682d4694df7fa57d63a2db01fe) C:\Windows\system32\DRIVERS\avipbb.sys 13:27:41.0713 3000 avipbb - ok 13:27:41.0724 3000 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys 13:27:41.0731 3000 avkmgr - ok 13:27:41.0746 3000 Beep (ac3dd1708b22761ebd7cbe14dcc3b5d7) C:\Windows\system32\drivers\Beep.sys 13:27:41.0809 3000 Beep - ok 13:27:41.0859 3000 BFE (98ebdffb824a7c265337d68dd480e45c) C:\Windows\System32\bfe.dll 13:27:41.0937 3000 BFE - ok 13:27:42.0013 3000 BITS (da551697e34d2b9943c8b1c8eaffe89a) C:\Windows\System32\qmgr.dll 13:27:42.0075 3000 BITS - ok 13:27:42.0080 3000 bowser (913cd06fbe9105ce6077e90fd4418561) C:\Windows\system32\DRIVERS\bowser.sys 13:27:42.0116 3000 bowser - ok 13:27:42.0155 3000 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys 13:27:42.0217 3000 BrFiltLo - ok 13:27:42.0249 3000 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys 13:27:42.0314 3000 BrFiltUp - ok 13:27:42.0355 3000 Browser (beb6470532b7461d7bb426e3facb424f) C:\Windows\System32\browser.dll 13:27:42.0405 3000 Browser - ok 13:27:42.0438 3000 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys 13:27:42.0474 3000 Brserid - ok 13:27:42.0500 3000 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys 13:27:42.0563 3000 BrSerWdm - ok 13:27:42.0586 3000 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys 13:27:42.0639 3000 BrUsbMdm - ok 13:27:42.0656 3000 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys 13:27:42.0708 3000 BrUsbSer - ok 13:27:42.0741 3000 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys 13:27:42.0805 3000 BTHMODEM - ok 13:27:42.0821 3000 cdfs (6c3a437fc873c6f6a4fc620b6888cb86) C:\Windows\system32\DRIVERS\cdfs.sys 13:27:42.0876 3000 cdfs - ok 13:27:42.0909 3000 cdrom (8d1866e61af096ae8b582454f5e4d303) C:\Windows\system32\DRIVERS\cdrom.sys 13:27:42.0945 3000 cdrom - ok 13:27:42.0978 3000 CertPropSvc (0600e04315fe543802a379d5d23c8be0) C:\Windows\System32\certprop.dll 13:27:43.0013 3000 CertPropSvc - ok 13:27:43.0023 3000 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys 13:27:43.0058 3000 circlass - ok 13:27:43.0112 3000 CLFS (1b84fd0937d3b99af9ba38ddff3daf54) C:\Windows\system32\CLFS.sys 13:27:43.0121 3000 CLFS - ok 13:27:43.0175 3000 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 13:27:43.0183 3000 clr_optimization_v2.0.50727_32 - ok 13:27:43.0196 3000 cmdide (59172a0724f2ab769f31d61b0571d75b) C:\Windows\system32\drivers\cmdide.sys 13:27:43.0203 3000 cmdide - ok 13:27:43.0214 3000 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys 13:27:43.0221 3000 Compbatt - ok 13:27:43.0223 3000 COMSysApp - ok 13:27:43.0229 3000 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys 13:27:43.0235 3000 crcdisk - ok 13:27:43.0246 3000 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys 13:27:43.0281 3000 Crusoe - ok 13:27:43.0300 3000 CryptSvc (1c26fb097170a2a91066d1e3a24366e3) C:\Windows\system32\cryptsvc.dll 13:27:43.0354 3000 CryptSvc - ok 13:27:43.0419 3000 dc3d (484ffbcec4091ff617494b6b0cb04eb3) C:\Windows\system32\DRIVERS\dc3d.sys 13:27:43.0426 3000 dc3d - ok 13:27:43.0473 3000 DcomLaunch (7b981222a257d076885bffb66f19b7ce) C:\Windows\system32\rpcss.dll 13:27:43.0533 3000 DcomLaunch - ok 13:27:43.0554 3000 DfsC (a7179de59ae269ab70345527894ccd7c) C:\Windows\system32\Drivers\dfsc.sys 13:27:43.0607 3000 DfsC - ok 13:27:43.0732 3000 DFSR (e0d584aa76c7d845ba9f3a788260528f) C:\Windows\system32\DFSR.exe 13:27:43.0857 3000 DFSR - ok 13:27:43.0982 3000 Dhcp (dc45739bc22d528d2b3e50d3f6761750) C:\Windows\System32\dhcpcsvc.dll 13:27:44.0047 3000 Dhcp - ok 13:27:44.0068 3000 disk (841af4c4d41d3e3b2f244e976b0f7963) C:\Windows\system32\drivers\disk.sys 13:27:44.0075 3000 disk - ok 13:27:44.0093 3000 Dnscache (eecba1dd142bf8693c476be8f32fe253) C:\Windows\System32\dnsrslvr.dll 13:27:44.0138 3000 Dnscache - ok 13:27:44.0161 3000 dot3svc (1f795d214820e496bf1124434a6db546) C:\Windows\System32\dot3svc.dll 13:27:44.0212 3000 dot3svc - ok 13:27:44.0252 3000 DPS (032c90ad677bf7b7a8013d6087c7a921) C:\Windows\system32\dps.dll 13:27:44.0268 3000 DPS - ok 13:27:44.0305 3000 drmkaud (ee472cd2c01f6f8e8aa1fa06ffef61b6) C:\Windows\system32\drivers\drmkaud.sys 13:27:44.0356 3000 drmkaud - ok 13:27:44.0403 3000 DXGKrnl (a2b160c1bb13ee3303c342e551373c59) C:\Windows\System32\drivers\dxgkrnl.sys 13:27:44.0448 3000 DXGKrnl - ok 13:27:44.0482 3000 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys 13:27:44.0535 3000 E1G60 - ok 13:27:44.0547 3000 EapHost (90a0a875642e18618010645311b4e89e) C:\Windows\System32\eapsvc.dll 13:27:44.0592 3000 EapHost - ok 13:27:44.0632 3000 Ecache (0efc7531b936ee57fdb4e837664c509f) C:\Windows\system32\drivers\ecache.sys 13:27:44.0640 3000 Ecache - ok 13:27:44.0683 3000 ehRecvr (b4580122b0a7b263b6ee9acba69c8013) C:\Windows\ehome\ehRecvr.exe 13:27:44.0730 3000 ehRecvr - ok 13:27:44.0737 3000 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe 13:27:44.0762 3000 ehSched - ok 13:27:44.0796 3000 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll 13:27:44.0805 3000 ehstart - ok 13:27:44.0858 3000 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys 13:27:44.0871 3000 elxstor - ok 13:27:44.0907 3000 EMDMgmt (3226fda08988526e819e364e8cce4cee) C:\Windows\system32\emdmgmt.dll 13:27:44.0998 3000 EMDMgmt - ok 13:27:45.0058 3000 EventSystem (7b4971c3d43525175a4ea0d143e0412e) C:\Windows\system32\es.dll 13:27:45.0090 3000 EventSystem - ok 13:27:45.0121 3000 fastfat (84a317cb0b3954d3768cdcd018dbf670) C:\Windows\system32\drivers\fastfat.sys 13:27:45.0185 3000 fastfat - ok 13:27:45.0287 3000 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys 13:27:45.0347 3000 fdc - ok 13:27:45.0365 3000 fdPHost (e43bce1a77d6fd4ed5f8e0482b9e7df1) C:\Windows\system32\fdPHost.dll 13:27:45.0416 3000 fdPHost - ok 13:27:45.0432 3000 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll 13:27:45.0488 3000 FDResPub - ok 13:27:45.0520 3000 FileInfo (65773d6115c037ffd7ef8280ae85eb9d) C:\Windows\system32\drivers\fileinfo.sys 13:27:45.0526 3000 FileInfo - ok 13:27:45.0538 3000 Filetrace (c226dd0de060745f3e042f58dcf78402) C:\Windows\system32\drivers\filetrace.sys 13:27:45.0573 3000 Filetrace - ok 13:27:45.0583 3000 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys 13:27:45.0636 3000 flpydisk - ok 13:27:45.0668 3000 FltMgr (a6a8da7ae4d53394ab22ac3ab6d3f5d3) C:\Windows\system32\drivers\fltmgr.sys 13:27:45.0676 3000 FltMgr - ok 13:27:45.0730 3000 FontCache3.0.0.0 (7ef57375636991f794bf40b522a8e7ef) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe 13:27:45.0771 3000 FontCache3.0.0.0 - ok 13:27:45.0796 3000 Fs_Rec (66a078591208baa210c7634b11eb392c) C:\Windows\system32\drivers\Fs_Rec.sys 13:27:45.0830 3000 Fs_Rec - ok 13:27:45.0851 3000 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys 13:27:45.0858 3000 gagp30kx - ok 13:27:45.0889 3000 gpsvc (bcf6589c42d8f6a20f33ef133ffe0524) C:\Windows\System32\gpsvc.dll 13:27:45.0973 3000 gpsvc - ok 13:27:46.0025 3000 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys 13:27:46.0090 3000 HdAudAddService - ok 13:27:46.0104 3000 HDAudBus (0db613a7e427b5663563677796fd5258) C:\Windows\system32\DRIVERS\HDAudBus.sys 13:27:46.0127 3000 HDAudBus - ok 13:27:46.0144 3000 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys 13:27:46.0196 3000 HidBth - ok 13:27:46.0213 3000 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys 13:27:46.0248 3000 HidIr - ok 13:27:46.0255 3000 hidserv (8fa640195279ace21bea91396a0054fc) C:\Windows\system32\hidserv.dll 13:27:46.0290 3000 hidserv - ok 13:27:46.0302 3000 HidUsb (3c64042b95e583b366ba4e5d2450235e) C:\Windows\system32\DRIVERS\hidusb.sys 13:27:46.0353 3000 HidUsb - ok 13:27:46.0383 3000 hkmsvc (d40aa05e29bf6ed29b139f044b461e9b) C:\Windows\system32\kmsvc.dll 13:27:46.0434 3000 hkmsvc - ok 13:27:46.0457 3000 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys 13:27:46.0463 3000 HpCISSs - ok 13:27:46.0494 3000 HTTP (ea24fe637d974a8a31bc650f478e3533) C:\Windows\system32\drivers\HTTP.sys 13:27:46.0531 3000 HTTP - ok 13:27:46.0545 3000 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys 13:27:46.0551 3000 i2omp - ok 13:27:46.0599 3000 i8042prt (1c9ee072baa3abb460b91d7ee9152660) C:\Windows\system32\DRIVERS\i8042prt.sys 13:27:46.0640 3000 i8042prt - ok 13:27:46.0664 3000 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys 13:27:46.0673 3000 iaStorV - ok 13:27:46.0747 3000 idsvc (6d1d3cab85ba0c63cb83296a8a1825f9) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 13:27:46.0810 3000 idsvc - ok 13:27:46.0814 3000 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys 13:27:46.0820 3000 iirsp - ok 13:27:46.0879 3000 IKEEXT (35662fe4d8622f667aa5a5568f7f1b40) C:\Windows\System32\ikeext.dll 13:27:46.0948 3000 IKEEXT - ok 13:27:47.0089 3000 IntcAzAudAddService (a82c70cbaec7b10e4c9c1341d729640f) C:\Windows\system32\drivers\RTKVHDA.sys 13:27:47.0152 3000 IntcAzAudAddService - ok 13:27:47.0256 3000 intelide (e5ea1c17da5065032e346591ff64f3af) C:\Windows\system32\drivers\intelide.sys 13:27:47.0263 3000 intelide - ok 13:27:47.0302 3000 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys 13:27:47.0354 3000 intelppm - ok 13:27:47.0380 3000 IPBusEnum (88cf5281ed9880d74dc9011cf8b5262d) C:\Windows\system32\ipbusenum.dll 13:27:47.0429 3000 IPBusEnum - ok 13:27:47.0448 3000 IpFilterDriver (880c6f86cc3f551b8fea2c11141268c0) C:\Windows\system32\DRIVERS\ipfltdrv.sys 13:27:47.0497 3000 IpFilterDriver - ok 13:27:47.0533 3000 iphlpsvc (ecc9ad72cfc4ab41cf6a9bcc11f9fef6) C:\Windows\System32\iphlpsvc.dll 13:27:47.0580 3000 iphlpsvc - ok 13:27:47.0582 3000 IpInIp - ok 13:27:47.0596 3000 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys 13:27:47.0632 3000 IPMIDRV - ok 13:27:47.0646 3000 IPNAT (10077c35845101548037df04fd1a420b) C:\Windows\system32\DRIVERS\ipnat.sys 13:27:47.0696 3000 IPNAT - ok 13:27:47.0712 3000 IRENUM (a82f328f4792304184642d6d397bb1e3) C:\Windows\system32\drivers\irenum.sys 13:27:47.0761 3000 IRENUM - ok 13:27:47.0781 3000 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys 13:27:47.0788 3000 isapnp - ok 13:27:47.0803 3000 iScsiPrt (4dca456d4d5723f8fa9c6760d240b0df) C:\Windows\system32\DRIVERS\msiscsi.sys 13:27:47.0811 3000 iScsiPrt - ok 13:27:47.0826 3000 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys 13:27:47.0833 3000 iteatapi - ok 13:27:47.0869 3000 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys 13:27:47.0875 3000 iteraid - ok 13:27:47.0887 3000 JRAID (c1632fe31d1824a43dea29725312e3fa) C:\Windows\system32\drivers\jraid.sys 13:27:47.0915 3000 JRAID - ok 13:27:47.0937 3000 kbdclass (b076b2ab806b3f696dab21375389101c) C:\Windows\system32\DRIVERS\kbdclass.sys 13:27:47.0944 3000 kbdclass - ok 13:27:47.0960 3000 kbdhid (ed61dbc6603f612b7338283edbacbc4b) C:\Windows\system32\DRIVERS\kbdhid.sys 13:27:47.0987 3000 kbdhid - ok 13:27:48.0017 3000 KeyIso (c731b1fe449d4e9cea358c9d55b69be9) C:\Windows\system32\lsass.exe 13:27:48.0066 3000 KeyIso - ok 13:27:48.0100 3000 KSecDD (0a829977b078dea11641fc2af87ceade) C:\Windows\system32\Drivers\ksecdd.sys 13:27:48.0131 3000 KSecDD - ok 13:27:48.0194 3000 KtmRm (45c537fe5dde9a0146aeff76e615737d) C:\Windows\system32\msdtckrm.dll 13:27:48.0248 3000 KtmRm - ok 13:27:48.0287 3000 LanmanServer (53d1482fc1aa36ac015a85e6cf2146bd) C:\Windows\system32\srvsvc.dll 13:27:48.0340 3000 LanmanServer - ok 13:27:48.0384 3000 LanmanWorkstation (435f0f6dc87a4b5da78f1fa309884189) C:\Windows\System32\wkssvc.dll 13:27:48.0427 3000 LanmanWorkstation - ok 13:27:48.0455 3000 lirsgt (4127e8b6ddb4090e815c1f8852c277d3) C:\Windows\system32\DRIVERS\lirsgt.sys 13:27:48.0461 3000 lirsgt - ok 13:27:48.0474 3000 lltdio (fd015b4f95daa2b712f0e372a116fbad) C:\Windows\system32\DRIVERS\lltdio.sys 13:27:48.0530 3000 lltdio - ok 13:27:48.0564 3000 lltdsvc (7450dbcf754391dd6363fffd5ef0e789) C:\Windows\System32\lltdsvc.dll 13:27:48.0622 3000 lltdsvc - ok 13:27:48.0644 3000 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll 13:27:48.0679 3000 lmhosts - ok 13:27:48.0695 3000 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys 13:27:48.0702 3000 LSI_FC - ok 13:27:48.0718 3000 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys 13:27:48.0725 3000 LSI_SAS - ok 13:27:48.0767 3000 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys 13:27:48.0774 3000 LSI_SCSI - ok 13:27:48.0780 3000 luafv (42885bb44b6e065b8575a8dd6c430c52) C:\Windows\system32\drivers\luafv.sys 13:27:48.0834 3000 luafv - ok 13:27:48.0881 3000 McMPFSvc - ok 13:27:48.0891 3000 Mcx2Svc (e93c1ad58e88a0846eaee10671c2a8f3) C:\Windows\system32\Mcx2Svc.dll 13:27:48.0920 3000 Mcx2Svc - ok 13:27:48.0946 3000 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys 13:27:48.0953 3000 megasas - ok 13:27:48.0965 3000 MMCSS (9dfa3a459af0954aa85b4f7622ad87bb) C:\Windows\system32\mmcss.dll 13:27:49.0019 3000 MMCSS - ok 13:27:49.0040 3000 Modem (21755967298a46fb6adfec9db6012211) C:\Windows\system32\drivers\modem.sys 13:27:49.0089 3000 Modem - ok 13:27:49.0119 3000 monitor (7446e104a5fe5987ca9e4983fbac4f97) C:\Windows\system32\DRIVERS\monitor.sys 13:27:49.0162 3000 monitor - ok 13:27:49.0182 3000 mouclass (5fba13c1a1841b0885d316ed3589489d) C:\Windows\system32\DRIVERS\mouclass.sys 13:27:49.0189 3000 mouclass - ok 13:27:49.0200 3000 mouhid (b569b5c5d3bde545df3a6af512cccdba) C:\Windows\system32\DRIVERS\mouhid.sys 13:27:49.0222 3000 mouhid - ok 13:27:49.0227 3000 MountMgr (01f1e5a3e4877c931cbb31613fec16a6) C:\Windows\system32\drivers\mountmgr.sys 13:27:49.0234 3000 MountMgr - ok 13:27:49.0282 3000 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe 13:27:49.0290 3000 MozillaMaintenance - ok 13:27:49.0329 3000 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys 13:27:49.0336 3000 mpio - ok 13:27:49.0361 3000 mpsdrv (6e7a7f0c1193ee5648443fe2d4b789ec) C:\Windows\system32\drivers\mpsdrv.sys 13:27:49.0406 3000 mpsdrv - ok 13:27:49.0438 3000 MpsSvc (563ed845885c6a7c09a7715d8bd0585c) C:\Windows\system32\mpssvc.dll 13:27:49.0482 3000 MpsSvc - ok 13:27:49.0503 3000 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys 13:27:49.0510 3000 Mraid35x - ok 13:27:49.0528 3000 MRxDAV (1d8828b98ee309d65e006f0829e280e5) C:\Windows\system32\drivers\mrxdav.sys 13:27:49.0569 3000 MRxDAV - ok 13:27:49.0602 3000 mrxsmb (8af705ce1bb907932157fab821170f27) C:\Windows\system32\DRIVERS\mrxsmb.sys 13:27:49.0650 3000 mrxsmb - ok 13:27:49.0669 3000 mrxsmb10 (47e13ab23371be3279eef22bbfa2c1be) C:\Windows\system32\DRIVERS\mrxsmb10.sys 13:27:49.0693 3000 mrxsmb10 - ok 13:27:49.0719 3000 mrxsmb20 (90b3fc7bd6b3d7ee7635debba2187f66) C:\Windows\system32\DRIVERS\mrxsmb20.sys 13:27:49.0729 3000 mrxsmb20 - ok 13:27:49.0743 3000 msahci (86068b8b54a5eb092f51657f00b2222a) C:\Windows\system32\drivers\msahci.sys 13:27:49.0750 3000 msahci - ok 13:27:49.0762 3000 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys 13:27:49.0769 3000 msdsm - ok 13:27:49.0793 3000 MSDTC (bc64a92d821efea8bab8e8caf1b668bc) C:\Windows\System32\msdtc.exe 13:27:49.0824 3000 MSDTC - ok 13:27:49.0828 3000 Msfs (729eafefd4e7417165f353a18dbe947d) C:\Windows\system32\drivers\Msfs.sys 13:27:49.0867 3000 Msfs - ok 13:27:49.0892 3000 msisadrv (5f454a16a5146cd91a176d70f0cfa3ec) C:\Windows\system32\drivers\msisadrv.sys 13:27:49.0898 3000 msisadrv - ok 13:27:49.0922 3000 MSiSCSI (8acf956d9154e893e789881430c12632) C:\Windows\system32\iscsiexe.dll 13:27:49.0978 3000 MSiSCSI - ok 13:27:49.0980 3000 msiserver - ok 13:27:50.0003 3000 MSKSSRV (892cedefa7e0ffe7be8da651b651d047) C:\Windows\system32\drivers\MSKSSRV.sys 13:27:50.0037 3000 MSKSSRV - ok 13:27:50.0043 3000 MSPCLOCK (ae2cb1da69b2676b4cee2a501af5871c) C:\Windows\system32\drivers\MSPCLOCK.sys 13:27:50.0097 3000 MSPCLOCK - ok 13:27:50.0099 3000 MSPQM (f910da84fa90c44a3addb7cd874463fd) C:\Windows\system32\drivers\MSPQM.sys 13:27:50.0143 3000 MSPQM - ok 13:27:50.0169 3000 MsRPC (84571c0ae07647ba38d493f5f0015df7) C:\Windows\system32\drivers\MsRPC.sys 13:27:50.0177 3000 MsRPC - ok 13:27:50.0187 3000 mssmbios (4385c80ede885e25492d408cad91bd6f) C:\Windows\system32\DRIVERS\mssmbios.sys 13:27:50.0193 3000 mssmbios - ok 13:27:50.0201 3000 MSTEE (c826dd1373f38afd9ca46ec3c436a14e) C:\Windows\system32\drivers\MSTEE.sys 13:27:50.0253 3000 MSTEE - ok 13:27:50.0275 3000 Mup (fa7aa70050cf5e2d15de00941e5665e5) C:\Windows\system32\Drivers\mup.sys 13:27:50.0282 3000 Mup - ok 13:27:50.0313 3000 napagent (1cdbb5d002fe2bc5300aa20550d8a52e) C:\Windows\system32\qagentRT.dll 13:27:50.0369 3000 napagent - ok 13:27:50.0462 3000 NativeWifiP (6da4a0fc7c0e83df0cb3cfd0a514c3bc) C:\Windows\system32\DRIVERS\nwifi.sys 13:27:50.0486 3000 NativeWifiP - ok 13:27:50.0528 3000 NDIS (227c11e1e7cf6ef8afb2a238d209760c) C:\Windows\system32\drivers\ndis.sys 13:27:50.0556 3000 NDIS - ok 13:27:50.0596 3000 NdisTapi (81659cdcbd0f9a9e07e6878ad8c78d3f) C:\Windows\system32\DRIVERS\ndistapi.sys 13:27:50.0618 3000 NdisTapi - ok 13:27:50.0633 3000 Ndisuio (5de5ee546bf40838ebe0e01cb629df64) C:\Windows\system32\DRIVERS\ndisuio.sys 13:27:50.0683 3000 Ndisuio - ok 13:27:50.0690 3000 NdisWan (397402adcbb8946223a1950101f6cd94) C:\Windows\system32\DRIVERS\ndiswan.sys 13:27:50.0733 3000 NdisWan - ok 13:27:50.0755 3000 NDProxy (1b24fa907af283199a81b3bb37e5e526) C:\Windows\system32\drivers\NDProxy.sys 13:27:50.0783 3000 NDProxy - ok 13:27:50.0801 3000 NetBIOS (356dbb9f98e8dc1028dd3092fceeb877) C:\Windows\system32\DRIVERS\netbios.sys 13:27:50.0849 3000 NetBIOS - ok 13:27:50.0876 3000 netbt (e3a168912e7eefc3bd3b814720d68b41) C:\Windows\system32\DRIVERS\netbt.sys 13:27:50.0913 3000 netbt - ok 13:27:50.0930 3000 Netlogon (c731b1fe449d4e9cea358c9d55b69be9) C:\Windows\system32\lsass.exe 13:27:50.0941 3000 Netlogon - ok 13:27:50.0969 3000 Netman (90a4dae28b94497f83bea0f2a3b77092) C:\Windows\System32\netman.dll 13:27:51.0024 3000 Netman - ok 13:27:51.0049 3000 netprofm (7c5c3d9ceee838856b828ab6f98a2857) C:\Windows\System32\netprofm.dll 13:27:51.0087 3000 netprofm - ok 13:27:51.0125 3000 NetTcpPortSharing (b418382de04ff58567aa07a2b66b2332) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 13:27:51.0152 3000 NetTcpPortSharing - ok 13:27:51.0170 3000 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys 13:27:51.0177 3000 nfrd960 - ok 13:27:51.0197 3000 NlaSvc (c424117a562f2de37a42266894c79aeb) C:\Windows\System32\nlasvc.dll 13:27:51.0248 3000 NlaSvc - ok 13:27:51.0252 3000 Npfs (4f9832beb9fafd8ceb0e541f1323b26e) C:\Windows\system32\drivers\Npfs.sys 13:27:51.0296 3000 Npfs - ok 13:27:51.0330 3000 nsi (23b8201a363de0e649fc75ee9874dee2) C:\Windows\system32\nsisvc.dll 13:27:51.0385 3000 nsi - ok 13:27:51.0409 3000 nsiproxy (b488dfec274de1fc9d653870ef2587be) C:\Windows\system32\drivers\nsiproxy.sys 13:27:51.0460 3000 nsiproxy - ok 13:27:51.0540 3000 Ntfs (37430aa7a66d7a63407adc2c0d05e9f6) C:\Windows\system32\drivers\Ntfs.sys 13:27:51.0573 3000 Ntfs - ok 13:27:51.0577 3000 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys 13:27:51.0628 3000 ntrigdigi - ok 13:27:51.0646 3000 Null (ec5efb3c60f1b624648344a328bce596) C:\Windows\system32\drivers\Null.sys 13:27:51.0681 3000 Null - ok 13:27:51.0791 3000 NVENETFD (d668632606d1cebf0b6ec64c1df7ed6f) C:\Windows\system32\DRIVERS\nvmfdx32.sys 13:27:51.0828 3000 NVENETFD - ok 13:27:52.0389 3000 nvlddmkm (f452e6ad3eda2852f44be492e283c40f) C:\Windows\system32\DRIVERS\nvlddmkm.sys 13:27:52.0784 3000 nvlddmkm - ok 13:27:52.0884 3000 nvraid (6f785db62a6d8f3fafd3e5695277e849) C:\Windows\system32\drivers\nvraid.sys 13:27:52.0928 3000 nvraid - ok 13:27:52.0945 3000 nvsmu (c44ee36dd84fa95eb81d79c374756003) C:\Windows\system32\DRIVERS\nvsmu.sys 13:27:52.0963 3000 nvsmu - ok 13:27:52.0975 3000 nvstor (4a5fcab82d9bf6af8a023a66802fe9e9) C:\Windows\system32\drivers\nvstor.sys 13:27:52.0983 3000 nvstor - ok 13:27:53.0056 3000 nvsvc (d122f7c5f79c68868f5dc28cefeb2ecf) C:\Windows\system32\nvvsvc.exe 13:27:53.0088 3000 nvsvc - ok 13:27:53.0250 3000 nvUpdatusService (003cb0a155568b4a53a301f07c734233) C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe 13:27:53.0359 3000 nvUpdatusService - ok 13:27:53.0437 3000 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys 13:27:53.0444 3000 nv_agp - ok 13:27:53.0446 3000 NwlnkFlt - ok 13:27:53.0448 3000 NwlnkFwd - ok 13:27:53.0472 3000 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\DRIVERS\ohci1394.sys 13:27:53.0519 3000 ohci1394 - ok 13:27:53.0561 3000 OpenVPNService (5952c16dcc36907fe09f0f39311277a1) C:\Program Files\Astaro\Astaro SSL VPN Client\bin\openvpnserv.exe 13:27:53.0581 3000 OpenVPNService ( UnsignedFile.Multi.Generic ) - warning 13:27:53.0581 3000 OpenVPNService - detected UnsignedFile.Multi.Generic (1) 13:27:53.0641 3000 p2pimsvc (016d01d3b8fb976a193c7434bed8dccf) C:\Windows\system32\p2psvc.dll 13:27:53.0716 3000 p2pimsvc - ok 13:27:53.0721 3000 p2psvc (016d01d3b8fb976a193c7434bed8dccf) C:\Windows\system32\p2psvc.dll 13:27:53.0740 3000 p2psvc - ok 13:27:53.0776 3000 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys 13:27:53.0828 3000 Parport - ok 13:27:53.0854 3000 partmgr (555a5b2c8022983bc7467bc925b222ee) C:\Windows\system32\drivers\partmgr.sys 13:27:53.0861 3000 partmgr - ok 13:27:53.0875 3000 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys 13:27:53.0910 3000 Parvdm - ok 13:27:53.0923 3000 PcaSvc (d8c5c215c932233a4f1d7f368f4e4e65) C:\Windows\System32\pcasvc.dll 13:27:53.0948 3000 PcaSvc - ok 13:27:53.0956 3000 pci (1085d75657807e0e8b32f9e19a1647c3) C:\Windows\system32\drivers\pci.sys 13:27:53.0964 3000 pci - ok 13:27:54.0008 3000 pciide (b2fc76090ef1003463ccb07cabb35cff) C:\Windows\system32\drivers\pciide.sys 13:27:54.0015 3000 pciide - ok 13:27:54.0038 3000 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys 13:27:54.0046 3000 pcmcia - ok 13:27:54.0135 3000 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys 13:27:54.0189 3000 PEAUTH - ok 13:27:54.0417 3000 PhilCap (95c48b0fdb5aa04bfcb70d774f512a71) C:\Windows\system32\DRIVERS\PhilCap.sys 13:27:54.0465 3000 PhilCap - ok 13:27:54.0559 3000 pla (cd05a38d166beade18030bafc0c0a939) C:\Windows\system32\pla.dll 13:27:54.0656 3000 pla - ok 13:27:54.0759 3000 PlugPlay (747bb4c31f3b6e8d1b5ed0ad61518cb5) C:\Windows\system32\umpnpmgr.dll 13:27:54.0771 3000 PlugPlay - ok 13:27:54.0811 3000 PNRPAutoReg (016d01d3b8fb976a193c7434bed8dccf) C:\Windows\system32\p2psvc.dll 13:27:54.0831 3000 PNRPAutoReg - ok 13:27:54.0836 3000 PNRPsvc (016d01d3b8fb976a193c7434bed8dccf) C:\Windows\system32\p2psvc.dll 13:27:54.0874 3000 PNRPsvc - ok 13:27:54.0913 3000 Point32 (420336f91eb745811cf130c80ede0653) C:\Windows\system32\DRIVERS\point32.sys 13:27:54.0919 3000 Point32 - ok 13:27:54.0961 3000 PolicyAgent (5ebdec613bd377ce9a85382be5c6b83b) C:\Windows\System32\ipsecsvc.dll 13:27:55.0016 3000 PolicyAgent - ok 13:27:55.0042 3000 PptpMiniport (6c359ac71d7b550a0d41f9db4563ce05) C:\Windows\system32\DRIVERS\raspptp.sys 13:27:55.0076 3000 PptpMiniport - ok 13:27:55.0109 3000 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys 13:27:55.0162 3000 Processor - ok 13:27:55.0193 3000 ProfSvc (213112e152e68f0e4705e36f052a2880) C:\Windows\system32\profsvc.dll 13:27:55.0230 3000 ProfSvc - ok 13:27:55.0254 3000 ProtectedStorage (c731b1fe449d4e9cea358c9d55b69be9) C:\Windows\system32\lsass.exe 13:27:55.0264 3000 ProtectedStorage - ok 13:27:55.0292 3000 PSched (2c8bae55247c4e09352e870292e4d1ab) C:\Windows\system32\DRIVERS\pacer.sys 13:27:55.0301 3000 PSched - ok 13:27:55.0386 3000 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys 13:27:55.0429 3000 ql2300 - ok 13:27:55.0460 3000 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys 13:27:55.0467 3000 ql40xx - ok 13:27:55.0508 3000 QWAVE (ca61bdfd3713a7ce75f2812afc431594) C:\Windows\system32\qwave.dll 13:27:55.0524 3000 QWAVE - ok 13:27:55.0535 3000 QWAVEdrv (d2b3e2b7426dc23e185fbc73c8936c12) C:\Windows\system32\drivers\qwavedrv.sys 13:27:55.0546 3000 QWAVEdrv - ok 13:27:55.0556 3000 RasAcd (bd7b30f55b3649506dd8b3d38f571d2a) C:\Windows\system32\DRIVERS\rasacd.sys 13:27:55.0590 3000 RasAcd - ok 13:27:55.0601 3000 RasAuto (f14f4aab9f54d099fe99192bdb100ac9) C:\Windows\System32\rasauto.dll 13:27:55.0638 3000 RasAuto - ok 13:27:55.0653 3000 Rasl2tp (88587dd843e2059848995b407b67f6cf) C:\Windows\system32\DRIVERS\rasl2tp.sys 13:27:55.0688 3000 Rasl2tp - ok 13:27:55.0705 3000 RasMan (11d65e29bc9d1e4114d18fe68194394c) C:\Windows\System32\rasmans.dll 13:27:55.0743 3000 RasMan - ok 13:27:55.0747 3000 RasPppoe (ccf4e9c6cbbac81437f88cb2ae0b6c96) C:\Windows\system32\DRIVERS\raspppoe.sys 13:27:55.0795 3000 RasPppoe - ok 13:27:55.0827 3000 rdbss (54129c5d9581bbec8bd1ebd3ba813f47) C:\Windows\system32\DRIVERS\rdbss.sys 13:27:55.0864 3000 rdbss - ok 13:27:55.0877 3000 RDPCDD (794585276b5d7fca9f3fc15543f9f0b9) C:\Windows\system32\DRIVERS\RDPCDD.sys 13:27:55.0911 3000 RDPCDD - ok 13:27:55.0936 3000 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys 13:27:55.0985 3000 rdpdr - ok 13:27:55.0988 3000 RDPENCDD (980b56e2e273e19d3a9d72d5c420f008) C:\Windows\system32\drivers\rdpencdd.sys 13:27:56.0032 3000 RDPENCDD - ok 13:27:56.0055 3000 RDPWD (8830e790a74a96605faba74f9665bb3c) C:\Windows\system32\drivers\RDPWD.sys 13:27:56.0112 3000 RDPWD - ok 13:27:56.0155 3000 RemoteAccess (6c1a43c589ee8011a1ebfd51c01b77ce) C:\Windows\System32\mprdim.dll 13:27:56.0191 3000 RemoteAccess - ok 13:27:56.0205 3000 RemoteRegistry (9a043808667c8c1893da7275af373f0e) C:\Windows\system32\regsvc.dll 13:27:56.0241 3000 RemoteRegistry - ok 13:27:56.0255 3000 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe 13:27:56.0265 3000 RpcLocator - ok 13:27:56.0312 3000 RpcSs (7b981222a257d076885bffb66f19b7ce) C:\Windows\system32\rpcss.dll 13:27:56.0330 3000 RpcSs - ok 13:27:56.0352 3000 rspndr (97e939d2128fec5d5a3e6e79b290a2f4) C:\Windows\system32\DRIVERS\rspndr.sys 13:27:56.0387 3000 rspndr - ok 13:27:56.0407 3000 SamSs (c731b1fe449d4e9cea358c9d55b69be9) C:\Windows\system32\lsass.exe 13:27:56.0417 3000 SamSs - ok 13:27:56.0429 3000 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys 13:27:56.0436 3000 sbp2port - ok 13:27:56.0538 3000 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe 13:27:56.0568 3000 SBSDWSCService - ok 13:27:56.0588 3000 SCardSvr (565b4b9e5ad2f2f18a4f8aafa6c06bbb) C:\Windows\System32\SCardSvr.dll 13:27:56.0625 3000 SCardSvr - ok 13:27:56.0663 3000 Schedule (886cec884b5be29ab9828b8ab46b11f7) C:\Windows\system32\schedsvc.dll 13:27:56.0731 3000 Schedule - ok 13:27:56.0762 3000 SCPolicySvc (0600e04315fe543802a379d5d23c8be0) C:\Windows\System32\certprop.dll 13:27:56.0797 3000 SCPolicySvc - ok 13:27:56.0822 3000 SDRSVC (f7b6bf02240d0a764adf8c8966735552) C:\Windows\System32\SDRSVC.dll 13:27:56.0865 3000 SDRSVC - ok 13:27:56.0890 3000 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 13:27:56.0939 3000 secdrv - ok 13:27:56.0962 3000 seclogon (8388c4133ddbe62ad7bc3ec9f14271ed) C:\Windows\system32\seclogon.dll 13:27:56.0998 3000 seclogon - ok 13:27:57.0006 3000 SENS (34350ae2c1d33d21c7305f861bd8dad8) C:\Windows\System32\sens.dll 13:27:57.0060 3000 SENS - ok 13:27:57.0082 3000 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys 13:27:57.0133 3000 Serenum - ok 13:27:57.0159 3000 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys 13:27:57.0215 3000 Serial - ok 13:27:57.0241 3000 sermouse (450accd77ec5cea720c1cdb9e26b953b) C:\Windows\system32\drivers\sermouse.sys 13:27:57.0264 3000 sermouse - ok 13:27:57.0288 3000 SessionEnv (78878235da4df0d116e86837a0a21df8) C:\Windows\system32\sessenv.dll 13:27:57.0325 3000 SessionEnv - ok 13:27:57.0338 3000 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys 13:27:57.0386 3000 sffdisk - ok 13:27:57.0407 3000 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys 13:27:57.0442 3000 sffp_mmc - ok 13:27:57.0448 3000 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys 13:27:57.0483 3000 sffp_sd - ok 13:27:57.0490 3000 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys 13:27:57.0541 3000 sfloppy - ok 13:27:57.0583 3000 sfsync04 (c526ad307ff1900bc4c864f74553f762) C:\Windows\system32\drivers\sfsync04.sys 13:27:57.0590 3000 sfsync04 - ok 13:27:57.0621 3000 SharedAccess (9a82bf4c90b00a63150a606a1e2fd82b) C:\Windows\System32\ipnathlp.dll 13:27:57.0633 3000 SharedAccess - ok 13:27:57.0645 3000 ShellHWDetection (b264dfa21677728613267fe63802b332) C:\Windows\System32\shsvcs.dll 13:27:57.0660 3000 ShellHWDetection - ok 13:27:57.0719 3000 SIS163u (370ed82428657a2344aba98a76c06250) C:\Windows\system32\DRIVERS\sis163u.sys 13:27:57.0747 3000 SIS163u - ok 13:27:57.0751 3000 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys 13:27:57.0758 3000 sisagp - ok 13:27:57.0775 3000 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys 13:27:57.0782 3000 SiSRaid2 - ok 13:27:57.0796 3000 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys 13:27:57.0803 3000 SiSRaid4 - ok 13:27:57.0937 3000 slsvc (a1dcd30534835cb67733ad00175125a6) C:\Windows\system32\SLsvc.exe 13:27:58.0083 3000 slsvc - ok 13:27:58.0194 3000 SLUINotify (56da296e7b376a727e7bdc5ac7fbee02) C:\Windows\system32\SLUINotify.dll 13:27:58.0224 3000 SLUINotify - ok 13:27:58.0247 3000 Smb (ac0d90738adb51a6fd12ff00874a2162) C:\Windows\system32\DRIVERS\smb.sys 13:27:58.0282 3000 Smb - ok 13:27:58.0296 3000 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe 13:27:58.0307 3000 SNMPTRAP - ok 13:27:58.0315 3000 spldr (426f9b029aa9162ceccf65369457d046) C:\Windows\system32\drivers\spldr.sys 13:27:58.0322 3000 spldr - ok 13:27:58.0339 3000 Spooler (da612ef2556776df2630b68bf2d48935) C:\Windows\System32\spoolsv.exe 13:27:58.0350 3000 Spooler - ok 13:27:58.0392 3000 srv (038579c35f7cad4a4bbf735dbf83277d) C:\Windows\system32\DRIVERS\srv.sys 13:27:58.0418 3000 srv - ok 13:27:58.0433 3000 srv2 (6971a757af8cb5e2cbcbb76cc530db6c) C:\Windows\system32\DRIVERS\srv2.sys 13:27:58.0477 3000 srv2 - ok 13:27:58.0483 3000 srvnet (9e1a4603b874eebce0298113951abefb) C:\Windows\system32\DRIVERS\srvnet.sys 13:27:58.0495 3000 srvnet - ok 13:27:58.0514 3000 SSDPSRV (8d3e4baff8b3997138c38eb1b600519a) C:\Windows\System32\ssdpsrv.dll 13:27:58.0552 3000 SSDPSRV - ok 13:27:58.0561 3000 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys 13:27:58.0567 3000 ssmdrv - ok 13:27:58.0638 3000 stisvc (a941e099ef46e3cc12f898cbe1c39910) C:\Windows\System32\wiaservc.dll 13:27:58.0698 3000 stisvc - ok 13:27:58.0717 3000 swenum (1379bdb336f8158c176a465e30759f57) C:\Windows\system32\DRIVERS\swenum.sys 13:27:58.0723 3000 swenum - ok 13:27:58.0743 3000 swprv (749ada8d6c18a08adfede69cbf5db2e0) C:\Windows\System32\swprv.dll 13:27:58.0806 3000 swprv - ok 13:27:58.0827 3000 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys 13:27:58.0834 3000 Symc8xx - ok 13:27:58.0848 3000 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys 13:27:58.0855 3000 Sym_hi - ok 13:27:58.0870 3000 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys 13:27:58.0877 3000 Sym_u3 - ok 13:27:58.0916 3000 SysMain (8f2b5fede18bd3c4c926cbf88e6f1264) C:\Windows\system32\sysmain.dll 13:27:58.0956 3000 SysMain - ok 13:27:58.0971 3000 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll 13:27:58.0998 3000 TabletInputService - ok 13:27:59.0033 3000 tap0901 (d3a66c827b3f729bcbab84eba8570b48) C:\Windows\system32\DRIVERS\tap0901.sys 13:27:59.0040 3000 tap0901 - ok 13:27:59.0063 3000 TapiSrv (ef3dd33c740fc2f82e7e4622f1c49289) C:\Windows\System32\tapisrv.dll 13:27:59.0102 3000 TapiSrv - ok 13:27:59.0111 3000 TBS (68fa52794ae9acc61bde16fe0956b414) C:\Windows\System32\tbssvc.dll 13:27:59.0148 3000 TBS - ok 13:27:59.0210 3000 Tcpip (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\drivers\tcpip.sys 13:27:59.0235 3000 Tcpip - ok 13:27:59.0243 3000 Tcpip6 (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\DRIVERS\tcpip.sys 13:27:59.0264 3000 Tcpip6 - ok 13:27:59.0291 3000 tcpipreg (5ce0c4a7b12d0067dad527d72b68c726) C:\Windows\system32\drivers\tcpipreg.sys 13:27:59.0326 3000 tcpipreg - ok 13:27:59.0335 3000 TDPIPE (964248aef49c31fa6a93201a73ffaf50) C:\Windows\system32\drivers\tdpipe.sys 13:27:59.0388 3000 TDPIPE - ok 13:27:59.0409 3000 TDTCP (7d2c1ae1648a60fce4aa0f7982e419d3) C:\Windows\system32\drivers\tdtcp.sys 13:27:59.0444 3000 TDTCP - ok 13:27:59.0449 3000 tdx (ab4fde8af4a0270a46a001c08cbce1c2) C:\Windows\system32\DRIVERS\tdx.sys 13:27:59.0484 3000 tdx - ok 13:27:59.0496 3000 TermDD (2c549bd9dd091fbfaa0a2a48e82ec2fb) C:\Windows\system32\DRIVERS\termdd.sys 13:27:59.0503 3000 TermDD - ok 13:27:59.0534 3000 TermService (fad71c1e8e4047b154e899ae31eb8caa) C:\Windows\System32\termsrv.dll 13:27:59.0577 3000 TermService - ok 13:27:59.0603 3000 Themes (b264dfa21677728613267fe63802b332) C:\Windows\system32\shsvcs.dll 13:27:59.0617 3000 Themes - ok 13:27:59.0637 3000 THREADORDER (9dfa3a459af0954aa85b4f7622ad87bb) C:\Windows\system32\mmcss.dll 13:27:59.0673 3000 THREADORDER - ok 13:27:59.0687 3000 TrkWks (6bba0582c0025d43729a1112d3b57897) C:\Windows\System32\trkwks.dll 13:27:59.0723 3000 TrkWks - ok 13:27:59.0754 3000 TrustedInstaller (34e388a395fedba1d0511ed39bbf4074) C:\Windows\servicing\TrustedInstaller.exe 13:27:59.0782 3000 TrustedInstaller - ok 13:27:59.0807 3000 tssecsrv (29f0eca726f0d51f7e048bdb0b372f29) C:\Windows\system32\DRIVERS\tssecsrv.sys 13:27:59.0856 3000 tssecsrv - ok 13:27:59.0939 3000 TuneUp.Defrag (c1a64414db4e49d41d9df9359ed9369b) C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe 13:27:59.0952 3000 TuneUp.Defrag - ok 13:28:00.0039 3000 TuneUp.UtilitiesSvc (dc653cf2d70827c4ebc2b157da25cf57) C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe 13:28:00.0065 3000 TuneUp.UtilitiesSvc - ok 13:28:00.0115 3000 TuneUpUtilitiesDrv (f2107c9d85ec0df116939ccce06ae697) C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys 13:28:00.0121 3000 TuneUpUtilitiesDrv - ok 13:28:00.0197 3000 tunmp (65e953bc0084d44498b51f59784d2a82) C:\Windows\system32\DRIVERS\tunmp.sys 13:28:00.0207 3000 tunmp - ok 13:28:00.0221 3000 tunnel (4a39bda5e0fd30bdf4884f9d33ae6105) C:\Windows\system32\DRIVERS\tunnel.sys 13:28:00.0231 3000 tunnel - ok 13:28:00.0250 3000 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys 13:28:00.0258 3000 uagp35 - ok 13:28:00.0279 3000 udfs (6348da98707ceda8a0dfb05820e17732) C:\Windows\system32\DRIVERS\udfs.sys 13:28:00.0317 3000 udfs - ok 13:28:00.0331 3000 UI0Detect (24a333f4f14dcfb6ff6d5a1b9e5d79dd) C:\Windows\system32\UI0Detect.exe 13:28:00.0342 3000 UI0Detect - ok 13:28:00.0356 3000 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys 13:28:00.0364 3000 uliagpkx - ok 13:28:00.0382 3000 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys 13:28:00.0392 3000 uliahci - ok 13:28:00.0408 3000 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys 13:28:00.0415 3000 UlSata - ok 13:28:00.0430 3000 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys 13:28:00.0438 3000 ulsata2 - ok 13:28:00.0453 3000 umbus (3fb78f1d1dd86d87bececd9dffa24dd9) C:\Windows\system32\DRIVERS\umbus.sys 13:28:00.0508 3000 umbus - ok 13:28:00.0541 3000 upnphost (8eb871a3deb6b3d5a85eb6ddfc390b59) C:\Windows\System32\upnphost.dll 13:28:00.0581 3000 upnphost - ok 13:28:00.0611 3000 usbccgp (b0ba9caffe9b0555ec0317f30cb79cd2) C:\Windows\system32\DRIVERS\usbccgp.sys 13:28:00.0656 3000 usbccgp - ok 13:28:00.0673 3000 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys 13:28:00.0709 3000 usbcir - ok 13:28:00.0730 3000 usbehci (c9fcd05b0a80ea08c2768e5a279b14de) C:\Windows\system32\DRIVERS\usbehci.sys 13:28:00.0739 3000 usbehci - ok 13:28:00.0769 3000 usbhub (5e44f7d957f7560da06bfe6b84b58a35) C:\Windows\system32\DRIVERS\usbhub.sys 13:28:00.0783 3000 usbhub - ok 13:28:00.0787 3000 usbohci (9333e482a173938788cbde8f81ec52fb) C:\Windows\system32\DRIVERS\usbohci.sys 13:28:00.0812 3000 usbohci - ok 13:28:00.0835 3000 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\DRIVERS\usbprint.sys 13:28:00.0872 3000 usbprint - ok 13:28:00.0901 3000 usbscan (b1f95285c08ddfe00c0b955462637ec7) C:\Windows\system32\DRIVERS\usbscan.sys 13:28:00.0937 3000 usbscan - ok 13:28:00.0962 3000 USBSTOR (7887ce56934e7f104e98c975f47353c5) C:\Windows\system32\DRIVERS\USBSTOR.SYS 13:28:01.0008 3000 USBSTOR - ok 13:28:01.0027 3000 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys 13:28:01.0063 3000 usbuhci - ok 13:28:01.0075 3000 UxSms (f79d0d7c9004474cb42746d9b2c30a2b) C:\Windows\System32\uxsms.dll 13:28:01.0127 3000 UxSms - ok 13:28:01.0146 3000 UxTuneUp (dc2172accb384c6a3d59342050422102) C:\Windows\System32\uxtuneup.dll 13:28:01.0153 3000 UxTuneUp - ok 13:28:01.0184 3000 vds (c9d0bafee0d0a2681f048ca61bc0da96) C:\Windows\System32\vds.exe 13:28:01.0201 3000 vds - ok 13:28:01.0231 3000 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys 13:28:01.0266 3000 vga - ok 13:28:01.0275 3000 VgaSave (17a8f877314e4067f8c8172cc6d9101c) C:\Windows\System32\drivers\vga.sys 13:28:01.0311 3000 VgaSave - ok 13:28:01.0325 3000 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys 13:28:01.0332 3000 viaagp - ok 13:28:01.0346 3000 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys 13:28:01.0399 3000 ViaC7 - ok 13:28:01.0424 3000 viaide (7aa7ec9a08dc2c39649c413b1a26e298) C:\Windows\system32\drivers\viaide.sys 13:28:01.0431 3000 viaide - ok 13:28:01.0450 3000 volmgr (103e84c95832d0ed93507997cc7b54e8) C:\Windows\system32\drivers\volmgr.sys 13:28:01.0457 3000 volmgr - ok 13:28:01.0472 3000 volmgrx (294da8d3f965f6a8db934a83c7b461ff) C:\Windows\system32\drivers\volmgrx.sys 13:28:01.0483 3000 volmgrx - ok 13:28:01.0496 3000 volsnap (80dc0c9bcb579ed9815001a4d37cbfd5) C:\Windows\system32\drivers\volsnap.sys 13:28:01.0506 3000 volsnap - ok 13:28:01.0526 3000 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys 13:28:01.0533 3000 vsmraid - ok 13:28:01.0593 3000 VSS (e0e29d9ef2524abd11749c7c2fd7f607) C:\Windows\system32\vssvc.exe 13:28:01.0636 3000 VSS - ok 13:28:01.0665 3000 W32Time (62b0d0f6f5580d9d0dfa5e0b466ff2ed) C:\Windows\system32\w32time.dll 13:28:01.0705 3000 W32Time - ok 13:28:01.0720 3000 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys 13:28:01.0756 3000 WacomPen - ok 13:28:01.0774 3000 Wanarp (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys 13:28:01.0784 3000 Wanarp - ok 13:28:01.0787 3000 Wanarpv6 (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys 13:28:01.0798 3000 Wanarpv6 - ok 13:28:01.0816 3000 wcncsvc (c1b19162e0509ceab4cdf664e139d956) C:\Windows\System32\wcncsvc.dll 13:28:01.0831 3000 wcncsvc - ok 13:28:01.0836 3000 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll 13:28:01.0875 3000 WcsPlugInService - ok 13:28:01.0879 3000 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys 13:28:01.0887 3000 Wd - ok 13:28:01.0929 3000 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys 13:28:01.0946 3000 Wdf01000 - ok 13:28:01.0967 3000 WdiServiceHost (2a424b89b14ef17a3d06bcb5a8f79601) C:\Windows\system32\wdi.dll 13:28:01.0996 3000 WdiServiceHost - ok 13:28:01.0999 3000 WdiSystemHost (2a424b89b14ef17a3d06bcb5a8f79601) C:\Windows\system32\wdi.dll 13:28:02.0013 3000 WdiSystemHost - ok 13:28:02.0052 3000 WebClient (01e41c264eedcb827820a1909162579f) C:\Windows\System32\webclnt.dll 13:28:02.0064 3000 WebClient - ok 13:28:02.0075 3000 Wecsvc (9cf67ff7f8d34cbf115d0c278b9f74aa) C:\Windows\system32\wecsvc.dll 13:28:02.0113 3000 Wecsvc - ok 13:28:02.0127 3000 wercplsupport (b68cab45db1dab59d92acadfad6364a8) C:\Windows\System32\wercplsupport.dll 13:28:02.0164 3000 wercplsupport - ok 13:28:02.0185 3000 WerSvc (36ba0707680ef4236fd752bee982cc25) C:\Windows\System32\WerSvc.dll 13:28:02.0222 3000 WerSvc - ok 13:28:02.0274 3000 WinDefend (0d5ad0e71ff5ddac5dd2f443b499abd0) C:\Program Files\Windows Defender\mpsvc.dll 13:28:02.0285 3000 WinDefend - ok 13:28:02.0290 3000 WinHttpAutoProxySvc - ok 13:28:02.0336 3000 Winmgmt (38a7b89de4e3417c122317949667fdd8) C:\Windows\system32\wbem\WMIsvc.dll 13:28:02.0389 3000 Winmgmt - ok 13:28:02.0427 3000 WinRM (3f6823040030c3e4da1cf11cd40b7534) C:\Windows\system32\WsmSvc.dll 13:28:02.0488 3000 WinRM - ok 13:28:02.0544 3000 Wlansvc (7640acea41348bfef34b76e245501261) C:\Windows\System32\wlansvc.dll 13:28:02.0622 3000 Wlansvc - ok 13:28:02.0658 3000 WmiAcpi (17eac0d023a65fa9b02114cc2baacad5) C:\Windows\system32\DRIVERS\wmiacpi.sys 13:28:02.0695 3000 WmiAcpi - ok 13:28:02.0727 3000 wmiApSrv (a279323bee5fffafda222910bce92132) C:\Windows\system32\wbem\WmiApSrv.exe 13:28:02.0737 3000 wmiApSrv - ok 13:28:02.0830 3000 WMPNetworkSvc (acb2e63d50157e3ea7140f29d9e76a48) C:\Program Files\Windows Media Player\wmpnetwk.exe 13:28:02.0886 3000 WMPNetworkSvc - ok 13:28:02.0914 3000 WPCSvc (3d3b3b80c12abe506f56930c46422c28) C:\Windows\System32\wpcsvc.dll 13:28:02.0953 3000 WPCSvc - ok 13:28:02.0975 3000 WPDBusEnum (c24844a1d0d9528b19d5bc266b8cd572) C:\Windows\system32\wpdbusenum.dll 13:28:03.0007 3000 WPDBusEnum - ok 13:28:03.0039 3000 WpdUsb (2d27171b16a577ef14c1273668753485) C:\Windows\system32\DRIVERS\wpdusb.sys 13:28:03.0087 3000 WpdUsb - ok 13:28:03.0117 3000 ws2ifsl (84620aecdcfd2a7a14e6263927d8c0ed) C:\Windows\system32\drivers\ws2ifsl.sys 13:28:03.0154 3000 ws2ifsl - ok 13:28:03.0169 3000 wscsvc (f97cbb919af6d0a6643d1a59c15014d1) C:\Windows\System32\wscsvc.dll 13:28:03.0199 3000 wscsvc - ok 13:28:03.0203 3000 WSearch - ok 13:28:03.0334 3000 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll 13:28:03.0412 3000 wuauserv - ok 13:28:03.0551 3000 WUDFRd (a2aafcc8a204736296d937c7c545b53f) C:\Windows\system32\DRIVERS\WUDFRd.sys 13:28:03.0604 3000 WUDFRd - ok 13:28:03.0626 3000 wudfsvc (db5bf5aab72b1b99b5331231d09ebb26) C:\Windows\System32\WUDFSvc.dll 13:28:03.0663 3000 wudfsvc - ok 13:28:03.0686 3000 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0 13:28:03.0883 3000 \Device\Harddisk0\DR0 - ok 13:28:03.0886 3000 Boot (0x1200) (3151a58075f1f57f2e5971c9e5b67a96) \Device\Harddisk0\DR0\Partition0 13:28:03.0888 3000 \Device\Harddisk0\DR0\Partition0 - ok 13:28:03.0917 3000 Boot (0x1200) (04253e24ab4c333404c937f68a18cef5) \Device\Harddisk0\DR0\Partition1 13:28:03.0919 3000 \Device\Harddisk0\DR0\Partition1 - ok 13:28:03.0938 3000 Boot (0x1200) (57fbe5b0b8bec124b545f81704f294d3) \Device\Harddisk0\DR0\Partition2 13:28:03.0939 3000 \Device\Harddisk0\DR0\Partition2 - ok 13:28:03.0940 3000 ============================================================ 13:28:03.0940 3000 Scan finished 13:28:03.0940 3000 ============================================================ 13:28:03.0949 2896 Detected object count: 1 13:28:03.0949 2896 Actual detected object count: 1 13:28:17.0527 2896 OpenVPNService ( UnsignedFile.Multi.Generic ) - skipped by user 13:28:17.0527 2896 OpenVPNService ( UnsignedFile.Multi.Generic ) - User select action: Skip Matjes |
11.05.2012, 13:26 | #10 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Mein GMX-Account verschickt Spammails Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
11.05.2012, 19:51 | #11 |
| Mein GMX-Account verschickt Spammails Combofix Logfile: Code:
ATTFilter ComboFix 12-05-11.03 - Matze 11.05.2012 20:44:03.1.4 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.49.1031.18.3071.2359 [GMT 2:00] ausgeführt von:: c:\users\Matze\Desktop\ComboFix.exe . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\unin0407.exe . . ((((((((((((((((((((((( Dateien erstellt von 2012-04-11 bis 2012-05-11 )))))))))))))))))))))))))))))) . . 2012-05-11 18:47 . 2012-05-11 18:47 -------- d-----w- c:\users\Matze\AppData\Local\temp 2012-05-09 05:08 . 2012-04-13 07:36 6734704 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9FA75F4E-877D-4E25-9A42-6AD80CCA931D}\mpengine.dll 2012-05-08 21:49 . 2012-05-08 21:49 -------- d-----w- C:\_OTL 2012-05-05 18:31 . 2012-05-05 18:31 -------- d-----w- c:\program files\7-Zip 2012-05-04 13:45 . 2012-05-04 13:45 -------- d-----w- c:\program files\Trend Micro 2012-05-03 17:20 . 2012-05-08 21:49 -------- d-----w- c:\program files\Spybot - Search & Destroy 2012-05-03 17:20 . 2012-05-06 07:35 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2012-05-02 15:22 . 2012-05-02 16:28 -------- d-----w- c:\programdata\McAfee 2012-05-02 15:15 . 2012-04-21 01:18 97208 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll 2012-05-02 15:15 . 2012-04-21 01:54 868952 ----a-w- c:\program files\Mozilla Firefox\uninstall\helper.exe 2012-05-01 13:04 . 2012-05-01 13:04 -------- d-----w- c:\users\Matze\AppData\Local\ESET 2012-04-25 18:48 . 2012-05-02 15:59 -------- d-----w- c:\program files\Mozilla Maintenance Service 2012-04-25 18:48 . 2012-04-21 01:16 157352 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe 2012-04-25 18:48 . 2012-04-21 01:16 129976 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe 2012-04-24 05:13 . 2012-04-24 05:13 -------- d-----w- c:\users\Matze\AppData\Roaming\Avira 2012-04-24 05:09 . 2012-05-08 21:47 83392 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2012-04-24 05:09 . 2012-05-08 21:47 137928 ----a-w- c:\windows\system32\drivers\avipbb.sys 2012-04-24 05:09 . 2011-09-16 14:08 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys 2012-04-24 05:09 . 2012-04-24 05:09 -------- d-----w- c:\programdata\Avira 2012-04-24 05:09 . 2012-04-24 05:09 -------- d-----w- c:\program files\Avira . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-05-05 09:09 . 2012-03-31 15:33 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-05-05 09:09 . 2011-09-08 17:30 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-04-04 13:56 . 2011-09-09 10:55 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-02-23 08:18 . 2011-09-09 09:53 237072 ------w- c:\windows\system32\MpSigStub.exe 2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll 2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll 2012-04-21 01:18 . 2012-05-02 15:15 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2011-09-10 1232896] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="RtHDVCpl.exe" [2007-12-17 4718592] "Skytel"="Skytel.exe" [2007-11-20 1826816] "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-01-07 1778552] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-01-07 1797488] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-05-08 348624] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "EPSON Stylus DX8400 Series"=c:\windows\system32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE /FU "c:\windows\TEMP\E_S870F.tmp" /EF "HKCU" . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "openvpn-gui"=c:\program files\Astaro\Astaro SSL VPN Client\bin\openvpn-gui.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring"=dword:00000001 . R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] . . --- Andere Dienste/Treiber im Speicher --- . *NewlyCreated* - 35018371 *Deregistered* - 35018371 . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Inhalt des "geplante Tasks" Ordners . 2012-05-11 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 09:09] . . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://www.gmx.de/ mStart Page = hxxp://search.searchonme.com/ TCP: DhcpNameServer = 192.168.220.1 FF - ProfilePath - c:\users\Matze\AppData\Roaming\Mozilla\Firefox\Profiles\uig1ebrz.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - www.gmx.de . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net Rootkit scan 2012-05-11 20:47 Windows 6.0.6000 NTFS . Scanne versteckte Prozesse... . Scanne versteckte Autostarteinträge... . Scanne versteckte Dateien... . Scan erfolgreich abgeschlossen versteckte Dateien: 0 . ************************************************************************** . Zeit der Fertigstellung: 2012-05-11 20:49:05 ComboFix-quarantined-files.txt 2012-05-11 18:49 . Vor Suchlauf: 10 Verzeichnis(se), 100.436.992.000 Bytes frei Nach Suchlauf: 14 Verzeichnis(se), 100.403.355.648 Bytes frei . - - End Of File - - 94D9D531596522237F9ACA110BC6EBA5 Danke und gruß Matjes |
11.05.2012, 21:37 | #12 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Mein GMX-Account verschickt Spammails Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten |
11.05.2012, 22:02 | #13 |
| Mein GMX-Account verschickt Spammails GMER Logfile: Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net Rootkit scan 2012-05-11 22:58:43 Windows 6.0.6000 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-1 WDC_WD5000AAKS-07YGA0 rev.12.01C02 Running: tgkb0ots.exe; Driver: C:\Users\Matze\AppData\Local\Temp\ugrcypow.sys ---- System - GMER 1.0.15 ---- SSDT 8CF3556C ZwClose SSDT 8CF35576 ZwCreateSection SSDT 8CF35567 ZwDuplicateObject SSDT 8CF35508 ZwOpenProcess SSDT 8CF3550D ZwOpenThread SSDT 8CF35580 ZwRequestWaitReplyPort SSDT 8CF3557B ZwSetContextThread SSDT 8CF35585 ZwSetSecurityObject SSDT 8CF3558A ZwSystemDebugControl SSDT 8CF35517 ZwTerminateProcess ---- Kernel code sections - GMER 1.0.15 ---- .text ntoskrnl.exe!_alloca_probe + EC 83855E5C 4 Bytes [6C, 55, F3, 8C] .text ntoskrnl.exe!_alloca_probe + 158 83855EC8 4 Bytes [76, 55, F3, 8C] .text ntoskrnl.exe!_alloca_probe + 230 83855FA0 4 Bytes [67, 55, F3, 8C] .text ntoskrnl.exe!_alloca_probe + 334 838560A4 4 Bytes [08, 55, F3, 8C] .text ntoskrnl.exe!_alloca_probe + 350 838560C0 4 Bytes [0D, 55, F3, 8C] .text ... .xreloc C:\Windows\System32\drivers\sfsync04.sys unknown last section [0x80431000, 0xC5E, 0x40000040] .text C:\Windows\system32\DRIVERS\atksgt.sys section is writeable [0xA57BD300, 0x3ACC8, 0xE8000020] .text C:\Windows\system32\DRIVERS\lirsgt.sys section is writeable [0x91AC2300, 0x1B7E, 0xE8000020] ? C:\Windows\system32\Drivers\PROCEXP113.SYS Das System kann die angegebene Datei nicht finden. ! ? C:\Users\Matze\AppData\Local\Temp\catchme.sys Das System kann die angegebene Datei nicht finden. ! ---- Devices - GMER 1.0.15 ---- Device \Driver\USBSTOR \Device\00000063 88EB3660 Device \Driver\USBSTOR \Device\00000064 88EB3660 Device \Driver\USBSTOR \Device\00000065 88EB3660 Device \Driver\atapi \Device\Ide\IdePort0 864E5090 Device \Driver\atapi \Device\Ide\IdePort1 864E5090 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-2 864E5090 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-1 864E5090 Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-3 864E5090 Device \Driver\USBSTOR \Device\00000066 88EB3660 Device \Driver\USBSTOR \Device\00000067 88EB3660 Device \Driver\USBSTOR \Device\00000068 88EB3660 ---- EOF - GMER 1.0.15 ---- OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 23:37:39 on 11.05.2012 OS: Windows Vista Home Premium Edition (Build 6000), 32-bit Default Browser: Mozilla Corporation Firefox 12.0 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "Adobe Flash Player Updater.job" - "Adobe Systems Incorporated" - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "atksgt" (atksgt) - ? - C:\Windows\System32\DRIVERS\atksgt.sys (File found, but it contains no detailed information) "avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys "avkmgr" (avkmgr) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avkmgr.sys "catchme" (catchme) - ? - C:\Users\Matze\AppData\Local\Temp\catchme.sys (File not found) "IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys (File not found) "IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys (File not found) "IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys (File not found) "lirsgt" (lirsgt) - ? - C:\Windows\System32\DRIVERS\lirsgt.sys (File found, but it contains no detailed information) "mbr" (mbr) - ? - C:\ComboFix\mbr.sys (Hidden registry entry, rootkit activity | File not found) "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys "StarForce Protection Synchronization Driver (version 4.x)" (sfsync04) - "Protection Technology (StarForce)" - C:\Windows\System32\drivers\sfsync04.sys "TuneUpUtilitiesDrv" (TuneUpUtilitiesDrv) - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys "ugrcypow" (ugrcypow) - ? - C:\Users\Matze\AppData\Local\Temp\ugrcypow.sys (Hidden registry entry, rootkit activity | File not found) [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? - (File not found | COM-object registry key not found) {23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll {1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {653DCCC2-13DB-45B2-A389-427885776CFE} "Activities Property Page" - "Microsoft Corporation" - C:\Program Files\Microsoft IntelliPoint\ipcplact.dll {124597D8-850A-41AE-849C-017A4FA99CA2} "Buttons Property Page" - "Microsoft Corporation" - C:\Program Files\Microsoft IntelliPoint\ipcplbtn.dll {0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? - (File not found | COM-object registry key not found) {A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\Program Files\NVIDIA Corporation\Display\nvui.dll {2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? - (File not found | COM-object registry key not found) {3BEABCC1-BF31-42df-88D9-A2955D6B8528} "IntelliPoint Sensitivity Property Page" - "Microsoft Corporation" - C:\Program Files\Microsoft IntelliPoint\ipcplsens.dll {ED6E87C6-8A83-43aa-8208-8DBC8247F4D2} "IntelliType Pro Key Settings Property Page" - "Microsoft Corporation" - C:\Program Files\Microsoft IntelliType Pro\itcplkey.dll {111D8120-25EB-4E1C-A4DF-C9EE5FCA35CB} "IntelliType Pro Scrolling Property Page" - "Microsoft Corporation" - C:\Program Files\Microsoft IntelliType Pro\itcplwhl.dll {1825D0FA-5B0C-4e20-A929-3EFD15B6DF71} "IntelliType Pro Touchpad Control Property Page" - "Microsoft Corporation" - C:\Program Files\Microsoft IntelliType Pro\itcpltp.dll {A2569D1F-4E06-43EC-9825-0088B471BE47} "IntelliType Pro Wireless Control Panel Property Page" - "Microsoft Corporation" - C:\Program Files\Microsoft IntelliType Pro\itcplwir.dll {97FA8AA2-EE77-4FF2-9449-424D8924EF21} "IntelliType Pro Zooming Property Page" - "Microsoft Corporation" - C:\Program Files\Microsoft IntelliType Pro\itcplzm.dll {00020d75-0000-0000-c000-000000000046} "lnkfile" - ? - (File not found | COM-object registry key not found) {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} "NVIDIA CPL Context Menu Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvshext.dll {C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll {1184D0ED-DBCE-4170-8DBB-4D0C3905DA85} "Touch Property Page" - "Microsoft Corporation" - C:\Program Files\Microsoft IntelliPoint\ipcpltouch.dll {4838CD50-7E5D-4811-9B17-C47A85539F28} "TuneUp Disk Space Explorer Shell Extension" - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2010\DseShExt-x86.dll {4858E7D9-8E12-45a3-B6A3-1CD128C9D403} "TuneUp Shredder Shell Extension" - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2010\SDShelEx-win32.dll {44440D00-FF19-4AFC-B765-9A0970567D97} "TuneUp Theme Extension" - "TuneUp Software" - C:\Windows\System32\uxtuneup.dll {AF90F543-6A3A-4C1B-8B16-ECEC073E69BE} "Wheel Property Page" - "Microsoft Corporation" - C:\Program Files\Microsoft IntelliPoint\ipcplwhl.dll {da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found) {20082881-FC36-4E47-9A7A-644C95FF749F} "Wireless Property Page" - "Microsoft Corporation" - C:\Program Files\Microsoft IntelliPoint\ipcplwir.dll [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\system32\Macromed\Flash\Flash32_11_2_202_235.ocx / hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {53707962-6F74-2D53-2644-206D7942484F} "ClsidExtension" - "Safer Networking Limited" - C:\PROGRA~1\SPYBOT~1\SDHelper.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {53707962-6F74-2D53-2644-206D7942484F} "Spybot-S&D IE Protection" - "Safer Networking Limited" - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\Matze\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min "IntelliPoint" - "Microsoft Corporation" - "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" "itype" - "Microsoft Corporation" - "C:\Program Files\Microsoft IntelliType Pro\itype.exe" [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@%SystemRoot%\System32\uxtuneup.dll,-4096" (UxTuneUp) - "TuneUp Software" - C:\Windows\System32\uxtuneup.dll "@C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1" (TuneUp.Defrag) - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe "Adobe Acrobat Update Service" (AdobeARMservice) - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe "Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) - "Adobe Systems Incorporated" - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe "Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe "Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\sched.exe "McAfee Personal Firewall Service" (McMPFSvc) - ? - "C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc (File not found) "Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe "NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe "NVIDIA Update Service Daemon" (nvUpdatusService) - "NVIDIA Corporation" - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe "OpenVPN Service" (OpenVPNService) - ? - C:\Program Files\Astaro\Astaro SSL VPN Client\bin\openvpnserv.exe (File found, but it contains no detailed information) "SBSD Security Center Service" (SBSDWSCService) - "Safer Networking Ltd." - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe "TuneUp Utilities Service" (TuneUp.UtilitiesSvc) - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru [/code] |
11.05.2012, 22:46 | #14 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Mein GMX-Account verschickt Spammails aswMBR kommt noch?
__________________ Logfiles bitte immer in CODE-Tags posten |
11.05.2012, 22:53 | #15 |
| Mein GMX-Account verschickt SpammailsCode:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software Run date: 2012-05-11 23:40:41 ----------------------------- 23:40:41.933 OS Version: Windows 6.0.6000 23:40:41.933 Number of processors: 4 586 0xF0B 23:40:41.938 ComputerName: MATZE-PC UserName: Matze 23:40:42.424 Initialize success 23:44:40.216 AVAST engine defs: 12051101 23:45:17.468 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-1 23:45:17.471 Disk 0 Vendor: WDC_WD5000AAKS-07YGA0 12.01C02 Size: 476940MB BusType: 3 23:45:17.599 Disk 0 MBR read successfully 23:45:17.601 Disk 0 MBR scan 23:45:17.612 Disk 0 Windows VISTA default MBR code 23:45:17.652 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 12000 MB offset 2048 23:45:17.668 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 160627 MB offset 24578048 23:45:17.714 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 150000 MB offset 353542144 23:45:17.735 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 154311 MB offset 660742144 23:45:17.788 Disk 0 scanning sectors +976771072 23:45:18.056 Disk 0 scanning C:\Windows\system32\drivers 23:45:42.190 Service scanning 23:45:59.321 Modules scanning 23:46:05.447 Disk 0 trace - called modules: 23:46:05.465 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x864e5090]<< 23:46:05.469 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x864e2ad8] 23:46:05.473 3 ntoskrnl.exe[838a80af] -> nt!IofCallDriver -> [0x85a81860] 23:46:05.477 5 acpi.sys[8047f32a] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T1L0-1[0x85a84730] 23:46:05.481 \Driver\atapi[0x864c7030] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0x864e5090 23:46:06.269 AVAST engine scan C:\Windows 23:46:09.553 AVAST engine scan C:\Windows\system32 23:49:32.151 AVAST engine scan C:\Windows\system32\drivers 23:49:43.339 AVAST engine scan C:\Users\Matze 23:51:37.631 AVAST engine scan C:\ProgramData 23:52:27.677 Scan finished successfully 23:52:48.073 Disk 0 MBR has been saved successfully to "C:\Users\Matze\Desktop\MBR.dat" 23:52:48.077 The log file has been saved successfully to "C:\Users\Matze\Desktop\aswMBR.txt" Matjes Geändert von matjes80 (11.05.2012 um 22:59 Uhr) |
Themen zu Mein GMX-Account verschickt Spammails |
acrobat update, adapter, adobe, adobe flash player, antivir, avg, avira, dateisystem, defender, desktop, explorer, firefox, firewall, flash player, gmx-account, helper, heuristiks/extra, heuristiks/shuriken, home, mail delivery, malwarebytes, mozilla, nvidia, nvidia update, passwort, pdf, security, svchost.exe, system, usb, wenig ahnung, windows, wireless |