Zurück   Trojaner-Board > Malware entfernen > Überwachung, Datenschutz und Spam

Überwachung, Datenschutz und Spam: Dauerhafte "Mail Delivery System"-Mails

Windows 7 Fragen zu Verschlüsselung, Spam, Datenschutz & co. sind hier erwünscht. Hier geht es um Abwehr von Keyloggern oder aderen Spionagesoftware wie Spyware und Adware. Themen zum "Trojaner entfernen" oder "Malware Probleme" dürfen hier nur diskutiert werden. Benötigst du Hilfe beim Trojaner entfernen oder weil du dir einen Virus eingefangen hast, erstelle ein Thema in den oberen Bereinigungsforen.

Antwort
Alt 10.03.2013, 13:31   #1
krustentier
 
Dauerhafte "Mail  Delivery System"-Mails - Standard

Dauerhafte "Mail Delivery System"-Mails



Moin,
ich kriege seit einiger Zeit regelmäßig Mails auf mein Mailkonto die besagen, dass eine von mir verschickte Mail nicht zugestellt werden konnte, bzw dass der Adressent nicht existiert.
Die Mails sehen genauso aus wie die "echten" Mail Delivery System-Mails, insofern gehe ich davon aus, dass ich mir 'nen Trojaner oder sowas eingefangen habe, der automatisch Spam-Mails verschickt.

Eigentlich wollte ich mit BB-Code 'nen Spoiler mit der Mail einfügen, aber irgendwie funktioniert das nicht?

Es ist jedenfalls freenet-Mail-Konto. Ich habe zwei Systeme, mit denen ich auf dieses Konto zugreife, ein Tower und ein Netbook, beide Windows 7 (Rechner 64 Bit, Netbook 32 Bit).
Die Logfiles sind alle vom Tower-System.

OTL.txt:
OTL logfile created on: 10.03.2013 12:19:54 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Alex\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

6,00 Gb Total Physical Memory | 4,53 Gb Available Physical Memory | 75,61% Memory free
11,99 Gb Paging File | 10,18 Gb Available in Paging File | 84,88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 146,39 Gb Total Space | 70,81 Gb Free Space | 48,37% Space Free | Partition Type: NTFS
Drive D: | 785,03 Gb Total Space | 604,09 Gb Free Space | 76,95% Space Free | Partition Type: NTFS
Drive E: | 4,11 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: RAPTORJESUS | User Name: Alex | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013.03.10 12:19:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Alex\Desktop\OTL.exe
PRC - [2013.03.06 13:12:24 | 001,752,576 | ---- | M] (Last.fm) -- C:\Program Files (x86)\Last.fm\Last.fm Scrobbler.exe
PRC - [2013.01.20 20:29:18 | 028,539,272 | ---- | M] (Dropbox, Inc.) -- C:\Users\Alex\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.08.09 11:15:49 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.08 16:51:31 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.08 16:51:31 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011.03.04 12:45:08 | 001,529,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\VPN Client\cvpnd.exe
PRC - [2009.12.28 17:25:40 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\Belkin\F7D4101\V1\wlansrv.exe
PRC - [2009.05.14 16:07:14 | 000,759,048 | ---- | M] (ABBYY) -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe


========== Modules (No Company Name) ==========

MOD - [2013.03.06 13:11:54 | 000,126,976 | ---- | M] () -- C:\Program Files (x86)\Last.fm\listener.dll
MOD - [2013.03.06 13:11:50 | 000,757,248 | ---- | M] () -- C:\Program Files (x86)\Last.fm\unicorn.dll
MOD - [2013.03.06 13:11:24 | 000,032,768 | ---- | M] () -- C:\Program Files (x86)\Last.fm\logger.dll
MOD - [2013.03.05 13:25:40 | 000,350,720 | ---- | M] () -- C:\Program Files (x86)\Last.fm\lastfm.dll
MOD - [2013.01.18 11:49:56 | 000,182,784 | ---- | M] () -- C:\Program Files (x86)\Last.fm\plugins\phonon_backend\phonon_vlc.dll
MOD - [2013.01.18 11:39:50 | 000,302,592 | ---- | M] () -- C:\Program Files (x86)\Last.fm\phonon.dll
MOD - [2012.12.13 00:13:36 | 002,286,592 | ---- | M] () -- C:\Program Files (x86)\Last.fm\libvlccore.dll
MOD - [2012.12.13 00:13:32 | 000,049,664 | ---- | M] () -- C:\Program Files (x86)\Last.fm\plugins\audio_output\libaout_directx_plugin.dll
MOD - [2012.12.13 00:12:58 | 000,111,104 | ---- | M] () -- C:\Program Files (x86)\Last.fm\libvlc.dll
MOD - [2011.11.01 23:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.11.01 23:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012.12.19 20:56:00 | 000,240,640 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012.12.19 15:32:12 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV - [2013.02.27 21:43:27 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.01.08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.12.10 17:29:46 | 002,465,712 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012.05.08 16:51:31 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.05.08 16:51:31 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.03.04 12:45:08 | 001,529,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.12.28 17:25:40 | 000,036,864 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Belkin\F7D4101\V1\wlansrv.exe -- (WLANBelkinService)
SRV - [2009.09.14 16:00:00 | 000,166,400 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Programme\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE -- (EPSON_EB_RPCV4_04)
SRV - [2009.09.14 16:00:00 | 000,128,512 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Programme\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE -- (EPSON_PM_RPCV4_04)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.05.14 16:07:14 | 000,759,048 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Sprint.9.0)
SRV - [2008.11.25 10:45:40 | 000,153,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012.12.19 21:48:48 | 011,278,336 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012.12.19 20:32:54 | 000,552,960 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012.11.06 12:11:52 | 000,096,256 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012.09.28 10:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012.08.21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012.05.08 16:51:31 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.05.08 16:51:31 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.04.02 11:27:37 | 000,088,480 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2012.04.02 11:27:37 | 000,046,400 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2012.03.01 07:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.01.28 20:11:19 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011.12.09 12:40:20 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.03.11 07:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.03.04 12:51:50 | 000,306,536 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV:64bit: - [2010.10.22 02:00:00 | 001,293,824 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fwlanusb4.sys -- (fwlanusb4)
DRV:64bit: - [2010.10.22 02:00:00 | 000,014,120 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avmeject.sys -- (avmeject)
DRV:64bit: - [2010.05.05 16:10:44 | 001,119,072 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Dnetr28ux.sys -- (netr28ux)
DRV:64bit: - [2010.02.18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2010.02.08 07:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA)
DRV:64bit: - [2009.11.06 08:40:26 | 000,838,136 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmwlhigh664.sys -- (BCMH43XX)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.03.18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2009.03.06 18:10:10 | 000,015,872 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\anodlwfx.sys -- (anodlwf)
DRV:64bit: - [2009.03.01 23:05:32 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2008.11.16 17:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE)
DRV - [2012.04.09 09:13:58 | 000,057,472 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Stopped] -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.2)
DRV - [2012.04.09 09:13:58 | 000,057,472 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.01)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8C 92 EE 48 94 E6 CC 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_171.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@cambridgesoft.com/Chem3D,version=12.0: C:\Program Files (x86)\ChemOffice2010\Chem3D\npChem3DPlugin.dll (CambridgeSoft Corp.)
FF - HKLM\Software\MozillaPlugins\@cambridgesoft.com/ChemDraw,version=12.0: C:\Program Files (x86)\ChemOffice2010\ChemDraw\npcdp32.dll (CambridgeSoft Corp.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Alex\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Alex\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.01.28 20:18:23 | 000,000,000 | ---D | M]

[2012.03.31 19:22:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alex\AppData\Roaming\mozilla\Extensions
[2012.03.08 16:54:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.03.08 16:54:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2011.12.21 08:42:29 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.12.21 06:08:50 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.12.21 06:02:40 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.12.21 06:08:50 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.12.21 06:08:50 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.12.21 06:08:50 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.12.21 06:08:50 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:assistedQueryStats}{google:se archFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParam eter}
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Alex\AppData\Local\Google\Chrome\Application\25.0.1364.152\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Alex\AppData\Local\Google\Chrome\Application\25.0.1364.152\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Alex\AppData\Local\Google\Chrome\Application\25.0.1364.152\gcswf32.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Adblock Plus = C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.3.4_0\
CHR - Extension: Google-Suche = C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Simple Adblock = C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhfjefnfnmmnkcckbjjcganphignempo\1.0.6_0\
CHR - Extension: Better Pop Up Blocker = C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmpeeekfhbmikbdhlpjbfmnpgcbeggic\2.1.6_0\
CHR - Extension: YouTube Unblocker = C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\npnkeeiehehhefofiekoflfedgehcdhl\0.3.2_0\
CHR - Extension: Google Mail = C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - Startup: C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Alex\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 10.2.0)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{016E9268-C477-43E7-981C-F9CE181897CB}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D3E39A52-7EBC-43A2-A399-0CA0B3A30664}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - File not found
O20 - HKLM Winlogon: UserInit - (userinit.exe) - File not found
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - File not found
O29 - HKLM SecurityProviders - (credssp.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005.11.21 18:26:21 | 000,000,057 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{0aa66bda-49e3-11e1-b894-1c6f6584924d}\Shell - "" = AutoRun
O33 - MountPoints2\{0aa66bda-49e3-11e1-b894-1c6f6584924d}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{0aa66bda-49e3-11e1-b894-1c6f6584924d}\Shell\install\command - "" = F:\Setup.exe
O33 - MountPoints2\{1dadad8d-58ba-11e1-be3e-1c6f6584924d}\Shell - "" = AutoRun
O33 - MountPoints2\{1dadad8d-58ba-11e1-be3e-1c6f6584924d}\Shell\AutoRun\command - "" = G:\pushinst.exe
O33 - MountPoints2\{45efd60b-4937-11e1-ba46-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{45efd60b-4937-11e1-ba46-806e6f6e6963}\Shell\AutoRun\command - "" = E:\OblivionLauncher.exe -- [2006.02.27 16:17:52 | 001,662,976 | R--- | M] (Bethesda Softworks)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013.03.10 12:19:15 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Alex\Desktop\OTL.exe
[2013.03.09 15:20:57 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\mp3DirectCut
[2013.03.09 15:19:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\mp3DirectCut
[2013.03.09 14:57:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free M4a to MP3 Converter
[2013.03.09 14:57:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free M4a to MP3 Converter
[2013.03.06 22:20:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013.03.06 22:19:26 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013.03.06 22:19:26 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013.03.06 22:19:26 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013.03.06 20:52:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Last.fm
[2013.02.21 23:30:58 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2013.02.21 23:30:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013.02.21 23:30:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013.02.11 18:57:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Audio Pack
[2013.02.11 18:57:32 | 002,084,864 | ---- | C] (NCT Company Ltd.) -- C:\Windows\SysWow64\AudDesign.dll
[2013.02.11 18:57:32 | 001,986,560 | ---- | C] (NCT Company Ltd.) -- C:\Windows\SysWow64\AudFile.dll
[2013.02.11 18:57:32 | 001,212,416 | ---- | C] (NCT Company Ltd.) -- C:\Windows\SysWow64\AudioInfos.dll
[2013.02.11 18:57:32 | 000,479,232 | ---- | C] (NCT Company Ltd.) -- C:\Windows\SysWow64\AudioVisu.dll
[2013.02.11 18:57:32 | 000,458,752 | ---- | C] (NCT Company Ltd.) -- C:\Windows\SysWow64\AudPlayer.dll
[2013.02.11 18:57:32 | 000,454,656 | ---- | C] (NCT Company Ltd.) -- C:\Windows\SysWow64\AudioRecord.dll
[2013.02.11 18:57:32 | 000,417,792 | ---- | C] (NCT Company Ltd.) -- C:\Windows\SysWow64\AudDisplay.dll
[2013.02.11 18:57:32 | 000,348,160 | ---- | C] (NCT Company Ltd.) -- C:\Windows\SysWow64\WMAFile.dll
[2013.02.11 18:57:31 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\FreeAudioPack
[2013.02.11 18:57:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free mp3 Wma Converter

========== Files - Modified Within 30 Days ==========

[2013.03.10 12:19:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Alex\Desktop\OTL.exe
[2013.03.10 12:18:53 | 000,000,000 | ---- | M] () -- C:\Users\Alex\defogger_reenable
[2013.03.10 12:17:45 | 000,050,477 | ---- | M] () -- C:\Users\Alex\Desktop\Defogger.exe
[2013.03.10 11:52:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3457506275-3499392296-1292500948-1001UA.job
[2013.03.10 11:43:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.03.10 10:23:41 | 000,014,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.10 10:23:41 | 000,014,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.10 10:15:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.03.10 10:15:43 | 534,945,791 | -HS- | M] () -- C:\hiberfil.sys
[2013.03.01 11:26:07 | 004,706,746 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.03.01 11:26:07 | 001,909,144 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.03.01 11:26:07 | 001,400,238 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.03.01 11:26:07 | 001,242,882 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.03.01 11:26:07 | 000,007,100 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.02.21 23:52:00 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3457506275-3499392296-1292500948-1001Core.job
[2013.02.16 15:40:10 | 000,001,051 | ---- | M] () -- C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013.02.15 21:03:24 | 000,034,213 | ---- | M] () -- C:\Users\Alex\Desktop\Stundenplan Bine.pdf
[2013.02.14 09:39:14 | 000,349,304 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2013.03.10 12:18:53 | 000,000,000 | ---- | C] () -- C:\Users\Alex\defogger_reenable
[2013.03.10 12:17:44 | 000,050,477 | ---- | C] () -- C:\Users\Alex\Desktop\Defogger.exe
[2013.02.16 15:40:10 | 000,001,051 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013.02.15 21:03:24 | 000,034,213 | ---- | C] () -- C:\Users\Alex\Desktop\Stundenplan Bine.pdf
[2013.02.11 18:57:32 | 000,116,296 | ---- | C] () -- C:\Windows\SysWow64\NCTWMAProfiles.prx
[2013.02.11 18:57:31 | 000,484,352 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll
[2012.10.09 18:17:11 | 000,040,960 | R--- | C] () -- C:\Windows\SysWow64\psfind.dll
[2012.09.12 20:18:28 | 000,000,384 | ---- | C] () -- C:\Windows\cdplayer.ini
[2012.05.31 13:03:38 | 000,191,488 | ---- | C] () -- C:\Users\Alex\Part1.par
[2012.05.09 11:24:01 | 000,000,054 | ---- | C] () -- C:\Users\Alex\pc-client.properties
[2012.05.02 13:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012.04.12 20:25:50 | 000,007,082 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.04.06 02:29:34 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.04.06 02:29:34 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.01.29 15:17:50 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

========== ZeroAccess Check ==========

[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012.09.20 19:22:32 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Canneverbe Limited
[2012.01.29 12:02:59 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\DAEMON Tools Lite
[2012.05.06 12:15:34 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Dev-Cpp
[2013.03.10 10:18:37 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Dropbox
[2012.04.21 10:59:54 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Epson
[2013.02.11 18:57:39 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\FreeAudioPack
[2013.01.02 23:53:23 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\ICQ
[2012.12.04 10:28:42 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\LibreOffice
[2013.03.09 15:20:57 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\mp3DirectCut
[2012.02.15 16:54:04 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\OpenOffice.org
[2012.12.21 12:18:56 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\TuneUp Software
[2012.05.01 10:13:48 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Unigraphics Solutions

========== Purity Check ==========



< End of report >


Extras.txt:
OTL Extras logfile created on: 10.03.2013 12:19:54 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Alex\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

6,00 Gb Total Physical Memory | 4,53 Gb Available Physical Memory | 75,61% Memory free
11,99 Gb Paging File | 10,18 Gb Available in Paging File | 84,88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 146,39 Gb Total Space | 70,81 Gb Free Space | 48,37% Space Free | Partition Type: NTFS
Drive D: | 785,03 Gb Total Space | 604,09 Gb Free Space | 76,95% Space Free | Partition Type: NTFS
Drive E: | 4,11 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: RAPTORJESUS | User Name: Alex | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.reg [@ = regfile] -- regedit.exe "%1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.reg [@ = regfile] -- regedit.exe "%1"

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [open] -- regedit.exe "%1"
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V"
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [open] -- regedit.exe "%1"
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V"
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{035C8E57-7E34-451E-96BA-077739A97701}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{10279BEE-426E-433C-A39E-E1A5E77F1F72}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{11CC1D5B-CE96-4D45-BB83-5B46F76C132D}" = lport=138 | protocol=17 | dir=in | app=system |
"{19141097-B7C2-40EC-8AC1-4E442532E396}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{1D13254D-6A55-4271-B665-F50070A57108}" = rport=10243 | protocol=6 | dir=out | app=system |
"{1F6CF8E4-B0B7-4112-9D88-15427BA1360E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{33817499-48CA-42C2-874B-7BB9C433557C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3D601141-50FA-4D29-9093-B01F8BF2394A}" = lport=139 | protocol=6 | dir=in | app=system |
"{45ACD6D2-A6B7-4C91-BBBE-14374C430C61}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{49F4BE51-7E92-4008-B490-AE44254DC9AF}" = lport=2869 | protocol=6 | dir=in | app=system |
"{71587648-8195-44D1-A139-508E3C54D5EC}" = lport=445 | protocol=6 | dir=in | app=system |
"{750DFB21-1CCE-41EE-90B7-06923ACF37B9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7D729746-6E9C-4395-BD2C-92A57715E00D}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{7FCF9266-76F5-4BAC-8F3C-F58991AAB1E3}" = rport=139 | protocol=6 | dir=out | app=system |
"{9B424F3B-DCA5-456E-8E11-293EF8F3BE94}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{A3B1EEB6-5D61-4BBA-BD44-608C36BB620A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AD47F954-C815-49E1-9DEE-D8E23FB48934}" = lport=10243 | protocol=6 | dir=in | app=system |
"{B451ED79-A4F5-4C3B-A851-796EB1907690}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BDC5CE5C-7D6D-4E27-8609-E1562BDF409D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CAF223CD-2F87-4C17-9975-C01896622610}" = rport=138 | protocol=17 | dir=out | app=system |
"{CD47F851-D7FB-4B5F-BB74-0AC0010C2660}" = rport=137 | protocol=17 | dir=out | app=system |
"{D7F81496-725C-4C93-A83D-34CEF63E7A58}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F2276F67-803A-4D66-A27E-CB677B9AA9E4}" = rport=445 | protocol=6 | dir=out | app=system |
"{FD296664-A704-4F83-852C-D1905FE25D85}" = lport=137 | protocol=17 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03BCCCD8-A454-428E-96B6-CB9CBF51586F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{05F08800-AA07-4663-B2DA-519E6D5E483F}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{0DD0564D-8816-4916-8C6F-61CD7390F896}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{1A033EC4-1466-4E0A-AB69-387A7B293730}" = protocol=6 | dir=out | app=system |
"{1E020B7B-E5AB-46F4-8023-67FDC77B51AB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{25396856-A3F3-4207-B578-BC6EB01FD6AD}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{2F38CDAF-3C31-44A8-92F7-EF220E475718}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{2F6B63BF-A43A-4665-8E2D-21B0F8FB13DC}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{32E5FB50-3313-4DC7-B74B-7B4DEB7FFA92}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{34FC8203-55CD-439F-B68C-BE391CFCFDC1}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe |
"{3B3462A8-6AE0-43FE-9D9E-0A0628DA0245}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{41FAAC1C-FEEE-4BB8-B5FA-1D4DED402729}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{51E8AB91-E5FA-466D-8D82-3BEBB5D46C45}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{5217F238-78E2-4867-BCCD-7F5CB1251798}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe |
"{5E6440E9-1F49-4AF7-A71C-FCABD4D05DC2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{620CAF7F-AF06-4E38-B8BE-32E75FF5D0C7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{65F19662-041F-4EA2-B165-B5BA33F45389}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{68A51B9B-A7E1-497D-BD59-A2595C64AE33}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6A4FFF35-16B0-4E5F-88FA-6B6B819AB0F2}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
"{6BC4DD46-A613-49BC-9408-B409105E86C9}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7786627E-034D-4B1E-9916-35ACD52B0E2E}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe |
"{85B1BE83-0237-4A66-AF0A-1ED1C69E2C55}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{8A046FFD-F0C4-4036-A378-7960CD587F5A}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{99C7B0BC-414C-43BF-AD52-123C02A33A38}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A8FD89A3-07F3-464E-B13A-55E085596189}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B306C194-6FD8-4A8B-AB6F-B1002D10650F}" = protocol=6 | dir=in | app=c:\users\alex\appdata\roaming\dropbox\bin\dropbox.exe |
"{BAA93C0B-7466-49C2-BC38-E83FC8F37C05}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{BD50F0ED-4640-4536-AB55-AC94D1906C03}" = protocol=58 | dir=in | app=system |
"{C095609B-1717-4051-A2E3-F9993B50B0F0}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{C353B347-09F2-41ED-B3A6-AE1D2DDD89B1}" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"{C9768FBA-CFFE-450E-8F60-7B4A6C107FE5}" = protocol=17 | dir=in | app=c:\users\alex\appdata\roaming\dropbox\bin\dropbox.exe |
"{CD41EB04-2250-4EDF-BC3B-E8BAFE2A1034}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CEBF3E0B-9C3D-4993-AAA0-84EF8C7BA53E}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe |
"{D7E5775C-3381-4957-99D7-F8991C8C062C}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E3B32679-1EF8-4C58-944F-3FC15414CE30}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{FE080CD7-47C0-426A-9D2B-105A3D803F42}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{FE3B8FE5-FABB-492F-82E6-C68EF2C839FA}" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"{FF1910C8-74E1-4777-9165-680240186E50}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"TCP Query User{05562021-9415-453A-8247-D818DC262FE4}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"TCP Query User{3057B31B-A8CF-4267-A1FC-4C7BCBC141DA}D:\torchlight ii\torchlight2.exe" = protocol=6 | dir=in | app=d:\torchlight ii\torchlight2.exe |
"TCP Query User{8049F02D-2992-4F3A-B41D-6D57B98192C6}C:\program files (x86)\thq\titan quest immortal throne\tqit.exe" = protocol=6 | dir=in | app=c:\program files (x86)\thq\titan quest immortal throne\tqit.exe |
"TCP Query User{F290DADA-0047-4EC1-8CB7-C39FFDD4A2A5}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"UDP Query User{5F61BBAC-C42F-4331-AEFC-4A077D4486EC}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"UDP Query User{6E4875A9-3886-4059-BA13-E488DDE43854}C:\program files (x86)\thq\titan quest immortal throne\tqit.exe" = protocol=17 | dir=in | app=c:\program files (x86)\thq\titan quest immortal throne\tqit.exe |
"UDP Query User{75E340C6-FFEA-4A02-8B85-978E89EC2814}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"UDP Query User{B84B4C3B-5CAE-4A4D-B613-B1B4B40219DF}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"UDP Query User{F7CDB217-B97F-47B9-AA6D-59CC46B24476}D:\torchlight ii\torchlight2.exe" = protocol=17 | dir=in | app=d:\torchlight ii\torchlight2.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0225AD21-F3E2-4916-BFF3-65D3F9052582}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F86417002FF}" = Java(TM) 7 Update 2 (64-bit)
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{3145731D-C578-70ED-899F-7A670D2A6662}" = AMD Fuel
"{4975DE61-6BF6-B9BC-1FDE-C04C5EC78E4C}" = AMD Media Foundation Decoders
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5E03A267-415E-5383-FA8F-3CE4145663B9}" = AMD Catalyst Install Manager
"{5F92DAD2-FD95-DD12-50DF-A6F66C7E67C8}" = AMD Drag and Drop Transcoding
"{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D}" = Cisco Systems VPN Client 5.0.07.0440
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{79BF7CB8-1E09-489F-9547-DB3EE8EA3F16}" = Microsoft SQL Server Native Client
"{86177DAE-38B1-49DD-912E-35CB703AB779}" = Microsoft SQL Server VSS Writer
"{89EE4A30-080F-2C95-6F78-C98D18FBD74D}" = AMD Accelerated Video Transcoding
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{9CF11D16-ECEB-90A5-A028-CA9E068D848B}" = ccc-utility64
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"EPSON SX130 Series" = EPSON SX130 Series Printer Uninstall
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"WinRAR archiver" = WinRAR 4.10 (64-Bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{017F8447-2A1D-0DDB-B5D7-CA2BFACE2886}" = CCC Help French
"{054E9A1C-3EA2-C657-E787-FD8DCF5C3D3B}" = CCC Help Czech
"{10209B87-55D6-493E-A30A-12A265AA324E}" = TQ Defiler
"{106B4413-ACBB-4CDE-8707-587DB9BD77EC}" = LogMeIn Hamachi
"{1D108D70-E7D1-4089-9A0A-99629C4D0CB8}" = Morrowind
"{1DE2BD51-0300-772D-5E18-F337D95D5687}" = CCC Help German
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{224E8FEB-5C1F-077F-6FC5-602AC1AE644D}" = CCC Help Danish
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{275E9C49-C72F-D754-DEB7-77F10A9C00D8}" = CCC Help Japanese
"{30049739-BE95-6591-B504-E6D7057D49CC}" = CCC Help Spanish
"{30D81BE6-916F-4B57-9EB5-87C1868D9489}" = SciTE Text Editor
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{3F1EB155-F96E-EB7B-2EF2-7375490E0FA9}" = CCC Help English
"{412B69AF-C352-4F6F-A318-B92B3CB9ACC6}" = Titan Quest
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B023D7B-9E67-795D-FB31-B5E1F6DCA451}" = CCC Help Italian
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{55A41219-9B22-4098-BAE7-AE289B3C569A}_is1" = Panda USB Vaccine 1.0.1.4
"{55F6C486-8C75-2A72-DAFE-CE78A624C9F7}" = CCC Help Russian
"{58D379F7-62BC-4748-8237-FE071ECE797C}" = Microsoft SQL Server 2005 Tools
"{5AF23993-7152-1620-E43F-1B4542FB4F84}" = CCC Help Thai
"{5C2F3077-DBF4-4931-8186-26A6161B29C3}" = CambridgeSoft ChemDraw ActiveX Enterprise Constant 12.0
"{63326924-3CAF-C858-3A8F-8598C87019D7}" = AMD VISION Engine Control Center
"{63822E89-11AA-F8EC-D433-F72A85799EC0}" = CCC Help Greek
"{66361420-4905-AEB8-17AE-172FDD164A7E}" = CCC Help Polish
"{769F2A4B-84A3-9486-ADD2-9E5AB4B4E1E3}" = Catalyst Control Center InstallProxy
"{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE}" = ICQ7.7
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8773DD1C-5FB2-95B5-5A93-0EFEAC900A4D}" = CCC Help Norwegian
"{88E62BD7-A532-48F6-8428-D949BB93A2D7}" = Play Wireless USB Adapter
"{8A17C27D-0325-400C-8AA9-DAA6B16CBD74}" = Epson Event Manager
"{8CCBB0BF-9CC1-1A65-BB93-56012A460EE6}" = CCC Help Portuguese
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00B2-0407-0000-0000000FF1CE}" = Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{98613C99-1399-416C-A07C-1EE1C585D872}" = SeaTools for Windows
"{A0A3CE05-96CB-52E9-434E-074F3BB7807E}" = CCC Help Turkish
"{A9C64319-932F-D02B-B14C-FFFC3EC49E77}" = CCC Help Chinese Standard
"{AC2C1BDB-1E91-4F94-B99C-E716FE2E9C75}_is1" = MinGW-Get version 0.5-beta-20120426-1
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
"{B0F9497C-52B4-4686-8E73-74D866BBDF59}" = Microsoft SQL Server 2005 (CSSQL05)
"{B5C5C17E-FEF6-4062-8151-A427AE8AF9D7}" = Titan Quest Immortal Throne
"{B93BC257-3F73-47B1-B68D-597C6878C8E7}" = CambridgeSoft ChemBioDraw Ultra 12.0
"{C09DB932-7619-7B56-30E3-C0454811D6D7}" = CCC Help Korean
"{C22A4697-BD77-ACB1-744F-1FD0A0BFF798}" = CCC Help Swedish
"{CBCF6C86-4738-4A84-9C2C-331804DCEB9B}" = LibreOffice 3.6
"{D4B457B2-260F-C561-CA87-703BD3B724CA}" = Catalyst Control Center Graphics Previews Common
"{D6CDB506-297D-AE70-0EF6-DE5185F961BE}" = CCC Help Chinese Traditional
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E773E0B9-6ABE-4F9E-816C-56B2DD8613B9}" = CambridgeSoft Activation Client
"{ECFD508E-68A2-91B2-46DD-1D03D783D94B}" = Catalyst Control Center Localization All
"{EDE361D5-35A5-DA7D-3462-C3DABD24029B}" = CCC Help Hungarian
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}" = The Witcher
"{F1E7DD6A-AE2D-D706-BEB3-937F76CA6AE9}" = CCC Help Finnish
"{F56F54DD-BCB2-1221-2CB7-E983A5CF9D15}" = CCC Help Dutch
"{F596E368-2A1D-4896-AB37-C81BFA4DD011}" = CambridgeSoft ENotebook 12.02
"{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint
"ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Audiograbber" = Audiograbber 1.83 SE
"Audiograbber-Lame" = Audiograbber MP3-Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"DAEMON Tools Lite" = DAEMON Tools Lite
"Dev-C++" = Dev-C++ 5 beta 9 release (4.9.9.2)
"Diablo II" = Diablo II
"EPSON Scanner" = EPSON Scan
"EPSON SX130 Series Useg" = Benutzerhandbuch EPSON SX130 Series
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 7.2
"Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 2.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{88E62BD7-A532-48F6-8428-D949BB93A2D7}" = Play Wireless USB Adapter
"LastFM_is1" = Last.fm Scrobbler 2.1.35
"LogMeIn Hamachi" = LogMeIn Hamachi
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox 9.0.1 (x86 de)" = Mozilla Firefox 9.0.1 (x86 de)
"PaperCut NG Client_is1" = PaperCut NG Client 10.7
"SSC Service Utility_is1" = SSC Service Utility v4.30
"VLC media player" = VLC media player 1.1.11
"Winamp" = Winamp

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"Winamp Detect" = Winamp Erkennungs-Plug-in

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 03.10.2012 06:02:48 | Computer Name = RaptorJesus | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error - 03.10.2012 06:02:48 | Computer Name = RaptorJesus | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error - 03.10.2012 06:02:48 | Computer Name = RaptorJesus | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren
für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.

Error - 03.10.2012 15:08:58 | Computer Name = RaptorJesus | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe_SysMain, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bc3c1 Name des fehlerhaften Moduls: sysmain.dll, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5be07e Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000002bd02
ID
des fehlerhaften Prozesses: 0x390 Startzeit der fehlerhaften Anwendung: 0x01cda19a3c19bffb
Pfad
der fehlerhaften Anwendung: C:\Windows\System32\svchost.exe Pfad des fehlerhaften
Moduls: c:\windows\system32\sysmain.dll Berichtskennung: c860d14d-0d8d-11e2-b20b-1c6f6584924d

Error - 03.10.2012 15:11:17 | Computer Name = RaptorJesus | Source = Application Hang | ID = 1002
Description = Programm winamp.exe, Version 5.6.2.3199 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 7bc Startzeit:
01cda19aaf22568d Endzeit: 0 Anwendungspfad: C:\Program Files (x86)\Winamp\winamp.exe

Berichts-ID:
19b485d1-0d8e-11e2-b20b-1c6f6584924d

Error - 03.10.2012 15:48:34 | Computer Name = RaptorJesus | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe_SysMain, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bc3c1 Name des fehlerhaften Moduls: sysmain.dll, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5be07e Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000002bd02
ID
des fehlerhaften Prozesses: 0xdc0 Startzeit der fehlerhaften Anwendung: 0x01cda19a8adbe398
Pfad
der fehlerhaften Anwendung: C:\Windows\System32\svchost.exe Pfad des fehlerhaften
Moduls: c:\windows\system32\sysmain.dll Berichtskennung: 506d9662-0d93-11e2-b20b-1c6f6584924d

Error - 03.10.2012 15:52:08 | Computer Name = RaptorJesus | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe_SysMain, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bc3c1 Name des fehlerhaften Moduls: sysmain.dll, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5be07e Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000002bd02
ID
des fehlerhaften Prozesses: 0x1180 Startzeit der fehlerhaften Anwendung: 0x01cda1a012e43b55
Pfad
der fehlerhaften Anwendung: C:\Windows\System32\svchost.exe Pfad des fehlerhaften
Moduls: c:\windows\system32\sysmain.dll Berichtskennung: cff8d9cc-0d93-11e2-b20b-1c6f6584924d

Error - 04.10.2012 05:08:46 | Computer Name = RaptorJesus | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe_SysMain, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bc3c1 Name des fehlerhaften Moduls: sysmain.dll, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5be07e Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000002bd02
ID
des fehlerhaften Prozesses: 0x394 Startzeit der fehlerhaften Anwendung: 0x01cda20f94197ec2
Pfad
der fehlerhaften Anwendung: C:\Windows\System32\svchost.exe Pfad des fehlerhaften
Moduls: c:\windows\system32\sysmain.dll Berichtskennung: 1a05266f-0e03-11e2-96a6-1c6f6584924d

Error - 04.10.2012 08:06:01 | Computer Name = RaptorJesus | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe_SysMain, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bc3c1 Name des fehlerhaften Moduls: sysmain.dll, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5be07e Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000002bd02
ID
des fehlerhaften Prozesses: 0xd8c Startzeit der fehlerhaften Anwendung: 0x01cda20fdc80fc0d
Pfad
der fehlerhaften Anwendung: C:\Windows\System32\svchost.exe Pfad des fehlerhaften
Moduls: c:\windows\system32\sysmain.dll Berichtskennung: dcc204ef-0e1b-11e2-96a6-1c6f6584924d

Error - 04.10.2012 08:09:35 | Computer Name = RaptorJesus | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe_SysMain, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bc3c1 Name des fehlerhaften Moduls: sysmain.dll, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5be07e Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000002bd02
ID
des fehlerhaften Prozesses: 0xa2c Startzeit der fehlerhaften Anwendung: 0x01cda2289f3b6984
Pfad
der fehlerhaften Anwendung: C:\Windows\System32\svchost.exe Pfad des fehlerhaften
Moduls: c:\windows\system32\sysmain.dll Berichtskennung: 5c525a3b-0e1c-11e2-96a6-1c6f6584924d

[ OSession Events ]
Error - 12.11.2012 18:51:31 | Computer Name = RaptorJesus | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1821
seconds with 1500 seconds of active time. This session ended with a crash.

Error - 12.11.2012 19:12:19 | Computer Name = RaptorJesus | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1226
seconds with 1020 seconds of active time. This session ended with a crash.

Error - 13.11.2012 10:47:23 | Computer Name = RaptorJesus | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1980
seconds with 1140 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 09.03.2013 09:03:55 | Computer Name = RaptorJesus | Source = Microsoft-Windows-Kernel-General | ID = 5
Description =

Error - 09.03.2013 09:04:50 | Computer Name = RaptorJesus | Source = Microsoft-Windows-Kernel-General | ID = 5
Description =

Error - 09.03.2013 09:05:51 | Computer Name = RaptorJesus | Source = Microsoft-Windows-Kernel-General | ID = 5
Description =

Error - 09.03.2013 09:06:52 | Computer Name = RaptorJesus | Source = Microsoft-Windows-Kernel-General | ID = 5
Description =

Error - 09.03.2013 09:07:52 | Computer Name = RaptorJesus | Source = Microsoft-Windows-Kernel-General | ID = 5
Description =

Error - 09.03.2013 09:08:54 | Computer Name = RaptorJesus | Source = Microsoft-Windows-Kernel-General | ID = 5
Description =

Error - 09.03.2013 18:26:14 | Computer Name = RaptorJesus | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x8024200d fehlgeschlagen: Sicherheitsupdate für Windows 7 für x64-basierte
Systeme (KB2667402)

Error - 10.03.2013 05:15:43 | Computer Name = RaptorJesus | Source = Microsoft-Windows-Kernel-General | ID = 5
Description =

Error - 10.03.2013 05:15:52 | Computer Name = RaptorJesus | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.2" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error - 10.03.2013 06:30:18 | Computer Name = RaptorJesus | Source = Microsoft-Windows-Kernel-General | ID = 5
Description =


< End of report >

Gmer.txt:

GMER 2.1.19155 - hxxp://www.gmer.net
Rootkit scan 2013-03-10 13:26:20
Windows 6.1.7600 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T1L0-5 SAMSUNG_HD103SJ rev.1AJ10001 931,51GB
Running: gmer_2.1.19155.exe; Driver: C:\Users\Alex\AppData\Local\Temp\uflyraow.sys


---- User code sections - GMER 2.1 ----

.text C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe[1896] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076451465 2 bytes [45, 76]
.text C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe[1896] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000764514bb 2 bytes [45, 76]
.text ... * 2
.text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[1040] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000076451465 2 bytes [45, 76]
.text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[1040] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000764514bb 2 bytes [45, 76]
.text ... * 2
.text C:\Users\Alex\AppData\Roaming\Dropbox\bin\Dropbox.exe[3084] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69 0000000076451465 2 bytes [45, 76]
.text C:\Users\Alex\AppData\Roaming\Dropbox\bin\Dropbox.exe[3084] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155 00000000764514bb 2 bytes [45, 76]
.text ... * 2
.text C:\Program Files (x86)\Last.fm\Last.fm Scrobbler.exe[4668] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076451465 2 bytes [45, 76]
.text C:\Program Files (x86)\Last.fm\Last.fm Scrobbler.exe[4668] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000764514bb 2 bytes [45, 76]
.text ... * 2

---- Threads - GMER 2.1 ----

Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1920:1420] 00000000777d2e3e
Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1920:2208] 00000000731c29e1
Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1920:2212] 00000000731c29e1
Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1920:2216] 00000000731c29e1
Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1920:2220] 00000000731c29e1
Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1920:2224] 00000000731c29e1
Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1920:2228] 00000000731c29e1
Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1920:2364] 00000000731c29e1
Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1920:2368] 00000000731c29e1
Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1920:2372] 00000000731c29e1
Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1920:2376] 00000000731c29e1
Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1920:2380] 00000000731c29e1
Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1920:2384] 00000000731c29e1
Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1920:2388] 00000000731c29e1
Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1920:2392] 00000000731c29e1
Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1920:2396] 00000000731c29e1
Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1920:2400] 00000000731c29e1
Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1920:2404] 00000000731c29e1
Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1920:2416] 00000000731c29e1
Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1920:2420] 00000000777d3e59
Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1920:2436] 00000000715a1c2f
Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1920:2500] 00000000731c29e1
Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1920:2524] 00000000731c29e1
Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1920:3032] 00000000731c29e1
Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1920:3036] 00000000731c29e1
Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1920:4088] 00000000777d3e59

---- EOF - GMER 2.1 ----

Eine der Mail Delivery System-Mails:

This message was created automatically by mail delivery software.

A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:

crusnikoo2@aol.com
SMTP error from remote mail server after end of data:
host mailin-04.mx.aol.com [205.188.146.194]: 521 5.2.1 :
(RLY:SN) hxxp://postmaster.info.aol.com/errors/554rlysn.html

------ This is a copy of the message, including all the headers. ------

Return-path: <****@freenet.de>
Received: from [195.4.92.141] (helo=mjail1.freenet.de)
by mout0.freenet.de with esmtpa (ID ****@freenet.de) (port 25) (Exim 4.80.1 #2)
id 1UEQuD-0000Ct-4b
for crusnikoo2@aol.com; Sat, 09 Mar 2013 22:02:13 +0100
Received: from localhost ([::1]:45339 helo=mjail1.freenet.de)
by mjail1.freenet.de with esmtpa (ID ****@freenet.de) (Exim 4.80.1 #2)
id 1UEQuC-00084X-Vr
for crusnikoo2@aol.com; Sat, 09 Mar 2013 22:02:13 +0100
Received: from [195.4.92.24] (port=60049 helo=14.mx.freenet.de)
by mjail1.freenet.de with esmtpa (ID ****@freenet.de) (Exim 4.80.1 #2)
id 1UEQqh-00021l-JL
for crusnikoo2@aol.com; Sat, 09 Mar 2013 21:58:35 +0100
Received: from [123.5.165.187] (port=2596 helo=dzau)
by 14.mx.freenet.de with esmtpsa (ID ****@freenet.de) (TLSv1HE-RSA-AES256-SHA:256) (port 25) (Exim
4.80.1 #2)
id 1UEQqg-0006Rr-F1
for crusnikoo2@aol.com; Sat, 09 Mar 2013 21:58:35 +0100
Reply-To: noreply@battle.com
Message-ID: <E66836BACDE2A5AB85AF0A02B40CBF6A@dzau>
From: "noreply@emailwow.blizzard.com" <crusnikoo2@aol.com>
To: <crusnikoo2@aol.com>
Subject: Exploitative Activity---Unauthorized Cheat Programs ("Hacks")(crusnikoo2@aol.com)
Date: Sun, 10 Mar 2013 04:58:30 +0800
Mime-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_064F_01326C62.16FA9AA0"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.5512
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.6157
X-purgate-ID: 149285::1362862715-00000747-3E0787A2/0-0/0-0

This is a multi-part message in MIME format.

------=_NextPart_000_064F_01326C62.16FA9AA0
Content-Type: text/plain;
charset="utf-8"
Content-Transfer-Encoding: base64

R3JlZXRpbmdzISBqb25uY2tqaXNrZnduaG82NTE4NjQ1NjE3MTcxMTg5MjgxOQ0KMTQ1MzA5NjUz
NzM4MTU1MDIyMjk0NzU5MHRsaTJ0bXVreXhuNHhrbg0KbnFrdXFhYWJsdmV0eGF0NDY5MjM3NjUw
OTM4NjA1bmRnY2phZWJ1eQ0KSXQgaGFzIGNvbWUgdG8gb3VyIGF0dGVudGlvbiB0aGF0IHlvdSBh
cmUgdHJ5aW5nIHRvIHNlbGwvdHJhZGUgeW91ciBwZXJzb25hbCBXb3JsZCBvZiBXYXJjcmFmdCBh
Y2NvdW50LiBBcyB5b3UgbWF5IG9yIG1heSBub3QgYmUgYXdhcmUgb2YsIHRoaXMgY29uZmxpY3Rz
IHdpdGggdGhlIEVVTEEgYW5kIFRlcm1zIG9mIEFncmVlbWVudC4gSWYgdGhpcyBwcm92ZXMgdG8g
YmUgdHJ1ZSwgeW91ciBhY2NvdW50IGNhbiBhbmQgd2lsbCBiZSBkaXNhYmxlZC4gSXQgd2lsbCBi
ZSBvbmdvaW5nIGZvciBmdXJ0aGVyIGludmVzdGlnYXRpb24gYnkgQmxpenphcmQgRW50ZXJ0YWlu
bWVudCdzIGVtcGxveWVlcy4NCjZkZXA2ZDN6bTY1MzY4OTk4MjYyOTExNzd2a3RlcGR4aWhtDQpj
bm9mZmZyd2hvbHR6ZXhhaHJqZTk5NjkxMDM1ODYyOTAwNA0KU28gd2UgaGF2ZSByZXZpZXdlZCBv
dXIgbG9ncyBvZiB5b3VyIGFjY291bnQsIGFuZCB3ZSB3ZXJlIGFibGUgdG8gZGV0ZXJtaW5lIHRo
ZSBmb2xsb3dpbmc6DQo3NTg1NTI3NTkyNzIwMjBhYW92MXBoY3ZxOXVtMGltcm9wYnVwbHcyaXNr
aGxnc2FmYmduanh4DQoqQmF0dGxlLk5ldCBBY2NvdW50IE5hbWU6IGNydXNuaWtvbzJAYW9sLmNv
bSB0cWp6cw0Kb3Q1bjRqZDNmZzQ1ODcyMTAwMDc4NzQwNjMxNjE5MTE2Njc0dWlzMncyZHN2aTV1
aGI1aG9xcA0KKkJhdHRsZS5OZXQgQWNjb3VudCBBY3Rpb246NDkgSG91ciBTdXNwZW5zaW9uDQph
eGdqOGlvZTZ2MTg3MDYzNzU2MjcyNTU1cm5meXNiMnpqbmQya25iDQo1NzIzMTc5MDE3NDI5NDVo
MXBrZ3R3eHlzdW14ZmtyeG5udw0KV2UgaGF2ZSBmb3VuZCB0aGlzIGJlaGF2aW9yIGlzIG1hbnkg
dGltZXMgZGlyZWN0bHkgcmVsYXRlZCB0byBncm91cHMgcmVzcG9uc2libGUgZm9yIGNvbXByb21p
c2luZyBXb3JsZCBvZiBXYXJjcmFmdCBhY2NvdW50czsgd2UgdGFrZSB0aGVzZSBpc3N1ZXMgdmVy
eSBzZXJpb3VzbHkuIFlvdSBzaG91bGQgZ28gdG8gdGhlIGFjY291bnQgbWFuYWdlbWVudCB3ZWJz
aXRlIHRvIHN1Ym1pdCB5b3VyIGFjY291bnQgaW5mb3JtYXRpb24gc3RhdHVzIGFzIHNvb24gYXMg
cG9zc2libGUgOmh0dHBzOi8vd3d3LmJhdHRsZS5uZXQvbG9naW4vY3J1c25pa29vMi9sb2dpbi54
bWxyZWY9aHR0cHMyRnVzLmJhdHRsZS5uZXQlMkZhY2NvdW50JSV6c2p2d3RldXRvaDV6M3l0ZXdi
ZA0KaGZncHV2cmR0ejVhczJkaWRydHh6cG5sZjQ0OTQ4NDU0NTENCjQ5MDcxNzA0OTg2MjY3NG9l
anBmbmtmbHQ4NzUzMjE4ODkwDQpQbGVhc2UgYmUgYXdhcmUgdGhhdCBpZiB1bmF1dGhvcml6ZWQg
YWNjZXNzIHRvIHRoaXMgYWNjb3VudCwgaXQgbWF5IGxlYWQgdG8gZnVydGhlciBhY3Rpb24gYWdh
aW5zdCB0aGUgYWNjb3VudC4gV2UgbXVzdCBhc2sgdGhhdCBubyBhZGRpdGlvbmFsIGVtYWlscyBi
ZSBzdWJtaXR0ZWQgcmVnYXJkaW5nIHRoaXMgaXNzdWUsIGFzIGFkZGl0aW9uYWwgZW1haWxzIHdp
bGwgdWx0aW1hdGVseSByZXN1bHQgaW4gdW5kdWUgZGVsYXlzIGluIHJlc3BvbnNlIHRpbWUuDQo3
Y21meWxla3R3Z25udnd1ZGNneDg5MjM4NDQxNDU2ODY3Ng0KMzgxMTQ3NTM2NDkxNDI4MjA4ODI2
NDM2MXFzdWIxcjc0aXoNClNpbmNlcmVseSw8YnI+IDxicj5UaGUgQmF0dGxlLm5ldCBBY2NvdW50
IFRlYW08YnI+DQpvcTQ5bnpyZnlpZmhodGM2NTg3MjQ2MDgxMDU2NzFvdnZoaWJicGNxDQozNTY4
MzMzMjY1MzY5MjRkbGdxdWlmdmFzZ3lrbGINCm55dWphcWdzb2MyNTczOTAyMDAzdWh4ZWprYnZv
YWlzd2hvDQpycWx6d2t0Zmd3bnVidXEzMDI1NDExNDAzampjcWJvZ2pycmpldHV2DQpvcGl1cnZu
ZGtpdHp5dmh5a3V2czgzNDgxMzYyOTE2Mjc0NQ==

------=_NextPart_000_064F_01326C62.16FA9AA0
Content-Type: text/html;
charset="utf-8"
Content-Transfer-Encoding: base64

PCFET0NUWVBFIEhUTUwgUFVCTElDICItLy9XM0MvL0RURCBIVE1MIDQuMCBUcmFuc2l0aW9uYWwv
L0VOIj4NCjxIVE1MPjxIRUFEPg0KPE1FVEEgaHR0cC1lcXVpdj1Db250ZW50LVR5cGUgY29udGVu
dD0idGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04Ij4NCjxNRVRBIGNvbnRlbnQ9Ik1TSFRNTCA2LjAw
LjI5MDAuNjMzMiIgbmFtZT1HRU5FUkFUT1I+PC9IRUFEPg0KPEJPRFk+DQo8UD5HcmVldGluZ3Mh
IDxGT05UIA0KY29sb3I9d2hpdGU+bmVnenNsempmbHN4ZGx0OTAzNjYyMTcyMDE2OTU4NDYxOTY8
QlI+ODE1OTk2MjE2NDE0ODc4ODAyMTAyNzU3OHd2YW9xeW93a2poeDdpaDxCUj5tbmp2Z3V0YXlv
ZXdqZmw3NzYyMTkyNDY5NjEwNzhwbGNxbmZnb3JzPEJSPjwvRk9OVD5UaGlzIHN1c3BlbnNpb24g
aGFwcGVuZWQgYmVjYXVzZSBvbmUgb3IgbW9yZSBjaGFyYWN0ZXJzIG9uIHRoZSBhY2NvdW50IHdl
cmUgaWRlbnRpZmllZCBleGNoYW5naW5nLCBvciBjb250cmlidXRpbmcgdG8gdGhlIGV4Y2hhbmdl
IG9mLCBpbi1nYW1lIHByb3BlcnR5IChpdGVtcyBvciBnb2xkKSBmb3IgInJlYWwtd29ybGQiIGN1
cnJlbmN5LiBUaGlzIGV4Y2hhbmdlIHByb2Nlc3MgbmVnYXRpdmVseSBpbXBhY3RzIHRoZSBXb3Js
ZCBvZiBXYXJjcmFmdCBnYW1lIGVudmlyb25tZW50IGJ5IGRldHJhY3RpbmcgZnJvbSB0aGUgdmFs
dWUgb2YgdGhlIGluLWdhbWUgZWNvbm9teS48QlI+PEZPTlQgDQpjb2xvcj13aGl0ZT54aXFxY3N0
aWloNTUzNjAwMDA2OTc2NTg4ZGl4aHNoYm56bzxCUj5mdnhhZ2RucGVvcHRpdGNsaHlpeDc3NzY1
NTgxODkwMjU2MjxCUj48L0ZPTlQ+U28gDQp3ZSBoYXZlIHJldmlld2VkIG91ciBsb2dzIG9mIHlv
dXIgYWNjb3VudCwgYW5kIHdlIHdlcmUgYWJsZSB0byBkZXRlcm1pbmUgdGhlIA0KZm9sbG93aW5n
OjxCUj48Rk9OVCANCmNvbG9yPXdoaXRlPjc5NTQ0MTAxMTA4OTkyODlodWxydGd3d2I3b3NnMGp4
ZGRtNmM1czZjbXFzaGZwbWRud3F5cnY8QlI+PC9GT05UPipCYXR0bGUuTmV0IA0KQWNjb3VudCBO
YW1lOiBjcnVzbmlrb28yQGFvbC5jb20gPEZPTlQgDQpjb2xvcj13aGl0ZT5yZ2VxYjxCUj48L0ZP
TlQ+PEZPTlQgDQpjb2xvcj13aGl0ZT5nb2VzYmRpdnZtMzQwMDEzMTIwNDQ3NTIwODI4NDg3MjUw
MXF1cmphd3JvazBydWlneTRiMWxlPEJSPjwvRk9OVD4qQmF0dGxlLk5ldCANCkFjY291bnQgQWN0
aW9uOjQ5IEhvdXIgU3VzcGVuc2lvbjxCUj48Rk9OVCANCmNvbG9yPXdoaXRlPm1maWVxbnNmZnk3
MzMxMTgzOTQzNTUxNTN1eWRoOXlsZmJkcHdhcXQ8QlI+NzgxODA5Mzc5Njg3MzI3dXBnbDF5dzJ0
c3JieG5rYXBocmg8QlI+PC9GT05UPkluIG9yZGVyIHRvIGd1YXJhbnRlZSB0aGUgbGVnaXRpbWFj
eSBvZiB5b3VyIGFjY291bnQsIHNvIHdlIGhhdmUgaXNzdWVkIHRoaXMgd2FybmluZyBsZXR0ZXJz
IHRvIHlvdS5Zb3Ugc2hvdWxkIGdvIHRvIHRoZSBhY2NvdW50IG1hbmFnZW1lbnQgd2Vic2l0ZSB0
byBzdWJtaXQgeW91ciBhY2NvdW50IGluZm9ybWF0aW9uIGFzIHNvb24gYXMgcG9zc2libGUgOjxB
IA0KaHJlZj0iaHR0cDovL2RpYWJsbzMuYmxpenphcmQubmV0Lndhcm5pbmcuZ3NvemVrLmFkbWlu
LmFkbWludWJlLmluZm8vZXhwZy9pbmRleC5waHA/cmVmPWh0dHBzJTNBJTJGJTJGdXMuYmF0dGxl
Lm5ldCUyRmFjY291bnQlMkZtYW5hZ2VtZW50JTJGaW5kZXgueG1sJmFwcD1iYW0iPmh0dHBzOi8v
d3d3LmJhdHRsZS5uZXQvbG9naW4vY3J1c25pa29vMi9sb2dpbi54bWxyZWY9aHR0cHMyRnVzLmJh
dHRsZS5uZXQlMkZhY2NvdW50JSV0YXZieGpoZXF6NmE3c25ta2VtdDxCUj48L0E+PEZPTlQgDQpj
b2xvcj13aGl0ZT5seXZkZWVia3BxYmg1ZWFsb2M2dzR4bm9qMzUzMjU5MDAxMTxCUj41ODQwMDY4
MjY0Mjc2ODdob250a3Nndnl5MzA1NjU5ODgwNTxCUj48L0ZPTlQ+SWYgeW91IGlnbm9yZSB0aGlz
IG1haWwgeW91ciBhY2NvdW50IGNhbiBhbmQgd2lsbCBiZSBjbG9zZWQgcGVybWFuZW50bHkuIFBs
ZWFzZSBiZSBhd2FyZSB0aGF0IGlmIHVuYXV0aG9yaXplZCBhY2Nlc3MgdG8gdGhpcyBhY2NvdW50
LCBpdCBtYXkgbGVhZCB0byBmdXJ0aGVyIGFjdGlvbiBhZ2FpbnN0IHRoZSBhY2NvdW50LjxCUj48
Rk9OVCANCmNvbG9yPXdoaXRlPjUyYm4xaTZpeG52aHNweGV3aXRuOTk1NjE3MTk3NDk3NTUwPEJS
PjIwMzI5MTI1ODExOTU3OTAxMjM0NzI0ODlueGl2a2l6ZnV1PEJSPjwvRk9OVD5SZWdhcmRzLDxi
cj4gPGJyPkJsaXp6YXJkIEVudGVydGFpbm1lbnQ8YnI+PEJSPjxGT05UIA0KY29sb3I9d2hpdGU+
dHdld2NxbHN4anJvY21jMjY2MzQxMjkzODExNDIzY2F0cm9kemttdjxCUj42ODg3MDkwOTk0OTkw
MDJyeGZpdmtmZmF4bnd1emk8QlI+eWtuaXlhYXZjbjU5MjczOTQ2MTRqcmJpeGtianRreWR4eXM8
QlI+bXpjaWhwbmF0a2N0d213MDQ0ODA5NDg2NHRhZWF1c2l6YnppeWR2aDxCUj5tcmhrY3p0eGdk
YmZ4dGZraGxvaTIxMTMyNTAyOTQwNDM1NjwvRk9OVD48L1A+PC9CT0RZPjwvSFRNTD4NCg==

------=_NextPart_000_064F_01326C62.16FA9AA0--

Alt 10.03.2013, 22:19   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Dauerhafte "Mail  Delivery System"-Mails - Standard

Dauerhafte "Mail Delivery System"-Mails



Hallo und

Wurde das Passwort von Mailkonto schon geändert? Wenn nicht bitte unbedingt jetzt tun!

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner?
Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 11.03.2013, 09:00   #3
krustentier
 
Dauerhafte "Mail  Delivery System"-Mails - Standard

Dauerhafte "Mail Delivery System"-Mails



Zitat:
Zitat von cosinus Beitrag anzeigen
Wurde das Passwort von Mailkonto schon geändert?
Zuvor nicht, gerade eben hab ichs dann gemacht. (Hätt ich auch mal selbst drauf kommen können^^)

Zitat:
Zitat von cosinus Beitrag anzeigen
Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner?
Nein, keine weiteren Logs. Kann aber gern welche durchführen wenn du mir sagst mit welchen Programm?
Sorry, dass ich die Codes vergessen hatte. Ich dachte, ich hätte mich durch alle "vor-dem-Posten-lesen!"-Einträge durchgearbeitet.^^ Soll ich die Logs nochmal posten, diesmal im Code?
__________________

Alt 11.03.2013, 10:41   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Dauerhafte "Mail  Delivery System"-Mails - Standard

Dauerhafte "Mail Delivery System"-Mails



Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Die Logs der aufgegebenen Tools wie zB Malwarebytes sind immer zu posten - egal ob ein Fund dabei war oder nicht!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.

Bitte die drei Tools MBAR / aswMBR / TDSSkiller nun ausführen und die Logs in CODE-Tags posten


MBAR (Malwarebytes Anti-Rootkit)

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers


aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



TDSS-Killer

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 14.03.2013, 15:56   #5
krustentier
 
Dauerhafte "Mail  Delivery System"-Mails - Standard

Dauerhafte "Mail Delivery System"-Mails



Sorry, hat ein bisschen gedauert, war ein paar Tage nicht zu Hause.

Mbar hat nichts gefunden:

Code:
ATTFilter
 ---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1021

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7600 Windows 7 x64

Account is Administrative

Internet Explorer version: 9.0.8112.16421

Java version: 1.6.0_31

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 3.013000 GHz
Memory total: 6439886848, free: 4606488576

------------ Kernel report ------------
     03/14/2013 15:10:17
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_AuthenticAMD.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\DRIVERS\ACPI.sys
\SystemRoot\system32\DRIVERS\WMILIB.SYS
\SystemRoot\system32\DRIVERS\msisadrv.sys
\SystemRoot\system32\DRIVERS\pci.sys
\SystemRoot\system32\DRIVERS\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\DRIVERS\pciide.sys
\SystemRoot\system32\DRIVERS\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\atapi.sys
\SystemRoot\system32\DRIVERS\ataport.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\dtsoftbus01.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\anodlwfx.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\avkmgr.sys
\SystemRoot\system32\DRIVERS\avipbb.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\amdppm.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\1394ohci.sys
\SystemRoot\system32\DRIVERS\fdc.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\parport.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\dne64x.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\hamachi.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\amdiox64.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\flpydisk.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\AtihdW76.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\HdAudio.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\avgntflt.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
\SystemRoot\system32\DRIVERS\atksgt.sys
\SystemRoot\system32\DRIVERS\lirsgt.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\??\C:\Windows\system32\Drivers\CVPNDRVA.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\drivers\spsys.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\msvcrt.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8006134060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP1T1L0-5\
Lower Device Object: 0xfffffa8005bd4060
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
Initialization returned 0x0
Port sub-driver loaded: \??\C:\Windows\System32\drivers\ataport.sys (0x0)
Load Function returned 0x0
Downloaded database version: v2013.03.14.06
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 2
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8006134060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8006133570, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8006134060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8005be2580, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa8005bd4060, DeviceName: \Device\Ide\IdeDeviceP1T1L0-5\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0xfffff8a0045c71e0, 0xfffffa8006134060, 0xfffffa8005762790
Lower DeviceData: 0xfffff8a004de4bf0, 0xfffffa8005bd4060, 0xfffffa80057bb320
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 32938ACC

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 204800
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 206848  Numsec = 306995200

    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 307202048  Numsec = 1646319616

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 1000204886016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1953505168-1953525168)...
Done!
Performing system, memory and registry scan...
Done!
Scan finished
=======================================


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1021

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7600 Windows 7 x64

Account is Administrative

Internet Explorer version: 9.0.8112.16421

Java version: 1.6.0_31

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 3.013000 GHz
Memory total: 6439886848, free: 5004812288

=======================================
         
aswMBR:
Code:
ATTFilter
 
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-03-14 15:23:12
-----------------------------
15:23:12.395    OS Version: Windows x64 6.1.7600 
15:23:12.395    Number of processors: 2 586 0x603
15:23:12.395    ComputerName: RAPTORJESUS  UserName: Alex
15:23:12.884    Initialize success
15:25:32.250    AVAST engine defs: 13031401
15:27:46.681    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T1L0-5
15:27:46.687    Disk 0 Vendor: SAMSUNG_HD103SJ 1AJ10001 Size: 953869MB BusType: 3
15:27:46.702    Disk 0 MBR read successfully
15:27:46.708    Disk 0 MBR scan
15:27:46.719    Disk 0 Windows 7 default MBR code
15:27:46.733    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
15:27:46.756    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       149900 MB offset 206848
15:27:46.777    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       803867 MB offset 307202048
15:27:46.822    Disk 0 scanning C:\Windows\system32\drivers
15:27:56.098    Service scanning
15:28:16.596    Modules scanning
15:28:16.613    Disk 0 trace - called modules:
15:28:16.635    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys 
15:28:16.975    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006134060]
15:28:16.980    3 CLASSPNP.SYS[fffff88000dc043f] -> nt!IofCallDriver -> [0xfffffa8005be2580]
15:28:16.984    5 ACPI.sys[fffff88000efa781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T1L0-5[0xfffffa8005bd4060]
15:28:17.800    AVAST engine scan C:\Windows
15:28:19.613    AVAST engine scan C:\Windows\system32
15:30:51.467    AVAST engine scan C:\Windows\system32\drivers
15:30:59.769    AVAST engine scan C:\Users\Alex
15:34:37.588    AVAST engine scan C:\ProgramData
15:35:57.261    Scan finished successfully
15:42:54.081    Disk 0 MBR has been saved successfully to "C:\Users\Alex\Desktop\MBR.dat"
15:42:54.096    The log file has been saved successfully to "C:\Users\Alex\Desktop\aswMBR.txt"
         
TDSS-Killer:
Code:
ATTFilter
15:43:47.0861 2500  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
15:43:47.0921 2500  ============================================================
15:43:47.0921 2500  Current date / time: 2013/03/14 15:43:47.0921
15:43:47.0921 2500  SystemInfo:
15:43:47.0921 2500  
15:43:47.0921 2500  OS Version: 6.1.7600 ServicePack: 0.0
15:43:47.0921 2500  Product type: Workstation
15:43:47.0921 2500  ComputerName: RAPTORJESUS
15:43:47.0921 2500  UserName: Alex
15:43:47.0921 2500  Windows directory: C:\Windows
15:43:47.0921 2500  System windows directory: C:\Windows
15:43:47.0922 2500  Running under WOW64
15:43:47.0922 2500  Processor architecture: Intel x64
15:43:47.0922 2500  Number of processors: 2
15:43:47.0922 2500  Page size: 0x1000
15:43:47.0922 2500  Boot type: Normal boot
15:43:47.0922 2500  ============================================================
15:43:49.0152 2500  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1F8B1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
15:43:49.0156 2500  ============================================================
15:43:49.0156 2500  \Device\Harddisk0\DR0:
15:43:49.0156 2500  MBR partitions:
15:43:49.0156 2500  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
15:43:49.0156 2500  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x124C6000
15:43:49.0156 2500  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x124F8800, BlocksNum 0x6220D800
15:43:49.0156 2500  ============================================================
15:43:49.0195 2500  C: <-> \Device\Harddisk0\DR0\Partition2
15:43:49.0231 2500  D: <-> \Device\Harddisk0\DR0\Partition3
15:43:49.0232 2500  ============================================================
15:43:49.0232 2500  Initialize success
15:43:49.0232 2500  ============================================================
15:44:05.0978 1916  ============================================================
15:44:05.0978 1916  Scan started
15:44:05.0978 1916  Mode: Manual; SigCheck; TDLFS; 
15:44:05.0978 1916  ============================================================
15:44:07.0029 1916  ================ Scan system memory ========================
15:44:07.0029 1916  System memory - ok
15:44:07.0030 1916  ================ Scan services =============================
15:44:07.0204 1916  [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci        C:\Windows\system32\DRIVERS\1394ohci.sys
15:44:07.0322 1916  1394ohci - ok
15:44:07.0420 1916  [ B33CF4DE909A5B30F526D82053A63C8E ] ABBYY.Licensing.FineReader.Sprint.9.0 C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
15:44:07.0461 1916  ABBYY.Licensing.FineReader.Sprint.9.0 - ok
15:44:07.0507 1916  [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI            C:\Windows\system32\DRIVERS\ACPI.sys
15:44:07.0542 1916  ACPI - ok
15:44:07.0559 1916  [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi         C:\Windows\system32\DRIVERS\acpipmi.sys
15:44:07.0600 1916  AcpiPmi - ok
15:44:07.0654 1916  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
15:44:07.0675 1916  AdobeARMservice - ok
15:44:07.0792 1916  [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
15:44:07.0817 1916  AdobeFlashPlayerUpdateSvc - ok
15:44:07.0850 1916  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
15:44:07.0872 1916  adp94xx - ok
15:44:07.0884 1916  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
15:44:07.0898 1916  adpahci - ok
15:44:07.0913 1916  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
15:44:07.0924 1916  adpu320 - ok
15:44:07.0958 1916  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
15:44:08.0059 1916  AeLookupSvc - ok
15:44:08.0100 1916  [ DB9D6C6B2CD95A9CA414D045B627422E ] AFD             C:\Windows\system32\drivers\afd.sys
15:44:08.0135 1916  AFD - ok
15:44:08.0147 1916  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\DRIVERS\agp440.sys
15:44:08.0158 1916  agp440 - ok
15:44:08.0170 1916  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
15:44:08.0211 1916  ALG - ok
15:44:08.0237 1916  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\DRIVERS\aliide.sys
15:44:08.0251 1916  aliide - ok
15:44:08.0277 1916  [ 4EAAAAB8759644D572522FBCDD196A13 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
15:44:08.0309 1916  AMD External Events Utility - ok
15:44:08.0399 1916  AMD FUEL Service - ok
15:44:08.0490 1916  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\DRIVERS\amdide.sys
15:44:08.0519 1916  amdide - ok
15:44:08.0545 1916  [ 6A2EEB0C4133B20773BB3DD0B7B377B4 ] amdiox64        C:\Windows\system32\DRIVERS\amdiox64.sys
15:44:08.0770 1916  amdiox64 - ok
15:44:08.0784 1916  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
15:44:08.0819 1916  AmdK8 - ok
15:44:09.0013 1916  [ 22A14DF59FB8D0BE918C597988AF4296 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
15:44:09.0208 1916  amdkmdag - ok
15:44:09.0238 1916  [ EE22D3ED6D55A855E709F811CCCA97ED ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
15:44:09.0310 1916  amdkmdap - ok
15:44:09.0399 1916  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
15:44:09.0485 1916  AmdPPM - ok
15:44:09.0615 1916  [ EC7EBAB00A4D8448BAB68D1E49B4BEB9 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
15:44:09.0644 1916  amdsata - ok
15:44:09.0660 1916  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
15:44:09.0678 1916  amdsbs - ok
15:44:09.0690 1916  [ DB27766102C7BF7E95140A2AA81D042E ] amdxata         C:\Windows\system32\drivers\amdxata.sys
15:44:09.0704 1916  amdxata - ok
15:44:09.0805 1916  [ 4CCF421E6C4B2A4CBCE000715911F7CC ] anodlwf         C:\Windows\system32\DRIVERS\anodlwfx.sys
15:44:09.0861 1916  anodlwf - ok
15:44:10.0004 1916  [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
15:44:10.0032 1916  AntiVirSchedulerService - ok
15:44:10.0068 1916  [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
15:44:10.0080 1916  AntiVirService - ok
15:44:10.0105 1916  [ 5A528A540B1AEE8B1C77ED65094E8CDF ] AODDriver4.01   C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
15:44:10.0117 1916  AODDriver4.01 - ok
15:44:10.0142 1916  [ 5A528A540B1AEE8B1C77ED65094E8CDF ] AODDriver4.2    C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
15:44:10.0152 1916  AODDriver4.2 - ok
15:44:10.0179 1916  [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID           C:\Windows\system32\drivers\appid.sys
15:44:10.0206 1916  AppID - ok
15:44:10.0244 1916  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
15:44:10.0344 1916  AppIDSvc - ok
15:44:10.0373 1916  [ D065BE66822847B7F127D1F90158376E ] Appinfo         C:\Windows\System32\appinfo.dll
15:44:10.0410 1916  Appinfo - ok
15:44:10.0461 1916  [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:44:10.0474 1916  Apple Mobile Device - ok
15:44:10.0487 1916  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
15:44:10.0502 1916  arc - ok
15:44:10.0528 1916  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
15:44:10.0537 1916  arcsas - ok
15:44:10.0663 1916  [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
15:44:10.0689 1916  aspnet_state - ok
15:44:10.0705 1916  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
15:44:10.0776 1916  AsyncMac - ok
15:44:10.0786 1916  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\DRIVERS\atapi.sys
15:44:10.0795 1916  atapi - ok
15:44:10.0838 1916  [ 437F55435623D4D54D36197F5AD8B435 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
15:44:10.0866 1916  AtiHDAudioService - ok
15:44:10.0893 1916  [ B4BDE3F758A34658A37DFED3D9783CD8 ] atksgt          C:\Windows\system32\DRIVERS\atksgt.sys
15:44:10.0907 1916  atksgt - ok
15:44:10.0926 1916  [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:44:10.0969 1916  AudioEndpointBuilder - ok
15:44:10.0978 1916  [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv        C:\Windows\System32\Audiosrv.dll
15:44:11.0010 1916  AudioSrv - ok
15:44:11.0018 1916  [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
15:44:11.0028 1916  avgntflt - ok
15:44:11.0037 1916  [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
15:44:11.0047 1916  avipbb - ok
15:44:11.0050 1916  [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
15:44:11.0058 1916  avkmgr - ok
15:44:11.0083 1916  [ 1DC2F715792CF33428AD7993ACBD224D ] avmeject        C:\Windows\system32\drivers\avmeject.sys
15:44:11.0091 1916  avmeject - ok
15:44:11.0119 1916  [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
15:44:11.0161 1916  AxInstSV - ok
15:44:11.0201 1916  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
15:44:11.0242 1916  b06bdrv - ok
15:44:11.0273 1916  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
15:44:11.0293 1916  b57nd60a - ok
15:44:11.0333 1916  [ E49110A58A32E9450356686A95DD7763 ] BCMH43XX        C:\Windows\system32\DRIVERS\bcmwlhigh664.sys
15:44:11.0365 1916  BCMH43XX - ok
15:44:11.0400 1916  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
15:44:11.0430 1916  BDESVC - ok
15:44:11.0456 1916  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
15:44:11.0521 1916  Beep - ok
15:44:11.0568 1916  [ 4992C609A6315671463E30F6512BC022 ] BFE             C:\Windows\System32\bfe.dll
15:44:11.0651 1916  BFE - ok
15:44:11.0682 1916  [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS            C:\Windows\System32\qmgr.dll
15:44:11.0726 1916  BITS - ok
15:44:11.0743 1916  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
15:44:11.0760 1916  blbdrive - ok
15:44:11.0811 1916  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
15:44:11.0838 1916  Bonjour Service - ok
15:44:11.0869 1916  [ 19D20159708E152267E53B66677A4995 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
15:44:11.0895 1916  bowser - ok
15:44:11.0904 1916  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:44:11.0933 1916  BrFiltLo - ok
15:44:11.0947 1916  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:44:11.0958 1916  BrFiltUp - ok
15:44:12.0000 1916  [ 6B054C67AAA87843504E8E3C09102009 ] Browser         C:\Windows\System32\browser.dll
15:44:12.0018 1916  Browser - ok
15:44:12.0041 1916  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
15:44:12.0091 1916  Brserid - ok
15:44:12.0111 1916  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
15:44:12.0140 1916  BrSerWdm - ok
15:44:12.0149 1916  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
15:44:12.0171 1916  BrUsbMdm - ok
15:44:12.0190 1916  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
15:44:12.0206 1916  BrUsbSer - ok
15:44:12.0228 1916  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
15:44:12.0248 1916  BTHMODEM - ok
15:44:12.0271 1916  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
15:44:12.0297 1916  bthserv - ok
15:44:12.0310 1916  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
15:44:12.0343 1916  cdfs - ok
15:44:12.0373 1916  [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
15:44:12.0390 1916  cdrom - ok
15:44:12.0428 1916  [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc     C:\Windows\System32\certprop.dll
15:44:12.0506 1916  CertPropSvc - ok
15:44:12.0526 1916  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
15:44:12.0551 1916  circlass - ok
15:44:12.0572 1916  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
15:44:12.0591 1916  CLFS - ok
15:44:12.0640 1916  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:44:12.0665 1916  clr_optimization_v2.0.50727_32 - ok
15:44:12.0711 1916  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:44:12.0738 1916  clr_optimization_v2.0.50727_64 - ok
15:44:12.0805 1916  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:44:12.0831 1916  clr_optimization_v4.0.30319_32 - ok
15:44:12.0851 1916  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:44:12.0861 1916  clr_optimization_v4.0.30319_64 - ok
15:44:12.0900 1916  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
15:44:12.0930 1916  CmBatt - ok
15:44:12.0951 1916  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\DRIVERS\cmdide.sys
15:44:12.0965 1916  cmdide - ok
15:44:12.0995 1916  [ CA7720B73446FDDEC5C69519C1174C98 ] CNG             C:\Windows\system32\Drivers\cng.sys
15:44:13.0034 1916  CNG - ok
15:44:13.0049 1916  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
15:44:13.0062 1916  Compbatt - ok
15:44:13.0076 1916  [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
15:44:13.0107 1916  CompositeBus - ok
15:44:13.0116 1916  COMSysApp - ok
15:44:13.0127 1916  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
15:44:13.0141 1916  crcdisk - ok
15:44:13.0170 1916  [ BAF19B633933A9FB4883D27D66C39E9A ] CryptSvc        C:\Windows\system32\cryptsvc.dll
15:44:13.0231 1916  CryptSvc - ok
15:44:13.0262 1916  [ 44BDDEB03C84A1C993C992FFB5700357 ] CVirtA          C:\Windows\system32\DRIVERS\CVirtA64.sys
15:44:13.0273 1916  CVirtA - ok
15:44:13.0351 1916  [ 98C413E1A2FB6E5A4C101C25B3D0B275 ] CVPND           C:\Program Files (x86)\VPN Client\cvpnd.exe
15:44:13.0393 1916  CVPND - ok
15:44:13.0413 1916  [ 79AF0E203D089AF442A3F70ED00A37FB ] CVPNDRVA        C:\Windows\system32\Drivers\CVPNDRVA.sys
15:44:13.0424 1916  CVPNDRVA - ok
15:44:13.0451 1916  [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch      C:\Windows\system32\rpcss.dll
15:44:13.0482 1916  DcomLaunch - ok
15:44:13.0505 1916  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
15:44:13.0545 1916  defragsvc - ok
15:44:13.0587 1916  [ 9C253CE7311CA60FC11C774692A13208 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
15:44:13.0623 1916  DfsC - ok
15:44:13.0643 1916  [ CE3B9562D997F69B330D181A8875960F ] Dhcp            C:\Windows\system32\dhcpcore.dll
15:44:13.0683 1916  Dhcp - ok
15:44:13.0699 1916  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
15:44:13.0788 1916  discache - ok
15:44:13.0809 1916  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
15:44:13.0824 1916  Disk - ok
15:44:13.0852 1916  [ 05CB5910B3CA6019FC3CCA815EE06FFB ] DNE             C:\Windows\system32\DRIVERS\dne64x.sys
15:44:13.0862 1916  DNE - ok
15:44:13.0895 1916  [ 85CF424C74A1D5EC33533E1DBFF9920A ] Dnscache        C:\Windows\System32\dnsrslvr.dll
15:44:13.0916 1916  Dnscache - ok
15:44:13.0929 1916  [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc         C:\Windows\System32\dot3svc.dll
15:44:13.0965 1916  dot3svc - ok
15:44:13.0984 1916  [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS             C:\Windows\system32\dps.dll
15:44:14.0018 1916  DPS - ok
15:44:14.0040 1916  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
15:44:14.0051 1916  drmkaud - ok
15:44:14.0087 1916  [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01     C:\Windows\system32\DRIVERS\dtsoftbus01.sys
15:44:14.0097 1916  dtsoftbus01 - ok
15:44:14.0132 1916  [ 1633B9ABF52784A1331476397A48CBEF ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
15:44:14.0156 1916  DXGKrnl - ok
15:44:14.0170 1916  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
15:44:14.0204 1916  EapHost - ok
15:44:14.0290 1916  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
15:44:14.0344 1916  ebdrv - ok
15:44:14.0365 1916  [ 156F6159457D0AA7E59B62681B56EB90 ] EFS             C:\Windows\System32\lsass.exe
15:44:14.0402 1916  EFS - ok
15:44:14.0469 1916  [ 47C071994C3F649F23D9CD075AC9304A ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
15:44:14.0514 1916  ehRecvr - ok
15:44:14.0534 1916  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
15:44:14.0550 1916  ehSched - ok
15:44:14.0582 1916  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
15:44:14.0606 1916  elxstor - ok
15:44:14.0703 1916  [ 7DB097F4F6786307168C0DDDEC43A565 ] EPSON_EB_RPCV4_04 C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
15:44:14.0729 1916  EPSON_EB_RPCV4_04 - ok
15:44:14.0804 1916  [ 258AA65A0862E19B7DE6981FDA3758AD ] EPSON_PM_RPCV4_04 C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
15:44:14.0837 1916  EPSON_PM_RPCV4_04 - ok
15:44:14.0897 1916  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\DRIVERS\errdev.sys
15:44:14.0969 1916  ErrDev - ok
15:44:15.0027 1916  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
15:44:15.0086 1916  EventSystem - ok
15:44:15.0110 1916  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
15:44:15.0139 1916  exfat - ok
15:44:15.0168 1916  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
15:44:15.0209 1916  fastfat - ok
15:44:15.0252 1916  [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax             C:\Windows\system32\fxssvc.exe
15:44:15.0308 1916  Fax - ok
15:44:15.0332 1916  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
15:44:15.0344 1916  fdc - ok
15:44:15.0357 1916  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
15:44:15.0394 1916  fdPHost - ok
15:44:15.0408 1916  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
15:44:15.0442 1916  FDResPub - ok
15:44:15.0466 1916  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
15:44:15.0475 1916  FileInfo - ok
15:44:15.0488 1916  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
15:44:15.0528 1916  Filetrace - ok
15:44:15.0547 1916  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
15:44:15.0556 1916  flpydisk - ok
15:44:15.0569 1916  [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
15:44:15.0582 1916  FltMgr - ok
15:44:15.0603 1916  [ CB5E4B9C319E3C6BB363EB7E58A4A051 ] FontCache       C:\Windows\system32\FntCache.dll
15:44:15.0621 1916  FontCache - ok
15:44:15.0665 1916  [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:44:15.0682 1916  FontCache3.0.0.0 - ok
15:44:15.0704 1916  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
15:44:15.0719 1916  FsDepends - ok
15:44:15.0749 1916  [ D3E3F93D67821A2DB2B3D9FAC2DC2064 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
15:44:15.0763 1916  Fs_Rec - ok
15:44:15.0776 1916  [ B8B2A6E1558F8F5DE5CE431C5B2C7B09 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
15:44:15.0794 1916  fvevol - ok
15:44:15.0823 1916  [ 4632BB93B668004965246D7911E2DD05 ] fwlanusb4       C:\Windows\system32\DRIVERS\fwlanusb4.sys
15:44:15.0858 1916  fwlanusb4 - ok
15:44:15.0876 1916  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
15:44:15.0887 1916  gagp30kx - ok
15:44:15.0920 1916  [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
15:44:15.0927 1916  GEARAspiWDM - ok
15:44:15.0947 1916  [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc           C:\Windows\System32\gpsvc.dll
15:44:15.0976 1916  gpsvc - ok
15:44:16.0002 1916  [ 1E6438D4EA6E1174A3B3B1EDC4DE660B ] hamachi         C:\Windows\system32\DRIVERS\hamachi.sys
15:44:16.0009 1916  hamachi - ok
15:44:16.0108 1916  [ 785FD63B74B30986A9F2C7D965CA509F ] Hamachi2Svc     C:\Program Files (x86)\Hamachi\hamachi-2.exe
15:44:16.0164 1916  Hamachi2Svc - ok
15:44:16.0169 1916  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
15:44:16.0195 1916  hcw85cir - ok
15:44:16.0226 1916  [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
15:44:16.0246 1916  HdAudAddService - ok
15:44:16.0278 1916  [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
15:44:16.0295 1916  HDAudBus - ok
15:44:16.0311 1916  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
15:44:16.0330 1916  HidBatt - ok
15:44:16.0335 1916  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
15:44:16.0360 1916  HidBth - ok
15:44:16.0364 1916  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
15:44:16.0382 1916  HidIr - ok
15:44:16.0415 1916  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
15:44:16.0497 1916  hidserv - ok
15:44:16.0523 1916  [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
15:44:16.0550 1916  HidUsb - ok
15:44:16.0576 1916  [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc          C:\Windows\system32\kmsvc.dll
15:44:16.0614 1916  hkmsvc - ok
15:44:16.0620 1916  [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
15:44:16.0637 1916  HomeGroupListener - ok
15:44:16.0664 1916  [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll
15:44:16.0682 1916  HomeGroupProvider - ok
15:44:16.0712 1916  [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD          C:\Windows\system32\DRIVERS\HpSAMD.sys
15:44:16.0722 1916  HpSAMD - ok
15:44:16.0752 1916  [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
15:44:16.0796 1916  HTTP - ok
15:44:16.0806 1916  [ F17766A19145F111856378DF337A5D79 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
15:44:16.0815 1916  hwpolicy - ok
15:44:16.0834 1916  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
15:44:16.0844 1916  i8042prt - ok
15:44:16.0872 1916  [ B75E45C564E944A2657167D197AB29DA ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
15:44:16.0887 1916  iaStorV - ok
15:44:16.0956 1916  [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:44:17.0002 1916  idsvc - ok
15:44:17.0016 1916  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
15:44:17.0026 1916  iirsp - ok
15:44:17.0065 1916  [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT          C:\Windows\System32\ikeext.dll
15:44:17.0112 1916  IKEEXT - ok
15:44:17.0124 1916  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\DRIVERS\intelide.sys
15:44:17.0133 1916  intelide - ok
15:44:17.0155 1916  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
15:44:17.0172 1916  intelppm - ok
15:44:17.0186 1916  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
15:44:17.0213 1916  IPBusEnum - ok
15:44:17.0217 1916  [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:44:17.0245 1916  IpFilterDriver - ok
15:44:17.0263 1916  [ F8E058D17363EC580E4B7232778B6CB5 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
15:44:17.0310 1916  iphlpsvc - ok
15:44:17.0323 1916  [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV         C:\Windows\system32\DRIVERS\IPMIDrv.sys
15:44:17.0341 1916  IPMIDRV - ok
15:44:17.0345 1916  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
15:44:17.0374 1916  IPNAT - ok
15:44:17.0411 1916  [ 4EFFC8FF6D349E971E94B1C670C0C66A ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
15:44:17.0446 1916  iPod Service - ok
15:44:17.0468 1916  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
15:44:17.0484 1916  IRENUM - ok
15:44:17.0498 1916  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\DRIVERS\isapnp.sys
15:44:17.0508 1916  isapnp - ok
15:44:17.0534 1916  [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
15:44:17.0549 1916  iScsiPrt - ok
15:44:17.0576 1916  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
15:44:17.0588 1916  kbdclass - ok
15:44:17.0614 1916  [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
15:44:17.0645 1916  kbdhid - ok
15:44:17.0661 1916  [ 156F6159457D0AA7E59B62681B56EB90 ] KeyIso          C:\Windows\system32\lsass.exe
15:44:17.0672 1916  KeyIso - ok
15:44:17.0695 1916  [ 4F4B5FDE429416877DE7143044582EB5 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
15:44:17.0707 1916  KSecDD - ok
15:44:17.0718 1916  [ 6F40465A44ECDC1731BEFAFEC5BDD03C ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
15:44:17.0732 1916  KSecPkg - ok
15:44:17.0747 1916  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
15:44:17.0795 1916  ksthunk - ok
15:44:17.0817 1916  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
15:44:17.0852 1916  KtmRm - ok
15:44:17.0884 1916  [ 81F1D04D4D0E433099365127375FD501 ] LanmanServer    C:\Windows\system32\srvsvc.dll
15:44:17.0915 1916  LanmanServer - ok
15:44:17.0943 1916  [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:44:18.0034 1916  LanmanWorkstation - ok
15:44:18.0072 1916  [ 955982BF4421B77722196552B62E8DC2 ] lirsgt          C:\Windows\system32\DRIVERS\lirsgt.sys
15:44:18.0085 1916  lirsgt - ok
15:44:18.0119 1916  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
15:44:18.0165 1916  lltdio - ok
15:44:18.0188 1916  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
15:44:18.0219 1916  lltdsvc - ok
15:44:18.0234 1916  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
15:44:18.0260 1916  lmhosts - ok
15:44:18.0279 1916  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
15:44:18.0290 1916  LSI_FC - ok
15:44:18.0302 1916  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
15:44:18.0312 1916  LSI_SAS - ok
15:44:18.0316 1916  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:44:18.0325 1916  LSI_SAS2 - ok
15:44:18.0337 1916  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:44:18.0347 1916  LSI_SCSI - ok
15:44:18.0363 1916  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
15:44:18.0404 1916  luafv - ok
15:44:18.0425 1916  [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
15:44:18.0436 1916  Mcx2Svc - ok
15:44:18.0448 1916  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
15:44:18.0458 1916  megasas - ok
15:44:18.0473 1916  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
15:44:18.0486 1916  MegaSR - ok
15:44:18.0513 1916  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
15:44:18.0559 1916  MMCSS - ok
15:44:18.0574 1916  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
15:44:18.0618 1916  Modem - ok
15:44:18.0635 1916  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
15:44:18.0654 1916  monitor - ok
15:44:18.0679 1916  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
15:44:18.0688 1916  mouclass - ok
15:44:18.0707 1916  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
15:44:18.0724 1916  mouhid - ok
15:44:18.0746 1916  [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
15:44:18.0755 1916  mountmgr - ok
15:44:18.0780 1916  [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio            C:\Windows\system32\DRIVERS\mpio.sys
15:44:18.0791 1916  mpio - ok
15:44:18.0808 1916  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
15:44:18.0835 1916  mpsdrv - ok
15:44:18.0866 1916  [ AECAB449567D1846DAD63ECE49E893E3 ] MpsSvc          C:\Windows\system32\mpssvc.dll
15:44:18.0909 1916  MpsSvc - ok
15:44:18.0927 1916  [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
15:44:18.0946 1916  MRxDAV - ok
15:44:18.0967 1916  [ 040D62A9D8AD28922632137ACDD984F2 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
15:44:18.0978 1916  mrxsmb - ok
15:44:18.0993 1916  [ F0067552F8F9B33D7C59403AB808A3CB ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:44:19.0005 1916  mrxsmb10 - ok
15:44:19.0019 1916  [ 3C142D31DE9F2F193218A53FE2632051 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:44:19.0040 1916  mrxsmb20 - ok
15:44:19.0050 1916  [ 5C37497276E3B3A5488B23A326A754B7 ] msahci          C:\Windows\system32\DRIVERS\msahci.sys
15:44:19.0059 1916  msahci - ok
15:44:19.0075 1916  [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm           C:\Windows\system32\DRIVERS\msdsm.sys
15:44:19.0085 1916  msdsm - ok
15:44:19.0097 1916  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
15:44:19.0118 1916  MSDTC - ok
15:44:19.0136 1916  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
15:44:19.0163 1916  Msfs - ok
15:44:19.0220 1916  [ 6B298F50EC2F975430189741EE6A5CA2 ] msftesql$CSSQL05 C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe
15:44:19.0243 1916  msftesql$CSSQL05 - ok
15:44:19.0264 1916  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
15:44:19.0322 1916  mshidkmdf - ok
15:44:19.0334 1916  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\DRIVERS\msisadrv.sys
15:44:19.0342 1916  msisadrv - ok
15:44:19.0370 1916  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
15:44:19.0436 1916  MSiSCSI - ok
15:44:19.0440 1916  msiserver - ok
15:44:19.0468 1916  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
15:44:19.0534 1916  MSKSSRV - ok
15:44:19.0553 1916  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
15:44:19.0580 1916  MSPCLOCK - ok
15:44:19.0594 1916  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
15:44:19.0632 1916  MSPQM - ok
15:44:19.0650 1916  [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
15:44:19.0665 1916  MsRPC - ok
15:44:19.0675 1916  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
15:44:19.0683 1916  mssmbios - ok
15:44:19.0686 1916  MSSQL$CSSQL05 - ok
15:44:19.0720 1916  [ C06EA83F6FC2959E897C117255B6B1D5 ] MSSQLServerADHelper C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe
15:44:19.0746 1916  MSSQLServerADHelper - ok
15:44:19.0752 1916  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
15:44:19.0792 1916  MSTEE - ok
15:44:19.0804 1916  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
15:44:19.0821 1916  MTConfig - ok
15:44:19.0832 1916  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
15:44:19.0841 1916  Mup - ok
15:44:19.0877 1916  [ 4987E079A4530FA737A128BE54B63B12 ] napagent        C:\Windows\system32\qagentRT.dll
15:44:19.0956 1916  napagent - ok
15:44:20.0001 1916  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
15:44:20.0045 1916  NativeWifiP - ok
15:44:20.0067 1916  [ CAD515DBD07D082BB317D9928CE8962C ] NDIS            C:\Windows\system32\drivers\ndis.sys
15:44:20.0090 1916  NDIS - ok
15:44:20.0121 1916  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
15:44:20.0149 1916  NdisCap - ok
15:44:20.0177 1916  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
15:44:20.0203 1916  NdisTapi - ok
15:44:20.0226 1916  [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
15:44:20.0262 1916  Ndisuio - ok
15:44:20.0295 1916  [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
15:44:20.0323 1916  NdisWan - ok
15:44:20.0333 1916  [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
15:44:20.0375 1916  NDProxy - ok
15:44:20.0391 1916  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
15:44:20.0425 1916  NetBIOS - ok
15:44:20.0437 1916  [ 9162B273A44AB9DCE5B44362731D062A ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
15:44:20.0477 1916  NetBT - ok
15:44:20.0493 1916  [ 156F6159457D0AA7E59B62681B56EB90 ] Netlogon        C:\Windows\system32\lsass.exe
15:44:20.0502 1916  Netlogon - ok
15:44:20.0548 1916  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
15:44:20.0591 1916  Netman - ok
15:44:20.0614 1916  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:44:20.0624 1916  NetMsmqActivator - ok
15:44:20.0628 1916  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:44:20.0636 1916  NetPipeActivator - ok
15:44:20.0655 1916  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
15:44:20.0686 1916  netprofm - ok
15:44:20.0724 1916  [ FAD5127B44A089BB420BD0DB48F2075F ] netr28ux        C:\Windows\system32\DRIVERS\Dnetr28ux.sys
15:44:20.0742 1916  netr28ux - ok
15:44:20.0747 1916  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:44:20.0754 1916  NetTcpActivator - ok
15:44:20.0758 1916  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:44:20.0766 1916  NetTcpPortSharing - ok
15:44:20.0788 1916  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
15:44:20.0797 1916  nfrd960 - ok
15:44:20.0877 1916  [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc          C:\Windows\System32\nlasvc.dll
15:44:20.0972 1916  NlaSvc - ok
15:44:21.0017 1916  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
15:44:21.0044 1916  Npfs - ok
15:44:21.0065 1916  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
15:44:21.0099 1916  nsi - ok
15:44:21.0108 1916  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
15:44:21.0143 1916  nsiproxy - ok
15:44:21.0212 1916  [ 378E0E0DFEA67D98AE6EA53ADBBD76BC ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
15:44:21.0258 1916  Ntfs - ok
15:44:21.0270 1916  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
15:44:21.0307 1916  Null - ok
15:44:21.0350 1916  [ A4D9C9A608A97F59307C2F2600EDC6A4 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
15:44:21.0360 1916  nvraid - ok
15:44:21.0369 1916  [ 6C1D5F70E7A6A3FD1C90D840EDC048B9 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
15:44:21.0380 1916  nvstor - ok
15:44:21.0394 1916  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\DRIVERS\nv_agp.sys
15:44:21.0404 1916  nv_agp - ok
15:44:21.0474 1916  [ 84DE1DD996B48B05ACE31AD015FA108A ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
15:44:21.0501 1916  odserv - ok
15:44:21.0510 1916  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
15:44:21.0542 1916  ohci1394 - ok
15:44:21.0587 1916  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:44:21.0616 1916  ose - ok
15:44:21.0656 1916  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
15:44:21.0705 1916  p2pimsvc - ok
15:44:21.0735 1916  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
15:44:21.0758 1916  p2psvc - ok
15:44:21.0768 1916  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
15:44:21.0784 1916  Parport - ok
15:44:21.0805 1916  [ 90061B1ACFE8CCAA5345750FFE08D8B8 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
15:44:21.0814 1916  partmgr - ok
15:44:21.0830 1916  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
15:44:21.0853 1916  PcaSvc - ok
15:44:21.0870 1916  [ F36F6504009F2FB0DFD1B17A116AD74B ] pci             C:\Windows\system32\DRIVERS\pci.sys
15:44:21.0881 1916  pci - ok
15:44:21.0890 1916  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\DRIVERS\pciide.sys
15:44:21.0899 1916  pciide - ok
15:44:21.0915 1916  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
15:44:21.0927 1916  pcmcia - ok
15:44:21.0960 1916  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
15:44:21.0969 1916  pcw - ok
15:44:22.0040 1916  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
15:44:22.0056 1916  PerfHost - ok
15:44:22.0107 1916  [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla             C:\Windows\system32\pla.dll
15:44:22.0162 1916  pla - ok
15:44:22.0197 1916  [ 98B1721B8718164293B9701B98C52D77 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
15:44:22.0223 1916  PlugPlay - ok
15:44:22.0237 1916  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
15:44:22.0258 1916  PNRPAutoReg - ok
15:44:22.0265 1916  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
15:44:22.0276 1916  PNRPsvc - ok
15:44:22.0313 1916  [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
15:44:22.0353 1916  PolicyAgent - ok
15:44:22.0380 1916  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
15:44:22.0419 1916  Power - ok
15:44:22.0445 1916  [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
15:44:22.0481 1916  PptpMiniport - ok
15:44:22.0489 1916  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
15:44:22.0514 1916  Processor - ok
15:44:22.0541 1916  [ F381975E1F4346DE875CB07339CE8D3A ] ProfSvc         C:\Windows\system32\profsvc.dll
15:44:22.0570 1916  ProfSvc - ok
15:44:22.0579 1916  [ 156F6159457D0AA7E59B62681B56EB90 ] ProtectedStorage C:\Windows\system32\lsass.exe
15:44:22.0588 1916  ProtectedStorage - ok
15:44:22.0624 1916  [ EE992183BD8EAEFD9973F352E587A299 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
15:44:22.0662 1916  Psched - ok
15:44:22.0698 1916  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
15:44:22.0730 1916  ql2300 - ok
15:44:22.0742 1916  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
15:44:22.0752 1916  ql40xx - ok
15:44:22.0762 1916  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
15:44:22.0787 1916  QWAVE - ok
15:44:22.0807 1916  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
15:44:22.0829 1916  QWAVEdrv - ok
15:44:22.0843 1916  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
15:44:22.0870 1916  RasAcd - ok
15:44:22.0902 1916  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
15:44:22.0957 1916  RasAgileVpn - ok
15:44:22.0973 1916  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
15:44:23.0010 1916  RasAuto - ok
15:44:23.0024 1916  [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
15:44:23.0052 1916  Rasl2tp - ok
15:44:23.0067 1916  [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan          C:\Windows\System32\rasmans.dll
15:44:23.0115 1916  RasMan - ok
15:44:23.0130 1916  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
15:44:23.0171 1916  RasPppoe - ok
15:44:23.0182 1916  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
15:44:23.0218 1916  RasSstp - ok
15:44:23.0233 1916  [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
15:44:23.0275 1916  rdbss - ok
15:44:23.0286 1916  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
15:44:23.0299 1916  rdpbus - ok
15:44:23.0320 1916  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
15:44:23.0346 1916  RDPCDD - ok
15:44:23.0359 1916  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
15:44:23.0388 1916  RDPENCDD - ok
15:44:23.0396 1916  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
15:44:23.0422 1916  RDPREFMP - ok
15:44:23.0458 1916  [ 447DE7E3DEA39D422C1504F245B668B1 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
15:44:23.0476 1916  RDPWD - ok
15:44:23.0492 1916  [ 634B9A2181D98F15941236886164EC8B ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
15:44:23.0503 1916  rdyboost - ok
15:44:23.0531 1916  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
15:44:23.0566 1916  RemoteAccess - ok
15:44:23.0580 1916  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
15:44:23.0608 1916  RemoteRegistry - ok
15:44:23.0620 1916  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
15:44:23.0648 1916  RpcEptMapper - ok
15:44:23.0655 1916  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
15:44:23.0665 1916  RpcLocator - ok
15:44:23.0684 1916  [ 7266972E86890E2B30C0C322E906B027 ] RpcSs           C:\Windows\system32\rpcss.dll
15:44:23.0715 1916  RpcSs - ok
15:44:23.0735 1916  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
15:44:23.0775 1916  rspndr - ok
15:44:23.0812 1916  [ ABCB5A38A0D85BDF69B7877E1AD1EED5 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
15:44:23.0830 1916  RTL8167 - ok
15:44:23.0834 1916  [ 156F6159457D0AA7E59B62681B56EB90 ] SamSs           C:\Windows\system32\lsass.exe
15:44:23.0843 1916  SamSs - ok
15:44:23.0854 1916  [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port        C:\Windows\system32\DRIVERS\sbp2port.sys
15:44:23.0864 1916  sbp2port - ok
15:44:23.0882 1916  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
15:44:23.0921 1916  SCardSvr - ok
15:44:23.0932 1916  [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
15:44:23.0970 1916  scfilter - ok
15:44:24.0005 1916  [ 624D0F5FF99428BB90A5B8A4123E918E ] Schedule        C:\Windows\system32\schedsvc.dll
15:44:24.0023 1916  Schedule - ok
15:44:24.0046 1916  [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc     C:\Windows\System32\certprop.dll
15:44:24.0072 1916  SCPolicySvc - ok
15:44:24.0085 1916  [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
15:44:24.0106 1916  SDRSVC - ok
15:44:24.0114 1916  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
15:44:24.0152 1916  secdrv - ok
15:44:24.0169 1916  [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon        C:\Windows\system32\seclogon.dll
15:44:24.0196 1916  seclogon - ok
15:44:24.0222 1916  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
15:44:24.0249 1916  SENS - ok
15:44:24.0262 1916  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
15:44:24.0278 1916  SensrSvc - ok
15:44:24.0301 1916  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
15:44:24.0317 1916  Serenum - ok
15:44:24.0321 1916  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
15:44:24.0332 1916  Serial - ok
15:44:24.0361 1916  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
15:44:24.0390 1916  sermouse - ok
15:44:24.0417 1916  [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv      C:\Windows\system32\sessenv.dll
15:44:24.0455 1916  SessionEnv - ok
15:44:24.0480 1916  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
15:44:24.0516 1916  sffdisk - ok
15:44:24.0534 1916  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
15:44:24.0559 1916  sffp_mmc - ok
15:44:24.0570 1916  [ 178298F767FE638C9FEDCBDEF58BB5E4 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
15:44:24.0582 1916  sffp_sd - ok
15:44:24.0592 1916  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
15:44:24.0603 1916  sfloppy - ok
15:44:24.0628 1916  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
15:44:24.0677 1916  SharedAccess - ok
15:44:24.0701 1916  [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:44:24.0725 1916  ShellHWDetection - ok
15:44:24.0737 1916  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:44:24.0747 1916  SiSRaid2 - ok
15:44:24.0762 1916  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
15:44:24.0771 1916  SiSRaid4 - ok
15:44:24.0823 1916  [ 8C4F0DCC6A5100D48F9B2F950CDD220F ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
15:44:24.0851 1916  SkypeUpdate - ok
15:44:24.0879 1916  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
15:44:24.0932 1916  Smb - ok
15:44:24.0963 1916  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
15:44:24.0973 1916  SNMPTRAP - ok
15:44:25.0007 1916  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
15:44:25.0016 1916  spldr - ok
15:44:25.0038 1916  [ F8E1FA03CB70D54A9892AC88B91D1E7B ] Spooler         C:\Windows\System32\spoolsv.exe
15:44:25.0064 1916  Spooler - ok
15:44:25.0154 1916  [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc          C:\Windows\system32\sppsvc.exe
15:44:25.0226 1916  sppsvc - ok
15:44:25.0236 1916  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
15:44:25.0280 1916  sppuinotify - ok
15:44:25.0302 1916  [ B2EC3E1DEAC5F0A764BD3486D213A0AF ] SQLBrowser      C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
15:44:25.0312 1916  SQLBrowser - ok
15:44:25.0366 1916  [ D63FC56C7C3F9B576BC25F617E3F7963 ] SQLWriter       C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
15:44:25.0391 1916  SQLWriter - ok
15:44:25.0423 1916  [ 2408C0366D96BCDF63E8F1C78E4A29C5 ] srv             C:\Windows\system32\DRIVERS\srv.sys
15:44:25.0459 1916  srv - ok
15:44:25.0476 1916  [ 76548F7B818881B47D8D1AE1BE9C11F8 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
15:44:25.0503 1916  srv2 - ok
15:44:25.0517 1916  [ 0AF6E19D39C70844C5CAA8FB0183C36E ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
15:44:25.0545 1916  srvnet - ok
15:44:25.0561 1916  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
15:44:25.0611 1916  SSDPSRV - ok
15:44:25.0627 1916  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
15:44:25.0655 1916  SstpSvc - ok
15:44:25.0669 1916  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
15:44:25.0678 1916  stexstor - ok
15:44:25.0707 1916  [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc          C:\Windows\System32\wiaservc.dll
15:44:25.0726 1916  stisvc - ok
15:44:25.0733 1916  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
15:44:25.0742 1916  swenum - ok
15:44:25.0756 1916  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
15:44:25.0799 1916  swprv - ok
15:44:25.0862 1916  [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain         C:\Windows\system32\sysmain.dll
15:44:25.0928 1916  SysMain - ok
15:44:25.0940 1916  [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:44:25.0969 1916  TabletInputService - ok
15:44:25.0991 1916  [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv         C:\Windows\System32\tapisrv.dll
15:44:26.0031 1916  TapiSrv - ok
15:44:26.0046 1916  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
15:44:26.0131 1916  TBS - ok
15:44:26.0200 1916  [ 5CFB7AB8F9524D1A1E14369DE63B83CC ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
15:44:26.0246 1916  Tcpip - ok
15:44:26.0271 1916  [ 5CFB7AB8F9524D1A1E14369DE63B83CC ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
15:44:26.0301 1916  TCPIP6 - ok
15:44:26.0317 1916  [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
15:44:26.0344 1916  tcpipreg - ok
15:44:26.0359 1916  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
15:44:26.0375 1916  TDPIPE - ok
15:44:26.0392 1916  [ 7518F7BCFD4B308ABC9192BACAF6C970 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
15:44:26.0427 1916  TDTCP - ok
15:44:26.0449 1916  [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
15:44:26.0490 1916  tdx - ok
15:44:26.0504 1916  [ C448651339196C0E869A355171875522 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
15:44:26.0516 1916  TermDD - ok
15:44:26.0537 1916  [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService     C:\Windows\System32\termsrv.dll
15:44:26.0585 1916  TermService - ok
15:44:26.0597 1916  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
15:44:26.0621 1916  Themes - ok
15:44:26.0644 1916  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
15:44:26.0671 1916  THREADORDER - ok
15:44:26.0705 1916  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
15:44:26.0763 1916  TrkWks - ok
15:44:26.0806 1916  [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:44:26.0835 1916  TrustedInstaller - ok
15:44:26.0847 1916  [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
15:44:26.0877 1916  tssecsrv - ok
15:44:26.0908 1916  [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
15:44:26.0936 1916  tunnel - ok
15:44:26.0958 1916  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
15:44:26.0968 1916  uagp35 - ok
15:44:26.0993 1916  [ D47BAEAD86C65D4F4069D7CE0A4EDCEB ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
15:44:27.0035 1916  udfs - ok
15:44:27.0048 1916  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
15:44:27.0059 1916  UI0Detect - ok
15:44:27.0087 1916  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\DRIVERS\uliagpkx.sys
15:44:27.0097 1916  uliagpkx - ok
15:44:27.0113 1916  [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
15:44:27.0167 1916  umbus - ok
15:44:27.0193 1916  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
15:44:27.0208 1916  UmPass - ok
15:44:27.0235 1916  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
15:44:27.0268 1916  upnphost - ok
15:44:27.0298 1916  [ 43228F8EDD1B0BCDD3145AD246E63D39 ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
15:44:27.0313 1916  USBAAPL64 ( UnsignedFile.Multi.Generic ) - warning
15:44:27.0313 1916  USBAAPL64 - detected UnsignedFile.Multi.Generic (1)
15:44:27.0352 1916  [ 7B6A127C93EE590E4D79A5F2A76FE46F ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
15:44:27.0383 1916  usbccgp - ok
15:44:27.0399 1916  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\DRIVERS\usbcir.sys
15:44:27.0425 1916  usbcir - ok
15:44:27.0459 1916  [ 92969BA5AC44E229C55A332864F79677 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
15:44:27.0488 1916  usbehci - ok
15:44:27.0502 1916  [ E7DF1CFD28CA86B35EF5ADD0735CEEF3 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
15:44:27.0520 1916  usbhub - ok
15:44:27.0532 1916  [ F1BB1E55F1E7A65C5839CCC7B36D773E ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
15:44:27.0554 1916  usbohci - ok
15:44:27.0570 1916  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
15:44:27.0589 1916  usbprint - ok
15:44:27.0610 1916  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
15:44:27.0621 1916  usbscan - ok
15:44:27.0638 1916  [ F39983647BC1F3E6100778DDFE9DCE29 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:44:27.0648 1916  USBSTOR - ok
15:44:27.0717 1916  [ BC3070350A491D84B518D7CCA9ABD36F ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
15:44:27.0751 1916  usbuhci - ok
15:44:27.0777 1916  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
15:44:27.0842 1916  UxSms - ok
15:44:27.0853 1916  [ 156F6159457D0AA7E59B62681B56EB90 ] VaultSvc        C:\Windows\system32\lsass.exe
15:44:27.0863 1916  VaultSvc - ok
15:44:27.0870 1916  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\DRIVERS\vdrvroot.sys
15:44:27.0879 1916  vdrvroot - ok
15:44:27.0922 1916  [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds             C:\Windows\System32\vds.exe
15:44:27.0946 1916  vds - ok
15:44:27.0959 1916  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
15:44:27.0970 1916  vga - ok
15:44:27.0979 1916  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
15:44:28.0021 1916  VgaSave - ok
15:44:28.0035 1916  [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp           C:\Windows\system32\DRIVERS\vhdmp.sys
15:44:28.0047 1916  vhdmp - ok
15:44:28.0059 1916  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\DRIVERS\viaide.sys
15:44:28.0067 1916  viaide - ok
15:44:28.0078 1916  [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr          C:\Windows\system32\DRIVERS\volmgr.sys
15:44:28.0088 1916  volmgr - ok
15:44:28.0105 1916  [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
15:44:28.0118 1916  volmgrx - ok
15:44:28.0132 1916  [ 9E425AC5C9A5A973273D169F43B4F5E1 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
15:44:28.0145 1916  volsnap - ok
15:44:28.0170 1916  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
15:44:28.0181 1916  vsmraid - ok
15:44:28.0225 1916  [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS             C:\Windows\system32\vssvc.exe
15:44:28.0259 1916  VSS - ok
15:44:28.0273 1916  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
15:44:28.0285 1916  vwifibus - ok
15:44:28.0296 1916  [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
15:44:28.0308 1916  vwifimp - ok
15:44:28.0326 1916  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
15:44:28.0357 1916  W32Time - ok
15:44:28.0364 1916  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
15:44:28.0386 1916  WacomPen - ok
15:44:28.0418 1916  [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
15:44:28.0479 1916  WANARP - ok
15:44:28.0484 1916  [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
15:44:28.0520 1916  Wanarpv6 - ok
15:44:28.0547 1916  [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine        C:\Windows\system32\wbengine.exe
15:44:28.0580 1916  wbengine - ok
15:44:28.0596 1916  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
15:44:28.0612 1916  WbioSrvc - ok
15:44:28.0629 1916  [ DD1BAE8EBFC653824D29CCF8C9054D68 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
15:44:28.0656 1916  wcncsvc - ok
15:44:28.0666 1916  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:44:28.0676 1916  WcsPlugInService - ok
15:44:28.0692 1916  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
15:44:28.0701 1916  Wd - ok
15:44:28.0732 1916  [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
15:44:28.0751 1916  Wdf01000 - ok
15:44:28.0762 1916  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
15:44:28.0789 1916  WdiServiceHost - ok
15:44:28.0792 1916  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
15:44:28.0806 1916  WdiSystemHost - ok
15:44:28.0827 1916  [ 733006127F235BE7C35354EBEE7B9A7B ] WebClient       C:\Windows\System32\webclnt.dll
15:44:28.0841 1916  WebClient - ok
15:44:28.0857 1916  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
15:44:28.0892 1916  Wecsvc - ok
15:44:28.0905 1916  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
15:44:28.0940 1916  wercplsupport - ok
15:44:28.0970 1916  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
15:44:29.0055 1916  WerSvc - ok
15:44:29.0072 1916  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
15:44:29.0104 1916  WfpLwf - ok
15:44:29.0121 1916  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
15:44:29.0129 1916  WIMMount - ok
15:44:29.0144 1916  WinDefend - ok
15:44:29.0151 1916  WinHttpAutoProxySvc - ok
15:44:29.0194 1916  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
15:44:29.0274 1916  Winmgmt - ok
15:44:29.0336 1916  [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM           C:\Windows\system32\WsmSvc.dll
15:44:29.0404 1916  WinRM - ok
15:44:29.0455 1916  [ 817EAFF5D38674EDD7713B9DFB8E9791 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
15:44:29.0497 1916  WinUsb - ok
15:44:29.0546 1916  [ 0F695800783C3F9E577B94BF1E71D95A ] WLANBelkinService C:\Program Files (x86)\Belkin\F7D4101\V1\wlansrv.exe
15:44:29.0565 1916  WLANBelkinService ( UnsignedFile.Multi.Generic ) - warning
15:44:29.0565 1916  WLANBelkinService - detected UnsignedFile.Multi.Generic (1)
15:44:29.0619 1916  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
15:44:29.0673 1916  Wlansvc - ok
15:44:29.0717 1916  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
15:44:29.0762 1916  WmiAcpi - ok
15:44:29.0801 1916  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
15:44:29.0840 1916  wmiApSrv - ok
15:44:29.0870 1916  WMPNetworkSvc - ok
15:44:29.0879 1916  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
15:44:29.0894 1916  WPCSvc - ok
15:44:29.0918 1916  [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
15:44:29.0942 1916  WPDBusEnum - ok
15:44:29.0951 1916  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
15:44:30.0001 1916  ws2ifsl - ok
15:44:30.0019 1916  [ 8F9F3969933C02DA96EB0F84576DB43E ] wscsvc          C:\Windows\System32\wscsvc.dll
15:44:30.0029 1916  wscsvc - ok
15:44:30.0032 1916  WSearch - ok
15:44:30.0102 1916  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
15:44:30.0154 1916  wuauserv - ok
15:44:30.0167 1916  [ 7CADC74271DD6461C452C271B30BD378 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
15:44:30.0194 1916  WudfPf - ok
15:44:30.0214 1916  [ 3B197AF0FFF08AA66B6B2241CA538D64 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
15:44:30.0243 1916  WUDFRd - ok
15:44:30.0253 1916  [ B551D6637AA0E132C18AC6E504F7B79B ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
15:44:30.0327 1916  wudfsvc - ok
15:44:30.0344 1916  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
15:44:30.0376 1916  WwanSvc - ok
15:44:30.0413 1916  ================ Scan global ===============================
15:44:30.0429 1916  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
15:44:30.0449 1916  [ 3FB74FF230B5D240A57AE1C4A3D0459D ] C:\Windows\system32\winsrv.dll
15:44:30.0455 1916  [ 3FB74FF230B5D240A57AE1C4A3D0459D ] C:\Windows\system32\winsrv.dll
15:44:30.0476 1916  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
15:44:30.0502 1916  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
15:44:30.0505 1916  [Global] - ok
15:44:30.0506 1916  ================ Scan MBR ==================================
15:44:30.0512 1916  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
15:44:30.0740 1916  \Device\Harddisk0\DR0 - ok
15:44:30.0741 1916  ================ Scan VBR ==================================
15:44:30.0744 1916  [ FB595BB097173DA80B353D4C190FE6BC ] \Device\Harddisk0\DR0\Partition1
15:44:30.0746 1916  \Device\Harddisk0\DR0\Partition1 - ok
15:44:30.0772 1916  [ F850FA0AB3B21FBDF12AB15B60E5DAA9 ] \Device\Harddisk0\DR0\Partition2
15:44:30.0774 1916  \Device\Harddisk0\DR0\Partition2 - ok
15:44:30.0793 1916  [ DA33AAD63DC275869B8370726AF3B59C ] \Device\Harddisk0\DR0\Partition3
15:44:30.0795 1916  \Device\Harddisk0\DR0\Partition3 - ok
15:44:30.0795 1916  ============================================================
15:44:30.0795 1916  Scan finished
15:44:30.0795 1916  ============================================================
15:44:30.0812 1016  Detected object count: 2
15:44:30.0812 1016  Actual detected object count: 2
15:48:16.0960 1016  USBAAPL64 ( UnsignedFile.Multi.Generic ) - skipped by user
15:48:16.0960 1016  USBAAPL64 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:48:16.0962 1016  WLANBelkinService ( UnsignedFile.Multi.Generic ) - skipped by user
15:48:16.0962 1016  WLANBelkinService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:49:07.0874 3872  Deinitialize success
         


Alt 14.03.2013, 16:15   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Dauerhafte "Mail  Delivery System"-Mails - Standard

Dauerhafte "Mail Delivery System"-Mails



Bitte das richtige Log von MBAR posten

Zitat:
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.
__________________
--> Dauerhafte "Mail Delivery System"-Mails

Alt 14.03.2013, 19:10   #7
krustentier
 
Dauerhafte "Mail  Delivery System"-Mails - Standard

Dauerhafte "Mail Delivery System"-Mails



Zitat:
Zitat von cosinus Beitrag anzeigen
Bitte das richtige Log von MBAR posten
Tschuldigung, hier ist es:

Code:
ATTFilter
 Malwarebytes Anti-Rootkit BETA 1.01.0.1021
www.malwarebytes.org

Database version: v2013.03.14.06

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Alex :: RAPTORJESUS [administrator]

14.03.2013 15:19:36
mbar-log-2013-03-14 (15-19-36).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 30006
Time elapsed: 8 minute(s), 27 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
         

Alt 14.03.2013, 23:58   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Dauerhafte "Mail  Delivery System"-Mails - Standard

Dauerhafte "Mail Delivery System"-Mails



Unauffällig. Bekommst du noch weitere solcher Mails nachdem das Passwort geändert wurde?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 15.03.2013, 22:35   #9
krustentier
 
Dauerhafte "Mail  Delivery System"-Mails - Standard

Dauerhafte "Mail Delivery System"-Mails



Zitat:
Zitat von cosinus Beitrag anzeigen
Unauffällig. Bekommst du noch weitere solcher Mails nachdem das Passwort geändert wurde?
Weitaus weniger, aber ja.

Alt 15.03.2013, 22:41   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Dauerhafte "Mail  Delivery System"-Mails - Standard

Dauerhafte "Mail Delivery System"-Mails



Wenn das Passwort geändert wurde und somit die Möglichkeit, dass Kriminelle dein Konto missbräuchlich verwenden können ausgeschlossen ist, dann gibt es nur noch die Möglichkeit, dass die Spammer ihre Adressen fälschen. Wie bei einer Postkarte auch kannst du als Absender bei einer irgendwas draufschreiben.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 16.03.2013, 12:54   #11
krustentier
 
Dauerhafte "Mail  Delivery System"-Mails - Standard

Dauerhafte "Mail Delivery System"-Mails



Das heißt, die Mails sind gar keine "Mail Delivery System"-Mails und sollen nur so aussehen?
Oder soll ich nochmal die gleichen Tests mit meinem Netbook durchführen?

Alt 16.03.2013, 23:43   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Dauerhafte "Mail  Delivery System"-Mails - Standard

Dauerhafte "Mail Delivery System"-Mails



Du kannst nicht davon ausgehen, dass ich weiß von welchen Rechnern genau du dich überall bei deinem Konto eingeloggt hast. Natürlich kann es sein, dass einer der Rechner verseucht war und dein Passwort aufgezeichnet hat, es kann aber sein, dass dein Passwort zu einfach zu erraten war. Ebenso kann es sein, dass die Spammer einfach nur ihre Adressen fälschen oder eine beliebige Kombination aus dem Ganzen
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 18.03.2013, 10:48   #13
krustentier
 
Dauerhafte "Mail  Delivery System"-Mails - Standard

Dauerhafte "Mail Delivery System"-Mails



Okay. Da die Zahl der Mails jetzt quasi gegen 0 geht, betrachte ich die Sache mal als erledigt. Großes an dich, cosinus!

Alt 18.03.2013, 12:04   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Dauerhafte "Mail  Delivery System"-Mails - Standard

Dauerhafte "Mail Delivery System"-Mails



Ok, machen wir noch etwas Putzarbeit und Kontrolle

JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




Im Anschluss:

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Danach eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles in CODE-Tags hier in den Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 18.03.2013, 17:44   #15
krustentier
 
Dauerhafte "Mail  Delivery System"-Mails - Standard

Dauerhafte "Mail Delivery System"-Mails



Das Junkware Removal Tool will nicht recht funktionieren.
Wenn ich es als Administrator ausführe, öffnet sich ganz kurz so ein schwarzes Fenster, schließ sich aber sofort wieder. Schutzsoftware ist deaktiviert. Auch nach Neustart ändert sich nichts.

Antwort

Themen zu Dauerhafte "Mail Delivery System"-Mails
32 bit, adblock, antivir, audiograbber, autorun, avira, bho, bonjour, error, failed, fehler, firefox, flash player, helper, home, homepage, install.exe, mail delivery, object, panda usb vaccine, prozess, realtek, registry, rundll, scan, senden, software, svchost.exe, system, trojaner, windows



Ähnliche Themen: Dauerhafte "Mail Delivery System"-Mails


  1. Massen E-mails Mail Delivery System
    Plagegeister aller Art und deren Bekämpfung - 29.09.2015 (4)
  2. Bekomme massen E-Mail "This message was created automatically by mail delivery software."
    Plagegeister aller Art und deren Bekämpfung - 31.08.2015 (2)
  3. Unzählige Emails mit dem Betreff "Mail Delivery System <MAILER-DAEMON@XXX.info>" erhalten
    Plagegeister aller Art und deren Bekämpfung - 21.03.2015 (15)
  4. Windows 7 - ich erhalte ca. 2 x pro Woche ein Paket "Mail-delivery-failures"
    Plagegeister aller Art und deren Bekämpfung - 24.09.2014 (25)
  5. Mail Delivery System Mails... Mail-Konto gehackt?
    Plagegeister aller Art und deren Bekämpfung - 06.03.2014 (7)
  6. Ständige Spam Mails im Minutentakt "Mail Delivery System"
    Überwachung, Datenschutz und Spam - 16.02.2014 (17)
  7. "Mail delivery failed: returning message to sender" bei web.de
    Log-Analyse und Auswertung - 28.01.2014 (1)
  8. "Mail Delivery System" - Spam-Emails
    Überwachung, Datenschutz und Spam - 17.01.2014 (3)
  9. Windows 7; Brief Telekom: Sicherheitswarnung Internetzugang; 3 Trojaner ; mehrer Emails "Mail Delivery System" auch nach Passwordänderung
    Plagegeister aller Art und deren Bekämpfung - 04.09.2013 (28)
  10. Postfach überschwemmt mit: "Mail Delivery Failed [...]" (GMX)
    Plagegeister aller Art und deren Bekämpfung - 12.03.2013 (0)
  11. E-Mail "Mail Delivery System" hundertfach im Posteingang
    Plagegeister aller Art und deren Bekämpfung - 15.01.2013 (13)
  12. "Mail delivery failed" häuft sich im Posteingang
    Log-Analyse und Auswertung - 17.11.2012 (9)
  13. Noch ein Fall von "Mail delivery failed: returning message to sender"
    Plagegeister aller Art und deren Bekämpfung - 10.10.2012 (2)
  14. Mail Delivery System Mails
    Plagegeister aller Art und deren Bekämpfung - 17.02.2012 (1)
  15. Verdacht auf Spam-Bot an meinem PC (Hunderte Mail Delivery System-Mails)
    Log-Analyse und Auswertung - 21.06.2011 (4)
  16. Heute schon über 30 "Mail Delivery System "Mail Delivery System" Mail bekommen
    Log-Analyse und Auswertung - 26.05.2008 (4)
  17. tausende E-mails mit Mail Delivery System
    Plagegeister aller Art und deren Bekämpfung - 03.08.2007 (7)

Zum Thema Dauerhafte "Mail Delivery System"-Mails - Moin, ich kriege seit einiger Zeit regelmäßig Mails auf mein Mailkonto die besagen, dass eine von mir verschickte Mail nicht zugestellt werden konnte, bzw dass der Adressent nicht existiert. Die - Dauerhafte "Mail Delivery System"-Mails...
Archiv
Du betrachtest: Dauerhafte "Mail Delivery System"-Mails auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.