|
Plagegeister aller Art und deren Bekämpfung: GMX warnt: Hacker haben Zugriff auf Ihr GMX PostfachWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
13.11.2012, 15:20 | #1 |
| GMX warnt: Hacker haben Zugriff auf Ihr GMX Postfach Lieber Herr xxx, es geht um Ihre Sicherheit: Unsere Sicherheitsexperten haben festgestellt, dass unbefugte Dritte auf Ihr GMX Postfach zugegriffen haben. Ändern Sie daher umgehend das Passwort Ihres GMX Accounts! Zur Änderung Ihres Passworts gehen Sie bitte wie folgt vor: 1. Melden Sie sich unter www.gmx.net an. 2. Ändern Sie unter "Mein Account" Ihr Passwort. Eine ausführliche Hilfe zur Änderung des Passworts finden Sie unter: hxxp://hilfe2.gmx.net/classic/content/resources/allgemeines/mein_account/passwort.htm Ich habe sofort das Passwort geändert und geschaut, ob irgendetwas manipuliert wurde. Konnte nichts feststellen. Mein PC wurde vor kurzem von Malware befreit s. http://www.trojaner-board.de/125086-...strojaner.html Ich greife auch via Telefon auf gmx zu. Soll ich diese Mail ernst nehmen oder eher als Info sehen? Gruß, KKS |
14.11.2012, 14:01 | #2 |
/// Helfer-Team | GMX warnt: Hacker haben Zugriff auf Ihr GMX Postfachwie sicher war dein vorheriges Passwort? zur sicherheit: Scanne bitte: http://www.trojaner-board.de/126981-...tml#post956070
__________________ |
14.11.2012, 16:53 | #3 |
| GMX warnt: Hacker haben Zugriff auf Ihr GMX Postfach Kann ich mein altes bzw. neues Passwort irgendwo bewerten lassen?
__________________Altes Pw hatte: Groß- und Kleinbuchstaben, Zahlen und Sonderzeichen und war 11 Zeichen lang. Das Wort war ein Name und dann eine Zahlenkombination. Scan folgt... MBAR: Code:
ATTFilter Malwarebytes Anti-Rootkit 1.1.0.1009 www.malwarebytes.org Database version: v2012.11.14.05 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 14.11.2012 17:52:12 mbar-log-2012-11-14 (17-52-12).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken Scan options disabled: PUP | PUM | P2P Objects scanned: 26340 Time elapsed: 26 minute(s), 47 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) |
14.11.2012, 20:59 | #4 | |
/// Helfer-Team | GMX warnt: Hacker haben Zugriff auf Ihr GMX PostfachZitat:
Systemscan mit OTL (bebilderte Anleitung) Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)- Doppelklick auf die OTL.exe
|
14.11.2012, 22:22 | #5 |
| GMX warnt: Hacker haben Zugriff auf Ihr GMX Postfach Danke Dir wieder für Deine Untersützung. OTL Logfile: Code:
ATTFilter OTL logfile created on: 14.11.2012 21:49:16 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Administrator\Desktop Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1022,05 Mb Total Physical Memory | 290,04 Mb Available Physical Memory | 28,38% Memory free 2,40 Gb Paging File | 1,53 Gb Available in Paging File | 63,86% Paging File free Paging file location(s): D:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 58,09 Gb Total Space | 10,90 Gb Free Space | 18,76% Space Free | Partition Type: NTFS Drive D: | 53,70 Gb Total Space | 10,06 Gb Free Space | 18,73% Space Free | Partition Type: NTFS Computer Name: PRALINE | User Name: XXX | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Java\jre7\bin\jqs.exe (Oracle Corporation) PRC - C:\Programme\Secure Banking\SecureBanking.exe (Secure Banking) PRC - C:\Programme\Secure Banking\sbservice.exe () PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) PRC - C:\Programme\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET) PRC - C:\Programme\ESET\ESET NOD32 Antivirus\egui.exe (ESET) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Programme\TotalcmdSE\TOTALCMD.EXE (C. Ghisler & Co.) PRC - C:\Programme\Intel\Wireless\Bin\ZCfgSvc.exe (Intel Corporation) PRC - C:\Programme\Intel\Wireless\Bin\iFrmewrk.exe (Intel Corporation) PRC - C:\Programme\Intel\Wireless\Bin\Dot1XCfg.exe (Intel Corporation) PRC - C:\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Incorporated) ========== Modules (No Company Name) ========== MOD - c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_94c661de\mscorlib.dll () MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_02938818\system.drawing.dll () MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_1d107056\system.windows.forms.dll () MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_70d02f96\system.dll () MOD - c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll () MOD - c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll () MOD - C:\Programme\Mozilla Firefox\mozjs.dll () MOD - C:\Programme\Java\jre7\bin\jp2native.dll () MOD - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll () MOD - C:\Programme\Secure Banking\sbservice.exe () MOD - C:\Programme\Secure Banking\SecureBanking.dll () MOD - C:\Programme\Secure Banking\funcs.dll () MOD - c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll () MOD - C:\WINDOWS\system32\sbe.dll () MOD - C:\WINDOWS\system32\msdmo.dll () MOD - C:\Programme\Intel\Wireless\Bin\iWMSProv.dll () MOD - C:\Programme\Intel\Wireless\Bin\IntStngs.dll () MOD - C:\Programme\Intel\Wireless\Bin\acAuth.dll () MOD - C:\WINDOWS\system32\nvshell.dll () MOD - C:\Acer\Empowering Technology\ePower\DialogDLL.dll () MOD - C:\Acer\Empowering Technology\ePower\SysHook.dll () ========== Services (SafeList) ========== SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found SRV - (AcrSch2Svc) -- C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe File not found SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (JavaQuickStarterService) -- C:\Programme\Java\jre7\bin\jqs.exe (Oracle Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies) SRV - (ekrn) -- C:\Programme\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET) SRV - (odserv) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (rpcapd) -- C:\Programme\WinPCap\rpcapd.exe (CACE Technologies) SRV - (AWService) -- C:\Acer\Empowering Technology\admServ.exe (Avocent Inc.) ========== Driver Services (SafeList) ========== DRV - (WDICA) -- File not found DRV - (UnlockerDriver5) -- D:\Eigene Dateien\Downloads\x86\UnlockerDriver5.sys File not found DRV - (PDRFRAME) -- File not found DRV - (PDRELI) -- File not found DRV - (PDFRAME) -- File not found DRV - (PDCOMP) -- File not found DRV - (PCIDump) -- File not found DRV - (lbrtfdc) -- File not found DRV - (i2omgmt) -- File not found DRV - (Changer) -- File not found DRV - (mbamchameleon) -- C:\WINDOWS\system32\drivers\mbamchameleon.sys () DRV - (epfwtdir) -- C:\WINDOWS\system32\drivers\epfwtdir.sys (ESET) DRV - (eamon) -- C:\WINDOWS\system32\drivers\eamon.sys (ESET) DRV - (ehdrv) -- C:\WINDOWS\system32\drivers\ehdrv.sys (ESET) DRV - (FsUsbExDisk) -- C:\WINDOWS\system32\FsUsbExDisk.Sys () DRV - (ssadmdm) -- C:\WINDOWS\system32\drivers\ssadmdm.sys (MCCI Corporation) DRV - (ssadbus) -- C:\WINDOWS\system32\drivers\ssadbus.sys (MCCI Corporation) DRV - (ssadmdfl) -- C:\WINDOWS\system32\drivers\ssadmdfl.sys (MCCI Corporation) DRV - (androidusb) -- C:\WINDOWS\system32\drivers\ssadadb.sys (Google Inc) DRV - (sscdmdm) -- C:\WINDOWS\system32\drivers\sscdmdm.sys (MCCI Corporation) DRV - (sscdserd) -- C:\WINDOWS\system32\drivers\sscdserd.sys (MCCI Corporation) DRV - (sscdbus) -- C:\WINDOWS\system32\drivers\sscdbus.sys (MCCI Corporation) DRV - (sscdmdfl) -- C:\WINDOWS\system32\drivers\sscdmdfl.sys (MCCI Corporation) DRV - (sptd) -- C:\WINDOWS\system32\drivers\sptd.sys () DRV - (SNPSTD3) -- C:\WINDOWS\system32\drivers\snpstd3.sys (Sonix Co. Ltd.) DRV - (IntcAzAudAddService) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys (Realtek Semiconductor Corp.) DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation) DRV - (ESMCR) -- C:\WINDOWS\system32\drivers\ESM7SK.sys (ENE Technology Inc.) DRV - (ESDCR) -- C:\WINDOWS\system32\drivers\ESD7SK.sys (ENE Technology Inc.) DRV - (EMSCR) -- C:\WINDOWS\system32\drivers\EMS7SK.sys (ENE Technology Inc.) DRV - (NPF) -- C:\WINDOWS\system32\drivers\npf.sys (CACE Technologies) DRV - (EpmShd) -- C:\WINDOWS\system32\drivers\epm-shd.sys (Acer Value Labs, USA) DRV - (EpmPsd) -- C:\WINDOWS\system32\drivers\epm-psd.sys (Acer Value Labs, USA) DRV - (VD_FileDisk) -- C:\WINDOWS\System32\drivers\vd_filedisk.sys (Flint Incorporation) DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation) DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.) DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.) DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.) DRV - (OsaFsLoc) -- C:\WINDOWS\system32\drivers\OsaFsLoc.sys (OSA Technologies) DRV - (osaio) -- C:\WINDOWS\system32\drivers\osaio.sys (OSA Technologies, An Avocent Company) DRV - (NETMNT) -- C:\WINDOWS\system32\drivers\NETMNT.sys () DRV - (osanbm) -- C:\WINDOWS\system32\drivers\osanbm.sys (Windows (R) 2000 DDK provider) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-796845957-1960408961-682003330-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-796845957-1960408961-682003330-500\..\SearchScopes,DefaultScope = {D51954D2-7C0E-4EB1-902A-FA5A35C9F6B0} IE - HKU\S-1-5-21-796845957-1960408961-682003330-500\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-796845957-1960408961-682003330-500\..\SearchScopes\{D2CC6BB2-B815-4B33-A0F1-4088E8F93725}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms} IE - HKU\S-1-5-21-796845957-1960408961-682003330-500\..\SearchScopes\{D51954D2-7C0E-4EB1-902A-FA5A35C9F6B0}: "URL" = hxxp://www.google.de/search?q={searchTerms} IE - HKU\S-1-5-21-796845957-1960408961-682003330-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:13.0.0 FF - prefs.js..extensions.enabledAddons: web2pdfextension@web2pdf.adobedotcom:1.2 FF - prefs.js..extensions.enabledAddons: amznUWL2@amazon.com:1.10 FF - prefs.js..extensions.enabledAddons: {99B98C2C-7274-45a3-A640-D9DF1A1C8460}:1.4 FF - prefs.js..extensions.enabledAddons: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20120926 FF - prefs.js..extensions.enabledAddons: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.6 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Programme\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@logitech.com/HarmonyRemote,version=1.0.0: C:\Programme\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Programme\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.10.27 08:32:06 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.11.11 17:39:47 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Programme\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2012.10.10 12:05:47 | 000,000,000 | ---D | M] [2012.11.11 13:52:42 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Extensions [2012.11.14 20:37:31 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\kf2qwhig.default\extensions [2012.10.16 20:38:47 | 000,000,000 | ---D | M] (WOT) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\kf2qwhig.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2012.11.14 20:37:31 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\kf2qwhig.default\extensions\staged [2012.09.26 13:53:17 | 000,243,287 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\kf2qwhig.default\extensions\amznUWL2@amazon.com.xpi [2012.11.03 21:03:17 | 000,530,388 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\kf2qwhig.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012.07.25 20:28:41 | 000,030,312 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\kf2qwhig.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}.xpi [2012.10.12 10:32:28 | 000,030,926 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\kf2qwhig.default\extensions\{99B98C2C-7274-45a3-A640-D9DF1A1C8460}.xpi [2012.11.13 19:11:04 | 000,741,958 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\kf2qwhig.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.11.14 20:37:30 | 000,530,679 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\kf2qwhig.default\extensions\staged\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2011.12.25 21:09:27 | 000,002,101 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\kf2qwhig.default\searchplugins\googlede-1.xml [2012.10.27 08:31:07 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2009.09.03 11:42:37 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [2012.10.27 08:32:06 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll O1 HOSTS File: ([2011.12.28 21:05:22 | 000,002,407 | RH-- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll (HiTRUST) O4 - HKLM..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe (Acer Value Labs, Taiwan) O4 - HKLM..\Run: [egui] C:\Programme\ESET\ESET NOD32 Antivirus\egui.exe (ESET) O4 - HKLM..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Incorporated) O4 - HKLM..\Run: [IntelWireless] C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation) O4 - HKLM..\Run: [IntelZeroConfig] C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKU\S-1-5-21-796845957-1960408961-682003330-500..\Run: [SecureBanking] C:\Programme\Secure Banking\SecureBanking.exe (Secure Banking) O4 - HKLM..\RunOnce: [Z1] C:\Dokumente und Einstellungen\Administrator\Desktop\mbar\mbar.exe (Malwarebytes Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme () O7 - HKU\S-1-5-21-796845957-1960408961-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab (Office Genuine Advantage Validation Tool) O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} hxxp://express.foto.com/ImageUploader5.cab (Image Uploader Control) O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab (Creative Software AutoUpdate) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1341344750375 (MUWebControl Class) O16 - DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} https://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab (CeWe Color AG & Co. OHG Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} hxxp://as.photoprintit.de/ips-opdata/layout/default01/activex/IPSUploader4.cab (IPSUploader4 Control) O16 - DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} hxxp://static.pe.studivz.net/photouploader/ImageUploader5.cab?nocache=1206641500 (Image Uploader Control) O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} hxxp://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine) O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} hxxp://as.photoprintit.de/ips-opdata/layout/default01/activex/IPSUploader4.cab (IPSUploader4 Control) O16 - DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15106/CTPID.cab (Creative Software AutoUpdate Support Package) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{42A141B9-90DE-415C-B5DC-3CB6A33D5A88}: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\NavLogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.11.14 20:12:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NVIDIA [2012.11.14 17:21:42 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Desktop\mbar [2012.11.11 19:13:56 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Administrator\Recent [2012.11.11 17:42:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Microsoft Office [2012.11.11 17:42:33 | 000,031,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msonpmon.dll [2012.11.11 17:39:45 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Works [2012.11.11 17:38:41 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Visual Studio [2012.11.11 17:38:41 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\DESIGNER [2012.11.11 17:37:20 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft.NET [2012.11.11 17:34:51 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.11.11 17:30:35 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Visual Studio 8 [2012.11.11 17:29:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Microsoft Help [2012.11.11 17:28:46 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft Help [2012.11.11 17:27:23 | 000,000,000 | RH-D | C] -- C:\MSOCache [2012.11.11 13:38:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT [2012.11.11 13:37:57 | 000,000,000 | ---D | C] -- C:\JRT [2012.11.02 19:31:01 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe [2012.11.01 21:16:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\WinRAR [2012.11.01 21:16:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\WinRAR [2012.10.31 17:05:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\VideoLAN [2012.10.27 08:31:03 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox [2012.10.23 18:32:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\.jordan [2012.10.22 19:29:37 | 000,000,000 | ---D | C] -- D:\Eigene Dateien\Einladung [2012.10.20 14:15:34 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Java [2012.10.20 14:15:21 | 000,143,872 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl [2012.10.20 14:15:20 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe [2012.10.20 14:15:07 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe [2012.10.20 14:15:07 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe [2012.10.20 14:15:07 | 000,093,672 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll [2012.10.20 14:14:41 | 000,000,000 | ---D | C] -- C:\Programme\Java ========== Files - Modified Within 30 Days ========== [2012.11.14 21:47:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe [2012.11.14 21:12:03 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012.11.14 17:24:50 | 000,035,144 | ---- | M] () -- C:\WINDOWS\System32\drivers\mbamchameleon.sys [2012.11.14 11:20:21 | 000,051,048 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2012.11.14 11:20:06 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012.11.14 11:20:04 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.11.14 11:20:01 | 1071,763,456 | -HS- | M] () -- C:\hiberfil.sys [2012.11.14 11:20:01 | 000,278,152 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012.11.14 09:08:57 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2012.11.14 09:02:39 | 000,463,336 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2012.11.14 09:02:39 | 000,444,848 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012.11.14 09:02:39 | 000,086,172 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2012.11.14 09:02:39 | 000,072,724 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012.11.10 20:54:49 | 000,000,723 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\tiptoi.lnk [2012.11.03 23:05:27 | 009,359,532 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\2012-08-02_a4-hk.pdf [2012.11.01 21:05:07 | 000,044,796 | ---- | M] () -- C:\Dokumente [2012.11.01 11:21:34 | 000,881,833 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\SecurityCheck.exe [2012.10.31 17:05:55 | 000,000,695 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\VLC media player.lnk [2012.10.22 20:56:29 | 001,866,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\win32k.sys [2012.10.22 20:56:29 | 001,866,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\win32k.sys [2012.10.20 14:14:51 | 000,093,672 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll [2012.10.20 14:14:48 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll [2012.10.20 14:14:48 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll [2012.10.20 14:14:48 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe [2012.10.20 14:14:48 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe [2012.10.20 14:14:48 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe [2012.10.20 14:14:48 | 000,143,872 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl [2012.10.16 21:25:15 | 000,001,104 | ---- | M] () -- C:\WINDOWS\WISO.INI ========== Files Created - No Company Name ========== [2012.11.14 17:24:50 | 000,035,144 | ---- | C] () -- C:\WINDOWS\System32\drivers\mbamchameleon.sys [2012.11.14 09:08:42 | 000,001,393 | ---- | C] () -- C:\WINDOWS\imsins.BAK [2012.11.03 23:05:27 | 009,359,532 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\2012-08-02_a4-hk.pdf [2012.11.01 21:04:51 | 000,044,796 | ---- | C] () -- C:\Dokumente [2012.11.01 11:21:14 | 000,881,833 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\SecurityCheck.exe [2012.10.31 17:05:55 | 000,000,695 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\VLC media player.lnk [2012.02.16 20:01:30 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2011.09.25 21:25:09 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll [2011.09.25 21:25:09 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys [2011.09.25 21:25:03 | 000,002,528 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\$_hpcst$.hpc [2011.07.05 19:13:45 | 000,000,275 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\SciTE.session [2011.03.17 21:40:04 | 000,000,034 | ---- | C] () -- C:\WINDOWS\cdplayer.ini [2011.03.04 21:08:34 | 000,036,363 | ---- | C] () -- C:\WINDOWS\CSTBox.INI [2010.11.23 21:25:41 | 000,431,168 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\mdbu.bin [2008.08.24 12:02:17 | 000,000,040 | -HS- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\.zreglib [2008.03.24 11:42:16 | 000,145,920 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.03.01 23:27:04 | 000,000,146 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat ========== ZeroAccess Check ========== [2008.03.01 20:37:05 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2008.04.14 06:52:26 | 001,499,136 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 11:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 06:52:34 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2008.03.24 11:43:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Acer [2008.03.06 21:02:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Buhl Data Service [2012.10.01 18:51:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Buhl Data Service GmbH [2011.03.04 20:34:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Canon [2008.12.17 16:55:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\DataDesign [2012.02.24 21:15:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\DroidExplorer [2012.05.06 10:19:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Dropbox [2009.09.17 14:31:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\ICAClient [2008.12.23 12:39:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\ICQ [2008.03.01 21:18:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\ICQLite [2008.03.06 22:02:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\KLS Soft [2012.10.01 19:02:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\LetsTrade [2012.02.24 22:12:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\MyPhoneExplorer [2009.01.16 19:25:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\OfficeUpdate12 [2008.04.14 18:04:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Opera [2012.07.28 11:25:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\RavensburgerTipToi [2012.02.24 21:42:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Samsung [2010.10.21 20:05:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Sony [2008.03.24 11:41:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Acer [2008.03.01 23:41:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Acronis [2012.10.26 18:01:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Buhl Data Service GmbH [2012.10.03 20:11:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CPA_VA [2012.10.10 12:05:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ESET [2008.03.03 18:37:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\fun communications [2008.03.06 22:01:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\KLS Soft [2010.11.23 20:07:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lidl_Fotos [2011.06.19 19:52:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\mquadr.at [2012.11.10 20:54:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\RavensburgerTipToi [2012.01.06 14:54:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\regid.1986-12.com.adobe [2011.09.25 21:25:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Samsung [2012.04.19 20:48:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\tmp [2009.01.21 19:47:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Zylom [2012.02.21 22:46:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\DroidExplorer [2012.10.03 20:12:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\TightVNC ========== Purity Check ========== < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 14.11.2012 21:49:16 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Administrator\Desktop Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1022,05 Mb Total Physical Memory | 290,04 Mb Available Physical Memory | 28,38% Memory free 2,40 Gb Paging File | 1,53 Gb Available in Paging File | 63,86% Paging File free Paging file location(s): D:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 58,09 Gb Total Space | 10,90 Gb Free Space | 18,76% Space Free | Partition Type: NTFS Drive D: | 53,70 Gb Total Space | 10,06 Gb Free Space | 18,73% Space Free | Partition Type: NTFS Computer Name: PRALINE | User Name: XXX | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* [HKEY_USERS\S-1-5-21-796845957-1960408961-682003330-500\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* http [open] -- Reg Error: Key error. https [open] -- Reg Error: Key error. piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN) Directory [CEWE FOTOSCHAU] -- "C:\Programme\dm\dm-Fotowelt\CEWE FOTOSCHAU.exe" -d "%1" () Directory [dm-Fotowelt] -- "C:\Programme\dm\dm-Fotowelt\dm-Fotowelt.exe" "%1" () Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Open in Total Commander] -- "C:\Programme\TotalcmdSE\totalcmd.exe" /O /T "%1" (C. Ghisler & Co.) Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) "C:\Programme\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Programme\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- () [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) "C:\Programme\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Programme\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- () "C:\WINDOWS\system32\msiexec.exe" = C:\WINDOWS\system32\msiexec.exe:*:Enabled:Windows® installer -- (Microsoft Corporation) "C:\Programme\Skype\Phone\Skype.exe" = C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.) "C:\Programme\Gemeinsame Dateien\Comodo\tvnserver.exe" = C:\Programme\Gemeinsame Dateien\Comodo\tvnserver.exe:*:Enabled:TVN Server "C:\Programme\Java\jre7\bin\javaw.exe" = C:\Programme\Java\jre7\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Oracle Corporation) "C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation) "C:\Programme\Microsoft Office\Office12\GROOVE.EXE" = C:\Programme\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation) "C:\Programme\Microsoft Office\Office12\ONENOTE.EXE" = C:\Programme\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView "{0E806605-5B82-4A4F-BC31-AA4FADA03C42}" = t@x 2012 "{15B70821-7893-4607-805A-BB80F3EA8279}" = Acer Empowering Technology framework "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{207E9B74-F4D3-4FD7-8142-16FF41825BC4}_is1" = Secure Banking Version 1.5.1 "{235211CA-D0E3-4EC8-95D4-C024CE37537C}" = WISO Mein Geld 2012 Professional "{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe "{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9 "{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup "{3C3149F0-912F-4E6E-BB1E-CEDFCCF7EB96}" = Unsere Hochzeit "{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA "{486C6400-78D7-47A5-B715-6828B4A4759D}" = ESET NOD32 Antivirus "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4DA416AE-6D1C-40D6-BCA3-A65A59DD60FC}" = Acer eDataSecurity Management "{51A533F5-8E80-42D0-9E08-D11B17EFFDCB}_is1" = Total Commander SE v7 "{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management "{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7 "{634F79E1-2A41-4C40-9E8D-89EC740AC9D6}" = Logitech Harmony Remote Software "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{6CA897D0-67F5-4F75-8261-DC8BFCA6DA42}" = Acer eLock Management "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{80F19EAA-44C4-47C2-AE87-1C7628E858D6}" = Logitech Harmony Remote Software 7 "{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr "{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp "{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 12 "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz "{90CC4231-94AC-45CD-991A-0253BFAC0650}" = mDrWiFi "{92DF2F1B-F63C-4D9A-B3E1-B2D11AE29790}" = Windows Presentation Foundation Language Pack (DEU) "{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML "{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation "{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNet Management "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU "{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones "{DAB4E2E7-5E5C-499F-A533-303AAD4C8981}" = WiiGSC "{DEE08946-40F0-4890-853E-60A6C3306041}" = Acer ePerformance Management "{E38BC648-883B-4EE5-966C-94C4B7AB3E0B}" = Acer eSettings Management "{E431C518-2EE2-471E-9234-BE995C36D513}" = Acer eDataSecurity Management 1.00.26 "{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack "{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore "{ECD03DA7-5952-406A-8156-5F0C93618D1F}" = USB PC Camera Plus "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10 "{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F2A7F421-1679-48D5-B918-96999014ED53}" = Microsoft .NET Framework 3.0 German Language Pack "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5 "{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Biet-O-Matic v2.10.1" = Biet-O-Matic v2.10.1 "CCleaner" = CCleaner "CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_1025007F" = HDAUDIO Soft Data Fax Modem with SmartCP "Defraggler" = Defraggler "dm-Fotowelt" = dm-Fotowelt "ENTERPRISE" = Microsoft Office Enterprise 2007 "ePresentation" = Acer ePresentation Management "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "ie8" = Windows Internet Explorer 8 "InstallShield_{15B70821-7893-4607-805A-BB80F3EA8279}" = Acer Empowering Technology framework "InstallShield_{6CA897D0-67F5-4F75-8261-DC8BFCA6DA42}" = Acer eLock Management "InstallShield_{DEE08946-40F0-4890-853E-60A6C3306041}" = Acer ePerformance Management "InstallShield_{E38BC648-883B-4EE5-966C-94C4B7AB3E0B}" = Acer eSettings Management "LetsTrade" = LetsTrade Komponenten "Lidl-Fotos_is1" = Lidl-Fotos "LManager" = Launch Manager "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000 "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.0 German Language Pack" = Microsoft .NET Framework 3.0 German Language Pack "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "NVIDIA Drivers" = NVIDIA Drivers "Picasa 3" = Picasa 3 "ProInst" = Intel(R) PROSet/Wireless Software "Ravensburger tiptoi" = Ravensburger tiptoi "Tweak UI 2.10" = Tweak UI "VLC media player" = VLC media player 2.0.4 "Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 "WIC" = Windows Imaging Component "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "WinRAR archiver" = WinRAR 4.20 (32-Bit) "WISO Mein Geld 2012 Professional" = WISO Mein Geld 2012 Professional "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0 "XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0 ========== Last 20 Event Log Errors ========== Error - 03.10.2012 03:21:49 | Computer Name = PRALINE | Source = Avira Antivirus | ID = 4109 Description = Error - 03.10.2012 14:39:15 | Computer Name = PRALINE | Source = Avira Antivirus | ID = 4109 Description = [ System Events ] Error - 11.09.2012 03:00:29 | Computer Name = PRALINE | Source = ipnathlp | ID = 32003 Description = Der Übersetzer für Netzwerkadressen (NAT) konnte keine Anfrage des Übersetzungsmoduls des Kernelmodus stellen. Möglicherweise liegen eine falsche Konfiguration, unzureichende Ressourcen oder ein interner Fehler vor. Die Daten enthalten den Fehlercode. Error - 02.10.2012 14:06:58 | Computer Name = PRALINE | Source = DCOM | ID = 10005 Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "EventSystem" mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {1BE1F766-5536-11D1-B726-00C04FB926AF} Error - 02.10.2012 14:08:50 | Computer Name = PRALINE | Source = DCOM | ID = 10005 Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "EventSystem" mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {1BE1F766-5536-11D1-B726-00C04FB926AF} Error - 12.10.2012 08:57:14 | Computer Name = PRALINE | Source = ACPIEC | ID = 327681 Description = \Device\ACPIEC: Die Hardware des Embedded Controllers (EC) hat nicht innerhalb des Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware bzw. auf ein schlecht angelegtes BIOS hin, das auf nicht sichere Art und Weise auf den EC zugreift. Der EC-Treiber wird erneut versuchen, die fehlgeschlagene Transaktion durchzuführen. Error - 13.10.2012 16:18:53 | Computer Name = PRALINE | Source = sr | ID = 1 Description = Beim Verarbeiten der Datei "" auf Volume "HarddiskVolume1" ist im Wiederherstellungsfilter der unerwartete Fehler "0xC0000001" aufgetreten. Die Volumeüberwachung wurde angehalten. Error - 28.10.2012 02:35:46 | Computer Name = PRALINE | Source = Disk | ID = 262151 Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D. Error - 28.10.2012 02:37:02 | Computer Name = PRALINE | Source = Disk | ID = 262151 Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D. Error - 28.10.2012 12:04:51 | Computer Name = PRALINE | Source = Disk | ID = 262151 Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D. Error - 31.10.2012 04:06:04 | Computer Name = PRALINE | Source = Disk | ID = 262151 Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D. Error - 31.10.2012 06:48:10 | Computer Name = PRALINE | Source = Disk | ID = 262151 Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D. < End of report > |
15.11.2012, 00:39 | #6 |
/// Helfer-Team | GMX warnt: Hacker haben Zugriff auf Ihr GMX Postfach 1. Scan mit: http://www.trojaner-board.de/126981-...i-rootkit.html 2. TDSSKiller von Kaspersky - Lade den TDSSKiller und entpacke das Archiv auf Deinen Desktop.Hier findest Du eine ausführlichere TDSSKiller Anleitung.
__________________ --> GMX warnt: Hacker haben Zugriff auf Ihr GMX Postfach |
15.11.2012, 09:40 | #7 |
| GMX warnt: Hacker haben Zugriff auf Ihr GMX Postfach Scan von mbar habe ich 3 Antworten vorher gepostet. TDSS: Code:
ATTFilter 09:02:25.0156 3928 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35 09:02:25.0531 3928 ============================================================ 09:02:25.0531 3928 Current date / time: 2012/11/15 09:02:25.0531 09:02:25.0531 3928 SystemInfo: 09:02:25.0531 3928 09:02:25.0531 3928 OS Version: 5.1.2600 ServicePack: 3.0 09:02:25.0531 3928 Product type: Workstation 09:02:25.0531 3928 ComputerName: PRALINE 09:02:25.0531 3928 UserName: XXX 09:02:25.0531 3928 Windows directory: C:\WINDOWS 09:02:25.0531 3928 System windows directory: C:\WINDOWS 09:02:25.0531 3928 Processor architecture: Intel x86 09:02:25.0531 3928 Number of processors: 1 09:02:25.0531 3928 Page size: 0x1000 09:02:25.0531 3928 Boot type: Normal boot 09:02:25.0531 3928 ============================================================ 09:02:27.0078 3928 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054 09:02:27.0078 3928 ============================================================ 09:02:27.0078 3928 \Device\Harddisk0\DR0: 09:02:27.0078 3928 MBR partitions: 09:02:27.0078 3928 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x742D6A0 09:02:27.0078 3928 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x742D6DF, BlocksNum 0x6B660E2 09:02:27.0078 3928 ============================================================ 09:02:27.0109 3928 C: <-> \Device\Harddisk0\DR0\Partition1 09:02:27.0140 3928 D: <-> \Device\Harddisk0\DR0\Partition2 09:02:27.0140 3928 ============================================================ 09:02:27.0140 3928 Initialize success 09:02:27.0140 3928 ============================================================ 09:02:34.0484 3284 ============================================================ 09:02:34.0484 3284 Scan started 09:02:34.0484 3284 Mode: Manual; SigCheck; TDLFS; 09:02:34.0484 3284 ============================================================ 09:02:35.0781 3284 ================ Scan system memory ======================== 09:02:35.0781 3284 System memory - ok 09:02:35.0781 3284 ================ Scan services ============================= 09:02:35.0906 3284 Abiosdsk - ok 09:02:35.0906 3284 abp480n5 - ok 09:02:35.0968 3284 [ AC407F1A62C3A300B4F2B5A9F1D55B2C ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys 09:02:36.0281 3284 ACPI - ok 09:02:36.0296 3284 [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys 09:02:36.0437 3284 ACPIEC - ok 09:02:36.0500 3284 AcrSch2Svc - ok 09:02:36.0562 3284 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe 09:02:36.0656 3284 AdobeFlashPlayerUpdateSvc - ok 09:02:36.0656 3284 adpu160m - ok 09:02:36.0687 3284 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys 09:02:36.0859 3284 aec - ok 09:02:36.0890 3284 [ 15E655BAA989444F56787EF558823643 ] AegisP C:\WINDOWS\system32\DRIVERS\AegisP.sys 09:02:36.0921 3284 AegisP ( UnsignedFile.Multi.Generic ) - warning 09:02:36.0921 3284 AegisP - detected UnsignedFile.Multi.Generic (1) 09:02:36.0968 3284 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys 09:02:37.0000 3284 AFD - ok 09:02:37.0015 3284 Aha154x - ok 09:02:37.0015 3284 aic78u2 - ok 09:02:37.0015 3284 aic78xx - ok 09:02:37.0062 3284 [ 738D80CC01D7BC7584BE917B7F544394 ] Alerter C:\WINDOWS\system32\alrsvc.dll 09:02:37.0218 3284 Alerter - ok 09:02:37.0234 3284 [ 190CD73D4984F94D823F9444980513E5 ] ALG C:\WINDOWS\System32\alg.exe 09:02:37.0375 3284 ALG - ok 09:02:37.0375 3284 AliIde - ok 09:02:37.0390 3284 amsint - ok 09:02:37.0421 3284 [ DD8D9C597AF7CD2F6B70A3D6A4A1ACEA ] androidusb C:\WINDOWS\system32\Drivers\ssadadb.sys 09:02:37.0531 3284 androidusb - ok 09:02:37.0562 3284 [ D45960BE52C3C610D361977057F98C54 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll 09:02:37.0703 3284 AppMgmt - ok 09:02:37.0703 3284 asc - ok 09:02:37.0703 3284 asc3350p - ok 09:02:37.0718 3284 asc3550 - ok 09:02:37.0812 3284 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe 09:02:37.0828 3284 aspnet_state - ok 09:02:37.0875 3284 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys 09:02:38.0000 3284 AsyncMac - ok 09:02:38.0015 3284 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys 09:02:38.0171 3284 atapi - ok 09:02:38.0171 3284 Atdisk - ok 09:02:38.0171 3284 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys 09:02:38.0312 3284 Atmarpc - ok 09:02:38.0343 3284 [ 58ED0D5452DF7BE732193E7999C6B9A4 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll 09:02:38.0484 3284 AudioSrv - ok 09:02:38.0515 3284 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys 09:02:38.0671 3284 audstub - ok 09:02:38.0781 3284 [ E1EC228D87915050BDF59F6331AD7247 ] AWService C:\Acer\Empowering Technology\admServ.exe 09:02:38.0875 3284 AWService ( UnsignedFile.Multi.Generic ) - warning 09:02:38.0875 3284 AWService - detected UnsignedFile.Multi.Generic (1) 09:02:38.0953 3284 [ C768C8A463D32C219CE291645A0621A4 ] bcm4sbxp C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys 09:02:38.0984 3284 bcm4sbxp - ok 09:02:39.0015 3284 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys 09:02:39.0171 3284 Beep - ok 09:02:39.0203 3284 [ D6F603772A789BB3228F310D650B8BD1 ] BITS C:\WINDOWS\system32\qmgr.dll 09:02:39.0343 3284 BITS - ok 09:02:39.0390 3284 [ B71549F23736ADF83A571061C47777FD ] Browser C:\WINDOWS\System32\browser.dll 09:02:39.0421 3284 Browser - ok 09:02:39.0468 3284 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys 09:02:39.0625 3284 cbidf2k - ok 09:02:39.0671 3284 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys 09:02:39.0781 3284 CCDECODE - ok 09:02:39.0796 3284 cd20xrnt - ok 09:02:39.0828 3284 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys 09:02:39.0953 3284 Cdaudio - ok 09:02:39.0968 3284 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys 09:02:40.0109 3284 Cdfs - ok 09:02:40.0156 3284 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys 09:02:40.0281 3284 Cdrom - ok 09:02:40.0281 3284 Changer - ok 09:02:40.0312 3284 [ 28E3040D1F1CA2008CD6B29DFEBC9A5E ] CiSvc C:\WINDOWS\system32\cisvc.exe 09:02:40.0453 3284 CiSvc - ok 09:02:40.0484 3284 [ 778A30ED3C134EB7E406AFC407E9997D ] ClipSrv C:\WINDOWS\system32\clipsrv.exe 09:02:40.0625 3284 ClipSrv - ok 09:02:40.0671 3284 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 09:02:40.0703 3284 clr_optimization_v2.0.50727_32 - ok 09:02:40.0718 3284 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys 09:02:40.0843 3284 CmBatt - ok 09:02:40.0859 3284 CmdIde - ok 09:02:40.0875 3284 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys 09:02:41.0015 3284 Compbatt - ok 09:02:41.0015 3284 COMSysApp - ok 09:02:41.0031 3284 Cpqarray - ok 09:02:41.0046 3284 [ 611F824E5C703A5A899F84C5F1699E4D ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll 09:02:41.0187 3284 CryptSvc - ok 09:02:41.0187 3284 dac2w2k - ok 09:02:41.0203 3284 dac960nt - ok 09:02:41.0265 3284 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] DcomLaunch C:\WINDOWS\system32\rpcss.dll 09:02:41.0296 3284 DcomLaunch - ok 09:02:41.0343 3284 [ C29A1C9B75BA38FA37F8C44405DEC360 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll 09:02:41.0468 3284 Dhcp - ok 09:02:41.0468 3284 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys 09:02:41.0609 3284 Disk - ok 09:02:41.0656 3284 [ 08D30AF92C270F2E76787C81589DBAD6 ] DKbFltr C:\WINDOWS\system32\DRIVERS\DKbFltr.sys 09:02:41.0687 3284 DKbFltr - ok 09:02:41.0687 3284 dmadmin - ok 09:02:41.0750 3284 [ 0DCFC8395A99FECBB1EF771CEC7FE4EA ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys 09:02:41.0890 3284 dmboot - ok 09:02:41.0937 3284 [ 53720AB12B48719D00E327DA470A619A ] dmio C:\WINDOWS\system32\drivers\dmio.sys 09:02:42.0078 3284 dmio - ok 09:02:42.0093 3284 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys 09:02:42.0250 3284 dmload - ok 09:02:42.0296 3284 [ 25C83FFBBA13B554EB6D59A9B2E2EE78 ] dmserver C:\WINDOWS\System32\dmserver.dll 09:02:42.0421 3284 dmserver - ok 09:02:42.0437 3284 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys 09:02:42.0578 3284 DMusic - ok 09:02:42.0625 3284 [ 407F3227AC618FD1CA54B335B083DE07 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll 09:02:42.0656 3284 Dnscache - ok 09:02:42.0687 3284 [ 676E36C4FF5BCEA1900F44182B9723E6 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll 09:02:42.0828 3284 Dot3svc - ok 09:02:42.0828 3284 dpti2o - ok 09:02:42.0859 3284 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys 09:02:43.0015 3284 drmkaud - ok 09:02:43.0062 3284 [ 8C2B6BBC82AD12CD9A2E73E5DCBBA705 ] eamon C:\WINDOWS\system32\DRIVERS\eamon.sys 09:02:43.0078 3284 eamon - ok 09:02:43.0093 3284 [ 4E4F2FDDAB0A0736D7671134DCCE91FB ] EapHost C:\WINDOWS\System32\eapsvc.dll 09:02:43.0218 3284 EapHost - ok 09:02:43.0250 3284 [ 5412ED24FFFCA64E2F0168399B86C952 ] ehdrv C:\WINDOWS\system32\DRIVERS\ehdrv.sys 09:02:43.0265 3284 ehdrv - ok 09:02:43.0359 3284 [ 5D1347AA5AE6E2F77D7F4F8372D95AC9 ] ehRecvr C:\WINDOWS\eHome\ehRecvr.exe 09:02:43.0390 3284 ehRecvr - ok 09:02:43.0437 3284 [ E774BF24A6CB798DCE67AD1C8E917152 ] ehSched C:\WINDOWS\eHome\ehSched.exe 09:02:43.0468 3284 ehSched - ok 09:02:43.0578 3284 [ AD4FAADE819E0DA9933BEA7C01D2C763 ] ekrn C:\Programme\ESET\ESET NOD32 Antivirus\ekrn.exe 09:02:43.0625 3284 ekrn - ok 09:02:43.0671 3284 [ 5AEE9EEDCFBF2B0F9DEC53C27EE722A3 ] EMSCR C:\WINDOWS\system32\DRIVERS\EMS7SK.sys 09:02:43.0703 3284 EMSCR - ok 09:02:43.0781 3284 [ CF1108161DFEDD82AE811307A3763E1C ] epfwtdir C:\WINDOWS\system32\DRIVERS\epfwtdir.sys 09:02:43.0828 3284 epfwtdir - ok 09:02:43.0859 3284 [ D68564FCFBDFC04280CDBBB37CF7EF7F ] EpmPsd C:\WINDOWS\system32\drivers\epm-psd.sys 09:02:43.0875 3284 EpmPsd ( UnsignedFile.Multi.Generic ) - warning 09:02:43.0875 3284 EpmPsd - detected UnsignedFile.Multi.Generic (1) 09:02:43.0875 3284 [ 50425CBD80468BF53BA90F0D7CC61805 ] EpmShd C:\WINDOWS\system32\drivers\epm-shd.sys 09:02:43.0906 3284 EpmShd ( UnsignedFile.Multi.Generic ) - warning 09:02:43.0906 3284 EpmShd - detected UnsignedFile.Multi.Generic (1) 09:02:43.0953 3284 [ 877C18558D70587AA7823A1A308AC96B ] ERSvc C:\WINDOWS\System32\ersvc.dll 09:02:44.0093 3284 ERSvc - ok 09:02:44.0109 3284 [ 8E56AB21D10C368029CEA57DE47D79C2 ] ESDCR C:\WINDOWS\system32\DRIVERS\ESD7SK.sys 09:02:44.0125 3284 ESDCR - ok 09:02:44.0125 3284 [ 0A58FADE5E12D3A611427292073362CB ] ESMCR C:\WINDOWS\system32\DRIVERS\ESM7SK.sys 09:02:44.0156 3284 ESMCR - ok 09:02:44.0203 3284 [ A3EDBE9053889FB24AB22492472B39DC ] Eventlog C:\WINDOWS\system32\services.exe 09:02:44.0218 3284 Eventlog - ok 09:02:44.0281 3284 [ AF4F6B5739D18CA7972AB53E091CBC74 ] EventSystem C:\WINDOWS\system32\es.dll 09:02:44.0328 3284 EventSystem - ok 09:02:44.0421 3284 [ 6A197698A141FFE7651B962AE3172008 ] EvtEng C:\Programme\Intel\Wireless\Bin\EvtEng.exe 09:02:44.0468 3284 EvtEng ( UnsignedFile.Multi.Generic ) - warning 09:02:44.0468 3284 EvtEng - detected UnsignedFile.Multi.Generic (1) 09:02:44.0515 3284 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys 09:02:44.0640 3284 Fastfat - ok 09:02:44.0671 3284 [ 2DB7D303C36DDD055215052F118E8E75 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll 09:02:44.0718 3284 FastUserSwitchingCompatibility - ok 09:02:44.0734 3284 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys 09:02:44.0843 3284 Fdc - ok 09:02:44.0859 3284 [ B0678A548587C5F1967B0D70BACAD6C1 ] Fips C:\WINDOWS\system32\drivers\Fips.sys 09:02:44.0984 3284 Fips - ok 09:02:45.0000 3284 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys 09:02:45.0109 3284 Flpydisk - ok 09:02:45.0140 3284 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys 09:02:45.0296 3284 FltMgr - ok 09:02:45.0375 3284 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe 09:02:45.0390 3284 FontCache3.0.0.0 - ok 09:02:45.0437 3284 [ CBE5F69A5E5B918225F420BA748F3742 ] FsUsbExDisk C:\WINDOWS\system32\FsUsbExDisk.SYS 09:02:45.0453 3284 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - warning 09:02:45.0453 3284 FsUsbExDisk - detected UnsignedFile.Multi.Generic (1) 09:02:45.0453 3284 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys 09:02:45.0593 3284 Fs_Rec - ok 09:02:45.0625 3284 [ 8F1955CE42E1484714B542F341647778 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys 09:02:45.0765 3284 Ftdisk - ok 09:02:45.0812 3284 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys 09:02:45.0921 3284 Gpc - ok 09:02:45.0968 3284 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe 09:02:45.0984 3284 gusvc - ok 09:02:46.0031 3284 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 09:02:46.0140 3284 HDAudBus - ok 09:02:46.0203 3284 [ CB66BF85BF599BEFD6C6A57C2E20357F ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll 09:02:46.0328 3284 helpsvc - ok 09:02:46.0343 3284 HidServ - ok 09:02:46.0375 3284 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys 09:02:46.0500 3284 HidUsb - ok 09:02:46.0531 3284 [ ED29F14101523A6E0E808107405D452C ] hkmsvc C:\WINDOWS\System32\kmsvc.dll 09:02:46.0640 3284 hkmsvc - ok 09:02:46.0656 3284 hpn - ok 09:02:46.0703 3284 [ A902A7E76C245210EEE9EF5185158E9C ] HSFHWAZL C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys 09:02:46.0734 3284 HSFHWAZL - ok 09:02:46.0781 3284 [ C9F4E7DA78A02623ABF78A4A34CE79B1 ] HSF_DPV C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys 09:02:46.0828 3284 HSF_DPV - ok 09:02:46.0875 3284 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys 09:02:46.0906 3284 HTTP - ok 09:02:46.0968 3284 [ 9E4ADB854CEBCFB81A4B36718FEECD16 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll 09:02:47.0093 3284 HTTPFilter - ok 09:02:47.0109 3284 i2omgmt - ok 09:02:47.0109 3284 i2omp - ok 09:02:47.0140 3284 [ E283B97CFBEB86C1D86BAED5F7846A92 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys 09:02:47.0265 3284 i8042prt - ok 09:02:47.0375 3284 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 09:02:47.0421 3284 idsvc - ok 09:02:47.0453 3284 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys 09:02:47.0562 3284 Imapi - ok 09:02:47.0609 3284 [ D4B413AA210C21E46AEDD2BA5B68D38E ] ImapiService C:\WINDOWS\system32\imapi.exe 09:02:47.0750 3284 ImapiService - ok 09:02:47.0750 3284 ini910u - ok 09:02:47.0953 3284 [ 909D03B3B7FB7C830B74F74F4D0EA7CE ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys 09:02:48.0187 3284 IntcAzAudAddService - ok 09:02:48.0187 3284 IntelIde - ok 09:02:48.0234 3284 [ 4C7D2750158ED6E7AD642D97BFFAE351 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys 09:02:48.0359 3284 intelppm - ok 09:02:48.0375 3284 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys 09:02:48.0500 3284 Ip6Fw - ok 09:02:48.0531 3284 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 09:02:48.0671 3284 IpFilterDriver - ok 09:02:48.0671 3284 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys 09:02:48.0796 3284 IpInIp - ok 09:02:48.0859 3284 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys 09:02:49.0000 3284 IpNat - ok 09:02:49.0015 3284 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys 09:02:49.0140 3284 IPSec - ok 09:02:49.0187 3284 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys 09:02:49.0312 3284 IRENUM - ok 09:02:49.0328 3284 [ 6DFB88F64135C525433E87648BDA30DE ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys 09:02:49.0484 3284 isapnp - ok 09:02:50.0000 3284 [ B591E761161D1EF547D76EF236EAA6A5 ] JavaQuickStarterService C:\Programme\Java\jre7\bin\jqs.exe 09:02:50.0015 3284 JavaQuickStarterService - ok 09:02:50.0031 3284 [ 1704D8C4C8807B889E43C649B478A452 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys 09:02:50.0140 3284 Kbdclass - ok 09:02:50.0171 3284 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys 09:02:50.0296 3284 kmixer - ok 09:02:50.0328 3284 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys 09:02:50.0343 3284 KSecDD - ok 09:02:50.0375 3284 [ 2BBDCB79900990F0716DFCB714E72DE7 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll 09:02:50.0421 3284 lanmanserver - ok 09:02:50.0468 3284 [ 1869B14B06B44B44AF70548E1EA3303F ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll 09:02:50.0500 3284 lanmanworkstation - ok 09:02:50.0500 3284 lbrtfdc - ok 09:02:50.0562 3284 [ 636714B7D43C8D0C80449123FD266920 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll 09:02:50.0687 3284 LmHosts - ok 09:02:50.0718 3284 [ 4A5FFDF0FE830C448830BD4B02B02B4B ] mbamchameleon C:\WINDOWS\system32\drivers\mbamchameleon.sys 09:02:50.0734 3284 mbamchameleon - ok 09:02:50.0781 3284 [ 52404CC76E9D53843BDF97564BB16BED ] McrdSvc C:\WINDOWS\ehome\mcrdsvc.exe 09:02:50.0796 3284 McrdSvc - ok 09:02:50.0859 3284 [ E246A32C445056996074A397DA56E815 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 09:02:50.0875 3284 mdmxsdk - ok 09:02:50.0890 3284 [ B7550A7107281D170CE85524B1488C98 ] Messenger C:\WINDOWS\System32\msgsvc.dll 09:02:51.0015 3284 Messenger - ok 09:02:51.0046 3284 [ DED60230E3019C508769EC3C15BCDA44 ] MHN C:\WINDOWS\System32\mhn.dll 09:02:51.0078 3284 MHN ( UnsignedFile.Multi.Generic ) - warning 09:02:51.0078 3284 MHN - detected UnsignedFile.Multi.Generic (1) 09:02:51.0093 3284 [ 7F2F1D2815A6449D346FCCCBC569FBD6 ] MHNDRV C:\WINDOWS\system32\DRIVERS\mhndrv.sys 09:02:51.0109 3284 MHNDRV ( UnsignedFile.Multi.Generic ) - warning 09:02:51.0109 3284 MHNDRV - detected UnsignedFile.Multi.Generic (1) 09:02:51.0265 3284 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe 09:02:51.0281 3284 Microsoft Office Groove Audit Service - ok 09:02:51.0328 3284 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys 09:02:51.0468 3284 mnmdd - ok 09:02:51.0515 3284 [ C2F1D365FD96791B037EE504868065D3 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe 09:02:51.0625 3284 mnmsrvc - ok 09:02:51.0656 3284 [ 6FB74EBD4EC57A6F1781DE3852CC3362 ] Modem C:\WINDOWS\system32\drivers\Modem.sys 09:02:51.0796 3284 Modem - ok 09:02:51.0828 3284 [ B24CE8005DEAB254C0251E15CB71D802 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys 09:02:51.0953 3284 Mouclass - ok 09:02:51.0984 3284 [ 66A6F73C74E1791464160A7065CE711A ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys 09:02:52.0125 3284 mouhid - ok 09:02:52.0140 3284 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys 09:02:52.0281 3284 MountMgr - ok 09:02:52.0328 3284 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe 09:02:52.0359 3284 MozillaMaintenance - ok 09:02:52.0359 3284 mraid35x - ok 09:02:52.0375 3284 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys 09:02:52.0484 3284 MRxDAV - ok 09:02:52.0546 3284 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 09:02:52.0578 3284 MRxSmb - ok 09:02:52.0640 3284 [ 35A031AF38C55F92D28AA03EE9F12CC9 ] MSDTC C:\WINDOWS\system32\msdtc.exe 09:02:52.0765 3284 MSDTC - ok 09:02:52.0781 3284 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys 09:02:52.0921 3284 Msfs - ok 09:02:52.0921 3284 MSIServer - ok 09:02:52.0953 3284 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys 09:02:53.0093 3284 MSKSSRV - ok 09:02:53.0093 3284 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys 09:02:53.0250 3284 MSPCLOCK - ok 09:02:53.0265 3284 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys 09:02:53.0406 3284 MSPQM - ok 09:02:53.0421 3284 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys 09:02:53.0546 3284 mssmbios - ok 09:02:53.0578 3284 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys 09:02:53.0703 3284 MSTEE - ok 09:02:53.0734 3284 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys 09:02:53.0750 3284 Mup - ok 09:02:53.0812 3284 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys 09:02:53.0937 3284 NABTSFEC - ok 09:02:53.0968 3284 [ 46BB15AE2AC7D025D6D2567B876817BD ] napagent C:\WINDOWS\System32\qagentrt.dll 09:02:54.0093 3284 napagent - ok 09:02:54.0109 3284 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys 09:02:54.0265 3284 NDIS - ok 09:02:54.0281 3284 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys 09:02:54.0406 3284 NdisIP - ok 09:02:54.0437 3284 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys 09:02:54.0484 3284 NdisTapi - ok 09:02:54.0531 3284 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys 09:02:54.0656 3284 Ndisuio - ok 09:02:54.0671 3284 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys 09:02:54.0796 3284 NdisWan - ok 09:02:54.0843 3284 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys 09:02:54.0875 3284 NDProxy - ok 09:02:54.0890 3284 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys 09:02:55.0015 3284 NetBIOS - ok 09:02:55.0046 3284 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys 09:02:55.0203 3284 NetBT - ok 09:02:55.0250 3284 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDE C:\WINDOWS\system32\netdde.exe 09:02:55.0390 3284 NetDDE - ok 09:02:55.0390 3284 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe 09:02:55.0515 3284 NetDDEdsdm - ok 09:02:55.0531 3284 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] Netlogon C:\WINDOWS\system32\lsass.exe 09:02:55.0640 3284 Netlogon - ok 09:02:55.0671 3284 [ E6D88F1F6745BF00B57E7855A2AB696C ] Netman C:\WINDOWS\System32\netman.dll 09:02:55.0796 3284 Netman - ok 09:02:55.0843 3284 [ 6A25F27202F3122A44A6B74EE46E7A76 ] NETMNT C:\WINDOWS\system32\DRIVERS\NETMNT.sys 09:02:55.0859 3284 NETMNT ( UnsignedFile.Multi.Generic ) - warning 09:02:55.0859 3284 NETMNT - detected UnsignedFile.Multi.Generic (1) 09:02:55.0890 3284 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 09:02:55.0921 3284 NetTcpPortSharing - ok 09:02:56.0015 3284 [ 50F5DE54E1D1646C02078F3EDDC15A8E ] NETw3x32 C:\WINDOWS\system32\DRIVERS\NETw3x32.sys 09:02:56.0093 3284 NETw3x32 - ok 09:02:56.0187 3284 [ F1B67B6B0751AE0E6E964B02821206A3 ] Nla C:\WINDOWS\System32\mswsock.dll 09:02:56.0234 3284 Nla - ok 09:02:56.0281 3284 [ D21FEE8DB254BA762656878168AC1DB6 ] NPF C:\WINDOWS\system32\drivers\npf.sys 09:02:56.0296 3284 NPF ( UnsignedFile.Multi.Generic ) - warning 09:02:56.0296 3284 NPF - detected UnsignedFile.Multi.Generic (1) 09:02:56.0328 3284 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys 09:02:56.0468 3284 Npfs - ok 09:02:56.0515 3284 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys 09:02:56.0656 3284 Ntfs - ok 09:02:56.0671 3284 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] NtLmSsp C:\WINDOWS\system32\lsass.exe 09:02:56.0812 3284 NtLmSsp - ok 09:02:56.0859 3284 [ 56AF4064996FA5BAC9C449B1514B4770 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll 09:02:57.0000 3284 NtmsSvc - ok 09:02:57.0031 3284 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys 09:02:57.0281 3284 Null - ok 09:02:57.0453 3284 [ E1B2978921351B8C21A256BC4E93034C ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 09:02:57.0593 3284 nv - ok 09:02:57.0640 3284 [ F5BB18381410676BC77BF0D612D65590 ] NVSvc C:\WINDOWS\system32\nvsvc32.exe 09:02:57.0671 3284 NVSvc - ok 09:02:57.0718 3284 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 09:02:57.0859 3284 NwlnkFlt - ok 09:02:57.0875 3284 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 09:02:58.0015 3284 NwlnkFwd - ok 09:02:58.0187 3284 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE 09:02:58.0218 3284 odserv - ok 09:02:58.0250 3284 [ 26C4A4B64D1DD8E6FDFB2F4897BE029C ] OsaFsLoc C:\WINDOWS\system32\drivers\OsaFsLoc.sys 09:02:58.0265 3284 OsaFsLoc ( UnsignedFile.Multi.Generic ) - warning 09:02:58.0265 3284 OsaFsLoc - detected UnsignedFile.Multi.Generic (1) 09:02:58.0281 3284 [ 9D1177C2A8DE936B33D85FF75E8CBF1A ] osaio C:\WINDOWS\system32\drivers\osaio.sys 09:02:58.0296 3284 osaio ( UnsignedFile.Multi.Generic ) - warning 09:02:58.0296 3284 osaio - detected UnsignedFile.Multi.Generic (1) 09:02:58.0296 3284 [ 3245BEE5176697FAF0744A2E1288DC77 ] osanbm C:\WINDOWS\system32\drivers\osanbm.sys 09:02:58.0312 3284 osanbm ( UnsignedFile.Multi.Generic ) - warning 09:02:58.0312 3284 osanbm - detected UnsignedFile.Multi.Generic (1) 09:02:58.0406 3284 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE 09:02:58.0421 3284 ose - ok 09:02:58.0453 3284 [ F84785660305B9B903FB3BCA8BA29837 ] Parport C:\WINDOWS\system32\drivers\Parport.sys 09:02:58.0640 3284 Parport - ok 09:02:58.0687 3284 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys 09:02:58.0812 3284 PartMgr - ok 09:02:58.0859 3284 [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys 09:02:59.0000 3284 ParVdm - ok 09:02:59.0000 3284 [ 387E8DEDC343AA2D1EFBC30580273ACD ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys 09:02:59.0125 3284 PCI - ok 09:02:59.0140 3284 PCIDump - ok 09:02:59.0156 3284 [ 59BA86D9A61CBCF4DF8E598C331F5B82 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys 09:02:59.0281 3284 PCIIde - ok 09:02:59.0312 3284 [ A2A966B77D61847D61A3051DF87C8C97 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys 09:02:59.0437 3284 Pcmcia - ok 09:02:59.0437 3284 PDCOMP - ok 09:02:59.0453 3284 PDFRAME - ok 09:02:59.0468 3284 PDRELI - ok 09:02:59.0484 3284 PDRFRAME - ok 09:02:59.0484 3284 perc2 - ok 09:02:59.0500 3284 perc2hib - ok 09:02:59.0531 3284 [ A3EDBE9053889FB24AB22492472B39DC ] PlugPlay C:\WINDOWS\system32\services.exe 09:02:59.0984 3284 PlugPlay - ok 09:02:59.0984 3284 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] PolicyAgent C:\WINDOWS\system32\lsass.exe 09:03:00.0140 3284 PolicyAgent - ok 09:03:00.0156 3284 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys 09:03:00.0281 3284 PptpMiniport - ok 09:03:00.0281 3284 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe 09:03:00.0406 3284 ProtectedStorage - ok 09:03:00.0437 3284 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys 09:03:00.0546 3284 PSched - ok 09:03:00.0546 3284 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys 09:03:00.0687 3284 Ptilink - ok 09:03:00.0703 3284 [ 49452BFCEC22F36A7A9B9C2181BC3042 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys 09:03:00.0718 3284 PxHelp20 - ok 09:03:00.0718 3284 ql1080 - ok 09:03:00.0734 3284 Ql10wnt - ok 09:03:00.0734 3284 ql12160 - ok 09:03:00.0734 3284 ql1240 - ok 09:03:00.0750 3284 ql1280 - ok 09:03:00.0765 3284 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys 09:03:00.0906 3284 RasAcd - ok 09:03:00.0937 3284 [ F5BA6CACCDB66C8F048E867563203246 ] RasAuto C:\WINDOWS\System32\rasauto.dll 09:03:01.0078 3284 RasAuto - ok 09:03:01.0093 3284 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 09:03:01.0265 3284 Rasl2tp - ok 09:03:01.0312 3284 [ F9A7B66EA345726EDB5862A46B1ECCD5 ] RasMan C:\WINDOWS\System32\rasmans.dll 09:03:01.0437 3284 RasMan - ok 09:03:01.0437 3284 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys 09:03:01.0562 3284 RasPppoe - ok 09:03:01.0562 3284 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys 09:03:01.0703 3284 Raspti - ok 09:03:01.0718 3284 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys 09:03:01.0859 3284 Rdbss - ok 09:03:01.0875 3284 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 09:03:02.0015 3284 RDPCDD - ok 09:03:02.0031 3284 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys 09:03:02.0171 3284 rdpdr - ok 09:03:02.0218 3284 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys 09:03:02.0250 3284 RDPWD - ok 09:03:02.0296 3284 [ 263AF18AF0F3DB99F574C95F284CCEC9 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe 09:03:02.0421 3284 RDSessMgr - ok 09:03:02.0468 3284 [ ED761D453856F795A7FE056E42C36365 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys 09:03:02.0609 3284 redbook - ok 09:03:02.0625 3284 [ D8F61AAAE73A1FBDE6F538BECC891F2F ] RegSrvc C:\Programme\Intel\Wireless\Bin\RegSrvc.exe 09:03:02.0656 3284 RegSrvc ( UnsignedFile.Multi.Generic ) - warning 09:03:02.0656 3284 RegSrvc - detected UnsignedFile.Multi.Generic (1) 09:03:02.0687 3284 [ 0E97EC96D6942CEEC2D188CC2EB69A01 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll 09:03:02.0812 3284 RemoteAccess - ok 09:03:02.0843 3284 [ E4CD1F3D84E1C2CA0B8CF7501E201593 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll 09:03:02.0984 3284 RemoteRegistry - ok 09:03:03.0015 3284 [ 67C607857CCD6EBFFE768DAD5B2CA239 ] rpcapd C:\Programme\WinPcap\rpcapd.exe 09:03:03.0031 3284 rpcapd ( UnsignedFile.Multi.Generic ) - warning 09:03:03.0031 3284 rpcapd - detected UnsignedFile.Multi.Generic (1) 09:03:03.0078 3284 [ 2A02E21867497DF20B8FC95631395169 ] RpcLocator C:\WINDOWS\system32\locator.exe 09:03:03.0218 3284 RpcLocator - ok 09:03:03.0250 3284 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] RpcSs C:\WINDOWS\system32\rpcss.dll 09:03:03.0328 3284 RpcSs - ok 09:03:03.0359 3284 [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP C:\WINDOWS\system32\rsvp.exe 09:03:03.0500 3284 RSVP - ok 09:03:03.0578 3284 [ 25F697E3AFA7B337BBCADDBCE38E6934 ] S24EventMonitor C:\Programme\Intel\Wireless\Bin\S24EvMon.exe 09:03:03.0640 3284 S24EventMonitor ( UnsignedFile.Multi.Generic ) - warning 09:03:03.0640 3284 S24EventMonitor - detected UnsignedFile.Multi.Generic (1) 09:03:03.0671 3284 [ 2862ADB14481AC28F98105FF33A99EB0 ] s24trans C:\WINDOWS\system32\DRIVERS\s24trans.sys 09:03:03.0687 3284 s24trans ( UnsignedFile.Multi.Generic ) - warning 09:03:03.0687 3284 s24trans - detected UnsignedFile.Multi.Generic (1) 09:03:03.0703 3284 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] SamSs C:\WINDOWS\system32\lsass.exe 09:03:03.0859 3284 SamSs - ok 09:03:03.0890 3284 [ DCEC079FAD95D36C8DD5CB6D779DFE32 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe 09:03:04.0015 3284 SCardSvr - ok 09:03:04.0062 3284 [ A050194A44D7FA8D7186ED2F4E8367AE ] Schedule C:\WINDOWS\system32\schedsvc.dll 09:03:04.0203 3284 Schedule - ok 09:03:04.0234 3284 [ 8D04819A3CE51B9EB47E5689B44D43C4 ] sdbus C:\WINDOWS\system32\DRIVERS\sdbus.sys 09:03:04.0359 3284 sdbus - ok 09:03:04.0406 3284 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys 09:03:04.0531 3284 Secdrv - ok 09:03:04.0562 3284 [ BEE4CFD1D48C23B44CF4B974B0B79B2B ] seclogon C:\WINDOWS\System32\seclogon.dll 09:03:04.0718 3284 seclogon - ok 09:03:04.0734 3284 [ 2AAC9B6ED9EDDFFB721D6452E34D67E3 ] SENS C:\WINDOWS\system32\sens.dll 09:03:04.0859 3284 SENS - ok 09:03:04.0906 3284 [ CF24EB4F0412C82BCD1F4F35A025E31D ] Serial C:\WINDOWS\system32\drivers\Serial.sys 09:03:05.0046 3284 Serial - ok 09:03:05.0078 3284 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\DRIVERS\sfloppy.sys 09:03:05.0203 3284 Sfloppy - ok 09:03:05.0265 3284 [ CAD058D5F8B889A87CA3EB3CF624DCEF ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll 09:03:05.0421 3284 SharedAccess - ok 09:03:05.0437 3284 [ 2DB7D303C36DDD055215052F118E8E75 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll 09:03:05.0468 3284 ShellHWDetection - ok 09:03:05.0484 3284 Simbad - ok 09:03:05.0562 3284 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Programme\Skype\Updater\Updater.exe 09:03:05.0578 3284 SkypeUpdate - ok 09:03:05.0609 3284 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys 09:03:05.0734 3284 SLIP - ok 09:03:06.0171 3284 [ F00AABD640EB432D8DEC9629D64AAF83 ] SNPSTD3 C:\WINDOWS\system32\DRIVERS\snpstd3.sys 09:03:06.0656 3284 SNPSTD3 ( UnsignedFile.Multi.Generic ) - warning 09:03:06.0656 3284 SNPSTD3 - detected UnsignedFile.Multi.Generic (1) 09:03:06.0671 3284 Sparrow - ok 09:03:06.0718 3284 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys 09:03:06.0859 3284 splitter - ok 09:03:06.0890 3284 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe 09:03:06.0937 3284 Spooler - ok 09:03:07.0015 3284 [ 0C1DAD75274CB6E31F053CE3E08BF9C3 ] sptd C:\WINDOWS\system32\Drivers\sptd.sys 09:03:07.0015 3284 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 0C1DAD75274CB6E31F053CE3E08BF9C3 09:03:07.0015 3284 sptd ( LockedFile.Multi.Generic ) - warning 09:03:07.0015 3284 sptd - detected LockedFile.Multi.Generic (1) 09:03:07.0015 3284 [ 50FA898F8C032796D3B1B9951BB5A90F ] sr C:\WINDOWS\system32\DRIVERS\sr.sys 09:03:07.0171 3284 sr - ok 09:03:07.0218 3284 [ FE77A85495065F3AD59C5C65B6C54182 ] srservice C:\WINDOWS\system32\srsvc.dll 09:03:07.0359 3284 srservice - ok 09:03:07.0375 3284 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys 09:03:07.0437 3284 Srv - ok 09:03:07.0500 3284 [ 406776FE3C2B66796BAC1A7AFB9AC8A1 ] ssadbus C:\WINDOWS\system32\DRIVERS\ssadbus.sys 09:03:07.0531 3284 ssadbus - ok 09:03:07.0562 3284 [ B19532D015A5D295E2AA34BB521202CF ] ssadmdfl C:\WINDOWS\system32\DRIVERS\ssadmdfl.sys 09:03:07.0609 3284 ssadmdfl - ok 09:03:07.0609 3284 [ 2AEBF9108E6F435458B9499C27394DA4 ] ssadmdm C:\WINDOWS\system32\DRIVERS\ssadmdm.sys 09:03:07.0640 3284 ssadmdm - ok 09:03:07.0671 3284 [ FFE42941E0326C322F40B0B79A46493C ] sscdbus C:\WINDOWS\system32\DRIVERS\sscdbus.sys 09:03:07.0687 3284 sscdbus - ok 09:03:07.0687 3284 [ A68E7D87ADFBB8C50D88CD58230C6819 ] sscdmdfl C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys 09:03:07.0703 3284 sscdmdfl - ok 09:03:07.0718 3284 [ B534B24151281856EC2F69ED3D6D60DD ] sscdmdm C:\WINDOWS\system32\DRIVERS\sscdmdm.sys 09:03:07.0734 3284 sscdmdm - ok 09:03:07.0750 3284 [ D04BD59F28C78E2E66632092CAFC0A2B ] sscdserd C:\WINDOWS\system32\DRIVERS\sscdserd.sys 09:03:07.0765 3284 sscdserd - ok 09:03:07.0781 3284 [ 4DF5B05DFAEC29E13E1ED6F6EE12C500 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll 09:03:07.0921 3284 SSDPSRV - ok 09:03:07.0968 3284 [ BC2C5985611C5356B24AEB370953DED9 ] stisvc C:\WINDOWS\system32\wiaservc.dll 09:03:08.0125 3284 stisvc - ok 09:03:08.0171 3284 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys 09:03:08.0312 3284 streamip - ok 09:03:08.0343 3284 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys 09:03:08.0468 3284 swenum - ok 09:03:08.0500 3284 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys 09:03:08.0625 3284 swmidi - ok 09:03:08.0625 3284 SwPrv - ok 09:03:08.0640 3284 symc810 - ok 09:03:08.0640 3284 symc8xx - ok 09:03:08.0640 3284 sym_hi - ok 09:03:08.0656 3284 sym_u3 - ok 09:03:08.0671 3284 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys 09:03:08.0812 3284 sysaudio - ok 09:03:08.0859 3284 [ 2903FFFA2523926D6219428040DCE6B9 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe 09:03:08.0984 3284 SysmonLog - ok 09:03:09.0015 3284 [ 05903CAC4B98908D55EA5774775B382E ] TapiSrv C:\WINDOWS\System32\tapisrv.dll 09:03:09.0156 3284 TapiSrv - ok 09:03:09.0218 3284 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys 09:03:09.0250 3284 Tcpip - ok 09:03:09.0312 3284 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys 09:03:09.0468 3284 TDPIPE - ok 09:03:09.0484 3284 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys 09:03:09.0609 3284 TDTCP - ok 09:03:09.0625 3284 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys 09:03:09.0765 3284 TermDD - ok 09:03:09.0812 3284 [ B7DE02C863D8F5A005A7BF375375A6A4 ] TermService C:\WINDOWS\System32\termsrv.dll 09:03:10.0015 3284 TermService - ok 09:03:10.0046 3284 [ 2DB7D303C36DDD055215052F118E8E75 ] Themes C:\WINDOWS\System32\shsvcs.dll 09:03:10.0062 3284 Themes - ok 09:03:10.0109 3284 [ 03681A1CE77F51586903869A5AB1DEAB ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe 09:03:10.0281 3284 TlntSvr - ok 09:03:10.0281 3284 TosIde - ok 09:03:10.0296 3284 [ 626504572B175867F30F3215C04B3E2F ] TrkWks C:\WINDOWS\system32\trkwks.dll 09:03:10.0500 3284 TrkWks - ok 09:03:10.0515 3284 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys 09:03:10.0703 3284 Udfs - ok 09:03:10.0718 3284 ultra - ok 09:03:10.0828 3284 UnlockerDriver5 - ok 09:03:10.0890 3284 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys 09:03:11.0078 3284 Update - ok 09:03:11.0093 3284 [ 1DFD8975D8C89214B98D9387C1125B49 ] upnphost C:\WINDOWS\System32\upnphost.dll 09:03:11.0234 3284 upnphost - ok 09:03:11.0250 3284 [ 9B11E6118958E63E1FEF129466E2BDA7 ] UPS C:\WINDOWS\System32\ups.exe 09:03:11.0375 3284 UPS - ok 09:03:11.0406 3284 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys 09:03:11.0593 3284 usbehci - ok 09:03:11.0625 3284 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys 09:03:11.0796 3284 usbhub - ok 09:03:11.0843 3284 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys 09:03:11.0968 3284 usbprint - ok 09:03:11.0984 3284 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys 09:03:12.0140 3284 usbscan - ok 09:03:12.0156 3284 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 09:03:12.0312 3284 USBSTOR - ok 09:03:12.0328 3284 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys 09:03:12.0468 3284 usbuhci - ok 09:03:12.0500 3284 [ E3389E42561670D112D77A431010377B ] VD_FileDisk C:\WINDOWS\system32\drivers\VD_FileDisk.sys 09:03:12.0515 3284 VD_FileDisk ( UnsignedFile.Multi.Generic ) - warning 09:03:12.0515 3284 VD_FileDisk - detected UnsignedFile.Multi.Generic (1) 09:03:12.0546 3284 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys 09:03:12.0671 3284 VgaSave - ok 09:03:12.0687 3284 ViaIde - ok 09:03:12.0734 3284 [ A5A712F4E880874A477AF790B5186E1D ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys 09:03:12.0843 3284 VolSnap - ok 09:03:12.0890 3284 [ 68F106273BE29E7B7EF8266977268E78 ] VSS C:\WINDOWS\System32\vssvc.exe 09:03:13.0015 3284 VSS - ok 09:03:13.0046 3284 [ 7B353059E665F8B7AD2BBEAEF597CF45 ] W32Time C:\WINDOWS\system32\w32time.dll 09:03:13.0171 3284 W32Time - ok 09:03:13.0203 3284 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys 09:03:13.0328 3284 Wanarp - ok 09:03:13.0406 3284 [ FD47474BD21794508AF449D9D91AF6E6 ] Wdf01000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys 09:03:13.0468 3284 Wdf01000 - ok 09:03:13.0468 3284 WDICA - ok 09:03:13.0500 3284 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys 09:03:13.0640 3284 wdmaud - ok 09:03:13.0671 3284 [ 81727C9873E3905A2FFC1EBD07265002 ] WebClient C:\WINDOWS\System32\webclnt.dll 09:03:13.0781 3284 WebClient - ok 09:03:13.0843 3284 [ C1D5CBD8AA0D674DA1BA1BB189696396 ] winachsf C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys 09:03:13.0890 3284 winachsf - ok 09:03:14.0000 3284 [ 6F3F3973D97714CC5F906A19FE883729 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll 09:03:14.0125 3284 winmgmt - ok 09:03:14.0171 3284 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll 09:03:14.0187 3284 WmdmPmSN - ok 09:03:14.0250 3284 [ FFA4D901D46D07A5BAB2D8307FBB51A6 ] Wmi C:\WINDOWS\System32\advapi32.dll 09:03:14.0296 3284 Wmi - ok 09:03:14.0359 3284 [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys 09:03:14.0515 3284 WmiAcpi - ok 09:03:14.0562 3284 [ 93908111BA57A6E60EC2FA2DE202105C ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe 09:03:14.0703 3284 WmiApSrv - ok 09:03:14.0812 3284 [ BF05650BB7DF5E9EBDD25974E22403BB ] WMPNetworkSvc C:\Programme\Windows Media Player\WMPNetwk.exe 09:03:14.0859 3284 WMPNetworkSvc - ok 09:03:14.0906 3284 [ 300B3E84FAF1A5C1F791C159BA28035D ] wscsvc C:\WINDOWS\system32\wscsvc.dll 09:03:15.0046 3284 wscsvc - ok 09:03:15.0093 3284 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS 09:03:15.0234 3284 WSTCODEC - ok 09:03:15.0265 3284 [ 7B4FE05202AA6BF9F4DFD0E6A0D8A085 ] wuauserv C:\WINDOWS\system32\wuauserv.dll 09:03:15.0390 3284 wuauserv - ok 09:03:15.0421 3284 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys 09:03:15.0468 3284 WudfPf - ok 09:03:15.0468 3284 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys 09:03:15.0500 3284 WudfRd - ok 09:03:15.0515 3284 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll 09:03:15.0546 3284 WudfSvc - ok 09:03:15.0609 3284 [ C4F109C005F6725162D2D12CA751E4A7 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll 09:03:15.0734 3284 WZCSVC - ok 09:03:15.0750 3284 [ 0ADA34871A2E1CD2CAAFED1237A47750 ] xmlprov C:\WINDOWS\System32\xmlprov.dll 09:03:15.0906 3284 xmlprov - ok 09:03:15.0921 3284 ================ Scan global =============================== 09:03:15.0953 3284 [ 2C60091CA5F67C3032EAB3B30390C27F ] C:\WINDOWS\system32\basesrv.dll 09:03:15.0984 3284 [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll 09:03:16.0000 3284 [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll 09:03:16.0031 3284 [ A3EDBE9053889FB24AB22492472B39DC ] C:\WINDOWS\system32\services.exe 09:03:16.0031 3284 [Global] - ok 09:03:16.0046 3284 ================ Scan MBR ================================== 09:03:16.0062 3284 [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk0\DR0 09:03:16.0328 3284 \Device\Harddisk0\DR0 - ok 09:03:16.0328 3284 ================ Scan VBR ================================== 09:03:16.0328 3284 [ 68A4404DCFC86125E5D9374FAAE41C5C ] \Device\Harddisk0\DR0\Partition1 09:03:16.0328 3284 \Device\Harddisk0\DR0\Partition1 - ok 09:03:16.0359 3284 [ 04E939E0E19C30E97AFF97462D9ACFCC ] \Device\Harddisk0\DR0\Partition2 09:03:16.0359 3284 \Device\Harddisk0\DR0\Partition2 - ok 09:03:16.0359 3284 ============================================================ 09:03:16.0359 3284 Scan finished 09:03:16.0359 3284 ============================================================ 09:03:16.0468 2296 Detected object count: 20 09:03:16.0468 2296 Actual detected object count: 20 09:04:14.0609 2296 C:\WINDOWS\system32\DRIVERS\AegisP.sys - copied to quarantine 09:04:14.0609 2296 HKLM\SYSTEM\ControlSet001\services\AegisP - will be deleted on reboot 09:04:14.0625 2296 HKLM\SYSTEM\ControlSet003\services\AegisP - will be deleted on reboot 09:04:14.0671 2296 C:\WINDOWS\system32\DRIVERS\AegisP.sys - will be deleted on reboot 09:04:14.0671 2296 AegisP ( UnsignedFile.Multi.Generic ) - User select action: Delete 09:04:14.0843 2296 C:\Acer\Empowering Technology\admServ.exe - copied to quarantine 09:04:14.0843 2296 HKLM\SYSTEM\ControlSet001\services\AWService - will be deleted on reboot 09:04:14.0859 2296 HKLM\SYSTEM\ControlSet003\services\AWService - will be deleted on reboot 09:04:14.0859 2296 C:\Acer\Empowering Technology\admServ.exe - will be deleted on reboot 09:04:14.0859 2296 AWService ( UnsignedFile.Multi.Generic ) - User select action: Delete 09:04:14.0875 2296 C:\WINDOWS\system32\drivers\epm-psd.sys - copied to quarantine 09:04:14.0875 2296 HKLM\SYSTEM\ControlSet001\services\EpmPsd - will be deleted on reboot 09:04:14.0875 2296 HKLM\SYSTEM\ControlSet003\services\EpmPsd - will be deleted on reboot 09:04:14.0890 2296 C:\WINDOWS\system32\drivers\epm-psd.sys - will be deleted on reboot 09:04:14.0890 2296 EpmPsd ( UnsignedFile.Multi.Generic ) - User select action: Delete 09:04:14.0984 2296 C:\WINDOWS\system32\drivers\epm-shd.sys - copied to quarantine 09:04:14.0984 2296 HKLM\SYSTEM\ControlSet001\services\EpmShd - will be deleted on reboot 09:04:14.0984 2296 HKLM\SYSTEM\ControlSet003\services\EpmShd - will be deleted on reboot 09:04:14.0984 2296 C:\WINDOWS\system32\drivers\epm-shd.sys - will be deleted on reboot 09:04:14.0984 2296 EpmShd ( UnsignedFile.Multi.Generic ) - User select action: Delete 09:04:15.0031 2296 C:\Programme\Intel\Wireless\Bin\EvtEng.exe - copied to quarantine 09:04:15.0031 2296 HKLM\SYSTEM\ControlSet001\services\EvtEng - will be deleted on reboot 09:04:15.0046 2296 HKLM\SYSTEM\ControlSet003\services\EvtEng - will be deleted on reboot 09:04:15.0046 2296 C:\Programme\Intel\Wireless\Bin\EvtEng.exe - will be deleted on reboot 09:04:15.0046 2296 EvtEng ( UnsignedFile.Multi.Generic ) - User select action: Delete 09:04:15.0140 2296 C:\WINDOWS\system32\FsUsbExDisk.SYS - copied to quarantine 09:04:15.0140 2296 HKLM\SYSTEM\ControlSet001\services\FsUsbExDisk - will be deleted on reboot 09:04:15.0140 2296 HKLM\SYSTEM\ControlSet003\services\FsUsbExDisk - will be deleted on reboot 09:04:15.0140 2296 C:\WINDOWS\system32\FsUsbExDisk.SYS - will be deleted on reboot 09:04:15.0140 2296 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - User select action: Delete 09:04:15.0171 2296 C:\WINDOWS\System32\mhn.dll - copied to quarantine 09:04:15.0171 2296 HKLM\SYSTEM\ControlSet001\services\MHN - will be deleted on reboot 09:04:15.0171 2296 HKLM\SYSTEM\ControlSet003\services\MHN - will be deleted on reboot 09:04:15.0171 2296 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\svchost:netsvcs - will be cured on reboot 09:04:15.0187 2296 C:\WINDOWS\System32\mhn.dll - will be deleted on reboot 09:04:15.0187 2296 MHN ( UnsignedFile.Multi.Generic ) - User select action: Delete 09:04:15.0203 2296 C:\WINDOWS\system32\DRIVERS\mhndrv.sys - copied to quarantine 09:04:15.0203 2296 HKLM\SYSTEM\ControlSet001\services\MHNDRV - will be deleted on reboot 09:04:15.0203 2296 HKLM\SYSTEM\ControlSet003\services\MHNDRV - will be deleted on reboot 09:04:15.0203 2296 C:\WINDOWS\system32\DRIVERS\mhndrv.sys - will be deleted on reboot 09:04:15.0203 2296 MHNDRV ( UnsignedFile.Multi.Generic ) - User select action: Delete 09:04:15.0281 2296 C:\WINDOWS\system32\DRIVERS\NETMNT.sys - copied to quarantine 09:04:15.0281 2296 HKLM\SYSTEM\ControlSet001\services\NETMNT - will be deleted on reboot 09:04:15.0281 2296 HKLM\SYSTEM\ControlSet003\services\NETMNT - will be deleted on reboot 09:04:15.0281 2296 C:\WINDOWS\system32\DRIVERS\NETMNT.sys - will be deleted on reboot 09:04:15.0281 2296 NETMNT ( UnsignedFile.Multi.Generic ) - User select action: Delete 09:04:15.0296 2296 C:\WINDOWS\system32\drivers\npf.sys - copied to quarantine 09:04:15.0296 2296 HKLM\SYSTEM\ControlSet001\services\NPF - will be deleted on reboot 09:04:15.0296 2296 HKLM\SYSTEM\ControlSet003\services\NPF - will be deleted on reboot 09:04:15.0296 2296 C:\WINDOWS\system32\drivers\npf.sys - will be deleted on reboot 09:04:15.0296 2296 NPF ( UnsignedFile.Multi.Generic ) - User select action: Delete 09:04:15.0375 2296 C:\WINDOWS\system32\drivers\OsaFsLoc.sys - copied to quarantine 09:04:15.0375 2296 HKLM\SYSTEM\ControlSet001\services\OsaFsLoc - will be deleted on reboot 09:04:15.0375 2296 HKLM\SYSTEM\ControlSet003\services\OsaFsLoc - will be deleted on reboot 09:04:15.0375 2296 C:\WINDOWS\system32\drivers\OsaFsLoc.sys - will be deleted on reboot 09:04:15.0375 2296 OsaFsLoc ( UnsignedFile.Multi.Generic ) - User select action: Delete 09:04:15.0421 2296 C:\WINDOWS\system32\drivers\osaio.sys - copied to quarantine 09:04:15.0421 2296 HKLM\SYSTEM\ControlSet001\services\osaio - will be deleted on reboot 09:04:15.0421 2296 HKLM\SYSTEM\ControlSet003\services\osaio - will be deleted on reboot 09:04:15.0421 2296 C:\WINDOWS\system32\drivers\osaio.sys - will be deleted on reboot 09:04:15.0421 2296 osaio ( UnsignedFile.Multi.Generic ) - User select action: Delete 09:04:15.0468 2296 C:\WINDOWS\system32\drivers\osanbm.sys - copied to quarantine 09:04:15.0468 2296 HKLM\SYSTEM\ControlSet001\services\osanbm - will be deleted on reboot 09:04:15.0468 2296 HKLM\SYSTEM\ControlSet003\services\osanbm - will be deleted on reboot 09:04:15.0468 2296 C:\WINDOWS\system32\drivers\osanbm.sys - will be deleted on reboot 09:04:15.0468 2296 osanbm ( UnsignedFile.Multi.Generic ) - User select action: Delete 09:04:15.0515 2296 C:\Programme\Intel\Wireless\Bin\RegSrvc.exe - copied to quarantine 09:04:15.0515 2296 HKLM\SYSTEM\ControlSet001\services\RegSrvc - will be deleted on reboot 09:04:15.0515 2296 HKLM\SYSTEM\ControlSet003\services\RegSrvc - will be deleted on reboot 09:04:15.0531 2296 C:\Programme\Intel\Wireless\Bin\RegSrvc.exe - will be deleted on reboot 09:04:15.0531 2296 RegSrvc ( UnsignedFile.Multi.Generic ) - User select action: Delete 09:04:15.0593 2296 C:\Programme\WinPcap\rpcapd.exe - copied to quarantine 09:04:15.0609 2296 HKLM\SYSTEM\ControlSet001\services\rpcapd - will be deleted on reboot 09:04:15.0609 2296 HKLM\SYSTEM\ControlSet003\services\rpcapd - will be deleted on reboot 09:04:15.0609 2296 C:\Programme\WinPcap\rpcapd.exe - will be deleted on reboot 09:04:15.0609 2296 rpcapd ( UnsignedFile.Multi.Generic ) - User select action: Delete 09:04:15.0703 2296 C:\Programme\Intel\Wireless\Bin\S24EvMon.exe - copied to quarantine 09:04:15.0703 2296 HKLM\SYSTEM\ControlSet001\services\S24EventMonitor - will be deleted on reboot 09:04:15.0703 2296 HKLM\SYSTEM\ControlSet003\services\S24EventMonitor - will be deleted on reboot 09:04:15.0703 2296 C:\Programme\Intel\Wireless\Bin\S24EvMon.exe - will be deleted on reboot 09:04:15.0703 2296 S24EventMonitor ( UnsignedFile.Multi.Generic ) - User select action: Delete 09:04:15.0796 2296 C:\WINDOWS\system32\DRIVERS\s24trans.sys - copied to quarantine 09:04:15.0796 2296 HKLM\SYSTEM\ControlSet001\services\s24trans - will be deleted on reboot 09:04:15.0796 2296 HKLM\SYSTEM\ControlSet003\services\s24trans - will be deleted on reboot 09:04:15.0796 2296 C:\WINDOWS\system32\DRIVERS\s24trans.sys - will be deleted on reboot 09:04:15.0796 2296 s24trans ( UnsignedFile.Multi.Generic ) - User select action: Delete 09:04:16.0562 2296 C:\WINDOWS\system32\DRIVERS\snpstd3.sys - copied to quarantine 09:04:16.0562 2296 HKLM\SYSTEM\ControlSet001\services\SNPSTD3 - will be deleted on reboot 09:04:16.0562 2296 HKLM\SYSTEM\ControlSet003\services\SNPSTD3 - will be deleted on reboot 09:04:16.0562 2296 C:\WINDOWS\system32\DRIVERS\snpstd3.sys - will be deleted on reboot 09:04:16.0562 2296 SNPSTD3 ( UnsignedFile.Multi.Generic ) - User select action: Delete 09:04:16.0671 2296 C:\WINDOWS\system32\Drivers\sptd.sys - copied to quarantine 09:04:16.0671 2296 HKLM\SYSTEM\ControlSet001\services\sptd - will be deleted on reboot 09:04:16.0671 2296 HKLM\SYSTEM\ControlSet002\services\sptd - will be deleted on reboot 09:04:16.0671 2296 HKLM\SYSTEM\ControlSet003\services\sptd - will be deleted on reboot 09:04:16.0687 2296 C:\WINDOWS\system32\Drivers\sptd.sys - will be deleted on reboot 09:04:16.0687 2296 sptd ( LockedFile.Multi.Generic ) - User select action: Delete 09:04:16.0812 2296 C:\WINDOWS\system32\drivers\VD_FileDisk.sys - copied to quarantine 09:04:16.0812 2296 HKLM\SYSTEM\ControlSet001\services\VD_FileDisk - will be deleted on reboot 09:04:16.0812 2296 HKLM\SYSTEM\ControlSet002\services\VD_FileDisk - will be deleted on reboot 09:04:16.0812 2296 HKLM\SYSTEM\ControlSet003\services\VD_FileDisk - will be deleted on reboot 09:04:16.0812 2296 C:\WINDOWS\system32\drivers\VD_FileDisk.sys - will be deleted on reboot 09:04:16.0812 2296 VD_FileDisk ( UnsignedFile.Multi.Generic ) - User select action: Delete 09:04:34.0296 0420 Deinitialize success |
15.11.2012, 21:27 | #8 |
/// Helfer-Team | GMX warnt: Hacker haben Zugriff auf Ihr GMX Postfach Entferne das WLAN (samt Treibern) aus dem GereateManager, dann neustarten. |
15.11.2012, 21:41 | #9 |
| GMX warnt: Hacker haben Zugriff auf Ihr GMX Postfach Ich habe den Treiber aus dem Gerätemanager gelöscht und dann neugestartet, wurde neuinstalliert, aber es kann keine Verbindung mehr hergestellt werden! Handelt sich um Wireless 3945ABG. Ich krieg zwar eine Verbindung, aber unter Netzwerkstatus ist alles komplett leer. Keine Adresstyp, IP-Adresse usw. Scheint eher ein Fehler zu sein. Intel Wireless zeigt zwar eine erfolgreiche Verbindung, aber ich sehe den WLAN Adapter nicht unter: ipconfig /all. Nachtrag: Das Problem liegt am DHCP Server. Ich bekomme keine IP mehr. Ich vermute TDSS Killer hat da was wichtiges entfernt! Nachtrag 2: So nach dem ich das gefühlte 10. Mal auf reparrieren der WLAN Verbindung gegangen bin, klappt wieder alles. Somit kann es weiter gehen! Geändert von kks (15.11.2012 um 21:59 Uhr) |
17.11.2012, 00:10 | #10 |
/// Helfer-Team | GMX warnt: Hacker haben Zugriff auf Ihr GMX Postfach Bitte mal ausfuehren: http://www.trojaner-board.de/72874-s...eparieren.html Danach: - neustarten danach: Malware-Scan mit Emsisoft Anti-Malware Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm. Lade über Jetzt Updaten die aktuellen Signaturen herunter. Wähle den Freeware-Modus aus. Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers. Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten. Anleitung: http://www.trojaner-board.de/103809-...i-malware.html |
18.11.2012, 07:25 | #11 |
| GMX warnt: Hacker haben Zugriff auf Ihr GMX Postfach Emsisoft Log: Code:
ATTFilter Emsisoft Anti-Malware - Version 7.0 Letztes Update: 17.11.2012 22:27:22 Scan Einstellungen: Scan Methode: Detail Scan Objekte: Rootkits, Speicher, Traces, C:\, D:\ Riskware-Erkennung: Aus Archiv Scan: An ADS Scan: An Dateitypen-Filter: Aus Erweitertes Caching: An Direkter Festplattenzugriff: Aus Scan Beginn: 17.11.2012 22:29:58 D:\Eigene Dateien\Security\DecryptHelper-0.5.3.exe gefunden: Trojan.Win32.Agent.AMN (A) Gescannt 436570 Gefunden 1 Scan Ende: 18.11.2012 06:11:40 Scan Zeit: 7:41:43 |
18.11.2012, 12:11 | #12 |
/// Helfer-Team | GMX warnt: Hacker haben Zugriff auf Ihr GMX Postfach Sehr gut! Deinstalliere: Emsisoft Anti-Malware ESET Online Scanner Vorbereitung
|
19.11.2012, 07:54 | #13 |
| GMX warnt: Hacker haben Zugriff auf Ihr GMX Postfach Eset log: Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=2f4f22a7857e06489364f53ccf755955 # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-11-19 05:08:33 # local_time=2012-11-19 06:08:33 (+0100, Westeuropäische Normalzeit) # country="Germany" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=512 16777215 100 0 28426117 28426117 0 0 # compatibility_mode=8204 39157157 100 92 27018 22143095 0 0 # scanned=244663 # found=3 # cleaned=3 # scan_time=34610 # nod_component=V3 Build:0x30000000 G:\Backup\Eigene Dateien\Downloads\ag_mp3_plugin_setup.exe a variant of Win32/Toolbar.Widgi application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C G:\Backup\Eigene Dateien\Downloads\YouTubeDownloaderSetup33.exe a variant of Win32/Toolbar.Widgi application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C G:\Backup\Software\ICQ\icq_6.5_build_1042_banner_remover.zip Win32/Adware.ADON application (deleted - quarantined) 00000000000000000000000000000000 C |
19.11.2012, 15:39 | #14 |
/// Helfer-Team | GMX warnt: Hacker haben Zugriff auf Ihr GMX Postfach Java aktualisieren Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
Dann so einstellen: http://www.trojaner-board.de/105213-...tellungen.html Danach poste (kopieren und einfuegen) mir, was du hier angezeigt bekommst: PluginCheck Java deaktivieren Aufgrund derezeitigen Sicherheitsluecke: http://www.trojaner-board.de/122961-...ktivieren.html Danach poste mir (kopieren und einfuegen), was du hier angezeigt bekommst: PluginCheck |
19.11.2012, 17:50 | #15 |
| GMX warnt: Hacker haben Zugriff auf Ihr GMX Postfach Java war bereits aktuell. Plugin check Java an: Code:
ATTFilter Firefox 16.0 ist aktuell Flash (11,5,502,110) ist aktuell. Java (1,7,0,9) ist aktuell. Adobe Reader 10,1,4,38 ist veraltet! Aktualisieren Sie bitte auf die neueste Version: 11.0 Code:
ATTFilter Firefox 16.0 ist aktuell Flash (11,5,502,110) ist aktuell. Java ist Installiert aber nicht aktiviert. Adobe Reader 10,1,4,38 ist veraltet! Aktualisieren Sie bitte auf die neueste Version: 11.0 |
Themen zu GMX warnt: Hacker haben Zugriff auf Ihr GMX Postfach |
accounts, ernst, festgestellt, geändert, gmx, hacker, hacker haben zugriff auf ihr gmx postfach, irgendetwas, konnte, kurzem, lieber, malware, melde, melden, passwort, postfach, sicherheit, sicherheitsexperten, sofort, telefon, unbefugte, warnt, zugriff |