Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Hotmail-Account verschickt eigenständig Spam-Mails an Kontakte

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 26.04.2013, 12:16   #1
westerm
 
Hotmail-Account verschickt eigenständig Spam-Mails an Kontakte - Standard

Hotmail-Account verschickt eigenständig Spam-Mails an Kontakte



Hallo,

von meinem (eigentlich gelöschten) Hotmail-Account werden Spam Mails an meine Kontakte versendet (Betreff ist leer, Mail enthält nur einen Link). Würde mich freuen wenn ihr mich bei der Suche nach der Ursache unterstützt.

Hier der Header der Spam-Mail:
Code:
ATTFilter
Return-Path: dummy***0@hotmail.de 

Received: from bay0-omc2-s1.bay0.hotmail.com ([65.54.190.76]) by mx-ha.gmx.net (mxgmx105) with ESMTP (Nemesis) id 0M3dPh-1Ulloi47BR-00rDTl for <dummy***1@gmx.de>; Mon, 22 Apr 2013 13:27:10 +0200
 
Received: from BAY002-M81 ([65.54.190.125]) by bay0-omc2-s1.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.4675); Mon, 22 Apr 2013 04:27:08 -0700
 
X-EIP: [Eh1Ve7NqIsXUlE3V934ZL8LY0FKcgoJQ] 

X-Originating-Email: [dummy***0@hotmail.de] 

Message-ID: <BAY002-M811225F3B2379E91F87B4BDFCB0@phx.gbl> 

Content-Type: multipart/alternative; boundary=_00916399-9806-41fe-876e-9ba278eb9ae6_
 
From: dummy***0@hotmail.de 

To: ***
 
Subject: 

Date: Mon, 22 Apr 2013 13:27:08 +0200 

Importance: Normal 

MIME-Version: 1.0 

X-OriginalArrivalTime: 22 Apr 2013 11:27:08.0625 (UTC) FILETIME=[53332C10:01CE3F4C]
 
Envelope-To: <dummy***1@gmx.de> 

X-GMX-Antispam: 6 (nemesis text pattern profiler); Detail=V3; 

X-GMX-Antivirus: 0 (no virus found)
         

Hier die Log-Files der initialen Scans:
OTL.txt
Code:
ATTFilter
OTL logfile created on: 26.04.2013 11:22:51 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Sylvi\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 1,69 Gb Available Physical Memory | 56,31% Memory free
6,21 Gb Paging File | 4,77 Gb Available in Paging File | 76,83% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,09 Gb Total Space | 82,97 Gb Free Space | 57,59% Space Free | Partition Type: NTFS
Drive D: | 144,00 Gb Total Space | 143,91 Gb Free Space | 99,94% Space Free | Partition Type: NTFS
 
Computer Name: ***-LAPTOP | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\***\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Windows\System32\spool\drivers\w32x86\3\E_TATIH3E.EXE (SEIKO EPSON CORPORATION)
PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Nokia\Nokia Suite\NokiaSuite.exe (Nokia)
PRC - C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia)
PRC - C:\Programme\PC Connectivity Solution\Transports\NclUSBSrv.exe (Nokia)
PRC - C:\Programme\Ask.com\Updater\Updater.exe (Ask)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\EPSON Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
PRC - C:\Windows\System32\Macromed\Flash\FlashUtil10e.exe (Adobe Systems, Inc.)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Programme\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Programme\Samsung\Easy Display Manager\dmhkcore.exe (SAMSUNG Electronics)
PRC - C:\Programme\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Programme\Samsung\EBM\EasyBatteryMgr3.exe (SAMSUNG Electronics co., LTD.)
PRC - C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
PRC - C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
PRC - C:\Programme\Samsung\Samsung Update Plus\SLUTrayNotifier.exe ()
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Programme\Lexmark 8300 Series\ezprint.exe (Lexmark International Inc.)
PRC - C:\Programme\Lexmark 8300 Series\lxcjmon.exe (Lexmark International, Inc.)
PRC - C:\Windows\System32\lxcjcoms.exe ( )
PRC - C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\Nokia\Nokia Suite\phonon4.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\QtXmlPatterns4.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\QtXml4.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\QtWebKit4.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\QtSql4.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\QtScript4.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\QtOpenGL4.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\QtGui4.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\QtNetwork4.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\QtMultimediaKit1.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\QtDeclarative4.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\QtCore4.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\sqldrivers\qsqlite4.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\Imageformats\qjpeg4.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\Imageformats\qico4.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\Imageformats\qgif4.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\NService.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\CommonUpdateChecker.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\ssoengine.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\securestorage.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\mediaservice\dsengine.dll ()
MOD - C:\Programme\Samsung\Samsung Update Plus\SLUTrayNotifier.exe ()
MOD - C:\Programme\Common Files\LightScribe\QtGui4.dll ()
MOD - C:\Programme\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll ()
MOD - C:\Programme\Common Files\LightScribe\QtCore4.dll ()
MOD - C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()
MOD - C:\Programme\Samsung\Samsung Magic Doctor\HookDllPS2.dll ()
MOD - C:\Programme\Samsung\EasySpeedUpManager\HookDllPS2.dll ()
MOD - C:\Programme\Samsung\Easy Display Manager\HookDllPS2.dll ()
MOD - C:\Programme\Lexmark 8300 Series\lxcjdrec.dll ()
MOD - C:\Programme\Lexmark 8300 Series\iptk.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (ServiceLayer) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirWebService) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (EvtEng) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (RegSrvc) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (Samsung Update Plus) -- C:\Programme\Samsung\Samsung Update Plus\SLUBackgroundService.exe ()
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (lxcj_device) -- C:\Windows\System32\lxcjcoms.exe ( )
SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (MSSQL$MSSMLBIZ) -- C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (SQLBrowser) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
SRV - (SQLWriter) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (MSSQLServerADHelper) -- C:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (VMC302) -- System32\Drivers\VMC302.sys File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (nmwcdnsu) -- C:\Windows\System32\drivers\nmwcdnsu.sys (Nokia)
DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia)
DRV - (nmwcdnsuc) -- C:\Windows\System32\drivers\nmwcdnsuc.sys (Nokia)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (VMC326) -- C:\Windows\System32\drivers\VMC326.sys (Vimicro Corporation)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (NETw3v32) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel Corporation)
DRV - (KMDFMEMIO) -- C:\Windows\System32\drivers\KMDFMEMIO.sys (SAMSUNG ELECTRONICS CO., LTD.)
DRV - (SSPORT) -- C:\Windows\System32\drivers\SSPORT.SYS (Samsung Electronics)
DRV - (DgiVecp) -- C:\Windows\System32\drivers\DGIVECP.SYS (Samsung Electronics Co., Ltd.)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (bcm4sbxp) -- C:\Windows\System32\drivers\bcm4sbxp.sys (Broadcom Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.t-online.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {9CE5FB8D-55DC-4925-BA38-97B53075E33A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{42B8115D-820C-4B25-A82A-D8BD1532396D}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=800e40be-98ba-4b07-99dc-f66361ff394e&apn_sauid=3108C686-0A1E-4796-BFAE-483F77516E0F
IE - HKCU\..\SearchScopes\{9CE5FB8D-55DC-4925-BA38-97B53075E33A}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.01.08 19:59:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2011.06.11 18:03:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2011.06.11 18:03:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark 8300 Series\ezprint.exe (Lexmark International Inc.)
O4 - HKLM..\Run: [FUFAXRCV] C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [LXCJCATS] C:\Windows\System32\spool\DRIVERS\W32X86\3\LXCJtime.DLL (Lexmark International Inc.)
O4 - HKLM..\Run: [lxcjmon.exe] C:\Program Files\Lexmark 8300 Series\lxcjmon.exe (Lexmark International, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()
O4 - HKCU..\Run: [EPLTarget\P0000000000000000] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_TATIH3E.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [EPLTarget\P0000000000000001] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_TATIH3E.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [NokiaSuite.exe] C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe (Nokia)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{52F78981-3328-4EF4-8B22-47FFE3EDFE2B}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Sylvi\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Sylvi\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{a961b98f-9890-11de-ada0-001377f2336b}\Shell\AutoRun\command - "" = F:\Menu.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\InstallNavi.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.04.04 19:00:00 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usb8023.sys
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.04.26 11:13:46 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.26 11:13:46 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.26 11:12:06 | 000,675,412 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.04.26 11:12:06 | 000,633,886 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.04.26 11:12:06 | 000,146,368 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.04.26 11:12:06 | 000,118,772 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.04.26 11:10:59 | 000,145,713 | ---- | M] () -- C:\ProgramData\nvModes.001
[2013.04.26 11:10:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.26 09:48:38 | 3215,572,992 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.16 19:24:04 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.05.08 13:54:52 | 000,022,723 | ---- | C] () -- C:\Windows\System32\sugs2l3.dll
[2011.05.08 13:51:43 | 000,483,328 | ---- | C] () -- C:\Windows\ssndii.exe
[2011.05.08 13:49:53 | 000,026,624 | ---- | C] () -- C:\Windows\System32\spd__l3.dll
[2011.05.08 13:49:51 | 000,339,968 | ---- | C] () -- C:\Windows\System32\DscPnt1.dll
[2011.05.08 13:49:51 | 000,233,472 | ---- | C] () -- C:\Windows\System32\DscPnt0.dll
[2011.05.08 13:49:51 | 000,229,376 | ---- | C] () -- C:\Windows\System32\DscPnt.dll
[2010.01.02 11:18:46 | 000,007,168 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.03.16 02:22:18 | 000,145,713 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009.03.16 02:22:11 | 000,145,713 | ---- | C] () -- C:\ProgramData\nvModes.dat
 
========== ZeroAccess Check ==========
 
[2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
         
Extras.txt
Code:
ATTFilter
OTL Extras logfile created on: 26.04.2013 11:22:51 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\***\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 1,69 Gb Available Physical Memory | 56,31% Memory free
6,21 Gb Paging File | 4,77 Gb Available in Paging File | 76,83% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,09 Gb Total Space | 82,97 Gb Free Space | 57,59% Space Free | Partition Type: NTFS
Drive D: | 144,00 Gb Total Space | 143,91 Gb Free Space | 99,94% Space Free | Partition Type: NTFS
 
Computer Name: ***-LAPTOP | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [CEWE FOTOSCHAU] -- "C:\Program Files\dm\dm-Fotowelt\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [dm-Fotowelt] -- "C:\Program Files\dm\dm-Fotowelt\dm-Fotowelt.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-331587386-2610647910-3138478596-1003]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00F54C23-0D9D-4BC0-8B7F-FCA560C405A1}" = lport=445 | protocol=6 | dir=in | app=system | 
"{1B2497C2-9244-4CE8-A7C7-51FE7E92B2A5}" = rport=139 | protocol=6 | dir=out | app=system | 
"{35FF2FE6-3A5C-47AA-9A64-2A909085B362}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=c:\windows\system32\svchost.exe | 
"{4A2B3146-08CE-40B8-BDF4-85836A8148BB}" = rport=445 | protocol=6 | dir=out | app=system | 
"{5053E717-6EBF-4A12-B98A-0AB7AEAEB59A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{50C73B9D-C87F-49A7-8C66-51513B24B85A}" = rport=138 | protocol=17 | dir=out | app=system | 
"{53CA2DE1-2EED-48F1-851F-E0402AE3D608}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=c:\windows\system32\svchost.exe | 
"{5AB6E35A-B403-4BA9-8C8F-CDAEBFFD21B5}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=c:\windows\system32\svchost.exe | 
"{5E182C44-84CC-4D3C-BF28-EE7C73C7B247}" = lport=139 | protocol=6 | dir=in | app=system | 
"{663AC32B-516A-418A-B91D-030082CDB9ED}" = rport=137 | protocol=17 | dir=out | app=system | 
"{68121BFD-7B52-43F1-B027-08CB466590EA}" = lport=138 | protocol=17 | dir=in | app=system | 
"{696CF346-7160-48D2-887E-77509FD20CC2}" = lport=1701 | protocol=17 | dir=in | app=system | 
"{6E08B818-19DB-4788-A55A-4166023DA869}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=c:\windows\system32\svchost.exe | 
"{711EFCDD-5798-4CBF-805E-1348617AC339}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=c:\windows\system32\svchost.exe | 
"{7602E6F3-3FA1-4A49-95F0-B7356C6FE12A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{765B43BB-3454-4545-A177-D8131450FD1E}" = rport=1723 | protocol=6 | dir=out | app=system | 
"{77F9C8D6-8731-4178-9F50-1D16ABF5BAA1}" = lport=445 | protocol=6 | dir=in | app=system | 
"{7804D55B-3E5A-4AFF-9011-6C28CCC144A2}" = lport=443 | protocol=6 | dir=in | app=system | 
"{7A54809C-C236-4C60-BD8F-456EBB252CAF}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=c:\windows\system32\svchost.exe | 
"{7F751F53-15C3-4651-BE84-B56EC28A0D40}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{A813F6C9-C1DD-43D1-8E07-9261B2303440}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=c:\windows\system32\svchost.exe | 
"{A8850717-4E47-4132-BA21-6210BE815250}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{AB8A0AF9-A2F0-45A1-918D-876154EE2847}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
"{BDEB2330-DE96-4E51-B0C7-69794F1C8AE9}" = rport=1701 | protocol=17 | dir=out | app=system | 
"{DD71F75F-2F5E-4E68-A599-451D0625E117}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{E5D415F8-2CD3-468C-B1B4-6536D7DE7E1A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{EC19A95D-C3AF-49CB-9FBF-EFC00A0DAD56}" = lport=1723 | protocol=6 | dir=in | app=system | 
"{F09ACBD6-A8A7-4FE8-881F-F24D647B4812}" = lport=137 | protocol=17 | dir=in | app=system | 
"{F5C925CD-AA26-41A9-A77B-7808701F05F3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{F734CC29-D501-42D5-8505-C82035F01FBA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{F760D1E4-0B50-4E51-B7A6-EB686E3976EF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{F7B36F81-2FF4-479D-BD74-62762FA093AF}" = lport=162 | protocol=17 | dir=in | svc=snmptrap | app=c:\windows\system32\snmptrap.exe | 
"{FF2983FB-5B5B-45C8-A212-20733FBA363C}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=c:\windows\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1875C557-E160-4582-8BCB-D581EC7FC011}" = protocol=6 | dir=in | app=e:\network\epsonnetsetup\eneasyapp.exe | 
"{39C3A882-2EDD-4D76-9299-C7CAA9486F02}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{3BFB8E91-B6C6-4875-931E-BEFD24B22E93}" = protocol=17 | dir=in | app=c:\windows\system32\lxcjcoms.exe | 
"{3E740CEA-7484-441D-A42B-E8D40E8BF3DA}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe | 
"{60A5DA3A-79C4-47E4-B7DF-67654BC4581E}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe | 
"{6B76AC50-6CFF-41D1-B598-C0831F9F0CBF}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe | 
"{7B942282-C231-4B4E-B8FC-FF173651B04E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{82F4D083-D7EE-4B48-BB56-10AF43B79669}" = protocol=17 | dir=in | app=e:\network\epsonnetsetup\eneasyapp.exe | 
"{8841B10D-6865-4EF9-BB36-CC2FF031ABB1}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{92892DD7-429B-4ED1-B60F-F0179729E46D}" = protocol=6 | dir=out | app=system | 
"{957CE3C8-960C-439B-A702-673FAA00B4BE}" = protocol=6 | dir=in | app=c:\windows\system32\supdsvc.exe | 
"{AA69C5CF-12F5-42EC-B2C5-08A89854E447}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe | 
"{AD57DC4D-359C-4E54-8D0D-29317AD3C4CF}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxcjpswx.exe | 
"{B3B6485B-2510-4D0B-9C2B-403E2B19075E}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxcjpswx.exe | 
"{B48A66D2-FC0B-4F1B-A130-227C8B9BD017}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{BA7A9EDA-9D0E-4FFC-A9E8-2FE4DA8AFBA5}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{BF3F31B0-F1B1-43CF-845F-937F01849CD3}" = protocol=17 | dir=in | app=c:\windows\system32\supdsvc.exe | 
"{C12D34D6-4DD0-4227-B089-86CDC0EDFABC}" = protocol=17 | dir=in | app=c:\program files\epson software\ecprintersetup\enpapp.exe | 
"{C64658BF-020A-4291-98F3-F09531E2A0B2}" = protocol=6 | dir=in | app=c:\program files\epson software\ecprintersetup\enpapp.exe | 
"{D872E124-E477-4C05-A62A-F76462D21B90}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe | 
"{DA7DD00D-18C6-4240-807B-D844DB8BA9C1}" = dir=in | app=c:\program files\cyberlink\powerdvd\powerdvd.exe | 
"{E15BABEA-16FD-4591-BF86-C3D4C55FB693}" = protocol=6 | dir=out | app=c:\windows\system32\wudfhost.exe | 
"{EFAE9A45-D4EF-4320-9539-E01CD8B5A6D5}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe | 
"{F2C91E37-56A1-4CF9-9FDC-16A57917ECF1}" = protocol=6 | dir=in | app=c:\windows\system32\lxcjcoms.exe | 
"{F8428E31-51B5-4738-A2CA-EC2E9248B9FD}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"TCP Query User{1E147243-FFAC-4228-A9BB-B805B9629497}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | 
"UDP Query User{731F9092-6DE3-4BA6-87B9-53EDE2BD0842}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{004C5DA2-2051-4D25-94BA-51CF810C91EB}" = LightScribe System Software  1.12.37.1
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.0.1.6300
"{04983D37-2202-4295-94A2-8B547C66133F}" = Atheros WLAN Client
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}" = Epson FAX Utility
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution III
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{2DFB5485-A3EF-4298-9280-4AF80C9F4BE9}" = Microsoft SQL Server VSS Writer
"{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}" = Samsung Magic Doctor
"{36BEAD11-8577-49AD-9250-E06A50AE87B0}" = Microsoft SOAP Toolkit 2.0 SP2
"{3B69A712-4CBC-40B1-AE55-0203075FD093}" = Nokia Suite
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}" = Business Contact Manager für Outlook 2007
"{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}" = Easy Network Manager 3.0
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{547DCEC7-DD2A-47E9-82C7-5CF1EAB526DA}" = Microsoft SQL Server Native Client
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6F730513-8688-4C3C-90A3-6B9792CE2EF3}" = Easy Battery Manager
"{71A51B09-E7D3-11DB-A386-005056C00008}" = Vimicro UVC Camera
"{71A51B59-E7D3-11DB-A386-005056C00008}" = Namuga 1.3M Webcam
"{7390478C-8581-415E-92E9-2997D9306B81}" = PC Connectivity Solution
"{7B46F9CF-CF60-492E-816E-95EB1A9D1BB4}" = Play Camera
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8E106A57-A17E-431D-B48F-175E42EB9F74}" = imagine digital freedom - Samsung
"{8ED43F7E-A8F6-4898-AF11-B6158F2EDF94}" = Epson Event Manager
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A57025CC-5F2E-4D01-B387-06DB10500D43}" = Nokia Connectivity Cable Driver
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AC76BA86-7AD7-1031-7B44-A81200000003}" = Adobe Reader 8.1.2 - Deutsch
"{AED53CDF-1046-4C6B-B5E2-C195125ECDA0}" = Intel(R) PROSet/Wireless WiFi-Software
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}" = Epson Connect Printer Setup
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E728441A-7820-4B1C-87C9-DE7BE37B2953}" = Download Navigator
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"17D063A0A9F5D5A225B76B1D9BCB5ADBE85C8382" = Windows-Treiberpaket - Nokia pccsmcfd “LegacyDriver”  (05/31/2012 7.1.2.0)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Avira AntiVir Desktop" = Avira Free Antivirus
"Business Contact Manager für Outlook 2007" = Business Contact Manager für Outlook 2007
"dm-Fotowelt" = dm-Fotowelt
"EPSON PC-FAX Driver 2" = Epson PC-FAX Driver
"EPSON Scanner" = EPSON Scan
"EPSON WP-4535 Series" = EPSON WP-4535 Series Printer Uninstall
"EPSON WP-4535 Series Netg" = Netzwerkhandbuch EPSON WP-4535 Series
"EPSON WP-4535 Series Useg" = Benutzerhandbuch EPSON WP-4535 Series
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}" = Easy Network Manager 3.0
"InstallShield_{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus
"InstallShield_{7B46F9CF-CF60-492E-816E-95EB1A9D1BB4}" = Play Camera
"Lexmark 8300 Series" = Lexmark 8300 Series
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Thunderbird 9.0.1 (x86 de)" = Mozilla Thunderbird 9.0.1 (x86 de)
"Nokia Suite" = Nokia Suite
"NVIDIA Drivers" = NVIDIA Drivers
"PROHYBRIDR" = 2007 Microsoft Office system
"ProInst" = Intel PROSet Wireless
"Samsung ML-2010 Series" = Samsung ML-2010 Series
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 17.01.2013 13:24:43 | Computer Name = ***-Laptop | Source = MSSQL$MSSMLBIZ | ID = 17826
Description = Aufgrund eines internen Fehlers in einer Netzwerkbibliothek konnte
 die Netzwerkbibliothek nicht gestartet werden. Überprüfen Sie zum Bestimmen der
 Ursache die diesem Fehler unmittelbar vorhergehenden Fehler im Fehlerprotokoll.
 
Error - 17.01.2013 13:24:43 | Computer Name = ***-Laptop | Source = MSSQL$MSSMLBIZ | ID = 17120
Description = SQL Server konnte den Thread FRunCM nicht erzeugen. Suchen Sie im 
SQL Server-Fehlerprotokoll und in den Windows-Ereignisprotokollen nach Informationen
 zu möglichen verwandten Problemen.
 
Error - 17.01.2013 13:25:39 | Computer Name = ***-Laptop | Source = WinMgmt | ID = 10
Description = 
 
Error - 23.01.2013 14:32:34 | Computer Name = ***-Laptop | Source = MSSQL$MSSMLBIZ | ID = 17190
Description = Fehler beim Initialisieren des FallBack-Zertifikats. Fehlercode: 4.
 
Error - 23.01.2013 14:32:34 | Computer Name = ***-Laptop | Source = MSSQL$MSSMLBIZ | ID = 26015
Description = Das vom Benutzer angegebene Zertifikat kann nicht geladen werden. 
Da die Verbindungsverschlüsselung erforderlich ist, wird vom Server keine Verbindung
 akzeptiert. Überprüfen Sie, ob das Zertifikat richtig installiert ist. Lesen Sie
 'Konfigurieren eines Zertifikats zur Verwendung durch SSL' in der Onlinedokumentation.
 
Error - 23.01.2013 14:32:34 | Computer Name = ***-Laptop | Source = MSSQL$MSSMLBIZ | ID = 17182
Description = Fehler bei der TDSSNIClient-Initialisierung. Fehler 0x80092004, Statuscode
 0x80.
 
Error - 23.01.2013 14:32:34 | Computer Name = ***-Laptop | Source = MSSQL$MSSMLBIZ | ID = 17182
Description = Fehler bei der TDSSNIClient-Initialisierung. Fehler 0x80092004, Statuscode
 0x1.
 
Error - 23.01.2013 14:32:34 | Computer Name = ***-Laptop | Source = MSSQL$MSSMLBIZ | ID = 17826
Description = Aufgrund eines internen Fehlers in einer Netzwerkbibliothek konnte
 die Netzwerkbibliothek nicht gestartet werden. Überprüfen Sie zum Bestimmen der
 Ursache die diesem Fehler unmittelbar vorhergehenden Fehler im Fehlerprotokoll.
 
Error - 23.01.2013 14:32:34 | Computer Name = ***-Laptop | Source = MSSQL$MSSMLBIZ | ID = 17120
Description = SQL Server konnte den Thread FRunCM nicht erzeugen. Suchen Sie im 
SQL Server-Fehlerprotokoll und in den Windows-Ereignisprotokollen nach Informationen
 zu möglichen verwandten Problemen.
 
Error - 23.01.2013 14:33:24 | Computer Name = ***-Laptop | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 07.01.2010 11:03:27 | Computer Name = ***-Laptop | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 07.01.2010 15:07:31 | Computer Name = ***-Laptop | Source = HTTP | ID = 15016
Description = 
 
Error - 07.01.2010 15:08:02 | Computer Name = ***-Laptop | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
Error - 07.01.2010 15:09:12 | Computer Name = ***-Laptop | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 08.01.2010 12:41:43 | Computer Name = ***-Laptop | Source = HTTP | ID = 15016
Description = 
 
Error - 08.01.2010 12:42:20 | Computer Name = ***-Laptop | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
Error - 08.01.2010 12:43:21 | Computer Name = ***-Laptop | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 09.01.2010 10:42:34 | Computer Name = ***-Laptop | Source = HTTP | ID = 15016
Description = 
 
Error - 09.01.2010 10:43:10 | Computer Name = ***-Laptop | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
Error - 09.01.2010 10:44:12 | Computer Name = ***-Laptop | Source = Service Control Manager | ID = 7000
Description = 
 
 
< End of report >
         
Beim GMER Scan ist der PC abgestürzt, daher habe ich ihn jetzt erstmal nicht wiederholt. Einen Malwarebytes QuickScan habe ich ebenfalls durchgeführt der hat allerdings nichts gefunden.

Vielen Dank und beste Grüße...

Alt 26.04.2013, 15:22   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Hotmail-Account verschickt eigenständig Spam-Mails an Kontakte - Standard

Hotmail-Account verschickt eigenständig Spam-Mails an Kontakte



Hallo und

Wurde das Passwort von einem sauberen Rechner aus schon geändert?

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die jemals fündig geworden?
Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 26.04.2013, 16:28   #3
westerm
 
Hotmail-Account verschickt eigenständig Spam-Mails an Kontakte - Standard

Hotmail-Account verschickt eigenständig Spam-Mails an Kontakte



Hallo cosinus,

ja das Passwort wurde vor dem Löschen des Accounts bei Hotmail nochmal geändert. Seitdem wurde von mir nicht mehr auf den Account zugegriffen. Ob der Rechner damals allerdings sauber war weiß ich nicht (war vor ca. 6 Monaten), kann auch sein dass ich mit dem Passwort per Webmail von verschiedenen Rechnern aus angemeldet war. Soll ich es nochmal ändern von nem Gerät das sicher sauber ist?

Malwarebytes hat wie gesagt nichts gefunden und bei Avira ist auch kein Fund im Log.

Danke und Grüße...
__________________

Alt 26.04.2013, 16:31   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Hotmail-Account verschickt eigenständig Spam-Mails an Kontakte - Standard

Hotmail-Account verschickt eigenständig Spam-Mails an Kontakte



Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Die Logs der aufgegebenen Tools wie zB Malwarebytes sind immer zu posten - egal ob ein Fund dabei war oder nicht!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.


Rootkitscan mit GMER

Bitte lade dir GMER Rootkit Scanner GMER herunter: (Dateiname zufällig)
  • Schließe alle anderen Programme, deaktiviere deinen Virenscanner und trenne den Rechner vom Internet bevor du GMER startest.
  • Sollte sich nach dem Start ein Fenster mit folgender Warnung öffnen:
    WARNING !!!
    GMER has found system modification, which might have been caused by ROOTKIT activity.
    Do you want to fully scan your system ?
    Unbedingt auf "No" klicken.
  • Entferne rechts den Haken bei: IAT/EAT und Show All
  • Setze den Haken bei Quickscan und entferne ihn bei allen anderen Laufwerken.
  • Starte den Scan mit "Scan".
  • Mache nichts am Computer während der Scan läuft.
  • Wenn der Scan fertig ist klicke auf Save und speichere die Logfile unter Gmer.txt auf deinem Desktop. Mit "Ok" wird GMER beendet.
Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!


Tauchen Probleme auf?
  • Probiere alternativ den abgesicherten Modus.
  • Erhältst du einen Bluescreen, dann entferne den Haken vor Devices.


Anschließend bitte MBAR ausführen:

Malwarebytes Anti-Rootkit (MBAR)

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 26.04.2013, 18:28   #5
westerm
 
Hotmail-Account verschickt eigenständig Spam-Mails an Kontakte - Standard

Hotmail-Account verschickt eigenständig Spam-Mails an Kontakte



Hi,

hier die Ergebnisse der Scans mit GMER und MBAR

Gmer
Wenn ich es im normalen Modus starte stürzt es ab. Auch wenn ich das Häkchen bei Devices rausmache. Allerdings macht das Programm anscheinend beim Start (bevor ich den eigentlichen Scan starte) schon nen kleinen Mini-Scan. Das Log-File dazu sieht so aus:
Code:
ATTFilter
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit quick scan 2013-04-26 18:24:44
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD32 rev.11.0 298,09GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Sylvi\AppData\Local\Temp\pglyrpog.sys


---- Disk sectors - GMER 2.1 ----

Disk            \Device\Harddisk0\DR0                    unknown MBR code

---- Devices - GMER 2.1 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0  Wdf01000.sys
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1  Wdf01000.sys

---- EOF - GMER 2.1 ----
         
Ich habe GMER dann auch im Abgesicherten Modus gestartet, wo es komplett durchlief. Logfile:
Code:
ATTFilter
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-04-26 18:18:55
Windows 6.0.6002 Service Pack 2 
Running: gmer_2.1.19163.exe


---- Registry - GMER 2.1 ----

Reg  HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0002787923ce                      
Reg  HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001fe1f37b91                      
Reg  HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001fe1f5d89c                      
Reg  HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002269cdd0c4                      
Reg  HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance@Last Counter                         5934
Reg  HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance@Last Help                            5935
Reg  HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance@Object List                          5740 5746 5758 5768 5778 5798 5842 5852 5890 5896 5912 5920
Reg  HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0002787923ce (not active ControlSet)  
Reg  HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001fe1f37b91 (not active ControlSet)  
Reg  HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001fe1f5d89c (not active ControlSet)  
Reg  HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\002269cdd0c4 (not active ControlSet)  

---- EOF - GMER 2.1 ----
         
MBAR
Mbar lief komplett durch hat aber nichts gefunden. Log:
Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org

Database version: v2013.04.26.04

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
*** :: ***-LAPTOP [administrator]

26.04.2013 18:40:19
mbar-log-2013-04-26 (18-40-19).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 28292
Time elapsed: 12 minute(s), 

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
         


Alt 26.04.2013, 23:05   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Hotmail-Account verschickt eigenständig Spam-Mails an Kontakte - Standard

Hotmail-Account verschickt eigenständig Spam-Mails an Kontakte



aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).




TDSS-Killer

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
--> Hotmail-Account verschickt eigenständig Spam-Mails an Kontakte

Alt 27.04.2013, 14:50   #7
westerm
 
Hotmail-Account verschickt eigenständig Spam-Mails an Kontakte - Standard

Hotmail-Account verschickt eigenständig Spam-Mails an Kontakte



Hi,

hier die beiden Logs. Es wurden keine Funde gemeldet.

aswMBR
Code:
ATTFilter
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-04-27 14:49:12
-----------------------------
14:49:12.186    OS Version: Windows 6.0.6002 Service Pack 2
14:49:12.186    Number of processors: 2 586 0xF0D
14:49:12.187    ComputerName: ***-LAPTOP  UserName: ***
14:49:13.666    Initialize success
15:13:48.895    AVAST engine defs: 13042700
15:21:45.712    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
15:21:45.716    Disk 0 Vendor: WDC_WD32 11.0 Size: 305245MB BusType: 3
15:21:45.823    Disk 0 MBR read successfully
15:21:45.827    Disk 0 MBR scan
15:21:45.850    Disk 0 unknown MBR code
15:21:45.871    Disk 0 Partition 1 00     27 Hidden NTFS WinRE NTFS        10240 MB offset 2048
15:21:45.889    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS       147548 MB offset 20973568
15:21:45.917    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       147455 MB offset 323151872
15:21:45.926    Disk 0 scanning sectors +625139712
15:21:46.000    Disk 0 scanning C:\Windows\system32\drivers
15:21:57.158    Service scanning
15:22:22.491    Modules scanning
15:22:26.879    Disk 0 trace - called modules:
15:22:26.888    
15:22:27.812    AVAST engine scan C:\Windows
15:22:31.507    AVAST engine scan C:\Windows\system32
15:25:26.481    AVAST engine scan C:\Windows\system32\drivers
15:25:42.254    AVAST engine scan C:\Users\***
15:40:46.535    AVAST engine scan C:\ProgramData
15:41:15.214    Scan finished successfully
15:43:28.742    Disk 0 MBR has been saved successfully to "C:\Users\***\Desktop\MBR.dat"
15:43:28.749    The log file has been saved successfully to "C:\Users\***\Desktop\aswMBR.txt"
         
TDSS-Killer
Code:
ATTFilter
15:44:13.0763 3216  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
15:44:14.0417 3216  ============================================================
15:44:14.0418 3216  Current date / time: 2013/04/27 15:44:14.0417
15:44:14.0418 3216  SystemInfo:
15:44:14.0418 3216  
15:44:14.0418 3216  OS Version: 6.0.6002 ServicePack: 2.0
15:44:14.0418 3216  Product type: Workstation
15:44:14.0418 3216  ComputerName: ***-LAPTOP
15:44:14.0418 3216  UserName: ***
15:44:14.0418 3216  Windows directory: C:\Windows
15:44:14.0418 3216  System windows directory: C:\Windows
15:44:14.0418 3216  Processor architecture: Intel x86
15:44:14.0418 3216  Number of processors: 2
15:44:14.0418 3216  Page size: 0x1000
15:44:14.0418 3216  Boot type: Normal boot
15:44:14.0418 3216  ============================================================
15:44:14.0824 3216  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
15:44:14.0826 3216  ============================================================
15:44:14.0826 3216  \Device\Harddisk0\DR0:
15:44:14.0826 3216  MBR partitions:
15:44:14.0826 3216  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1400800, BlocksNum 0x1202E000
15:44:14.0826 3216  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1342E800, BlocksNum 0x11FFF800
15:44:14.0826 3216  ============================================================
15:44:14.0857 3216  C: <-> \Device\Harddisk0\DR0\Partition1
15:44:14.0909 3216  D: <-> \Device\Harddisk0\DR0\Partition2
15:44:14.0910 3216  ============================================================
15:44:14.0910 3216  Initialize success
15:44:14.0910 3216  ============================================================
15:44:21.0570 1576  ============================================================
15:44:21.0570 1576  Scan started
15:44:21.0570 1576  Mode: Manual; 
15:44:21.0570 1576  ============================================================
15:44:33.0280 1576  ================ Scan system memory ========================
15:44:33.0280 1576  System memory - ok
15:44:33.0280 1576  ================ Scan services =============================
15:44:33.0432 1576  [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI            C:\Windows\system32\drivers\acpi.sys
15:44:33.0438 1576  ACPI - ok
15:44:33.0487 1576  [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
15:44:33.0497 1576  adp94xx - ok
15:44:33.0526 1576  [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci         C:\Windows\system32\drivers\adpahci.sys
15:44:33.0533 1576  adpahci - ok
15:44:33.0571 1576  [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
15:44:33.0574 1576  adpu160m - ok
15:44:33.0616 1576  [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
15:44:33.0621 1576  adpu320 - ok
15:44:33.0666 1576  [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
15:44:33.0667 1576  AeLookupSvc - ok
15:44:33.0724 1576  [ 3911B972B55FEA0478476B2E777B29FA ] AFD             C:\Windows\system32\drivers\afd.sys
15:44:33.0731 1576  AFD - ok
15:44:33.0798 1576  [ CE91B158FA490CF4C4D487A4130F4660 ] AgereSoftModem  C:\Windows\system32\DRIVERS\AGRSM.sys
15:44:33.0833 1576  AgereSoftModem - ok
15:44:33.0899 1576  [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440          C:\Windows\system32\drivers\agp440.sys
15:44:33.0901 1576  agp440 - ok
15:44:33.0928 1576  [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
15:44:33.0931 1576  aic78xx - ok
15:44:33.0951 1576  [ A1545B731579895D8CC44FC0481C1192 ] ALG             C:\Windows\System32\alg.exe
15:44:33.0953 1576  ALG - ok
15:44:34.0008 1576  [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide          C:\Windows\system32\drivers\aliide.sys
15:44:34.0009 1576  aliide - ok
15:44:34.0035 1576  [ C47344BC706E5F0B9DCE369516661578 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
15:44:34.0036 1576  amdagp - ok
15:44:34.0059 1576  [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide          C:\Windows\system32\drivers\amdide.sys
15:44:34.0060 1576  amdide - ok
15:44:34.0087 1576  [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7           C:\Windows\system32\drivers\amdk7.sys
15:44:34.0089 1576  AmdK7 - ok
15:44:34.0110 1576  [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
15:44:34.0112 1576  AmdK8 - ok
15:44:34.0228 1576  [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
15:44:34.0231 1576  AntiVirSchedulerService - ok
15:44:34.0284 1576  [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService  C:\Program Files\Avira\AntiVir Desktop\avguard.exe
15:44:34.0287 1576  AntiVirService - ok
15:44:34.0319 1576  [ 676894FA57B671FEC5C3F05F8929E03B ] AntiVirWebService C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
15:44:34.0337 1576  AntiVirWebService - ok
15:44:34.0373 1576  [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo         C:\Windows\System32\appinfo.dll
15:44:34.0374 1576  Appinfo - ok
15:44:34.0425 1576  [ 5D2888182FB46632511ACEE92FDAD522 ] arc             C:\Windows\system32\drivers\arc.sys
15:44:34.0427 1576  arc - ok
15:44:34.0462 1576  [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
15:44:34.0464 1576  arcsas - ok
15:44:34.0499 1576  [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
15:44:34.0500 1576  AsyncMac - ok
15:44:34.0524 1576  [ 2D9C903DC76A66813D350A562DE40ED9 ] atapi           C:\Windows\system32\drivers\atapi.sys
15:44:34.0526 1576  atapi - ok
15:44:34.0606 1576  [ 600EFE56F37ADBD65A0FB076B50D1B8D ] athr            C:\Windows\system32\DRIVERS\athr.sys
15:44:34.0640 1576  athr - ok
15:44:34.0701 1576  [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:44:34.0707 1576  AudioEndpointBuilder - ok
15:44:34.0723 1576  [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv        C:\Windows\System32\Audiosrv.dll
15:44:34.0728 1576  Audiosrv - ok
15:44:34.0772 1576  [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
15:44:34.0775 1576  avgntflt - ok
15:44:34.0808 1576  [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
15:44:34.0811 1576  avipbb - ok
15:44:34.0833 1576  [ 53E56450DA16A1A7F0D002F511113F67 ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
15:44:34.0835 1576  avkmgr - ok
15:44:34.0886 1576  [ 08015D34F6FDD0B355805BAD978497C3 ] bcm4sbxp        C:\Windows\system32\DRIVERS\bcm4sbxp.sys
15:44:34.0888 1576  bcm4sbxp - ok
15:44:34.0906 1576  [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep            C:\Windows\system32\drivers\Beep.sys
15:44:34.0907 1576  Beep - ok
15:44:34.0955 1576  [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE             C:\Windows\System32\bfe.dll
15:44:34.0961 1576  BFE - ok
15:44:35.0022 1576  [ 93952506C6D67330367F7E7934B6A02F ] BITS            C:\Windows\System32\qmgr.dll
15:44:35.0056 1576  BITS - ok
15:44:35.0082 1576  [ D4DF28447741FD3D953526E33A617397 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
15:44:35.0084 1576  blbdrive - ok
15:44:35.0116 1576  [ 35F376253F687BDE63976CCB3F2108CA ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
15:44:35.0118 1576  bowser - ok
15:44:35.0149 1576  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
15:44:35.0150 1576  BrFiltLo - ok
15:44:35.0165 1576  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
15:44:35.0165 1576  BrFiltUp - ok
15:44:35.0206 1576  [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser         C:\Windows\System32\browser.dll
15:44:35.0208 1576  Browser - ok
15:44:35.0227 1576  [ B304E75CFF293029EDDF094246747113 ] Brserid         C:\Windows\system32\drivers\brserid.sys
15:44:35.0229 1576  Brserid - ok
15:44:35.0254 1576  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
15:44:35.0256 1576  BrSerWdm - ok
15:44:35.0274 1576  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
15:44:35.0275 1576  BrUsbMdm - ok
15:44:35.0293 1576  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
15:44:35.0294 1576  BrUsbSer - ok
15:44:35.0337 1576  [ DA7B195275BDA7F8FCF79B40E0F45DDE ] BthEnum         C:\Windows\system32\DRIVERS\BthEnum.sys
15:44:35.0338 1576  BthEnum - ok
15:44:35.0357 1576  [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
15:44:35.0376 1576  BTHMODEM - ok
15:44:35.0402 1576  [ 5904EFA25F829BF84EA6FB045134A1D8 ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
15:44:35.0405 1576  BthPan - ok
15:44:35.0437 1576  [ 73D53F8E90550BA81E2CF44A0873B410 ] BTHPORT         C:\Windows\system32\Drivers\BTHport.sys
15:44:35.0442 1576  BTHPORT - ok
15:44:35.0478 1576  [ A4C8377FA4A994E07075107DBE2E3DCE ] BthServ         C:\Windows\System32\bthserv.dll
15:44:35.0480 1576  BthServ - ok
15:44:35.0514 1576  [ 32045A4BB143BBC5BAB1298C4E9E309A ] BTHUSB          C:\Windows\system32\Drivers\BTHUSB.sys
15:44:35.0515 1576  BTHUSB - ok
15:44:35.0576 1576  [ 3EA1A20DC0CA1AD23E7AA8C37A91BCD1 ] btwaudio        C:\Windows\system32\drivers\btwaudio.sys
15:44:35.0578 1576  btwaudio - ok
15:44:35.0597 1576  [ 195872E48A7FB01F8BC9B800F70F4054 ] btwavdt         C:\Windows\system32\drivers\btwavdt.sys
15:44:35.0601 1576  btwavdt - ok
15:44:35.0631 1576  [ 0724E7D6C9B6A289EDDDA33FA8176E80 ] btwrchid        C:\Windows\system32\DRIVERS\btwrchid.sys
15:44:35.0632 1576  btwrchid - ok
15:44:35.0666 1576  [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
15:44:35.0668 1576  cdfs - ok
15:44:35.0739 1576  [ 6B4BFFB9BECD728097024276430DB314 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
15:44:35.0741 1576  cdrom - ok
15:44:35.0785 1576  [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc     C:\Windows\System32\certprop.dll
15:44:35.0787 1576  CertPropSvc - ok
15:44:35.0809 1576  [ E5D4133F37219DBCFE102BC61072589D ] circlass        C:\Windows\system32\drivers\circlass.sys
15:44:35.0810 1576  circlass - ok
15:44:35.0846 1576  [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS            C:\Windows\system32\CLFS.sys
15:44:35.0853 1576  CLFS - ok
15:44:35.0892 1576  [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:44:35.0896 1576  clr_optimization_v2.0.50727_32 - ok
15:44:35.0941 1576  [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
15:44:35.0942 1576  CmBatt - ok
15:44:35.0959 1576  [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
15:44:35.0961 1576  cmdide - ok
15:44:35.0971 1576  [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
15:44:35.0972 1576  Compbatt - ok
15:44:35.0982 1576  COMSysApp - ok
15:44:35.0995 1576  [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
15:44:35.0996 1576  crcdisk - ok
15:44:36.0022 1576  [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe          C:\Windows\system32\drivers\crusoe.sys
15:44:36.0023 1576  Crusoe - ok
15:44:36.0085 1576  [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
15:44:36.0088 1576  CryptSvc - ok
15:44:36.0140 1576  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch      C:\Windows\system32\rpcss.dll
15:44:36.0162 1576  DcomLaunch - ok
15:44:36.0207 1576  [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
15:44:36.0210 1576  DfsC - ok
15:44:36.0304 1576  [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR            C:\Windows\system32\DFSR.exe
15:44:36.0372 1576  DFSR - ok
15:44:36.0418 1576  [ 770471DE2550820FEEB7E5D24BF2E273 ] DgiVecp         C:\Windows\system32\Drivers\DgiVecp.sys
15:44:36.0419 1576  DgiVecp - ok
15:44:36.0483 1576  [ 9028559C132146FB75EB7ACF384B086A ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
15:44:36.0489 1576  Dhcp - ok
15:44:36.0516 1576  [ 5D4AEFC3386920236A548271F8F1AF6A ] disk            C:\Windows\system32\drivers\disk.sys
15:44:36.0517 1576  disk - ok
15:44:36.0549 1576  [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache        C:\Windows\System32\dnsrslvr.dll
15:44:36.0552 1576  Dnscache - ok
15:44:36.0582 1576  [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc         C:\Windows\System32\dot3svc.dll
15:44:36.0587 1576  dot3svc - ok
15:44:36.0631 1576  [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS             C:\Windows\system32\dps.dll
15:44:36.0634 1576  DPS - ok
15:44:36.0670 1576  [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
15:44:36.0671 1576  drmkaud - ok
15:44:36.0727 1576  [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
15:44:36.0749 1576  DXGKrnl - ok
15:44:36.0774 1576  [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60           C:\Windows\system32\DRIVERS\E1G60I32.sys
15:44:36.0778 1576  E1G60 - ok
15:44:36.0800 1576  [ C0B95E40D85CD807D614E264248A45B9 ] EapHost         C:\Windows\System32\eapsvc.dll
15:44:36.0803 1576  EapHost - ok
15:44:36.0857 1576  [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache          C:\Windows\system32\drivers\ecache.sys
15:44:36.0861 1576  Ecache - ok
15:44:36.0928 1576  [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
15:44:36.0936 1576  ehRecvr - ok
15:44:36.0954 1576  [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched         C:\Windows\ehome\ehsched.exe
15:44:36.0956 1576  ehSched - ok
15:44:36.0967 1576  [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart         C:\Windows\ehome\ehstart.dll
15:44:36.0968 1576  ehstart - ok
15:44:37.0018 1576  [ 23B62471681A124889978F6295B3F4C6 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
15:44:37.0026 1576  elxstor - ok
15:44:37.0085 1576  [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt         C:\Windows\system32\emdmgmt.dll
15:44:37.0106 1576  EMDMgmt - ok
15:44:37.0132 1576  [ 3DB974F3935483555D7148663F726C61 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
15:44:37.0133 1576  ErrDev - ok
15:44:37.0178 1576  [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem     C:\Windows\system32\es.dll
15:44:37.0184 1576  EventSystem - ok
15:44:37.0251 1576  [ 2D41D7250F73272946DE04FF7A19761E ] EvtEng          C:\Program Files\Intel\WiFi\bin\EvtEng.exe
15:44:37.0274 1576  EvtEng - ok
15:44:37.0328 1576  [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat           C:\Windows\system32\drivers\exfat.sys
15:44:37.0330 1576  exfat - ok
15:44:37.0362 1576  [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
15:44:37.0395 1576  fastfat - ok
15:44:37.0439 1576  [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
15:44:37.0441 1576  fdc - ok
15:44:37.0472 1576  [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost         C:\Windows\system32\fdPHost.dll
15:44:37.0475 1576  fdPHost - ok
15:44:37.0493 1576  [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub        C:\Windows\system32\fdrespub.dll
15:44:37.0496 1576  FDResPub - ok
15:44:37.0530 1576  [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
15:44:37.0533 1576  FileInfo - ok
15:44:37.0557 1576  [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
15:44:37.0559 1576  Filetrace - ok
15:44:37.0602 1576  [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
15:44:37.0603 1576  flpydisk - ok
15:44:37.0639 1576  [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
15:44:37.0644 1576  FltMgr - ok
15:44:37.0717 1576  [ 452FEAAB2A8DBB42ED751754CB2594F5 ] FontCache       C:\Windows\system32\FntCache.dll
15:44:37.0763 1576  FontCache - ok
15:44:37.0832 1576  [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
15:44:37.0834 1576  FontCache3.0.0.0 - ok
15:44:37.0866 1576  [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
15:44:37.0867 1576  Fs_Rec - ok
15:44:37.0903 1576  [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
15:44:37.0905 1576  gagp30kx - ok
15:44:37.0941 1576  [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc           C:\Windows\System32\gpsvc.dll
15:44:37.0963 1576  gpsvc - ok
15:44:38.0002 1576  [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
15:44:38.0007 1576  HdAudAddService - ok
15:44:38.0048 1576  [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
15:44:38.0055 1576  HDAudBus - ok
15:44:38.0074 1576  [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth          C:\Windows\system32\drivers\hidbth.sys
15:44:38.0075 1576  HidBth - ok
15:44:38.0099 1576  [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr           C:\Windows\system32\drivers\hidir.sys
15:44:38.0100 1576  HidIr - ok
15:44:38.0127 1576  [ 84067081F3318162797385E11A8F0582 ] hidserv         C:\Windows\system32\hidserv.dll
15:44:38.0129 1576  hidserv - ok
15:44:38.0165 1576  [ CCA4B519B17E23A00B826C55716809CC ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
15:44:38.0165 1576  HidUsb - ok
15:44:38.0204 1576  [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc          C:\Windows\system32\kmsvc.dll
15:44:38.0206 1576  hkmsvc - ok
15:44:38.0220 1576  [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys
15:44:38.0222 1576  HpCISSs - ok
15:44:38.0257 1576  [ F870AA3E254628EBEAFE754108D664DE ] HTTP            C:\Windows\system32\drivers\HTTP.sys
15:44:38.0264 1576  HTTP - ok
15:44:38.0285 1576  [ C6B032D69650985468160FC9937CF5B4 ] i2omp           C:\Windows\system32\drivers\i2omp.sys
15:44:38.0286 1576  i2omp - ok
15:44:38.0316 1576  [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
15:44:38.0318 1576  i8042prt - ok
15:44:38.0377 1576  [ 496DB78E6A0C4C44023D9A92B4A7AC31 ] ialm            C:\Windows\system32\DRIVERS\igdkmd32.sys
15:44:38.0422 1576  ialm - ok
15:44:38.0454 1576  [ ABFEBC5F846C71AFEBD7F8F6BA740C03 ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
15:44:38.0456 1576  iaStor - ok
15:44:38.0480 1576  [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys
15:44:38.0485 1576  iaStorV - ok
15:44:38.0548 1576  [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
15:44:38.0582 1576  idsvc - ok
15:44:38.0609 1576  [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
15:44:38.0610 1576  iirsp - ok
15:44:38.0648 1576  [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT          C:\Windows\System32\ikeext.dll
15:44:38.0670 1576  IKEEXT - ok
15:44:38.0775 1576  [ FFD2B3BC042596ABE785D3C15F51AB46 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
15:44:38.0864 1576  IntcAzAudAddService - ok
15:44:38.0896 1576  [ 83AA759F3189E6370C30DE5DC5590718 ] intelide        C:\Windows\system32\drivers\intelide.sys
15:44:38.0897 1576  intelide - ok
15:44:38.0926 1576  [ 224191001E78C89DFA78924C3EA595FF ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
15:44:38.0928 1576  intelppm - ok
15:44:38.0953 1576  [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
15:44:38.0957 1576  IPBusEnum - ok
15:44:38.0995 1576  [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:44:38.0997 1576  IpFilterDriver - ok
15:44:39.0037 1576  [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
15:44:39.0041 1576  iphlpsvc - ok
15:44:39.0049 1576  IpInIp - ok
15:44:39.0082 1576  [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys
15:44:39.0084 1576  IPMIDRV - ok
15:44:39.0115 1576  [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys
15:44:39.0118 1576  IPNAT - ok
15:44:39.0140 1576  [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
15:44:39.0141 1576  IRENUM - ok
15:44:39.0161 1576  [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
15:44:39.0164 1576  isapnp - ok
15:44:39.0225 1576  [ 232FA340531D940AAC623B121A595034 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
15:44:39.0228 1576  iScsiPrt - ok
15:44:39.0256 1576  [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
15:44:39.0257 1576  iteatapi - ok
15:44:39.0277 1576  [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid         C:\Windows\system32\drivers\iteraid.sys
15:44:39.0279 1576  iteraid - ok
15:44:39.0307 1576  [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
15:44:39.0308 1576  kbdclass - ok
15:44:39.0328 1576  [ 18247836959BA67E3511B62846B9C2E0 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
15:44:39.0329 1576  kbdhid - ok
15:44:39.0367 1576  [ A3E186B4B935905B829219502557314E ] KeyIso          C:\Windows\system32\lsass.exe
15:44:39.0370 1576  KeyIso - ok
15:44:39.0404 1576  [ EBC507F129DF8F0E0CA270DCFC0CF87F ] KMDFMEMIO       C:\Windows\system32\DRIVERS\kmdfmemio.sys
15:44:39.0405 1576  KMDFMEMIO - ok
15:44:39.0456 1576  [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
15:44:39.0479 1576  KSecDD - ok
15:44:39.0518 1576  [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm           C:\Windows\system32\msdtckrm.dll
15:44:39.0529 1576  KtmRm - ok
15:44:39.0553 1576  [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer    C:\Windows\system32\srvsvc.dll
15:44:39.0560 1576  LanmanServer - ok
15:44:39.0604 1576  [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:44:39.0611 1576  LanmanWorkstation - ok
15:44:39.0722 1576  [ C215E09622118383B236DD56C2065183 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
15:44:39.0725 1576  LightScribeService - ok
15:44:39.0752 1576  [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
15:44:39.0754 1576  lltdio - ok
15:44:39.0788 1576  [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
15:44:39.0793 1576  lltdsvc - ok
15:44:39.0815 1576  [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts         C:\Windows\System32\lmhsvc.dll
15:44:39.0818 1576  lmhosts - ok
15:44:39.0844 1576  [ C7E15E82879BF3235B559563D4185365 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
15:44:39.0847 1576  LSI_FC - ok
15:44:39.0867 1576  [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
15:44:39.0870 1576  LSI_SAS - ok
15:44:39.0895 1576  [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
15:44:39.0897 1576  LSI_SCSI - ok
15:44:39.0920 1576  [ 8F5C7426567798E62A3B3614965D62CC ] luafv           C:\Windows\system32\drivers\luafv.sys
15:44:39.0923 1576  luafv - ok
15:44:39.0943 1576  lxcj_device - ok
15:44:39.0966 1576  [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
15:44:39.0970 1576  Mcx2Svc - ok
15:44:40.0006 1576  [ 0001CE609D66632FA17B84705F658879 ] megasas         C:\Windows\system32\drivers\megasas.sys
15:44:40.0008 1576  megasas - ok
15:44:40.0043 1576  [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR          C:\Windows\system32\drivers\megasr.sys
15:44:40.0052 1576  MegaSR - ok
15:44:40.0090 1576  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS           C:\Windows\system32\mmcss.dll
15:44:40.0094 1576  MMCSS - ok
15:44:40.0113 1576  [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem           C:\Windows\system32\drivers\modem.sys
15:44:40.0115 1576  Modem - ok
15:44:40.0147 1576  [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
15:44:40.0148 1576  monitor - ok
15:44:40.0166 1576  [ 5BF6A1326A335C5298477754A506D263 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
15:44:40.0168 1576  mouclass - ok
15:44:40.0201 1576  [ 93B8D4869E12CFBE663915502900876F ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
15:44:40.0203 1576  mouhid - ok
15:44:40.0217 1576  [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
15:44:40.0220 1576  MountMgr - ok
15:44:40.0260 1576  [ 511D011289755DD9F9A7579FB0B064E6 ] mpio            C:\Windows\system32\drivers\mpio.sys
15:44:40.0263 1576  mpio - ok
15:44:40.0292 1576  [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
15:44:40.0294 1576  mpsdrv - ok
15:44:40.0350 1576  [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc          C:\Windows\system32\mpssvc.dll
15:44:40.0373 1576  MpsSvc - ok
15:44:40.0419 1576  [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
15:44:40.0421 1576  Mraid35x - ok
15:44:40.0456 1576  [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
15:44:40.0459 1576  MRxDAV - ok
15:44:40.0493 1576  [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
15:44:40.0494 1576  mrxsmb - ok
15:44:40.0523 1576  [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:44:40.0528 1576  mrxsmb10 - ok
15:44:40.0548 1576  [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:44:40.0549 1576  mrxsmb20 - ok
15:44:40.0566 1576  [ 28023E86F17001F7CD9B15A5BC9AE07D ] msahci          C:\Windows\system32\drivers\msahci.sys
15:44:40.0568 1576  msahci - ok
15:44:40.0591 1576  [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
15:44:40.0595 1576  msdsm - ok
15:44:40.0610 1576  [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC           C:\Windows\System32\msdtc.exe
15:44:40.0615 1576  MSDTC - ok
15:44:40.0633 1576  [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
15:44:40.0635 1576  Msfs - ok
15:44:40.0645 1576  [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
15:44:40.0646 1576  msisadrv - ok
15:44:40.0677 1576  [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
15:44:40.0681 1576  MSiSCSI - ok
15:44:40.0691 1576  msiserver - ok
15:44:40.0722 1576  [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
15:44:40.0723 1576  MSKSSRV - ok
15:44:40.0737 1576  [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
15:44:40.0738 1576  MSPCLOCK - ok
15:44:40.0762 1576  [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
15:44:40.0763 1576  MSPQM - ok
15:44:40.0797 1576  [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
15:44:40.0801 1576  MsRPC - ok
15:44:40.0839 1576  [ E384487CB84BE41D09711C30CA79646C ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
15:44:40.0841 1576  mssmbios - ok
15:44:40.0911 1576  MSSQL$MSSMLBIZ - ok
15:44:40.0957 1576  [ ADAF062116B4E6D96E44D26486A87AF6 ] MSSQLServerADHelper C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
15:44:40.0959 1576  MSSQLServerADHelper - ok
15:44:40.0990 1576  [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
15:44:40.0991 1576  MSTEE - ok
15:44:41.0018 1576  [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup             C:\Windows\system32\Drivers\mup.sys
15:44:41.0020 1576  Mup - ok
15:44:41.0059 1576  [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent        C:\Windows\system32\qagentRT.dll
15:44:41.0067 1576  napagent - ok
15:44:41.0114 1576  [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
15:44:41.0119 1576  NativeWifiP - ok
15:44:41.0157 1576  [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS            C:\Windows\system32\drivers\ndis.sys
15:44:41.0181 1576  NDIS - ok
15:44:41.0217 1576  [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
15:44:41.0218 1576  NdisTapi - ok
15:44:41.0234 1576  [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
15:44:41.0235 1576  Ndisuio - ok
15:44:41.0288 1576  [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
15:44:41.0291 1576  NdisWan - ok
15:44:41.0300 1576  [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
15:44:41.0303 1576  NDProxy - ok
15:44:41.0320 1576  [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
15:44:41.0322 1576  NetBIOS - ok
15:44:41.0361 1576  [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt           C:\Windows\system32\DRIVERS\netbt.sys
15:44:41.0365 1576  netbt - ok
15:44:41.0380 1576  [ A3E186B4B935905B829219502557314E ] Netlogon        C:\Windows\system32\lsass.exe
15:44:41.0383 1576  Netlogon - ok
15:44:41.0412 1576  [ C8052711DAECC48B982434C5116CA401 ] Netman          C:\Windows\System32\netman.dll
15:44:41.0422 1576  Netman - ok
15:44:41.0452 1576  [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm        C:\Windows\System32\netprofm.dll
15:44:41.0459 1576  netprofm - ok
15:44:41.0484 1576  [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:44:41.0487 1576  NetTcpPortSharing - ok
15:44:41.0591 1576  [ 35D5458D9A1B26B2005ABFFBF4C1C5E7 ] NETw3v32        C:\Windows\system32\DRIVERS\NETw3v32.sys
15:44:41.0659 1576  NETw3v32 - ok
15:44:41.0703 1576  [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
15:44:41.0705 1576  nfrd960 - ok
15:44:41.0726 1576  [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc          C:\Windows\System32\nlasvc.dll
15:44:41.0733 1576  NlaSvc - ok
15:44:41.0778 1576  [ F6C40E0A565EE3CE5AEEB325E10054F2 ] nmwcd           C:\Windows\system32\drivers\ccdcmb.sys
15:44:41.0780 1576  nmwcd - ok
15:44:41.0809 1576  [ 99B224F8026CB534724AA3C408561E45 ] nmwcdnsu        C:\Windows\system32\drivers\nmwcdnsu.sys
15:44:41.0812 1576  nmwcdnsu - ok
15:44:41.0840 1576  [ D23257682D349A5E2E4507ED33DECC16 ] nmwcdnsuc       C:\Windows\system32\drivers\nmwcdnsuc.sys
15:44:41.0841 1576  nmwcdnsuc - ok
15:44:41.0884 1576  [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
15:44:41.0885 1576  Npfs - ok
15:44:41.0902 1576  [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi             C:\Windows\system32\nsisvc.dll
15:44:41.0906 1576  nsi - ok
15:44:41.0917 1576  [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
15:44:41.0918 1576  nsiproxy - ok
15:44:41.0995 1576  [ 2C1121F2B87E9A6B12485DF53CD848C7 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
15:44:42.0041 1576  Ntfs - ok
15:44:42.0084 1576  [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi       C:\Windows\system32\drivers\ntrigdigi.sys
15:44:42.0086 1576  ntrigdigi - ok
15:44:42.0106 1576  [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null            C:\Windows\system32\drivers\Null.sys
15:44:42.0107 1576  Null - ok
15:44:42.0142 1576  [ A103162C62C336C2CB3C5E1E2773D17B ] NVHDA           C:\Windows\system32\drivers\nvhda32v.sys
15:44:42.0144 1576  NVHDA - ok
15:44:42.0415 1576  [ C526B4A24EF951EF219C3BFA1534B152 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
15:44:42.0629 1576  nvlddmkm - ok
15:44:42.0651 1576  [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
15:44:42.0654 1576  nvraid - ok
15:44:42.0676 1576  [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
15:44:42.0679 1576  nvstor - ok
15:44:42.0705 1576  [ DF6315CE4FF30F706ABF3802D7749E70 ] nvsvc           C:\Windows\system32\nvvsvc.exe
15:44:42.0714 1576  nvsvc - ok
15:44:42.0737 1576  [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
15:44:42.0741 1576  nv_agp - ok
15:44:42.0749 1576  NwlnkFlt - ok
15:44:42.0760 1576  NwlnkFwd - ok
15:44:42.0868 1576  [ 84DE1DD996B48B05ACE31AD015FA108A ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
15:44:42.0876 1576  odserv - ok
15:44:42.0919 1576  [ 790E27C3DB53410B40FF9EF2FD10A1D9 ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
15:44:42.0920 1576  ohci1394 - ok
15:44:42.0958 1576  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:44:42.0961 1576  ose - ok
15:44:43.0006 1576  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc        C:\Windows\system32\p2psvc.dll
15:44:43.0025 1576  p2pimsvc - ok
15:44:43.0039 1576  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc          C:\Windows\system32\p2psvc.dll
15:44:43.0045 1576  p2psvc - ok
15:44:43.0057 1576  [ 0FA9B5055484649D63C303FE404E5F4D ] Parport         C:\Windows\system32\drivers\parport.sys
15:44:43.0059 1576  Parport - ok
15:44:43.0079 1576  [ B9C2B89F08670E159F7181891E449CD9 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
15:44:43.0080 1576  partmgr - ok
15:44:43.0102 1576  [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm          C:\Windows\system32\drivers\parvdm.sys
15:44:43.0103 1576  Parvdm - ok
15:44:43.0121 1576  [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc          C:\Windows\System32\pcasvc.dll
15:44:43.0123 1576  PcaSvc - ok
15:44:43.0174 1576  [ F451DCACBAA67F3307305EBD4A39EA07 ] pccsmcfd        C:\Windows\system32\DRIVERS\pccsmcfd.sys
15:44:43.0175 1576  pccsmcfd - ok
15:44:43.0220 1576  [ 941DC1D19E7E8620F40BBC206981EFDB ] pci             C:\Windows\system32\drivers\pci.sys
15:44:43.0222 1576  pci - ok
15:44:43.0240 1576  [ FC175F5DDAB666D7F4D17449A547626F ] pciide          C:\Windows\system32\drivers\pciide.sys
15:44:43.0240 1576  pciide - ok
15:44:43.0274 1576  [ B7C5A8769541900F6DFA6FE0C5E4D513 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
15:44:43.0277 1576  pcmcia - ok
15:44:43.0329 1576  [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
15:44:43.0351 1576  PEAUTH - ok
15:44:43.0417 1576  [ B1689DF169143F57053F795390C99DB3 ] pla             C:\Windows\system32\pla.dll
15:44:43.0462 1576  pla - ok
15:44:43.0514 1576  [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
15:44:43.0520 1576  PlugPlay - ok
15:44:43.0551 1576  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg     C:\Windows\system32\p2psvc.dll
15:44:43.0559 1576  PNRPAutoReg - ok
15:44:43.0607 1576  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc         C:\Windows\system32\p2psvc.dll
15:44:43.0616 1576  PNRPsvc - ok
15:44:43.0675 1576  [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
15:44:43.0684 1576  PolicyAgent - ok
15:44:43.0711 1576  [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
15:44:43.0713 1576  PptpMiniport - ok
15:44:43.0736 1576  [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor       C:\Windows\system32\drivers\processr.sys
15:44:43.0737 1576  Processor - ok
15:44:43.0775 1576  [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc         C:\Windows\system32\profsvc.dll
15:44:43.0779 1576  ProfSvc - ok
15:44:43.0792 1576  [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
15:44:43.0795 1576  ProtectedStorage - ok
15:44:43.0825 1576  [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
15:44:43.0827 1576  PSched - ok
15:44:43.0899 1576  [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
15:44:43.0932 1576  ql2300 - ok
15:44:43.0952 1576  [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
15:44:43.0953 1576  ql40xx - ok
15:44:43.0985 1576  [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE           C:\Windows\system32\qwave.dll
15:44:43.0993 1576  QWAVE - ok
15:44:44.0011 1576  [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
15:44:44.0012 1576  QWAVEdrv - ok
15:44:44.0027 1576  [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
15:44:44.0028 1576  RasAcd - ok
15:44:44.0048 1576  [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto         C:\Windows\System32\rasauto.dll
15:44:44.0053 1576  RasAuto - ok
15:44:44.0070 1576  [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
15:44:44.0072 1576  Rasl2tp - ok
15:44:44.0110 1576  [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan          C:\Windows\System32\rasmans.dll
15:44:44.0117 1576  RasMan - ok
15:44:44.0145 1576  [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
15:44:44.0147 1576  RasPppoe - ok
15:44:44.0174 1576  [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
15:44:44.0175 1576  RasSstp - ok
15:44:44.0238 1576  [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
15:44:44.0242 1576  rdbss - ok
15:44:44.0268 1576  [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
15:44:44.0269 1576  RDPCDD - ok
15:44:44.0300 1576  [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr           C:\Windows\system32\drivers\rdpdr.sys
15:44:44.0304 1576  rdpdr - ok
15:44:44.0314 1576  [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
15:44:44.0315 1576  RDPENCDD - ok
15:44:44.0351 1576  [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
15:44:44.0355 1576  RDPWD - ok
15:44:44.0424 1576  [ ED8C9F16E10C1E4C4C5D16CD04966E24 ] RegSrvc         C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
15:44:44.0431 1576  RegSrvc - ok
15:44:44.0477 1576  [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess    C:\Windows\System32\mprdim.dll
15:44:44.0482 1576  RemoteAccess - ok
15:44:44.0519 1576  [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry  C:\Windows\system32\regsvc.dll
15:44:44.0526 1576  RemoteRegistry - ok
15:44:44.0591 1576  [ 10536B0AD6F416FC7F1149977C28CCDC ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
15:44:44.0593 1576  RFCOMM - ok
15:44:44.0673 1576  [ 4D05898896EC49CF663DDA61041AB096 ] RichVideo       C:\Program Files\CyberLink\Shared Files\RichVideo.exe
15:44:44.0678 1576  RichVideo - ok
15:44:44.0707 1576  [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator      C:\Windows\system32\locator.exe
15:44:44.0711 1576  RpcLocator - ok
15:44:44.0757 1576  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs           C:\Windows\system32\rpcss.dll
15:44:44.0767 1576  RpcSs - ok
15:44:44.0795 1576  [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
15:44:44.0797 1576  rspndr - ok
15:44:44.0815 1576  [ A3E186B4B935905B829219502557314E ] SamSs           C:\Windows\system32\lsass.exe
15:44:44.0818 1576  SamSs - ok
15:44:44.0904 1576  [ A9D840FA78F65857EB554229914F855C ] Samsung Update Plus C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe
15:44:44.0906 1576  Samsung Update Plus - ok
15:44:44.0934 1576  [ 3CE8F073A557E172B330109436984E30 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
15:44:44.0937 1576  sbp2port - ok
15:44:44.0972 1576  [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
15:44:44.0978 1576  SCardSvr - ok
15:44:45.0026 1576  [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule        C:\Windows\system32\schedsvc.dll
15:44:45.0049 1576  Schedule - ok
15:44:45.0069 1576  [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc     C:\Windows\System32\certprop.dll
15:44:45.0070 1576  SCPolicySvc - ok
15:44:45.0097 1576  [ 126EA89BCC413EE45E3004FB0764888F ] sdbus           C:\Windows\system32\DRIVERS\sdbus.sys
15:44:45.0100 1576  sdbus - ok
15:44:45.0131 1576  [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
15:44:45.0137 1576  SDRSVC - ok
15:44:45.0151 1576  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
15:44:45.0153 1576  secdrv - ok
15:44:45.0166 1576  [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon        C:\Windows\system32\seclogon.dll
15:44:45.0171 1576  seclogon - ok
15:44:45.0206 1576  [ A9BBAB5759771E523F55563D6CBE140F ] SENS            C:\Windows\System32\sens.dll
15:44:45.0212 1576  SENS - ok
15:44:45.0254 1576  [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum         C:\Windows\system32\drivers\serenum.sys
15:44:45.0255 1576  Serenum - ok
15:44:45.0279 1576  [ C70D69A918B178D3C3B06339B40C2E1B ] Serial          C:\Windows\system32\drivers\serial.sys
15:44:45.0281 1576  Serial - ok
15:44:45.0301 1576  [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
15:44:45.0302 1576  sermouse - ok
15:44:45.0374 1576  [ E90CE237E99C5D26CB3872318A7799D0 ] ServiceLayer    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
15:44:45.0407 1576  ServiceLayer - ok
15:44:45.0438 1576  [ D2193326F729B163125610DBF3E17D57 ] SessionEnv      C:\Windows\system32\sessenv.dll
15:44:45.0444 1576  SessionEnv - ok
15:44:45.0467 1576  [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
15:44:45.0468 1576  sffdisk - ok
15:44:45.0490 1576  [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
15:44:45.0492 1576  sffp_mmc - ok
15:44:45.0515 1576  [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
15:44:45.0515 1576  sffp_sd - ok
15:44:45.0536 1576  [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
15:44:45.0536 1576  sfloppy - ok
15:44:45.0570 1576  [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
15:44:45.0577 1576  SharedAccess - ok
15:44:45.0610 1576  [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:44:45.0614 1576  ShellHWDetection - ok
15:44:45.0630 1576  [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp          C:\Windows\system32\drivers\sisagp.sys
15:44:45.0631 1576  sisagp - ok
15:44:45.0645 1576  [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
15:44:45.0647 1576  SiSRaid2 - ok
15:44:45.0666 1576  [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
15:44:45.0668 1576  SiSRaid4 - ok
15:44:45.0766 1576  [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc           C:\Windows\system32\SLsvc.exe
15:44:45.0858 1576  slsvc - ok
15:44:45.0899 1576  [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify      C:\Windows\system32\SLUINotify.dll
15:44:45.0903 1576  SLUINotify - ok
15:44:45.0933 1576  [ 7B75299A4D201D6A6533603D6914AB04 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
15:44:45.0934 1576  Smb - ok
15:44:45.0967 1576  [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
15:44:45.0970 1576  SNMPTRAP - ok
15:44:45.0984 1576  [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr           C:\Windows\system32\drivers\spldr.sys
15:44:45.0985 1576  spldr - ok
15:44:46.0026 1576  [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler         C:\Windows\System32\spoolsv.exe
15:44:46.0029 1576  Spooler - ok
15:44:46.0069 1576  [ 5673E79BBB62A4C35B10D821FF1B4ACA ] SQLBrowser      C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
15:44:46.0073 1576  SQLBrowser - ok
15:44:46.0086 1576  [ 9263C8898732E2B890F7E954E7729AB7 ] SQLWriter       C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
15:44:46.0087 1576  SQLWriter - ok
15:44:46.0120 1576  [ 41987F9FC0E61ADF54F581E15029AD91 ] srv             C:\Windows\system32\DRIVERS\srv.sys
15:44:46.0125 1576  srv - ok
15:44:46.0159 1576  [ FF33AFF99564B1AA534F58868CBE41EF ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
15:44:46.0161 1576  srv2 - ok
15:44:46.0213 1576  [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
15:44:46.0214 1576  srvnet - ok
15:44:46.0229 1576  [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
15:44:46.0234 1576  SSDPSRV - ok
15:44:46.0265 1576  [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv          C:\Windows\system32\DRIVERS\ssmdrv.sys
15:44:46.0267 1576  ssmdrv - ok
15:44:46.0310 1576  [ EF3458337D7341A05169CEFC73709264 ] SSPORT          C:\Windows\system32\Drivers\SSPORT.sys
15:44:46.0311 1576  SSPORT - ok
15:44:46.0343 1576  [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
15:44:46.0347 1576  SstpSvc - ok
15:44:46.0402 1576  [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc          C:\Windows\System32\wiaservc.dll
15:44:46.0422 1576  stisvc - ok
15:44:46.0448 1576  [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
15:44:46.0449 1576  swenum - ok
15:44:46.0479 1576  [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv           C:\Windows\System32\swprv.dll
15:44:46.0486 1576  swprv - ok
15:44:46.0507 1576  [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys
15:44:46.0509 1576  Symc8xx - ok
15:44:46.0518 1576  [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
15:44:46.0520 1576  Sym_hi - ok
15:44:46.0536 1576  [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
15:44:46.0537 1576  Sym_u3 - ok
15:44:46.0569 1576  [ 451E8037E2EB6DA6BDF0A66F65D1810B ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
15:44:46.0572 1576  SynTP - ok
15:44:46.0610 1576  [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain         C:\Windows\system32\sysmain.dll
15:44:46.0632 1576  SysMain - ok
15:44:46.0656 1576  [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:44:46.0660 1576  TabletInputService - ok
15:44:46.0707 1576  [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv         C:\Windows\System32\tapisrv.dll
15:44:46.0714 1576  TapiSrv - ok
15:44:46.0723 1576  [ CB05822CD9CC6C688168E113C603DBE7 ] TBS             C:\Windows\System32\tbssvc.dll
15:44:46.0727 1576  TBS - ok
15:44:46.0782 1576  [ 74E2D020C47BB2B2FCCBA29A518A7EB4 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
15:44:46.0803 1576  Tcpip - ok
15:44:46.0832 1576  [ 74E2D020C47BB2B2FCCBA29A518A7EB4 ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
15:44:46.0841 1576  Tcpip6 - ok
15:44:46.0868 1576  [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
15:44:46.0870 1576  tcpipreg - ok
15:44:46.0892 1576  [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
15:44:46.0894 1576  TDPIPE - ok
15:44:46.0916 1576  [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
15:44:46.0917 1576  TDTCP - ok
15:44:46.0944 1576  [ 76B06EB8A01FC8624D699E7045303E54 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
15:44:46.0945 1576  tdx - ok
15:44:46.0969 1576  [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
15:44:46.0971 1576  TermDD - ok
15:44:47.0001 1576  [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService     C:\Windows\System32\termsrv.dll
15:44:47.0023 1576  TermService - ok
15:44:47.0046 1576  [ C7230FBEE14437716701C15BE02C27B8 ] Themes          C:\Windows\system32\shsvcs.dll
15:44:47.0051 1576  Themes - ok
15:44:47.0062 1576  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER     C:\Windows\system32\mmcss.dll
15:44:47.0065 1576  THREADORDER - ok
15:44:47.0089 1576  [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks          C:\Windows\System32\trkwks.dll
15:44:47.0094 1576  TrkWks - ok
15:44:47.0144 1576  [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:44:47.0145 1576  TrustedInstaller - ok
15:44:47.0177 1576  [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
15:44:47.0178 1576  tssecsrv - ok
15:44:47.0205 1576  [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp           C:\Windows\system32\DRIVERS\tunmp.sys
15:44:47.0206 1576  tunmp - ok
15:44:47.0244 1576  [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
15:44:47.0245 1576  tunnel - ok
15:44:47.0270 1576  [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35          C:\Windows\system32\drivers\uagp35.sys
15:44:47.0272 1576  uagp35 - ok
15:44:47.0310 1576  [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
15:44:47.0316 1576  udfs - ok
15:44:47.0360 1576  [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
15:44:47.0367 1576  UI0Detect - ok
15:44:47.0389 1576  [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
15:44:47.0392 1576  uliagpkx - ok
15:44:47.0426 1576  [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci         C:\Windows\system32\drivers\uliahci.sys
15:44:47.0429 1576  uliahci - ok
15:44:47.0454 1576  [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata          C:\Windows\system32\drivers\ulsata.sys
15:44:47.0456 1576  UlSata - ok
15:44:47.0474 1576  [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys
15:44:47.0476 1576  ulsata2 - ok
15:44:47.0497 1576  [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
15:44:47.0499 1576  umbus - ok
15:44:47.0519 1576  [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost        C:\Windows\System32\upnphost.dll
15:44:47.0524 1576  upnphost - ok
15:44:47.0556 1576  [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
15:44:47.0557 1576  usbccgp - ok
15:44:47.0570 1576  [ E9476E6C486E76BC4898074768FB7131 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
15:44:47.0571 1576  usbcir - ok
15:44:47.0609 1576  [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
15:44:47.0610 1576  usbehci - ok
15:44:47.0635 1576  [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
15:44:47.0639 1576  usbhub - ok
15:44:47.0660 1576  [ 38DBC7DD6CC5A72011F187425384388B ] usbohci         C:\Windows\system32\drivers\usbohci.sys
15:44:47.0661 1576  usbohci - ok
15:44:47.0709 1576  [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
15:44:47.0709 1576  usbprint - ok
15:44:47.0762 1576  [ A508C9BD8724980512136B039BBA65E9 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
15:44:47.0763 1576  usbscan - ok
15:44:47.0776 1576  [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:44:47.0777 1576  USBSTOR - ok
15:44:47.0801 1576  [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
15:44:47.0802 1576  usbuhci - ok
15:44:47.0833 1576  [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
15:44:47.0834 1576  usbvideo - ok
15:44:47.0860 1576  [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms           C:\Windows\System32\uxsms.dll
15:44:47.0863 1576  UxSms - ok
15:44:47.0907 1576  [ CD88D1B7776DC17A119049742EC07EB4 ] vds             C:\Windows\System32\vds.exe
15:44:47.0917 1576  vds - ok
15:44:47.0942 1576  [ 87B06E1F30B749A114F74622D013F8D4 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
15:44:47.0944 1576  vga - ok
15:44:47.0962 1576  [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave         C:\Windows\System32\drivers\vga.sys
15:44:47.0963 1576  VgaSave - ok
15:44:47.0987 1576  [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp          C:\Windows\system32\drivers\viaagp.sys
15:44:47.0988 1576  viaagp - ok
15:44:48.0007 1576  [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7           C:\Windows\system32\drivers\viac7.sys
15:44:48.0008 1576  ViaC7 - ok
15:44:48.0022 1576  [ AADF5587A4063F52C2C3FED7887426FC ] viaide          C:\Windows\system32\drivers\viaide.sys
15:44:48.0023 1576  viaide - ok
15:44:48.0031 1576  VMC302 - ok
15:44:48.0083 1576  [ B4FC3E68EF1AD16D6D60240D2A5445D8 ] VMC326          C:\Windows\system32\Drivers\VMC326.sys
15:44:48.0088 1576  VMC326 - ok
15:44:48.0102 1576  [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
15:44:48.0103 1576  volmgr - ok
15:44:48.0140 1576  [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
15:44:48.0146 1576  volmgrx - ok
15:44:48.0180 1576  [ 786DB5771F05EF300390399F626BF30A ] volsnap         C:\Windows\system32\drivers\volsnap.sys
15:44:48.0185 1576  volsnap - ok
15:44:48.0228 1576  [ 587253E09325E6BF226B299774B728A9 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
15:44:48.0229 1576  vsmraid - ok
15:44:48.0277 1576  [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS             C:\Windows\system32\vssvc.exe
15:44:48.0311 1576  VSS - ok
15:44:48.0349 1576  [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time         C:\Windows\system32\w32time.dll
15:44:48.0355 1576  W32Time - ok
15:44:48.0373 1576  [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
15:44:48.0374 1576  WacomPen - ok
15:44:48.0401 1576  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
15:44:48.0401 1576  Wanarp - ok
15:44:48.0406 1576  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
15:44:48.0407 1576  Wanarpv6 - ok
15:44:48.0448 1576  [ A3CD60FD826381B49F03832590E069AF ] wcncsvc         C:\Windows\System32\wcncsvc.dll
15:44:48.0467 1576  wcncsvc - ok
15:44:48.0495 1576  [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:44:48.0498 1576  WcsPlugInService - ok
15:44:48.0519 1576  [ 78FE9542363F297B18C027B2D7E7C07F ] Wd              C:\Windows\system32\drivers\wd.sys
15:44:48.0521 1576  Wd - ok
15:44:48.0554 1576  [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
15:44:48.0561 1576  Wdf01000 - ok
15:44:48.0575 1576  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
15:44:48.0578 1576  WdiServiceHost - ok
15:44:48.0583 1576  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
15:44:48.0586 1576  WdiSystemHost - ok
15:44:48.0633 1576  [ 04C37D8107320312FBAE09926103D5E2 ] WebClient       C:\Windows\System32\webclnt.dll
15:44:48.0640 1576  WebClient - ok
15:44:48.0659 1576  [ 905214925A88311FCE52F66153DE7610 ] Wecsvc          C:\Windows\system32\wecsvc.dll
15:44:48.0663 1576  Wecsvc - ok
15:44:48.0698 1576  [ 670FF720071ED741206D69BD995EA453 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
15:44:48.0703 1576  wercplsupport - ok
15:44:48.0729 1576  [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc          C:\Windows\System32\WerSvc.dll
15:44:48.0733 1576  WerSvc - ok
15:44:48.0785 1576  [ 4575AA12561C5648483403541D0D7F2B ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
15:44:48.0790 1576  WinDefend - ok
15:44:48.0798 1576  WinHttpAutoProxySvc - ok
15:44:48.0880 1576  [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
15:44:48.0884 1576  Winmgmt - ok
15:44:48.0946 1576  [ 01874D4689C212460FBABF0ECD7CB7F7 ] WinRM           C:\Windows\system32\WsmSvc.dll
15:44:48.0980 1576  WinRM - ok
15:44:49.0033 1576  [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc         C:\Windows\System32\wlansvc.dll
15:44:49.0055 1576  Wlansvc - ok
15:44:49.0091 1576  [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
15:44:49.0092 1576  WmiAcpi - ok
15:44:49.0130 1576  [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
15:44:49.0134 1576  wmiApSrv - ok
15:44:49.0218 1576  [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
15:44:49.0253 1576  WMPNetworkSvc - ok
15:44:49.0279 1576  [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
15:44:49.0288 1576  WPCSvc - ok
15:44:49.0317 1576  [ 396D406292B0CD26E3504FFE82784702 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
15:44:49.0323 1576  WPDBusEnum - ok
15:44:49.0361 1576  [ 0CEC23084B51B8288099EB710224E955 ] WpdUsb          C:\Windows\system32\DRIVERS\wpdusb.sys
15:44:49.0362 1576  WpdUsb - ok
15:44:49.0394 1576  [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
15:44:49.0395 1576  ws2ifsl - ok
15:44:49.0426 1576  [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc          C:\Windows\System32\wscsvc.dll
15:44:49.0432 1576  wscsvc - ok
15:44:49.0438 1576  WSearch - ok
15:44:49.0525 1576  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
15:44:49.0581 1576  wuauserv - ok
15:44:49.0593 1576  [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
15:44:49.0596 1576  WUDFRd - ok
15:44:49.0614 1576  [ 575A4190D989F64732119E4114045A4F ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
15:44:49.0619 1576  wudfsvc - ok
15:44:49.0670 1576  [ 04E268ADFC81964C49DC0C082D520F7E ] yukonwlh        C:\Windows\system32\DRIVERS\yk60x86.sys
15:44:49.0675 1576  yukonwlh - ok
15:44:49.0713 1576  ================ Scan global ===============================
15:44:49.0736 1576  [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
15:44:49.0774 1576  [ A508314231C49AEE86987CEA3EAECAD1 ] C:\Windows\system32\winsrv.dll
15:44:49.0806 1576  [ A508314231C49AEE86987CEA3EAECAD1 ] C:\Windows\system32\winsrv.dll
15:44:49.0850 1576  [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
15:44:49.0856 1576  [Global] - ok
15:44:49.0857 1576  ================ Scan MBR ==================================
15:44:49.0869 1576  [ 61A349592C4728853F4A90FF78F7628E ] \Device\Harddisk0\DR0
15:44:50.0201 1576  \Device\Harddisk0\DR0 - ok
15:44:50.0202 1576  ================ Scan VBR ==================================
15:44:50.0205 1576  [ 5D77EC23D5B9726D32BBDD410C52A16F ] \Device\Harddisk0\DR0\Partition1
15:44:50.0207 1576  \Device\Harddisk0\DR0\Partition1 - ok
15:44:50.0242 1576  [ 6BDD1C09A132554E35C2FC5C04910EE7 ] \Device\Harddisk0\DR0\Partition2
15:44:50.0244 1576  \Device\Harddisk0\DR0\Partition2 - ok
15:44:50.0244 1576  ============================================================
15:44:50.0244 1576  Scan finished
15:44:50.0244 1576  ============================================================
15:44:50.0256 5532  Detected object count: 0
15:44:50.0256 5532  Actual detected object count: 0
         

Alt 27.04.2013, 17:40   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Hotmail-Account verschickt eigenständig Spam-Mails an Kontakte - Standard

Hotmail-Account verschickt eigenständig Spam-Mails an Kontakte



Dann bitte jetzt Combofix ausführen:

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 27.04.2013, 19:51   #9
westerm
 
Hotmail-Account verschickt eigenständig Spam-Mails an Kontakte - Standard

Hotmail-Account verschickt eigenständig Spam-Mails an Kontakte



ComboFix lief problemlos durch. Logfile:
Code:
ATTFilter
ComboFix 13-04-27.04 - *** 27.04.2013  20:30:47.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3066.1907 [GMT 2:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
c:\programdata\Roaming\Intel\Wireless\Settings\Settings.ini
c:\programdata\SPLB657.tmp
c:\programdata\SPLC469.tmp
c:\programdata\SPLD56F.tmp
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-03-27 bis 2013-04-27  ))))))))))))))))))))))))))))))
.
.
2013-04-27 18:41 . 2013-04-27 18:41	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-04-26 10:50 . 2013-04-26 10:50	--------	d-----w-	c:\users\***\AppData\Roaming\Malwarebytes
2013-04-26 10:49 . 2013-04-26 10:49	--------	d-----w-	c:\programdata\Malwarebytes
2013-04-26 10:49 . 2013-04-26 10:49	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2013-04-26 10:49 . 2013-04-04 12:50	22856	----a-w-	c:\windows\system32\drivers\mbam.sys
2013-04-26 09:19 . 2013-03-03 19:07	1082232	----a-w-	c:\windows\system32\drivers\ntfs.sys
2013-04-26 09:19 . 2013-03-11 13:25	3603816	----a-w-	c:\windows\system32\ntkrnlpa.exe
2013-04-26 09:19 . 2013-03-11 13:25	3551080	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-04-26 09:19 . 2013-03-09 03:45	49152	----a-w-	c:\windows\system32\csrsrv.dll
2013-04-26 09:19 . 2013-03-09 01:28	64000	----a-w-	c:\windows\system32\smss.exe
2013-04-26 09:18 . 2013-03-08 03:52	2067968	----a-w-	c:\windows\system32\mstscax.dll
2013-04-26 09:18 . 2013-03-08 03:53	376320	----a-w-	c:\windows\system32\winsrv.dll
2013-04-26 09:18 . 2013-03-05 01:40	2049024	----a-w-	c:\windows\system32\win32k.sys
2013-04-04 17:00 . 2013-02-12 01:57	15872	----a-w-	c:\windows\system32\drivers\usb8023.sys
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-24 16:02 . 2013-02-24 16:09	8192	----a-w-	c:\windows\system32\E_DCINST.DLL
2013-02-24 16:02 . 2013-02-24 16:09	81408	----a-w-	c:\windows\system32\E_TD4BH3E.DLL
2013-02-24 16:02 . 2012-04-17 17:56	95232	----a-w-	c:\windows\system32\E_TLBH3E.DLL
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-03-17 2289664]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"EPLTarget\P0000000000000000"="c:\windows\system32\spool\DRIVERS\W32X86\3\E_TATIH3E.EXE" [2013-02-24 220800]
"NokiaSuite.exe"="c:\program files\Nokia\Nokia Suite\NokiaSuite.exe" [2012-08-03 1086376]
"EPLTarget\P0000000000000001"="c:\windows\system32\spool\DRIVERS\W32X86\3\E_TATIH3E.EXE" [2013-02-24 220800]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-26 13548064]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-07-26 92704]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-17 6111232]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-10-26 1029416]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"LXCJCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\LXCJtime.dll" [2006-11-21 106496]
"lxcjmon.exe"="c:\program files\Lexmark 8300 Series\lxcjmon.exe" [2007-05-08 205744]
"EzPrint"="c:\program files\Lexmark 8300 Series\ezprint.exe" [2007-05-08 103344]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2007-01-02 520192]
"FUFAXRCV"="c:\program files\Epson Software\FAX Utility\FUFAXRCV.exe" [2011-03-08 495616]
"FUFAXSTM"="c:\program files\Epson Software\FAX Utility\FUFAXSTM.exe" [2011-03-08 856064]
"EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2010-10-12 979328]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-06-20 1568976]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-25 348664]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-2-12 723496]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2007-01-08 13:17	52256	----a-w-	c:\program files\CyberLink\PowerDVD\Language\Language.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2007-03-14 12:01	71216	----a-w-	c:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23	1008184	----a-w-	c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-331587386-2610647910-3138478596-1003]
"EnableNotificationsRef"=dword:00000001
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 70593016
*NewlyCreated* - ASWMBR
*Deregistered* - 70593016
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs	REG_MULTI_SZ   	BthServ
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-03-17 08:56	451872	----a-w-	c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.t-online.de/
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.178.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
MSConfigStartUp-mcagent_exe - c:\program files\McAfee.com\Agent\mcagent.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2013-04-27 20:41
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  LXCJCATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\LXCJtime.dll,_RunDLLEntry@16??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-04-27  20:43:41
ComboFix-quarantined-files.txt  2013-04-27 18:43
.
Vor Suchlauf: 9 Verzeichnis(se), 90.072.678.400 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 90.593.824.768 Bytes frei
.
- - End Of File - - C7FC808DEFDE63A91A179898D908CAEA
         

Alt 28.04.2013, 18:26   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Hotmail-Account verschickt eigenständig Spam-Mails an Kontakte - Standard

Hotmail-Account verschickt eigenständig Spam-Mails an Kontakte



JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




Im Anschluss:

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Danach eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles in CODE-Tags hier in den Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 28.04.2013, 19:38   #11
westerm
 
Hotmail-Account verschickt eigenständig Spam-Mails an Kontakte - Standard

Hotmail-Account verschickt eigenständig Spam-Mails an Kontakte



JRT
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.1 (04.27.2013:1)
OS: Windows Vista (TM) Home Premium x86
Ran by *** on 28.04.2013 at 19:56:24,25
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\apnupdater



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\genericasktoolbar.dll
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\features\a28b4d68debaa244eb686953b7074fef
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\products\a28b4d68debaa244eb686953b7074fef
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{42B8115D-820C-4B25-A82A-D8BD1532396D}



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 28.04.2013 at 19:57:54,57
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
AdwCleaner
Code:
ATTFilter
# AdwCleaner v2.300 - Datei am 28/04/2013 um 20:02:43 erstellt
# Aktualisiert am 28/04/2013 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzer : *** - ***-LAPTOP
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\***\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gelöscht : C:\Program Files\Ask.com
Ordner Gelöscht : C:\Users\***\AppData\Local\AskToolbar
Ordner Gelöscht : C:\Users\***\AppData\LocalLow\AskToolbar
Ordner Gelöscht : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\APN
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\AskToolbar
Schlüssel Gelöscht : HKCU\Software\Ask.com.tmp
Schlüssel Gelöscht : HKCU\Software\AskToolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKLM\Software\APN
Schlüssel Gelöscht : HKLM\Software\AskToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F994E0D9-8335-48F1-99C2-A712C21F8D5F}
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\120DFADEB50841F408F04D2A278F9509
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2BDF3E992C0908741B7C11F4B4E0F775
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6B3BC4CF5ECE1F54BBA174C13A1AB907
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D0E499F53381f84992C7A212CF1D8F5
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B5BAE2ED018083A4C8DA86D6E3F4B024
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BEABAA33A5E68374DBF197F2A00CD011
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CB61AF52AD64B6B45930BE969F316720
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Software

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16476

[OK] Die Registrierungsdatenbank ist sauber.

*************************

AdwCleaner[S1].txt - [4816 octets] - [28/04/2013 20:02:43]

########## EOF - C:\AdwCleaner[S1].txt - [4876 octets] ##########
         

OTL.txt
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 28.04.2013 20:09:52 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\***\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 1,73 Gb Available Physical Memory | 57,87% Memory free
6,18 Gb Paging File | 4,80 Gb Available in Paging File | 77,69% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,09 Gb Total Space | 82,88 Gb Free Space | 57,52% Space Free | Partition Type: NTFS
Drive D: | 144,00 Gb Total Space | 143,91 Gb Free Space | 99,94% Space Free | Partition Type: NTFS
 
Computer Name: ***-LAPTOP | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\***\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Windows\System32\spool\drivers\w32x86\3\E_TATIH3E.EXE (SEIKO EPSON CORPORATION)
PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Nokia\Nokia Suite\NokiaSuite.exe (Nokia)
PRC - C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia)
PRC - C:\Programme\PC Connectivity Solution\Transports\NclUSBSrv.exe (Nokia)
PRC - C:\Programme\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe (Nokia)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\EPSON Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
PRC - C:\Programme\EPSON Software\FAX Utility\FUFAXRCV.exe (SEIKO EPSON CORPORATION)
PRC - C:\Programme\EPSON Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
PRC - C:\Windows\System32\Macromed\Flash\FlashUtil10e.exe (Adobe Systems, Inc.)
PRC - \\?\C:\Windows\System32\wbem\WMIADAP.EXE ()
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Programme\Samsung\Easy Display Manager\dmhkcore.exe (SAMSUNG Electronics)
PRC - C:\Programme\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Programme\Samsung\EBM\EasyBatteryMgr3.exe (SAMSUNG Electronics co., LTD.)
PRC - C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
PRC - C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
PRC - C:\Programme\Samsung\Samsung Update Plus\SLUTrayNotifier.exe ()
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Programme\Lexmark 8300 Series\ezprint.exe (Lexmark International Inc.)
PRC - C:\Programme\Lexmark 8300 Series\lxcjmon.exe (Lexmark International, Inc.)
PRC - C:\Windows\System32\lxcjcoms.exe ( )
PRC - C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\Nokia\Nokia Suite\phonon4.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\QtXmlPatterns4.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\QtXml4.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\QtWebKit4.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\QtSql4.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\QtScript4.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\QtOpenGL4.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\QtGui4.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\QtNetwork4.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\QtMultimediaKit1.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\QtDeclarative4.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\QtCore4.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\sqldrivers\qsqlite4.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\Imageformats\qjpeg4.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\Imageformats\qico4.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\Imageformats\qgif4.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\NService.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\CommonUpdateChecker.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\ssoengine.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\securestorage.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\mediaservice\dsengine.dll ()
MOD - C:\Windows\System32\msjetoledb40.dll ()
MOD - C:\Programme\Samsung\Samsung Update Plus\SLUTrayNotifier.exe ()
MOD - C:\Programme\Common Files\LightScribe\QtGui4.dll ()
MOD - C:\Programme\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll ()
MOD - C:\Programme\Common Files\LightScribe\QtCore4.dll ()
MOD - C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()
MOD - C:\Programme\Samsung\Samsung Magic Doctor\HookDllPS2.dll ()
MOD - C:\Programme\Samsung\EasySpeedUpManager\HookDllPS2.dll ()
MOD - C:\Programme\Samsung\Easy Display Manager\HookDllPS2.dll ()
MOD - C:\Programme\Lexmark 8300 Series\lxcjdrec.dll ()
MOD - C:\Programme\Lexmark 8300 Series\iptk.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (ServiceLayer) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirWebService) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (EvtEng) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (RegSrvc) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (Samsung Update Plus) -- C:\Programme\Samsung\Samsung Update Plus\SLUBackgroundService.exe ()
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (lxcj_device) -- C:\Windows\System32\lxcjcoms.exe ( )
SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (MSSQL$MSSMLBIZ) -- C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (SQLBrowser) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
SRV - (SQLWriter) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (MSSQLServerADHelper) -- C:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (VMC302) -- System32\Drivers\VMC302.sys File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (catchme) -- C:\Users\***\AppData\Local\Temp\catchme.sys File not found
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (nmwcdnsu) -- C:\Windows\System32\drivers\nmwcdnsu.sys (Nokia)
DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia)
DRV - (nmwcdnsuc) -- C:\Windows\System32\drivers\nmwcdnsuc.sys (Nokia)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (VMC326) -- C:\Windows\System32\drivers\VMC326.sys (Vimicro Corporation)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (NETw3v32) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel Corporation)
DRV - (KMDFMEMIO) -- C:\Windows\System32\drivers\KMDFMEMIO.sys (SAMSUNG ELECTRONICS CO., LTD.)
DRV - (SSPORT) -- C:\Windows\System32\drivers\SSPORT.SYS (Samsung Electronics)
DRV - (DgiVecp) -- C:\Windows\System32\drivers\DGIVECP.SYS (Samsung Electronics Co., Ltd.)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (bcm4sbxp) -- C:\Windows\System32\drivers\bcm4sbxp.sys (Broadcom Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-331587386-2610647910-3138478596-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.t-online.de/
IE - HKU\S-1-5-21-331587386-2610647910-3138478596-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-331587386-2610647910-3138478596-1003\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-331587386-2610647910-3138478596-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-331587386-2610647910-3138478596-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-331587386-2610647910-3138478596-1003\..\SearchScopes\{9CE5FB8D-55DC-4925-BA38-97B53075E33A}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKU\S-1-5-21-331587386-2610647910-3138478596-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.01.08 19:59:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2011.06.11 18:03:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2011.06.11 18:03:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
 
O1 HOSTS File: ([2013.04.27 20:41:38 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark 8300 Series\ezprint.exe (Lexmark International Inc.)
O4 - HKLM..\Run: [FUFAXRCV] C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [LXCJCATS] C:\Windows\System32\spool\DRIVERS\W32X86\3\LXCJtime.DLL (Lexmark International Inc.)
O4 - HKLM..\Run: [lxcjmon.exe] C:\Program Files\Lexmark 8300 Series\lxcjmon.exe (Lexmark International, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()
O4 - HKU\S-1-5-21-331587386-2610647910-3138478596-1003..\Run: [EPLTarget\P0000000000000000] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_TATIH3E.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-21-331587386-2610647910-3138478596-1003..\Run: [EPLTarget\P0000000000000001] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_TATIH3E.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-21-331587386-2610647910-3138478596-1003..\Run: [NokiaSuite.exe] C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe (Nokia)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-331587386-2610647910-3138478596-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-331587386-2610647910-3138478596-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{52F78981-3328-4EF4-8B22-47FFE3EDFE2B}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.04.28 19:56:21 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.04.28 19:56:05 | 000,000,000 | ---D | C] -- C:\JRT
[2013.04.27 20:43:45 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.04.27 20:43:43 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.04.27 20:29:02 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.04.27 20:29:02 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.04.27 20:29:02 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.04.27 20:28:56 | 000,000,000 | ---D | C] -- C:\ComboFix
[2013.04.27 20:28:49 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.04.27 20:27:10 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.04.27 20:26:04 | 005,060,715 | R--- | C] (Swearware) -- C:\Users\***\Desktop\ComboFix.exe
[2013.04.27 20:24:58 | 005,060,715 | ---- | C] (Swearware) -- C:\Users\***\Documents\ComboFix.exe
[2013.04.27 03:06:25 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.04.27 03:06:24 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.04.27 03:06:24 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.04.27 03:06:24 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013.04.27 03:06:24 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.04.27 03:06:23 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013.04.27 03:06:23 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013.04.27 03:06:22 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013.04.26 12:50:14 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2013.04.26 12:49:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.04.26 12:49:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.04.26 12:49:46 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.04.26 12:49:46 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013.04.26 12:14:05 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2013.04.26 11:19:37 | 003,603,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013.04.26 11:19:37 | 003,551,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013.04.26 11:19:36 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2013.04.26 11:18:31 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2013.04.26 11:18:29 | 002,049,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013.04.04 19:00:00 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usb8023.sys
 
========== Files - Modified Within 30 Days ==========
 
[2013.04.28 20:10:46 | 000,675,412 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.04.28 20:10:46 | 000,633,886 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.04.28 20:10:46 | 000,146,368 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.04.28 20:10:46 | 000,118,772 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.04.28 20:05:14 | 000,145,713 | ---- | M] () -- C:\ProgramData\nvModes.001
[2013.04.28 20:04:37 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.28 20:04:37 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.28 20:04:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.28 20:03:53 | 3215,572,992 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.28 20:03:14 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2013.04.28 19:59:57 | 000,628,743 | ---- | M] () -- C:\Users\***\Desktop\adwcleaner.exe
[2013.04.27 20:41:38 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013.04.27 20:22:51 | 005,060,715 | R--- | M] (Swearware) -- C:\Users\***\Desktop\ComboFix.exe
[2013.04.27 20:22:51 | 005,060,715 | ---- | M] (Swearware) -- C:\Users\***\Documents\ComboFix.exe
[2013.04.27 15:43:28 | 000,000,512 | ---- | M] () -- C:\Users\***\Desktop\MBR.dat
[2013.04.27 03:25:29 | 000,373,432 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.04.26 12:49:49 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.04.26 12:13:29 | 282,783,146 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013.04.04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
 
========== Files Created - No Company Name ==========
 
[2013.04.28 20:01:34 | 000,628,743 | ---- | C] () -- C:\Users\***\Desktop\adwcleaner.exe
[2013.04.27 20:29:02 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.04.27 20:29:02 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.04.27 20:29:02 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.04.27 20:29:02 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.04.27 20:29:02 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.04.27 15:43:28 | 000,000,512 | ---- | C] () -- C:\Users\***\Desktop\MBR.dat
[2013.04.26 18:20:25 | 3215,572,992 | -HS- | C] () -- C:\hiberfil.sys
[2013.04.26 12:49:49 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.04.26 12:13:29 | 282,783,146 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011.05.08 13:54:52 | 000,022,723 | ---- | C] () -- C:\Windows\System32\sugs2l3.dll
[2011.05.08 13:51:43 | 000,483,328 | ---- | C] () -- C:\Windows\ssndii.exe
[2011.05.08 13:49:53 | 000,026,624 | ---- | C] () -- C:\Windows\System32\spd__l3.dll
[2011.05.08 13:49:51 | 000,339,968 | ---- | C] () -- C:\Windows\System32\DscPnt1.dll
[2011.05.08 13:49:51 | 000,233,472 | ---- | C] () -- C:\Windows\System32\DscPnt0.dll
[2011.05.08 13:49:51 | 000,229,376 | ---- | C] () -- C:\Windows\System32\DscPnt.dll
[2010.01.02 11:18:46 | 000,007,168 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.03.16 02:22:18 | 000,145,713 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009.03.16 02:22:11 | 000,145,713 | ---- | C] () -- C:\ProgramData\nvModes.dat
 
========== ZeroAccess Check ==========
 
[2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
--- --- ---
         
Extras.txt
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 28.04.2013 20:09:52 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\***\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 1,73 Gb Available Physical Memory | 57,87% Memory free
6,18 Gb Paging File | 4,80 Gb Available in Paging File | 77,69% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,09 Gb Total Space | 82,88 Gb Free Space | 57,52% Space Free | Partition Type: NTFS
Drive D: | 144,00 Gb Total Space | 143,91 Gb Free Space | 99,94% Space Free | Partition Type: NTFS
 
Computer Name: ***-LAPTOP | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [CEWE FOTOSCHAU] -- "C:\Program Files\dm\dm-Fotowelt\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [dm-Fotowelt] -- "C:\Program Files\dm\dm-Fotowelt\dm-Fotowelt.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-331587386-2610647910-3138478596-1003]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00F54C23-0D9D-4BC0-8B7F-FCA560C405A1}" = lport=445 | protocol=6 | dir=in | app=system | 
"{1B2497C2-9244-4CE8-A7C7-51FE7E92B2A5}" = rport=139 | protocol=6 | dir=out | app=system | 
"{35FF2FE6-3A5C-47AA-9A64-2A909085B362}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=c:\windows\system32\svchost.exe | 
"{4A2B3146-08CE-40B8-BDF4-85836A8148BB}" = rport=445 | protocol=6 | dir=out | app=system | 
"{5053E717-6EBF-4A12-B98A-0AB7AEAEB59A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{50C73B9D-C87F-49A7-8C66-51513B24B85A}" = rport=138 | protocol=17 | dir=out | app=system | 
"{53CA2DE1-2EED-48F1-851F-E0402AE3D608}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=c:\windows\system32\svchost.exe | 
"{5AB6E35A-B403-4BA9-8C8F-CDAEBFFD21B5}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=c:\windows\system32\svchost.exe | 
"{5E182C44-84CC-4D3C-BF28-EE7C73C7B247}" = lport=139 | protocol=6 | dir=in | app=system | 
"{663AC32B-516A-418A-B91D-030082CDB9ED}" = rport=137 | protocol=17 | dir=out | app=system | 
"{68121BFD-7B52-43F1-B027-08CB466590EA}" = lport=138 | protocol=17 | dir=in | app=system | 
"{696CF346-7160-48D2-887E-77509FD20CC2}" = lport=1701 | protocol=17 | dir=in | app=system | 
"{6E08B818-19DB-4788-A55A-4166023DA869}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=c:\windows\system32\svchost.exe | 
"{711EFCDD-5798-4CBF-805E-1348617AC339}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=c:\windows\system32\svchost.exe | 
"{7602E6F3-3FA1-4A49-95F0-B7356C6FE12A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{765B43BB-3454-4545-A177-D8131450FD1E}" = rport=1723 | protocol=6 | dir=out | app=system | 
"{77F9C8D6-8731-4178-9F50-1D16ABF5BAA1}" = lport=445 | protocol=6 | dir=in | app=system | 
"{7804D55B-3E5A-4AFF-9011-6C28CCC144A2}" = lport=443 | protocol=6 | dir=in | app=system | 
"{7A54809C-C236-4C60-BD8F-456EBB252CAF}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=c:\windows\system32\svchost.exe | 
"{7F751F53-15C3-4651-BE84-B56EC28A0D40}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{A813F6C9-C1DD-43D1-8E07-9261B2303440}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=c:\windows\system32\svchost.exe | 
"{A8850717-4E47-4132-BA21-6210BE815250}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{AB8A0AF9-A2F0-45A1-918D-876154EE2847}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
"{BDEB2330-DE96-4E51-B0C7-69794F1C8AE9}" = rport=1701 | protocol=17 | dir=out | app=system | 
"{DD71F75F-2F5E-4E68-A599-451D0625E117}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{E5D415F8-2CD3-468C-B1B4-6536D7DE7E1A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{EC19A95D-C3AF-49CB-9FBF-EFC00A0DAD56}" = lport=1723 | protocol=6 | dir=in | app=system | 
"{F09ACBD6-A8A7-4FE8-881F-F24D647B4812}" = lport=137 | protocol=17 | dir=in | app=system | 
"{F5C925CD-AA26-41A9-A77B-7808701F05F3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{F734CC29-D501-42D5-8505-C82035F01FBA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{F760D1E4-0B50-4E51-B7A6-EB686E3976EF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{F7B36F81-2FF4-479D-BD74-62762FA093AF}" = lport=162 | protocol=17 | dir=in | svc=snmptrap | app=c:\windows\system32\snmptrap.exe | 
"{FF2983FB-5B5B-45C8-A212-20733FBA363C}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=c:\windows\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1875C557-E160-4582-8BCB-D581EC7FC011}" = protocol=6 | dir=in | app=e:\network\epsonnetsetup\eneasyapp.exe | 
"{39C3A882-2EDD-4D76-9299-C7CAA9486F02}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{3BFB8E91-B6C6-4875-931E-BEFD24B22E93}" = protocol=17 | dir=in | app=c:\windows\system32\lxcjcoms.exe | 
"{3E740CEA-7484-441D-A42B-E8D40E8BF3DA}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe | 
"{60A5DA3A-79C4-47E4-B7DF-67654BC4581E}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe | 
"{6B76AC50-6CFF-41D1-B598-C0831F9F0CBF}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe | 
"{7B942282-C231-4B4E-B8FC-FF173651B04E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{82F4D083-D7EE-4B48-BB56-10AF43B79669}" = protocol=17 | dir=in | app=e:\network\epsonnetsetup\eneasyapp.exe | 
"{8841B10D-6865-4EF9-BB36-CC2FF031ABB1}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{92892DD7-429B-4ED1-B60F-F0179729E46D}" = protocol=6 | dir=out | app=system | 
"{957CE3C8-960C-439B-A702-673FAA00B4BE}" = protocol=6 | dir=in | app=c:\windows\system32\supdsvc.exe | 
"{AA69C5CF-12F5-42EC-B2C5-08A89854E447}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe | 
"{AD57DC4D-359C-4E54-8D0D-29317AD3C4CF}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxcjpswx.exe | 
"{B3B6485B-2510-4D0B-9C2B-403E2B19075E}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxcjpswx.exe | 
"{B48A66D2-FC0B-4F1B-A130-227C8B9BD017}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{BA7A9EDA-9D0E-4FFC-A9E8-2FE4DA8AFBA5}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{BF3F31B0-F1B1-43CF-845F-937F01849CD3}" = protocol=17 | dir=in | app=c:\windows\system32\supdsvc.exe | 
"{C12D34D6-4DD0-4227-B089-86CDC0EDFABC}" = protocol=17 | dir=in | app=c:\program files\epson software\ecprintersetup\enpapp.exe | 
"{C64658BF-020A-4291-98F3-F09531E2A0B2}" = protocol=6 | dir=in | app=c:\program files\epson software\ecprintersetup\enpapp.exe | 
"{D872E124-E477-4C05-A62A-F76462D21B90}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe | 
"{DA7DD00D-18C6-4240-807B-D844DB8BA9C1}" = dir=in | app=c:\program files\cyberlink\powerdvd\powerdvd.exe | 
"{E15BABEA-16FD-4591-BF86-C3D4C55FB693}" = protocol=6 | dir=out | app=c:\windows\system32\wudfhost.exe | 
"{EFAE9A45-D4EF-4320-9539-E01CD8B5A6D5}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe | 
"{F2C91E37-56A1-4CF9-9FDC-16A57917ECF1}" = protocol=6 | dir=in | app=c:\windows\system32\lxcjcoms.exe | 
"{F8428E31-51B5-4738-A2CA-EC2E9248B9FD}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"TCP Query User{1E147243-FFAC-4228-A9BB-B805B9629497}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | 
"UDP Query User{731F9092-6DE3-4BA6-87B9-53EDE2BD0842}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{004C5DA2-2051-4D25-94BA-51CF810C91EB}" = LightScribe System Software  1.12.37.1
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.0.1.6300
"{04983D37-2202-4295-94A2-8B547C66133F}" = Atheros WLAN Client
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}" = Epson FAX Utility
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution III
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{2DFB5485-A3EF-4298-9280-4AF80C9F4BE9}" = Microsoft SQL Server VSS Writer
"{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}" = Samsung Magic Doctor
"{36BEAD11-8577-49AD-9250-E06A50AE87B0}" = Microsoft SOAP Toolkit 2.0 SP2
"{3B69A712-4CBC-40B1-AE55-0203075FD093}" = Nokia Suite
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}" = Business Contact Manager für Outlook 2007
"{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}" = Easy Network Manager 3.0
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{547DCEC7-DD2A-47E9-82C7-5CF1EAB526DA}" = Microsoft SQL Server Native Client
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6F730513-8688-4C3C-90A3-6B9792CE2EF3}" = Easy Battery Manager
"{71A51B09-E7D3-11DB-A386-005056C00008}" = Vimicro UVC Camera
"{71A51B59-E7D3-11DB-A386-005056C00008}" = Namuga 1.3M Webcam
"{7390478C-8581-415E-92E9-2997D9306B81}" = PC Connectivity Solution
"{7B46F9CF-CF60-492E-816E-95EB1A9D1BB4}" = Play Camera
"{8E106A57-A17E-431D-B48F-175E42EB9F74}" = imagine digital freedom - Samsung
"{8ED43F7E-A8F6-4898-AF11-B6158F2EDF94}" = Epson Event Manager
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A57025CC-5F2E-4D01-B387-06DB10500D43}" = Nokia Connectivity Cable Driver
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AC76BA86-7AD7-1031-7B44-A81200000003}" = Adobe Reader 8.1.2 - Deutsch
"{AED53CDF-1046-4C6B-B5E2-C195125ECDA0}" = Intel(R) PROSet/Wireless WiFi-Software
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}" = Epson Connect Printer Setup
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E728441A-7820-4B1C-87C9-DE7BE37B2953}" = Download Navigator
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"17D063A0A9F5D5A225B76B1D9BCB5ADBE85C8382" = Windows-Treiberpaket - Nokia pccsmcfd “LegacyDriver”  (05/31/2012 7.1.2.0)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Avira AntiVir Desktop" = Avira Free Antivirus
"Business Contact Manager für Outlook 2007" = Business Contact Manager für Outlook 2007
"dm-Fotowelt" = dm-Fotowelt
"EPSON PC-FAX Driver 2" = Epson PC-FAX Driver
"EPSON Scanner" = EPSON Scan
"EPSON WP-4535 Series" = EPSON WP-4535 Series Printer Uninstall
"EPSON WP-4535 Series Netg" = Netzwerkhandbuch EPSON WP-4535 Series
"EPSON WP-4535 Series Useg" = Benutzerhandbuch EPSON WP-4535 Series
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}" = Easy Network Manager 3.0
"InstallShield_{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus
"InstallShield_{7B46F9CF-CF60-492E-816E-95EB1A9D1BB4}" = Play Camera
"Lexmark 8300 Series" = Lexmark 8300 Series
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Thunderbird 9.0.1 (x86 de)" = Mozilla Thunderbird 9.0.1 (x86 de)
"Nokia Suite" = Nokia Suite
"NVIDIA Drivers" = NVIDIA Drivers
"PROHYBRIDR" = 2007 Microsoft Office system
"ProInst" = Intel PROSet Wireless
"Samsung ML-2010 Series" = Samsung ML-2010 Series
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 28.04.2013 14:04:33 | Computer Name = ***-Laptop | Source = MSSQL$MSSMLBIZ | ID = 17190
Description = Fehler beim Initialisieren des FallBack-Zertifikats. Fehlercode: 4.
 
Error - 28.04.2013 14:04:33 | Computer Name = ***-Laptop | Source = MSSQL$MSSMLBIZ | ID = 26015
Description = Das vom Benutzer angegebene Zertifikat kann nicht geladen werden. 
Da die Verbindungsverschlüsselung erforderlich ist, wird vom Server keine Verbindung
 akzeptiert. Überprüfen Sie, ob das Zertifikat richtig installiert ist. Lesen Sie
 'Konfigurieren eines Zertifikats zur Verwendung durch SSL' in der Onlinedokumentation.
 
Error - 28.04.2013 14:04:33 | Computer Name = ***-Laptop | Source = MSSQL$MSSMLBIZ | ID = 17182
Description = Fehler bei der TDSSNIClient-Initialisierung. Fehler 0x80092004, Statuscode
 0x80.
 
Error - 28.04.2013 14:04:33 | Computer Name = ***-Laptop | Source = MSSQL$MSSMLBIZ | ID = 17182
Description = Fehler bei der TDSSNIClient-Initialisierung. Fehler 0x80092004, Statuscode
 0x1.
 
Error - 28.04.2013 14:04:33 | Computer Name = ***-Laptop | Source = MSSQL$MSSMLBIZ | ID = 17826
Description = Aufgrund eines internen Fehlers in einer Netzwerkbibliothek konnte
 die Netzwerkbibliothek nicht gestartet werden. Überprüfen Sie zum Bestimmen der
 Ursache die diesem Fehler unmittelbar vorhergehenden Fehler im Fehlerprotokoll.
 
Error - 28.04.2013 14:04:33 | Computer Name = ***-Laptop | Source = MSSQL$MSSMLBIZ | ID = 17120
Description = SQL Server konnte den Thread FRunCM nicht erzeugen. Suchen Sie im 
SQL Server-Fehlerprotokoll und in den Windows-Ereignisprotokollen nach Informationen
 zu möglichen verwandten Problemen.
 
Error - 28.04.2013 14:05:42 | Computer Name = ***-Laptop | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 28.04.2013 14:05:43 | Computer Name = ***-Laptop | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 28.04.2013 14:05:43 | Computer Name = ***-Laptop | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 28.04.2013 14:06:48 | Computer Name = ***-Laptop | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
 
< End of report >
--- --- ---
         

Alt 28.04.2013, 19:40   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Hotmail-Account verschickt eigenständig Spam-Mails an Kontakte - Standard

Hotmail-Account verschickt eigenständig Spam-Mails an Kontakte



Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Vollscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 29.04.2013, 08:44   #13
westerm
 
Hotmail-Account verschickt eigenständig Spam-Mails an Kontakte - Standard

Hotmail-Account verschickt eigenständig Spam-Mails an Kontakte



Hi cosinus,

alles klar, vielen Dank für deine Hilfe. Malwarebytes Vollscan lief ohne Funde durch.

Beste Grüße...

Alt 29.04.2013, 09:53   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Hotmail-Account verschickt eigenständig Spam-Mails an Kontakte - Standard

Hotmail-Account verschickt eigenständig Spam-Mails an Kontakte



Bitte die Logs immer posten!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu Hotmail-Account verschickt eigenständig Spam-Mails an Kontakte
autorun, avg, avira, avira searchfree toolbar, bho, defender, desktop, error, firefox, flash player, format, gmx.de, home, iexplore.exe, install.exe, logfile, mail.de, microsoft office 2003, nemesis, office 2007, realtek, registry, rundll, security, senden, server, software, spam, svchost.exe, udp, vista, wlan



Ähnliche Themen: Hotmail-Account verschickt eigenständig Spam-Mails an Kontakte


  1. Hotmail-Account verschickt Spam an alle Kontakte
    Plagegeister aller Art und deren Bekämpfung - 08.06.2014 (7)
  2. Hotmail Konto verschickt autmoatisch Spam Mails
    Log-Analyse und Auswertung - 27.05.2014 (13)
  3. Hotmail Account gehackt und verschickt automatisch Mails
    Plagegeister aller Art und deren Bekämpfung - 29.12.2012 (22)
  4. Yahoo Mail Acc verschickt Spam Mails an persönliche Kontakte
    Plagegeister aller Art und deren Bekämpfung - 20.08.2012 (37)
  5. E-Mail Account bei gmx.de verschickt Mails an alle meine Kontakte
    Plagegeister aller Art und deren Bekämpfung - 19.07.2012 (3)
  6. spam-mails von hotmail-account verschickt --> trojaner?
    Plagegeister aller Art und deren Bekämpfung - 09.07.2012 (14)
  7. web.de verschickt eigenständig Spam-mails
    Plagegeister aller Art und deren Bekämpfung - 21.06.2012 (30)
  8. (2x) Hotmail Emailaccount verschickt "spam" mails an Kontakte
    Mülltonne - 20.05.2012 (1)
  9. Hotmail-Account hat selbständig Spam verschickt (2xmal)
    Log-Analyse und Auswertung - 13.04.2012 (1)
  10. AOL-Account verschickt Spam an alle Kontakte
    Plagegeister aller Art und deren Bekämpfung - 24.03.2012 (1)
  11. MSN - Hotmail verschickt von alleine Spam Mails
    Plagegeister aller Art und deren Bekämpfung - 28.11.2011 (1)
  12. Hotmail verschickt automatisch Spam mails
    Plagegeister aller Art und deren Bekämpfung - 17.08.2011 (1)
  13. Hotmail verschickt Spam-Mails
    Überwachung, Datenschutz und Spam - 16.08.2011 (1)
  14. MSN Hotmail verschickt Spam an Kontakte
    Plagegeister aller Art und deren Bekämpfung - 07.05.2011 (18)
  15. Hotmail Account verschickt automatisch Spam Mails!
    Plagegeister aller Art und deren Bekämpfung - 14.02.2011 (7)
  16. Computer versendet automatisch mit Hotmail an alle Kontakte Spam-Mails
    Log-Analyse und Auswertung - 08.02.2011 (13)
  17. MSN e-mail konto verschickt eigenständig spam mails an kontakte.. WORM/kido.XI gefunden
    Plagegeister aller Art und deren Bekämpfung - 18.06.2010 (2)

Zum Thema Hotmail-Account verschickt eigenständig Spam-Mails an Kontakte - Hallo, von meinem (eigentlich gelöschten) Hotmail-Account werden Spam Mails an meine Kontakte versendet (Betreff ist leer, Mail enthält nur einen Link). Würde mich freuen wenn ihr mich bei der Suche - Hotmail-Account verschickt eigenständig Spam-Mails an Kontakte...
Archiv
Du betrachtest: Hotmail-Account verschickt eigenständig Spam-Mails an Kontakte auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.