| |
| |||||||
Log-Analyse und Auswertung: Hotmail-Account verschickt eigenständig Spam-Mails an KontakteWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
26.04.2013, 12:16
| #1 |
| |  Hotmail-Account verschickt eigenständig Spam-Mails an Kontakte Hallo, von meinem (eigentlich gelöschten) Hotmail-Account werden Spam Mails an meine Kontakte versendet (Betreff ist leer, Mail enthält nur einen Link). Würde mich freuen wenn ihr mich bei der Suche nach der Ursache unterstützt. Hier der Header der Spam-Mail: Code:
ATTFilter Return-Path: dummy***0@hotmail.de
Received: from bay0-omc2-s1.bay0.hotmail.com ([65.54.190.76]) by mx-ha.gmx.net (mxgmx105) with ESMTP (Nemesis) id 0M3dPh-1Ulloi47BR-00rDTl for <dummy***1@gmx.de>; Mon, 22 Apr 2013 13:27:10 +0200
Received: from BAY002-M81 ([65.54.190.125]) by bay0-omc2-s1.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.4675); Mon, 22 Apr 2013 04:27:08 -0700
X-EIP: [Eh1Ve7NqIsXUlE3V934ZL8LY0FKcgoJQ]
X-Originating-Email: [dummy***0@hotmail.de]
Message-ID: <BAY002-M811225F3B2379E91F87B4BDFCB0@phx.gbl>
Content-Type: multipart/alternative; boundary=_00916399-9806-41fe-876e-9ba278eb9ae6_
From: dummy***0@hotmail.de
To: ***
Subject:
Date: Mon, 22 Apr 2013 13:27:08 +0200
Importance: Normal
MIME-Version: 1.0
X-OriginalArrivalTime: 22 Apr 2013 11:27:08.0625 (UTC) FILETIME=[53332C10:01CE3F4C]
Envelope-To: <dummy***1@gmx.de>
X-GMX-Antispam: 6 (nemesis text pattern profiler); Detail=V3;
X-GMX-Antivirus: 0 (no virus found)
Hier die Log-Files der initialen Scans: OTL.txt Code:
ATTFilter OTL logfile created on: 26.04.2013 11:22:51 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Sylvi\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 1,69 Gb Available Physical Memory | 56,31% Memory free 6,21 Gb Paging File | 4,77 Gb Available in Paging File | 76,83% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 144,09 Gb Total Space | 82,97 Gb Free Space | 57,59% Space Free | Partition Type: NTFS Drive D: | 144,00 Gb Total Space | 143,91 Gb Free Space | 99,94% Space Free | Partition Type: NTFS Computer Name: ***-LAPTOP | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\***\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Windows\System32\spool\drivers\w32x86\3\E_TATIH3E.EXE (SEIKO EPSON CORPORATION) PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Nokia\Nokia Suite\NokiaSuite.exe (Nokia) PRC - C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia) PRC - C:\Programme\PC Connectivity Solution\Transports\NclUSBSrv.exe (Nokia) PRC - C:\Programme\Ask.com\Updater\Updater.exe (Ask) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\EPSON Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) PRC - C:\Windows\System32\Macromed\Flash\FlashUtil10e.exe (Adobe Systems, Inc.) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\conime.exe (Microsoft Corporation) PRC - C:\Programme\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe (Samsung Electronics Co., Ltd.) PRC - C:\Programme\Samsung\Easy Display Manager\dmhkcore.exe (SAMSUNG Electronics) PRC - C:\Programme\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe (Samsung Electronics Co., Ltd.) PRC - C:\Programme\Samsung\EBM\EasyBatteryMgr3.exe (SAMSUNG Electronics co., LTD.) PRC - C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) PRC - C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) PRC - C:\Programme\Samsung\Samsung Update Plus\SLUTrayNotifier.exe () PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) PRC - C:\Programme\Lexmark 8300 Series\ezprint.exe (Lexmark International Inc.) PRC - C:\Programme\Lexmark 8300 Series\lxcjmon.exe (Lexmark International, Inc.) PRC - C:\Windows\System32\lxcjcoms.exe ( ) PRC - C:\Windows\Samsung\PanelMgr\SSMMgr.exe () ========== Modules (No Company Name) ========== MOD - C:\Programme\Nokia\Nokia Suite\phonon4.dll () MOD - C:\Programme\Nokia\Nokia Suite\QtXmlPatterns4.dll () MOD - C:\Programme\Nokia\Nokia Suite\QtXml4.dll () MOD - C:\Programme\Nokia\Nokia Suite\QtWebKit4.dll () MOD - C:\Programme\Nokia\Nokia Suite\QtSql4.dll () MOD - C:\Programme\Nokia\Nokia Suite\QtScript4.dll () MOD - C:\Programme\Nokia\Nokia Suite\QtOpenGL4.dll () MOD - C:\Programme\Nokia\Nokia Suite\QtGui4.dll () MOD - C:\Programme\Nokia\Nokia Suite\QtNetwork4.dll () MOD - C:\Programme\Nokia\Nokia Suite\QtMultimediaKit1.dll () MOD - C:\Programme\Nokia\Nokia Suite\QtDeclarative4.dll () MOD - C:\Programme\Nokia\Nokia Suite\QtCore4.dll () MOD - C:\Programme\Nokia\Nokia Suite\sqldrivers\qsqlite4.dll () MOD - C:\Programme\Nokia\Nokia Suite\Imageformats\qjpeg4.dll () MOD - C:\Programme\Nokia\Nokia Suite\Imageformats\qico4.dll () MOD - C:\Programme\Nokia\Nokia Suite\Imageformats\qgif4.dll () MOD - C:\Programme\Nokia\Nokia Suite\NService.dll () MOD - C:\Programme\Nokia\Nokia Suite\CommonUpdateChecker.dll () MOD - C:\Programme\Nokia\Nokia Suite\ssoengine.dll () MOD - C:\Programme\Nokia\Nokia Suite\securestorage.dll () MOD - C:\Programme\Nokia\Nokia Suite\mediaservice\dsengine.dll () MOD - C:\Programme\Samsung\Samsung Update Plus\SLUTrayNotifier.exe () MOD - C:\Programme\Common Files\LightScribe\QtGui4.dll () MOD - C:\Programme\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll () MOD - C:\Programme\Common Files\LightScribe\QtCore4.dll () MOD - C:\Windows\Samsung\PanelMgr\SSMMgr.exe () MOD - C:\Programme\Samsung\Samsung Magic Doctor\HookDllPS2.dll () MOD - C:\Programme\Samsung\EasySpeedUpManager\HookDllPS2.dll () MOD - C:\Programme\Samsung\Easy Display Manager\HookDllPS2.dll () MOD - C:\Programme\Lexmark 8300 Series\lxcjdrec.dll () MOD - C:\Programme\Lexmark 8300 Series\iptk.dll () ========== Services (SafeList) ========== SRV - (ServiceLayer) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirWebService) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (EvtEng) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) SRV - (RegSrvc) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) SRV - (Samsung Update Plus) -- C:\Programme\Samsung\Samsung Update Plus\SLUBackgroundService.exe () SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (lxcj_device) -- C:\Windows\System32\lxcjcoms.exe ( ) SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (MSSQL$MSSMLBIZ) -- C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation) SRV - (SQLBrowser) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation) SRV - (SQLWriter) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation) SRV - (MSSQLServerADHelper) -- C:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (VMC302) -- System32\Drivers\VMC302.sys File not found DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH) DRV - (nmwcdnsu) -- C:\Windows\System32\drivers\nmwcdnsu.sys (Nokia) DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia) DRV - (nmwcdnsuc) -- C:\Windows\System32\drivers\nmwcdnsuc.sys (Nokia) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (VMC326) -- C:\Windows\System32\drivers\VMC326.sys (Vimicro Corporation) DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (NETw3v32) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel Corporation) DRV - (KMDFMEMIO) -- C:\Windows\System32\drivers\KMDFMEMIO.sys (SAMSUNG ELECTRONICS CO., LTD.) DRV - (SSPORT) -- C:\Windows\System32\drivers\SSPORT.SYS (Samsung Electronics) DRV - (DgiVecp) -- C:\Windows\System32\drivers\DGIVECP.SYS (Samsung Electronics Co., Ltd.) DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems) DRV - (bcm4sbxp) -- C:\Windows\System32\drivers\bcm4sbxp.sys (Broadcom Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.t-online.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\SearchScopes,DefaultScope = {9CE5FB8D-55DC-4925-BA38-97B53075E33A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{42B8115D-820C-4B25-A82A-D8BD1532396D}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=800e40be-98ba-4b07-99dc-f66361ff394e&apn_sauid=3108C686-0A1E-4796-BFAE-483F77516E0F IE - HKCU\..\SearchScopes\{9CE5FB8D-55DC-4925-BA38-97B53075E33A}: "URL" = hxxp://www.google.de/search?q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( ) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.01.08 19:59:57 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011.06.11 18:03:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2011.06.11 18:03:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKCU\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark 8300 Series\ezprint.exe (Lexmark International Inc.) O4 - HKLM..\Run: [FUFAXRCV] C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [LXCJCATS] C:\Windows\System32\spool\DRIVERS\W32X86\3\LXCJtime.DLL (Lexmark International Inc.) O4 - HKLM..\Run: [lxcjmon.exe] C:\Program Files\Lexmark 8300 Series\lxcjmon.exe (Lexmark International, Inc.) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe () O4 - HKCU..\Run: [EPLTarget\P0000000000000000] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_TATIH3E.EXE (SEIKO EPSON CORPORATION) O4 - HKCU..\Run: [EPLTarget\P0000000000000001] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_TATIH3E.EXE (SEIKO EPSON CORPORATION) O4 - HKCU..\Run: [NokiaSuite.exe] C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe (Nokia) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{52F78981-3328-4EF4-8B22-47FFE3EDFE2B}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Sylvi\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Sylvi\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{a961b98f-9890-11de-ada0-001377f2336b}\Shell\AutoRun\command - "" = F:\Menu.exe O33 - MountPoints2\E\Shell - "" = AutoRun O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\InstallNavi.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.04.04 19:00:00 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usb8023.sys [3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.04.26 11:13:46 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013.04.26 11:13:46 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013.04.26 11:12:06 | 000,675,412 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.04.26 11:12:06 | 000,633,886 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.04.26 11:12:06 | 000,146,368 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.04.26 11:12:06 | 000,118,772 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.04.26 11:10:59 | 000,145,713 | ---- | M] () -- C:\ProgramData\nvModes.001 [2013.04.26 11:10:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.04.26 09:48:38 | 3215,572,992 | -HS- | M] () -- C:\hiberfil.sys [2013.04.16 19:24:04 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.05.08 13:54:52 | 000,022,723 | ---- | C] () -- C:\Windows\System32\sugs2l3.dll [2011.05.08 13:51:43 | 000,483,328 | ---- | C] () -- C:\Windows\ssndii.exe [2011.05.08 13:49:53 | 000,026,624 | ---- | C] () -- C:\Windows\System32\spd__l3.dll [2011.05.08 13:49:51 | 000,339,968 | ---- | C] () -- C:\Windows\System32\DscPnt1.dll [2011.05.08 13:49:51 | 000,233,472 | ---- | C] () -- C:\Windows\System32\DscPnt0.dll [2011.05.08 13:49:51 | 000,229,376 | ---- | C] () -- C:\Windows\System32\DscPnt.dll [2010.01.02 11:18:46 | 000,007,168 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.03.16 02:22:18 | 000,145,713 | ---- | C] () -- C:\ProgramData\nvModes.001 [2009.03.16 02:22:11 | 000,145,713 | ---- | C] () -- C:\ProgramData\nvModes.dat ========== ZeroAccess Check ========== [2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > Code:
ATTFilter OTL Extras logfile created on: 26.04.2013 11:22:51 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,99 Gb Total Physical Memory | 1,69 Gb Available Physical Memory | 56,31% Memory free
6,21 Gb Paging File | 4,77 Gb Available in Paging File | 76,83% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,09 Gb Total Space | 82,97 Gb Free Space | 57,59% Space Free | Partition Type: NTFS
Drive D: | 144,00 Gb Total Space | 143,91 Gb Free Space | 99,94% Space Free | Partition Type: NTFS
Computer Name: ***-LAPTOP | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [CEWE FOTOSCHAU] -- "C:\Program Files\dm\dm-Fotowelt\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [dm-Fotowelt] -- "C:\Program Files\dm\dm-Fotowelt\dm-Fotowelt.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-331587386-2610647910-3138478596-1003]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00F54C23-0D9D-4BC0-8B7F-FCA560C405A1}" = lport=445 | protocol=6 | dir=in | app=system |
"{1B2497C2-9244-4CE8-A7C7-51FE7E92B2A5}" = rport=139 | protocol=6 | dir=out | app=system |
"{35FF2FE6-3A5C-47AA-9A64-2A909085B362}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=c:\windows\system32\svchost.exe |
"{4A2B3146-08CE-40B8-BDF4-85836A8148BB}" = rport=445 | protocol=6 | dir=out | app=system |
"{5053E717-6EBF-4A12-B98A-0AB7AEAEB59A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{50C73B9D-C87F-49A7-8C66-51513B24B85A}" = rport=138 | protocol=17 | dir=out | app=system |
"{53CA2DE1-2EED-48F1-851F-E0402AE3D608}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=c:\windows\system32\svchost.exe |
"{5AB6E35A-B403-4BA9-8C8F-CDAEBFFD21B5}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=c:\windows\system32\svchost.exe |
"{5E182C44-84CC-4D3C-BF28-EE7C73C7B247}" = lport=139 | protocol=6 | dir=in | app=system |
"{663AC32B-516A-418A-B91D-030082CDB9ED}" = rport=137 | protocol=17 | dir=out | app=system |
"{68121BFD-7B52-43F1-B027-08CB466590EA}" = lport=138 | protocol=17 | dir=in | app=system |
"{696CF346-7160-48D2-887E-77509FD20CC2}" = lport=1701 | protocol=17 | dir=in | app=system |
"{6E08B818-19DB-4788-A55A-4166023DA869}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=c:\windows\system32\svchost.exe |
"{711EFCDD-5798-4CBF-805E-1348617AC339}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=c:\windows\system32\svchost.exe |
"{7602E6F3-3FA1-4A49-95F0-B7356C6FE12A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{765B43BB-3454-4545-A177-D8131450FD1E}" = rport=1723 | protocol=6 | dir=out | app=system |
"{77F9C8D6-8731-4178-9F50-1D16ABF5BAA1}" = lport=445 | protocol=6 | dir=in | app=system |
"{7804D55B-3E5A-4AFF-9011-6C28CCC144A2}" = lport=443 | protocol=6 | dir=in | app=system |
"{7A54809C-C236-4C60-BD8F-456EBB252CAF}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=c:\windows\system32\svchost.exe |
"{7F751F53-15C3-4651-BE84-B56EC28A0D40}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A813F6C9-C1DD-43D1-8E07-9261B2303440}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=c:\windows\system32\svchost.exe |
"{A8850717-4E47-4132-BA21-6210BE815250}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{AB8A0AF9-A2F0-45A1-918D-876154EE2847}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{BDEB2330-DE96-4E51-B0C7-69794F1C8AE9}" = rport=1701 | protocol=17 | dir=out | app=system |
"{DD71F75F-2F5E-4E68-A599-451D0625E117}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{E5D415F8-2CD3-468C-B1B4-6536D7DE7E1A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{EC19A95D-C3AF-49CB-9FBF-EFC00A0DAD56}" = lport=1723 | protocol=6 | dir=in | app=system |
"{F09ACBD6-A8A7-4FE8-881F-F24D647B4812}" = lport=137 | protocol=17 | dir=in | app=system |
"{F5C925CD-AA26-41A9-A77B-7808701F05F3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{F734CC29-D501-42D5-8505-C82035F01FBA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{F760D1E4-0B50-4E51-B7A6-EB686E3976EF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{F7B36F81-2FF4-479D-BD74-62762FA093AF}" = lport=162 | protocol=17 | dir=in | svc=snmptrap | app=c:\windows\system32\snmptrap.exe |
"{FF2983FB-5B5B-45C8-A212-20733FBA363C}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=c:\windows\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1875C557-E160-4582-8BCB-D581EC7FC011}" = protocol=6 | dir=in | app=e:\network\epsonnetsetup\eneasyapp.exe |
"{39C3A882-2EDD-4D76-9299-C7CAA9486F02}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{3BFB8E91-B6C6-4875-931E-BEFD24B22E93}" = protocol=17 | dir=in | app=c:\windows\system32\lxcjcoms.exe |
"{3E740CEA-7484-441D-A42B-E8D40E8BF3DA}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{60A5DA3A-79C4-47E4-B7DF-67654BC4581E}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe |
"{6B76AC50-6CFF-41D1-B598-C0831F9F0CBF}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{7B942282-C231-4B4E-B8FC-FF173651B04E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{82F4D083-D7EE-4B48-BB56-10AF43B79669}" = protocol=17 | dir=in | app=e:\network\epsonnetsetup\eneasyapp.exe |
"{8841B10D-6865-4EF9-BB36-CC2FF031ABB1}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{92892DD7-429B-4ED1-B60F-F0179729E46D}" = protocol=6 | dir=out | app=system |
"{957CE3C8-960C-439B-A702-673FAA00B4BE}" = protocol=6 | dir=in | app=c:\windows\system32\supdsvc.exe |
"{AA69C5CF-12F5-42EC-B2C5-08A89854E447}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{AD57DC4D-359C-4E54-8D0D-29317AD3C4CF}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxcjpswx.exe |
"{B3B6485B-2510-4D0B-9C2B-403E2B19075E}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxcjpswx.exe |
"{B48A66D2-FC0B-4F1B-A130-227C8B9BD017}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{BA7A9EDA-9D0E-4FFC-A9E8-2FE4DA8AFBA5}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{BF3F31B0-F1B1-43CF-845F-937F01849CD3}" = protocol=17 | dir=in | app=c:\windows\system32\supdsvc.exe |
"{C12D34D6-4DD0-4227-B089-86CDC0EDFABC}" = protocol=17 | dir=in | app=c:\program files\epson software\ecprintersetup\enpapp.exe |
"{C64658BF-020A-4291-98F3-F09531E2A0B2}" = protocol=6 | dir=in | app=c:\program files\epson software\ecprintersetup\enpapp.exe |
"{D872E124-E477-4C05-A62A-F76462D21B90}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{DA7DD00D-18C6-4240-807B-D844DB8BA9C1}" = dir=in | app=c:\program files\cyberlink\powerdvd\powerdvd.exe |
"{E15BABEA-16FD-4591-BF86-C3D4C55FB693}" = protocol=6 | dir=out | app=c:\windows\system32\wudfhost.exe |
"{EFAE9A45-D4EF-4320-9539-E01CD8B5A6D5}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{F2C91E37-56A1-4CF9-9FDC-16A57917ECF1}" = protocol=6 | dir=in | app=c:\windows\system32\lxcjcoms.exe |
"{F8428E31-51B5-4738-A2CA-EC2E9248B9FD}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"TCP Query User{1E147243-FFAC-4228-A9BB-B805B9629497}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"UDP Query User{731F9092-6DE3-4BA6-87B9-53EDE2BD0842}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{004C5DA2-2051-4D25-94BA-51CF810C91EB}" = LightScribe System Software 1.12.37.1
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.0.1.6300
"{04983D37-2202-4295-94A2-8B547C66133F}" = Atheros WLAN Client
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}" = Epson FAX Utility
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution III
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{2DFB5485-A3EF-4298-9280-4AF80C9F4BE9}" = Microsoft SQL Server VSS Writer
"{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}" = Samsung Magic Doctor
"{36BEAD11-8577-49AD-9250-E06A50AE87B0}" = Microsoft SOAP Toolkit 2.0 SP2
"{3B69A712-4CBC-40B1-AE55-0203075FD093}" = Nokia Suite
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}" = Business Contact Manager für Outlook 2007
"{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}" = Easy Network Manager 3.0
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{547DCEC7-DD2A-47E9-82C7-5CF1EAB526DA}" = Microsoft SQL Server Native Client
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6F730513-8688-4C3C-90A3-6B9792CE2EF3}" = Easy Battery Manager
"{71A51B09-E7D3-11DB-A386-005056C00008}" = Vimicro UVC Camera
"{71A51B59-E7D3-11DB-A386-005056C00008}" = Namuga 1.3M Webcam
"{7390478C-8581-415E-92E9-2997D9306B81}" = PC Connectivity Solution
"{7B46F9CF-CF60-492E-816E-95EB1A9D1BB4}" = Play Camera
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8E106A57-A17E-431D-B48F-175E42EB9F74}" = imagine digital freedom - Samsung
"{8ED43F7E-A8F6-4898-AF11-B6158F2EDF94}" = Epson Event Manager
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A57025CC-5F2E-4D01-B387-06DB10500D43}" = Nokia Connectivity Cable Driver
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AC76BA86-7AD7-1031-7B44-A81200000003}" = Adobe Reader 8.1.2 - Deutsch
"{AED53CDF-1046-4C6B-B5E2-C195125ECDA0}" = Intel(R) PROSet/Wireless WiFi-Software
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}" = Epson Connect Printer Setup
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E728441A-7820-4B1C-87C9-DE7BE37B2953}" = Download Navigator
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"17D063A0A9F5D5A225B76B1D9BCB5ADBE85C8382" = Windows-Treiberpaket - Nokia pccsmcfd “LegacyDriver” (05/31/2012 7.1.2.0)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Avira AntiVir Desktop" = Avira Free Antivirus
"Business Contact Manager für Outlook 2007" = Business Contact Manager für Outlook 2007
"dm-Fotowelt" = dm-Fotowelt
"EPSON PC-FAX Driver 2" = Epson PC-FAX Driver
"EPSON Scanner" = EPSON Scan
"EPSON WP-4535 Series" = EPSON WP-4535 Series Printer Uninstall
"EPSON WP-4535 Series Netg" = Netzwerkhandbuch EPSON WP-4535 Series
"EPSON WP-4535 Series Useg" = Benutzerhandbuch EPSON WP-4535 Series
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}" = Easy Network Manager 3.0
"InstallShield_{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus
"InstallShield_{7B46F9CF-CF60-492E-816E-95EB1A9D1BB4}" = Play Camera
"Lexmark 8300 Series" = Lexmark 8300 Series
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Thunderbird 9.0.1 (x86 de)" = Mozilla Thunderbird 9.0.1 (x86 de)
"Nokia Suite" = Nokia Suite
"NVIDIA Drivers" = NVIDIA Drivers
"PROHYBRIDR" = 2007 Microsoft Office system
"ProInst" = Intel PROSet Wireless
"Samsung ML-2010 Series" = Samsung ML-2010 Series
"SynTPDeinstKey" = Synaptics Pointing Device Driver
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 17.01.2013 13:24:43 | Computer Name = ***-Laptop | Source = MSSQL$MSSMLBIZ | ID = 17826
Description = Aufgrund eines internen Fehlers in einer Netzwerkbibliothek konnte
die Netzwerkbibliothek nicht gestartet werden. Überprüfen Sie zum Bestimmen der
Ursache die diesem Fehler unmittelbar vorhergehenden Fehler im Fehlerprotokoll.
Error - 17.01.2013 13:24:43 | Computer Name = ***-Laptop | Source = MSSQL$MSSMLBIZ | ID = 17120
Description = SQL Server konnte den Thread FRunCM nicht erzeugen. Suchen Sie im
SQL Server-Fehlerprotokoll und in den Windows-Ereignisprotokollen nach Informationen
zu möglichen verwandten Problemen.
Error - 17.01.2013 13:25:39 | Computer Name = ***-Laptop | Source = WinMgmt | ID = 10
Description =
Error - 23.01.2013 14:32:34 | Computer Name = ***-Laptop | Source = MSSQL$MSSMLBIZ | ID = 17190
Description = Fehler beim Initialisieren des FallBack-Zertifikats. Fehlercode: 4.
Error - 23.01.2013 14:32:34 | Computer Name = ***-Laptop | Source = MSSQL$MSSMLBIZ | ID = 26015
Description = Das vom Benutzer angegebene Zertifikat kann nicht geladen werden.
Da die Verbindungsverschlüsselung erforderlich ist, wird vom Server keine Verbindung
akzeptiert. Überprüfen Sie, ob das Zertifikat richtig installiert ist. Lesen Sie
'Konfigurieren eines Zertifikats zur Verwendung durch SSL' in der Onlinedokumentation.
Error - 23.01.2013 14:32:34 | Computer Name = ***-Laptop | Source = MSSQL$MSSMLBIZ | ID = 17182
Description = Fehler bei der TDSSNIClient-Initialisierung. Fehler 0x80092004, Statuscode
0x80.
Error - 23.01.2013 14:32:34 | Computer Name = ***-Laptop | Source = MSSQL$MSSMLBIZ | ID = 17182
Description = Fehler bei der TDSSNIClient-Initialisierung. Fehler 0x80092004, Statuscode
0x1.
Error - 23.01.2013 14:32:34 | Computer Name = ***-Laptop | Source = MSSQL$MSSMLBIZ | ID = 17826
Description = Aufgrund eines internen Fehlers in einer Netzwerkbibliothek konnte
die Netzwerkbibliothek nicht gestartet werden. Überprüfen Sie zum Bestimmen der
Ursache die diesem Fehler unmittelbar vorhergehenden Fehler im Fehlerprotokoll.
Error - 23.01.2013 14:32:34 | Computer Name = ***-Laptop | Source = MSSQL$MSSMLBIZ | ID = 17120
Description = SQL Server konnte den Thread FRunCM nicht erzeugen. Suchen Sie im
SQL Server-Fehlerprotokoll und in den Windows-Ereignisprotokollen nach Informationen
zu möglichen verwandten Problemen.
Error - 23.01.2013 14:33:24 | Computer Name = ***-Laptop | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 07.01.2010 11:03:27 | Computer Name = ***-Laptop | Source = Service Control Manager | ID = 7000
Description =
Error - 07.01.2010 15:07:31 | Computer Name = ***-Laptop | Source = HTTP | ID = 15016
Description =
Error - 07.01.2010 15:08:02 | Computer Name = ***-Laptop | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =
Error - 07.01.2010 15:09:12 | Computer Name = ***-Laptop | Source = Service Control Manager | ID = 7000
Description =
Error - 08.01.2010 12:41:43 | Computer Name = ***-Laptop | Source = HTTP | ID = 15016
Description =
Error - 08.01.2010 12:42:20 | Computer Name = ***-Laptop | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =
Error - 08.01.2010 12:43:21 | Computer Name = ***-Laptop | Source = Service Control Manager | ID = 7000
Description =
Error - 09.01.2010 10:42:34 | Computer Name = ***-Laptop | Source = HTTP | ID = 15016
Description =
Error - 09.01.2010 10:43:10 | Computer Name = ***-Laptop | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =
Error - 09.01.2010 10:44:12 | Computer Name = ***-Laptop | Source = Service Control Manager | ID = 7000
Description =
< End of report >
Vielen Dank und beste Grüße... |
|
26.04.2013, 15:22
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Hotmail-Account verschickt eigenständig Spam-Mails an Kontakte Hallo und
__________________ Wurde das Passwort von einem sauberen Rechner aus schon geändert? Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die jemals fündig geworden? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!  Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
26.04.2013, 16:28
| #3 |
| | Hotmail-Account verschickt eigenständig Spam-Mails an Kontakte Hallo cosinus,
__________________ja das Passwort wurde vor dem Löschen des Accounts bei Hotmail nochmal geändert. Seitdem wurde von mir nicht mehr auf den Account zugegriffen. Ob der Rechner damals allerdings sauber war weiß ich nicht (war vor ca. 6 Monaten), kann auch sein dass ich mit dem Passwort per Webmail von verschiedenen Rechnern aus angemeldet war. Soll ich es nochmal ändern von nem Gerät das sicher sauber ist? Malwarebytes hat wie gesagt nichts gefunden und bei Avira ist auch kein Fund im Log. Danke und Grüße... |
|
26.04.2013, 16:31
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Hotmail-Account verschickt eigenständig Spam-Mails an Kontakte Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Rootkitscan mit GMER Bitte lade dir  GMER herunter: (Dateiname zufällig)
Tauchen Probleme auf?
Anschließend bitte MBAR ausführen: Malwarebytes Anti-Rootkit (MBAR) Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
26.04.2013, 18:28
| #5 |
| | Hotmail-Account verschickt eigenständig Spam-Mails an Kontakte Hi, hier die Ergebnisse der Scans mit GMER und MBAR Gmer Wenn ich es im normalen Modus starte stürzt es ab. Auch wenn ich das Häkchen bei Devices rausmache. Allerdings macht das Programm anscheinend beim Start (bevor ich den eigentlichen Scan starte) schon nen kleinen Mini-Scan. Das Log-File dazu sieht so aus: Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit quick scan 2013-04-26 18:24:44
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD32 rev.11.0 298,09GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Sylvi\AppData\Local\Temp\pglyrpog.sys
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- Devices - GMER 2.1 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys
---- EOF - GMER 2.1 ----
Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-04-26 18:18:55
Windows 6.0.6002 Service Pack 2
Running: gmer_2.1.19163.exe
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0002787923ce
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001fe1f37b91
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001fe1f5d89c
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002269cdd0c4
Reg HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance@Last Counter 5934
Reg HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance@Last Help 5935
Reg HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance@Object List 5740 5746 5758 5768 5778 5798 5842 5852 5890 5896 5912 5920
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0002787923ce (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001fe1f37b91 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001fe1f5d89c (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\002269cdd0c4 (not active ControlSet)
---- EOF - GMER 2.1 ----
Mbar lief komplett durch hat aber nichts gefunden. Log: Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org
Database version: v2013.04.26.04
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
*** :: ***-LAPTOP [administrator]
26.04.2013 18:40:19
mbar-log-2013-04-26 (18-40-19).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 28292
Time elapsed: 12 minute(s),
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
|
|
26.04.2013, 23:05
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Hotmail-Account verschickt eigenständig Spam-Mails an Kontakte aswMBR Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). TDSS-Killer Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ --> Hotmail-Account verschickt eigenständig Spam-Mails an Kontakte |
|
27.04.2013, 14:50
| #7 |
| | Hotmail-Account verschickt eigenständig Spam-Mails an Kontakte Hi, hier die beiden Logs. Es wurden keine Funde gemeldet. aswMBR Code:
ATTFilter aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-04-27 14:49:12
-----------------------------
14:49:12.186 OS Version: Windows 6.0.6002 Service Pack 2
14:49:12.186 Number of processors: 2 586 0xF0D
14:49:12.187 ComputerName: ***-LAPTOP UserName: ***
14:49:13.666 Initialize success
15:13:48.895 AVAST engine defs: 13042700
15:21:45.712 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
15:21:45.716 Disk 0 Vendor: WDC_WD32 11.0 Size: 305245MB BusType: 3
15:21:45.823 Disk 0 MBR read successfully
15:21:45.827 Disk 0 MBR scan
15:21:45.850 Disk 0 unknown MBR code
15:21:45.871 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 10240 MB offset 2048
15:21:45.889 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 147548 MB offset 20973568
15:21:45.917 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 147455 MB offset 323151872
15:21:45.926 Disk 0 scanning sectors +625139712
15:21:46.000 Disk 0 scanning C:\Windows\system32\drivers
15:21:57.158 Service scanning
15:22:22.491 Modules scanning
15:22:26.879 Disk 0 trace - called modules:
15:22:26.888
15:22:27.812 AVAST engine scan C:\Windows
15:22:31.507 AVAST engine scan C:\Windows\system32
15:25:26.481 AVAST engine scan C:\Windows\system32\drivers
15:25:42.254 AVAST engine scan C:\Users\***
15:40:46.535 AVAST engine scan C:\ProgramData
15:41:15.214 Scan finished successfully
15:43:28.742 Disk 0 MBR has been saved successfully to "C:\Users\***\Desktop\MBR.dat"
15:43:28.749 The log file has been saved successfully to "C:\Users\***\Desktop\aswMBR.txt"
Code:
ATTFilter 15:44:13.0763 3216 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
15:44:14.0417 3216 ============================================================
15:44:14.0418 3216 Current date / time: 2013/04/27 15:44:14.0417
15:44:14.0418 3216 SystemInfo:
15:44:14.0418 3216
15:44:14.0418 3216 OS Version: 6.0.6002 ServicePack: 2.0
15:44:14.0418 3216 Product type: Workstation
15:44:14.0418 3216 ComputerName: ***-LAPTOP
15:44:14.0418 3216 UserName: ***
15:44:14.0418 3216 Windows directory: C:\Windows
15:44:14.0418 3216 System windows directory: C:\Windows
15:44:14.0418 3216 Processor architecture: Intel x86
15:44:14.0418 3216 Number of processors: 2
15:44:14.0418 3216 Page size: 0x1000
15:44:14.0418 3216 Boot type: Normal boot
15:44:14.0418 3216 ============================================================
15:44:14.0824 3216 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
15:44:14.0826 3216 ============================================================
15:44:14.0826 3216 \Device\Harddisk0\DR0:
15:44:14.0826 3216 MBR partitions:
15:44:14.0826 3216 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1400800, BlocksNum 0x1202E000
15:44:14.0826 3216 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1342E800, BlocksNum 0x11FFF800
15:44:14.0826 3216 ============================================================
15:44:14.0857 3216 C: <-> \Device\Harddisk0\DR0\Partition1
15:44:14.0909 3216 D: <-> \Device\Harddisk0\DR0\Partition2
15:44:14.0910 3216 ============================================================
15:44:14.0910 3216 Initialize success
15:44:14.0910 3216 ============================================================
15:44:21.0570 1576 ============================================================
15:44:21.0570 1576 Scan started
15:44:21.0570 1576 Mode: Manual;
15:44:21.0570 1576 ============================================================
15:44:33.0280 1576 ================ Scan system memory ========================
15:44:33.0280 1576 System memory - ok
15:44:33.0280 1576 ================ Scan services =============================
15:44:33.0432 1576 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
15:44:33.0438 1576 ACPI - ok
15:44:33.0487 1576 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
15:44:33.0497 1576 adp94xx - ok
15:44:33.0526 1576 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys
15:44:33.0533 1576 adpahci - ok
15:44:33.0571 1576 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
15:44:33.0574 1576 adpu160m - ok
15:44:33.0616 1576 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
15:44:33.0621 1576 adpu320 - ok
15:44:33.0666 1576 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
15:44:33.0667 1576 AeLookupSvc - ok
15:44:33.0724 1576 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
15:44:33.0731 1576 AFD - ok
15:44:33.0798 1576 [ CE91B158FA490CF4C4D487A4130F4660 ] AgereSoftModem C:\Windows\system32\DRIVERS\AGRSM.sys
15:44:33.0833 1576 AgereSoftModem - ok
15:44:33.0899 1576 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys
15:44:33.0901 1576 agp440 - ok
15:44:33.0928 1576 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
15:44:33.0931 1576 aic78xx - ok
15:44:33.0951 1576 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
15:44:33.0953 1576 ALG - ok
15:44:34.0008 1576 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys
15:44:34.0009 1576 aliide - ok
15:44:34.0035 1576 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys
15:44:34.0036 1576 amdagp - ok
15:44:34.0059 1576 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys
15:44:34.0060 1576 amdide - ok
15:44:34.0087 1576 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
15:44:34.0089 1576 AmdK7 - ok
15:44:34.0110 1576 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
15:44:34.0112 1576 AmdK8 - ok
15:44:34.0228 1576 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
15:44:34.0231 1576 AntiVirSchedulerService - ok
15:44:34.0284 1576 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
15:44:34.0287 1576 AntiVirService - ok
15:44:34.0319 1576 [ 676894FA57B671FEC5C3F05F8929E03B ] AntiVirWebService C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
15:44:34.0337 1576 AntiVirWebService - ok
15:44:34.0373 1576 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
15:44:34.0374 1576 Appinfo - ok
15:44:34.0425 1576 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys
15:44:34.0427 1576 arc - ok
15:44:34.0462 1576 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys
15:44:34.0464 1576 arcsas - ok
15:44:34.0499 1576 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
15:44:34.0500 1576 AsyncMac - ok
15:44:34.0524 1576 [ 2D9C903DC76A66813D350A562DE40ED9 ] atapi C:\Windows\system32\drivers\atapi.sys
15:44:34.0526 1576 atapi - ok
15:44:34.0606 1576 [ 600EFE56F37ADBD65A0FB076B50D1B8D ] athr C:\Windows\system32\DRIVERS\athr.sys
15:44:34.0640 1576 athr - ok
15:44:34.0701 1576 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:44:34.0707 1576 AudioEndpointBuilder - ok
15:44:34.0723 1576 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
15:44:34.0728 1576 Audiosrv - ok
15:44:34.0772 1576 [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
15:44:34.0775 1576 avgntflt - ok
15:44:34.0808 1576 [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
15:44:34.0811 1576 avipbb - ok
15:44:34.0833 1576 [ 53E56450DA16A1A7F0D002F511113F67 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
15:44:34.0835 1576 avkmgr - ok
15:44:34.0886 1576 [ 08015D34F6FDD0B355805BAD978497C3 ] bcm4sbxp C:\Windows\system32\DRIVERS\bcm4sbxp.sys
15:44:34.0888 1576 bcm4sbxp - ok
15:44:34.0906 1576 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
15:44:34.0907 1576 Beep - ok
15:44:34.0955 1576 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
15:44:34.0961 1576 BFE - ok
15:44:35.0022 1576 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\System32\qmgr.dll
15:44:35.0056 1576 BITS - ok
15:44:35.0082 1576 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
15:44:35.0084 1576 blbdrive - ok
15:44:35.0116 1576 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
15:44:35.0118 1576 bowser - ok
15:44:35.0149 1576 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
15:44:35.0150 1576 BrFiltLo - ok
15:44:35.0165 1576 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
15:44:35.0165 1576 BrFiltUp - ok
15:44:35.0206 1576 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
15:44:35.0208 1576 Browser - ok
15:44:35.0227 1576 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
15:44:35.0229 1576 Brserid - ok
15:44:35.0254 1576 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
15:44:35.0256 1576 BrSerWdm - ok
15:44:35.0274 1576 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
15:44:35.0275 1576 BrUsbMdm - ok
15:44:35.0293 1576 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
15:44:35.0294 1576 BrUsbSer - ok
15:44:35.0337 1576 [ DA7B195275BDA7F8FCF79B40E0F45DDE ] BthEnum C:\Windows\system32\DRIVERS\BthEnum.sys
15:44:35.0338 1576 BthEnum - ok
15:44:35.0357 1576 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
15:44:35.0376 1576 BTHMODEM - ok
15:44:35.0402 1576 [ 5904EFA25F829BF84EA6FB045134A1D8 ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
15:44:35.0405 1576 BthPan - ok
15:44:35.0437 1576 [ 73D53F8E90550BA81E2CF44A0873B410 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys
15:44:35.0442 1576 BTHPORT - ok
15:44:35.0478 1576 [ A4C8377FA4A994E07075107DBE2E3DCE ] BthServ C:\Windows\System32\bthserv.dll
15:44:35.0480 1576 BthServ - ok
15:44:35.0514 1576 [ 32045A4BB143BBC5BAB1298C4E9E309A ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
15:44:35.0515 1576 BTHUSB - ok
15:44:35.0576 1576 [ 3EA1A20DC0CA1AD23E7AA8C37A91BCD1 ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
15:44:35.0578 1576 btwaudio - ok
15:44:35.0597 1576 [ 195872E48A7FB01F8BC9B800F70F4054 ] btwavdt C:\Windows\system32\drivers\btwavdt.sys
15:44:35.0601 1576 btwavdt - ok
15:44:35.0631 1576 [ 0724E7D6C9B6A289EDDDA33FA8176E80 ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
15:44:35.0632 1576 btwrchid - ok
15:44:35.0666 1576 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
15:44:35.0668 1576 cdfs - ok
15:44:35.0739 1576 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
15:44:35.0741 1576 cdrom - ok
15:44:35.0785 1576 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
15:44:35.0787 1576 CertPropSvc - ok
15:44:35.0809 1576 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\drivers\circlass.sys
15:44:35.0810 1576 circlass - ok
15:44:35.0846 1576 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
15:44:35.0853 1576 CLFS - ok
15:44:35.0892 1576 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:44:35.0896 1576 clr_optimization_v2.0.50727_32 - ok
15:44:35.0941 1576 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
15:44:35.0942 1576 CmBatt - ok
15:44:35.0959 1576 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys
15:44:35.0961 1576 cmdide - ok
15:44:35.0971 1576 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
15:44:35.0972 1576 Compbatt - ok
15:44:35.0982 1576 COMSysApp - ok
15:44:35.0995 1576 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
15:44:35.0996 1576 crcdisk - ok
15:44:36.0022 1576 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys
15:44:36.0023 1576 Crusoe - ok
15:44:36.0085 1576 [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc C:\Windows\system32\cryptsvc.dll
15:44:36.0088 1576 CryptSvc - ok
15:44:36.0140 1576 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
15:44:36.0162 1576 DcomLaunch - ok
15:44:36.0207 1576 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
15:44:36.0210 1576 DfsC - ok
15:44:36.0304 1576 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
15:44:36.0372 1576 DFSR - ok
15:44:36.0418 1576 [ 770471DE2550820FEEB7E5D24BF2E273 ] DgiVecp C:\Windows\system32\Drivers\DgiVecp.sys
15:44:36.0419 1576 DgiVecp - ok
15:44:36.0483 1576 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
15:44:36.0489 1576 Dhcp - ok
15:44:36.0516 1576 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
15:44:36.0517 1576 disk - ok
15:44:36.0549 1576 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
15:44:36.0552 1576 Dnscache - ok
15:44:36.0582 1576 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
15:44:36.0587 1576 dot3svc - ok
15:44:36.0631 1576 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
15:44:36.0634 1576 DPS - ok
15:44:36.0670 1576 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
15:44:36.0671 1576 drmkaud - ok
15:44:36.0727 1576 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
15:44:36.0749 1576 DXGKrnl - ok
15:44:36.0774 1576 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
15:44:36.0778 1576 E1G60 - ok
15:44:36.0800 1576 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
15:44:36.0803 1576 EapHost - ok
15:44:36.0857 1576 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
15:44:36.0861 1576 Ecache - ok
15:44:36.0928 1576 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
15:44:36.0936 1576 ehRecvr - ok
15:44:36.0954 1576 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
15:44:36.0956 1576 ehSched - ok
15:44:36.0967 1576 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
15:44:36.0968 1576 ehstart - ok
15:44:37.0018 1576 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys
15:44:37.0026 1576 elxstor - ok
15:44:37.0085 1576 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
15:44:37.0106 1576 EMDMgmt - ok
15:44:37.0132 1576 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys
15:44:37.0133 1576 ErrDev - ok
15:44:37.0178 1576 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
15:44:37.0184 1576 EventSystem - ok
15:44:37.0251 1576 [ 2D41D7250F73272946DE04FF7A19761E ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
15:44:37.0274 1576 EvtEng - ok
15:44:37.0328 1576 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
15:44:37.0330 1576 exfat - ok
15:44:37.0362 1576 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
15:44:37.0395 1576 fastfat - ok
15:44:37.0439 1576 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
15:44:37.0441 1576 fdc - ok
15:44:37.0472 1576 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
15:44:37.0475 1576 fdPHost - ok
15:44:37.0493 1576 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
15:44:37.0496 1576 FDResPub - ok
15:44:37.0530 1576 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
15:44:37.0533 1576 FileInfo - ok
15:44:37.0557 1576 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
15:44:37.0559 1576 Filetrace - ok
15:44:37.0602 1576 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
15:44:37.0603 1576 flpydisk - ok
15:44:37.0639 1576 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
15:44:37.0644 1576 FltMgr - ok
15:44:37.0717 1576 [ 452FEAAB2A8DBB42ED751754CB2594F5 ] FontCache C:\Windows\system32\FntCache.dll
15:44:37.0763 1576 FontCache - ok
15:44:37.0832 1576 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
15:44:37.0834 1576 FontCache3.0.0.0 - ok
15:44:37.0866 1576 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
15:44:37.0867 1576 Fs_Rec - ok
15:44:37.0903 1576 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
15:44:37.0905 1576 gagp30kx - ok
15:44:37.0941 1576 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
15:44:37.0963 1576 gpsvc - ok
15:44:38.0002 1576 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
15:44:38.0007 1576 HdAudAddService - ok
15:44:38.0048 1576 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
15:44:38.0055 1576 HDAudBus - ok
15:44:38.0074 1576 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
15:44:38.0075 1576 HidBth - ok
15:44:38.0099 1576 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
15:44:38.0100 1576 HidIr - ok
15:44:38.0127 1576 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\system32\hidserv.dll
15:44:38.0129 1576 hidserv - ok
15:44:38.0165 1576 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
15:44:38.0165 1576 HidUsb - ok
15:44:38.0204 1576 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
15:44:38.0206 1576 hkmsvc - ok
15:44:38.0220 1576 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
15:44:38.0222 1576 HpCISSs - ok
15:44:38.0257 1576 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys
15:44:38.0264 1576 HTTP - ok
15:44:38.0285 1576 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys
15:44:38.0286 1576 i2omp - ok
15:44:38.0316 1576 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
15:44:38.0318 1576 i8042prt - ok
15:44:38.0377 1576 [ 496DB78E6A0C4C44023D9A92B4A7AC31 ] ialm C:\Windows\system32\DRIVERS\igdkmd32.sys
15:44:38.0422 1576 ialm - ok
15:44:38.0454 1576 [ ABFEBC5F846C71AFEBD7F8F6BA740C03 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
15:44:38.0456 1576 iaStor - ok
15:44:38.0480 1576 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
15:44:38.0485 1576 iaStorV - ok
15:44:38.0548 1576 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
15:44:38.0582 1576 idsvc - ok
15:44:38.0609 1576 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
15:44:38.0610 1576 iirsp - ok
15:44:38.0648 1576 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
15:44:38.0670 1576 IKEEXT - ok
15:44:38.0775 1576 [ FFD2B3BC042596ABE785D3C15F51AB46 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
15:44:38.0864 1576 IntcAzAudAddService - ok
15:44:38.0896 1576 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys
15:44:38.0897 1576 intelide - ok
15:44:38.0926 1576 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
15:44:38.0928 1576 intelppm - ok
15:44:38.0953 1576 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
15:44:38.0957 1576 IPBusEnum - ok
15:44:38.0995 1576 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:44:38.0997 1576 IpFilterDriver - ok
15:44:39.0037 1576 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
15:44:39.0041 1576 iphlpsvc - ok
15:44:39.0049 1576 IpInIp - ok
15:44:39.0082 1576 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
15:44:39.0084 1576 IPMIDRV - ok
15:44:39.0115 1576 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
15:44:39.0118 1576 IPNAT - ok
15:44:39.0140 1576 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
15:44:39.0141 1576 IRENUM - ok
15:44:39.0161 1576 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys
15:44:39.0164 1576 isapnp - ok
15:44:39.0225 1576 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
15:44:39.0228 1576 iScsiPrt - ok
15:44:39.0256 1576 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
15:44:39.0257 1576 iteatapi - ok
15:44:39.0277 1576 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
15:44:39.0279 1576 iteraid - ok
15:44:39.0307 1576 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
15:44:39.0308 1576 kbdclass - ok
15:44:39.0328 1576 [ 18247836959BA67E3511B62846B9C2E0 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
15:44:39.0329 1576 kbdhid - ok
15:44:39.0367 1576 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
15:44:39.0370 1576 KeyIso - ok
15:44:39.0404 1576 [ EBC507F129DF8F0E0CA270DCFC0CF87F ] KMDFMEMIO C:\Windows\system32\DRIVERS\kmdfmemio.sys
15:44:39.0405 1576 KMDFMEMIO - ok
15:44:39.0456 1576 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
15:44:39.0479 1576 KSecDD - ok
15:44:39.0518 1576 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
15:44:39.0529 1576 KtmRm - ok
15:44:39.0553 1576 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\system32\srvsvc.dll
15:44:39.0560 1576 LanmanServer - ok
15:44:39.0604 1576 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:44:39.0611 1576 LanmanWorkstation - ok
15:44:39.0722 1576 [ C215E09622118383B236DD56C2065183 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
15:44:39.0725 1576 LightScribeService - ok
15:44:39.0752 1576 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
15:44:39.0754 1576 lltdio - ok
15:44:39.0788 1576 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
15:44:39.0793 1576 lltdsvc - ok
15:44:39.0815 1576 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
15:44:39.0818 1576 lmhosts - ok
15:44:39.0844 1576 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
15:44:39.0847 1576 LSI_FC - ok
15:44:39.0867 1576 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
15:44:39.0870 1576 LSI_SAS - ok
15:44:39.0895 1576 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
15:44:39.0897 1576 LSI_SCSI - ok
15:44:39.0920 1576 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
15:44:39.0923 1576 luafv - ok
15:44:39.0943 1576 lxcj_device - ok
15:44:39.0966 1576 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
15:44:39.0970 1576 Mcx2Svc - ok
15:44:40.0006 1576 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys
15:44:40.0008 1576 megasas - ok
15:44:40.0043 1576 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys
15:44:40.0052 1576 MegaSR - ok
15:44:40.0090 1576 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
15:44:40.0094 1576 MMCSS - ok
15:44:40.0113 1576 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
15:44:40.0115 1576 Modem - ok
15:44:40.0147 1576 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
15:44:40.0148 1576 monitor - ok
15:44:40.0166 1576 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
15:44:40.0168 1576 mouclass - ok
15:44:40.0201 1576 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
15:44:40.0203 1576 mouhid - ok
15:44:40.0217 1576 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
15:44:40.0220 1576 MountMgr - ok
15:44:40.0260 1576 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys
15:44:40.0263 1576 mpio - ok
15:44:40.0292 1576 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
15:44:40.0294 1576 mpsdrv - ok
15:44:40.0350 1576 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
15:44:40.0373 1576 MpsSvc - ok
15:44:40.0419 1576 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
15:44:40.0421 1576 Mraid35x - ok
15:44:40.0456 1576 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
15:44:40.0459 1576 MRxDAV - ok
15:44:40.0493 1576 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
15:44:40.0494 1576 mrxsmb - ok
15:44:40.0523 1576 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:44:40.0528 1576 mrxsmb10 - ok
15:44:40.0548 1576 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:44:40.0549 1576 mrxsmb20 - ok
15:44:40.0566 1576 [ 28023E86F17001F7CD9B15A5BC9AE07D ] msahci C:\Windows\system32\drivers\msahci.sys
15:44:40.0568 1576 msahci - ok
15:44:40.0591 1576 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys
15:44:40.0595 1576 msdsm - ok
15:44:40.0610 1576 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
15:44:40.0615 1576 MSDTC - ok
15:44:40.0633 1576 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
15:44:40.0635 1576 Msfs - ok
15:44:40.0645 1576 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
15:44:40.0646 1576 msisadrv - ok
15:44:40.0677 1576 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
15:44:40.0681 1576 MSiSCSI - ok
15:44:40.0691 1576 msiserver - ok
15:44:40.0722 1576 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
15:44:40.0723 1576 MSKSSRV - ok
15:44:40.0737 1576 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
15:44:40.0738 1576 MSPCLOCK - ok
15:44:40.0762 1576 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
15:44:40.0763 1576 MSPQM - ok
15:44:40.0797 1576 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
15:44:40.0801 1576 MsRPC - ok
15:44:40.0839 1576 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
15:44:40.0841 1576 mssmbios - ok
15:44:40.0911 1576 MSSQL$MSSMLBIZ - ok
15:44:40.0957 1576 [ ADAF062116B4E6D96E44D26486A87AF6 ] MSSQLServerADHelper C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
15:44:40.0959 1576 MSSQLServerADHelper - ok
15:44:40.0990 1576 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
15:44:40.0991 1576 MSTEE - ok
15:44:41.0018 1576 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
15:44:41.0020 1576 Mup - ok
15:44:41.0059 1576 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
15:44:41.0067 1576 napagent - ok
15:44:41.0114 1576 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
15:44:41.0119 1576 NativeWifiP - ok
15:44:41.0157 1576 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
15:44:41.0181 1576 NDIS - ok
15:44:41.0217 1576 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
15:44:41.0218 1576 NdisTapi - ok
15:44:41.0234 1576 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
15:44:41.0235 1576 Ndisuio - ok
15:44:41.0288 1576 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
15:44:41.0291 1576 NdisWan - ok
15:44:41.0300 1576 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
15:44:41.0303 1576 NDProxy - ok
15:44:41.0320 1576 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
15:44:41.0322 1576 NetBIOS - ok
15:44:41.0361 1576 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
15:44:41.0365 1576 netbt - ok
15:44:41.0380 1576 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
15:44:41.0383 1576 Netlogon - ok
15:44:41.0412 1576 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
15:44:41.0422 1576 Netman - ok
15:44:41.0452 1576 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
15:44:41.0459 1576 netprofm - ok
15:44:41.0484 1576 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:44:41.0487 1576 NetTcpPortSharing - ok
15:44:41.0591 1576 [ 35D5458D9A1B26B2005ABFFBF4C1C5E7 ] NETw3v32 C:\Windows\system32\DRIVERS\NETw3v32.sys
15:44:41.0659 1576 NETw3v32 - ok
15:44:41.0703 1576 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
15:44:41.0705 1576 nfrd960 - ok
15:44:41.0726 1576 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
15:44:41.0733 1576 NlaSvc - ok
15:44:41.0778 1576 [ F6C40E0A565EE3CE5AEEB325E10054F2 ] nmwcd C:\Windows\system32\drivers\ccdcmb.sys
15:44:41.0780 1576 nmwcd - ok
15:44:41.0809 1576 [ 99B224F8026CB534724AA3C408561E45 ] nmwcdnsu C:\Windows\system32\drivers\nmwcdnsu.sys
15:44:41.0812 1576 nmwcdnsu - ok
15:44:41.0840 1576 [ D23257682D349A5E2E4507ED33DECC16 ] nmwcdnsuc C:\Windows\system32\drivers\nmwcdnsuc.sys
15:44:41.0841 1576 nmwcdnsuc - ok
15:44:41.0884 1576 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
15:44:41.0885 1576 Npfs - ok
15:44:41.0902 1576 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
15:44:41.0906 1576 nsi - ok
15:44:41.0917 1576 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
15:44:41.0918 1576 nsiproxy - ok
15:44:41.0995 1576 [ 2C1121F2B87E9A6B12485DF53CD848C7 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
15:44:42.0041 1576 Ntfs - ok
15:44:42.0084 1576 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
15:44:42.0086 1576 ntrigdigi - ok
15:44:42.0106 1576 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
15:44:42.0107 1576 Null - ok
15:44:42.0142 1576 [ A103162C62C336C2CB3C5E1E2773D17B ] NVHDA C:\Windows\system32\drivers\nvhda32v.sys
15:44:42.0144 1576 NVHDA - ok
15:44:42.0415 1576 [ C526B4A24EF951EF219C3BFA1534B152 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
15:44:42.0629 1576 nvlddmkm - ok
15:44:42.0651 1576 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys
15:44:42.0654 1576 nvraid - ok
15:44:42.0676 1576 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys
15:44:42.0679 1576 nvstor - ok
15:44:42.0705 1576 [ DF6315CE4FF30F706ABF3802D7749E70 ] nvsvc C:\Windows\system32\nvvsvc.exe
15:44:42.0714 1576 nvsvc - ok
15:44:42.0737 1576 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
15:44:42.0741 1576 nv_agp - ok
15:44:42.0749 1576 NwlnkFlt - ok
15:44:42.0760 1576 NwlnkFwd - ok
15:44:42.0868 1576 [ 84DE1DD996B48B05ACE31AD015FA108A ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
15:44:42.0876 1576 odserv - ok
15:44:42.0919 1576 [ 790E27C3DB53410B40FF9EF2FD10A1D9 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
15:44:42.0920 1576 ohci1394 - ok
15:44:42.0958 1576 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:44:42.0961 1576 ose - ok
15:44:43.0006 1576 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
15:44:43.0025 1576 p2pimsvc - ok
15:44:43.0039 1576 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
15:44:43.0045 1576 p2psvc - ok
15:44:43.0057 1576 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
15:44:43.0059 1576 Parport - ok
15:44:43.0079 1576 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
15:44:43.0080 1576 partmgr - ok
15:44:43.0102 1576 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
15:44:43.0103 1576 Parvdm - ok
15:44:43.0121 1576 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
15:44:43.0123 1576 PcaSvc - ok
15:44:43.0174 1576 [ F451DCACBAA67F3307305EBD4A39EA07 ] pccsmcfd C:\Windows\system32\DRIVERS\pccsmcfd.sys
15:44:43.0175 1576 pccsmcfd - ok
15:44:43.0220 1576 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
15:44:43.0222 1576 pci - ok
15:44:43.0240 1576 [ FC175F5DDAB666D7F4D17449A547626F ] pciide C:\Windows\system32\drivers\pciide.sys
15:44:43.0240 1576 pciide - ok
15:44:43.0274 1576 [ B7C5A8769541900F6DFA6FE0C5E4D513 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
15:44:43.0277 1576 pcmcia - ok
15:44:43.0329 1576 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
15:44:43.0351 1576 PEAUTH - ok
15:44:43.0417 1576 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
15:44:43.0462 1576 pla - ok
15:44:43.0514 1576 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
15:44:43.0520 1576 PlugPlay - ok
15:44:43.0551 1576 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
15:44:43.0559 1576 PNRPAutoReg - ok
15:44:43.0607 1576 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
15:44:43.0616 1576 PNRPsvc - ok
15:44:43.0675 1576 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
15:44:43.0684 1576 PolicyAgent - ok
15:44:43.0711 1576 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
15:44:43.0713 1576 PptpMiniport - ok
15:44:43.0736 1576 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\drivers\processr.sys
15:44:43.0737 1576 Processor - ok
15:44:43.0775 1576 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
15:44:43.0779 1576 ProfSvc - ok
15:44:43.0792 1576 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
15:44:43.0795 1576 ProtectedStorage - ok
15:44:43.0825 1576 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
15:44:43.0827 1576 PSched - ok
15:44:43.0899 1576 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
15:44:43.0932 1576 ql2300 - ok
15:44:43.0952 1576 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
15:44:43.0953 1576 ql40xx - ok
15:44:43.0985 1576 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
15:44:43.0993 1576 QWAVE - ok
15:44:44.0011 1576 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
15:44:44.0012 1576 QWAVEdrv - ok
15:44:44.0027 1576 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
15:44:44.0028 1576 RasAcd - ok
15:44:44.0048 1576 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
15:44:44.0053 1576 RasAuto - ok
15:44:44.0070 1576 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
15:44:44.0072 1576 Rasl2tp - ok
15:44:44.0110 1576 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
15:44:44.0117 1576 RasMan - ok
15:44:44.0145 1576 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
15:44:44.0147 1576 RasPppoe - ok
15:44:44.0174 1576 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
15:44:44.0175 1576 RasSstp - ok
15:44:44.0238 1576 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
15:44:44.0242 1576 rdbss - ok
15:44:44.0268 1576 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
15:44:44.0269 1576 RDPCDD - ok
15:44:44.0300 1576 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
15:44:44.0304 1576 rdpdr - ok
15:44:44.0314 1576 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
15:44:44.0315 1576 RDPENCDD - ok
15:44:44.0351 1576 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
15:44:44.0355 1576 RDPWD - ok
15:44:44.0424 1576 [ ED8C9F16E10C1E4C4C5D16CD04966E24 ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
15:44:44.0431 1576 RegSrvc - ok
15:44:44.0477 1576 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
15:44:44.0482 1576 RemoteAccess - ok
15:44:44.0519 1576 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
15:44:44.0526 1576 RemoteRegistry - ok
15:44:44.0591 1576 [ 10536B0AD6F416FC7F1149977C28CCDC ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
15:44:44.0593 1576 RFCOMM - ok
15:44:44.0673 1576 [ 4D05898896EC49CF663DDA61041AB096 ] RichVideo C:\Program Files\CyberLink\Shared Files\RichVideo.exe
15:44:44.0678 1576 RichVideo - ok
15:44:44.0707 1576 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
15:44:44.0711 1576 RpcLocator - ok
15:44:44.0757 1576 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
15:44:44.0767 1576 RpcSs - ok
15:44:44.0795 1576 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
15:44:44.0797 1576 rspndr - ok
15:44:44.0815 1576 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
15:44:44.0818 1576 SamSs - ok
15:44:44.0904 1576 [ A9D840FA78F65857EB554229914F855C ] Samsung Update Plus C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe
15:44:44.0906 1576 Samsung Update Plus - ok
15:44:44.0934 1576 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
15:44:44.0937 1576 sbp2port - ok
15:44:44.0972 1576 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
15:44:44.0978 1576 SCardSvr - ok
15:44:45.0026 1576 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
15:44:45.0049 1576 Schedule - ok
15:44:45.0069 1576 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
15:44:45.0070 1576 SCPolicySvc - ok
15:44:45.0097 1576 [ 126EA89BCC413EE45E3004FB0764888F ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
15:44:45.0100 1576 sdbus - ok
15:44:45.0131 1576 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
15:44:45.0137 1576 SDRSVC - ok
15:44:45.0151 1576 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
15:44:45.0153 1576 secdrv - ok
15:44:45.0166 1576 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
15:44:45.0171 1576 seclogon - ok
15:44:45.0206 1576 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll
15:44:45.0212 1576 SENS - ok
15:44:45.0254 1576 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys
15:44:45.0255 1576 Serenum - ok
15:44:45.0279 1576 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
15:44:45.0281 1576 Serial - ok
15:44:45.0301 1576 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
15:44:45.0302 1576 sermouse - ok
15:44:45.0374 1576 [ E90CE237E99C5D26CB3872318A7799D0 ] ServiceLayer C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
15:44:45.0407 1576 ServiceLayer - ok
15:44:45.0438 1576 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
15:44:45.0444 1576 SessionEnv - ok
15:44:45.0467 1576 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
15:44:45.0468 1576 sffdisk - ok
15:44:45.0490 1576 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
15:44:45.0492 1576 sffp_mmc - ok
15:44:45.0515 1576 [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
15:44:45.0515 1576 sffp_sd - ok
15:44:45.0536 1576 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
15:44:45.0536 1576 sfloppy - ok
15:44:45.0570 1576 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
15:44:45.0577 1576 SharedAccess - ok
15:44:45.0610 1576 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:44:45.0614 1576 ShellHWDetection - ok
15:44:45.0630 1576 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys
15:44:45.0631 1576 sisagp - ok
15:44:45.0645 1576 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
15:44:45.0647 1576 SiSRaid2 - ok
15:44:45.0666 1576 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
15:44:45.0668 1576 SiSRaid4 - ok
15:44:45.0766 1576 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
15:44:45.0858 1576 slsvc - ok
15:44:45.0899 1576 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
15:44:45.0903 1576 SLUINotify - ok
15:44:45.0933 1576 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
15:44:45.0934 1576 Smb - ok
15:44:45.0967 1576 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
15:44:45.0970 1576 SNMPTRAP - ok
15:44:45.0984 1576 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
15:44:45.0985 1576 spldr - ok
15:44:46.0026 1576 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
15:44:46.0029 1576 Spooler - ok
15:44:46.0069 1576 [ 5673E79BBB62A4C35B10D821FF1B4ACA ] SQLBrowser C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
15:44:46.0073 1576 SQLBrowser - ok
15:44:46.0086 1576 [ 9263C8898732E2B890F7E954E7729AB7 ] SQLWriter C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
15:44:46.0087 1576 SQLWriter - ok
15:44:46.0120 1576 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
15:44:46.0125 1576 srv - ok
15:44:46.0159 1576 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
15:44:46.0161 1576 srv2 - ok
15:44:46.0213 1576 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
15:44:46.0214 1576 srvnet - ok
15:44:46.0229 1576 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
15:44:46.0234 1576 SSDPSRV - ok
15:44:46.0265 1576 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys
15:44:46.0267 1576 ssmdrv - ok
15:44:46.0310 1576 [ EF3458337D7341A05169CEFC73709264 ] SSPORT C:\Windows\system32\Drivers\SSPORT.sys
15:44:46.0311 1576 SSPORT - ok
15:44:46.0343 1576 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
15:44:46.0347 1576 SstpSvc - ok
15:44:46.0402 1576 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
15:44:46.0422 1576 stisvc - ok
15:44:46.0448 1576 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
15:44:46.0449 1576 swenum - ok
15:44:46.0479 1576 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
15:44:46.0486 1576 swprv - ok
15:44:46.0507 1576 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
15:44:46.0509 1576 Symc8xx - ok
15:44:46.0518 1576 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
15:44:46.0520 1576 Sym_hi - ok
15:44:46.0536 1576 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
15:44:46.0537 1576 Sym_u3 - ok
15:44:46.0569 1576 [ 451E8037E2EB6DA6BDF0A66F65D1810B ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
15:44:46.0572 1576 SynTP - ok
15:44:46.0610 1576 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
15:44:46.0632 1576 SysMain - ok
15:44:46.0656 1576 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:44:46.0660 1576 TabletInputService - ok
15:44:46.0707 1576 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
15:44:46.0714 1576 TapiSrv - ok
15:44:46.0723 1576 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
15:44:46.0727 1576 TBS - ok
15:44:46.0782 1576 [ 74E2D020C47BB2B2FCCBA29A518A7EB4 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
15:44:46.0803 1576 Tcpip - ok
15:44:46.0832 1576 [ 74E2D020C47BB2B2FCCBA29A518A7EB4 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
15:44:46.0841 1576 Tcpip6 - ok
15:44:46.0868 1576 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
15:44:46.0870 1576 tcpipreg - ok
15:44:46.0892 1576 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
15:44:46.0894 1576 TDPIPE - ok
15:44:46.0916 1576 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
15:44:46.0917 1576 TDTCP - ok
15:44:46.0944 1576 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
15:44:46.0945 1576 tdx - ok
15:44:46.0969 1576 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
15:44:46.0971 1576 TermDD - ok
15:44:47.0001 1576 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
15:44:47.0023 1576 TermService - ok
15:44:47.0046 1576 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
15:44:47.0051 1576 Themes - ok
15:44:47.0062 1576 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
15:44:47.0065 1576 THREADORDER - ok
15:44:47.0089 1576 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
15:44:47.0094 1576 TrkWks - ok
15:44:47.0144 1576 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:44:47.0145 1576 TrustedInstaller - ok
15:44:47.0177 1576 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
15:44:47.0178 1576 tssecsrv - ok
15:44:47.0205 1576 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
15:44:47.0206 1576 tunmp - ok
15:44:47.0244 1576 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
15:44:47.0245 1576 tunnel - ok
15:44:47.0270 1576 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys
15:44:47.0272 1576 uagp35 - ok
15:44:47.0310 1576 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
15:44:47.0316 1576 udfs - ok
15:44:47.0360 1576 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
15:44:47.0367 1576 UI0Detect - ok
15:44:47.0389 1576 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
15:44:47.0392 1576 uliagpkx - ok
15:44:47.0426 1576 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys
15:44:47.0429 1576 uliahci - ok
15:44:47.0454 1576 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
15:44:47.0456 1576 UlSata - ok
15:44:47.0474 1576 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
15:44:47.0476 1576 ulsata2 - ok
15:44:47.0497 1576 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
15:44:47.0499 1576 umbus - ok
15:44:47.0519 1576 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
15:44:47.0524 1576 upnphost - ok
15:44:47.0556 1576 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
15:44:47.0557 1576 usbccgp - ok
15:44:47.0570 1576 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
15:44:47.0571 1576 usbcir - ok
15:44:47.0609 1576 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
15:44:47.0610 1576 usbehci - ok
15:44:47.0635 1576 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
15:44:47.0639 1576 usbhub - ok
15:44:47.0660 1576 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys
15:44:47.0661 1576 usbohci - ok
15:44:47.0709 1576 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
15:44:47.0709 1576 usbprint - ok
15:44:47.0762 1576 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
15:44:47.0763 1576 usbscan - ok
15:44:47.0776 1576 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:44:47.0777 1576 USBSTOR - ok
15:44:47.0801 1576 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
15:44:47.0802 1576 usbuhci - ok
15:44:47.0833 1576 [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
15:44:47.0834 1576 usbvideo - ok
15:44:47.0860 1576 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
15:44:47.0863 1576 UxSms - ok
15:44:47.0907 1576 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
15:44:47.0917 1576 vds - ok
15:44:47.0942 1576 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
15:44:47.0944 1576 vga - ok
15:44:47.0962 1576 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
15:44:47.0963 1576 VgaSave - ok
15:44:47.0987 1576 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys
15:44:47.0988 1576 viaagp - ok
15:44:48.0007 1576 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys
15:44:48.0008 1576 ViaC7 - ok
15:44:48.0022 1576 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys
15:44:48.0023 1576 viaide - ok
15:44:48.0031 1576 VMC302 - ok
15:44:48.0083 1576 [ B4FC3E68EF1AD16D6D60240D2A5445D8 ] VMC326 C:\Windows\system32\Drivers\VMC326.sys
15:44:48.0088 1576 VMC326 - ok
15:44:48.0102 1576 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
15:44:48.0103 1576 volmgr - ok
15:44:48.0140 1576 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
15:44:48.0146 1576 volmgrx - ok
15:44:48.0180 1576 [ 786DB5771F05EF300390399F626BF30A ] volsnap C:\Windows\system32\drivers\volsnap.sys
15:44:48.0185 1576 volsnap - ok
15:44:48.0228 1576 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
15:44:48.0229 1576 vsmraid - ok
15:44:48.0277 1576 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
15:44:48.0311 1576 VSS - ok
15:44:48.0349 1576 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
15:44:48.0355 1576 W32Time - ok
15:44:48.0373 1576 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
15:44:48.0374 1576 WacomPen - ok
15:44:48.0401 1576 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
15:44:48.0401 1576 Wanarp - ok
15:44:48.0406 1576 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
15:44:48.0407 1576 Wanarpv6 - ok
15:44:48.0448 1576 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
15:44:48.0467 1576 wcncsvc - ok
15:44:48.0495 1576 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:44:48.0498 1576 WcsPlugInService - ok
15:44:48.0519 1576 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys
15:44:48.0521 1576 Wd - ok
15:44:48.0554 1576 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
15:44:48.0561 1576 Wdf01000 - ok
15:44:48.0575 1576 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
15:44:48.0578 1576 WdiServiceHost - ok
15:44:48.0583 1576 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
15:44:48.0586 1576 WdiSystemHost - ok
15:44:48.0633 1576 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
15:44:48.0640 1576 WebClient - ok
15:44:48.0659 1576 [ 905214925A88311FCE52F66153DE7610 ] Wecsvc C:\Windows\system32\wecsvc.dll
15:44:48.0663 1576 Wecsvc - ok
15:44:48.0698 1576 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
15:44:48.0703 1576 wercplsupport - ok
15:44:48.0729 1576 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
15:44:48.0733 1576 WerSvc - ok
15:44:48.0785 1576 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
15:44:48.0790 1576 WinDefend - ok
15:44:48.0798 1576 WinHttpAutoProxySvc - ok
15:44:48.0880 1576 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
15:44:48.0884 1576 Winmgmt - ok
15:44:48.0946 1576 [ 01874D4689C212460FBABF0ECD7CB7F7 ] WinRM C:\Windows\system32\WsmSvc.dll
15:44:48.0980 1576 WinRM - ok
15:44:49.0033 1576 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
15:44:49.0055 1576 Wlansvc - ok
15:44:49.0091 1576 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
15:44:49.0092 1576 WmiAcpi - ok
15:44:49.0130 1576 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
15:44:49.0134 1576 wmiApSrv - ok
15:44:49.0218 1576 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
15:44:49.0253 1576 WMPNetworkSvc - ok
15:44:49.0279 1576 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
15:44:49.0288 1576 WPCSvc - ok
15:44:49.0317 1576 [ 396D406292B0CD26E3504FFE82784702 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
15:44:49.0323 1576 WPDBusEnum - ok
15:44:49.0361 1576 [ 0CEC23084B51B8288099EB710224E955 ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
15:44:49.0362 1576 WpdUsb - ok
15:44:49.0394 1576 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
15:44:49.0395 1576 ws2ifsl - ok
15:44:49.0426 1576 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\System32\wscsvc.dll
15:44:49.0432 1576 wscsvc - ok
15:44:49.0438 1576 WSearch - ok
15:44:49.0525 1576 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
15:44:49.0581 1576 wuauserv - ok
15:44:49.0593 1576 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
15:44:49.0596 1576 WUDFRd - ok
15:44:49.0614 1576 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll
15:44:49.0619 1576 wudfsvc - ok
15:44:49.0670 1576 [ 04E268ADFC81964C49DC0C082D520F7E ] yukonwlh C:\Windows\system32\DRIVERS\yk60x86.sys
15:44:49.0675 1576 yukonwlh - ok
15:44:49.0713 1576 ================ Scan global ===============================
15:44:49.0736 1576 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
15:44:49.0774 1576 [ A508314231C49AEE86987CEA3EAECAD1 ] C:\Windows\system32\winsrv.dll
15:44:49.0806 1576 [ A508314231C49AEE86987CEA3EAECAD1 ] C:\Windows\system32\winsrv.dll
15:44:49.0850 1576 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
15:44:49.0856 1576 [Global] - ok
15:44:49.0857 1576 ================ Scan MBR ==================================
15:44:49.0869 1576 [ 61A349592C4728853F4A90FF78F7628E ] \Device\Harddisk0\DR0
15:44:50.0201 1576 \Device\Harddisk0\DR0 - ok
15:44:50.0202 1576 ================ Scan VBR ==================================
15:44:50.0205 1576 [ 5D77EC23D5B9726D32BBDD410C52A16F ] \Device\Harddisk0\DR0\Partition1
15:44:50.0207 1576 \Device\Harddisk0\DR0\Partition1 - ok
15:44:50.0242 1576 [ 6BDD1C09A132554E35C2FC5C04910EE7 ] \Device\Harddisk0\DR0\Partition2
15:44:50.0244 1576 \Device\Harddisk0\DR0\Partition2 - ok
15:44:50.0244 1576 ============================================================
15:44:50.0244 1576 Scan finished
15:44:50.0244 1576 ============================================================
15:44:50.0256 5532 Detected object count: 0
15:44:50.0256 5532 Actual detected object count: 0
|
|
27.04.2013, 17:40
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Hotmail-Account verschickt eigenständig Spam-Mails an Kontakte Dann bitte jetzt Combofix ausführen: Scan mit Combofix
__________________ Logfiles bitte immer in CODE-Tags posten |
|
27.04.2013, 19:51
| #9 |
| | Hotmail-Account verschickt eigenständig Spam-Mails an Kontakte ComboFix lief problemlos durch. Logfile: Code:
ATTFilter ComboFix 13-04-27.04 - *** 27.04.2013 20:30:47.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3066.1907 [GMT 2:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
c:\programdata\Roaming\Intel\Wireless\Settings\Settings.ini
c:\programdata\SPLB657.tmp
c:\programdata\SPLC469.tmp
c:\programdata\SPLD56F.tmp
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-03-27 bis 2013-04-27 ))))))))))))))))))))))))))))))
.
.
2013-04-27 18:41 . 2013-04-27 18:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-04-26 10:50 . 2013-04-26 10:50 -------- d-----w- c:\users\***\AppData\Roaming\Malwarebytes
2013-04-26 10:49 . 2013-04-26 10:49 -------- d-----w- c:\programdata\Malwarebytes
2013-04-26 10:49 . 2013-04-26 10:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-04-26 10:49 . 2013-04-04 12:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-04-26 09:19 . 2013-03-03 19:07 1082232 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-26 09:19 . 2013-03-11 13:25 3603816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-04-26 09:19 . 2013-03-11 13:25 3551080 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-04-26 09:19 . 2013-03-09 03:45 49152 ----a-w- c:\windows\system32\csrsrv.dll
2013-04-26 09:19 . 2013-03-09 01:28 64000 ----a-w- c:\windows\system32\smss.exe
2013-04-26 09:18 . 2013-03-08 03:52 2067968 ----a-w- c:\windows\system32\mstscax.dll
2013-04-26 09:18 . 2013-03-08 03:53 376320 ----a-w- c:\windows\system32\winsrv.dll
2013-04-26 09:18 . 2013-03-05 01:40 2049024 ----a-w- c:\windows\system32\win32k.sys
2013-04-04 17:00 . 2013-02-12 01:57 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-24 16:02 . 2013-02-24 16:09 8192 ----a-w- c:\windows\system32\E_DCINST.DLL
2013-02-24 16:02 . 2013-02-24 16:09 81408 ----a-w- c:\windows\system32\E_TD4BH3E.DLL
2013-02-24 16:02 . 2012-04-17 17:56 95232 ----a-w- c:\windows\system32\E_TLBH3E.DLL
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-03-17 2289664]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"EPLTarget\P0000000000000000"="c:\windows\system32\spool\DRIVERS\W32X86\3\E_TATIH3E.EXE" [2013-02-24 220800]
"NokiaSuite.exe"="c:\program files\Nokia\Nokia Suite\NokiaSuite.exe" [2012-08-03 1086376]
"EPLTarget\P0000000000000001"="c:\windows\system32\spool\DRIVERS\W32X86\3\E_TATIH3E.EXE" [2013-02-24 220800]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-26 13548064]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-07-26 92704]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-17 6111232]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-10-26 1029416]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"LXCJCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\LXCJtime.dll" [2006-11-21 106496]
"lxcjmon.exe"="c:\program files\Lexmark 8300 Series\lxcjmon.exe" [2007-05-08 205744]
"EzPrint"="c:\program files\Lexmark 8300 Series\ezprint.exe" [2007-05-08 103344]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2007-01-02 520192]
"FUFAXRCV"="c:\program files\Epson Software\FAX Utility\FUFAXRCV.exe" [2011-03-08 495616]
"FUFAXSTM"="c:\program files\Epson Software\FAX Utility\FUFAXSTM.exe" [2011-03-08 856064]
"EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2010-10-12 979328]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-06-20 1568976]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-25 348664]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-2-12 723496]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2007-01-08 13:17 52256 ----a-w- c:\program files\CyberLink\PowerDVD\Language\Language.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2007-03-14 12:01 71216 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-331587386-2610647910-3138478596-1003]
"EnableNotificationsRef"=dword:00000001
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 70593016
*NewlyCreated* - ASWMBR
*Deregistered* - 70593016
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-03-17 08:56 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.t-online.de/
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.178.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
MSConfigStartUp-mcagent_exe - c:\program files\McAfee.com\Agent\mcagent.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2013-04-27 20:41
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCJCATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\LXCJtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-04-27 20:43:41
ComboFix-quarantined-files.txt 2013-04-27 18:43
.
Vor Suchlauf: 9 Verzeichnis(se), 90.072.678.400 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 90.593.824.768 Bytes frei
.
- - End Of File - - C7FC808DEFDE63A91A179898D908CAEA
|
|
28.04.2013, 18:26
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Hotmail-Account verschickt eigenständig Spam-Mails an Kontakte JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Im Anschluss: adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Danach eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
28.04.2013, 19:38
| #11 |
| | Hotmail-Account verschickt eigenständig Spam-Mails an Kontakte JRT Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.1 (04.27.2013:1)
OS: Windows Vista (TM) Home Premium x86
Ran by *** on 28.04.2013 at 19:56:24,25
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\apnupdater
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\genericasktoolbar.dll
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\features\a28b4d68debaa244eb686953b7074fef
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\products\a28b4d68debaa244eb686953b7074fef
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{42B8115D-820C-4B25-A82A-D8BD1532396D}
~~~ Files
~~~ Folders
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 28.04.2013 at 19:57:54,57
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter # AdwCleaner v2.300 - Datei am 28/04/2013 um 20:02:43 erstellt
# Aktualisiert am 28/04/2013 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzer : *** - ***-LAPTOP
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\***\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Ordner Gelöscht : C:\Program Files\Ask.com
Ordner Gelöscht : C:\Users\***\AppData\Local\AskToolbar
Ordner Gelöscht : C:\Users\***\AppData\LocalLow\AskToolbar
Ordner Gelöscht : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\APN
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\AskToolbar
Schlüssel Gelöscht : HKCU\Software\Ask.com.tmp
Schlüssel Gelöscht : HKCU\Software\AskToolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKLM\Software\APN
Schlüssel Gelöscht : HKLM\Software\AskToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F994E0D9-8335-48F1-99C2-A712C21F8D5F}
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\120DFADEB50841F408F04D2A278F9509
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2BDF3E992C0908741B7C11F4B4E0F775
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6B3BC4CF5ECE1F54BBA174C13A1AB907
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D0E499F53381f84992C7A212CF1D8F5
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B5BAE2ED018083A4C8DA86D6E3F4B024
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BEABAA33A5E68374DBF197F2A00CD011
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CB61AF52AD64B6B45930BE969F316720
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Software
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16476
[OK] Die Registrierungsdatenbank ist sauber.
*************************
AdwCleaner[S1].txt - [4816 octets] - [28/04/2013 20:02:43]
########## EOF - C:\AdwCleaner[S1].txt - [4876 octets] ##########
OTL.txt OTL Logfile: Code:
ATTFilter OTL logfile created on: 28.04.2013 20:09:52 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 1,73 Gb Available Physical Memory | 57,87% Memory free 6,18 Gb Paging File | 4,80 Gb Available in Paging File | 77,69% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 144,09 Gb Total Space | 82,88 Gb Free Space | 57,52% Space Free | Partition Type: NTFS Drive D: | 144,00 Gb Total Space | 143,91 Gb Free Space | 99,94% Space Free | Partition Type: NTFS Computer Name: ***-LAPTOP | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\***\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Windows\System32\spool\drivers\w32x86\3\E_TATIH3E.EXE (SEIKO EPSON CORPORATION) PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Nokia\Nokia Suite\NokiaSuite.exe (Nokia) PRC - C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia) PRC - C:\Programme\PC Connectivity Solution\Transports\NclUSBSrv.exe (Nokia) PRC - C:\Programme\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe (Nokia) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\EPSON Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION) PRC - C:\Programme\EPSON Software\FAX Utility\FUFAXRCV.exe (SEIKO EPSON CORPORATION) PRC - C:\Programme\EPSON Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) PRC - C:\Windows\System32\Macromed\Flash\FlashUtil10e.exe (Adobe Systems, Inc.) PRC - \\?\C:\Windows\System32\wbem\WMIADAP.EXE () PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe (Samsung Electronics Co., Ltd.) PRC - C:\Programme\Samsung\Easy Display Manager\dmhkcore.exe (SAMSUNG Electronics) PRC - C:\Programme\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe (Samsung Electronics Co., Ltd.) PRC - C:\Programme\Samsung\EBM\EasyBatteryMgr3.exe (SAMSUNG Electronics co., LTD.) PRC - C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) PRC - C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) PRC - C:\Programme\Samsung\Samsung Update Plus\SLUTrayNotifier.exe () PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) PRC - C:\Programme\Lexmark 8300 Series\ezprint.exe (Lexmark International Inc.) PRC - C:\Programme\Lexmark 8300 Series\lxcjmon.exe (Lexmark International, Inc.) PRC - C:\Windows\System32\lxcjcoms.exe ( ) PRC - C:\Windows\Samsung\PanelMgr\SSMMgr.exe () ========== Modules (No Company Name) ========== MOD - C:\Programme\Nokia\Nokia Suite\phonon4.dll () MOD - C:\Programme\Nokia\Nokia Suite\QtXmlPatterns4.dll () MOD - C:\Programme\Nokia\Nokia Suite\QtXml4.dll () MOD - C:\Programme\Nokia\Nokia Suite\QtWebKit4.dll () MOD - C:\Programme\Nokia\Nokia Suite\QtSql4.dll () MOD - C:\Programme\Nokia\Nokia Suite\QtScript4.dll () MOD - C:\Programme\Nokia\Nokia Suite\QtOpenGL4.dll () MOD - C:\Programme\Nokia\Nokia Suite\QtGui4.dll () MOD - C:\Programme\Nokia\Nokia Suite\QtNetwork4.dll () MOD - C:\Programme\Nokia\Nokia Suite\QtMultimediaKit1.dll () MOD - C:\Programme\Nokia\Nokia Suite\QtDeclarative4.dll () MOD - C:\Programme\Nokia\Nokia Suite\QtCore4.dll () MOD - C:\Programme\Nokia\Nokia Suite\sqldrivers\qsqlite4.dll () MOD - C:\Programme\Nokia\Nokia Suite\Imageformats\qjpeg4.dll () MOD - C:\Programme\Nokia\Nokia Suite\Imageformats\qico4.dll () MOD - C:\Programme\Nokia\Nokia Suite\Imageformats\qgif4.dll () MOD - C:\Programme\Nokia\Nokia Suite\NService.dll () MOD - C:\Programme\Nokia\Nokia Suite\CommonUpdateChecker.dll () MOD - C:\Programme\Nokia\Nokia Suite\ssoengine.dll () MOD - C:\Programme\Nokia\Nokia Suite\securestorage.dll () MOD - C:\Programme\Nokia\Nokia Suite\mediaservice\dsengine.dll () MOD - C:\Windows\System32\msjetoledb40.dll () MOD - C:\Programme\Samsung\Samsung Update Plus\SLUTrayNotifier.exe () MOD - C:\Programme\Common Files\LightScribe\QtGui4.dll () MOD - C:\Programme\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll () MOD - C:\Programme\Common Files\LightScribe\QtCore4.dll () MOD - C:\Windows\Samsung\PanelMgr\SSMMgr.exe () MOD - C:\Programme\Samsung\Samsung Magic Doctor\HookDllPS2.dll () MOD - C:\Programme\Samsung\EasySpeedUpManager\HookDllPS2.dll () MOD - C:\Programme\Samsung\Easy Display Manager\HookDllPS2.dll () MOD - C:\Programme\Lexmark 8300 Series\lxcjdrec.dll () MOD - C:\Programme\Lexmark 8300 Series\iptk.dll () ========== Services (SafeList) ========== SRV - (ServiceLayer) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirWebService) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (EvtEng) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) SRV - (RegSrvc) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) SRV - (Samsung Update Plus) -- C:\Programme\Samsung\Samsung Update Plus\SLUBackgroundService.exe () SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (lxcj_device) -- C:\Windows\System32\lxcjcoms.exe ( ) SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (MSSQL$MSSMLBIZ) -- C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation) SRV - (SQLBrowser) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation) SRV - (SQLWriter) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation) SRV - (MSSQLServerADHelper) -- C:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (VMC302) -- System32\Drivers\VMC302.sys File not found DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found DRV - (catchme) -- C:\Users\***\AppData\Local\Temp\catchme.sys File not found DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH) DRV - (nmwcdnsu) -- C:\Windows\System32\drivers\nmwcdnsu.sys (Nokia) DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia) DRV - (nmwcdnsuc) -- C:\Windows\System32\drivers\nmwcdnsuc.sys (Nokia) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (VMC326) -- C:\Windows\System32\drivers\VMC326.sys (Vimicro Corporation) DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (NETw3v32) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel Corporation) DRV - (KMDFMEMIO) -- C:\Windows\System32\drivers\KMDFMEMIO.sys (SAMSUNG ELECTRONICS CO., LTD.) DRV - (SSPORT) -- C:\Windows\System32\drivers\SSPORT.SYS (Samsung Electronics) DRV - (DgiVecp) -- C:\Windows\System32\drivers\DGIVECP.SYS (Samsung Electronics Co., Ltd.) DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems) DRV - (bcm4sbxp) -- C:\Windows\System32\drivers\bcm4sbxp.sys (Broadcom Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-331587386-2610647910-3138478596-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.t-online.de/ IE - HKU\S-1-5-21-331587386-2610647910-3138478596-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-331587386-2610647910-3138478596-1003\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-331587386-2610647910-3138478596-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-331587386-2610647910-3138478596-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-331587386-2610647910-3138478596-1003\..\SearchScopes\{9CE5FB8D-55DC-4925-BA38-97B53075E33A}: "URL" = hxxp://www.google.de/search?q={searchTerms} IE - HKU\S-1-5-21-331587386-2610647910-3138478596-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( ) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.01.08 19:59:57 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011.06.11 18:03:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2011.06.11 18:03:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} O1 HOSTS File: ([2013.04.27 20:41:38 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark 8300 Series\ezprint.exe (Lexmark International Inc.) O4 - HKLM..\Run: [FUFAXRCV] C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [LXCJCATS] C:\Windows\System32\spool\DRIVERS\W32X86\3\LXCJtime.DLL (Lexmark International Inc.) O4 - HKLM..\Run: [lxcjmon.exe] C:\Program Files\Lexmark 8300 Series\lxcjmon.exe (Lexmark International, Inc.) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe () O4 - HKU\S-1-5-21-331587386-2610647910-3138478596-1003..\Run: [EPLTarget\P0000000000000000] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_TATIH3E.EXE (SEIKO EPSON CORPORATION) O4 - HKU\S-1-5-21-331587386-2610647910-3138478596-1003..\Run: [EPLTarget\P0000000000000001] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_TATIH3E.EXE (SEIKO EPSON CORPORATION) O4 - HKU\S-1-5-21-331587386-2610647910-3138478596-1003..\Run: [NokiaSuite.exe] C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe (Nokia) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-331587386-2610647910-3138478596-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-331587386-2610647910-3138478596-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{52F78981-3328-4EF4-8B22-47FFE3EDFE2B}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.04.28 19:56:21 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013.04.28 19:56:05 | 000,000,000 | ---D | C] -- C:\JRT [2013.04.27 20:43:45 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013.04.27 20:43:43 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013.04.27 20:29:02 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013.04.27 20:29:02 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013.04.27 20:29:02 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013.04.27 20:28:56 | 000,000,000 | ---D | C] -- C:\ComboFix [2013.04.27 20:28:49 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.04.27 20:27:10 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.04.27 20:26:04 | 005,060,715 | R--- | C] (Swearware) -- C:\Users\***\Desktop\ComboFix.exe [2013.04.27 20:24:58 | 005,060,715 | ---- | C] (Swearware) -- C:\Users\***\Documents\ComboFix.exe [2013.04.27 03:06:25 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2013.04.27 03:06:24 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2013.04.27 03:06:24 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2013.04.27 03:06:24 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2013.04.27 03:06:24 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2013.04.27 03:06:23 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2013.04.27 03:06:23 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2013.04.27 03:06:22 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2013.04.26 12:50:14 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2013.04.26 12:49:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.04.26 12:49:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.04.26 12:49:46 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2013.04.26 12:49:46 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2013.04.26 12:14:05 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2013.04.26 11:19:37 | 003,603,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2013.04.26 11:19:37 | 003,551,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2013.04.26 11:19:36 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll [2013.04.26 11:18:31 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll [2013.04.26 11:18:29 | 002,049,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2013.04.04 19:00:00 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usb8023.sys ========== Files - Modified Within 30 Days ========== [2013.04.28 20:10:46 | 000,675,412 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.04.28 20:10:46 | 000,633,886 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.04.28 20:10:46 | 000,146,368 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.04.28 20:10:46 | 000,118,772 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.04.28 20:05:14 | 000,145,713 | ---- | M] () -- C:\ProgramData\nvModes.001 [2013.04.28 20:04:37 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013.04.28 20:04:37 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013.04.28 20:04:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.04.28 20:03:53 | 3215,572,992 | -HS- | M] () -- C:\hiberfil.sys [2013.04.28 20:03:14 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2013.04.28 19:59:57 | 000,628,743 | ---- | M] () -- C:\Users\***\Desktop\adwcleaner.exe [2013.04.27 20:41:38 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2013.04.27 20:22:51 | 005,060,715 | R--- | M] (Swearware) -- C:\Users\***\Desktop\ComboFix.exe [2013.04.27 20:22:51 | 005,060,715 | ---- | M] (Swearware) -- C:\Users\***\Documents\ComboFix.exe [2013.04.27 15:43:28 | 000,000,512 | ---- | M] () -- C:\Users\***\Desktop\MBR.dat [2013.04.27 03:25:29 | 000,373,432 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013.04.26 12:49:49 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.04.26 12:13:29 | 282,783,146 | ---- | M] () -- C:\Windows\MEMORY.DMP [2013.04.04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys ========== Files Created - No Company Name ========== [2013.04.28 20:01:34 | 000,628,743 | ---- | C] () -- C:\Users\***\Desktop\adwcleaner.exe [2013.04.27 20:29:02 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.04.27 20:29:02 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.04.27 20:29:02 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.04.27 20:29:02 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.04.27 20:29:02 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.04.27 15:43:28 | 000,000,512 | ---- | C] () -- C:\Users\***\Desktop\MBR.dat [2013.04.26 18:20:25 | 3215,572,992 | -HS- | C] () -- C:\hiberfil.sys [2013.04.26 12:49:49 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.04.26 12:13:29 | 282,783,146 | ---- | C] () -- C:\Windows\MEMORY.DMP [2011.05.08 13:54:52 | 000,022,723 | ---- | C] () -- C:\Windows\System32\sugs2l3.dll [2011.05.08 13:51:43 | 000,483,328 | ---- | C] () -- C:\Windows\ssndii.exe [2011.05.08 13:49:53 | 000,026,624 | ---- | C] () -- C:\Windows\System32\spd__l3.dll [2011.05.08 13:49:51 | 000,339,968 | ---- | C] () -- C:\Windows\System32\DscPnt1.dll [2011.05.08 13:49:51 | 000,233,472 | ---- | C] () -- C:\Windows\System32\DscPnt0.dll [2011.05.08 13:49:51 | 000,229,376 | ---- | C] () -- C:\Windows\System32\DscPnt.dll [2010.01.02 11:18:46 | 000,007,168 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.03.16 02:22:18 | 000,145,713 | ---- | C] () -- C:\ProgramData\nvModes.001 [2009.03.16 02:22:11 | 000,145,713 | ---- | C] () -- C:\ProgramData\nvModes.dat ========== ZeroAccess Check ========== [2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > --- --- --- OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 28.04.2013 20:09:52 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,99 Gb Total Physical Memory | 1,73 Gb Available Physical Memory | 57,87% Memory free
6,18 Gb Paging File | 4,80 Gb Available in Paging File | 77,69% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,09 Gb Total Space | 82,88 Gb Free Space | 57,52% Space Free | Partition Type: NTFS
Drive D: | 144,00 Gb Total Space | 143,91 Gb Free Space | 99,94% Space Free | Partition Type: NTFS
Computer Name: ***-LAPTOP | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [CEWE FOTOSCHAU] -- "C:\Program Files\dm\dm-Fotowelt\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [dm-Fotowelt] -- "C:\Program Files\dm\dm-Fotowelt\dm-Fotowelt.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-331587386-2610647910-3138478596-1003]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00F54C23-0D9D-4BC0-8B7F-FCA560C405A1}" = lport=445 | protocol=6 | dir=in | app=system |
"{1B2497C2-9244-4CE8-A7C7-51FE7E92B2A5}" = rport=139 | protocol=6 | dir=out | app=system |
"{35FF2FE6-3A5C-47AA-9A64-2A909085B362}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=c:\windows\system32\svchost.exe |
"{4A2B3146-08CE-40B8-BDF4-85836A8148BB}" = rport=445 | protocol=6 | dir=out | app=system |
"{5053E717-6EBF-4A12-B98A-0AB7AEAEB59A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{50C73B9D-C87F-49A7-8C66-51513B24B85A}" = rport=138 | protocol=17 | dir=out | app=system |
"{53CA2DE1-2EED-48F1-851F-E0402AE3D608}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=c:\windows\system32\svchost.exe |
"{5AB6E35A-B403-4BA9-8C8F-CDAEBFFD21B5}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=c:\windows\system32\svchost.exe |
"{5E182C44-84CC-4D3C-BF28-EE7C73C7B247}" = lport=139 | protocol=6 | dir=in | app=system |
"{663AC32B-516A-418A-B91D-030082CDB9ED}" = rport=137 | protocol=17 | dir=out | app=system |
"{68121BFD-7B52-43F1-B027-08CB466590EA}" = lport=138 | protocol=17 | dir=in | app=system |
"{696CF346-7160-48D2-887E-77509FD20CC2}" = lport=1701 | protocol=17 | dir=in | app=system |
"{6E08B818-19DB-4788-A55A-4166023DA869}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=c:\windows\system32\svchost.exe |
"{711EFCDD-5798-4CBF-805E-1348617AC339}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=c:\windows\system32\svchost.exe |
"{7602E6F3-3FA1-4A49-95F0-B7356C6FE12A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{765B43BB-3454-4545-A177-D8131450FD1E}" = rport=1723 | protocol=6 | dir=out | app=system |
"{77F9C8D6-8731-4178-9F50-1D16ABF5BAA1}" = lport=445 | protocol=6 | dir=in | app=system |
"{7804D55B-3E5A-4AFF-9011-6C28CCC144A2}" = lport=443 | protocol=6 | dir=in | app=system |
"{7A54809C-C236-4C60-BD8F-456EBB252CAF}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=c:\windows\system32\svchost.exe |
"{7F751F53-15C3-4651-BE84-B56EC28A0D40}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A813F6C9-C1DD-43D1-8E07-9261B2303440}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=c:\windows\system32\svchost.exe |
"{A8850717-4E47-4132-BA21-6210BE815250}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{AB8A0AF9-A2F0-45A1-918D-876154EE2847}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{BDEB2330-DE96-4E51-B0C7-69794F1C8AE9}" = rport=1701 | protocol=17 | dir=out | app=system |
"{DD71F75F-2F5E-4E68-A599-451D0625E117}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{E5D415F8-2CD3-468C-B1B4-6536D7DE7E1A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{EC19A95D-C3AF-49CB-9FBF-EFC00A0DAD56}" = lport=1723 | protocol=6 | dir=in | app=system |
"{F09ACBD6-A8A7-4FE8-881F-F24D647B4812}" = lport=137 | protocol=17 | dir=in | app=system |
"{F5C925CD-AA26-41A9-A77B-7808701F05F3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{F734CC29-D501-42D5-8505-C82035F01FBA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{F760D1E4-0B50-4E51-B7A6-EB686E3976EF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{F7B36F81-2FF4-479D-BD74-62762FA093AF}" = lport=162 | protocol=17 | dir=in | svc=snmptrap | app=c:\windows\system32\snmptrap.exe |
"{FF2983FB-5B5B-45C8-A212-20733FBA363C}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=c:\windows\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1875C557-E160-4582-8BCB-D581EC7FC011}" = protocol=6 | dir=in | app=e:\network\epsonnetsetup\eneasyapp.exe |
"{39C3A882-2EDD-4D76-9299-C7CAA9486F02}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{3BFB8E91-B6C6-4875-931E-BEFD24B22E93}" = protocol=17 | dir=in | app=c:\windows\system32\lxcjcoms.exe |
"{3E740CEA-7484-441D-A42B-E8D40E8BF3DA}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{60A5DA3A-79C4-47E4-B7DF-67654BC4581E}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe |
"{6B76AC50-6CFF-41D1-B598-C0831F9F0CBF}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{7B942282-C231-4B4E-B8FC-FF173651B04E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{82F4D083-D7EE-4B48-BB56-10AF43B79669}" = protocol=17 | dir=in | app=e:\network\epsonnetsetup\eneasyapp.exe |
"{8841B10D-6865-4EF9-BB36-CC2FF031ABB1}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{92892DD7-429B-4ED1-B60F-F0179729E46D}" = protocol=6 | dir=out | app=system |
"{957CE3C8-960C-439B-A702-673FAA00B4BE}" = protocol=6 | dir=in | app=c:\windows\system32\supdsvc.exe |
"{AA69C5CF-12F5-42EC-B2C5-08A89854E447}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{AD57DC4D-359C-4E54-8D0D-29317AD3C4CF}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxcjpswx.exe |
"{B3B6485B-2510-4D0B-9C2B-403E2B19075E}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxcjpswx.exe |
"{B48A66D2-FC0B-4F1B-A130-227C8B9BD017}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{BA7A9EDA-9D0E-4FFC-A9E8-2FE4DA8AFBA5}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{BF3F31B0-F1B1-43CF-845F-937F01849CD3}" = protocol=17 | dir=in | app=c:\windows\system32\supdsvc.exe |
"{C12D34D6-4DD0-4227-B089-86CDC0EDFABC}" = protocol=17 | dir=in | app=c:\program files\epson software\ecprintersetup\enpapp.exe |
"{C64658BF-020A-4291-98F3-F09531E2A0B2}" = protocol=6 | dir=in | app=c:\program files\epson software\ecprintersetup\enpapp.exe |
"{D872E124-E477-4C05-A62A-F76462D21B90}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{DA7DD00D-18C6-4240-807B-D844DB8BA9C1}" = dir=in | app=c:\program files\cyberlink\powerdvd\powerdvd.exe |
"{E15BABEA-16FD-4591-BF86-C3D4C55FB693}" = protocol=6 | dir=out | app=c:\windows\system32\wudfhost.exe |
"{EFAE9A45-D4EF-4320-9539-E01CD8B5A6D5}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{F2C91E37-56A1-4CF9-9FDC-16A57917ECF1}" = protocol=6 | dir=in | app=c:\windows\system32\lxcjcoms.exe |
"{F8428E31-51B5-4738-A2CA-EC2E9248B9FD}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"TCP Query User{1E147243-FFAC-4228-A9BB-B805B9629497}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"UDP Query User{731F9092-6DE3-4BA6-87B9-53EDE2BD0842}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{004C5DA2-2051-4D25-94BA-51CF810C91EB}" = LightScribe System Software 1.12.37.1
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.0.1.6300
"{04983D37-2202-4295-94A2-8B547C66133F}" = Atheros WLAN Client
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}" = Epson FAX Utility
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution III
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{2DFB5485-A3EF-4298-9280-4AF80C9F4BE9}" = Microsoft SQL Server VSS Writer
"{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}" = Samsung Magic Doctor
"{36BEAD11-8577-49AD-9250-E06A50AE87B0}" = Microsoft SOAP Toolkit 2.0 SP2
"{3B69A712-4CBC-40B1-AE55-0203075FD093}" = Nokia Suite
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}" = Business Contact Manager für Outlook 2007
"{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}" = Easy Network Manager 3.0
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{547DCEC7-DD2A-47E9-82C7-5CF1EAB526DA}" = Microsoft SQL Server Native Client
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6F730513-8688-4C3C-90A3-6B9792CE2EF3}" = Easy Battery Manager
"{71A51B09-E7D3-11DB-A386-005056C00008}" = Vimicro UVC Camera
"{71A51B59-E7D3-11DB-A386-005056C00008}" = Namuga 1.3M Webcam
"{7390478C-8581-415E-92E9-2997D9306B81}" = PC Connectivity Solution
"{7B46F9CF-CF60-492E-816E-95EB1A9D1BB4}" = Play Camera
"{8E106A57-A17E-431D-B48F-175E42EB9F74}" = imagine digital freedom - Samsung
"{8ED43F7E-A8F6-4898-AF11-B6158F2EDF94}" = Epson Event Manager
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A57025CC-5F2E-4D01-B387-06DB10500D43}" = Nokia Connectivity Cable Driver
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AC76BA86-7AD7-1031-7B44-A81200000003}" = Adobe Reader 8.1.2 - Deutsch
"{AED53CDF-1046-4C6B-B5E2-C195125ECDA0}" = Intel(R) PROSet/Wireless WiFi-Software
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}" = Epson Connect Printer Setup
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E728441A-7820-4B1C-87C9-DE7BE37B2953}" = Download Navigator
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"17D063A0A9F5D5A225B76B1D9BCB5ADBE85C8382" = Windows-Treiberpaket - Nokia pccsmcfd “LegacyDriver” (05/31/2012 7.1.2.0)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Avira AntiVir Desktop" = Avira Free Antivirus
"Business Contact Manager für Outlook 2007" = Business Contact Manager für Outlook 2007
"dm-Fotowelt" = dm-Fotowelt
"EPSON PC-FAX Driver 2" = Epson PC-FAX Driver
"EPSON Scanner" = EPSON Scan
"EPSON WP-4535 Series" = EPSON WP-4535 Series Printer Uninstall
"EPSON WP-4535 Series Netg" = Netzwerkhandbuch EPSON WP-4535 Series
"EPSON WP-4535 Series Useg" = Benutzerhandbuch EPSON WP-4535 Series
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}" = Easy Network Manager 3.0
"InstallShield_{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus
"InstallShield_{7B46F9CF-CF60-492E-816E-95EB1A9D1BB4}" = Play Camera
"Lexmark 8300 Series" = Lexmark 8300 Series
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Thunderbird 9.0.1 (x86 de)" = Mozilla Thunderbird 9.0.1 (x86 de)
"Nokia Suite" = Nokia Suite
"NVIDIA Drivers" = NVIDIA Drivers
"PROHYBRIDR" = 2007 Microsoft Office system
"ProInst" = Intel PROSet Wireless
"Samsung ML-2010 Series" = Samsung ML-2010 Series
"SynTPDeinstKey" = Synaptics Pointing Device Driver
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 28.04.2013 14:04:33 | Computer Name = ***-Laptop | Source = MSSQL$MSSMLBIZ | ID = 17190
Description = Fehler beim Initialisieren des FallBack-Zertifikats. Fehlercode: 4.
Error - 28.04.2013 14:04:33 | Computer Name = ***-Laptop | Source = MSSQL$MSSMLBIZ | ID = 26015
Description = Das vom Benutzer angegebene Zertifikat kann nicht geladen werden.
Da die Verbindungsverschlüsselung erforderlich ist, wird vom Server keine Verbindung
akzeptiert. Überprüfen Sie, ob das Zertifikat richtig installiert ist. Lesen Sie
'Konfigurieren eines Zertifikats zur Verwendung durch SSL' in der Onlinedokumentation.
Error - 28.04.2013 14:04:33 | Computer Name = ***-Laptop | Source = MSSQL$MSSMLBIZ | ID = 17182
Description = Fehler bei der TDSSNIClient-Initialisierung. Fehler 0x80092004, Statuscode
0x80.
Error - 28.04.2013 14:04:33 | Computer Name = ***-Laptop | Source = MSSQL$MSSMLBIZ | ID = 17182
Description = Fehler bei der TDSSNIClient-Initialisierung. Fehler 0x80092004, Statuscode
0x1.
Error - 28.04.2013 14:04:33 | Computer Name = ***-Laptop | Source = MSSQL$MSSMLBIZ | ID = 17826
Description = Aufgrund eines internen Fehlers in einer Netzwerkbibliothek konnte
die Netzwerkbibliothek nicht gestartet werden. Überprüfen Sie zum Bestimmen der
Ursache die diesem Fehler unmittelbar vorhergehenden Fehler im Fehlerprotokoll.
Error - 28.04.2013 14:04:33 | Computer Name = ***-Laptop | Source = MSSQL$MSSMLBIZ | ID = 17120
Description = SQL Server konnte den Thread FRunCM nicht erzeugen. Suchen Sie im
SQL Server-Fehlerprotokoll und in den Windows-Ereignisprotokollen nach Informationen
zu möglichen verwandten Problemen.
Error - 28.04.2013 14:05:42 | Computer Name = ***-Laptop | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 28.04.2013 14:05:43 | Computer Name = ***-Laptop | Source = Service Control Manager | ID = 7000
Description =
Error - 28.04.2013 14:05:43 | Computer Name = ***-Laptop | Source = Service Control Manager | ID = 7000
Description =
Error - 28.04.2013 14:06:48 | Computer Name = ***-Laptop | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =
< End of report >
--- --- ---
|
|
28.04.2013, 19:40
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Hotmail-Account verschickt eigenständig Spam-Mails an Kontakte Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Vollscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
29.04.2013, 08:44
| #13 |
| | Hotmail-Account verschickt eigenständig Spam-Mails an Kontakte Hi cosinus, alles klar, vielen Dank für deine Hilfe. Malwarebytes Vollscan lief ohne Funde durch. Beste Grüße... |
|
29.04.2013, 09:53
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Hotmail-Account verschickt eigenständig Spam-Mails an Kontakte Bitte die Logs immer posten!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Hotmail-Account verschickt eigenständig Spam-Mails an Kontakte |
| autorun, avg, avira, avira searchfree toolbar, bho, defender, desktop, error, firefox, flash player, format, gmx.de, home, iexplore.exe, install.exe, logfile, mail.de, microsoft office 2003, nemesis, office 2007, realtek, registry, rundll, security, senden, server, software, spam, svchost.exe, udp, vista, wlan |
Linear-Darstellung
