| |
| |||||||
Log-Analyse und Auswertung: Verdacht auf KeyloggerWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
25.02.2014, 18:19
| #1 |
| |  Verdacht auf Keylogger Hallo, ich hatte vor gut 2 Tagen einen Grafikfehler auf dem oberen Teil eines meiner Bildschirme. Hatte bisl was von Matrix. Hab das per Systemwiderherrstelluing behoben. Heute bekomme ich eine e.mail von einem Forum in dem ich aktiv war. Ich wollte meinen account recovern - man schrieb mir folgendes: "Your computer has been keylogged. Please follow the steps in this guide to clean your computer before submitting a new request:" Da brach natürlich sofort die Panik aus. Hab spybot S&D drüberlaufen lassen und führe gerade den ESET Online Scanner aus. Search results from Spybot - Search & Destroy 25/02/2014 17:57:13 Scan took 00:00:01. 11 items found. Error: Service check: the Services.sbs file is missing. Please use the update to get a new copy! FastClick: Tracking cookie (Internet Explorer (User): Daniel) (Browser: Cookie, nothing done) DoubleClick: Tracking cookie (Internet Explorer (User): Daniel) (Browser: Cookie, nothing done) MediaPlex: Tracking cookie (Internet Explorer (User): Daniel) (Browser: Cookie, nothing done) WebTrends live: Tracking cookie (Internet Explorer (User): Daniel) (Browser: Cookie, nothing done) Right Media: Tracking cookie (Internet Explorer (User): Daniel) (Browser: Cookie, nothing done) DoubleClick: Tracking cookie (Firefox: Daniel (default)) (Browser: Cookie, nothing done) DoubleClick: Tracking cookie (Firefox: Daniel (default)) (Browser: Cookie, nothing done) WebTrends live: Tracking cookie (Firefox: Daniel (default)) (Browser: Cookie, nothing done) Clickbank: Tracking cookie (Firefox: Daniel (default)) (Browser: Cookie, nothing done) Clickbank: Tracking cookie (Firefox: Daniel (default)) (Browser: Cookie, nothing done) Statcounter: Tracking cookie (Firefox: Daniel (default)) (Browser: Cookie, nothing done) --- Spybot - Search & Destroy version: 2.1.18.131 DLL (build: 20130516) --- 2013-09-20 blindman.exe (2.2.18.151) 2013-09-20 explorer.exe (2.2.18.177) 2013-09-20 SDBootCD.exe (2.2.18.109) 2013-09-20 SDCleaner.exe (2.2.18.110) 2013-09-20 SDDelFile.exe (2.2.18.94) 2013-09-20 SDFiles.exe (2.2.18.135) 2013-09-20 SDFileScanHelper.exe (2.2.16.1) 2013-10-15 SDFSSvc.exe (2.2.25.211) 2013-10-10 SDHookHelper.exe (2.3.30.2) 2013-10-10 SDHookInst32.exe (2.3.30.2) 2013-10-10 SDHookInst64.exe (2.3.30.2) 2013-09-20 SDImmunize.exe (2.2.18.130) 2013-05-16 SDLogReport.exe (2.1.18.107) 2013-10-14 SDOnAccess.exe (2.2.25.4) 2013-09-20 SDPESetup.exe (2.2.18.3) 2013-09-20 SDPEStart.exe (2.2.18.86) 2013-09-20 SDPhoneScan.exe (2.2.18.28) 2013-09-20 SDPRE.exe (2.2.18.22) 2013-09-20 SDPrepPos.exe (2.2.18.10) 2013-09-20 SDQuarantine.exe (2.2.18.103) 2013-09-20 SDRootAlyzer.exe (2.2.18.116) 2013-09-20 SDSBIEdit.exe (2.2.18.39) 2013-09-20 SDScan.exe (2.2.18.177) 2013-09-20 SDScript.exe (2.2.18.53) 2013-10-15 SDSettings.exe (2.2.25.138) 2013-09-20 SDShell.exe (2.2.18.2) 2013-09-20 SDShred.exe (2.2.18.107) 2013-09-20 SDSysRepair.exe (2.2.18.101) 2013-09-20 SDTools.exe (2.2.18.150) 2013-07-25 SDTray.exe (2.1.21.129) 2013-09-20 SDUpdate.exe (2.2.18.91) 2013-09-20 SDUpdSvc.exe (2.2.18.76) 2013-09-20 SDWelcome.exe (2.2.21.129) 2013-09-13 SDWSCSvc.exe (2.2.22.2) 2014-02-25 unins000.exe (51.1052.0.0) 1999-12-02 xcacls.exe 2012-08-23 borlndmm.dll (10.0.2288.42451) 2012-09-05 DelZip190.dll (1.9.0.107) 2012-09-10 libeay32.dll (1.0.0.4) 2012-09-10 libssl32.dll (1.0.0.4) 2013-05-16 SDAdvancedCheckLibrary.dll (2.1.18.98) 2013-05-16 SDAV.dll 2013-05-16 SDECon32.dll (2.1.18.113) 2013-05-16 SDECon64.dll (2.1.18.113) 2013-04-05 SDEvents.dll (2.1.16.2) 2013-10-14 SDFileScanLibrary.dll (2.2.25.14) 2013-10-10 SDHook32.dll (2.3.30.2) 2013-10-10 SDHook64.dll (2.3.30.2) 2013-05-16 SDImmunizeLibrary.dll (2.1.18.2) 2013-05-16 SDLicense.dll (2.1.18.0) 2013-05-16 SDLists.dll (2.1.18.4) 2013-05-16 SDResources.dll (2.1.18.7) 2013-05-16 SDScanLibrary.dll (2.1.18.131) 2013-05-16 SDTasks.dll (2.1.18.15) 2013-05-16 SDWinLogon.dll (2.1.18.0) 2012-08-23 sqlite3.dll 2012-09-10 ssleay32.dll (1.0.0.4) 2013-05-16 Tools.dll (2.1.18.36) 2010-08-13 Includes\Cookies.sbi (*) Eset log: ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=2b00e6190e394d4fb60841a2cbc374ce # engine=17220 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2014-02-25 05:07:52 # local_time=2014-02-25 07:07:52 (+0200, Osteuropäische Zeit) # country="United Kingdom" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=1286 16777214 100 98 16791 48114394 0 0 # compatibility_mode=5893 16776573 100 94 3129 144977922 0 0 # scanned=453213 # found=0 # cleaned=0 # scan_time=2452 |
|
25.02.2014, 18:42
| #2 |
| /// the machine /// TB-Ausbilder    | Verdacht auf Keylogger hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
27.02.2014, 17:27
| #3 |
| | Verdacht auf Keylogger FRST Logfile:
__________________FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-02-2014
Ran by Daniel (administrator) on DANIEL-PC on 26-02-2014 12:41:35
Running from E:\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\system32\atiesrxx.exe
(SANDBOXIE L.T.D) C:\Program Files\Sandboxie\SbieSvc.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(TrueCrypt Foundation) C:\Program Files\TrueCrypt\TrueCrypt.exe
(PostgreSQL Global Development Group) c:\postgreSQL\bin\pg_ctl.exe
(SANDBOXIE L.T.D) C:\Program Files\Sandboxie\SbieCtrl.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Windows Net) C:\Users\Daniel\AppData\Roaming\Windows Net Data\net.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(PostgreSQL Global Development Group) c:\postgreSQL\bin\postgres.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(PostgreSQL Global Development Group) c:\postgreSQL\bin\postgres.exe
(PostgreSQL Global Development Group) c:\postgreSQL\bin\postgres.exe
(PostgreSQL Global Development Group) c:\postgreSQL\bin\postgres.exe
(PostgreSQL Global Development Group) c:\postgreSQL\bin\postgres.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\system32\wbem\WMIADAP.EXE
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13307496 2011-10-17] (Realtek Semiconductor)
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-27] (Intel Corporation)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [285240 2012-09-01] (Intel Corporation)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-28] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [AVP] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2013-10-10] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [SDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe [301568 2013-06-28] (Microsoft Corporation)
HKU\S-1-5-21-1504840579-1310169788-1092373784-1000\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKU\S-1-5-21-1504840579-1310169788-1092373784-1000\...\Run: [TrueCrypt] - C:\Program Files\TrueCrypt\TrueCrypt.exe [1516496 2013-06-27] (TrueCrypt Foundation)
HKU\S-1-5-21-1504840579-1310169788-1092373784-1000\...\Run: [SandboxieControl] - C:\Program Files\Sandboxie\SbieCtrl.exe [765200 2012-12-16] (SANDBOXIE L.T.D)
HKU\S-1-5-21-1504840579-1310169788-1092373784-1000\...\Run: [Steam] - C:\Program Files (x86)\Steam\steam.exe [1822400 2014-02-20] (Valve Corporation)
HKU\S-1-5-21-1504840579-1310169788-1092373784-1000\...\Run: [RESTART_STICKY_NOTES] - C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-1504840579-1310169788-1092373784-1000\...\Policies\Explorer: [DisallowRun] 1
Startup: C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\net.lnk
ShortcutTarget: net.lnk -> C:\Users\Daniel\AppData\Roaming\Windows Net Data\net.exe (Windows Net)
Startup: C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://uk.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xA900A69EC272CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.giga.de/androidnews/
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=horus
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=horus
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\li9zafxd.default
FF user.js: detected! => C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\li9zafxd.default\user.js
FF Homepage: about:home|hxxp://www.giga.de/androidnews/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Amazon-Icon - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\li9zafxd.default\Extensions\amazon-icon@giga.de [2013-12-26]
FF Extension: Spartipps von SparPilot.com - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\li9zafxd.default\Extensions\sparpilot@sparpilot.com [2013-12-26]
FF Extension: Element Hiding Helper for Adblock Plus - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\li9zafxd.default\Extensions\elemhidehelper@adblockplus.org.xpi [2013-12-22]
FF Extension: Adblock Plus - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\li9zafxd.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-06-27]
FF HKLM-x32\...\Firefox\Extensions: - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2013-06-27]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2013-06-27]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com
FF Extension: Content Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2013-06-27]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2013-06-27]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2013-06-27]
Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\pdf.dll ()
CHR Plugin: (Winamp Application Detector) - C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll (Nullsoft, Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Java(TM) Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Extension: (Google Docs) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-16]
CHR Extension: (Google Drive) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-16]
CHR Extension: (YouTube) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-16]
CHR Extension: (Google-Suche) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-16]
CHR Extension: (Kaspersky URL Advisor) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2014-01-16]
CHR Extension: (Safe Money) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh [2014-01-16]
CHR Extension: (Virtuelle Tastatur) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh [2014-01-16]
CHR Extension: (Amazon-Icon) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkcedibhemacmilmkpndpkoidlnmgngg [2014-01-16]
CHR Extension: (Google Wallet) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-16]
CHR Extension: (Google Mail) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-16]
CHR Extension: (Anti-Banner) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2014-01-16]
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\urladvisor.crx [2012-08-18]
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\online_banking_chrome.crx [2012-08-18]
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\content_blocker_chrome.crx [2012-08-18]
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\virtkbd.crx [2012-08-18]
CHR HKLM-x32\...\Chrome\Extension: [mkcedibhemacmilmkpndpkoidlnmgngg] - C:\Users\Daniel\ChromeExtensions\mkcedibhemacmilmkpndpkoidlnmgngg\amazon.crx [2013-12-26]
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\ab.crx [2012-08-18]
==================== Services (Whitelisted) =================
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2013-10-10] (Kaspersky Lab ZAO)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-07-05] (Intel Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [149032 2012-08-16] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-08-21] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 OpenVPNService; E:\Programme\HMA! Pro VPN\bin\openvpnserv.exe [37176 2013-11-21] (The OpenVPN Project)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2013-12-29] ()
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [123664 2012-12-16] (SANDBOXIE L.T.D)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
R2 postgresql-8.4; c:/postgreSQL/bin/pg_ctl.exe runservice -N "postgresql-8.4" -D "c:/postgreSQL/data" -w [X]
==================== Drivers (Whitelisted) ====================
R0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [49760 2011-09-21] (Asmedia Technology)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28216 2012-09-01] (Intel Corporation)
R3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [20968 2012-08-16] ()
R3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [19944 2012-08-16] ()
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46016 2012-08-16] ()
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2013-12-11] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [626272 2013-10-10] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-12-11] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2013-10-10] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-10] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2013-06-27] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178448 2013-06-27] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [202632 2012-12-16] (SANDBOXIE L.T.D)
R3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2014-02-26] ()
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [90208 2013-06-27] (Kaspersky Lab ZAO)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-02-26 12:41 - 2014-02-26 12:41 - 00000000 ____D () C:\FRST
2014-02-26 12:38 - 2014-02-26 12:41 - 00015045 _____ () C:\Users\Daniel\Desktop\Neues Textdokument.txt
2014-02-25 19:40 - 2014-02-25 19:40 - 00001113 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-02-25 19:40 - 2014-02-25 19:40 - 00000000 ____D () C:\Users\Daniel\AppData\Roaming\Malwarebytes
2014-02-25 19:40 - 2014-02-25 19:40 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-25 19:40 - 2014-02-25 19:40 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-25 19:40 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-02-25 19:38 - 2014-02-26 12:36 - 00000168 _____ () C:\Windows\setupact.log
2014-02-25 19:38 - 2014-02-25 19:38 - 00000000 _____ () C:\Windows\setuperr.log
2014-02-25 17:56 - 2014-02-26 00:53 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-02-25 17:56 - 2014-02-25 17:56 - 00001383 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-02-25 17:56 - 2014-02-25 17:56 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-02-25 17:56 - 2014-02-25 17:56 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-02-25 17:56 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2014-02-24 14:28 - 2014-02-24 14:28 - 00000000 ____D () C:\ProgramData\Oracle
2014-02-23 12:12 - 2014-02-26 12:36 - 00094656 _____ (CACE Technologies) C:\Windows\system32\WPRO_41_2001woem.tmp
2014-02-15 02:19 - 2014-02-25 18:54 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-14 14:57 - 2014-02-14 14:57 - 00045702 _____ () C:\Users\Daniel\Desktop\_PokerStrategy com Freelancer TC 23.08.13.odt
2014-02-13 03:00 - 2014-02-06 14:16 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-13 03:00 - 2014-02-06 13:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-13 03:00 - 2014-02-06 13:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-13 03:00 - 2014-02-06 13:12 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-13 03:00 - 2014-02-06 13:07 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-13 03:00 - 2014-02-06 13:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-13 03:00 - 2014-02-06 12:57 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-13 03:00 - 2014-02-06 12:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-13 03:00 - 2014-02-06 12:52 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-13 03:00 - 2014-02-06 12:49 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-13 03:00 - 2014-02-06 12:48 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-13 03:00 - 2014-02-06 12:48 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-13 03:00 - 2014-02-06 12:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-13 03:00 - 2014-02-06 12:32 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-13 03:00 - 2014-02-06 12:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-13 03:00 - 2014-02-06 12:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-13 03:00 - 2014-02-06 12:11 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-13 03:00 - 2014-02-06 12:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-13 03:00 - 2014-02-06 12:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-13 03:00 - 2014-02-06 11:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-13 03:00 - 2014-02-06 11:57 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-13 03:00 - 2014-02-06 11:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-13 03:00 - 2014-02-06 11:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-13 03:00 - 2014-02-06 11:50 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-13 03:00 - 2014-02-06 11:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-13 03:00 - 2014-02-06 11:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-13 03:00 - 2014-02-06 11:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-13 03:00 - 2014-02-06 11:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-13 03:00 - 2014-02-06 11:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-13 03:00 - 2014-02-06 11:24 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-13 03:00 - 2014-02-06 11:22 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-13 03:00 - 2014-02-06 11:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-13 03:00 - 2014-02-06 11:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-13 03:00 - 2014-02-06 11:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-13 03:00 - 2014-02-06 10:55 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-13 03:00 - 2014-02-06 10:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-13 03:00 - 2014-02-06 10:40 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-13 03:00 - 2014-02-06 10:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-13 03:00 - 2014-02-06 10:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-13 03:00 - 2013-12-21 11:53 - 00548864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-13 03:00 - 2013-12-21 10:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-12 13:40 - 2014-01-01 01:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-02-12 13:40 - 2014-01-01 01:04 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-02-12 13:40 - 2013-12-25 01:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-02-12 13:40 - 2013-12-25 00:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-12 13:40 - 2013-12-06 04:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-12 13:40 - 2013-12-06 04:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-12 13:40 - 2013-12-06 04:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-02-12 13:40 - 2013-12-06 04:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-02-12 13:40 - 2013-12-04 04:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-02-12 13:40 - 2013-12-04 04:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-02-12 13:40 - 2013-12-04 04:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-02-12 13:40 - 2013-12-04 04:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-02-12 13:40 - 2013-12-04 04:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-12 13:40 - 2013-12-04 04:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-02-12 13:40 - 2013-12-04 04:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-02-12 13:40 - 2013-12-04 04:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-02-12 13:40 - 2013-12-04 04:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-12 13:40 - 2013-12-04 04:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-02-12 13:40 - 2013-12-04 04:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-02-12 13:40 - 2013-12-04 04:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-02-12 13:40 - 2013-12-04 04:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-02-12 13:40 - 2013-12-04 04:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-02-12 13:40 - 2013-12-04 03:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-02-12 13:40 - 2013-12-04 03:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-02-12 13:40 - 2013-12-04 03:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-02-12 13:40 - 2013-12-04 03:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-02-12 13:40 - 2013-11-26 10:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-02-12 13:40 - 2013-11-23 00:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-02-09 15:59 - 2014-02-09 15:59 - 00001168 _____ () C:\Users\Public\Desktop\Camtasia Studio 8.lnk
2014-02-09 15:59 - 2014-02-09 15:59 - 00000000 ____D () C:\ProgramData\regid.1995-08.com.techsmith
2014-02-09 15:59 - 2014-02-09 15:59 - 00000000 ____D () C:\Program Files (x86)\TechSmith
2014-02-09 15:43 - 2013-10-08 19:55 - 00000000 ____D () C:\Users\Daniel\Desktop\TSCS.8.1.2.1344.de
2014-02-07 15:00 - 2014-02-21 13:59 - 00000000 ____D () C:\Users\Daniel\AppData\Local\AuxClient
2014-02-05 17:56 - 2014-02-05 19:02 - 264316176 _____ () C:\Users\Daniel\Desktop\TSCS.8.1.2.1344.de.rar
2014-01-31 15:50 - 2014-01-31 15:26 - 00000000 ____D () C:\Users\Daniel\Desktop\HU
2014-01-31 15:31 - 2014-02-23 19:28 - 13609336 _____ () C:\Users\Daniel\Desktop\HU.7z
2014-01-30 16:41 - 2014-01-30 16:42 - 00196608 _____ () C:\Windows\ocsetup_install_NetFx3.etl
2014-01-30 16:41 - 2014-01-30 16:42 - 00028720 _____ () C:\Windows\ocsetup_cbs_install_NetFx3.txt
2014-01-30 16:41 - 2014-01-30 16:41 - 00000000 ____D () C:\Windows\SysWOW64\XPSViewer
2014-01-30 16:41 - 2014-01-30 16:41 - 00000000 ____D () C:\Program Files\Reference Assemblies
2014-01-30 16:41 - 2014-01-30 16:41 - 00000000 ____D () C:\Program Files\MSBuild
2014-01-30 16:41 - 2014-01-30 16:41 - 00000000 ____D () C:\Program Files (x86)\Reference Assemblies
2014-01-30 16:41 - 2014-01-30 16:41 - 00000000 ____D () C:\Program Files (x86)\MSBuild
2014-01-30 16:40 - 2014-01-30 16:40 - 00003100 _____ () C:\Windows\System32\Tasks\{F1D06D96-015C-43CD-8D62-5F269E39C3AE}
==================== One Month Modified Files and Folders =======
2014-02-26 12:41 - 2014-02-26 12:41 - 00000000 ____D () C:\FRST
2014-02-26 12:41 - 2014-02-26 12:38 - 00015045 _____ () C:\Users\Daniel\Desktop\Neues Textdokument.txt
2014-02-26 12:40 - 2013-06-27 01:14 - 00000000 ____D () C:\Users\Daniel\AppData\Roaming\Skype
2014-02-26 12:40 - 2013-06-27 00:54 - 01204745 _____ () C:\Windows\WindowsUpdate.log
2014-02-26 12:36 - 2014-02-25 19:38 - 00000168 _____ () C:\Windows\setupact.log
2014-02-26 12:36 - 2014-02-23 12:12 - 00094656 _____ (CACE Technologies) C:\Windows\system32\WPRO_41_2001woem.tmp
2014-02-26 12:36 - 2014-01-16 12:35 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-26 12:36 - 2013-06-27 22:10 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-02-26 12:36 - 2013-06-27 22:02 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-02-26 12:36 - 2013-06-27 01:07 - 00340792 _____ () C:\Windows\PFRO.log
2014-02-26 12:36 - 2013-06-27 01:07 - 00034752 _____ () C:\Windows\system32\Drivers\WPRO_41_2001.sys
2014-02-26 12:36 - 2013-06-27 00:58 - 00000828 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2014-02-26 12:36 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-26 01:33 - 2013-06-27 01:10 - 01587630 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-26 01:33 - 2009-07-14 19:58 - 00690402 _____ () C:\Windows\system32\perfh007.dat
2014-02-26 01:33 - 2009-07-14 19:58 - 00149872 _____ () C:\Windows\system32\perfc007.dat
2014-02-26 01:33 - 2009-07-14 07:13 - 01587630 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-26 00:57 - 2013-06-27 20:36 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-26 00:53 - 2014-02-25 17:56 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-02-26 00:51 - 2014-01-16 12:35 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-25 22:43 - 2009-07-14 06:45 - 00015344 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-25 22:43 - 2009-07-14 06:45 - 00015344 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-25 22:41 - 2013-12-31 13:47 - 00000000 ____D () C:\Program Files (x86)\StarCraft II
2014-02-25 19:40 - 2014-02-25 19:40 - 00001113 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-02-25 19:40 - 2014-02-25 19:40 - 00000000 ____D () C:\Users\Daniel\AppData\Roaming\Malwarebytes
2014-02-25 19:40 - 2014-02-25 19:40 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-25 19:40 - 2014-02-25 19:40 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-25 19:38 - 2014-02-25 19:38 - 00000000 _____ () C:\Windows\setuperr.log
2014-02-25 18:54 - 2014-02-15 02:19 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-25 17:56 - 2014-02-25 17:56 - 00001383 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-02-25 17:56 - 2014-02-25 17:56 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-02-25 17:56 - 2014-02-25 17:56 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-02-25 17:27 - 2013-06-27 00:58 - 00000830 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2014-02-24 15:14 - 2013-06-27 18:31 - 00000000 ____D () C:\Users\Daniel\AppData\Roaming\Dropbox
2014-02-24 15:14 - 2013-06-27 00:54 - 00000000 ___RD () C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-02-24 15:13 - 2013-06-27 20:46 - 00000000 ____D () C:\Users\postgres
2014-02-24 15:13 - 2013-06-27 00:54 - 00000000 ____D () C:\Users\Daniel
2014-02-24 15:08 - 2013-12-19 17:25 - 00000000 ____D () C:\Users\Daniel\AppData\Roaming\PlanetWin365 Pro
2014-02-24 15:08 - 2013-06-27 22:26 - 00000000 ____D () C:\Program Files (x86)\Full Tilt Poker
2014-02-24 15:08 - 2013-06-27 22:24 - 00000000 ____D () C:\Users\Daniel\AppData\Local\PokerStars.FR
2014-02-24 15:08 - 2013-06-27 22:22 - 00000000 ____D () C:\Users\Daniel\AppData\Local\PokerStars
2014-02-24 15:08 - 2013-06-27 20:48 - 00000000 ____D () C:\Users\Daniel\AppData\Roaming\HoldemManager
2014-02-24 15:08 - 2013-06-27 14:53 - 00000000 ____D () C:\Users\Daniel\AppData\Roaming\KeePass
2014-02-24 15:08 - 2013-06-27 01:40 - 00000000 ____D () C:\Program Files (x86)\Java
2014-02-24 15:08 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration
2014-02-24 15:08 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\AppCompat
2014-02-24 14:31 - 2013-06-27 01:40 - 00000000 ____D () C:\Users\Daniel\AppData\Local\Adobe
2014-02-24 14:28 - 2014-02-24 14:28 - 00000000 ____D () C:\ProgramData\Oracle
2014-02-23 19:28 - 2014-01-31 15:31 - 13609336 _____ () C:\Users\Daniel\Desktop\HU.7z
2014-02-23 02:31 - 2013-06-28 16:29 - 01967210 _____ () C:\blitzerr.txt
2014-02-21 16:13 - 2013-06-28 16:29 - 00006068 _____ () C:\speederr.txt
2014-02-21 16:12 - 2013-06-30 12:14 - 00535924 _____ () C:\rusherr.txt
2014-02-21 16:12 - 2013-06-28 11:54 - 00000000 ____D () C:\Users\Daniel\AppData\Local\FullTiltPoker
2014-02-21 14:15 - 2013-07-01 13:33 - 00000000 ____D () C:\ProgramData\boost_interprocess
2014-02-21 14:02 - 2013-06-27 23:45 - 00000000 ____D () C:\Users\Daniel\AppData\Local\CrashDumps
2014-02-21 13:59 - 2014-02-07 15:00 - 00000000 ____D () C:\Users\Daniel\AppData\Local\AuxClient
2014-02-20 21:57 - 2013-06-27 20:36 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-20 21:57 - 2013-06-27 20:36 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-20 21:57 - 2013-06-27 20:36 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-18 23:46 - 2014-01-16 12:35 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-18 23:46 - 2014-01-16 12:35 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-17 14:15 - 2013-06-27 23:40 - 00000000 ____D () C:\Betsafe
2014-02-16 13:30 - 2013-06-27 14:52 - 00019724 _____ () C:\Users\Daniel\Desktop\Database.kdb
2014-02-16 13:13 - 2013-06-27 01:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-16 03:01 - 2013-08-15 23:08 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-16 03:00 - 2013-07-06 20:20 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-14 20:32 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-02-14 16:33 - 2013-08-07 19:34 - 00000000 ____D () C:\Users\Daniel\AppData\Local\Microsoft Games
2014-02-14 14:57 - 2014-02-14 14:57 - 00045702 _____ () C:\Users\Daniel\Desktop\_PokerStrategy com Freelancer TC 23.08.13.odt
2014-02-12 16:42 - 2014-01-16 16:05 - 00000000 ____D () C:\Users\Daniel\AppData\Roaming\vlc
2014-02-12 16:42 - 2014-01-06 14:15 - 00000000 ____D () C:\Users\Daniel\Documents\Camtasia Studio
2014-02-12 16:24 - 2014-01-06 14:27 - 00008192 _____ () C:\Users\Daniel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-02-09 16:00 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-02-09 15:59 - 2014-02-09 15:59 - 00001168 _____ () C:\Users\Public\Desktop\Camtasia Studio 8.lnk
2014-02-09 15:59 - 2014-02-09 15:59 - 00000000 ____D () C:\ProgramData\regid.1995-08.com.techsmith
2014-02-09 15:59 - 2014-02-09 15:59 - 00000000 ____D () C:\Program Files (x86)\TechSmith
2014-02-09 15:59 - 2014-01-06 14:04 - 00000000 ____D () C:\ProgramData\TechSmith
2014-02-07 14:58 - 2013-06-27 22:24 - 00000000 ____D () C:\Program Files (x86)\PokerStars.FR
2014-02-06 14:16 - 2014-02-13 03:00 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-06 13:30 - 2014-02-13 03:00 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-06 13:30 - 2014-02-13 03:00 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-06 13:12 - 2014-02-13 03:00 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-06 13:07 - 2014-02-13 03:00 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-06 13:06 - 2014-02-13 03:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-06 12:57 - 2014-02-13 03:00 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-06 12:57 - 2013-06-27 22:22 - 00000000 ____D () C:\Program Files (x86)\PokerStars
2014-02-06 12:56 - 2014-02-13 03:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-06 12:52 - 2014-02-13 03:00 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-06 12:49 - 2014-02-13 03:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-06 12:48 - 2014-02-13 03:00 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-06 12:48 - 2014-02-13 03:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-06 12:38 - 2014-02-13 03:00 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-06 12:32 - 2014-02-13 03:00 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-06 12:20 - 2014-02-13 03:00 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-06 12:17 - 2014-02-13 03:00 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-06 12:11 - 2014-02-13 03:00 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-06 12:01 - 2014-02-13 03:00 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-06 12:00 - 2014-02-13 03:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-06 11:57 - 2014-02-13 03:00 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-06 11:57 - 2014-02-13 03:00 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-06 11:52 - 2014-02-13 03:00 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-06 11:52 - 2014-02-13 03:00 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-06 11:50 - 2014-02-13 03:00 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-06 11:49 - 2014-02-13 03:00 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-06 11:47 - 2014-02-13 03:00 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-06 11:46 - 2014-02-13 03:00 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-06 11:25 - 2014-02-13 03:00 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-06 11:25 - 2014-02-13 03:00 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-06 11:24 - 2014-02-13 03:00 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-06 11:22 - 2014-02-13 03:00 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-06 11:13 - 2014-02-13 03:00 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-06 11:09 - 2014-02-13 03:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-06 11:03 - 2014-02-13 03:00 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-06 10:55 - 2014-02-13 03:00 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-06 10:41 - 2014-02-13 03:00 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-06 10:40 - 2014-02-13 03:00 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-06 10:36 - 2014-02-13 03:00 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-06 10:34 - 2014-02-13 03:00 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-05 19:02 - 2014-02-05 17:56 - 264316176 _____ () C:\Users\Daniel\Desktop\TSCS.8.1.2.1344.de.rar
2014-01-31 15:26 - 2014-01-31 15:50 - 00000000 ____D () C:\Users\Daniel\Desktop\HU
2014-01-30 16:42 - 2014-01-30 16:41 - 00196608 _____ () C:\Windows\ocsetup_install_NetFx3.etl
2014-01-30 16:42 - 2014-01-30 16:41 - 00028720 _____ () C:\Windows\ocsetup_cbs_install_NetFx3.txt
2014-01-30 16:41 - 2014-01-30 16:41 - 00000000 ____D () C:\Windows\SysWOW64\XPSViewer
2014-01-30 16:41 - 2014-01-30 16:41 - 00000000 ____D () C:\Program Files\Reference Assemblies
2014-01-30 16:41 - 2014-01-30 16:41 - 00000000 ____D () C:\Program Files\MSBuild
2014-01-30 16:41 - 2014-01-30 16:41 - 00000000 ____D () C:\Program Files (x86)\Reference Assemblies
2014-01-30 16:41 - 2014-01-30 16:41 - 00000000 ____D () C:\Program Files (x86)\MSBuild
2014-01-30 16:40 - 2014-01-30 16:40 - 00003100 _____ () C:\Windows\System32\Tasks\{F1D06D96-015C-43CD-8D62-5F269E39C3AE}
2014-01-29 19:49 - 2013-06-27 20:46 - 00001092 _____ () C:\Users\Public\Desktop\HoldemManager2.lnk
2014-01-29 19:49 - 2013-06-27 20:46 - 00000000 ____D () C:\Program Files (x86)\Holdem Manager 2
Some content of TEMP:
====================
C:\Users\Daniel\AppData\Local\Temp\_is3533.exe
C:\Users\Daniel\AppData\Local\Temp\_is4874.exe
C:\Users\Daniel\AppData\Local\Temp\_is6815.exe
C:\Users\Daniel\AppData\Local\Temp\_is7DC.exe
C:\Users\Daniel\AppData\Local\Temp\_is7E34.exe
C:\Users\Daniel\AppData\Local\Temp\_isA929.exe
C:\Users\Daniel\AppData\Local\Temp\_isB08.exe
C:\Users\Daniel\AppData\Local\Temp\_isCBD6.exe
C:\Users\Daniel\AppData\Local\Temp\_isCE85.exe
C:\Users\Daniel\AppData\Local\Temp\_isD3F1.exe
C:\Users\Daniel\AppData\Local\Temp\_isD49.exe
C:\Users\Daniel\AppData\Local\Temp\_isE6C5.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-02-19 01:39
==================== End Of Log ============================
--- --- --- --- --- --- --- --- --- --- --- --- FRST Additions Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-02-2014
Ran by Daniel at 2014-02-26 12:41:50
Running from E:\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Kaspersky Internet Security (Enabled - Up to date) {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
AS: Kaspersky Internet Security (Enabled - Up to date) {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
FW: Kaspersky Internet Security (Enabled) {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
==================== Installed Programs ======================
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 4.0.0.1390 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.03) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.03 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.2.122 - Adobe Systems, Inc.)
AMD Accelerated Video Transcoding (Version: 12.10.100.30328 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{C8807716-1F6F-5C43-3C32-7295A45CF060}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.80328.2204 - Advanced Micro Devices, Inc.) Hidden
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Asmedia ASM106x SATA Host Controller Driver (HKLM-x32\...\{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}) (Version: 1.3.1.000 - Asmedia Technology)
ASRock App Charger v1.0.5 (HKLM\...\ASRock App Charger_is1) (Version: - ASRock Inc.)
Assassin's Creed IV Black Flag (HKLM-x32\...\Steam App 242050) (Version: - Ubisoft Montreal)
aTube Catcher (HKLM-x32\...\aTube Catcher) (Version: 3.8.5187 - DsNET Corp)
Betsafe Poker 1.0.0 (HKLM-x32\...\Betsafe Poker_is1) (Version: 1.0.0 - betsafe)
BetSafe Poker Black (HKLM-x32\...\betsafe (Poker)) (Version: 16.6.2.11243 - )
BlackChipPoker (HKLM-x32\...\FE4D6F94-B3D5-484b-94F7-8BC45DEB7A82) (Version: 16.6 - IGSoft)
Boylepoker (HKLM-x32\...\boylepoker) (Version: - )
Broken Crescent version 2.3 (HKLM-x32\...\{B5E6D105-DFB4-46B4-88BF-9DC52686DBE7}_is1) (Version: 2.3 - Broken Crescent team)
Broken Crescent version 2.3 (HKLM-x32\...\{C41F1ACF-6424-4AF9-BCDE-926BC8E93840}_is1) (Version: 2.3 - Broken Crescent team)
Broken Crescent version 2.3 (HKLM-x32\...\{D0549B3F-23A2-478B-8DAA-C67095448447}_is1) (Version: 2.3 - Broken Crescent team)
Camtasia Studio 8 (HKLM-x32\...\{F5C9BE9A-04C3-4A72-8CD0-BB67C722D608}) (Version: 8.1.2.1344 - TechSmith Corporation)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center (x32 Version: 2013.0328.2218.38225 - Ihr Firmenname) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.1.4003 - CDBurnerXP)
CPUID CPU-Z 1.64.0 (HKLM\...\CPUID CPU-Z_is1) (Version: - )
Crysis® 2 Demo (HKLM-x32\...\{1BF4CB15-6055-452A-8487-021AE2D91208}) (Version: 1.0.0.0 - Electronic Arts)
Dungeon Keeper 2 (HKLM-x32\...\Dungeon Keeper II) (Version: - )
Empire: Total War (HKLM-x32\...\Steam App 10500) (Version: - The Creative Assembly)
Europa Barbarorum 1.1 (HKLM-x32\...\{9BCAC864-84C0-409F-8D12-364109622D18}_is1) (Version: - Europa Barbarorum)
Europa Barbarorum 1.2 (HKLM-x32\...\{AD3E68F5-D141-49C0-B002-28B48030B902}_is1) (Version: - Europa Barbarorum)
Full Tilt Poker (HKLM-x32\...\{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}) (Version: 4.61.10.WIN.FullTilt.COM - )
Fulpot Game - Fulpot Poker (HKLM-x32\...\GameTopia_FulPot_Poker) (Version: 1.0 - FulPot Game)
Geeks3D.com FurMark 1.10.6 (HKLM-x32\...\{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1) (Version: - Geeks3D.com)
GOM Player (HKLM-x32\...\GOM Player) (Version: 2.2.53.5169 - Gretech Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.117 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
HMA! Pro VPN 2.8.3.1 (HKLM-x32\...\HMA! Pro VPN) (Version: 2.8.3.1 - )
Holdem Manager 2 (HKLM-x32\...\HoldemManager2) (Version: - )
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel(R) Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.36354 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1281 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.6.0.1030 - Intel Corporation)
Intel(R) Smart Connect Technology 3.0 x64 (HKLM\...\{DE788AD4-F7CE-4995-ADF8-56174A7B613C}) (Version: 3.0.41.1571 - Intel)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.220 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.738.1 - Intel Corporation) Hidden
Java 7 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417025FF}) (Version: 7.0.250 - Oracle)
Java 7 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.250 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.5 - Sun Microsystems, Inc.) Hidden
Kaspersky Internet Security 2013 (HKLM-x32\...\InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}) (Version: 13.0.1.4190 - Kaspersky Lab)
Kaspersky Internet Security 2013 (x32 Version: 13.0.1.4190 - Kaspersky Lab) Hidden
KeePass Password Safe 1.25 (HKLM-x32\...\KeePass Password Safe_is1) (Version: 1.25 - Dominik Reichl)
LuckyAcePoker.com (HKLM-x32\...\LuckyAcePoker.com) (Version: - )
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Medieval II Total War (HKLM-x32\...\{C0698BDA-0D29-40EE-8570-A31106DF9AB1}) (Version: 1.03.000 - SEGA)
Medieval II Total War : Kingdoms : Americas (HKLM-x32\...\{75983B66-804C-40D1-BA13-64DAF652A6F1}) (Version: 1.05.000 - SEGA)
Medieval II Total War : Kingdoms : Britannia (HKLM-x32\...\{CEDDEE73-3D36-41C2-AA40-29355D9FBD63}) (Version: 1.05.000 - SEGA)
Medieval II Total War : Kingdoms : Crusades (HKLM-x32\...\{02A10468-2F1C-447C-AD8E-4DEDDEA25AE2}) (Version: 1.05.000 - SEGA)
Medieval II Total War : Kingdoms : Teutonic (HKLM-x32\...\{7AEE1963-7001-4C37-BC20-2FAEB74AA41C}) (Version: 1.05.000 - SEGA)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20125.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 27.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 27.0.1 (x86 de)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.5.3 - Notepad++ Team)
OpenOffice.org 3.4.1 (HKLM-x32\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation)
Opoker (HKLM-x32\...\Opoker ) (Version: - Boss Media AB)
Paddy Power Poker (HKLM-x32\...\Paddy Power Poker) (Version: - )
PartyPoker (HKLM-x32\...\PartyPoker) (Version: - PartyGaming)
PlanetWin365 Pro 2.36 build 519 (HKLM-x32\...\PlanetWin365 Pro) (Version: 2.36 build 519 - PlanetWin365 Pro)
Poker (HKLM-x32\...\Poker) (Version: - )
Poker 770 (HKLM-x32\...\Poker 770) (Version: - )
PokerStars (HKLM-x32\...\PokerStars) (Version: - PokerStars)
PokerStars.es (HKLM-x32\...\PokerStars.es) (Version: - PokerStars.es)
PokerStars.fr (HKLM-x32\...\PokerStars.fr) (Version: - PokerStars.fr)
PokerStrategy.com Equilab (HKLM-x32\...\{86D09F48-CDAB-4B4C-8806-F6C16F17935A}) (Version: 1.2.8.0 - PokerStrategy.com)
PostgreSQL 8.4 (HKLM-x32\...\PostgreSQL 8.4) (Version: 8.4 - PostgreSQL Global Development Group)
ProPokerTools Odds Oracle 2.2.5 (HKLM\...\5992-1726-3179-3433) (Version: 2.2.5 - ProPokerTools)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6482 - Realtek Semiconductor Corp.)
Rome: Total War - Alexander (HKLM-x32\...\Steam App 4770) (Version: - The Creative Assembly)
Rome: Total War (HKLM-x32\...\Steam App 4760) (Version: - The Creative Assembly)
Sandboxie 3.76 (64-bit) (HKLM\...\Sandboxie) (Version: 3.76 - SANDBOXIE L.T.D)
Sky Poker (HKLM-x32\...\com.orbis.air.SkyPoker.7C82499D7E4526CADD9D1D1B010AFE250A7BEC27.1) (Version: 1.128 - British Sky Broadcasting Group Plc)
Sky Poker (x32 Version: 1.128 - British Sky Broadcasting Group Plc) Hidden
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - )
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.2.25 - Safer-Networking Ltd.)
StarCraft II (HKLM-x32\...\StarCraft II) (Version: - Blizzard Entertainment)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.13 - TeamSpeak Systems GmbH)
TeamViewer 8 (HKLM-x32\...\TeamViewer 8) (Version: 8.0.22298 - TeamViewer)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios)
Titan Poker (HKCU\...\Titan Poker) (Version: - )
TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation)
Uplay (HKLM-x32\...\Uplay) (Version: 4.0 - Ubisoft)
VLC media player 2.0.7 (HKLM-x32\...\VLC media player) (Version: 2.0.7 - VideoLAN)
William Hill Poker (HKLM-x32\...\William Hill Poker) (Version: - )
Winamp (HKLM-x32\...\Winamp) (Version: 5.64 - Nullsoft, Inc)
Winamp Detector Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Utils (HKLM-x32\...\Windows Utils) (Version: - )
WinRAR 5.00 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
==================== Restore Points =========================
24-02-2014 12:27:43 Installed Java 7 Update 51
24-02-2014 13:06:58 Wiederherstellungsvorgang
24-02-2014 13:17:05 Windows Update
25-02-2014 23:32:06 Windows Update
==================== Hosts content: ==========================
2009-07-14 04:34 - 2014-02-09 15:52 - 00000974 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 activation.cloud.techsmith.com
127.0.0.1 65.52.240.48
127.0.0.1 oscount.techsmith.com
127.0.0.1 69.167.144.18
==================== Scheduled Tasks (whitelisted) =============
Task: {04A7FC89-080B-46E2-92E3-B3300E258E34} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
Task: {10231017-F618-45E1-BF07-103D3AA6BE26} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-04-16] (Intel Corporation)
Task: {288065F5-F1E1-4C88-9AA9-18A096E77648} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-16] (Google Inc.)
Task: {41E36532-2FA0-4A36-986F-9955DA872DD8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-16] (Google Inc.)
Task: {5E5BD539-0F72-464B-9584-BE17B17C3454} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-04-16] (Intel Corporation)
Task: {603AA361-2807-48C1-8125-3660D00EC846} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-20] (Adobe Systems Incorporated)
Task: {B623B7B2-FF19-4E38-BAF8-6F1CD48E37C3} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {C30144B8-9D49-4246-B36E-17947159A072} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
Task: {EB094395-63F0-44A7-BCEF-41B5D2914FE6} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
==================== Loaded Modules (whitelisted) =============
2012-08-16 21:36 - 2012-08-16 21:36 - 00149032 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
2012-08-16 21:36 - 2012-08-16 21:36 - 00058920 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\NetworkHeuristic.dll
2013-12-29 12:16 - 2013-12-29 12:16 - 00075136 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2012-08-17 22:39 - 2013-06-27 22:18 - 01310136 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\kpcengine.2.2.dll
2013-06-27 20:46 - 2013-04-02 07:20 - 00172032 _____ () c:\postgreSQL\bin\LIBPQ.dll
2012-08-10 17:51 - 2012-08-10 17:51 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
2014-02-25 17:56 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-02-25 17:56 - 2013-05-16 10:55 - 00113496 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-02-25 17:56 - 2013-05-16 10:55 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-02-25 17:56 - 2013-05-16 10:55 - 00161112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-02-25 17:56 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2012-08-17 22:38 - 2012-08-17 22:38 - 00479160 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll
2013-06-27 20:46 - 2012-08-14 15:19 - 00999424 _____ () c:\postgreSQL\bin\libxml2.dll
2014-02-15 02:19 - 2014-02-15 02:19 - 03578992 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-02-20 21:57 - 2014-02-20 21:57 - 16265096 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll
2013-06-27 00:58 - 2012-07-18 07:55 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== Disabled items from MSCONFIG ==============
MSCONFIG\startupfolder: C:^Users^Daniel^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (02/26/2014 00:36:08 PM) (Source: PostgreSQL) (User: )
Description: 2014-02-26 12:36:08 EETFATAL: the database system is starting up
Error: (02/25/2014 07:23:29 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (02/25/2014 07:18:28 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (02/25/2014 06:24:45 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (02/24/2014 10:12:02 AM) (Source: PostgreSQL) (User: )
Description: 2014-02-24 10:12:02 EETFATAL: the database system is starting up
Error: (02/23/2014 00:12:19 PM) (Source: PostgreSQL) (User: )
Description: 2014-02-23 12:12:19 EETFATAL: the database system is starting up
Error: (02/22/2014 03:47:46 PM) (Source: PostgreSQL) (User: )
Description: 2014-02-22 15:47:46 EETERROR: relation "notecaddy_data" already exists
2014-02-22 15:47:46 EETSTATEMENT: CREATE TABLE notecaddy_data
(
player_id integer NOT NULL,
data text,
CONSTRAINT ncd PRIMARY KEY (player_id)
);
ALTER TABLE notecaddy_data OWNER TO postgres;
Error: (02/22/2014 03:47:46 PM) (Source: PostgreSQL) (User: )
Description: 2014-02-22 15:47:46 EETERROR: relation "readsettings" already exists
2014-02-22 15:47:46 EETSTATEMENT: CREATE TABLE readsettings
(
lastid bigint,
lasttournament bigint,
databaseversion text,
lastomahacash bigint,
lastomahatournament bigint
)
WITH (
OIDS=FALSE
);
ALTER TABLE readsettings OWNER TO postgres;
insert into readsettings values(0,0,'12',0,0);
Error: (02/21/2014 08:15:31 PM) (Source: PostgreSQL) (User: )
Description: 2014-02-21 20:15:31 EETERROR: relation "notecaddy_data" already exists
2014-02-21 20:15:31 EETSTATEMENT: CREATE TABLE notecaddy_data
(
player_id integer NOT NULL,
data text,
CONSTRAINT ncd PRIMARY KEY (player_id)
);
ALTER TABLE notecaddy_data OWNER TO postgres;
Error: (02/21/2014 08:15:31 PM) (Source: PostgreSQL) (User: )
Description: 2014-02-21 20:15:31 EETERROR: relation "readsettings" already exists
2014-02-21 20:15:31 EETSTATEMENT: CREATE TABLE readsettings
(
lastid bigint,
lasttournament bigint,
databaseversion text,
lastomahacash bigint,
lastomahatournament bigint
)
WITH (
OIDS=FALSE
);
ALTER TABLE readsettings OWNER TO postgres;
insert into readsettings values(0,0,'12',0,0);
System errors:
=============
Error: (02/26/2014 00:53:20 AM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
Error: (02/25/2014 10:36:05 PM) (Source: DCOM) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
Error: (02/25/2014 02:00:47 AM) (Source: DCOM) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
Error: (02/10/2014 02:59:51 AM) (Source: DCOM) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
Error: (02/07/2014 03:29:57 AM) (Source: DCOM) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
Error: (02/02/2014 03:39:56 AM) (Source: DCOM) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
Error: (01/29/2014 02:02:38 AM) (Source: DCOM) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
Error: (01/16/2014 01:40:23 PM) (Source: DCOM) (User: )
Description: {005A3A96-BAC4-4B0A-94EA-C0CE100EA736}
Error: (01/16/2014 00:32:11 PM) (Source: Microsoft-Windows-Directory-Services-SAM) (User: NT-AUTORITÄT)
Description: Das SAM-Modul konnte den TCP/IP- bzw. SPX/IPX-Listening-Thread nicht starten.
Error: (01/16/2014 01:20:34 AM) (Source: DCOM) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
Microsoft Office Sessions:
=========================
Error: (02/26/2014 00:36:08 PM) (Source: PostgreSQL)(User: )
Description: 2014-02-26 12:36:08 EETFATAL: the database system is starting up
Error: (02/25/2014 07:23:29 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestE:\Downloads\esetsmartinstaller_enu.exe
Error: (02/25/2014 07:18:28 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe
Error: (02/25/2014 06:24:45 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestE:\Downloads\esetsmartinstaller_enu.exe
Error: (02/24/2014 10:12:02 AM) (Source: PostgreSQL)(User: )
Description: 2014-02-24 10:12:02 EETFATAL: the database system is starting up
Error: (02/23/2014 00:12:19 PM) (Source: PostgreSQL)(User: )
Description: 2014-02-23 12:12:19 EETFATAL: the database system is starting up
Error: (02/22/2014 03:47:46 PM) (Source: PostgreSQL)(User: )
Description: 2014-02-22 15:47:46 EETERROR: relation "notecaddy_data" already exists
2014-02-22 15:47:46 EETSTATEMENT: CREATE TABLE notecaddy_data
(
player_id integer NOT NULL,
data text,
CONSTRAINT ncd PRIMARY KEY (player_id)
);
ALTER TABLE notecaddy_data OWNER TO postgres;
Error: (02/22/2014 03:47:46 PM) (Source: PostgreSQL)(User: )
Description: 2014-02-22 15:47:46 EETERROR: relation "readsettings" already exists
2014-02-22 15:47:46 EETSTATEMENT: CREATE TABLE readsettings
(
lastid bigint,
lasttournament bigint,
databaseversion text,
lastomahacash bigint,
lastomahatournament bigint
)
WITH (
OIDS=FALSE
);
ALTER TABLE readsettings OWNER TO postgres;
insert into readsettings values(0,0,'12',0,0);
Error: (02/21/2014 08:15:31 PM) (Source: PostgreSQL)(User: )
Description: 2014-02-21 20:15:31 EETERROR: relation "notecaddy_data" already exists
2014-02-21 20:15:31 EETSTATEMENT: CREATE TABLE notecaddy_data
(
player_id integer NOT NULL,
data text,
CONSTRAINT ncd PRIMARY KEY (player_id)
);
ALTER TABLE notecaddy_data OWNER TO postgres;
Error: (02/21/2014 08:15:31 PM) (Source: PostgreSQL)(User: )
Description: 2014-02-21 20:15:31 EETERROR: relation "readsettings" already exists
2014-02-21 20:15:31 EETSTATEMENT: CREATE TABLE readsettings
(
lastid bigint,
lasttournament bigint,
databaseversion text,
lastomahacash bigint,
lastomahatournament bigint
)
WITH (
OIDS=FALSE
);
ALTER TABLE readsettings OWNER TO postgres;
insert into readsettings values(0,0,'12',0,0);
CodeIntegrity Errors:
===================================
Date: 2014-02-25 21:08:42.181
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-02-25 21:08:42.181
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-02-25 21:08:42.181
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-02-25 21:08:42.171
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-02-25 21:08:42.161
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-02-25 21:08:42.161
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-02-25 21:08:42.161
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-02-25 21:08:42.161
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-02-25 21:08:42.161
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-02-25 20:17:59.845
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Percentage of memory in use: 21%
Total physical RAM: 16337.05 MB
Available physical RAM: 12767.83 MB
Total Pagefile: 32672.29 MB
Available Pagefile: 28596.24 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:232.79 GB) (Free:90.58 GB) NTFS
Drive e: (Volume) (Fixed) (Total:931.51 GB) (Free:859.99 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 233 GB) (Disk ID: 27EED1E0)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=233 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 8E929FE0)
Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Erkennt da jemand was? bump ich bumps mal nochmal  |
|
01.03.2014, 11:10
| #4 |
| | Verdacht auf Keylogger Kann mir bitte jemand helfen letzter versuch bump |
|
01.03.2014, 11:44
| #5 |
| /// TB-Ausbilder /// Anleitungs-Guru | Verdacht auf Keylogger Sorry für die Verzögerung! Schrauber meldet sich so schnell als möglich bei Dir OK?
__________________ Gruß deeprybka  Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
|
01.03.2014, 11:58
| #6 |
| /// the machine /// TB-Ausbilder | Verdacht auf Keylogger Das kommt davon wenn man den eigenen Thread bumpt. Ich arbeite von alt nach neu, jeder Bump bringt dich in meiner Liste ganz nach oben/neu. Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ --> Verdacht auf Keylogger |
|
01.03.2014, 13:17
| #7 |
| | Verdacht auf Keylogger beim restart bekam ich einen bluescreen. hier das log --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.07.0.1009 (c) Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 11.0.9600.16518 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED CPU speed: 3.292000 GHz Memory total: 17130643456, free: 13888110592 ======================================= --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.07.0.1009 (c) Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 11.0.9600.16518 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED CPU speed: 3.292000 GHz Memory total: 17130643456, free: 13863452672 Downloaded database version: v2014.03.01.02 Downloaded database version: v2014.02.20.01 ======================================= Initializing... ------------ Kernel report ------------ 03/01/2014 13:52:29 ------------ Loaded modules ----------- \SystemRoot\system32\ntoskrnl.exe \SystemRoot\system32\hal.dll \SystemRoot\system32\kdcom.dll \SystemRoot\system32\mcupdate_GenuineIntel.dll \SystemRoot\system32\PSHED.dll \SystemRoot\system32\CLFS.SYS \SystemRoot\system32\CI.dll \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\system32\drivers\ACPI.sys \SystemRoot\system32\drivers\WMILIB.SYS \SystemRoot\system32\drivers\msisadrv.sys \SystemRoot\system32\drivers\pci.sys \SystemRoot\system32\drivers\vdrvroot.sys \SystemRoot\system32\DRIVERS\iusb3hcs.sys \SystemRoot\system32\DRIVERS\kl1.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\system32\drivers\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\system32\drivers\atapi.sys \SystemRoot\system32\drivers\ataport.SYS \SystemRoot\system32\drivers\msahci.sys \SystemRoot\system32\drivers\PCIIDEX.SYS \SystemRoot\system32\DRIVERS\asahci64.sys \SystemRoot\system32\DRIVERS\iaStorA.sys \SystemRoot\system32\DRIVERS\storport.sys \SystemRoot\system32\drivers\amdxata.sys \SystemRoot\system32\drivers\fltmgr.sys \SystemRoot\system32\drivers\fileinfo.sys \SystemRoot\System32\drivers\truecrypt.sys \SystemRoot\System32\Drivers\Ntfs.sys \SystemRoot\System32\Drivers\msrpc.sys \SystemRoot\System32\Drivers\ksecdd.sys \SystemRoot\System32\Drivers\cng.sys \SystemRoot\System32\drivers\pcw.sys \SystemRoot\System32\Drivers\Fs_Rec.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\Drivers\ksecpkg.sys \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\system32\drivers\volsnap.sys \SystemRoot\System32\Drivers\spldr.sys \SystemRoot\SysWOW64\speedfan.sys \SystemRoot\System32\drivers\rdyboost.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\system32\DRIVERS\iaStorF.sys \SystemRoot\System32\drivers\hwpolicy.sys \SystemRoot\System32\DRIVERS\fvevol.sys \SystemRoot\system32\DRIVERS\disk.sys \SystemRoot\system32\DRIVERS\CLASSPNP.SYS \SystemRoot\system32\DRIVERS\cdrom.sys \SystemRoot\system32\DRIVERS\klif.sys \SystemRoot\system32\DRIVERS\klflt.sys \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\drivers\VIDEOPRT.SYS \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\system32\drivers\rdpencdd.sys \SystemRoot\system32\drivers\rdprefmp.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\system32\DRIVERS\kltdi.sys \SystemRoot\system32\drivers\afd.sys \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\DRIVERS\wfplwf.sys \SystemRoot\system32\DRIVERS\pacer.sys \SystemRoot\system32\DRIVERS\klim6.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\serial.sys \SystemRoot\system32\DRIVERS\wanarp.sys \SystemRoot\system32\drivers\termdd.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\drivers\nsiproxy.sys \SystemRoot\system32\drivers\mssmbios.sys \SystemRoot\system32\DRIVERS\kneps.sys \SystemRoot\System32\drivers\discache.sys \SystemRoot\System32\Drivers\dfsc.sys \SystemRoot\system32\DRIVERS\blbdrive.sys \SystemRoot\system32\DRIVERS\AsrAppCharger.sys \SystemRoot\system32\DRIVERS\tunnel.sys \SystemRoot\system32\DRIVERS\atikmpag.sys \SystemRoot\system32\DRIVERS\atikmdag.sys \SystemRoot\System32\drivers\dxgkrnl.sys \SystemRoot\System32\drivers\dxgmms1.sys \SystemRoot\system32\DRIVERS\HDAudBus.sys \SystemRoot\system32\DRIVERS\iusb3xhc.sys \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\system32\DRIVERS\HECIx64.sys \SystemRoot\system32\drivers\usbehci.sys \SystemRoot\system32\drivers\USBPORT.SYS \SystemRoot\system32\DRIVERS\Rt64win7.sys \SystemRoot\system32\DRIVERS\serenum.sys \SystemRoot\system32\DRIVERS\intelppm.sys \SystemRoot\system32\DRIVERS\ISCTD64.sys \SystemRoot\system32\drivers\CompositeBus.sys \SystemRoot\system32\DRIVERS\AgileVpn.sys \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\rassstp.sys \SystemRoot\system32\DRIVERS\tap0901.sys \SystemRoot\system32\drivers\kbdclass.sys \SystemRoot\system32\drivers\mouclass.sys \SystemRoot\system32\drivers\swenum.sys \SystemRoot\system32\drivers\ks.sys \SystemRoot\system32\DRIVERS\umbus.sys \SystemRoot\system32\DRIVERS\usbhub.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\system32\drivers\AtihdW76.sys \SystemRoot\system32\drivers\portcls.sys \SystemRoot\system32\drivers\drmk.sys \SystemRoot\system32\drivers\ksthunk.sys \SystemRoot\system32\DRIVERS\iusb3hub.sys \SystemRoot\system32\drivers\RTKVHD64.sys \SystemRoot\system32\drivers\MBfilt64.sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\Drivers\dump_diskdump.sys \SystemRoot\system32\DRIVERS\usbccgp.sys \SystemRoot\System32\Drivers\dump_iaStorA.sys \SystemRoot\System32\Drivers\dump_dumpfve.sys \SystemRoot\System32\Drivers\dump_truecrypt.sys \SystemRoot\system32\drivers\hidusb.sys \SystemRoot\system32\drivers\HIDCLASS.SYS \SystemRoot\system32\drivers\HIDPARSE.SYS \SystemRoot\system32\drivers\kbdhid.sys \SystemRoot\system32\DRIVERS\ikbevent.sys \SystemRoot\system32\DRIVERS\klkbdflt.sys \SystemRoot\system32\DRIVERS\mouhid.sys \SystemRoot\system32\DRIVERS\imsevent.sys \SystemRoot\system32\DRIVERS\klmouflt.sys \SystemRoot\system32\DRIVERS\monitor.sys \SystemRoot\System32\TSDDD.dll \SystemRoot\System32\cdd.dll \SystemRoot\System32\ATMFD.DLL \SystemRoot\system32\drivers\luafv.sys \??\C:\Windows\system32\drivers\mbam.sys \??\C:\Program Files\Sandboxie\SbieDrv.sys \SystemRoot\system32\DRIVERS\lltdio.sys \SystemRoot\system32\DRIVERS\rspndr.sys \SystemRoot\system32\drivers\HTTP.sys \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\System32\drivers\mpsdrv.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\mrxsmb10.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \SystemRoot\system32\drivers\peauth.sys \SystemRoot\System32\Drivers\secdrv.SYS \SystemRoot\System32\DRIVERS\srvnet.sys \SystemRoot\System32\drivers\tcpipreg.sys \SystemRoot\System32\DRIVERS\srv2.sys \SystemRoot\System32\DRIVERS\srv.sys \SystemRoot\system32\drivers\WPRO_41_2001.sys \SystemRoot\system32\DRIVERS\asyncmac.sys \??\C:\Windows\system32\drivers\mbamchameleon.sys \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys \Windows\System32\ntdll.dll \Windows\System32\smss.exe \Windows\System32\apisetschema.dll ----------- End ----------- Done! <<<1>>> Upper Device Name: \Device\Harddisk1\DR1 Upper Device Object: 0xfffffa800ec8f790 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\00000065\ Lower Device Object: 0xfffffa800cba9060 Lower Device Driver Name: \Driver\iaStorA\ <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xfffffa800ec89790 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\00000064\ Lower Device Object: 0xfffffa800cba99c0 Lower Device Driver Name: \Driver\iaStorA\ --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.07.0.1009 (c) Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 11.0.9600.16518 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED CPU speed: 3.292000 GHz Memory total: 17130643456, free: 13995712512 Could not load protection driver Downloaded database version: v2014.03.01.02 Downloaded database version: v2014.02.20.01 TDSS Killer hat keine threats gefunden. also dahingehend scheinbar alles sauber tdss log: --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.07.0.1009 (c) Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 11.0.9600.16518 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED CPU speed: 3.292000 GHz Memory total: 17130643456, free: 13888110592 ======================================= --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.07.0.1009 (c) Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 11.0.9600.16518 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED CPU speed: 3.292000 GHz Memory total: 17130643456, free: 13863452672 Downloaded database version: v2014.03.01.02 Downloaded database version: v2014.02.20.01 ======================================= Initializing... ------------ Kernel report ------------ 03/01/2014 13:52:29 ------------ Loaded modules ----------- \SystemRoot\system32\ntoskrnl.exe \SystemRoot\system32\hal.dll \SystemRoot\system32\kdcom.dll \SystemRoot\system32\mcupdate_GenuineIntel.dll \SystemRoot\system32\PSHED.dll \SystemRoot\system32\CLFS.SYS \SystemRoot\system32\CI.dll \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\system32\drivers\ACPI.sys \SystemRoot\system32\drivers\WMILIB.SYS \SystemRoot\system32\drivers\msisadrv.sys \SystemRoot\system32\drivers\pci.sys \SystemRoot\system32\drivers\vdrvroot.sys \SystemRoot\system32\DRIVERS\iusb3hcs.sys \SystemRoot\system32\DRIVERS\kl1.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\system32\drivers\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\system32\drivers\atapi.sys \SystemRoot\system32\drivers\ataport.SYS \SystemRoot\system32\drivers\msahci.sys \SystemRoot\system32\drivers\PCIIDEX.SYS \SystemRoot\system32\DRIVERS\asahci64.sys \SystemRoot\system32\DRIVERS\iaStorA.sys \SystemRoot\system32\DRIVERS\storport.sys \SystemRoot\system32\drivers\amdxata.sys \SystemRoot\system32\drivers\fltmgr.sys \SystemRoot\system32\drivers\fileinfo.sys \SystemRoot\System32\drivers\truecrypt.sys \SystemRoot\System32\Drivers\Ntfs.sys \SystemRoot\System32\Drivers\msrpc.sys \SystemRoot\System32\Drivers\ksecdd.sys \SystemRoot\System32\Drivers\cng.sys \SystemRoot\System32\drivers\pcw.sys \SystemRoot\System32\Drivers\Fs_Rec.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\Drivers\ksecpkg.sys \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\system32\drivers\volsnap.sys \SystemRoot\System32\Drivers\spldr.sys \SystemRoot\SysWOW64\speedfan.sys \SystemRoot\System32\drivers\rdyboost.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\system32\DRIVERS\iaStorF.sys \SystemRoot\System32\drivers\hwpolicy.sys \SystemRoot\System32\DRIVERS\fvevol.sys \SystemRoot\system32\DRIVERS\disk.sys \SystemRoot\system32\DRIVERS\CLASSPNP.SYS \SystemRoot\system32\DRIVERS\cdrom.sys \SystemRoot\system32\DRIVERS\klif.sys \SystemRoot\system32\DRIVERS\klflt.sys \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\drivers\VIDEOPRT.SYS \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\system32\drivers\rdpencdd.sys \SystemRoot\system32\drivers\rdprefmp.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\system32\DRIVERS\kltdi.sys \SystemRoot\system32\drivers\afd.sys \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\DRIVERS\wfplwf.sys \SystemRoot\system32\DRIVERS\pacer.sys \SystemRoot\system32\DRIVERS\klim6.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\serial.sys \SystemRoot\system32\DRIVERS\wanarp.sys \SystemRoot\system32\drivers\termdd.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\drivers\nsiproxy.sys \SystemRoot\system32\drivers\mssmbios.sys \SystemRoot\system32\DRIVERS\kneps.sys \SystemRoot\System32\drivers\discache.sys \SystemRoot\System32\Drivers\dfsc.sys \SystemRoot\system32\DRIVERS\blbdrive.sys \SystemRoot\system32\DRIVERS\AsrAppCharger.sys \SystemRoot\system32\DRIVERS\tunnel.sys \SystemRoot\system32\DRIVERS\atikmpag.sys \SystemRoot\system32\DRIVERS\atikmdag.sys \SystemRoot\System32\drivers\dxgkrnl.sys \SystemRoot\System32\drivers\dxgmms1.sys \SystemRoot\system32\DRIVERS\HDAudBus.sys \SystemRoot\system32\DRIVERS\iusb3xhc.sys \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\system32\DRIVERS\HECIx64.sys \SystemRoot\system32\drivers\usbehci.sys \SystemRoot\system32\drivers\USBPORT.SYS \SystemRoot\system32\DRIVERS\Rt64win7.sys \SystemRoot\system32\DRIVERS\serenum.sys \SystemRoot\system32\DRIVERS\intelppm.sys \SystemRoot\system32\DRIVERS\ISCTD64.sys \SystemRoot\system32\drivers\CompositeBus.sys \SystemRoot\system32\DRIVERS\AgileVpn.sys \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\rassstp.sys \SystemRoot\system32\DRIVERS\tap0901.sys \SystemRoot\system32\drivers\kbdclass.sys \SystemRoot\system32\drivers\mouclass.sys \SystemRoot\system32\drivers\swenum.sys \SystemRoot\system32\drivers\ks.sys \SystemRoot\system32\DRIVERS\umbus.sys \SystemRoot\system32\DRIVERS\usbhub.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\system32\drivers\AtihdW76.sys \SystemRoot\system32\drivers\portcls.sys \SystemRoot\system32\drivers\drmk.sys \SystemRoot\system32\drivers\ksthunk.sys \SystemRoot\system32\DRIVERS\iusb3hub.sys \SystemRoot\system32\drivers\RTKVHD64.sys \SystemRoot\system32\drivers\MBfilt64.sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\Drivers\dump_diskdump.sys \SystemRoot\system32\DRIVERS\usbccgp.sys \SystemRoot\System32\Drivers\dump_iaStorA.sys \SystemRoot\System32\Drivers\dump_dumpfve.sys \SystemRoot\System32\Drivers\dump_truecrypt.sys \SystemRoot\system32\drivers\hidusb.sys \SystemRoot\system32\drivers\HIDCLASS.SYS \SystemRoot\system32\drivers\HIDPARSE.SYS \SystemRoot\system32\drivers\kbdhid.sys \SystemRoot\system32\DRIVERS\ikbevent.sys \SystemRoot\system32\DRIVERS\klkbdflt.sys \SystemRoot\system32\DRIVERS\mouhid.sys \SystemRoot\system32\DRIVERS\imsevent.sys \SystemRoot\system32\DRIVERS\klmouflt.sys \SystemRoot\system32\DRIVERS\monitor.sys \SystemRoot\System32\TSDDD.dll \SystemRoot\System32\cdd.dll \SystemRoot\System32\ATMFD.DLL \SystemRoot\system32\drivers\luafv.sys \??\C:\Windows\system32\drivers\mbam.sys \??\C:\Program Files\Sandboxie\SbieDrv.sys \SystemRoot\system32\DRIVERS\lltdio.sys \SystemRoot\system32\DRIVERS\rspndr.sys \SystemRoot\system32\drivers\HTTP.sys \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\System32\drivers\mpsdrv.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\mrxsmb10.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \SystemRoot\system32\drivers\peauth.sys \SystemRoot\System32\Drivers\secdrv.SYS \SystemRoot\System32\DRIVERS\srvnet.sys \SystemRoot\System32\drivers\tcpipreg.sys \SystemRoot\System32\DRIVERS\srv2.sys \SystemRoot\System32\DRIVERS\srv.sys \SystemRoot\system32\drivers\WPRO_41_2001.sys \SystemRoot\system32\DRIVERS\asyncmac.sys \??\C:\Windows\system32\drivers\mbamchameleon.sys \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys \Windows\System32\ntdll.dll \Windows\System32\smss.exe \Windows\System32\apisetschema.dll ----------- End ----------- Done! <<<1>>> Upper Device Name: \Device\Harddisk1\DR1 Upper Device Object: 0xfffffa800ec8f790 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\00000065\ Lower Device Object: 0xfffffa800cba9060 Lower Device Driver Name: \Driver\iaStorA\ <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xfffffa800ec89790 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\00000064\ Lower Device Object: 0xfffffa800cba99c0 Lower Device Driver Name: \Driver\iaStorA\ --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.07.0.1009 (c) Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 11.0.9600.16518 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED CPU speed: 3.292000 GHz Memory total: 17130643456, free: 13995712512 Could not load protection driver Downloaded database version: v2014.03.01.02 Downloaded database version: v2014.02.20.01 hab das malware log ausversehen doppel gepostet und konnte es nicht editieren - ka warum hier das tdss log: 14:02:04.0144 0x1548 TDSS rootkit removing tool 3.0.0.25 Feb 27 2014 15:23:02 14:02:07.0685 0x1548 ============================================================ 14:02:07.0685 0x1548 Current date / time: 2014/03/01 14:02:07.0685 14:02:07.0685 0x1548 SystemInfo: 14:02:07.0685 0x1548 14:02:07.0685 0x1548 OS Version: 6.1.7601 ServicePack: 1.0 14:02:07.0685 0x1548 Product type: Workstation 14:02:07.0685 0x1548 ComputerName: DANIEL-PC 14:02:07.0685 0x1548 UserName: Daniel 14:02:07.0685 0x1548 Windows directory: C:\Windows 14:02:07.0685 0x1548 System windows directory: C:\Windows 14:02:07.0685 0x1548 Running under WOW64 14:02:07.0685 0x1548 Processor architecture: Intel x64 14:02:07.0685 0x1548 Number of processors: 8 14:02:07.0685 0x1548 Page size: 0x1000 14:02:07.0685 0x1548 Boot type: Normal boot 14:02:07.0685 0x1548 ============================================================ 14:02:08.0427 0x1548 KLMD registered as C:\Windows\system32\drivers\60235955.sys 14:02:08.0542 0x1548 System UUID: {E111E617-FF52-A741-DCD1-22505B663000} 14:02:08.0915 0x1548 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 14:02:08.0916 0x1548 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1F8B1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040 14:02:08.0919 0x1548 ============================================================ 14:02:08.0919 0x1548 \Device\Harddisk0\DR0: 14:02:08.0919 0x1548 MBR partitions: 14:02:08.0919 0x1548 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000 14:02:08.0919 0x1548 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1D192800 14:02:08.0919 0x1548 \Device\Harddisk1\DR1: 14:02:08.0919 0x1548 MBR partitions: 14:02:08.0919 0x1548 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800 14:02:08.0919 0x1548 ============================================================ 14:02:08.0941 0x1548 E: <-> \Device\Harddisk1\DR1\Partition1 14:02:08.0941 0x1548 ============================================================ 14:02:08.0941 0x1548 Initialize success 14:02:08.0941 0x1548 ============================================================ 14:02:24.0977 0x06f4 ============================================================ 14:02:24.0977 0x06f4 Scan started 14:02:24.0977 0x06f4 Mode: Manual; 14:02:24.0977 0x06f4 ============================================================ 14:02:24.0977 0x06f4 KSN ping started 14:02:27.0627 0x06f4 KSN ping finished: true 14:02:27.0823 0x06f4 ================ Scan system memory ======================== 14:02:27.0823 0x06f4 System memory - ok 14:02:27.0823 0x06f4 ================ Scan services ============================= 14:02:27.0835 0x06f4 1394ohci - ok 14:02:27.0840 0x06f4 ACPI - ok 14:02:27.0844 0x06f4 AcpiPmi - ok 14:02:27.0847 0x06f4 AdobeARMservice - ok 14:02:27.0851 0x06f4 AdobeFlashPlayerUpdateSvc - ok 14:02:27.0854 0x06f4 adp94xx - ok 14:02:27.0857 0x06f4 adpahci - ok 14:02:27.0859 0x06f4 adpu320 - ok 14:02:27.0863 0x06f4 AeLookupSvc - ok 14:02:27.0866 0x06f4 AFD - ok 14:02:27.0869 0x06f4 agp440 - ok 14:02:27.0872 0x06f4 ALG - ok 14:02:27.0874 0x06f4 aliide - ok 14:02:27.0877 0x06f4 AMD External Events Utility - ok 14:02:27.0879 0x06f4 amdide - ok 14:02:27.0881 0x06f4 AmdK8 - ok 14:02:27.0882 0x06f4 amdkmdag - ok 14:02:27.0884 0x06f4 amdkmdap - ok 14:02:27.0886 0x06f4 AmdPPM - ok 14:02:27.0889 0x06f4 amdsata - ok 14:02:27.0891 0x06f4 amdsbs - ok 14:02:27.0893 0x06f4 amdxata - ok 14:02:27.0895 0x06f4 AppID - ok 14:02:27.0896 0x06f4 AppIDSvc - ok 14:02:27.0898 0x06f4 Appinfo - ok 14:02:27.0900 0x06f4 arc - ok 14:02:27.0902 0x06f4 arcsas - ok 14:02:27.0904 0x06f4 asahci64 - ok 14:02:27.0907 0x06f4 aspnet_state - ok 14:02:27.0910 0x06f4 AsrAppCharger - ok 14:02:27.0912 0x06f4 AsyncMac - ok 14:02:27.0913 0x06f4 atapi - ok 14:02:27.0916 0x06f4 AtiHDAudioService - ok 14:02:27.0918 0x06f4 AudioEndpointBuilder - ok 14:02:27.0920 0x06f4 AudioSrv - ok 14:02:27.0921 0x06f4 AVP - ok 14:02:27.0924 0x06f4 AxInstSV - ok 14:02:27.0926 0x06f4 b06bdrv - ok 14:02:27.0928 0x06f4 b57nd60a - ok 14:02:27.0930 0x06f4 BDESVC - ok 14:02:27.0932 0x06f4 Beep - ok 14:02:27.0935 0x06f4 BFE - ok 14:02:27.0937 0x06f4 BITS - ok 14:02:27.0938 0x06f4 blbdrive - ok 14:02:27.0940 0x06f4 bowser - ok 14:02:27.0942 0x06f4 BrFiltLo - ok 14:02:27.0943 0x06f4 BrFiltUp - ok 14:02:27.0945 0x06f4 Browser - ok 14:02:27.0947 0x06f4 Brserid - ok 14:02:27.0949 0x06f4 BrSerWdm - ok 14:02:27.0950 0x06f4 BrUsbMdm - ok 14:02:27.0952 0x06f4 BrUsbSer - ok 14:02:27.0954 0x06f4 BTHMODEM - ok 14:02:27.0956 0x06f4 bthserv - ok 14:02:27.0958 0x06f4 cdfs - ok 14:02:27.0960 0x06f4 cdrom - ok 14:02:27.0962 0x06f4 CertPropSvc - ok 14:02:27.0963 0x06f4 circlass - ok 14:02:27.0965 0x06f4 CLFS - ok 14:02:27.0967 0x06f4 clr_optimization_v2.0.50727_32 - ok 14:02:27.0969 0x06f4 clr_optimization_v2.0.50727_64 - ok 14:02:27.0971 0x06f4 clr_optimization_v4.0.30319_32 - ok 14:02:27.0973 0x06f4 clr_optimization_v4.0.30319_64 - ok 14:02:27.0975 0x06f4 CmBatt - ok 14:02:27.0976 0x06f4 cmdide - ok 14:02:27.0978 0x06f4 CNG - ok 14:02:27.0979 0x06f4 Compbatt - ok 14:02:27.0981 0x06f4 CompositeBus - ok 14:02:27.0983 0x06f4 COMSysApp - ok 14:02:27.0985 0x06f4 crcdisk - ok 14:02:27.0994 0x06f4 CryptSvc - ok 14:02:28.0002 0x06f4 DcomLaunch - ok 14:02:28.0013 0x06f4 defragsvc - ok 14:02:28.0015 0x06f4 DfsC - ok 14:02:28.0017 0x06f4 Dhcp - ok 14:02:28.0019 0x06f4 discache - ok 14:02:28.0020 0x06f4 Disk - ok 14:02:28.0022 0x06f4 Dnscache - ok 14:02:28.0024 0x06f4 dot3svc - ok 14:02:28.0026 0x06f4 DPS - ok 14:02:28.0027 0x06f4 drmkaud - ok 14:02:28.0029 0x06f4 DXGKrnl - ok 14:02:28.0031 0x06f4 EapHost - ok 14:02:28.0033 0x06f4 ebdrv - ok 14:02:28.0034 0x06f4 EFS - ok 14:02:28.0036 0x06f4 ehRecvr - ok 14:02:28.0038 0x06f4 ehSched - ok 14:02:28.0039 0x06f4 elxstor - ok 14:02:28.0041 0x06f4 ErrDev - ok 14:02:28.0045 0x06f4 EventSystem - ok 14:02:28.0047 0x06f4 exfat - ok 14:02:28.0048 0x06f4 fastfat - ok 14:02:28.0050 0x06f4 Fax - ok 14:02:28.0052 0x06f4 fdc - ok 14:02:28.0053 0x06f4 fdPHost - ok 14:02:28.0055 0x06f4 FDResPub - ok 14:02:28.0057 0x06f4 FileInfo - ok 14:02:28.0058 0x06f4 Filetrace - ok 14:02:28.0060 0x06f4 flpydisk - ok 14:02:28.0062 0x06f4 FltMgr - ok 14:02:28.0064 0x06f4 FontCache - ok 14:02:28.0065 0x06f4 FontCache3.0.0.0 - ok 14:02:28.0067 0x06f4 FsDepends - ok 14:02:28.0069 0x06f4 Fs_Rec - ok 14:02:28.0071 0x06f4 fvevol - ok 14:02:28.0073 0x06f4 gagp30kx - ok 14:02:28.0075 0x06f4 gpsvc - ok 14:02:28.0078 0x06f4 gupdate - ok 14:02:28.0080 0x06f4 gupdatem - ok 14:02:28.0082 0x06f4 hcw85cir - ok 14:02:28.0084 0x06f4 HdAudAddService - ok 14:02:28.0086 0x06f4 HDAudBus - ok 14:02:28.0087 0x06f4 HidBatt - ok 14:02:28.0089 0x06f4 HidBth - ok 14:02:28.0091 0x06f4 HidIr - ok 14:02:28.0093 0x06f4 hidserv - ok 14:02:28.0094 0x06f4 HidUsb - ok 14:02:28.0096 0x06f4 hkmsvc - ok 14:02:28.0098 0x06f4 HomeGroupListener - ok 14:02:28.0100 0x06f4 HomeGroupProvider - ok 14:02:28.0101 0x06f4 HpSAMD - ok 14:02:28.0103 0x06f4 HTTP - ok 14:02:28.0105 0x06f4 hwpolicy - ok 14:02:28.0107 0x06f4 i8042prt - ok 14:02:28.0108 0x06f4 iaStorA - ok 14:02:28.0111 0x06f4 IAStorDataMgrSvc - ok 14:02:28.0113 0x06f4 iaStorF - ok 14:02:28.0115 0x06f4 iaStorV - ok 14:02:28.0116 0x06f4 idsvc - ok 14:02:28.0120 0x06f4 IEEtwCollectorService - ok 14:02:28.0122 0x06f4 iirsp - ok 14:02:28.0124 0x06f4 ikbevent - ok 14:02:28.0125 0x06f4 IKEEXT - ok 14:02:28.0127 0x06f4 imsevent - ok 14:02:28.0129 0x06f4 IntcAzAudAddService - ok 14:02:28.0132 0x06f4 Intel(R) Capability Licensing Service Interface - ok 14:02:28.0134 0x06f4 Intel(R) ME Service - ok 14:02:28.0136 0x06f4 intelide - ok 14:02:28.0137 0x06f4 intelppm - ok 14:02:28.0139 0x06f4 IPBusEnum - ok 14:02:28.0141 0x06f4 IpFilterDriver - ok 14:02:28.0143 0x06f4 iphlpsvc - ok 14:02:28.0144 0x06f4 IPMIDRV - ok 14:02:28.0146 0x06f4 IPNAT - ok 14:02:28.0148 0x06f4 IRENUM - ok 14:02:28.0150 0x06f4 isapnp - ok 14:02:28.0152 0x06f4 iScsiPrt - ok 14:02:28.0153 0x06f4 ISCT - ok 14:02:28.0155 0x06f4 ISCTAgent - ok 14:02:28.0157 0x06f4 iusb3hcs - ok 14:02:28.0159 0x06f4 iusb3hub - ok 14:02:28.0161 0x06f4 iusb3xhc - ok 14:02:28.0163 0x06f4 jhi_service - ok 14:02:28.0165 0x06f4 kbdclass - ok 14:02:28.0166 0x06f4 kbdhid - ok 14:02:28.0168 0x06f4 KeyIso - ok 14:02:28.0170 0x06f4 kl1 - ok 14:02:28.0174 0x06f4 KLIF - ok 14:02:28.0181 0x06f4 KLIM6 - ok 14:02:28.0183 0x06f4 klkbdflt - ok 14:02:28.0185 0x06f4 klmouflt - ok 14:02:28.0186 0x06f4 kltdi - ok 14:02:28.0188 0x06f4 kneps - ok 14:02:28.0190 0x06f4 KSecDD - ok 14:02:28.0192 0x06f4 KSecPkg - ok 14:02:28.0193 0x06f4 ksthunk - ok 14:02:28.0195 0x06f4 KtmRm - ok 14:02:28.0197 0x06f4 LanmanServer - ok 14:02:28.0199 0x06f4 LanmanWorkstation - ok 14:02:28.0201 0x06f4 lltdio - ok 14:02:28.0203 0x06f4 lltdsvc - ok 14:02:28.0205 0x06f4 lmhosts - ok 14:02:28.0206 0x06f4 LMS - ok 14:02:28.0209 0x06f4 LSI_FC - ok 14:02:28.0211 0x06f4 LSI_SAS - ok 14:02:28.0213 0x06f4 LSI_SAS2 - ok 14:02:28.0215 0x06f4 LSI_SCSI - ok 14:02:28.0217 0x06f4 luafv - ok 14:02:28.0220 0x06f4 mbamchameleon - ok 14:02:28.0222 0x06f4 MBAMProtector - ok 14:02:28.0225 0x06f4 MBAMScheduler - ok 14:02:28.0226 0x06f4 MBAMService - ok 14:02:28.0229 0x06f4 MBAMSwissArmy - ok 14:02:28.0231 0x06f4 MBfilt - ok 14:02:28.0233 0x06f4 Mcx2Svc - ok 14:02:28.0234 0x06f4 megasas - ok 14:02:28.0236 0x06f4 MegaSR - ok 14:02:28.0238 0x06f4 MEIx64 - ok 14:02:28.0239 0x06f4 MMCSS - ok 14:02:28.0241 0x06f4 Modem - ok 14:02:28.0243 0x06f4 monitor - ok 14:02:28.0245 0x06f4 mouclass - ok 14:02:28.0247 0x06f4 mouhid - ok 14:02:28.0249 0x06f4 mountmgr - ok 14:02:28.0250 0x06f4 MozillaMaintenance - ok 14:02:28.0252 0x06f4 mpio - ok 14:02:28.0254 0x06f4 mpsdrv - ok 14:02:28.0256 0x06f4 MpsSvc - ok 14:02:28.0257 0x06f4 MRxDAV - ok 14:02:28.0259 0x06f4 mrxsmb - ok 14:02:28.0261 0x06f4 mrxsmb10 - ok 14:02:28.0262 0x06f4 mrxsmb20 - ok 14:02:28.0264 0x06f4 msahci - ok 14:02:28.0266 0x06f4 msdsm - ok 14:02:28.0268 0x06f4 MSDTC - ok 14:02:28.0271 0x06f4 Msfs - ok 14:02:28.0273 0x06f4 mshidkmdf - ok 14:02:28.0275 0x06f4 msisadrv - ok 14:02:28.0277 0x06f4 MSiSCSI - ok 14:02:28.0279 0x06f4 msiserver - ok 14:02:28.0281 0x06f4 MSKSSRV - ok 14:02:28.0283 0x06f4 MSPCLOCK - ok 14:02:28.0285 0x06f4 MSPQM - ok 14:02:28.0286 0x06f4 MsRPC - ok 14:02:28.0289 0x06f4 mssmbios - ok 14:02:28.0291 0x06f4 MSTEE - ok 14:02:28.0294 0x06f4 MTConfig - ok 14:02:28.0296 0x06f4 Mup - ok 14:02:28.0298 0x06f4 napagent - ok 14:02:28.0300 0x06f4 NativeWifiP - ok 14:02:28.0302 0x06f4 NDIS - ok 14:02:28.0304 0x06f4 NdisCap - ok 14:02:28.0306 0x06f4 NdisTapi - ok 14:02:28.0308 0x06f4 Ndisuio - ok 14:02:28.0310 0x06f4 NdisWan - ok 14:02:28.0312 0x06f4 NDProxy - ok 14:02:28.0314 0x06f4 NetBIOS - ok 14:02:28.0315 0x06f4 NetBT - ok 14:02:28.0317 0x06f4 Netlogon - ok 14:02:28.0319 0x06f4 Netman - ok 14:02:28.0320 0x06f4 NetMsmqActivator - ok 14:02:28.0322 0x06f4 NetPipeActivator - ok 14:02:28.0324 0x06f4 netprofm - ok 14:02:28.0326 0x06f4 NetTcpActivator - ok 14:02:28.0328 0x06f4 NetTcpPortSharing - ok 14:02:28.0330 0x06f4 nfrd960 - ok 14:02:28.0331 0x06f4 NlaSvc - ok 14:02:28.0333 0x06f4 Npfs - ok 14:02:28.0335 0x06f4 nsi - ok 14:02:28.0336 0x06f4 nsiproxy - ok 14:02:28.0339 0x06f4 Ntfs - ok 14:02:28.0341 0x06f4 Null - ok 14:02:28.0343 0x06f4 nvraid - ok 14:02:28.0345 0x06f4 nvstor - ok 14:02:28.0347 0x06f4 nv_agp - ok 14:02:28.0348 0x06f4 ohci1394 - ok 14:02:28.0433 0x06f4 [ 6F722C84CCCEF77A871D0F7E50AB25EB, F81F33DC8C20A6C331B1F7006B124F2FB9B7297E0C37CB7272A4074C2D19856C ] OpenVPNService E:\Programme\HMA! Pro VPN\bin\openvpnserv.exe 14:02:28.0435 0x06f4 OpenVPNService - ok 14:02:28.0451 0x06f4 p2pimsvc - ok 14:02:28.0454 0x06f4 p2psvc - ok 14:02:28.0457 0x06f4 Parport - ok 14:02:28.0460 0x06f4 partmgr - ok 14:02:28.0463 0x06f4 PcaSvc - ok 14:02:28.0466 0x06f4 pci - ok 14:02:28.0468 0x06f4 pciide - ok 14:02:28.0471 0x06f4 pcmcia - ok 14:02:28.0474 0x06f4 pcw - ok 14:02:28.0476 0x06f4 PEAUTH - ok 14:02:28.0478 0x06f4 PerfHost - ok 14:02:28.0482 0x06f4 pla - ok 14:02:28.0485 0x06f4 PlugPlay - ok 14:02:28.0488 0x06f4 PnkBstrA - ok 14:02:28.0490 0x06f4 PNRPAutoReg - ok 14:02:28.0491 0x06f4 PNRPsvc - ok 14:02:28.0493 0x06f4 PolicyAgent - ok 14:02:28.0496 0x06f4 postgresql-8.4 - ok 14:02:28.0498 0x06f4 Power - ok 14:02:28.0500 0x06f4 PptpMiniport - ok 14:02:28.0501 0x06f4 Processor - ok 14:02:28.0503 0x06f4 ProfSvc - ok 14:02:28.0505 0x06f4 ProtectedStorage - ok 14:02:28.0507 0x06f4 Psched - ok 14:02:28.0509 0x06f4 ql2300 - ok 14:02:28.0511 0x06f4 ql40xx - ok 14:02:28.0512 0x06f4 QWAVE - ok 14:02:28.0514 0x06f4 QWAVEdrv - ok 14:02:28.0515 0x06f4 RasAcd - ok 14:02:28.0517 0x06f4 RasAgileVpn - ok 14:02:28.0519 0x06f4 RasAuto - ok 14:02:28.0521 0x06f4 Rasl2tp - ok 14:02:28.0523 0x06f4 Scan was interrupted by user! 14:02:28.0523 0x06f4 Waiting for KSN requests completion. In queue: 1 14:02:29.0523 0x06f4 Waiting for KSN requests completion. In queue: 1 14:02:30.0523 0x06f4 Waiting for KSN requests completion. In queue: 1 14:02:31.0555 0x06f4 AV detected via SS2: Kaspersky Internet Security, C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\wmiav.exe ( 13.0.1.4190 ), 0x41000 ( enabled : updated ) 14:02:31.0557 0x06f4 FW detected via SS2: Kaspersky Internet Security, C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\wmifw.exe ( 13.0.1.4190 ), 0x41010 ( enabled ) 14:02:34.0234 0x06f4 ============================================================ 14:02:34.0234 0x06f4 Scan finished 14:02:34.0234 0x06f4 ============================================================ 14:02:34.0238 0x0c88 Detected object count: 0 14:02:34.0238 0x0c88 Actual detected object count: 0 14:02:54.0664 0x16f4 ============================================================ 14:02:54.0664 0x16f4 Scan started 14:02:54.0664 0x16f4 Mode: Manual; SigCheck; TDLFS; 14:02:54.0664 0x16f4 ============================================================ 14:02:54.0664 0x16f4 KSN ping started 14:02:57.0323 0x16f4 KSN ping finished: true 14:02:57.0411 0x16f4 ================ Scan system memory ======================== 14:02:57.0411 0x16f4 System memory - ok 14:02:57.0411 0x16f4 ================ Scan services ============================= 14:02:57.0424 0x16f4 1394ohci - ok 14:02:57.0428 0x16f4 ACPI - ok 14:02:57.0432 0x16f4 AcpiPmi - ok 14:02:57.0436 0x16f4 AdobeARMservice - ok 14:02:57.0440 0x16f4 AdobeFlashPlayerUpdateSvc - ok 14:02:57.0444 0x16f4 adp94xx - ok 14:02:57.0447 0x16f4 adpahci - ok 14:02:57.0451 0x16f4 adpu320 - ok 14:02:57.0454 0x16f4 AeLookupSvc - ok 14:02:57.0456 0x16f4 AFD - ok 14:02:57.0457 0x16f4 agp440 - ok 14:02:57.0459 0x16f4 ALG - ok 14:02:57.0461 0x16f4 aliide - ok 14:02:57.0462 0x16f4 AMD External Events Utility - ok 14:02:57.0464 0x16f4 amdide - ok 14:02:57.0466 0x16f4 AmdK8 - ok 14:02:57.0468 0x16f4 amdkmdag - ok 14:02:57.0469 0x16f4 amdkmdap - ok 14:02:57.0471 0x16f4 AmdPPM - ok 14:02:57.0473 0x16f4 amdsata - ok 14:02:57.0475 0x16f4 amdsbs - ok 14:02:57.0476 0x16f4 amdxata - ok 14:02:57.0478 0x16f4 AppID - ok 14:02:57.0480 0x16f4 AppIDSvc - ok 14:02:57.0481 0x16f4 Appinfo - ok 14:02:57.0483 0x16f4 arc - ok 14:02:57.0485 0x16f4 arcsas - ok 14:02:57.0487 0x16f4 asahci64 - ok 14:02:57.0490 0x16f4 aspnet_state - ok 14:02:57.0492 0x16f4 AsrAppCharger - ok 14:02:57.0494 0x16f4 AsyncMac - ok 14:02:57.0496 0x16f4 atapi - ok 14:02:57.0499 0x16f4 AtiHDAudioService - ok 14:02:57.0500 0x16f4 AudioEndpointBuilder - ok 14:02:57.0502 0x16f4 AudioSrv - ok 14:02:57.0503 0x16f4 AVP - ok 14:02:57.0505 0x16f4 AxInstSV - ok 14:02:57.0507 0x16f4 b06bdrv - ok 14:02:57.0509 0x16f4 b57nd60a - ok 14:02:57.0511 0x16f4 BDESVC - ok 14:02:57.0513 0x16f4 Beep - ok 14:02:57.0515 0x16f4 BFE - ok 14:02:57.0517 0x16f4 BITS - ok 14:02:57.0518 0x16f4 blbdrive - ok 14:02:57.0520 0x16f4 bowser - ok 14:02:57.0522 0x16f4 BrFiltLo - ok 14:02:57.0524 0x16f4 BrFiltUp - ok 14:02:57.0525 0x16f4 Browser - ok 14:02:57.0527 0x16f4 Brserid - ok 14:02:57.0529 0x16f4 BrSerWdm - ok 14:02:57.0531 0x16f4 BrUsbMdm - ok 14:02:57.0533 0x16f4 BrUsbSer - ok 14:02:57.0535 0x16f4 BTHMODEM - ok 14:02:57.0537 0x16f4 bthserv - ok 14:02:57.0539 0x16f4 cdfs - ok 14:02:57.0541 0x16f4 cdrom - ok 14:02:57.0543 0x16f4 CertPropSvc - ok 14:02:57.0545 0x16f4 circlass - ok 14:02:57.0547 0x16f4 CLFS - ok 14:02:57.0548 0x16f4 clr_optimization_v2.0.50727_32 - ok 14:02:57.0550 0x16f4 clr_optimization_v2.0.50727_64 - ok 14:02:57.0552 0x16f4 clr_optimization_v4.0.30319_32 - ok 14:02:57.0554 0x16f4 clr_optimization_v4.0.30319_64 - ok 14:02:57.0556 0x16f4 CmBatt - ok 14:02:57.0558 0x16f4 cmdide - ok 14:02:57.0560 0x16f4 CNG - ok 14:02:57.0561 0x16f4 Compbatt - ok 14:02:57.0563 0x16f4 CompositeBus - ok 14:02:57.0565 0x16f4 COMSysApp - ok 14:02:57.0567 0x16f4 crcdisk - ok 14:02:57.0569 0x16f4 CryptSvc - ok 14:02:57.0572 0x16f4 DcomLaunch - ok 14:02:57.0574 0x16f4 defragsvc - ok 14:02:57.0575 0x16f4 DfsC - ok 14:02:57.0577 0x16f4 Dhcp - ok 14:02:57.0579 0x16f4 discache - ok 14:02:57.0581 0x16f4 Disk - ok 14:02:57.0582 0x16f4 Dnscache - ok 14:02:57.0584 0x16f4 dot3svc - ok 14:02:57.0586 0x16f4 DPS - ok 14:02:57.0587 0x16f4 drmkaud - ok 14:02:57.0589 0x16f4 DXGKrnl - ok 14:02:57.0591 0x16f4 EapHost - ok 14:02:57.0593 0x16f4 ebdrv - ok 14:02:57.0594 0x16f4 EFS - ok 14:02:57.0596 0x16f4 ehRecvr - ok 14:02:57.0598 0x16f4 ehSched - ok 14:02:57.0599 0x16f4 elxstor - ok 14:02:57.0601 0x16f4 ErrDev - ok 14:02:57.0604 0x16f4 EventSystem - ok 14:02:57.0606 0x16f4 exfat - ok 14:02:57.0608 0x16f4 fastfat - ok 14:02:57.0610 0x16f4 Fax - ok 14:02:57.0611 0x16f4 fdc - ok 14:02:57.0613 0x16f4 fdPHost - ok 14:02:57.0615 0x16f4 FDResPub - ok 14:02:57.0616 0x16f4 FileInfo - ok 14:02:57.0618 0x16f4 Filetrace - ok 14:02:57.0620 0x16f4 flpydisk - ok 14:02:57.0622 0x16f4 FltMgr - ok 14:02:57.0624 0x16f4 FontCache - ok 14:02:57.0625 0x16f4 FontCache3.0.0.0 - ok 14:02:57.0627 0x16f4 FsDepends - ok 14:02:57.0629 0x16f4 Fs_Rec - ok 14:02:57.0631 0x16f4 fvevol - ok 14:02:57.0633 0x16f4 gagp30kx - ok 14:02:57.0634 0x16f4 gpsvc - ok 14:02:57.0636 0x16f4 gupdate - ok 14:02:57.0638 0x16f4 gupdatem - ok 14:02:57.0640 0x16f4 hcw85cir - ok 14:02:57.0642 0x16f4 HdAudAddService - ok 14:02:57.0644 0x16f4 HDAudBus - ok 14:02:57.0646 0x16f4 HidBatt - ok 14:02:57.0648 0x16f4 HidBth - ok 14:02:57.0649 0x16f4 HidIr - ok 14:02:57.0651 0x16f4 hidserv - ok 14:02:57.0653 0x16f4 HidUsb - ok 14:02:57.0655 0x16f4 hkmsvc - ok 14:02:57.0656 0x16f4 HomeGroupListener - ok 14:02:57.0658 0x16f4 HomeGroupProvider - ok 14:02:57.0660 0x16f4 HpSAMD - ok 14:02:57.0662 0x16f4 HTTP - ok 14:02:57.0663 0x16f4 hwpolicy - ok 14:02:57.0665 0x16f4 i8042prt - ok 14:02:57.0667 0x16f4 iaStorA - ok 14:02:57.0669 0x16f4 IAStorDataMgrSvc - ok 14:02:57.0671 0x16f4 iaStorF - ok 14:02:57.0672 0x16f4 iaStorV - ok 14:02:57.0674 0x16f4 idsvc - ok 14:02:57.0676 0x16f4 IEEtwCollectorService - ok 14:02:57.0678 0x16f4 iirsp - ok 14:02:57.0680 0x16f4 ikbevent - ok 14:02:57.0681 0x16f4 IKEEXT - ok 14:02:57.0683 0x16f4 imsevent - ok 14:02:57.0686 0x16f4 IntcAzAudAddService - ok 14:02:57.0688 0x16f4 Intel(R) Capability Licensing Service Interface - ok 14:02:57.0690 0x16f4 Intel(R) ME Service - ok 14:02:57.0692 0x16f4 intelide - ok 14:02:57.0693 0x16f4 intelppm - ok 14:02:57.0695 0x16f4 IPBusEnum - ok 14:02:57.0697 0x16f4 IpFilterDriver - ok 14:02:57.0699 0x16f4 iphlpsvc - ok 14:02:57.0700 0x16f4 IPMIDRV - ok 14:02:57.0702 0x16f4 IPNAT - ok 14:02:57.0704 0x16f4 IRENUM - ok 14:02:57.0706 0x16f4 isapnp - ok 14:02:57.0707 0x16f4 iScsiPrt - ok 14:02:57.0709 0x16f4 ISCT - ok 14:02:57.0711 0x16f4 ISCTAgent - ok 14:02:57.0713 0x16f4 iusb3hcs - ok 14:02:57.0715 0x16f4 iusb3hub - ok 14:02:57.0717 0x16f4 iusb3xhc - ok 14:02:57.0718 0x16f4 jhi_service - ok 14:02:57.0720 0x16f4 kbdclass - ok 14:02:57.0722 0x16f4 kbdhid - ok 14:02:57.0724 0x16f4 KeyIso - ok 14:02:57.0725 0x16f4 kl1 - ok 14:02:57.0728 0x16f4 KLIF - ok 14:02:57.0730 0x16f4 KLIM6 - ok 14:02:57.0732 0x16f4 klkbdflt - ok 14:02:57.0733 0x16f4 klmouflt - ok 14:02:57.0735 0x16f4 kltdi - ok 14:02:57.0737 0x16f4 kneps - ok 14:02:57.0739 0x16f4 KSecDD - ok 14:02:57.0740 0x16f4 KSecPkg - ok 14:02:57.0742 0x16f4 ksthunk - ok 14:02:57.0744 0x16f4 KtmRm - ok 14:02:57.0746 0x16f4 LanmanServer - ok 14:02:57.0748 0x16f4 LanmanWorkstation - ok 14:02:57.0750 0x16f4 lltdio - ok 14:02:57.0752 0x16f4 lltdsvc - ok 14:02:57.0754 0x16f4 lmhosts - ok 14:02:57.0756 0x16f4 LMS - ok 14:02:57.0758 0x16f4 LSI_FC - ok 14:02:57.0761 0x16f4 LSI_SAS - ok 14:02:57.0763 0x16f4 LSI_SAS2 - ok 14:02:57.0766 0x16f4 LSI_SCSI - ok 14:02:57.0768 0x16f4 luafv - ok 14:02:57.0770 0x16f4 mbamchameleon - ok 14:02:57.0772 0x16f4 MBAMProtector - ok 14:02:57.0774 0x16f4 MBAMScheduler - ok 14:02:57.0776 0x16f4 MBAMService - ok 14:02:57.0778 0x16f4 MBAMSwissArmy - ok 14:02:57.0779 0x16f4 MBfilt - ok 14:02:57.0781 0x16f4 Mcx2Svc - ok 14:02:57.0783 0x16f4 megasas - ok 14:02:57.0785 0x16f4 MegaSR - ok 14:02:57.0787 0x16f4 MEIx64 - ok 14:02:57.0788 0x16f4 MMCSS - ok 14:02:57.0790 0x16f4 Modem - ok 14:02:57.0792 0x16f4 monitor - ok 14:02:57.0794 0x16f4 mouclass - ok 14:02:57.0795 0x16f4 mouhid - ok 14:02:57.0797 0x16f4 mountmgr - ok 14:02:57.0799 0x16f4 MozillaMaintenance - ok 14:02:57.0801 0x16f4 mpio - ok 14:02:57.0803 0x16f4 mpsdrv - ok 14:02:57.0805 0x16f4 MpsSvc - ok 14:02:57.0807 0x16f4 MRxDAV - ok 14:02:57.0810 0x16f4 mrxsmb - ok 14:02:57.0812 0x16f4 mrxsmb10 - ok 14:02:57.0814 0x16f4 mrxsmb20 - ok 14:02:57.0816 0x16f4 msahci - ok 14:02:57.0817 0x16f4 msdsm - ok 14:02:57.0819 0x16f4 MSDTC - ok 14:02:57.0823 0x16f4 Msfs - ok 14:02:57.0824 0x16f4 mshidkmdf - ok 14:02:57.0826 0x16f4 msisadrv - ok 14:02:57.0828 0x16f4 MSiSCSI - ok 14:02:57.0830 0x16f4 msiserver - ok 14:02:57.0831 0x16f4 MSKSSRV - ok 14:02:57.0833 0x16f4 MSPCLOCK - ok 14:02:57.0835 0x16f4 MSPQM - ok 14:02:57.0837 0x16f4 MsRPC - ok 14:02:57.0839 0x16f4 mssmbios - ok 14:02:57.0841 0x16f4 MSTEE - ok 14:02:57.0843 0x16f4 MTConfig - ok 14:02:57.0845 0x16f4 Mup - ok 14:02:57.0847 0x16f4 napagent - ok 14:02:57.0848 0x16f4 NativeWifiP - ok 14:02:57.0850 0x16f4 NDIS - ok 14:02:57.0852 0x16f4 NdisCap - ok 14:02:57.0853 0x16f4 NdisTapi - ok 14:02:57.0855 0x16f4 Ndisuio - ok 14:02:57.0857 0x16f4 NdisWan - ok 14:02:57.0859 0x16f4 NDProxy - ok 14:02:57.0861 0x16f4 NetBIOS - ok 14:02:57.0862 0x16f4 NetBT - ok 14:02:57.0864 0x16f4 Netlogon - ok 14:02:57.0866 0x16f4 Netman - ok 14:02:57.0868 0x16f4 NetMsmqActivator - ok 14:02:57.0869 0x16f4 NetPipeActivator - ok 14:02:57.0871 0x16f4 netprofm - ok 14:02:57.0873 0x16f4 NetTcpActivator - ok 14:02:57.0875 0x16f4 NetTcpPortSharing - ok 14:02:57.0876 0x16f4 nfrd960 - ok 14:02:57.0878 0x16f4 NlaSvc - ok 14:02:57.0880 0x16f4 Npfs - ok 14:02:57.0882 0x16f4 nsi - ok 14:02:57.0883 0x16f4 nsiproxy - ok 14:02:57.0886 0x16f4 Ntfs - ok 14:02:57.0887 0x16f4 Null - ok 14:02:57.0889 0x16f4 nvraid - ok 14:02:57.0891 0x16f4 nvstor - ok 14:02:57.0893 0x16f4 nv_agp - ok 14:02:57.0894 0x16f4 ohci1394 - ok 14:02:57.0908 0x16f4 [ 6F722C84CCCEF77A871D0F7E50AB25EB, F81F33DC8C20A6C331B1F7006B124F2FB9B7297E0C37CB7272A4074C2D19856C ] OpenVPNService E:\Programme\HMA! Pro VPN\bin\openvpnserv.exe 14:02:57.0933 0x16f4 OpenVPNService - ok 14:02:57.0934 0x16f4 p2pimsvc - ok 14:02:57.0936 0x16f4 p2psvc - ok 14:02:57.0937 0x16f4 Parport - ok 14:02:57.0939 0x16f4 partmgr - ok 14:02:57.0941 0x16f4 PcaSvc - ok 14:02:57.0943 0x16f4 pci - ok 14:02:57.0945 0x16f4 pciide - ok 14:02:57.0946 0x16f4 pcmcia - ok 14:02:57.0948 0x16f4 pcw - ok 14:02:57.0950 0x16f4 PEAUTH - ok 14:02:57.0952 0x16f4 PerfHost - ok 14:02:57.0957 0x16f4 pla - ok 14:02:57.0958 0x16f4 PlugPlay - ok 14:02:57.0960 0x16f4 PnkBstrA - ok 14:02:57.0962 0x16f4 PNRPAutoReg - ok 14:02:57.0964 0x16f4 PNRPsvc - ok 14:02:57.0965 0x16f4 PolicyAgent - ok 14:02:57.0968 0x16f4 postgresql-8.4 - ok 14:02:57.0970 0x16f4 Power - ok 14:02:57.0972 0x16f4 PptpMiniport - ok 14:02:57.0974 0x16f4 Processor - ok 14:02:57.0975 0x16f4 ProfSvc - ok 14:02:57.0977 0x16f4 ProtectedStorage - ok 14:02:57.0979 0x16f4 Psched - ok 14:02:57.0981 0x16f4 ql2300 - ok 14:02:57.0982 0x16f4 ql40xx - ok 14:02:57.0984 0x16f4 QWAVE - ok 14:02:57.0986 0x16f4 QWAVEdrv - ok 14:02:57.0988 0x16f4 RasAcd - ok 14:02:57.0990 0x16f4 RasAgileVpn - ok 14:02:57.0991 0x16f4 RasAuto - ok 14:02:57.0993 0x16f4 Rasl2tp - ok 14:02:57.0995 0x16f4 RasMan - ok 14:02:57.0997 0x16f4 RasPppoe - ok 14:02:58.0006 0x16f4 RasSstp - ok 14:02:58.0008 0x16f4 rdbss - ok 14:02:58.0010 0x16f4 rdpbus - ok 14:02:58.0012 0x16f4 RDPCDD - ok 14:02:58.0015 0x16f4 RDPENCDD - ok 14:02:58.0017 0x16f4 RDPREFMP - ok 14:02:58.0019 0x16f4 RDPWD - ok 14:02:58.0021 0x16f4 rdyboost - ok 14:02:58.0023 0x16f4 RemoteAccess - ok 14:02:58.0025 0x16f4 RemoteRegistry - ok 14:02:58.0027 0x16f4 RpcEptMapper - ok 14:02:58.0028 0x16f4 RpcLocator - ok 14:02:58.0030 0x16f4 RpcSs - ok 14:02:58.0032 0x16f4 rspndr - ok 14:02:58.0034 0x16f4 RTL8167 - ok 14:02:58.0036 0x16f4 SamSs - ok 14:02:58.0037 0x16f4 SbieDrv - ok 14:02:58.0039 0x16f4 SbieSvc - ok 14:02:58.0041 0x16f4 sbp2port - ok 14:02:58.0043 0x16f4 SCardSvr - ok 14:02:58.0045 0x16f4 scfilter - ok 14:02:58.0046 0x16f4 Schedule - ok 14:02:58.0048 0x16f4 SCPolicySvc - ok 14:02:58.0050 0x16f4 SDRSVC - ok 14:02:58.0053 0x16f4 SDScannerService - ok 14:02:58.0056 0x16f4 SDUpdateService - ok 14:02:58.0059 0x16f4 SDWSCService - ok 14:02:58.0061 0x16f4 secdrv - ok 14:02:58.0063 0x16f4 seclogon - ok 14:02:58.0065 0x16f4 SENS - ok 14:02:58.0066 0x16f4 SensrSvc - ok 14:02:58.0068 0x16f4 Serenum - ok 14:02:58.0071 0x16f4 Serial - ok 14:02:58.0073 0x16f4 sermouse - ok 14:02:58.0078 0x16f4 SessionEnv - ok 14:02:58.0080 0x16f4 sffdisk - ok 14:02:58.0081 0x16f4 sffp_mmc - ok 14:02:58.0083 0x16f4 sffp_sd - ok 14:02:58.0085 0x16f4 sfloppy - ok 14:02:58.0087 0x16f4 SharedAccess - ok 14:02:58.0089 0x16f4 ShellHWDetection - ok 14:02:58.0091 0x16f4 SiSRaid2 - ok 14:02:58.0092 0x16f4 SiSRaid4 - ok 14:02:58.0094 0x16f4 SkypeUpdate - ok 14:02:58.0096 0x16f4 Smb - ok 14:02:58.0100 0x16f4 SNMPTRAP - ok 14:02:58.0102 0x16f4 speedfan - ok 14:02:58.0103 0x16f4 spldr - ok 14:02:58.0105 0x16f4 Spooler - ok 14:02:58.0107 0x16f4 sppsvc - ok 14:02:58.0109 0x16f4 sppuinotify - ok 14:02:58.0110 0x16f4 srv - ok 14:02:58.0112 0x16f4 srv2 - ok 14:02:58.0114 0x16f4 srvnet - ok 14:02:58.0116 0x16f4 SSDPSRV - ok 14:02:58.0117 0x16f4 SstpSvc - ok 14:02:58.0119 0x16f4 Steam Client Service - ok 14:02:58.0121 0x16f4 stexstor - ok 14:02:58.0123 0x16f4 stisvc - ok 14:02:58.0125 0x16f4 swenum - ok 14:02:58.0126 0x16f4 swprv - ok 14:02:58.0128 0x16f4 SysMain - ok 14:02:58.0130 0x16f4 TabletInputService - ok 14:02:58.0132 0x16f4 tap0901 - ok 14:02:58.0134 0x16f4 TapiSrv - ok 14:02:58.0135 0x16f4 TBS - ok 14:02:58.0137 0x16f4 Tcpip - ok 14:02:58.0139 0x16f4 TCPIP6 - ok 14:02:58.0142 0x16f4 tcpipreg - ok 14:02:58.0145 0x16f4 TDPIPE - ok 14:02:58.0147 0x16f4 TDTCP - ok 14:02:58.0149 0x16f4 tdx - ok 14:02:58.0152 0x16f4 TeamViewer8 - ok 14:02:58.0154 0x16f4 TermDD - ok 14:02:58.0156 0x16f4 TermService - ok 14:02:58.0158 0x16f4 Themes - ok 14:02:58.0160 0x16f4 THREADORDER - ok 14:02:58.0161 0x16f4 TrkWks - ok 14:02:58.0163 0x16f4 truecrypt - ok 14:02:58.0165 0x16f4 TrustedInstaller - ok 14:02:58.0168 0x16f4 tssecsrv - ok 14:02:58.0170 0x16f4 TsUsbFlt - ok 14:02:58.0172 0x16f4 tunnel - ok 14:02:58.0174 0x16f4 uagp35 - ok 14:02:58.0176 0x16f4 udfs - ok 14:02:58.0179 0x16f4 UI0Detect - ok 14:02:58.0181 0x16f4 uliagpkx - ok 14:02:58.0183 0x16f4 umbus - ok 14:02:58.0185 0x16f4 UmPass - ok 14:02:58.0187 0x16f4 UNS - ok 14:02:58.0189 0x16f4 upnphost - ok 14:02:58.0191 0x16f4 usbccgp - ok 14:02:58.0193 0x16f4 usbcir - ok 14:02:58.0195 0x16f4 usbehci - ok 14:02:58.0197 0x16f4 usbhub - ok 14:02:58.0199 0x16f4 usbohci - ok 14:02:58.0201 0x16f4 usbprint - ok 14:02:58.0202 0x16f4 USBSTOR - ok 14:02:58.0204 0x16f4 usbuhci - ok 14:02:58.0206 0x16f4 UxSms - ok 14:02:58.0208 0x16f4 VaultSvc - ok 14:02:58.0210 0x16f4 vdrvroot - ok 14:02:58.0212 0x16f4 vds - ok 14:02:58.0214 0x16f4 vga - ok 14:02:58.0216 0x16f4 VgaSave - ok 14:02:58.0218 0x16f4 vhdmp - ok 14:02:58.0220 0x16f4 viaide - ok 14:02:58.0222 0x16f4 volmgr - ok 14:02:58.0224 0x16f4 volmgrx - ok 14:02:58.0226 0x16f4 volsnap - ok 14:02:58.0228 0x16f4 vsmraid - ok 14:02:58.0229 0x16f4 VSS - ok 14:02:58.0231 0x16f4 vwifibus - ok 14:02:58.0233 0x16f4 W32Time - ok 14:02:58.0236 0x16f4 WacomPen - ok 14:02:58.0238 0x16f4 WANARP - ok 14:02:58.0240 0x16f4 Wanarpv6 - ok 14:02:58.0242 0x16f4 WatAdminSvc - ok 14:02:58.0244 0x16f4 wbengine - ok 14:02:58.0246 0x16f4 WbioSrvc - ok 14:02:58.0247 0x16f4 wcncsvc - ok 14:02:58.0249 0x16f4 WcsPlugInService - ok 14:02:58.0251 0x16f4 Wd - ok 14:02:58.0253 0x16f4 Wdf01000 - ok 14:02:58.0255 0x16f4 WdiServiceHost - ok 14:02:58.0257 0x16f4 WdiSystemHost - ok 14:02:58.0259 0x16f4 WebClient - ok 14:02:58.0260 0x16f4 Wecsvc - ok 14:02:58.0262 0x16f4 wercplsupport - ok 14:02:58.0265 0x16f4 WerSvc - ok 14:02:58.0267 0x16f4 WfpLwf - ok 14:02:58.0269 0x16f4 WIMMount - ok 14:02:58.0272 0x16f4 WinDefend - ok 14:02:58.0276 0x16f4 WinHttpAutoProxySvc - ok 14:02:58.0278 0x16f4 Winmgmt - ok 14:02:58.0280 0x16f4 WinRM - ok 14:02:58.0284 0x16f4 WinUsb - ok 14:02:58.0286 0x16f4 Wlansvc - ok 14:02:58.0288 0x16f4 WmiAcpi - ok 14:02:58.0290 0x16f4 wmiApSrv - ok 14:02:58.0293 0x16f4 WMPNetworkSvc - ok 14:02:58.0295 0x16f4 WPCSvc - ok 14:02:58.0297 0x16f4 WPDBusEnum - ok 14:02:58.0300 0x16f4 WPRO_41_2001 - ok 14:02:58.0302 0x16f4 ws2ifsl - ok 14:02:58.0304 0x16f4 wscsvc - ok 14:02:58.0305 0x16f4 WSearch - ok 14:02:58.0308 0x16f4 wuauserv - ok 14:02:58.0310 0x16f4 WudfPf - ok 14:02:58.0312 0x16f4 WUDFRd - ok 14:02:58.0314 0x16f4 wudfsvc - ok 14:02:58.0316 0x16f4 WwanSvc - ok 14:02:58.0320 0x16f4 ================ Scan global =============================== 14:02:58.0320 0x16f4 [ Global ] - ok 14:02:58.0321 0x16f4 ================ Scan MBR ================================== 14:02:58.0322 0x16f4 [ B7310D12FF8857D5B67EAA63423EDB33 ] \Device\Harddisk0\DR0 14:02:58.0538 0x16f4 \Device\Harddisk0\DR0 - ok 14:02:58.0539 0x16f4 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1 14:02:58.0593 0x16f4 \Device\Harddisk1\DR1 - ok 14:02:58.0594 0x16f4 ================ Scan VBR ================================== 14:02:58.0596 0x16f4 [ 8D49788CA6C27644E534AFE1CB04447A ] \Device\Harddisk0\DR0\Partition1 14:02:58.0596 0x16f4 \Device\Harddisk0\DR0\Partition1 - ok 14:02:58.0600 0x16f4 [ E187ADF6083E29E8AFA63CCE2F1CBFDC ] \Device\Harddisk0\DR0\Partition2 14:02:58.0600 0x16f4 \Device\Harddisk0\DR0\Partition2 - ok 14:02:58.0603 0x16f4 [ E768F12FB425CF26AEE2DFA50F085926 ] \Device\Harddisk1\DR1\Partition1 14:02:58.0647 0x16f4 \Device\Harddisk1\DR1\Partition1 - ok 14:02:58.0652 0x16f4 AV detected via SS2: Kaspersky Internet Security, C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\wmiav.exe ( 13.0.1.4190 ), 0x41000 ( enabled : updated ) 14:02:58.0654 0x16f4 FW detected via SS2: Kaspersky Internet Security, C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\wmifw.exe ( 13.0.1.4190 ), 0x41010 ( enabled ) 14:03:01.0345 0x16f4 ============================================================ 14:03:01.0345 0x16f4 Scan finished 14:03:01.0345 0x16f4 ============================================================ 14:03:01.0353 0x1688 Detected object count: 0 14:03:01.0353 0x1688 Actual detected object count: 0 14:04:22.0158 0x0838 Deinitialize success |
|
02.03.2014, 08:16
| #8 |
| /// the machine /// TB-Ausbilder | Verdacht auf Keylogger Alles sauber. Wie erwartet. Ich find auch schon die Grundidee grenzwertig, dass ein Forum die Möglichkeiten hat zu sehen welcher User nen Keylogger hat und ihn darüber informiert 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
02.03.2014, 15:34
| #9 |
| | Verdacht auf Keylogger okay, danke. ja war etwas in panik. hätte dann halt direkt format c, wenn da was gewesen wäre. Kann der thread bitte gelöscht werden, oder meine logs? Danke! |
|
03.03.2014, 13:42
| #10 |
| /// the machine /// TB-Ausbilder | Verdacht auf Keylogger
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Verdacht auf Keylogger |
| aktiv, bli, browser, check, clean, computer, cookie, dll, explorer, explorer.exe, file, firefox, folge, forum, helper.exe, internet, internet explorer, keylogger, live, online, panik, recover, scan, spybot, tracking, tracking cookie, update |
Linear-Darstellung
