TR/Agent.53248

baum89 · 31.03.2012, 23:38

Hallo zusammen,

ich habe leider anscheinend wieder ein größeres Problem. Avira hat so eben den Trojaner TR/Agent.53248 entdeckt.

Nun habe ich gelesen, dass das ein Downloader für en Backdoor ist. Bevor ich nun alle logfiles etc. poste...könnt ihr mir das bestätigen? weil ich in einem andren Forum gelesen habe, dass mein System nur mehr oder weniger hinüber ist.
Vorhin hat sich mein Rechner auch komplett aufgehängt und es waren rosa Streifen etc aufm Bildschirm zu sehen. Nach Neutstart geht nun wieder alles, aber irgendwas stimmt da ja nicht.

Vielen Dank im Voraus!

Ich sehe eben, dass ein weiterer Nutzer anscheinend ein ähnliches Problem mit diesem Trojaner hat (LaurenLaw)

baum89 · 01.04.2012, 01:08

TR/Agent.53248

Hallo zusammen,

ich habe leider anscheinend wieder ein größeres Problem. Avira hat so eben den Trojaner TR/Agent.53248 entdeckt.

Nun habe ich gelesen, dass das ein Downloader für en Backdoor ist. Bevor ich nun alle logfiles etc. poste...könnt ihr mir das bestätigen? weil ich in einem andren Forum gelesen habe, dass mein System nur mehr oder weniger hinüber ist.
Vorhin hat sich mein Rechner auch komplett aufgehängt und es waren rosa Streifen etc aufm Bildschirm zu sehen. Nach Neutstart geht nun wieder alles, aber irgendwas stimmt da ja nicht.

Edit: habe nur die Logfiles ; Habe den Trojaner in Quarantäne verschoben

dds.logfile

.DDS Logfile:

Code:

ATTFilter

DDS (Ver_2011-08-26.01) - NTFSx86 
Internet Explorer: 9.0.8112.16421
Run by Klemens at 1:15:33 on 2012-04-01
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3066.1652 [GMT 2:00]
.
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Packard Bell\Packard Bell PowerSave Solution\ePowerSvc.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\gateProtect\VPN Client\bin\Service.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe
C:\Windows\system32\IoctlSvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\CyberLink\Shared files\brs.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\Standardbenutzer\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Packard Bell\Packard Bell PowerSave Solution\ePowerTray.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclIrSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Packard Bell\Packard Bell PowerSave Solution\ePowerEvent.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Opera\opera.exe
C:\Windows\system32\conime.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=2&o=vp32&d=0311&m=easynote_tj65
uDefault_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=2&o=vp32&d=0311&m=easynote_tj65
mStart Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=2&o=vp32&d=0311&m=easynote_tj65
mDefault_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=2&o=vp32&d=0311&m=easynote_tj65
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: SwissAcademic.Citavi.Picker.IEPicker: {609d670f-b735-4da7-ac6d-f3bd358e325e} - mscoree.dll
BHO: Windows Live Anmelde-Hilfsprogramm: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [SmpcSys] c:\program files\packard bell\setupmypc\SmpSys.exe
uRun: [<NO NAME>] 
uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe
uRun: [PC Suite Tray] "c:\program files\nokia\nokia pc suite 7\PCSuite.exe" -onlytray
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [cAudioFilterAgent] c:\program files\conexant\caudiofilteragent\cAudioFilterAgent.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [PLFSetI] c:\program files\PLFSetI.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [LManager] c:\program files\launch manager\LManager.exe
mRun: [PDVD8LanguageShortcut] "c:\program files\cyberlink\powerdvd8\language\Language.exe"
mRun: [BDRegion] c:\program files\cyberlink\shared files\brs.exe
mRun: [Acer ePower Management] c:\program files\packard bell\packard bell powersave solution\ePowerTrayLauncher.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Citavi Picker... - file://c:\programdata\swiss academic software\citavi picker\internet explorer\ShowContextMenu.html
IE: Free YouTube to MP3 Converter - c:\users\klemens\appdata\roaming\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {619D670F-B735-4da7-AC6D-F3BD358E325E} - {609D670F-B735-4da7-AC6D-F3BD358E325E} - mscoree.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{02F2549F-CEE6-4D37-8146-583415C35235} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{52DC480B-E7BC-4F9C-B4F1-FCFAAF50FB5B} : DhcpNameServer = 192.168.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
.
============= SERVICES / DRIVERS ===============
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-5-21 218688]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};Power Control [2011/03/18 16:10:47];c:\program files\cyberlink\powerdvd8\000.fcl [2009-3-6 87536]
R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\avira\antivir desktop\sched.exe [2011-3-19 136360]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-3-19 269480]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-3-19 66616]
R2 ePowerSvc;Acer ePower Service;c:\program files\packard bell\packard bell powersave solution\ePowerSvc.exe [2011-3-18 707104]
R2 FontCache;Windows-Dienst für Schriftartencache;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 GPVPNService;gateProtect VPN Service;c:\program files\gateprotect\vpn client\bin\Service.exe [2010-10-20 167936]
R2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files\newtech infosystems\packard bell mybackup\IScheduleSvc.exe [2009-5-26 62208]
R3 BazisVirtualCDBus;WinCDEmu Virtual Bus Driver;c:\windows\system32\drivers\BazisVirtualCDBus.sys [2011-5-15 107616]
R3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60x.sys [2008-9-4 223232]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2011-3-19 3715072]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2011-3-19 64032]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update-Dienst (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-1-10 136176]
S2 Norton Internet Security;Norton Internet Security;"c:\program files\norton internet security\engine\16.0.0.125\ccsvchst.exe" /s "norton internet security" /m "c:\program files\norton internet security\engine\16.0.0.125\dimaster.dll" /prefetch:1 --> c:\program files\norton internet security\engine\16.0.0.125\ccSvcHst.exe [?]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2008-1-21 179712]
S3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-1-10 136176]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2011-5-18 137600]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2011-5-18 8576]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-03-31 15:20:05	6582328	----a-w-	c:\programdata\microsoft\windows defender\definition updates\{efd260d3-5de3-4ded-a0dc-a4a40a7cbf5e}\mpengine.dll
2012-03-09 14:59:49	--------	d-----w-	c:\users\klemens\appdata\local\Microsoft Games
.
==================== Find3M  ====================
.
2012-03-09 14:13:25	414368	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-23 08:18:36	237072	------w-	c:\windows\system32\MpSigStub.exe
.
============= FINISH:  1:15:53,71 ===============

--- --- ---

-----------------------------------------------------

attach logifile:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 18.03.2011 15:50:54
System Uptime: 31.03.2012 23:49:05 (2 hours ago)
.
Motherboard: Packard Bell | | SJV50MV
Processor: Intel(R) Core(TM)2 Duo CPU T6500 @ 2.10GHz | U2E1 | 1200/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 151 GiB total, 62,7 GiB free.
D: is FIXED (NTFS) - 137 GiB total, 93,247 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Cisco Systems VPN Adapter
Device ID: ROOT\NET\0001
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter
PNP Device ID: ROOT\NET\0001
Service: CVirtA
.
==== System Restore Points ===================
.
RP288: 24.02.2012 07:46:02 - Windows Update
RP289: 26.02.2012 20:07:10 - Geplanter Prüfpunkt
RP290: 27.02.2012 20:54:18 - Geplanter Prüfpunkt
RP291: 29.02.2012 12:51:19 - Windows Update
RP292: 03.03.2012 02:04:26 - Windows Update
RP293: 04.03.2012 13:39:17 - Geplanter Prüfpunkt
RP294: 05.03.2012 08:38:44 - Geplanter Prüfpunkt
RP295: 06.03.2012 13:05:14 - Geplanter Prüfpunkt
RP296: 07.03.2012 20:13:30 - Windows Update
RP297: 08.03.2012 14:28:02 - Geplanter Prüfpunkt
RP298: 09.03.2012 11:17:41 - Geplanter Prüfpunkt
RP299: 12.03.2012 08:04:36 - Windows Update
RP300: 13.03.2012 14:22:30 - Windows Update
RP301: 15.03.2012 15:25:14 - Geplanter Prüfpunkt
RP302: 18.03.2012 23:39:25 - Windows Update
RP303: 21.03.2012 15:18:59 - Windows Update
RP304: 24.03.2012 11:26:50 - Windows Update
RP305: 29.03.2012 11:51:25 - Windows Update
RP306: 30.03.2012 14:41:36 - Geplanter Prüfpunkt
RP307: 31.03.2012 17:19:15 - Windows Update
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Photoshop Elements 6.0
Adobe Reader 9 - Deutsch
Avira AntiVir Personal - Free Antivirus
Backup Manager Basic
Broadcom Gigabit NetLink Controller
Choice Guard
Cisco Systems VPN Client 5.0.07.0410
Citavi
Compatibility Pack für 2007 Office System
Conexant HD Audio
CyberLink PowerDVD 8
DAEMON Tools Lite
FIFA 11
Free YouTube to MP3 Converter version 3.10.9.908
gateProtect VPN Client 3.0
Google Chrome
Google SketchUp 8
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Identity Card
Infocenter
InfraRecorder
Java Auto Updater
Java(TM) 6 Update 29
Junk Mail filter update
Kyocera Product Library
Launch Manager
Mein CEWE FOTOBUCH
MetaBoli
Microsoft .NET Framework 3.5 Language Pack SP1 - deu
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile DEU Language Pack
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (German) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (German) 2007
Microsoft Office PowerPoint MUI (German) 2007
Microsoft Office PowerPoint Viewer 2007 (German)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Italian) 2007
Microsoft Office Proofing (German) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (German) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (German) 2007
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
MSVC80_x86_v2
MSVC90_x86
MSVCRT
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 8 Essentials
neroxml
Nokia Connectivity Cable Driver
Nokia Flashing Cable Driver
Nokia Ovi Suite
Nokia Ovi Suite Software Updater
Nokia PC Suite
Norton Internet Security
NVIDIA Drivers
NVIDIA PhysX
Opera 11.62
Ovi Desktop Sync Engine
OviMPlatform
Packard Bell MyBackup
Packard Bell PowerSave Solution
Packard Bell Recovery Management
PackardBell ScreenSaver
Pando Media Booster
PC Connectivity Solution
PDF24 Creator 3.5.2
Phoenix Service Software 2009.20.010.39068
Realtek USB 2.0 Card Reader
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2518870)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
SetupMyPC
ShotOnline
ShotOnline - remove only
Skype Click to Call
Skype™ 5.5
Synaptics Pointing Device Driver
Trillian
Uninstall 1.0.0.1
Update für Microsoft Office Excel 2007 Help (KB963678)
Update für Microsoft Office Powerpoint 2007 Help (KB963669)
Update für Microsoft Office Word 2007 Help (KB963665)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Updator
Video Web Camera
VLC media player 1.1.10
Winamp
Winamp Erkennungs-Plug-in
WinCDEmu
Windows-Treiberpaket - Nokia Modem (02/25/2011 4.7)
Windows-Treiberpaket - Nokia Modem (02/25/2011 7.01.0.9)
Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
Windows Live-Uploadtool
Windows Live Anmelde-Assistent
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Fotogalerie
Windows Live Mail
Windows Live Messenger
Windows Live Sync
Windows Live Writer
WinRAR 4.00 (32-bit)
Zattoo4 4.0.5
.
==== End Of File ===========================

Gmer.txt

GMER Logfile:

Code:

ATTFilter

GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-04-01 02:04:02
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.PB3O
Running: 154urq61.exe; Driver: C:\Users\Klemens\AppData\Local\Temp\uxtiafoc.sys


---- System - GMER 1.0.15 ----

SSDT            927A9C86                                      ZwCreateSection
SSDT            927A9C8B                                      ZwSetContextThread
SSDT            927A9C27                                      ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!KeSetEvent + 215                 82CF0998 4 Bytes  [86, 9C, 7A, 92]
.text           ntkrnlpa.exe!KeSetEvent + 56D                 82CF0CF0 4 Bytes  [8B, 9C, 7A, 92]
.text           ntkrnlpa.exe!KeSetEvent + 621                 82CF0DA4 4 Bytes  [27, 9C, 7A, 92] {DAA ; PUSHF ; JP 0xffffffffffffff96}
.text           c:\Program Files\CyberLink\PowerDVD8\000.fcl  section is writeable [0xA2AFB000, 0x2892, 0xE8000020]
.vmp2           c:\Program Files\CyberLink\PowerDVD8\000.fcl  entry point in ".vmp2" section [0xA2B1E050]
?               C:\Users\Klemens\AppData\Local\Temp\mbr.sys   Das System kann die angegebene Datei nicht finden. !

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0       Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
AttachedDevice  \FileSystem\fastfat \Fat                      fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

--- --- ---

Vielen Dank im Voraus!

Nicht, dass ich übersehen wurde..

push

cosinus · 02.04.2012, 13:19

Zitat:

Avira hat so eben den Trojaner TR/Agent.53248 entdeckt.

Solche Angaben reichen nicht, bitte poste die vollständigen Angaben/Logs der Virenscanner.

baum89 · 02.04.2012, 13:46

Habe das ausversehen 2 Themen eröffnet. Aber in einem ja alle Logfiles wie in der Anleitung beschrieben hochgeladen.

Bei Avira kam lediglich die Meldung Trojanisches Pferd TR/Agent.53248 gefunden.

Bitte um Anweisung, was euch denn noch fehlt.

Nachdem ich den Trojaner in die Quarantäne verschoben habe, hat Avira bei mehrere Suchläufen keine Bedrohnung mehr gefunden. Der Trojaner hatte ich im Temp Ordner befunden, also nicht direkt in den Systemdateien

Gruß

cosinus · 02.04.2012, 14:37

Zitat:

Bei Avira kam lediglich die Meldung Trojanisches Pferd TR/Agent.53248 gefunden.

Sry das ist Quatsch. Zu einem gefundenen Schädling gibt es auch einen Fundort. Und der fehlt mir!
Avira hat Logdateien! Einfach mal nachsehen unter Berichte/Ereignisse!

baum89 · 02.04.2012, 14:44

Die Datei 'C:\Users\Standardbenutzer\AppData\Local\Temp\cgs8h0.exe'
enthielt einen Virus oder unerwünschtes Programm 'TR/Agent.53248' [trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4a6323c1.qua' verschoben!

cosinus · 02.04.2012, 15:34

Bitte erstmal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

baum89 · 02.04.2012, 16:53

Die Scanns laufen noch, allerdings gibt es nochwas zu berichten.

Ich bekam eben eine Email bei meinem Yahoo Postfach mit dem Betreff: "MAILER-DAEMON-Failure Notice" Darin aufgeführt sind einige meiner Freunde mit ihren E-Mail Adressen..scheint so als würde da jm meine Adresse zum verschicken von SPAM benutzen

Malwarebytes Anti-Malware 1.60.1.1000
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: v2012.04.02.05

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Klemens :: KLEMENS-PC [Administrator]

02.04.2012 16:38:08
mbam-log-2012-04-02 (16-38-08).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 334012
Laufzeit: 1 Stunde(n), 21 Minute(n), 5 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

-----------------------

Code:

ATTFilter

 ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=6339daf0f317c5408f2f1780d332975d
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-04-02 05:01:35
# local_time=2012-04-02 07:01:35 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1797 16775165 100 94 192496 69917277 94452 0
# compatibility_mode=5892 16776574 100 100 0 170913184 0 0
# compatibility_mode=8192 67108863 100 0 557 557 0 0
# scanned=146583
# found=3
# cleaned=0
# scan_time=5638
C:\Program Files\ODEON\JAF\JAF-S.exe	a variant of Win32/Packed.Themida application (unable to clean)	00000000000000000000000000000000	I
C:\Program Files\ODEON\JAF\JAF_customer_care.exe	a variant of Win32/Packed.Themida application (unable to clean)	00000000000000000000000000000000	I
C:\Program Files\ODEON\JAF\JAF_VodaFone.exe	a variant of Win32/Packed.Themida application (unable to clean)	00000000000000000000000000000000	I

Das mit den Emails macht mit doch starke Sorgen. Ich schreibe im moment meine Abschlussarbeit und muss viele Kontakte und Termine per E-mail organisieren. Deswegen wäre es auch problematisch, wenn ich die Adresse einfach löschen würde.
Allerdings wäre es natürlich auch schlimm, wenn mein Prof. eine SPAM Email von mir bekommt..

Hoffe das lässt sich was machen!

mfg und vielen dank im Voraus

Klemens

cosinus · 02.04.2012, 19:51

Zitat:

C:\Program Files\ODEON\JAF\JAF-S.exe

Was ist das, wo hast du das her?
Das Passwort zu deinem E-Mail-Konto hast du erstmal von einem anderen sauberen System aus geändert?

baum89 · 02.04.2012, 20:11

Passwort habe ich geändert.
leider kann ich dir nicht sagen was das für ein Programm ist, da ich selber keine Ahnung habe. Hatte mit dem Programm noch nicht bewusst zu tun.

Wie soll ich weiter vorgehen?

Vielen Dank im Voraus

Gruß Klemens

cosinus · 02.04.2012, 20:49

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

baum89 · 03.04.2012, 00:12

OTL-Txt
OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 03.04.2012 00:54:56 - Run 1
OTL by OldTimer - Version 3.2.39.2     Folder = C:\Users\Standardbenutzer\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 2,02 Gb Available Physical Memory | 67,60% Memory free
14,62 Gb Paging File | 13,71 Gb Available in Paging File | 93,80% Paging File free
Paging file location(s): c:\pagefile.sys 12000 12000 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 151,49 Gb Total Space | 65,79 Gb Free Space | 43,43% Space Free | Partition Type: NTFS
Drive D: | 136,83 Gb Total Space | 93,25 Gb Free Space | 68,15% Space Free | Partition Type: NTFS
 
Computer Name: KLEMENS-PC | User Name: Klemens | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.04.03 00:52:56 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Standardbenutzer\Desktop\OTL.exe
PRC - [2012.03.27 16:54:59 | 000,949,104 | ---- | M] (Opera Software) -- C:\Programme\Opera\opera.exe
PRC - [2012.03.22 12:14:16 | 000,452,880 | ---- | M] (SANDBOXIE L.T.D) -- C:\Programme\Sandboxie\SbieCtrl.exe
PRC - [2012.03.22 12:14:16 | 000,074,512 | ---- | M] (SANDBOXIE L.T.D) -- C:\Programme\Sandboxie\SbieSvc.exe
PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.07.18 11:31:35 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.04.27 11:56:53 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011.03.04 15:36:11 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.10.20 11:21:42 | 000,167,936 | ---- | M] () -- C:\Programme\gateProtect\VPN Client\bin\Service.exe
PRC - [2010.09.27 11:58:24 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2010.01.14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.06.23 18:19:14 | 000,711,200 | ---- | M] (Acer Incorporated) -- C:\Programme\Packard Bell\Packard Bell PowerSave Solution\ePowerTray.exe
PRC - [2009.06.23 18:19:14 | 000,707,104 | ---- | M] (Acer Incorporated) -- C:\Programme\Packard Bell\Packard Bell PowerSave Solution\ePowerSvc.exe
PRC - [2009.06.23 18:19:12 | 000,453,152 | ---- | M] (Acer Incorporated) -- C:\Programme\Packard Bell\Packard Bell PowerSave Solution\ePowerEvent.exe
PRC - [2009.05.26 16:26:20 | 000,062,208 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Programme\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe
PRC - [2009.04.11 08:28:15 | 000,117,248 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.03.07 00:48:52 | 000,075,048 | ---- | M] (cyberlink) -- C:\Programme\CyberLink\Shared files\brs.exe
PRC - [2009.02.19 05:42:50 | 000,866,824 | ---- | M] (Dritek System Inc.) -- C:\Programme\Launch Manager\LManager.exe
PRC - [2008.11.06 05:53:58 | 000,474,168 | ---- | M] (Conexant Systems, Inc.) -- C:\Programme\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe
PRC - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2003.06.07 23:30:08 | 000,057,344 | ---- | M] () -- C:\Programme\Launch Manager\PowerUtl.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.04.01 18:44:38 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.03.22 12:14:16 | 000,074,512 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Programme\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.11.17 09:39:02 | 003,993,576 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2011.07.18 11:31:35 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.06.08 13:02:00 | 000,633,856 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2011.04.27 11:56:53 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.10.20 11:21:42 | 000,167,936 | ---- | M] () [Auto | Running] -- C:\Programme\gateProtect\VPN Client\bin\Service.exe -- (GPVPNService)
SRV - [2010.09.27 11:58:24 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2009.06.23 18:19:14 | 000,707,104 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Packard Bell\Packard Bell PowerSave Solution\ePowerSvc.exe -- (ePowerSvc)
SRV - [2009.05.26 16:26:20 | 000,062,208 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Programme\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2009.03.25 19:52:50 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\NIS\1000000.07D\SRTSPX.SYS -- (SRTSPX)
DRV - File not found [File_System | System | Stopped] -- C:\Windows\system32\drivers\NIS\1000000.07D\SRTSP.SYS -- (SRTSP)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\NAVEX15.SYS -- (NAVEX15)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\NAVENG.SYS -- (NAVENG)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2012.03.22 12:14:14 | 000,134,416 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Programme\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - [2011.07.18 11:31:36 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.07.18 11:31:36 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.05.15 21:35:25 | 000,107,616 | ---- | M] (SysProgs.org) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BazisVirtualCDBus.sys -- (BazisVirtualCDBus)
DRV - [2010.10.01 21:13:16 | 000,025,984 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901)
DRV - [2010.09.27 11:56:00 | 000,308,859 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2010.06.17 15:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.06.22 15:50:00 | 009,753,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009.05.01 07:43:34 | 000,064,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2009.03.17 20:28:50 | 000,452,096 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2009.03.06 15:48:38 | 000,087,536 | ---- | M] (CyberLink Corp.) [2011/03/18 16:10:47] [Kernel | Auto | Running] -- c:\Programme\CyberLink\PowerDVD8\000.fcl -- ({FE4C91E7-22C2-4D0C-9F6B-82F1B7742054})
DRV - [2008.12.29 19:51:14 | 003,715,072 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)
DRV - [2008.11.16 18:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)
DRV - [2008.09.04 06:12:56 | 000,223,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x) Broadcom NetLink (TM)
DRV - [2008.08.26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008.07.24 01:29:16 | 000,047,744 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vserial.sys -- (vserial)
DRV - [2008.07.24 01:29:16 | 000,015,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vsb.sys -- (vsbus)
DRV - [2007.01.18 20:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=2&o=vp32&d=0311&m=easynote_tj65
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=2&o=vp32&d=0311&m=easynote_tj65
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
IE - HKU\S-1-5-21-1129854550-330154470-1764584127-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=2&o=vp32&d=0311&m=easynote_tj65
IE - HKU\S-1-5-21-1129854550-330154470-1764584127-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1129854550-330154470-1764584127-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=2&o=vp32&d=0311&m=easynote_tj65
IE - HKU\S-1-5-21-1129854550-330154470-1764584127-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1129854550-330154470-1764584127-1000\..\SearchScopes,DefaultScope = {9578FADB-414A-4F1D-9763-7499B00C9B8B}
IE - HKU\S-1-5-21-1129854550-330154470-1764584127-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1129854550-330154470-1764584127-1000\..\SearchScopes\{9578FADB-414A-4F1D-9763-7499B00C9B8B}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACPW
IE - HKU\S-1-5-21-1129854550-330154470-1764584127-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-1129854550-330154470-1764584127-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=2&o=vp32&d=0311&m=easynote_tj65
IE - HKU\S-1-5-21-1129854550-330154470-1764584127-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1129854550-330154470-1764584127-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=2&o=vp32&d=0311&m=easynote_tj65
IE - HKU\S-1-5-21-1129854550-330154470-1764584127-1001\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1129854550-330154470-1764584127-1001\..\SearchScopes,DefaultScope = {D080A951-CA5C-4C32-B3B8-95860AB77E7C}
IE - HKU\S-1-5-21-1129854550-330154470-1764584127-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1129854550-330154470-1764584127-1001\..\SearchScopes\{D080A951-CA5C-4C32-B3B8-95860AB77E7C}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACPW
IE - HKU\S-1-5-21-1129854550-330154470-1764584127-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_228.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.142\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.142\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.142\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_228.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Users\Klemens\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google-Suche = C:\Users\Klemens\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: Google Mail = C:\Users\Klemens\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Acer ePower Management] C:\Programme\Packard Bell\Packard Bell PowerSave Solution\ePowerTrayLauncher.exe (Acer Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BDRegion] c:\Programme\CyberLink\Shared files\brs.exe (cyberlink)
O4 - HKLM..\Run: [cAudioFilterAgent] C:\Programme\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe (Conexant Systems, Inc.)
O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1129854550-330154470-1764584127-1000..\Run: [Pando Media Booster] C:\Programme\Pando Networks\Media Booster\PMB.exe ()
O4 - HKU\S-1-5-21-1129854550-330154470-1764584127-1000..\Run: [SmpcSys] C:\Programme\Packard Bell\SetupMyPC\SmpSys.exe (Acer Incorporated)
O4 - HKU\S-1-5-21-1129854550-330154470-1764584127-1001..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray File not found
O4 - HKU\S-1-5-21-1129854550-330154470-1764584127-1001..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)
O4 - HKU\S-1-5-21-1129854550-330154470-1764584127-1001..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [*WerKernelReporting] C:\Windows\System32\WerFault.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O8 - Extra context menu item: &Citavi Picker... - C:\ProgramData\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Klemens\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{02F2549F-CEE6-4D37-8146-583415C35235}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{52DC480B-E7BC-4F9C-B4F1-FCFAAF50FB5B}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img36.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img36.jpg
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{d46593bd-835b-11e0-b06a-001f16b69d2d}\Shell - "" = AutoRun
O33 - MountPoints2\{d46593bd-835b-11e0-b06a-001f16b69d2d}\Shell\AutoRun\command - "" = F:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VPN Client.lnk - C:\Windows\Installer\{1CE60928-8325-49A8-8B06-633E48DD2B67}\Icon3E5562ED7.ico - ()
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= -  File not found
MsConfig - StartUpReg: BackupManagerTray - hkey= - key= - C:\Program Files\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe (NewTech Infosystems, Inc.)
MsConfig - StartUpReg: RemoteControl8 - hkey= - key= - c:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
MsConfig - StartUpReg: Skype - hkey= - key= - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig - StartUpReg: VideoWebCamera - hkey= - key= - C:\Program Files\VideoWebCamera\VideoWebCamera.exe (Suyin)
MsConfig - StartUpReg: WinampAgent - hkey= - key= - C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
MsConfig - State: "startup" - 2
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - 
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.04.02 17:18:19 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.04.02 16:36:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.04.02 16:36:51 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.04.02 16:36:50 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.04.01 21:59:30 | 000,000,000 | ---D | C] -- C:\Users\Klemens\AppData\Roaming\Malwarebytes
[2012.04.01 21:59:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.04.01 18:20:31 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.04.01 18:19:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012.04.01 18:18:39 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012.04.01 17:09:53 | 000,000,000 | ---D | C] -- C:\Program Files\Defraggler
[2012.04.01 15:14:06 | 000,000,000 | R--D | C] -- C:\Sandbox
[2012.04.01 15:12:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie
[2012.04.01 15:12:37 | 000,000,000 | ---D | C] -- C:\Program Files\Sandboxie
[2012.04.01 12:50:36 | 000,000,000 | ---D | C] -- C:\Users\Klemens\AppData\Local\NokiaAccount
[2012.04.01 12:30:31 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.03.09 16:59:49 | 000,000,000 | ---D | C] -- C:\Users\Klemens\AppData\Local\Microsoft Games
[2012.03.09 16:12:41 | 000,000,000 | R--D | C] -- C:\Users\Klemens\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8
 
========== Files - Modified Within 30 Days ==========
 
[2012.04.03 00:54:52 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.04.03 00:54:52 | 000,592,304 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.04.03 00:54:52 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.04.03 00:54:52 | 000,100,378 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.04.03 00:50:01 | 000,207,782 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012.04.03 00:49:50 | 000,207,782 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012.04.03 00:49:48 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.04.03 00:49:32 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.04.03 00:49:31 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.04.03 00:49:30 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.04.03 00:49:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.04.02 20:30:00 | 000,000,448 | ---- | M] () -- C:\Windows\tasks\Packard Bell Customer Registration Reminder - Klemens.job
[2012.04.02 20:27:00 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.04.02 16:36:53 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.04.01 18:25:36 | 000,001,894 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012.04.01 17:09:54 | 000,001,704 | ---- | M] () -- C:\Users\Public\Desktop\Defraggler.lnk
[2012.04.01 16:54:36 | 239,099,432 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.04.01 15:13:20 | 000,002,528 | ---- | M] () -- C:\Windows\Sandboxie.ini
[2012.04.01 15:04:13 | 000,415,400 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.04.01 13:04:15 | 000,021,810 | ---- | M] () -- C:\Users\Klemens\Documents\cc_20120401_130412.reg
[2012.04.01 12:33:37 | 000,033,018 | ---- | M] () -- C:\Users\Klemens\Documents\cc_20120401_123327.reg
[2012.04.01 12:30:32 | 000,000,806 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.04.01 00:55:34 | 000,000,000 | ---- | M] () -- C:\Users\Klemens\defogger_reenable
[2012.03.31 20:29:02 | 000,001,973 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.03.28 19:09:16 | 000,073,256 | ---- | M] () -- C:\Windows\System32\UpdateList.dat
 
========== Files Created - No Company Name ==========
 
[2012.04.02 16:36:53 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.04.01 18:29:37 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.04.01 18:25:36 | 000,001,894 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012.04.01 18:25:36 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012.04.01 17:09:54 | 000,001,704 | ---- | C] () -- C:\Users\Public\Desktop\Defraggler.lnk
[2012.04.01 16:54:36 | 239,099,432 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012.04.01 13:04:14 | 000,021,810 | ---- | C] () -- C:\Users\Klemens\Documents\cc_20120401_130412.reg
[2012.04.01 12:33:31 | 000,033,018 | ---- | C] () -- C:\Users\Klemens\Documents\cc_20120401_123327.reg
[2012.04.01 12:30:32 | 000,000,806 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.04.01 00:55:34 | 000,000,000 | ---- | C] () -- C:\Users\Klemens\defogger_reenable
[2012.03.28 19:09:16 | 000,073,256 | ---- | C] () -- C:\Windows\System32\UpdateList.dat
[2011.05.07 18:22:21 | 000,017,408 | ---- | C] () -- C:\Users\Klemens\AppData\Local\WebpageIcons.db
[2011.05.05 20:09:56 | 000,000,680 | ---- | C] () -- C:\Users\Klemens\AppData\Local\d3d9caps.dat
[2011.03.23 21:49:28 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011.03.23 21:49:28 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011.03.20 23:04:19 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.03.19 19:17:59 | 000,002,528 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2011.03.19 01:29:17 | 000,004,184 | ---- | C] () -- C:\Windows\System32\drivers\CDConfig.bin
[2011.03.18 17:00:09 | 000,207,782 | ---- | C] () -- C:\ProgramData\nvModes.001
[2011.03.18 16:57:36 | 000,207,782 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010.09.27 12:03:08 | 000,201,512 | ---- | C] () -- C:\Windows\System32\vpnapi.dll
 
========== LOP Check ==========
 
[2012.04.01 12:32:51 | 000,000,000 | ---D | M] -- C:\Users\Klemens\AppData\Roaming\DAEMON Tools Lite
[2011.03.29 21:57:51 | 000,000,000 | ---D | M] -- C:\Users\Klemens\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.08.10 14:29:57 | 000,000,000 | ---D | M] -- C:\Users\Klemens\AppData\Roaming\gateProtect
[2011.05.21 06:21:42 | 000,000,000 | ---D | M] -- C:\Users\Klemens\AppData\Roaming\Leadertech
[2011.09.25 12:54:13 | 000,000,000 | ---D | M] -- C:\Users\Klemens\AppData\Roaming\Nokia
[2011.03.19 19:08:38 | 000,000,000 | ---D | M] -- C:\Users\Klemens\AppData\Roaming\Opera
[2011.08.03 09:38:57 | 000,000,000 | ---D | M] -- C:\Users\Klemens\AppData\Roaming\PC Suite
[2011.11.14 11:44:20 | 000,000,000 | ---D | M] -- C:\Users\Klemens\AppData\Roaming\Swiss Academic Software
[2012.04.01 15:06:56 | 000,000,000 | ---D | M] -- C:\Users\Standardbenutzer\AppData\Roaming\Dropbox
[2011.09.12 19:33:01 | 000,000,000 | ---D | M] -- C:\Users\Standardbenutzer\AppData\Roaming\DVDVideoSoft
[2011.10.29 18:12:02 | 000,000,000 | ---D | M] -- C:\Users\Standardbenutzer\AppData\Roaming\InfraRecorder
[2011.09.26 12:35:11 | 000,000,000 | ---D | M] -- C:\Users\Standardbenutzer\AppData\Roaming\Nokia
[2011.03.19 19:47:08 | 000,000,000 | ---D | M] -- C:\Users\Standardbenutzer\AppData\Roaming\Opera
[2011.07.02 14:11:19 | 000,000,000 | ---D | M] -- C:\Users\Standardbenutzer\AppData\Roaming\PC Suite
[2012.04.01 17:44:08 | 000,000,000 | ---D | M] -- C:\Users\Standardbenutzer\AppData\Roaming\QuickScan
[2011.11.13 15:30:52 | 000,000,000 | ---D | M] -- C:\Users\Standardbenutzer\AppData\Roaming\Swiss Academic Software
[2011.04.09 14:25:43 | 000,000,000 | ---D | M] -- C:\Users\Standardbenutzer\AppData\Roaming\Template
[2012.04.02 20:30:00 | 000,000,448 | ---- | M] () -- C:\Windows\Tasks\Packard Bell Customer Registration Reminder - Klemens.job
[2012.04.02 20:34:36 | 000,032,510 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.04.01 13:36:38 | 000,000,000 | ---D | M] -- C:\Users\Klemens\AppData\Roaming\Adobe
[2011.03.19 18:57:31 | 000,000,000 | ---D | M] -- C:\Users\Klemens\AppData\Roaming\Avira
[2012.04.01 12:32:51 | 000,000,000 | ---D | M] -- C:\Users\Klemens\AppData\Roaming\DAEMON Tools Lite
[2011.03.29 21:57:51 | 000,000,000 | ---D | M] -- C:\Users\Klemens\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.08.10 14:29:57 | 000,000,000 | ---D | M] -- C:\Users\Klemens\AppData\Roaming\gateProtect
[2011.03.18 16:59:54 | 000,000,000 | ---D | M] -- C:\Users\Klemens\AppData\Roaming\Identities
[2011.03.18 17:04:33 | 000,000,000 | ---D | M] -- C:\Users\Klemens\AppData\Roaming\InstallShield
[2011.05.21 06:21:42 | 000,000,000 | ---D | M] -- C:\Users\Klemens\AppData\Roaming\Leadertech
[2011.03.18 17:07:15 | 000,000,000 | ---D | M] -- C:\Users\Klemens\AppData\Roaming\Macromedia
[2012.04.01 21:59:30 | 000,000,000 | ---D | M] -- C:\Users\Klemens\AppData\Roaming\Malwarebytes
[2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\Klemens\AppData\Roaming\Media Center Programs
[2012.01.21 18:44:55 | 000,000,000 | --SD | M] -- C:\Users\Klemens\AppData\Roaming\Microsoft
[2011.05.21 05:45:11 | 000,000,000 | ---D | M] -- C:\Users\Klemens\AppData\Roaming\Nero
[2011.09.25 12:54:13 | 000,000,000 | ---D | M] -- C:\Users\Klemens\AppData\Roaming\Nokia
[2011.03.19 19:08:38 | 000,000,000 | ---D | M] -- C:\Users\Klemens\AppData\Roaming\Opera
[2011.08.03 09:38:57 | 000,000,000 | ---D | M] -- C:\Users\Klemens\AppData\Roaming\PC Suite
[2011.12.10 21:03:45 | 000,000,000 | ---D | M] -- C:\Users\Klemens\AppData\Roaming\Skype
[2011.05.21 17:49:53 | 000,000,000 | ---D | M] -- C:\Users\Klemens\AppData\Roaming\skypePM
[2011.11.14 11:44:20 | 000,000,000 | ---D | M] -- C:\Users\Klemens\AppData\Roaming\Swiss Academic Software
[2012.04.01 12:32:51 | 000,000,000 | ---D | M] -- C:\Users\Klemens\AppData\Roaming\Winamp
[2011.05.28 16:27:36 | 000,000,000 | ---D | M] -- C:\Users\Klemens\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2008.03.12 08:38:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_4c9c5a00\atapi.sys
[2008.03.12 08:38:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_dd1bb97e219e87cb\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008.03.12 08:24:20 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=96DC4E1A9F90CCD489950A8935425C59 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_dda556493abc2795\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2009.02.12 18:26:18 | 000,407,576 | ---- | M] (Intel Corporation) MD5=1ADAA4F16073FD0C7270F451FD024E97 -- C:\Acer\Preload\Autorun\DRV\AHCI\X64\IaStor.sys
[2009.02.12 18:11:50 | 000,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\Acer\Preload\Autorun\DRV\AHCI\X86\IaStor.sys
[2009.02.12 18:11:50 | 000,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\Windows\System32\drivers\iaStor.sys
[2009.02.12 18:11:50 | 000,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_ea118ff5\iaStor.sys
[2009.02.12 18:11:50 | 000,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_c491546e\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2008.01.21 05:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 05:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 05:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
<           >

< End of report >

--- --- ---

Extrax.Txt

OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 03.04.2012 00:54:56 - Run 1
OTL by OldTimer - Version 3.2.39.2     Folder = C:\Users\Standardbenutzer\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 2,02 Gb Available Physical Memory | 67,60% Memory free
14,62 Gb Paging File | 13,71 Gb Available in Paging File | 93,80% Paging File free
Paging file location(s): c:\pagefile.sys 12000 12000 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 151,49 Gb Total Space | 65,79 Gb Free Space | 43,43% Space Free | Partition Type: NTFS
Drive D: | 136,83 Gb Total Space | 93,25 Gb Free Space | 68,15% Space Free | Partition Type: NTFS
 
Computer Name: KLEMENS-PC | User Name: Klemens | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{26F417C7-69DE-48B4-B6E9-5B8E4196844E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{43CCC414-C02C-4006-82B8-9A8C07B0F01D}" = lport=2869 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05532053-EDE5-4292-9F7A-F7AADC367AA8}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | 
"{05D2D758-90AF-4236-A1A2-4451910E2889}" = protocol=17 | dir=in | app=e:\alicecd.exe | 
"{10BCFA9A-6220-4081-A393-3195C745D431}" = protocol=6 | dir=in | app=c:\program files\shotonline\shotonline.exe | 
"{122212C3-994B-416A-B1E8-B90BCE223B2C}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 
"{15867312-0A5A-494F-9A28-ACF6BA728D95}" = protocol=6 | dir=in | app=e:\alicecd.exe | 
"{1896A5B3-F20E-44E6-84D1-62709AF00B7B}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{1A42B123-8DD7-48DB-92BE-7A88BCE41C47}" = protocol=17 | dir=in | app=c:\program files\shotonline\shotonline.exe | 
"{28B62C50-5792-423E-9165-C10C0FDEAFF7}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{4A73B785-2D91-4F8C-89BC-873FD262BE07}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{52C944B5-4137-44D0-B634-E13EE7C5B41D}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{53F70F89-9422-4389-AC6B-6D93C2B90E71}" = protocol=6 | dir=in | app=c:\users\standardbenutzer\appdata\roaming\dropbox\bin\dropbox.exe | 
"{6D727FB3-240A-4831-A7D0-873ED5EECB8B}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | 
"{7D098023-5758-452B-B354-DB40DC6060D8}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{7E5DB964-FDF2-40E9-9EF4-E0436966EBF5}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{9656A844-F6B1-495E-9B68-3D21B79998BA}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{AD1AF50F-64E7-4CA7-8BE4-DD01F37FFC9A}" = protocol=17 | dir=in | app=c:\users\standardbenutzer\appdata\roaming\dropbox\bin\dropbox.exe | 
"{AD76AFAB-EE44-4C78-9316-76560D905341}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{ADCE2F88-56D8-4F2F-AC0D-05AF1DFF5C2A}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{D9F8AD7B-EFA8-499B-9111-7CF806F376CD}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E08AEE87-21F4-4428-ADDE-14A5D8052FC4}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{FC2E7430-0A1E-4705-B83C-AA0AAC4175C9}" = dir=in | app=c:\program files\cyberlink\powerdvd8\powerdvd8.exe | 
"TCP Query User{40592B21-1F3A-47B4-BFE6-595AA15CD42D}C:\program files\trillian\trillian.exe" = protocol=6 | dir=in | app=c:\program files\trillian\trillian.exe | 
"TCP Query User{4AE8CB09-DAB7-4854-A48D-2A2F327A9EA3}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe | 
"TCP Query User{6668E8C0-A5A8-4357-A73F-4F8E4DCBE2D6}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | 
"TCP Query User{BB44C4D7-8D12-4C39-9D2C-D84A77F28ECA}C:\users\standardbenutzer\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\standardbenutzer\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{F08A9F71-765B-4C55-8BBB-A5F8EB299F61}C:\program files\trillian\trillian.exe" = protocol=6 | dir=in | app=c:\program files\trillian\trillian.exe | 
"TCP Query User{F93E9518-5B0D-495E-97C8-5C759C963752}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe | 
"UDP Query User{24DA48D3-021B-4D4B-9068-BA8C9A5AA3CE}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe | 
"UDP Query User{3FDC6875-D75D-489B-9252-8707D6A4C4C1}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | 
"UDP Query User{5A9EEBCB-B132-4291-8156-54DC382EB9BD}C:\users\standardbenutzer\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\standardbenutzer\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{5CBFC8D6-49C7-44C8-9B0A-AA5CA8019102}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe | 
"UDP Query User{662A1BE7-6D06-43F4-BDE9-1AE5354779C3}C:\program files\trillian\trillian.exe" = protocol=17 | dir=in | app=c:\program files\trillian\trillian.exe | 
"UDP Query User{6A7B28D7-2635-4DA7-BD6E-38A5DCD1FB6A}C:\program files\trillian\trillian.exe" = protocol=17 | dir=in | app=c:\program files\trillian\trillian.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{1CE60928-8325-49A8-8B06-633E48DD2B67}" = Cisco Systems VPN Client 5.0.07.0410
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Packard Bell PowerSave Solution
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{5C1BF3AC-B19D-4C26-B0A0-90833A521031}" = Nero 8 Essentials
"{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B96DADA-1A27-4A04-8CB2-CC45168D05FA}" = Windows Live Fotogalerie
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{709817E4-5439-4206-8738-796B34B623BD}" = MetaBoli
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}" = Norton Internet Security
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Packard Bell Recovery Management
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{835686C5-8650-49EB-8CA0-4528B4035495}" = Windows Live Call
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{8C1E2925-14F8-45AA-B999-1E2A74BF5607}" = Windows Live Sync
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AF0B106-56F1-461B-A270-95BC1682E282}" = Broadcom Gigabit NetLink Controller
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Video Web Camera
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.2) - Deutsch
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{C373F7C4-05D2-4047-96D1-6AF30661C6AA}" = PC Connectivity Solution
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DF5F687F-8018-4542-9F98-7084E9022917}" = Windows Live Essentials
"{E12C6653-1FF0-4686-ADB8-589C13AE761F}" = Citavi
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"CNXT_AUDIO_HDA" = Conexant HD Audio
"Defraggler" = Defraggler
"ESET Online Scanner" = ESET Online Scanner v3
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.9.908
"gateProtect VPN Client 3.0" = gateProtect VPN Client 3.0
"Google Chrome" = Google Chrome
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Identity Card" = Identity Card
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Packard Bell MyBackup
"Kyocera Product Library" = Kyocera Product Library
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Drivers" = NVIDIA Drivers
"Opera 11.62.1347" = Opera 11.62
"PackardBell Screensaver" = PackardBell ScreenSaver
"Phoenix Service Software 2009.20.010.39068_is1" = Phoenix Service Software 2009.20.010.39068
"Sandboxie" = Sandboxie 3.66 (32-bit)
"SetupMyPC" = SetupMyPC
"ShotOnline" = ShotOnline
"ShotOnline GER" = ShotOnline - remove only
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Trillian" = Trillian
"Uninstall_is1" = Uninstall 1.0.0.1
"Updator" = Updator
"VLC media player" = VLC media player 1.1.10
"Winamp" = Winamp
"WinCDEmu" = WinCDEmu
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.00 (32-bit)
"Zattoo4" = Zattoo4 4.0.5
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1129854550-330154470-1764584127-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1129854550-330154470-1764584127-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"R for Windows 2.13.1_is1" = R for Windows 2.13.1
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 26.03.2012 13:09:28 | Computer Name = Klemens-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksCal.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 26.03.2012 13:09:28 | Computer Name = Klemens-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksss.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 26.03.2012 13:09:28 | Computer Name = Klemens-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksWP.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 26.03.2012 13:10:35 | Computer Name = Klemens-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 27.03.2012 00:33:52 | Computer Name = Klemens-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksdb.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 27.03.2012 00:33:52 | Computer Name = Klemens-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksCal.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 27.03.2012 00:33:52 | Computer Name = Klemens-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksss.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 27.03.2012 00:33:52 | Computer Name = Klemens-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksWP.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 27.03.2012 00:34:42 | Computer Name = Klemens-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 27.03.2012 06:54:54 | Computer Name = Klemens-PC | Source = WinMgmt | ID = 10
Description = 
 
[ OSession Events ]
Error - 14.12.2011 14:33:42 | Computer Name = Klemens-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 514
 seconds with 420 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 01.04.2012 15:54:42 | Computer Name = Klemens-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 01.04.2012 15:54:42 | Computer Name = Klemens-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 01.04.2012 15:54:45 | Computer Name = Klemens-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 01.04.2012 16:11:07 | Computer Name = Klemens-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 01.04.2012 16:11:07 | Computer Name = Klemens-PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 01.04.2012 16:11:53 | Computer Name = Klemens-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 02.04.2012 05:43:18 | Computer Name = Klemens-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 02.04.2012 05:43:18 | Computer Name = Klemens-PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 02.04.2012 18:51:07 | Computer Name = Klemens-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 02.04.2012 18:51:07 | Computer Name = Klemens-PC | Source = Service Control Manager | ID = 7026
Description = 
 
 
< End of report >

--- --- ---

Edit: Ich habe nochmal nachgeschaut, wg der ODEON JAF.exe ich glaube, dass hatte ich mal im Zusammenhang mit meinem Handy. Das hatte sich beim Update aufgehängt und dann hab ich es via dead flash wieder neu aufgesetzt. Aber das ist en weilchen her schon und ich kann es auch nicht zu 100% sagen, dass ich das Programm daher habe

Hatte eben beim Hochfahren ein Blue Screen. Nach Neustart geht es jetzt nun wieder.

Der Computer ist nach einem schwerwiegenden Fehler neu gestartet. Der Fehlercode war: 0x00000050 (0x90544000, 0x00000000, 0x82cb3536, 0x00000000). Ein volles Abbild wurde gespeichert in: C:\Windows\MEMORY.DMP.

die DMP Datei kann ich leider nicht öffen, wenn du Sie brauchst kann ich sie aber natürlich noch als zip hochladen

cosinus · 03.04.2012, 15:48

Ist ziemlich unauffällig

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten, Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C

nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

baum89 · 03.04.2012, 16:42

Code:

ATTFilter

  

17:37:32.0082 2804	TDSS rootkit removing tool 2.7.25.0 Apr  3 2012 13:42:32
17:37:32.0331 2804	============================================================
17:37:32.0331 2804	Current date / time: 2012/04/03 17:37:32.0331
17:37:32.0331 2804	SystemInfo:
17:37:32.0331 2804	
17:37:32.0331 2804	OS Version: 6.0.6002 ServicePack: 2.0
17:37:32.0331 2804	Product type: Workstation
17:37:32.0331 2804	ComputerName: KLEMENS-PC
17:37:32.0331 2804	UserName: Klemens
17:37:32.0331 2804	Windows directory: C:\Windows
17:37:32.0331 2804	System windows directory: C:\Windows
17:37:32.0331 2804	Processor architecture: Intel x86
17:37:32.0331 2804	Number of processors: 2
17:37:32.0331 2804	Page size: 0x1000
17:37:32.0331 2804	Boot type: Normal boot
17:37:32.0331 2804	============================================================
17:37:32.0909 2804	Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
17:37:32.0909 2804	\Device\Harddisk0\DR0:
17:37:32.0924 2804	MBR used
17:37:32.0924 2804	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1388800, BlocksNum 0x12EFBFE0
17:37:32.0924 2804	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14284800, BlocksNum 0x111A9000
17:37:33.0018 2804	Initialize success
17:37:33.0018 2804	============================================================
17:37:53.0380 3916	============================================================
17:37:53.0380 3916	Scan started
17:37:53.0380 3916	Mode: Manual; SigCheck; TDLFS; 
17:37:53.0380 3916	============================================================
17:37:53.0926 3916	ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
17:37:54.0098 3916	ACPI - ok
17:37:54.0222 3916	AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
17:37:54.0238 3916	AdobeARMservice - ok
17:37:54.0394 3916	AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
17:37:54.0425 3916	AdobeFlashPlayerUpdateSvc - ok
17:37:54.0612 3916	adp94xx         (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
17:37:54.0675 3916	adp94xx - ok
17:37:54.0753 3916	adpahci         (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
17:37:54.0800 3916	adpahci - ok
17:37:54.0831 3916	adpu160m        (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
17:37:54.0846 3916	adpu160m - ok
17:37:54.0878 3916	adpu320         (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
17:37:54.0909 3916	adpu320 - ok
17:37:55.0018 3916	AeLookupSvc     (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
17:37:55.0255 3916	AeLookupSvc - ok
17:37:55.0415 3916	AFD             (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
17:37:55.0500 3916	AFD - ok
17:37:55.0685 3916	agp440          (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
17:37:55.0715 3916	agp440 - ok
17:37:56.0000 3916	aic78xx         (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
17:37:56.0025 3916	aic78xx - ok
17:37:56.0135 3916	ALG             (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
17:37:56.0277 3916	ALG - ok
17:37:56.0464 3916	aliide          (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
17:37:56.0495 3916	aliide - ok
17:37:56.0620 3916	amdagp          (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
17:37:56.0667 3916	amdagp - ok
17:37:56.0807 3916	amdide          (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
17:37:56.0823 3916	amdide - ok
17:37:56.0932 3916	AmdK7           (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
17:37:56.0995 3916	AmdK7 - ok
17:37:57.0119 3916	AmdK8           (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
17:37:57.0197 3916	AmdK8 - ok
17:37:57.0353 3916	AntiVirSchedulerService (c27d46b06d340293670450fce9dfb166) C:\Program Files\Avira\AntiVir Desktop\sched.exe
17:37:57.0369 3916	AntiVirSchedulerService - ok
17:37:57.0385 3916	AntiVirService  (72d90e56563165984224493069c69ed4) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
17:37:57.0400 3916	AntiVirService - ok
17:37:57.0525 3916	Appinfo         (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
17:37:57.0619 3916	Appinfo - ok
17:37:57.0759 3916	arc             (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
17:37:57.0775 3916	arc - ok
17:37:57.0884 3916	arcsas          (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
17:37:57.0915 3916	arcsas - ok
17:37:57.0946 3916	AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
17:37:58.0009 3916	AsyncMac - ok
17:37:58.0071 3916	atapi           (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
17:37:58.0087 3916	atapi - ok
17:37:58.0133 3916	AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
17:37:58.0196 3916	AudioEndpointBuilder - ok
17:37:58.0196 3916	Audiosrv        (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
17:37:58.0221 3916	Audiosrv - ok
17:37:58.0476 3916	avgntflt        (1e4114685de1ffa9675e09c6a1fb3f4b) C:\Windows\system32\DRIVERS\avgntflt.sys
17:37:58.0551 3916	avgntflt - ok
17:37:58.0651 3916	avipbb          (0f78d3dae6dedd99ae54c9491c62adf2) C:\Windows\system32\DRIVERS\avipbb.sys
17:37:58.0666 3916	avipbb - ok
17:37:58.0736 3916	b57nd60x        (502f1c30bd50b32d00ce4dcaecc3d3c7) C:\Windows\system32\DRIVERS\b57nd60x.sys
17:37:58.0796 3916	b57nd60x - ok
17:37:58.0976 3916	BazisVirtualCDBus (57aa10dd50410211c93ddc84ad55f7b3) C:\Windows\system32\DRIVERS\BazisVirtualCDBus.sys
17:37:59.0011 3916	BazisVirtualCDBus - ok
17:37:59.0136 3916	Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
17:37:59.0198 3916	Beep - ok
17:37:59.0292 3916	BFE             (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
17:37:59.0401 3916	BFE - ok
17:37:59.0619 3916	BITS            (93952506c6d67330367f7e7934b6a02f) C:\Windows\System32\qmgr.dll
17:37:59.0760 3916	BITS - ok
17:37:59.0978 3916	blbdrive        (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
17:38:00.0040 3916	blbdrive - ok
17:38:00.0165 3916	bowser          (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
17:38:00.0228 3916	bowser - ok
17:38:00.0368 3916	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
17:38:00.0399 3916	BrFiltLo - ok
17:38:00.0524 3916	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
17:38:00.0586 3916	BrFiltUp - ok
17:38:00.0696 3916	Browser         (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
17:38:00.0774 3916	Browser - ok
17:38:00.0867 3916	Brserid         (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
17:38:01.0054 3916	Brserid - ok
17:38:01.0164 3916	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
17:38:01.0236 3916	BrSerWdm - ok
17:38:01.0301 3916	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
17:38:01.0391 3916	BrUsbMdm - ok
17:38:01.0546 3916	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
17:38:01.0636 3916	BrUsbSer - ok
17:38:01.0731 3916	BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
17:38:01.0831 3916	BTHMODEM - ok
17:38:01.0936 3916	cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
17:38:01.0986 3916	cdfs - ok
17:38:02.0166 3916	cdrom           (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
17:38:02.0213 3916	cdrom - ok
17:38:02.0307 3916	CertPropSvc     (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
17:38:02.0369 3916	CertPropSvc - ok
17:38:02.0400 3916	circlass        (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
17:38:02.0478 3916	circlass - ok
17:38:02.0619 3916	CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
17:38:02.0650 3916	CLFS - ok
17:38:02.0759 3916	clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:38:02.0790 3916	clr_optimization_v2.0.50727_32 - ok
17:38:02.0931 3916	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:38:02.0978 3916	clr_optimization_v4.0.30319_32 - ok
17:38:03.0056 3916	CmBatt          (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
17:38:03.0118 3916	CmBatt - ok
17:38:03.0134 3916	cmdide          (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
17:38:03.0165 3916	cmdide - ok
17:38:03.0305 3916	CnxtHdAudService (01b80273c019f0f25f27fa2e80a85578) C:\Windows\system32\drivers\CHDRT32.sys
17:38:03.0399 3916	CnxtHdAudService - ok
17:38:03.0524 3916	Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
17:38:03.0555 3916	Compbatt - ok
17:38:03.0602 3916	COMSysApp - ok
17:38:03.0742 3916	crcdisk         (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
17:38:03.0773 3916	crcdisk - ok
17:38:03.0820 3916	Crusoe          (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
17:38:03.0867 3916	Crusoe - ok
17:38:03.0945 3916	CryptSvc        (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll
17:38:03.0992 3916	CryptSvc - ok
17:38:04.0054 3916	CVirtA          (b5ecadf7708960f1818c7fa015f4c239) C:\Windows\system32\DRIVERS\CVirtA.sys
17:38:04.0101 3916	CVirtA - ok
17:38:04.0266 3916	CVPND           (30443eef52f5fb043654859eaa8e5247) C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
17:38:04.0391 3916	CVPND - ok
17:38:04.0531 3916	CVPNDRVA        (cb90b2762b1a1d0b40496400c55b6ade) C:\Windows\system32\Drivers\CVPNDRVA.sys
17:38:04.0596 3916	CVPNDRVA ( UnsignedFile.Multi.Generic ) - warning
17:38:04.0596 3916	CVPNDRVA - detected UnsignedFile.Multi.Generic (1)
17:38:04.0671 3916	DcomLaunch      (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
17:38:04.0776 3916	DcomLaunch - ok
17:38:04.0961 3916	DfsC            (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
17:38:05.0016 3916	DfsC - ok
17:38:05.0245 3916	DFSR            (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
17:38:05.0432 3916	DFSR - ok
17:38:05.0572 3916	Dhcp            (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
17:38:05.0619 3916	Dhcp - ok
17:38:05.0713 3916	disk            (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
17:38:05.0744 3916	disk - ok
17:38:05.0775 3916	DKbFltr         (73baf270d24fe726b9cd7f80bb17a23d) C:\Windows\system32\DRIVERS\DKbFltr.sys
17:38:05.0791 3916	DKbFltr - ok
17:38:05.0884 3916	DNE             (b5aa5aa5ac327bd7c1aec0c58f0c1144) C:\Windows\system32\DRIVERS\dne2000.sys
17:38:05.0915 3916	DNE - ok
17:38:06.0025 3916	Dnscache        (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
17:38:06.0071 3916	Dnscache - ok
17:38:06.0149 3916	dot3svc         (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
17:38:06.0212 3916	dot3svc - ok
17:38:06.0243 3916	DPS             (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
17:38:06.0290 3916	DPS - ok
17:38:06.0446 3916	drmkaud         (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
17:38:06.0524 3916	drmkaud - ok
17:38:06.0586 3916	DXGKrnl         (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
17:38:06.0633 3916	DXGKrnl - ok
17:38:06.0758 3916	E1G60           (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
17:38:06.0820 3916	E1G60 - ok
17:38:06.0867 3916	EapHost         (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
17:38:06.0898 3916	EapHost - ok
17:38:06.0992 3916	Ecache          (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
17:38:07.0023 3916	Ecache - ok
17:38:07.0085 3916	ehRecvr         (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
17:38:07.0148 3916	ehRecvr - ok
17:38:07.0163 3916	ehSched         (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
17:38:07.0241 3916	ehSched - ok
17:38:07.0281 3916	ehstart         (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
17:38:07.0311 3916	ehstart - ok
17:38:07.0431 3916	elxstor         (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
17:38:07.0486 3916	elxstor - ok
17:38:07.0641 3916	EMDMgmt         (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
17:38:07.0721 3916	EMDMgmt - ok
17:38:07.0891 3916	ePowerSvc       (2072cbe938dd355c4a52e9a4dcf5439f) C:\Program Files\Packard Bell\Packard Bell PowerSave Solution\ePowerSvc.exe
17:38:07.0991 3916	ePowerSvc - ok
17:38:08.0104 3916	ErrDev          (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
17:38:08.0167 3916	ErrDev - ok
17:38:08.0229 3916	EventSystem     (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
17:38:08.0276 3916	EventSystem - ok
17:38:08.0370 3916	exfat           (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
17:38:08.0432 3916	exfat - ok
17:38:08.0479 3916	fastfat         (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
17:38:08.0526 3916	fastfat - ok
17:38:08.0619 3916	fdc             (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
17:38:08.0666 3916	fdc - ok
17:38:08.0713 3916	fdPHost         (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
17:38:08.0744 3916	fdPHost - ok
17:38:08.0900 3916	FDResPub        (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
17:38:08.0994 3916	FDResPub - ok
17:38:09.0087 3916	FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
17:38:09.0103 3916	FileInfo - ok
17:38:09.0118 3916	Filetrace       (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
17:38:09.0165 3916	Filetrace - ok
17:38:09.0274 3916	FLEXnet Licensing Service (227846995afeefa70d328bf5334a86a5) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
17:38:09.0352 3916	FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning
17:38:09.0352 3916	FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)
17:38:09.0430 3916	flpydisk        (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
17:38:09.0493 3916	flpydisk - ok
17:38:09.0555 3916	FltMgr          (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
17:38:09.0586 3916	FltMgr - ok
17:38:09.0742 3916	FontCache       (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
17:38:09.0883 3916	FontCache - ok
17:38:09.0961 3916	FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
17:38:09.0992 3916	FontCache3.0.0.0 - ok
17:38:10.0101 3916	Fs_Rec          (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
17:38:10.0132 3916	Fs_Rec - ok
17:38:10.0210 3916	gagp30kx        (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
17:38:10.0226 3916	gagp30kx - ok
17:38:10.0267 3916	gpsvc           (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
17:38:10.0387 3916	gpsvc - ok
17:38:10.0532 3916	GPVPNService    (676cc03365c8b1daceb5260ae0fe1e8e) C:\Program Files\gateProtect\VPN Client\bin\Service.exe
17:38:10.0542 3916	GPVPNService ( UnsignedFile.Multi.Generic ) - warning
17:38:10.0542 3916	GPVPNService - detected UnsignedFile.Multi.Generic (1)
17:38:10.0637 3916	gupdate         (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
17:38:10.0652 3916	gupdate - ok
17:38:10.0667 3916	gupdatem        (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
17:38:10.0682 3916	gupdatem - ok
17:38:10.0802 3916	HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
17:38:10.0892 3916	HdAudAddService - ok
17:38:11.0074 3916	HDAudBus        (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
17:38:11.0183 3916	HDAudBus - ok
17:38:11.0292 3916	HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
17:38:11.0386 3916	HidBth - ok
17:38:11.0402 3916	HidIr           (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
17:38:11.0495 3916	HidIr - ok
17:38:11.0589 3916	hidserv         (84067081f3318162797385e11a8f0582) C:\Windows\system32\hidserv.dll
17:38:11.0651 3916	hidserv - ok
17:38:11.0776 3916	HidUsb          (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
17:38:11.0838 3916	HidUsb - ok
17:38:11.0932 3916	hkmsvc          (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
17:38:12.0010 3916	hkmsvc - ok
17:38:12.0041 3916	HpCISSs         (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
17:38:12.0072 3916	HpCISSs - ok
17:38:12.0166 3916	HSFHWAZL        (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
17:38:12.0228 3916	HSFHWAZL - ok
17:38:12.0322 3916	HSF_DPV         (ec36f1d542ed4252390d446bf6d4dfd0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
17:38:12.0447 3916	HSF_DPV - ok
17:38:12.0618 3916	HTTP            (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
17:38:12.0712 3916	HTTP - ok
17:38:12.0806 3916	i2omp           (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
17:38:12.0821 3916	i2omp - ok
17:38:12.0868 3916	i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
17:38:12.0915 3916	i8042prt - ok
17:38:13.0024 3916	iaStor          (71ecc07bc7c5e24c3dd01d8a29a24054) C:\Windows\system32\DRIVERS\iaStor.sys
17:38:13.0071 3916	iaStor - ok
17:38:13.0133 3916	iaStorV         (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
17:38:13.0164 3916	iaStorV - ok
17:38:13.0242 3916	idsvc           (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:38:13.0293 3916	idsvc - ok
17:38:13.0458 3916	iirsp           (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
17:38:13.0483 3916	iirsp - ok
17:38:13.0623 3916	IKEEXT          (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
17:38:13.0753 3916	IKEEXT - ok
17:38:13.0933 3916	intelide        (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
17:38:13.0953 3916	intelide - ok
17:38:14.0018 3916	intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
17:38:14.0090 3916	intelppm - ok
17:38:14.0137 3916	IPBusEnum       (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
17:38:14.0184 3916	IPBusEnum - ok
17:38:14.0293 3916	IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:38:14.0356 3916	IpFilterDriver - ok
17:38:14.0449 3916	iphlpsvc        (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
17:38:14.0527 3916	iphlpsvc - ok
17:38:14.0636 3916	IpInIp - ok
17:38:14.0714 3916	IPMIDRV         (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
17:38:14.0777 3916	IPMIDRV - ok
17:38:14.0855 3916	IPNAT           (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
17:38:14.0917 3916	IPNAT - ok
17:38:15.0120 3916	irda            (e50a95179211b12946f7e035d60af560) C:\Windows\system32\DRIVERS\irda.sys
17:38:15.0167 3916	irda - ok
17:38:15.0260 3916	IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
17:38:15.0307 3916	IRENUM - ok
17:38:15.0338 3916	Irmon           (cbb0d940221a281bcfeaea695bd1cda5) C:\Windows\System32\irmon.dll
17:38:15.0432 3916	Irmon - ok
17:38:15.0518 3916	isapnp          (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
17:38:15.0548 3916	isapnp - ok
17:38:15.0588 3916	iScsiPrt        (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
17:38:15.0613 3916	iScsiPrt - ok
17:38:15.0775 3916	iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
17:38:15.0780 3916	iteatapi - ok
17:38:15.0875 3916	iteraid         (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
17:38:15.0905 3916	iteraid - ok
17:38:16.0015 3916	k57nd60x        (eac21e8014c7e6ee341afffb7e2bbd54) C:\Windows\system32\DRIVERS\k57nd60x.sys
17:38:16.0080 3916	k57nd60x - ok
17:38:16.0205 3916	kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
17:38:16.0225 3916	kbdclass - ok
17:38:16.0295 3916	kbdhid          (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
17:38:16.0335 3916	kbdhid - ok
17:38:16.0360 3916	KeyIso          (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
17:38:16.0420 3916	KeyIso - ok
17:38:16.0530 3916	KSecDD          (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
17:38:16.0600 3916	KSecDD - ok
17:38:16.0725 3916	KtmRm           (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
17:38:16.0815 3916	KtmRm - ok
17:38:16.0920 3916	LanmanServer    (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\system32\srvsvc.dll
17:38:16.0975 3916	LanmanServer - ok
17:38:17.0140 3916	LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
17:38:17.0200 3916	LanmanWorkstation - ok
17:38:17.0315 3916	lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
17:38:17.0355 3916	lltdio - ok
17:38:17.0495 3916	lltdsvc         (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
17:38:17.0555 3916	lltdsvc - ok
17:38:17.0650 3916	lmhosts         (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
17:38:17.0730 3916	lmhosts - ok
17:38:17.0855 3916	LSI_FC          (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
17:38:17.0885 3916	LSI_FC - ok
17:38:17.0920 3916	LSI_SAS         (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
17:38:17.0935 3916	LSI_SAS - ok
17:38:18.0005 3916	LSI_SCSI        (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
17:38:18.0020 3916	LSI_SCSI - ok
17:38:18.0035 3916	luafv           (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
17:38:18.0095 3916	luafv - ok
17:38:18.0185 3916	Mcx2Svc         (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
17:38:18.0235 3916	Mcx2Svc - ok
17:38:18.0330 3916	megasas         (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
17:38:18.0355 3916	megasas - ok
17:38:18.0400 3916	MegaSR          (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
17:38:18.0465 3916	MegaSR - ok
17:38:18.0580 3916	MMCSS           (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
17:38:18.0645 3916	MMCSS - ok
17:38:18.0695 3916	Modem           (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
17:38:18.0750 3916	Modem - ok
17:38:18.0820 3916	monitor         (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
17:38:18.0880 3916	monitor - ok
17:38:18.0935 3916	mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
17:38:18.0960 3916	mouclass - ok
17:38:19.0050 3916	mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
17:38:19.0115 3916	mouhid - ok
17:38:19.0280 3916	MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
17:38:19.0300 3916	MountMgr - ok
17:38:19.0400 3916	mpio            (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
17:38:19.0430 3916	mpio - ok
17:38:19.0455 3916	mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
17:38:19.0515 3916	mpsdrv - ok
17:38:19.0770 3916	MpsSvc          (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
17:38:19.0890 3916	MpsSvc - ok
17:38:20.0061 3916	Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
17:38:20.0077 3916	Mraid35x - ok
17:38:20.0217 3916	MRxDAV          (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
17:38:20.0262 3916	MRxDAV - ok
17:38:20.0377 3916	mrxsmb          (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
17:38:20.0467 3916	mrxsmb - ok
17:38:20.0532 3916	mrxsmb10        (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:38:20.0572 3916	mrxsmb10 - ok
17:38:20.0652 3916	mrxsmb20        (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:38:20.0672 3916	mrxsmb20 - ok
17:38:20.0727 3916	msahci          (f70590424eefbf5c27a40c67afdb8383) C:\Windows\system32\drivers\msahci.sys
17:38:20.0747 3916	msahci - ok
17:38:20.0912 3916	msdsm           (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
17:38:20.0932 3916	msdsm - ok
17:38:21.0087 3916	MSDTC           (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
17:38:21.0152 3916	MSDTC - ok
17:38:21.0312 3916	Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
17:38:21.0417 3916	Msfs - ok
17:38:21.0517 3916	msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
17:38:21.0542 3916	msisadrv - ok
17:38:21.0652 3916	MSiSCSI         (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
17:38:21.0742 3916	MSiSCSI - ok
17:38:21.0812 3916	msiserver - ok
17:38:21.0862 3916	MSKSSRV         (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
17:38:21.0912 3916	MSKSSRV - ok
17:38:22.0042 3916	MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
17:38:22.0117 3916	MSPCLOCK - ok
17:38:22.0182 3916	MSPQM           (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
17:38:22.0262 3916	MSPQM - ok
17:38:22.0312 3916	MsRPC           (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
17:38:22.0332 3916	MsRPC - ok
17:38:22.0402 3916	mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
17:38:22.0417 3916	mssmbios - ok
17:38:22.0462 3916	MSTEE           (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
17:38:22.0502 3916	MSTEE - ok
17:38:22.0697 3916	Mup             (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
17:38:22.0717 3916	Mup - ok
17:38:22.0827 3916	napagent        (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
17:38:22.0892 3916	napagent - ok
17:38:23.0022 3916	NativeWifiP     (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
17:38:23.0047 3916	NativeWifiP - ok
17:38:23.0067 3916	NAVENG - ok
17:38:23.0077 3916	NAVEX15 - ok
17:38:23.0297 3916	NDIS            (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
17:38:23.0347 3916	NDIS - ok
17:38:23.0610 3916	NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
17:38:23.0657 3916	NdisTapi - ok
17:38:23.0844 3916	Ndisuio         (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
17:38:23.0891 3916	Ndisuio - ok
17:38:24.0078 3916	NdisWan         (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
17:38:24.0125 3916	NdisWan - ok
17:38:24.0219 3916	NDProxy         (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
17:38:24.0265 3916	NDProxy - ok
17:38:24.0421 3916	Nero BackItUp Scheduler 3 (40d7d0a208ee863bca8d89e299216f15) C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
17:38:24.0457 3916	Nero BackItUp Scheduler 3 - ok
17:38:24.0577 3916	NetBIOS         (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
17:38:24.0632 3916	NetBIOS - ok
17:38:24.0707 3916	netbt           (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
17:38:24.0772 3916	netbt - ok
17:38:24.0852 3916	Netlogon        (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
17:38:24.0872 3916	Netlogon - ok
17:38:25.0022 3916	Netman          (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
17:38:25.0102 3916	Netman - ok
17:38:25.0247 3916	netprofm        (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
17:38:25.0317 3916	netprofm - ok
17:38:25.0427 3916	NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:38:25.0447 3916	NetTcpPortSharing - ok
17:38:25.0832 3916	NETw5v32        (ae642d069681a826d5f16e4f6ad158f3) C:\Windows\system32\DRIVERS\NETw5v32.sys
17:38:26.0152 3916	NETw5v32 - ok
17:38:26.0352 3916	nfrd960         (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
17:38:26.0377 3916	nfrd960 - ok
17:38:26.0452 3916	NlaSvc          (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
17:38:26.0497 3916	NlaSvc - ok
17:38:26.0592 3916	NMIndexingService (cd4326bc339f98de21aa07b208a305ae) C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
17:38:26.0627 3916	NMIndexingService - ok
17:38:26.0887 3916	Npfs            (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
17:38:26.0932 3916	Npfs - ok
17:38:26.0977 3916	npggsvc - ok
17:38:27.0022 3916	NSCIRDA         (6d8d2e5652fc2442c810c5d8be784148) C:\Windows\system32\DRIVERS\nscirda.sys
17:38:27.0097 3916	NSCIRDA - ok
17:38:27.0117 3916	nsi             (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
17:38:27.0177 3916	nsi - ok
17:38:27.0311 3916	nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
17:38:27.0357 3916	nsiproxy - ok
17:38:27.0435 3916	Ntfs            (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
17:38:27.0498 3916	Ntfs - ok
17:38:27.0560 3916	NTI IScheduleSvc (0f0f75069c8016645dfcae93a190cacf) C:\Program Files\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe
17:38:27.0576 3916	NTI IScheduleSvc - ok
17:38:27.0638 3916	NTIDrvr         (6dcaa65f49ef3b97a5cffc0cb5de1c2f) C:\Windows\system32\drivers\NTIDrvr.sys
17:38:27.0654 3916	NTIDrvr - ok
17:38:27.0685 3916	ntrigdigi       (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
17:38:27.0747 3916	ntrigdigi - ok
17:38:27.0763 3916	Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
17:38:27.0810 3916	Null - ok
17:38:27.0872 3916	NVHDA           (603b0c9bb86f7b3efb88a482c6663ec4) C:\Windows\system32\drivers\nvhda32v.sys
17:38:27.0872 3916	NVHDA - ok
17:38:28.0184 3916	nvlddmkm        (3a3eb304b9bd9f4f6b3b745972f2c1e5) C:\Windows\system32\DRIVERS\nvlddmkm.sys
17:38:28.0742 3916	nvlddmkm - ok
17:38:28.0827 3916	nvraid          (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
17:38:28.0842 3916	nvraid - ok
17:38:28.0852 3916	nvstor          (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
17:38:28.0872 3916	nvstor - ok
17:38:28.0917 3916	nvsvc           (c4efe7a3370351ed15ae728517fe09cb) C:\Windows\system32\nvvsvc.exe
17:38:28.0937 3916	nvsvc - ok
17:38:29.0077 3916	nv_agp          (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
17:38:29.0092 3916	nv_agp - ok
17:38:29.0167 3916	NwlnkFlt - ok
17:38:29.0177 3916	NwlnkFwd - ok
17:38:29.0262 3916	odserv          (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
17:38:29.0292 3916	odserv - ok
17:38:29.0462 3916	ohci1394        (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
17:38:29.0522 3916	ohci1394 - ok
17:38:29.0622 3916	ose             (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:38:29.0642 3916	ose - ok
17:38:29.0747 3916	p2pimsvc        (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
17:38:29.0857 3916	p2pimsvc - ok
17:38:29.0947 3916	p2psvc          (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
17:38:29.0982 3916	p2psvc - ok
17:38:30.0167 3916	Parport         (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
17:38:30.0237 3916	Parport - ok
17:38:30.0382 3916	partmgr         (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
17:38:30.0412 3916	partmgr - ok
17:38:30.0547 3916	Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
17:38:30.0627 3916	Parvdm - ok
17:38:30.0777 3916	PcaSvc          (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
17:38:30.0827 3916	PcaSvc - ok
17:38:30.0967 3916	pccsmcfd        (fd2041e9ba03db7764b2248f02475079) C:\Windows\system32\DRIVERS\pccsmcfd.sys
17:38:31.0022 3916	pccsmcfd - ok
17:38:31.0142 3916	pci             (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
17:38:31.0162 3916	pci - ok
17:38:31.0362 3916	pciide          (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
17:38:31.0392 3916	pciide - ok
17:38:31.0493 3916	pcmcia          (b7c5a8769541900f6dfa6fe0c5e4d513) C:\Windows\system32\DRIVERS\pcmcia.sys
17:38:31.0509 3916	pcmcia - ok
17:38:31.0571 3916	PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
17:38:31.0759 3916	PEAUTH - ok
17:38:31.0935 3916	pla             (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
17:38:32.0070 3916	pla - ok
17:38:32.0300 3916	PLFlash DeviceIoControl Service (875e4e0661f3a5994df9e5e3a0a4f96b) C:\Windows\system32\IoctlSvc.exe
17:38:32.0320 3916	PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - warning
17:38:32.0320 3916	PLFlash DeviceIoControl Service - detected UnsignedFile.Multi.Generic (1)
17:38:32.0510 3916	PlugPlay        (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
17:38:32.0565 3916	PlugPlay - ok
17:38:32.0780 3916	PNRPAutoReg     (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
17:38:32.0845 3916	PNRPAutoReg - ok
17:38:32.0950 3916	PNRPsvc         (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
17:38:33.0010 3916	PNRPsvc - ok
17:38:33.0320 3916	PolicyAgent     (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
17:38:33.0450 3916	PolicyAgent - ok
17:38:33.0750 3916	PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
17:38:33.0805 3916	PptpMiniport - ok
17:38:33.0900 3916	Processor       (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
17:38:33.0940 3916	Processor - ok
17:38:33.0990 3916	ProfSvc         (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
17:38:34.0045 3916	ProfSvc - ok
17:38:34.0320 3916	ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
17:38:34.0340 3916	ProtectedStorage - ok
17:38:34.0425 3916	PSched          (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
17:38:34.0465 3916	PSched - ok
17:38:34.0495 3916	PxHelp20        (e42e3433dbb4cffe8fdd91eab29aea8e) C:\Windows\system32\Drivers\PxHelp20.sys
17:38:34.0505 3916	PxHelp20 - ok
17:38:34.0635 3916	ql2300          (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
17:38:34.0785 3916	ql2300 - ok
17:38:35.0015 3916	ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
17:38:35.0066 3916	ql40xx - ok
17:38:35.0269 3916	QWAVE           (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
17:38:35.0362 3916	QWAVE - ok
17:38:35.0752 3916	QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
17:38:35.0784 3916	QWAVEdrv - ok
17:38:35.0859 3916	RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
17:38:35.0914 3916	RasAcd - ok
17:38:35.0944 3916	RasAuto         (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
17:38:35.0994 3916	RasAuto - ok
17:38:36.0089 3916	Rasl2tp         (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
17:38:36.0144 3916	Rasl2tp - ok
17:38:36.0214 3916	RasMan          (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
17:38:36.0259 3916	RasMan - ok
17:38:36.0319 3916	RasPppoe        (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
17:38:36.0349 3916	RasPppoe - ok
17:38:36.0384 3916	RasSstp         (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
17:38:36.0409 3916	RasSstp - ok
17:38:36.0439 3916	rdbss           (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
17:38:36.0479 3916	rdbss - ok
17:38:36.0539 3916	RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
17:38:36.0589 3916	RDPCDD - ok
17:38:36.0619 3916	rdpdr           (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
17:38:36.0664 3916	rdpdr - ok
17:38:36.0739 3916	RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
17:38:36.0789 3916	RDPENCDD - ok
17:38:36.0834 3916	RDPWD           (79c6df8477250f5c54f7c5ae1d6b814e) C:\Windows\system32\drivers\RDPWD.sys
17:38:36.0894 3916	RDPWD - ok
17:38:36.0979 3916	RemoteAccess    (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
17:38:37.0024 3916	RemoteAccess - ok
17:38:37.0079 3916	RemoteRegistry  (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
17:38:37.0109 3916	RemoteRegistry - ok
17:38:37.0169 3916	RpcLocator      (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
17:38:37.0204 3916	RpcLocator - ok
17:38:37.0289 3916	RpcSs           (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
17:38:37.0334 3916	RpcSs - ok
17:38:37.0399 3916	rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
17:38:37.0449 3916	rspndr - ok
17:38:37.0489 3916	RTSTOR          (d97d8259293b7a82cb891f37f997df3f) C:\Windows\system32\drivers\RTSTOR.SYS
17:38:37.0524 3916	RTSTOR - ok
17:38:37.0584 3916	SamSs           (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
17:38:37.0609 3916	SamSs - ok
17:38:37.0664 3916	SbieDrv         (06f16ace5a2a70d8c63752cbb4c6a49d) C:\Program Files\Sandboxie\SbieDrv.sys
17:38:37.0689 3916	SbieDrv - ok
17:38:37.0714 3916	SbieSvc         (569655df98d880680d2904940c94d16c) C:\Program Files\Sandboxie\SbieSvc.exe
17:38:37.0729 3916	SbieSvc - ok
17:38:37.0814 3916	sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
17:38:37.0834 3916	sbp2port - ok
17:38:37.0864 3916	SCardSvr        (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
17:38:37.0899 3916	SCardSvr - ok
17:38:37.0999 3916	Schedule        (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
17:38:38.0099 3916	Schedule - ok
17:38:38.0199 3916	SCPolicySvc     (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
17:38:38.0234 3916	SCPolicySvc - ok
17:38:38.0264 3916	sdbus           (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
17:38:38.0304 3916	sdbus - ok
17:38:38.0354 3916	SDRSVC          (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
17:38:38.0419 3916	SDRSVC - ok
17:38:38.0504 3916	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
17:38:38.0594 3916	secdrv - ok
17:38:38.0634 3916	seclogon        (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
17:38:38.0684 3916	seclogon - ok
17:38:38.0810 3916	SENS            (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll
17:38:38.0873 3916	SENS - ok
17:38:39.0013 3916	Serenum         (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
17:38:39.0074 3916	Serenum - ok
17:38:39.0264 3916	Serial          (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
17:38:39.0373 3916	Serial - ok
17:38:39.0639 3916	sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
17:38:39.0685 3916	sermouse - ok
17:38:39.0763 3916	ServiceLayer    (8c1f87f5fdd92229d1754b98f073913f) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
17:38:39.0795 3916	ServiceLayer ( UnsignedFile.Multi.Generic ) - warning
17:38:39.0795 3916	ServiceLayer - detected UnsignedFile.Multi.Generic (1)
17:38:39.0951 3916	SessionEnv      (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
17:38:39.0997 3916	SessionEnv - ok
17:38:40.0169 3916	sffdisk         (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
17:38:40.0200 3916	sffdisk - ok
17:38:40.0319 3916	sffp_mmc        (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
17:38:40.0379 3916	sffp_mmc - ok
17:38:40.0501 3916	sffp_sd         (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
17:38:40.0547 3916	sffp_sd - ok
17:38:40.0735 3916	sfloppy         (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
17:38:40.0818 3916	sfloppy - ok
17:38:40.0938 3916	SharedAccess    (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
17:38:41.0013 3916	SharedAccess - ok
17:38:41.0214 3916	ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
17:38:41.0261 3916	ShellHWDetection - ok
17:38:41.0355 3916	sisagp          (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
17:38:41.0386 3916	sisagp - ok
17:38:41.0386 3916	SiSRaid2        (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
17:38:41.0417 3916	SiSRaid2 - ok
17:38:41.0417 3916	SiSRaid4        (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
17:38:41.0433 3916	SiSRaid4 - ok
17:38:41.0604 3916	slsvc           (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
17:38:41.0869 3916	slsvc - ok
17:38:41.0963 3916	SLUINotify      (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
17:38:42.0009 3916	SLUINotify - ok
17:38:42.0087 3916	Smb             (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
17:38:42.0150 3916	Smb - ok
17:38:42.0259 3916	SNMPTRAP        (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
17:38:42.0275 3916	SNMPTRAP - ok
17:38:42.0384 3916	spldr           (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
17:38:42.0415 3916	spldr - ok
17:38:42.0509 3916	Spooler         (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
17:38:42.0555 3916	Spooler - ok
17:38:42.0633 3916	SRTSP - ok
17:38:42.0665 3916	SRTSPX - ok
17:38:42.0821 3916	srv             (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
17:38:42.0867 3916	srv - ok
17:38:42.0961 3916	srv2            (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
17:38:43.0008 3916	srv2 - ok
17:38:43.0023 3916	srvnet          (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
17:38:43.0055 3916	srvnet - ok
17:38:43.0133 3916	SSDPSRV         (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
17:38:43.0195 3916	SSDPSRV - ok
17:38:43.0289 3916	ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
17:38:43.0304 3916	ssmdrv - ok
17:38:43.0340 3916	SstpSvc         (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
17:38:43.0360 3916	SstpSvc - ok
17:38:43.0518 3916	stisvc          (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
17:38:43.0580 3916	stisvc - ok
17:38:43.0658 3916	swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
17:38:43.0674 3916	swenum - ok
17:38:43.0721 3916	swprv           (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
17:38:43.0767 3916	swprv - ok
17:38:43.0855 3916	Symc8xx         (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
17:38:43.0870 3916	Symc8xx - ok
17:38:43.0885 3916	Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
17:38:43.0900 3916	Sym_hi - ok
17:38:43.0910 3916	Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
17:38:43.0925 3916	Sym_u3 - ok
17:38:43.0975 3916	SynTP           (5c3e900f41426a372de60675afc8aa07) C:\Windows\system32\DRIVERS\SynTP.sys
17:38:44.0045 3916	SynTP - ok
17:38:44.0201 3916	SysMain         (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
17:38:44.0263 3916	SysMain - ok
17:38:44.0341 3916	TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
17:38:44.0419 3916	TabletInputService - ok
17:38:44.0497 3916	tap0901         (5c7c939bbd03784fe58c80578d065cc9) C:\Windows\system32\DRIVERS\tap0901.sys
17:38:44.0544 3916	tap0901 - ok
17:38:44.0560 3916	TapiSrv         (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
17:38:44.0606 3916	TapiSrv - ok
17:38:44.0716 3916	TBS             (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
17:38:44.0762 3916	TBS - ok
17:38:44.0950 3916	Tcpip           (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
17:38:45.0043 3916	Tcpip - ok
17:38:45.0168 3916	Tcpip6          (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
17:38:45.0277 3916	Tcpip6 - ok
17:38:45.0402 3916	tcpipreg        (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
17:38:45.0433 3916	tcpipreg - ok
17:38:45.0480 3916	TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
17:38:45.0542 3916	TDPIPE - ok
17:38:45.0605 3916	TDTCP           (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
17:38:45.0652 3916	TDTCP - ok
17:38:45.0735 3916	tdx             (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
17:38:45.0810 3916	tdx - ok
17:38:45.0945 3916	TermDD          (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
17:38:45.0970 3916	TermDD - ok
17:38:46.0010 3916	TermService     (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
17:38:46.0095 3916	TermService - ok
17:38:46.0190 3916	Themes          (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
17:38:46.0215 3916	Themes - ok
17:38:46.0415 3916	THREADORDER     (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
17:38:46.0470 3916	THREADORDER - ok
17:38:46.0657 3916	TrkWks          (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
17:38:46.0704 3916	TrkWks - ok
17:38:46.0810 3916	TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
17:38:46.0865 3916	TrustedInstaller - ok
17:38:46.0980 3916	tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
17:38:47.0035 3916	tssecsrv - ok
17:38:47.0070 3916	tunmp           (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
17:38:47.0115 3916	tunmp - ok
17:38:47.0205 3916	tunnel          (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
17:38:47.0262 3916	tunnel - ok
17:38:47.0308 3916	uagp35          (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
17:38:47.0355 3916	uagp35 - ok
17:38:47.0433 3916	UBHelper        (d79c0b9bb011218b93705cbf77fa3e5e) C:\Windows\system32\drivers\UBHelper.sys
17:38:47.0449 3916	UBHelper - ok
17:38:47.0496 3916	udfs            (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
17:38:47.0527 3916	udfs - ok
17:38:47.0574 3916	UI0Detect       (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
17:38:47.0620 3916	UI0Detect - ok
17:38:47.0698 3916	uliagpkx        (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
17:38:47.0714 3916	uliagpkx - ok
17:38:47.0730 3916	uliahci         (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
17:38:47.0761 3916	uliahci - ok
17:38:47.0776 3916	UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
17:38:47.0792 3916	UlSata - ok
17:38:48.0104 3916	ulsata2         (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
17:38:48.0166 3916	ulsata2 - ok
17:38:48.0322 3916	umbus           (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
17:38:48.0385 3916	umbus - ok
17:38:48.0541 3916	upnphost        (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
17:38:48.0603 3916	upnphost - ok
17:38:48.0837 3916	usbccgp         (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
17:38:48.0900 3916	usbccgp - ok
17:38:49.0040 3916	usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
17:38:49.0118 3916	usbcir - ok
17:38:49.0196 3916	usbehci         (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
17:38:49.0227 3916	usbehci - ok
17:38:49.0258 3916	usbhub          (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
17:38:49.0305 3916	usbhub - ok
17:38:49.0441 3916	usbohci         (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
17:38:49.0534 3916	usbohci - ok
17:38:49.0675 3916	usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
17:38:49.0722 3916	usbprint - ok
17:38:49.0815 3916	usbser          (d575246188f63de0accf6eac5fb59e6a) C:\Windows\system32\drivers\usbser.sys
17:38:49.0846 3916	usbser - ok
17:38:49.0878 3916	USBSTOR         (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:38:49.0898 3916	USBSTOR - ok
17:38:49.0983 3916	usbuhci         (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
17:38:50.0023 3916	usbuhci - ok
17:38:50.0038 3916	usbvideo        (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
17:38:50.0110 3916	usbvideo - ok
17:38:50.0141 3916	UxSms           (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
17:38:50.0172 3916	UxSms - ok
17:38:50.0313 3916	vds             (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
17:38:50.0375 3916	vds - ok
17:38:50.0500 3916	vga             (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
17:38:50.0547 3916	vga - ok
17:38:50.0703 3916	VgaSave         (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
17:38:50.0750 3916	VgaSave - ok
17:38:50.0890 3916	viaagp          (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
17:38:50.0906 3916	viaagp - ok
17:38:50.0968 3916	ViaC7           (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
17:38:51.0015 3916	ViaC7 - ok
17:38:51.0062 3916	viaide          (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
17:38:51.0077 3916	viaide - ok
17:38:51.0140 3916	volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
17:38:51.0155 3916	volmgr - ok
17:38:51.0186 3916	volmgrx         (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
17:38:51.0202 3916	volmgrx - ok
17:38:51.0233 3916	volsnap         (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
17:38:51.0249 3916	volsnap - ok
17:38:51.0280 3916	vsbus           (1c8a783e90c34d205596f1ab4a97e261) C:\Windows\system32\DRIVERS\vsb.sys
17:38:51.0296 3916	vsbus ( UnsignedFile.Multi.Generic ) - warning
17:38:51.0296 3916	vsbus - detected UnsignedFile.Multi.Generic (1)
17:38:51.0342 3916	vserial         (3377daa1cb8cac46a538c236f5f3d58f) C:\Windows\system32\DRIVERS\vserial.sys
17:38:51.0358 3916	vserial ( UnsignedFile.Multi.Generic ) - warning
17:38:51.0358 3916	vserial - detected UnsignedFile.Multi.Generic (1)
17:38:51.0405 3916	vsmraid         (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
17:38:51.0420 3916	vsmraid - ok
17:38:51.0498 3916	VSS             (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
17:38:51.0608 3916	VSS - ok
17:38:51.0764 3916	W32Time         (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
17:38:51.0810 3916	W32Time - ok
17:38:51.0951 3916	WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
17:38:52.0044 3916	WacomPen - ok
17:38:52.0122 3916	Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
17:38:52.0169 3916	Wanarp - ok
17:38:52.0185 3916	Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
17:38:52.0216 3916	Wanarpv6 - ok
17:38:52.0310 3916	wcncsvc         (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
17:38:52.0346 3916	wcncsvc - ok
17:38:52.0401 3916	WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
17:38:52.0446 3916	WcsPlugInService - ok
17:38:52.0518 3916	Wd              (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
17:38:52.0549 3916	Wd - ok
17:38:52.0674 3916	Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
17:38:52.0768 3916	Wdf01000 - ok
17:38:52.0846 3916	WdiServiceHost  (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
17:38:52.0908 3916	WdiServiceHost - ok
17:38:52.0908 3916	WdiSystemHost   (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
17:38:52.0948 3916	WdiSystemHost - ok
17:38:53.0033 3916	WebClient       (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
17:38:53.0095 3916	WebClient - ok
17:38:53.0251 3916	Wecsvc          (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
17:38:53.0313 3916	Wecsvc - ok
17:38:53.0469 3916	wercplsupport   (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
17:38:53.0532 3916	wercplsupport - ok
17:38:53.0610 3916	WerSvc          (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
17:38:53.0657 3916	WerSvc - ok
17:38:53.0766 3916	winachsf        (5c7bdcf5864db00323fe2d90fa26a8a2) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
17:38:53.0844 3916	winachsf - ok
17:38:53.0969 3916	WinDefend       (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
17:38:54.0000 3916	WinDefend - ok
17:38:54.0015 3916	WinHttpAutoProxySvc - ok
17:38:54.0203 3916	Winmgmt         (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
17:38:54.0249 3916	Winmgmt - ok
17:38:54.0515 3916	WinRM           (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
17:38:54.0624 3916	WinRM - ok
17:38:54.0749 3916	Wlansvc         (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
17:38:54.0858 3916	Wlansvc - ok
17:38:54.0936 3916	WmiAcpi         (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
17:38:54.0967 3916	WmiAcpi - ok
17:38:55.0092 3916	wmiApSrv        (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
17:38:55.0123 3916	wmiApSrv - ok
17:38:55.0326 3916	WMPNetworkSvc   (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
17:38:55.0396 3916	WMPNetworkSvc - ok
17:38:55.0581 3916	WPCSvc          (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
17:38:55.0628 3916	WPCSvc - ok
17:38:55.0784 3916	WPDBusEnum      (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
17:38:55.0846 3916	WPDBusEnum - ok
17:38:55.0995 3916	WpdUsb          (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
17:38:56.0020 3916	WpdUsb - ok
17:38:56.0292 3916	WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
17:38:56.0339 3916	WPFFontCache_v0400 - ok
17:38:56.0417 3916	ws2ifsl         (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
17:38:56.0463 3916	ws2ifsl - ok
17:38:56.0495 3916	wscsvc          (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\System32\wscsvc.dll
17:38:56.0526 3916	wscsvc - ok
17:38:56.0557 3916	WSearch - ok
17:38:56.0853 3916	wuauserv        (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
17:38:57.0056 3916	wuauserv - ok
17:38:57.0228 3916	WudfPf          (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
17:38:57.0259 3916	WudfPf - ok
17:38:57.0446 3916	WUDFRd          (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
17:38:57.0493 3916	WUDFRd - ok
17:38:57.0633 3916	wudfsvc         (2c0206ff8d2c75ac027d1096fa2fafda) C:\Windows\System32\WUDFSvc.dll
17:38:57.0680 3916	wudfsvc - ok
17:38:57.0805 3916	{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054} (556b5cfe8d21b256add7f87d7f4b4123) c:\Program Files\CyberLink\PowerDVD8\000.fcl
17:38:57.0821 3916	{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054} - ok
17:38:57.0836 3916	MBR (0x1B8)     (beedf9b7f43a72a91456f7131afc11b2) \Device\Harddisk0\DR0
17:39:00.0112 3916	\Device\Harddisk0\DR0 - ok
17:39:00.0143 3916	Boot (0x1200)   (243637fc1b285cffacf78e6aa6ce938e) \Device\Harddisk0\DR0\Partition0
17:39:00.0190 3916	\Device\Harddisk0\DR0\Partition0 - ok
17:39:00.0221 3916	Boot (0x1200)   (bfc8e88389a995a75790fa68c504c8fb) \Device\Harddisk0\DR0\Partition1
17:39:00.0252 3916	\Device\Harddisk0\DR0\Partition1 - ok
17:39:00.0252 3916	============================================================
17:39:00.0252 3916	Scan finished
17:39:00.0252 3916	============================================================
17:39:00.0283 3064	Detected object count: 7
17:39:00.0283 3064	Actual detected object count: 7
17:39:31.0446 3064	CVPNDRVA ( UnsignedFile.Multi.Generic ) - skipped by user
17:39:31.0446 3064	CVPNDRVA ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:39:31.0446 3064	FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
17:39:31.0446 3064	FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:39:31.0446 3064	GPVPNService ( UnsignedFile.Multi.Generic ) - skipped by user
17:39:31.0446 3064	GPVPNService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:39:31.0446 3064	PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - skipped by user
17:39:31.0446 3064	PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:39:31.0446 3064	ServiceLayer ( UnsignedFile.Multi.Generic ) - skipped by user
17:39:31.0446 3064	ServiceLayer ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:39:31.0461 3064	vsbus ( UnsignedFile.Multi.Generic ) - skipped by user
17:39:31.0461 3064	vsbus ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:39:31.0461 3064	vserial ( UnsignedFile.Multi.Generic ) - skipped by user
17:39:31.0461 3064	vserial ( UnsignedFile.Multi.Generic ) - User select action: Skip

cosinus · 03.04.2012, 18:39

Ist auch unauffällig. Noch Probleme?

03.04.2012, 18:39	#15
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	TR/Agent.53248 Ist auch unauffällig. Noch Probleme? __________________ Logfiles bitte immer in CODE-Tags posten

TR/Agent.53248

Log-Analyse und Auswertung: TR/Agent.53248

TR/Agent.53248

TR/Agent.53248

TR/Agent.53248

TR/Agent.53248

TR/Agent.53248

TR/Agent.53248

TR/Agent.53248

TR/Agent.53248

TR/Agent.53248

TR/Agent.53248

TR/Agent.53248

TR/Agent.53248

TR/Agent.53248

TR/Agent.53248

TR/Agent.53248

Ähnliche Themen: TR/Agent.53248

02.04.2012, 14:44	#6
baum89	TR/Agent.53248 Die Datei 'C:\Users\Standardbenutzer\AppData\Local\Temp\cgs8h0.exe' enthielt einen Virus oder unerwünschtes Programm 'TR/Agent.53248' [trojan]. Durchgeführte Aktion(en): Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4a6323c1.qua' verschoben!

02.04.2012, 20:11	#10
baum89	TR/Agent.53248 Passwort habe ich geändert. leider kann ich dir nicht sagen was das für ein Programm ist, da ich selber keine Ahnung habe. Hatte mit dem Programm noch nicht bewusst zu tun. Wie soll ich weiter vorgehen? Vielen Dank im Voraus Gruß Klemens