Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Avira findet 'TR/Crypt.ZPACK.Gen' und 'TR/Agent.53248.57'

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 19.10.2012, 17:43   #1
Doeni
 
Avira findet 'TR/Crypt.ZPACK.Gen' und 'TR/Agent.53248.57' - Standard

Avira findet 'TR/Crypt.ZPACK.Gen' und 'TR/Agent.53248.57'



Hallo!

Avira hat Dienstag- und Mittwochabend nachfolgende Viren gefunden und in Quarantäne gelegt.
Seitdem ist wieder alles ruhig.



Hier die Ereignisse von avira:

Code:
ATTFilter
 
Echzeit Scanner: Malware gefunden
Datum/Uhrzeit: 16.10.2012, 23:01:01
In der Datei 'C:\$Recycle.Bin\S-1-5-21-3374835662-2939492500-1884947871-1000\$413b70cc2dcfaf99870c327cd61c6d79\n'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.ZPACK.Gen' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern

Echzeit Scanner: Malware gefunden
Datum/Uhrzeit: 16.10.2012, 23:01:04
In der Datei 'C:\Users\Doeni\AppData\Local\Temp\msimg32.dll'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.ZPACK.Gen' [trojan] gefunden.
Ausgeführte Aktion: Übergeben an Scanner

Echzeit Scanner: Malware gefunden
Datum/Uhrzeit: 16.10.2012, 23:01:04
In der Datei 'C:\$Recycle.Bin\S-1-5-21-3374835662-2939492500-1884947871-1000\$413b70cc2dcfaf99870c327cd61c6d79\n'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.ZPACK.Gen' [trojan] gefunden.
Ausgeführte Aktion: Übergeben an Scanner

System Scanner: Malware gefunden
Datum/Uhrzeit: 16.10.2012, 23:02:38
Die Datei 'C:\Users\Doeni\AppData\Local\Temp\msimg32.dll'
enthielt einen Virus oder unerwünschtes Programm 'TR/Crypt.ZPACK.Gen' [trojan].
Durchgeführte Aktion(en):
Eine Sicherungskopie wurde unter dem Namen 56c7602a.qua erstellt ( QUARANTÄNE ).
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4e504fb5.qua' verschoben!

System Scanner: Malware gefunden
Datum/Uhrzeit: 16.10.2012, 23:13:31
Die Datei 'C:\$Recycle.Bin\S-1-5-21-3374835662-2939492500-1884947871-1000\$413b70cc2dcfaf99870c327cd61c6d79\n'
enthielt einen Virus oder unerwünschtes Programm 'TR/Crypt.ZPACK.Gen' [trojan].
Durchgeführte Aktion(en):
Eine Sicherungskopie wurde unter dem Namen 55446519.qua erstellt ( QUARANTÄNE ).
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4dd34b46.qua' verschoben!


Echzeit Scanner: Malware gefunden
Datum/Uhrzeit: 17.10.2012, 20:03:22
In der Datei 'C:\Users\Doeni\sudbyzquxqus.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Agent.53248.57' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern

System Scanner: Malware gefunden
Datum/Uhrzeit: 17.10.2012, 20:11:28
Die Datei 'C:\Users\Doeni\sudbyzquxqus.exe'
enthielt einen Virus oder unerwünschtes Programm 'TR/Agent.53248.57' [trojan].
Durchgeführte Aktion(en):
Eine Sicherungskopie wurde unter dem Namen 55695576.qua erstellt ( QUARANTÄNE ).
Der Registrierungseintrag <HKEY_USERS\S-1-5-21-3374835662-2939492500-1884947871-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sudbyzquxqus> wurde erfolgreich repariert.
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4dfe7a91.qua' verschoben!


Echzeit Scanner: Malware gefunden
Datum/Uhrzeit: 17.10.2012, 20:31:50
In der Datei 'C:\Users\Doeni\AppData\Local\Temp\7290129.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Agent.53248.57' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern

System Scanner: Malware gefunden
Datum/Uhrzeit: 17.10.2012, 21:01:04
Die Datei 'C:\Users\Doeni\AppData\Local\Temp\7290129.exe'
enthielt einen Virus oder unerwünschtes Programm 'TR/Agent.53248.57' [trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '559ba191.qua' verschoben!
         

Habe defogger benutzt:

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 15:56 on 19/10/2012 (Doeni)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...
Unable to read sptd.sys
SPTD -> Disabled (Service running -> reboot required)


-=E.O.F=-

Hier nun OTL.txt:

Code:
ATTFilter
OTL logfile created on: 19.10.2012 16:04:45 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Doeni\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19328)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 1,13 Gb Available Physical Memory | 56,61% Memory free
4,21 Gb Paging File | 3,18 Gb Available in Paging File | 75,54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 126,95 Gb Total Space | 18,43 Gb Free Space | 14,52% Space Free | Partition Type: NTFS
Drive E: | 78,12 Gb Total Space | 17,10 Gb Free Space | 21,89% Space Free | Partition Type: NTFS
Drive P: | 27,80 Gb Total Space | 10,79 Gb Free Space | 38,80% Space Free | Partition Type: NTFS
 
Computer Name: DOENI-PC | User Name: Doeni | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.10.19 16:04:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Doeni\Downloads\OTL.exe
PRC - [2012.08.09 10:25:14 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.04.24 02:11:55 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011.09.14 00:26:26 | 000,573,104 | ---- | M] (Crawler.com) -- C:\Programme\Spyware Terminator\st_rsser.exe
PRC - [2009.04.11 08:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2007.03.28 20:47:34 | 000,021,504 | ---- | M] (UPEK Inc.) -- C:\Programme\Protector Suite QL\upeksvr.exe
PRC - [2007.03.28 20:30:18 | 000,053,776 | ---- | M] (UPEK Inc.) -- C:\Programme\Protector Suite QL\psqltray.exe
PRC - [2006.10.05 14:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.09.14 00:26:26 | 000,573,104 | ---- | M] (Crawler.com) [Auto | Running] -- C:\Programme\Spyware Terminator\st_rsser.exe -- (ST2012_Svc)
SRV - [2010.12.30 00:14:07 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009.06.02 11:10:08 | 000,637,952 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.03.29 05:42:42 | 000,029,704 | ---- | M] (TuneUp Software GmbH) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006.10.05 14:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\wdcsam.sys -- (WDC_SAM)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2012.04.27 10:20:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.04.25 00:32:27 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.04.16 21:17:40 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.06.21 11:24:06 | 000,032,768 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\sp_rsdrv2.sys -- (sp_rsdrv2)
DRV - [2010.06.23 10:21:32 | 000,259,176 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.08.27 09:53:18 | 000,027,488 | ---- | M] (CSR, plc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BthAvrcp.sys -- (BthAvrcp)
DRV - [2009.04.29 16:47:47 | 000,682,232 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2009.02.09 09:37:56 | 000,007,808 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2009.02.09 09:37:48 | 000,007,808 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2009.02.09 09:37:46 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2009.02.09 09:37:46 | 000,017,664 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2008.10.09 15:42:42 | 000,017,408 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV - [2008.08.26 11:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008.06.26 06:30:50 | 003,662,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32)
DRV - [2007.10.18 13:33:48 | 000,119,424 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2007.04.11 10:40:14 | 000,046,592 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ESD7SK.sys -- (ESDCR)
DRV - [2007.04.11 10:40:10 | 000,063,488 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ESM7SK.sys -- (ESMCR)
DRV - [2007.04.11 10:40:06 | 000,067,584 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\EMS7SK.sys -- (EMSCR)
DRV - [2006.10.05 12:39:40 | 001,161,152 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.belinea.de
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.belinea.de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D0 FE 70 16 64 8F CD 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/ie.aspx?q={searchTerms}
IE - HKCU\..\SearchScopes\Google.de: "URL" = hxxp://www.google.de/search?hl=de&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.tagesschau.de"
FF - prefs.js..extensions.enabledItems: {c50ca3c4-5656-43c2-a061-13e717f73fc8}:4.0.2
FF - prefs.js..extensions.enabledItems: {446c03e0-2c35-11db-a98b-0800200c9a66}:0.6.2.15
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.3.1
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: P:\itunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: P:\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: P:\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: P:\codecs\rm\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: P:\codecs\rm\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: P:\adobe\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player:  File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: P:\Nokia PC Suite 7\bkmrksync\ [2009.10.28 20:26:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.01.08 15:31:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.01.08 15:31:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 0.9\extensions\\Components: P:\Mozilla Sunbird\components [2012.01.08 15:31:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 0.9\extensions\\Plugins: P:\Mozilla Sunbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: P:\thunderbird\components [2012.01.08 15:31:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: P:\thunderbird\plugins [2012.01.08 15:31:18 | 000,000,000 | ---D | M]
 
[2009.01.16 13:25:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Doeni\AppData\Roaming\mozilla\Extensions
[2012.10.18 21:02:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Doeni\AppData\Roaming\mozilla\Firefox\Profiles\knc1cg7b.default\extensions
[2011.06.25 16:46:11 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\Doeni\AppData\Roaming\mozilla\Firefox\Profiles\knc1cg7b.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2011.06.25 16:46:09 | 000,000,000 | ---D | M] (Favicon Picker 2) -- C:\Users\Doeni\AppData\Roaming\mozilla\Firefox\Profiles\knc1cg7b.default\extensions\{446c03e0-2c35-11db-a98b-0800200c9a66}
[2011.05.19 21:40:38 | 000,000,000 | ---D | M] (Fast Video Download (with SearchMenu)) -- C:\Users\Doeni\AppData\Roaming\mozilla\Firefox\Profiles\knc1cg7b.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}
[2009.04.01 22:40:04 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\Doeni\AppData\Roaming\mozilla\Firefox\Profiles\knc1cg7b.default\extensions\moveplayer@movenetworks.com
[2009.01.16 13:25:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Doeni\AppData\Roaming\mozilla\Firefox\Profiles\knc1cg7b.default\extensions\toolbar_extras@de.yahoo.com
[2009.12.02 15:51:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Doeni\AppData\Roaming\mozilla\Sunbird\Profiles\33a9gc06.default\extensions
[2010.10.20 13:24:24 | 000,002,895 | ---- | M] () -- C:\Users\Doeni\AppData\Roaming\mozilla\firefox\profiles\knc1cg7b.default\searchplugins\blackle.xml
[2012.03.13 22:37:03 | 000,002,289 | ---- | M] () -- C:\Users\Doeni\AppData\Roaming\mozilla\firefox\profiles\knc1cg7b.default\searchplugins\ecosia.xml
[2010.03.31 13:57:34 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2009.01.16 13:25:33 | 000,000,000 | ---D | M] (Yahoo! Deutschland Toolbar und Extras) -- C:\Programme\Mozilla Firefox\extensions\toolbar_extras@de.yahoo.com
[2009.11.23 15:57:32 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2010.03.31 13:57:34 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
[2010.04.04 23:36:42 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.04.04 23:36:42 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.04.04 23:36:42 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.04.04 23:36:42 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.04.04 23:36:42 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - P:\java\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [PSQLLauncher] C:\Program Files\Protector Suite QL\launcher.exe (UPEK Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Regedit32] C:\Windows\system32\regedit.exe File not found
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableCAD = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\InfoDelivery present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MaxRecentDocs = 9
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - P:\office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Doeni\Desktop\PartyPoker.lnk File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Doeni\Desktop\PartyPoker.lnk File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{21C445E5-65D2-42D3-A32A-7C08AAEC225D}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (vrlogon.dll) - C:\Windows\System32\vrlogon.dll (UPEK Inc.)
O20 - Winlogon\Notify\psfus: DllName - (C:\Windows\system32\psqlpwd.dll) - C:\Windows\System32\psqlpwd.dll (UPEK Inc.)
O24 - Desktop WallPaper: C:\Users\Doeni\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Doeni\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{b2b15813-6356-11df-b6d6-001d92144282}\Shell - "" = AutoRun
O33 - MountPoints2\{b2b15813-6356-11df-b6d6-001d92144282}\Shell\AutoRun\command - "" = "I:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{f3c8173c-f2cc-11de-9feb-001d924d5491}\Shell\AutoRun\command - "" = G:\Toshiba\more4you.exe
O33 - MountPoints2\{f58238ed-2cec-11df-9b94-001d92144282}\Shell - "" = AutoRun
O33 - MountPoints2\{f58238ed-2cec-11df-9b94-001d92144282}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.10.19 16:01:36 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.19 16:01:35 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.19 16:01:07 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.10.19 16:00:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.19 15:57:17 | 000,001,076 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.10.19 15:57:01 | 000,000,020 | ---- | M] () -- C:\Users\Doeni\defogger_reenable
[2012.10.19 15:54:01 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.10.19 15:31:12 | 001,745,776 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.10.15 14:39:00 | 000,001,022 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012.10.12 17:47:32 | 000,618,442 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.10.12 17:47:32 | 000,587,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.10.12 17:47:32 | 000,122,842 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.10.12 17:47:32 | 000,101,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.10.12 17:44:12 | 000,000,366 | ---- | M] () -- C:\Windows\tasks\1-Klick-Wartung.job
[2012.10.01 19:54:37 | 000,105,472 | ---- | M] () -- C:\Users\Doeni\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.10.19 15:56:38 | 000,000,020 | ---- | C] () -- C:\Users\Doeni\defogger_reenable
[2012.06.14 19:52:18 | 000,072,220 | ---- | C] () -- C:\Users\Doeni\ESt2011_Kölzer_Sarah.elfo
[2011.10.20 21:59:30 | 000,007,596 | ---- | C] () -- C:\Users\Doeni\ESt2010_Kölzer_Sarah.elfo
[2011.09.17 12:39:50 | 000,032,768 | ---- | C] () -- C:\Windows\System32\drivers\sp_rsdrv2.sys
[2011.08.05 18:32:35 | 000,000,680 | RHS- | C] () -- C:\Users\Doeni\ntuser.pol
[2010.03.15 17:54:31 | 000,004,096 | -H-- | C] () -- C:\Users\Doeni\AppData\Local\keyfile3.drm
[2009.05.25 18:20:02 | 000,110,241 | ---- | C] () -- C:\Users\Doeni\AppData\Roaming\mdbu.bin
[2009.02.14 03:10:39 | 000,000,680 | ---- | C] () -- C:\Users\Doeni\AppData\Local\d3d9caps.dat
[2009.01.16 13:41:43 | 000,105,472 | ---- | C] () -- C:\Users\Doeni\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
"ThreadingModel" = Both
"" = C:\$Recycle.Bin\S-1-5-21-3374835662-2939492500-1884947871-1000\$413b70cc2dcfaf99870c327cd61c6d79\n.
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2011.03.28 17:30:23 | 000,000,000 | ---D | M] -- C:\Users\Doeni\AppData\Roaming\46developments
[2011.11.01 17:35:26 | 000,000,000 | ---D | M] -- C:\Users\Doeni\AppData\Roaming\Aegisub
[2012.02.10 16:15:13 | 000,000,000 | ---D | M] -- C:\Users\Doeni\AppData\Roaming\Audacity
[2012.06.24 15:03:32 | 000,000,000 | ---D | M] -- C:\Users\Doeni\AppData\Roaming\Azureus
[2010.11.04 12:06:48 | 000,000,000 | ---D | M] -- C:\Users\Doeni\AppData\Roaming\Canon
[2012.06.07 10:07:45 | 000,000,000 | ---D | M] -- C:\Users\Doeni\AppData\Roaming\Dropbox
[2011.10.20 21:27:14 | 000,000,000 | ---D | M] -- C:\Users\Doeni\AppData\Roaming\elsterformular
[2009.03.17 22:59:46 | 000,000,000 | ---D | M] -- C:\Users\Doeni\AppData\Roaming\FreeDoko
[2011.01.08 18:38:50 | 000,000,000 | ---D | M] -- C:\Users\Doeni\AppData\Roaming\GARMIN
[2009.07.14 18:22:46 | 000,000,000 | ---D | M] -- C:\Users\Doeni\AppData\Roaming\ICQ
[2009.10.28 19:59:36 | 000,000,000 | ---D | M] -- C:\Users\Doeni\AppData\Roaming\Jumping Bytes
[2011.11.01 19:39:11 | 000,000,000 | ---D | M] -- C:\Users\Doeni\AppData\Roaming\mkvtoolnix
[2009.10.29 10:37:13 | 000,000,000 | ---D | M] -- C:\Users\Doeni\AppData\Roaming\Mobile Master
[2009.10.29 11:08:45 | 000,000,000 | ---D | M] -- C:\Users\Doeni\AppData\Roaming\Nokia
[2010.03.29 14:54:25 | 000,000,000 | ---D | M] -- C:\Users\Doeni\AppData\Roaming\Notepad++
[2009.10.28 20:34:10 | 000,000,000 | ---D | M] -- C:\Users\Doeni\AppData\Roaming\PC Suite
[2010.10.28 14:27:46 | 000,000,000 | ---D | M] -- C:\Users\Doeni\AppData\Roaming\ProtectDisc
[2011.09.17 12:39:50 | 000,000,000 | ---D | M] -- C:\Users\Doeni\AppData\Roaming\Spyware Terminator
[2010.07.25 13:46:50 | 000,000,000 | ---D | M] -- C:\Users\Doeni\AppData\Roaming\streamripper
[2010.07.25 14:00:09 | 000,000,000 | ---D | M] -- C:\Users\Doeni\AppData\Roaming\TheLastRipper
[2009.01.27 10:41:29 | 000,000,000 | ---D | M] -- C:\Users\Doeni\AppData\Roaming\Thunderbird
[2009.02.10 02:10:36 | 000,000,000 | ---D | M] -- C:\Users\Doeni\AppData\Roaming\TuneUp Software
[2011.11.01 19:29:52 | 000,000,000 | ---D | M] -- C:\Users\Doeni\AppData\Roaming\XMedia Recode
 
========== Purity Check ==========
 
 

< End of report >
         

und Extra.txt :

Code:
ATTFilter
OTL Extras logfile created on: 19.10.2012 16:04:45 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Doeni\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19328)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 1,13 Gb Available Physical Memory | 56,61% Memory free
4,21 Gb Paging File | 3,18 Gb Available in Paging File | 75,54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 126,95 Gb Total Space | 18,43 Gb Free Space | 14,52% Space Free | Partition Type: NTFS
Drive E: | 78,12 Gb Total Space | 17,10 Gb Free Space | 21,89% Space Free | Partition Type: NTFS
Drive P: | 27,80 Gb Total Space | 10,79 Gb Free Space | 38,80% Space Free | Partition Type: NTFS
 
Computer Name: DOENI-PC | User Name: Doeni | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "P:\office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "P:\office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- P:\vlc\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [dm Fotowelt] -- "P:\dm Fotowelt\dm Fotowelt.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- P:\vlc\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "P:\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "P:\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "P:\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01153A24-E918-4E76-85F1-DA089DE2700B}" = rport=138 | protocol=17 | dir=out | app=system | 
"{0F630F58-73F5-4317-9DD5-B747E596B450}" = rport=139 | protocol=6 | dir=out | app=system | 
"{127BC208-63BB-4790-813E-385B85468031}" = rport=137 | protocol=17 | dir=out | app=system | 
"{2DA088D6-6E82-427F-8E71-11D14F79F906}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{365338D6-A429-4CAC-ACCA-F2C38164422B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{37BEABEA-BF8E-4893-A9C1-5292687EFCD6}" = rport=445 | protocol=6 | dir=out | app=system | 
"{DEA498CE-671F-4696-A0FC-D0511B1342ED}" = lport=139 | protocol=6 | dir=in | app=system | 
"{F28BFD8B-FBCB-436C-9A6C-87CF18F86243}" = lport=138 | protocol=17 | dir=in | app=system | 
"{F37F1FD3-3092-48AA-9A82-CBA23A371172}" = lport=445 | protocol=6 | dir=in | app=system | 
"{F5830B5B-0AFC-4498-A552-0A100CF4526A}" = lport=137 | protocol=17 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{026C734E-CF8A-403D-B743-DDB1E715AC7F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe | 
"{0E455403-DCFF-4D9B-A476-C5F9196D173A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{0EFAEF96-5CC3-4310-853A-DDB9EA65876D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe | 
"{13293FB0-B922-454D-B475-081D277D940D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe | 
"{1DFA0C8E-4C75-4486-B81C-5972EFEEF30D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{29BD3B11-DF3C-4F5A-A9D3-C7DE66C2D69B}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe | 
"{2A344B9B-9DFD-4743-B28D-0AADCCDD206E}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{36EAF98E-6D41-4021-93F1-79DD0E1A4073}" = dir=in | app=p:\skype\phone\skype.exe | 
"{482FCC81-93EC-4533-891A-F1E3A8CE2E49}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe | 
"{4D0B9CE7-28A9-46AA-A075-3612AAAF4B21}" = protocol=6 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe | 
"{5979AE78-5927-4D95-BC9D-6CE407CB0A62}" = protocol=17 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe | 
"{783A4E31-39D0-4AEF-B26F-D7F80F8DBD07}" = protocol=6 | dir=in | app=c:\users\doeni\appdata\roaming\dropbox\bin\dropbox.exe | 
"{8694CC1A-7094-455F-8D74-60993720A3EF}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe | 
"{9A4E29B6-2634-4A1C-84A5-249C056E7429}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{9A82747F-2D44-4B02-85C9-0942F90B4A68}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe | 
"{9BA2EB8A-76B2-4592-A958-5F912A04A392}" = protocol=17 | dir=in | app=c:\users\doeni\appdata\roaming\dropbox\bin\dropbox.exe | 
"{A459FEF5-3F2F-4504-99BB-EE075145F082}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{AC8F84FF-7627-4ED9-9043-927012C88E22}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe | 
"{AE1A01CB-F950-46D3-BDB6-06F92E1EAD9E}" = dir=in | app=p:\itunes\itunes.exe | 
"{B01EEAB2-BCCD-4C6A-A281-D662326D0CDA}" = protocol=17 | dir=in | app=c:\program files\spyware terminator\spywareterminator.exe | 
"{B2151D44-818B-4519-840A-7A6952196E4A}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{B957DD37-DAF6-45ED-BC81-BF4E6DA46545}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe | 
"{C348F6DE-F9E3-4EC0-A096-FF2715399F51}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{C4AFC8A8-6973-4A4D-9B3E-FE7BD2B9546A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{C8C496F7-FB22-4E46-951F-A7AC1D6E53F8}" = protocol=6 | dir=in | app=c:\program files\spyware terminator\spywareterminator.exe | 
"{DA6E82A5-C8B1-4201-A89A-E3594DB0D006}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe | 
"{EE31AA8E-8FCA-408D-90A2-FF0AF6496FAB}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe | 
"{FF0F453F-6F93-404B-B73D-6792FBDD2E0E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"TCP Query User{06E325BB-E060-4116-BCEA-059CDB5B4003}P:\java\bin\javaw.exe" = protocol=6 | dir=in | app=p:\java\bin\javaw.exe | 
"TCP Query User{06E57A23-0BC2-47A4-9106-2A0D8AFAF0C3}P:\vuze\azureus.exe" = protocol=6 | dir=in | app=p:\vuze\azureus.exe | 
"TCP Query User{0FB724FE-207D-47F7-BC3F-DB1778072158}P:\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=p:\sopcast\adv\sopadver.exe | 
"TCP Query User{200006BB-AEDE-4652-95FB-D46C25A6427F}D:\setup.exe" = protocol=6 | dir=in | app=d:\setup.exe | 
"TCP Query User{44558397-DEE4-4613-AB97-B581C959CD81}P:\java\bin\javaw.exe" = protocol=6 | dir=in | app=p:\java\bin\javaw.exe | 
"TCP Query User{5945BE1B-EFD4-4D13-9387-4E48AF419FC6}P:\icq6.5\icq.exe" = protocol=6 | dir=in | app=p:\icq6.5\icq.exe | 
"TCP Query User{690D02B8-19D4-46AA-8C83-7FE5CABD476F}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{743BEA8E-2B46-494D-B308-92F8EB22108E}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"TCP Query User{77B58778-9CB7-4AC8-93A3-4C57BEC70304}P:\sopcast\sopcast.exe" = protocol=6 | dir=in | app=p:\sopcast\sopcast.exe | 
"TCP Query User{84CAD570-4C3D-415E-97E9-60A0360DE79C}P:\trillian\trillian.exe" = protocol=6 | dir=in | app=p:\trillian\trillian.exe | 
"TCP Query User{856BC50B-521D-418A-944E-5D785A6D1E45}P:\trillian\trillian.exe" = protocol=6 | dir=in | app=p:\trillian\trillian.exe | 
"TCP Query User{963D318B-AAB9-48D8-A28F-B20601F48A3B}P:\emule\emule.exe" = protocol=6 | dir=in | app=p:\emule\emule.exe | 
"TCP Query User{97F8600B-8950-4875-8890-6444113BBAF3}P:\vuze\azureus.exe" = protocol=6 | dir=in | app=p:\vuze\azureus.exe | 
"TCP Query User{AED0A524-CA87-494B-B72B-2513D616CA19}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{DA121AFA-4C18-4D75-BDB3-DA7C6E1310C9}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"TCP Query User{DECF8E31-2A06-4913-B084-7D1144B9A56A}C:\users\doeni\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\doeni\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{10AEF358-B5A1-4E0B-88AE-1C0ECA446551}P:\trillian\trillian.exe" = protocol=17 | dir=in | app=p:\trillian\trillian.exe | 
"UDP Query User{10BC9455-83EA-4335-AC30-DBCCF6847F0A}P:\vuze\azureus.exe" = protocol=17 | dir=in | app=p:\vuze\azureus.exe | 
"UDP Query User{2E5FF665-C126-4A7E-9A28-0CBC89C9E152}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"UDP Query User{33C586CB-E206-48E9-B0D7-A82624BA452E}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{4E173D44-3518-4A4D-9211-2EC2844D5C49}P:\trillian\trillian.exe" = protocol=17 | dir=in | app=p:\trillian\trillian.exe | 
"UDP Query User{6633BCE5-571D-45B3-8C7E-8496B4473D1F}D:\setup.exe" = protocol=17 | dir=in | app=d:\setup.exe | 
"UDP Query User{70739042-E950-44DE-8391-F462C19B5743}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"UDP Query User{8222D54A-6BF2-4C16-8907-F33B8A653378}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{928203BC-A629-488C-BD04-DD8F0A1422EF}P:\java\bin\javaw.exe" = protocol=17 | dir=in | app=p:\java\bin\javaw.exe | 
"UDP Query User{98CF290A-662B-4990-91A8-CDB9913B7872}P:\icq6.5\icq.exe" = protocol=17 | dir=in | app=p:\icq6.5\icq.exe | 
"UDP Query User{A459DF0E-C811-4295-A42C-D63780004AC3}C:\users\doeni\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\doeni\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{D3B174BE-C133-4B95-90BF-DBF9B8D3F6EC}P:\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=p:\sopcast\adv\sopadver.exe | 
"UDP Query User{D478BEAD-3A34-4C1E-A559-66D6955330B7}P:\emule\emule.exe" = protocol=17 | dir=in | app=p:\emule\emule.exe | 
"UDP Query User{E58AF51B-4651-49EF-B926-9476743C9BB9}P:\vuze\azureus.exe" = protocol=17 | dir=in | app=p:\vuze\azureus.exe | 
"UDP Query User{EE55C92D-9296-462D-9534-66C8EA611C26}P:\java\bin\javaw.exe" = protocol=17 | dir=in | app=p:\java\bin\javaw.exe | 
"UDP Query User{FCAC9316-BAE8-4ED2-872F-B3EFF031965D}P:\sopcast\sopcast.exe" = protocol=17 | dir=in | app=p:\sopcast\sopcast.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{03BEFEBD-7303-4F8E-96E1-BDB4CA5962F5}" = SILKYPIX Developer Studio 3.0G Free version
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0C973594-7DDF-4BD0-84ED-3517F7622037}" = PC Connectivity Solution
"{115C6DA4-A8B1-4DA2-B675-302576FD04FB}" = LUMIX RAW Codec 1.0
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP550_series" = Canon MP550 series MP Drivers
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{23F76BD5-9DD6-4121-900B-FBBDF81DC74A}" = AveoCap
"{24BC8B57-716C-444F-B46B-A3349B9164C5}_is1" = Aegisub 2.1.8
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 19
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{29F05234-DCBB-4FE0-88DC-5160C9250312}" = Adobe Photoshop CS3
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{3748D2FC-83CB-445A-87D8-DE88080FBB4F}" = Power Voice II
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3A3C031C-4688-4105-B441-5393C36139D3}" = Rund um (2.0) ... Seydlitz Geographie 2 RP
"{3D39E775-DDDA-4327-B747-0BDC5F191331}" = Nokia PC Suite
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52D02A2B-03D2-4E34-A358-DC5D951FD296}" = Nokia Connectivity Cable Driver
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{56736259-613E-4A3B-B428-6235F2E76F44}_is1" = Spyware Terminator 2012
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{66EBD70F-A42C-475F-AEDF-277378151031}" = Nero 7 Essentials
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8B4AE751-7055-4518-87B0-E148A8D50D0A}" = Macromedia FreeHand MX
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A2289997-10A3-48F2-AA03-99180D761661}" = Protector Suite QL 5.6
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.5 - Deutsch
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B4E96960-5F6B-48B9-A5BD-6A5A9BB4F027}" = Avery Wizard 3.1
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B7DBF6E8-0D17-4BE4-853B-ACD6EFBD4A1F}" = iTunes
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BF962E1B-D17A-4713-A100-6531A132D83D}_is1" = Foto-Mosaik-Edda 5.5.9
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C8BB4912-12D9-42AE-B571-E580D8CD1B5B}" = TuneUp Utilities 2007
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{F01F79AD-1F47-4685-AE4E-CCFA4EA9FF7C}" = Adobe Setup
"{F0AF5265-0E76-4AC0-AE45-ACA6428D5EDA}" = Pfadfinder 2.0
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F7B0E599-C114-4493-BC4D-D8FC7CBBABBB}" = 32 Bit HP CIO Components Installer
"{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_5f143314a5d434c8511097393d17397" = Adobe Photoshop CS3
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Any DWG to Image Converter_is1" = Any DWG to Image Converter 2010
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.14 (Unicode)
"Audacity_is1" = Audacity 1.2.6
"AvaCam_is1" = AvaCam v3.1.0
"Avira AntiVir Desktop" = Avira Free Antivirus
"CanonMyPrinter" = Canon Utilities My Printer
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"dm Fotowelt" = dm Fotowelt
"DVD Shrink_is1" = DVD Shrink 3.2
"E8A6D621B6D3FC5D43C68C549D959DE76EEF5D84" = Windows-Treiberpaket - Nokia Modem  (06/01/2009 4.1)
"EasyGPS_is1" = EasyGPS 4.18
"ElsterFormular 12.4.0.7094p" = ElsterFormular
"F779F5541ABD99C95C03B0FD5E3C058B22DA0FF7" = Windows-Treiberpaket - Nokia Modem  (06/01/2009 7.01.0.3)
"FreeDoko" = FreeDoko 0.7.5
"Google Updater" = Google Updater
"InstallShield_{03BEFEBD-7303-4F8E-96E1-BDB4CA5962F5}" = SILKYPIX Developer Studio 3.0G Free version
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MKVtoolnix" = MKVtoolnix 5.0.1
"MozBackup" = MozBackup 1.4.9
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"Mozilla Sunbird (0.9)" = Mozilla Sunbird (0.9)
"Mozilla Thunderbird (2.0.0.24)" = Mozilla Thunderbird (2.0.0.24)
"MP Navigator EX 3.0" = Canon MP Navigator EX 3.0
"Nokia PC Suite" = Nokia PC Suite
"Notepad++" = Notepad++
"PartyPoker" = PartyPoker
"Recuva" = Recuva
"Rossmannr Online Print Wizard Installer_is1" = Rossmann Online Print Wizard Installer 1.0
"SopCast" = SopCast 3.3.2
"Streamripper" = Streamripper (Remove only)
"SubtitleWorkshop" = Subtitle Workshop 2.51
"TheLastRipper" = TheLastRipper 1.4
"Trillian" = Trillian
"Video mp3 Extractor_is1" = Video mp3 Extractor
"VLC media player" = VLC media player 0.9.8a
"vLite_is1" = vLite
"VSO DivxToDVD_is1" = DivxToDVD 0.5.2
"Vuze" = Vuze
"WAV to MP3" = WAV to MP3
"Winamp" = Winamp
"WinRAR archiver" = WinRAR
"XMedia Recode" = XMedia Recode 3.0.3.4
"XviD" = XviD MPEG-4 Codec
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 07.04.2012 11:45:05 | Computer Name = Doeni-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 428690
 
Error - 07.04.2012 11:45:05 | Computer Name = Doeni-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 428690
 
Error - 07.04.2012 11:45:20 | Computer Name = Doeni-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 07.04.2012 11:45:20 | Computer Name = Doeni-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 444150
 
Error - 07.04.2012 11:45:20 | Computer Name = Doeni-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 444150
 
Error - 07.04.2012 11:45:36 | Computer Name = Doeni-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 07.04.2012 11:45:36 | Computer Name = Doeni-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 459750
 
Error - 07.04.2012 11:45:36 | Computer Name = Doeni-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 459750
 
Error - 07.04.2012 11:45:52 | Computer Name = Doeni-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 07.04.2012 11:45:52 | Computer Name = Doeni-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 475350
 
Error - 07.04.2012 11:45:52 | Computer Name = Doeni-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 475350
 
[ System Events ]
Error - 17.10.2012 17:29:30 | Computer Name = Doeni-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 18.10.2012 14:27:28 | Computer Name = Doeni-PC | Source = Service Control Manager | ID = 7022
Description = 
 
Error - 18.10.2012 14:27:37 | Computer Name = Doeni-PC | Source = Service Control Manager | ID = 7023
Description = 
 
Error - 18.10.2012 16:07:56 | Computer Name = Doeni-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 19.10.2012 09:32:45 | Computer Name = Doeni-PC | Source = Service Control Manager | ID = 7022
Description = 
 
Error - 19.10.2012 09:32:46 | Computer Name = Doeni-PC | Source = Service Control Manager | ID = 7023
Description = 
 
Error - 19.10.2012 09:46:58 | Computer Name = Doeni-PC | Source = BROWSER | ID = 8032
Description = 
 
Error - 19.10.2012 10:02:42 | Computer Name = Doeni-PC | Source = Service Control Manager | ID = 7022
Description = 
 
Error - 19.10.2012 10:02:43 | Computer Name = Doeni-PC | Source = Service Control Manager | ID = 7023
Description = 
 
Error - 19.10.2012 10:16:26 | Computer Name = Doeni-PC | Source = BROWSER | ID = 8032
Description = 
 
 
< End of report >
         
und hier auch noch Gmer.txt:

Code:
ATTFilter
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-10-19 17:40:14
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 FUJITSU_ rev.0000
Running: rzj6dc4i.exe; Driver: C:\Users\Doeni\AppData\Local\Temp\pwtoapog.sys


---- System - GMER 1.0.15 ----

SSDT   \??\C:\Windows\system32\drivers\sp_rsdrv2.sys                                                                        ZwClose [0xA8ABE444]
SSDT   \??\C:\Windows\system32\drivers\sp_rsdrv2.sys                                                                        ZwCreateFile [0xA8ABDC8A]
SSDT   \??\C:\Windows\system32\drivers\sp_rsdrv2.sys                                                                        ZwCreateKey [0xA8ABD958]
SSDT   \??\C:\Windows\system32\drivers\sp_rsdrv2.sys                                                                        ZwCreateSection [0xA8ABF520]
SSDT   \??\C:\Windows\system32\drivers\sp_rsdrv2.sys                                                                        ZwDeleteKey [0xA8ABDA68]
SSDT   \??\C:\Windows\system32\drivers\sp_rsdrv2.sys                                                                        ZwDeleteValueKey [0xA8ABDB5A]
SSDT   \??\C:\Windows\system32\drivers\sp_rsdrv2.sys                                                                        ZwLoadDriver [0xA8ABE780]
SSDT   \??\C:\Windows\system32\drivers\sp_rsdrv2.sys                                                                        ZwOpenFile [0xA8ABDF9C]
SSDT   \??\C:\Windows\system32\drivers\sp_rsdrv2.sys                                                                        ZwSetInformationFile [0xA8ABE0D2]
SSDT   \??\C:\Windows\system32\drivers\sp_rsdrv2.sys                                                                        ZwSetValueKey [0xA8ABD77E]
SSDT   \??\C:\Windows\system32\drivers\sp_rsdrv2.sys                                                                        ZwTerminateProcess [0xA8ABE6C8]
SSDT   \??\C:\Windows\system32\drivers\sp_rsdrv2.sys                                                                        ZwWriteFile [0xA8ABE2BC]

---- Kernel code sections - GMER 1.0.15 ----

.text  ntkrnlpa.exe!KeSetEvent + 1A9                                                                                        82AE886C 4 Bytes  [44, E4, AB, A8]
.text  ntkrnlpa.exe!KeSetEvent + 1D9                                                                                        82AE889C 4 Bytes  [8A, DC, AB, A8]
.text  ntkrnlpa.exe!KeSetEvent + 1E9                                                                                        82AE88AC 4 Bytes  [58, D9, AB, A8]
.text  ntkrnlpa.exe!KeSetEvent + 215                                                                                        82AE88D8 4 Bytes  [20, F5, AB, A8]
.text  ntkrnlpa.exe!KeSetEvent + 2D5                                                                                        82AE8998 4 Bytes  [68, DA, AB, A8]
.text  ...                                                                                                                  

---- Registry - GMER 1.0.15 ----

Reg    HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0019db9b4345                                          
Reg    HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001d92144282                                          
Reg    HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001d92144282@001c354e918d                             0xA0 0xD5 0x6C 0xC7 ...
Reg    HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4                                     
Reg    HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                  P:\DemonTools\DAEMON Tools\
Reg    HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                  0
Reg    HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                               0xB9 0xEC 0x03 0x6A ...
Reg    HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001                            
Reg    HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                         0x20 0x01 0x00 0x00 ...
Reg    HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                      0xCC 0x43 0xC5 0x42 ...
Reg    HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40                      
Reg    HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                0xEA 0x58 0xDE 0x75 ...
Reg    HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0019db9b4345 (not active ControlSet)                      
Reg    HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001d92144282 (not active ControlSet)                      
Reg    HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001d92144282@001c354e918d                                 0xA0 0xD5 0x6C 0xC7 ...
Reg    HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)                 
Reg    HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                      P:\DemonTools\DAEMON Tools\
Reg    HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                      0
Reg    HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                   0xB9 0xEC 0x03 0x6A ...
Reg    HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)        
Reg    HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                             0x20 0x01 0x00 0x00 ...
Reg    HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                          0xCC 0x43 0xC5 0x42 ...
Reg    HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)  
Reg    HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                    0xEA 0x58 0xDE 0x75 ...

---- EOF - GMER 1.0.15 ----
         

Ich hoffe es kann mir jemand helfen!
Schonmal Danke im Voraus!!

Alt 20.10.2012, 16:12   #2
M-K-D-B
/// TB-Ausbilder
 
Avira findet 'TR/Crypt.ZPACK.Gen' und 'TR/Agent.53248.57' - Standard

Avira findet 'TR/Crypt.ZPACK.Gen' und 'TR/Agent.53248.57'






Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.


Bitte beachte folgende Hinweise:
  • Eine Bereinigung ist mitunter mit viel Arbeit für dich verbunden. Es können mehrere Analyse- und Bereinigungsschritte erforderlich sein.
    Abschließend entfernen wir wieder alle verwendeten Programme und ich gebe dir ein paar Tipps für die Zukunft mit auf den Weg.
  • Bei Anzeichen von illegaler Software wird der Support ohne Diskussion eingestellt.
  • Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab.
  • Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
  • Führe nur Scans durch, zu denen du von mir oder einem anderen Helfer aufgefordert wirst.
  • Bitte kein Crossposting (posten in mehreren Foren).
  • Installiere oder deinstalliere während der Bereinigung keine Software außer du wirst dazu aufgefordert.
  • Solltest du mir nicht innerhalb von 3 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo.
    Ich kann Dir niemals eine Garantie geben, dass auch ich alles finde. Eine Formatierung ist meist der schnellere und immer der sicherste Weg.
    Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.





Schritt 1
Ich sehe, dass du sog. Registry Cleaner auf dem System hast.
In deinem Fall TuneUp Utilities 2007.

Wir empfehlen auf keinen Fall jegliche Art von Registry Cleaner.

Der Grund ist ganz einfach:

Die Registry ist das Hirn des Systems. Funktioniert das Hirn nicht, funktioniert der Rest nicht mehr wirklich.
Wir lesen oft genug von Hilfesuchenden, dass deren System nach der Nutzung von Registry Cleanern nicht mehr booted.
  • Wie soll der Cleaner zu 100% wissen ob der Eintrag benötigt wird oder nicht ?
  • Es ist vollkommen egal ob ein paar verwaiste Registry Einträge am System sind oder nicht.
  • Auch die dauernd angepriesene Beschleunigung des Systems ist nur bedingt wahr. Du würdest es nicht merken.
Ein sogenanntes False Positive von einem Cleaner kann auch dein System unbootbar machen.
Zerstörst Du die Registry, zerstörst Du Windows.

Ich empfehle dir hiermit die oben genannte Software zu deinstallieren und in Zukunft auf solche Art von Software zu verzichten.
Am Ende der Bereinigung empfehle ich dir ein anderes Tool, mit dem du deine temporären Dateien entfernen kannst.





Schritt 2
Ich sehe, dass du sogenannte Peer to Peer oder Filesharing Programme verwendest.

In deinem Fall Vuze.

Diese Programme erlauben es dir, Daten mit anderen Usern auszutauschen.

Leider ist auch p2p oder Filesharing nicht ausgenommen, infizierte Dateien zu verteilen und das ist auch ein Grund warum sich Malware so schnell verbreitet.
Es ist also möglich, dass du dir eine infizierte Datei herunter ladest. Du kannst niemals wissen, woher diese stammen. Daher sollte diese Art von Software mit äußerster Vorsicht benutzt werden.

Ein ebenfalls wichtiger Punkt ist, dass das Verbreiten von Media und Entertainment Dateien in den meisten Ländern der Welt gegen Copyright Rechte verstößt.
Natürlich gibt es auch einen legalen Weg zur Nutzung dieses Service. Zum Beispiel zum Downloaden von Linux oder Open Office.
Denoch würde ich dich ersuchen, diese Art von Software nicht weiterhin zu verwenden.
Bitte gehe zu
Start --> Systemsteuerung --> Programme deinstallieren
und deinstalliere die oben genannte Software.

Bitte sag bescheid wenn Du eines der gelisteten Programme nicht finden kannst.





Schritt 3
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!
Downloade dir bitte Combofix vom folgenden Downloadspiegel

Link 1


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.





Bitte poste mit deiner nächsten Antwort
  • die Logdatei von ComboFix.
__________________

__________________

Alt 21.10.2012, 12:13   #3
Doeni
 
Avira findet 'TR/Crypt.ZPACK.Gen' und 'TR/Agent.53248.57' - Standard

Avira findet 'TR/Crypt.ZPACK.Gen' und 'TR/Agent.53248.57'



Hallo Matthias,
vielen Dank dass du mir hilfst!!

Ich habe Combofix ausgeführt.

Zwischendurch, so bei Stufe 20, gab es eine Windows Fehlermeldung: PEV.exe funktioniere nicht mehr.


Hier die Logdatei:

[CODE]
Combofix Logfile:
Code:
ATTFilter
ComboFix 12-10-21.01 - Doeni 21.10.2012  12:44:50.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.2039.995 [GMT 2:00]
ausgeführt von:: c:\users\Doeni\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\uxtE1C6.tmp
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-09-21 bis 2012-10-21  ))))))))))))))))))))))))))))))
.
.
2012-10-18 19:21 . 2012-06-05 16:47	1401856	----a-w-	c:\windows\system32\msxml6.dll
2012-10-18 19:21 . 2012-06-05 16:47	1248768	----a-w-	c:\windows\system32\msxml3.dll
2012-10-18 19:21 . 2012-07-04 14:02	2047488	----a-w-	c:\windows\system32\win32k.sys
2012-10-18 19:21 . 2012-06-05 16:47	708608	----a-w-	c:\program files\Common Files\System\ado\msado15.dll
2012-10-18 19:21 . 2012-06-02 00:02	985088	----a-w-	c:\windows\system32\crypt32.dll
2012-10-18 19:21 . 2012-06-02 00:02	98304	----a-w-	c:\windows\system32\cryptnet.dll
2012-10-18 19:21 . 2012-06-02 00:02	133120	----a-w-	c:\windows\system32\cryptsvc.dll
2012-10-18 19:21 . 2012-09-13 13:28	2048	----a-w-	c:\windows\system32\tzres.dll
2012-10-18 19:21 . 2012-08-24 15:53	172544	----a-w-	c:\windows\system32\wintrust.dll
2012-10-18 19:21 . 2012-06-04 15:26	440704	----a-w-	c:\windows\system32\drivers\ksecdd.sys
2012-10-18 19:21 . 2012-06-02 00:04	278528	----a-w-	c:\windows\system32\schannel.dll
2012-10-18 19:21 . 2012-06-02 00:03	204288	----a-w-	c:\windows\system32\ncrypt.dll
2012-10-18 19:17 . 2012-08-29 11:27	3602816	----a-w-	c:\windows\system32\ntkrnlpa.exe
2012-10-18 19:17 . 2012-08-29 11:27	3550080	----a-w-	c:\windows\system32\ntoskrnl.exe
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\Doeni\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\Doeni\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\Doeni\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2007-03-28 18:59	2953216	----a-w-	c:\program files\Protector Suite QL\farchns.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2007-03-28 18:59	2953216	----a-w-	c:\program files\Protector Suite QL\farchns.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-04-01 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-04-01 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-04-01 133656]
"PSQLLauncher"="c:\program files\Protector Suite QL\launcher.exe" [2007-03-28 49168]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-09 348664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"disableCAD"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MaxRecentDocs"= 9 (0x9)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2007-03-28 18:46	90112	----a-w-	c:\windows\System32\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages	REG_MULTI_SZ   	scecli psqlpwd
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Doeni^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\users\Doeni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 04:59	937920	----a-r-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-06-08 04:02	37296	----a-w-	p:\adobe\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-11-01 22:25	59240	----a-w-	c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2009-07-27 02:10	1983816	----a-w-	c:\program files\Canon\MyPrinter\BJMYPRT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
2007-04-03 22:29	165784	----a-w-	p:\demontools\DAEMON Tools\daemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-07-23 08:46	135680	----a-w-	c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-12-08 00:36	421736	----a-w-	p:\itunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMAgent]
2009-10-11 10:51	1363392	----a-w-	P:\MMAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 14:57	153136	----a-w-	c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2009-06-25 14:12	1414144	----a-w-	p:\nokia pc suite 7\PCSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 13:28	421888	----a-w-	c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2008-05-28 14:06	6144000	----a-w-	c:\windows\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 09:43	248040	----a-w-	c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2009-04-10 17:29	37888	----a-w-	p:\winamp\winampa.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-21 02:25	202240	----a-w-	c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter
"WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe
"ehTray.exe"=c:\windows\ehome\ehTray.exe
"Sidebar"=c:\program files\Windows Sidebar\sidebar.exe /autoRun
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="p:\itunes\iTunesHelper.exe"
"Skytel"=Skytel.exe
"Adobe Reader Speed Launcher"="p:\adobe\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SpywareTerminatorShield"=c:\program files\Spyware Terminator\SpywareTerminatorShield.exe
"SpywareTerminatorUpdater"=c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe
"WPCUMI"=c:\windows\system32\WpcUmi.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs	REG_MULTI_SZ   	BthServ
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2012-10-15 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-05-11 08:00]
.
2012-10-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-29 07:48]
.
2012-10-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-29 07:48]
.
.
------- Zusätzlicher Suchlauf -------
.
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft &Excel exportieren - p:\office\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\wpclsp.dll
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Doeni\AppData\Roaming\Mozilla\Firefox\Profiles\knc1cg7b.default\
FF - prefs.js: browser.startup.homepage - www.tagesschau.de
FF - user.js: browser.urlbar.hideGoButton - false
FF - user.js: browser.tabs.closeButtons - 1
FF - user.js: browser.tabs.tabMinWidth - 125
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
MSConfigStartUp-HP Software Update - c:\program files\HP\HP Software Update\HPWuSchd2.exe
MSConfigStartUp-hpqSRMon - c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-10-21 12:53
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'lsass.exe'(700)
c:\windows\system32\psqlpwd.dll
c:\program files\Protector Suite QL\homefus2.dll
c:\program files\Protector Suite QL\infra.dll
.
- - - - - - - > 'Explorer.exe'(1280)
c:\users\Doeni\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
c:\program files\Protector Suite QL\farchns.dll
c:\program files\Protector Suite QL\infra.dll
.
Zeit der Fertigstellung: 2012-10-21  12:56:58
ComboFix-quarantined-files.txt  2012-10-21 10:56
.
Vor Suchlauf: 7 Verzeichnis(se), 19.175.178.240 Bytes frei
Nach Suchlauf: 11 Verzeichnis(se), 19.338.653.696 Bytes frei
.
- - End Of File - - 1D08F6A2F1BDA9BAADE18791EF93D24F
         
--- --- ---
__________________

Alt 21.10.2012, 12:43   #4
M-K-D-B
/// TB-Ausbilder
 
Avira findet 'TR/Crypt.ZPACK.Gen' und 'TR/Agent.53248.57' - Standard

Avira findet 'TR/Crypt.ZPACK.Gen' und 'TR/Agent.53248.57'



Servus,




Schritt 1
Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Vista und Win7 User mit Rechtsklick "als Admininstartor starten"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. ( Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.





Schritt 2
Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen.

Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und speichere das Logfile.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern ( Meistens C:\ )
    Als Beispiel: C:\TDSSKiller.<version_date_time>log.txt
Poste den Inhalt bitte hier in deinen Thread.





Schritt 3
Starte bitte OTL.exe.
Wähle unter
Extra Registrierung: Benutze Safe List und klicke auf den Scan Button.
Poste die OTL.txt und die Extras.txt hier in deinen Thread.





Bitte poste mit deiner nächsten Antwort
  • die Logdatei von aswMBR,
  • die Logdatei von TDSSKiller,
  • die beiden Logdateien von OTL.
__________________
Grüße aus Bayern

=========================

Das Trojaner-Board unterstützen

Alt 21.10.2012, 13:57   #5
Doeni
 
Avira findet 'TR/Crypt.ZPACK.Gen' und 'TR/Agent.53248.57' - Standard

Avira findet 'TR/Crypt.ZPACK.Gen' und 'TR/Agent.53248.57'



Hey Matthias!

Hier nun also


die Logdatei von aswMBR:

Code:
ATTFilter
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-21 13:51:40
-----------------------------
13:51:40.854    OS Version: Windows 6.0.6002 Service Pack 2
13:51:40.854    Number of processors: 2 586 0xF0D
13:51:40.854    ComputerName: DOENI-PC  UserName: Doeni
13:51:43.334    Initialize success
13:54:22.261    AVAST engine defs: 12102100
14:01:35.613    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
14:01:35.629    Disk 0 Vendor: FUJITSU_ 0000 Size: 238475MB BusType: 3
14:01:35.644    Disk 0 MBR read successfully
14:01:35.660    Disk 0 MBR scan
14:01:35.691    Disk 0 Windows VISTA default MBR code
14:01:35.722    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       130000 MB offset 2048
14:01:35.753    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS        28471 MB offset 266244096
14:01:35.785    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        80000 MB offset 324552704
14:01:35.800    Disk 0 scanning sectors +488392704
14:01:35.894    Disk 0 scanning C:\Windows\system32\drivers
14:01:58.498    Service scanning
14:02:29.776    Modules scanning
14:02:36.578    Disk 0 trace - called modules:
14:02:36.609    ntkrnlpa.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll 
14:02:36.609    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85ef9030]
14:02:36.625    3 CLASSPNP.SYS[885ab8b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x853d3028]
14:02:37.295    AVAST engine scan C:\Windows
14:02:42.303    AVAST engine scan C:\Windows\system32
14:06:49.473    AVAST engine scan C:\Windows\system32\drivers
14:07:08.537    AVAST engine scan C:\Users\Doeni
14:13:40.175    AVAST engine scan C:\ProgramData
14:15:38.813    Scan finished successfully
14:16:04.095    Disk 0 MBR has been saved successfully to "C:\Users\Doeni\Desktop\MBR.dat"
14:16:04.110    The log file has been saved successfully to "C:\Users\Doeni\Desktop\aswMBR.txt"
         

und die Logdatei von TDSSKiller:

Code:
ATTFilter
14:16:32.0022 2464  TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
14:16:32.0536 2464  ============================================================
14:16:32.0536 2464  Current date / time: 2012/10/21 14:16:32.0536
14:16:32.0536 2464  SystemInfo:
14:16:32.0536 2464  
14:16:32.0536 2464  OS Version: 6.0.6002 ServicePack: 2.0
14:16:32.0536 2464  Product type: Workstation
14:16:32.0536 2464  ComputerName: DOENI-PC
14:16:32.0536 2464  UserName: Doeni
14:16:32.0536 2464  Windows directory: C:\Windows
14:16:32.0536 2464  System windows directory: C:\Windows
14:16:32.0536 2464  Processor architecture: Intel x86
14:16:32.0536 2464  Number of processors: 2
14:16:32.0536 2464  Page size: 0x1000
14:16:32.0536 2464  Boot type: Normal boot
14:16:32.0536 2464  ============================================================
14:16:33.0145 2464  Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
14:16:33.0145 2464  ============================================================
14:16:33.0145 2464  \Device\Harddisk0\DR0:
14:16:33.0145 2464  MBR partitions:
14:16:33.0145 2464  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xFDE8168
14:16:33.0145 2464  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xFDE9000, BlocksNum 0x379B800
14:16:33.0145 2464  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x13584800, BlocksNum 0x9C40000
14:16:33.0145 2464  ============================================================
14:16:33.0176 2464  C: <-> \Device\Harddisk0\DR0\Partition1
14:16:33.0332 2464  P: <-> \Device\Harddisk0\DR0\Partition2
14:16:33.0472 2464  E: <-> \Device\Harddisk0\DR0\Partition3
14:16:33.0472 2464  ============================================================
14:16:33.0472 2464  Initialize success
14:16:33.0472 2464  ============================================================
14:16:44.0782 3404  ============================================================
14:16:44.0782 3404  Scan started
14:16:44.0782 3404  Mode: Manual; 
14:16:44.0782 3404  ============================================================
14:16:45.0921 3404  ================ Scan system memory ========================
14:16:45.0921 3404  System memory - ok
14:16:45.0921 3404  ================ Scan services =============================
14:16:46.0608 3404  [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI            C:\Windows\system32\drivers\acpi.sys
14:16:46.0670 3404  ACPI - ok
14:16:46.0732 3404  [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
14:16:46.0764 3404  adp94xx - ok
14:16:46.0795 3404  [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci         C:\Windows\system32\drivers\adpahci.sys
14:16:46.0795 3404  adpahci - ok
14:16:46.0826 3404  [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
14:16:46.0826 3404  adpu160m - ok
14:16:46.0888 3404  [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
14:16:46.0904 3404  adpu320 - ok
14:16:46.0951 3404  [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
14:16:46.0951 3404  AeLookupSvc - ok
14:16:47.0013 3404  [ 3911B972B55FEA0478476B2E777B29FA ] AFD             C:\Windows\system32\drivers\afd.sys
14:16:47.0029 3404  AFD - ok
14:16:47.0060 3404  [ 39E435C90C9C4F780FA0ED05CA3C3A1B ] AgereModemAudio C:\Windows\system32\agrsmsvc.exe
14:16:47.0076 3404  AgereModemAudio - ok
14:16:47.0122 3404  [ 2E3ABAACBF547ABBB5E73A504A56D05A ] AgereSoftModem  C:\Windows\system32\DRIVERS\AGRSM.sys
14:16:47.0154 3404  AgereSoftModem - ok
14:16:47.0185 3404  [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440          C:\Windows\system32\drivers\agp440.sys
14:16:47.0200 3404  agp440 - ok
14:16:47.0232 3404  [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
14:16:47.0232 3404  aic78xx - ok
14:16:47.0263 3404  [ A1545B731579895D8CC44FC0481C1192 ] ALG             C:\Windows\System32\alg.exe
14:16:47.0263 3404  ALG - ok
14:16:47.0278 3404  [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide          C:\Windows\system32\drivers\aliide.sys
14:16:47.0278 3404  aliide - ok
14:16:47.0310 3404  [ C47344BC706E5F0B9DCE369516661578 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
14:16:47.0310 3404  amdagp - ok
14:16:47.0325 3404  [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide          C:\Windows\system32\drivers\amdide.sys
14:16:47.0325 3404  amdide - ok
14:16:47.0356 3404  [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7           C:\Windows\system32\drivers\amdk7.sys
14:16:47.0356 3404  AmdK7 - ok
14:16:47.0372 3404  [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
14:16:47.0372 3404  AmdK8 - ok
14:16:47.0700 3404  [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
14:16:47.0700 3404  AntiVirSchedulerService - ok
14:16:47.0746 3404  [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService  C:\Program Files\Avira\AntiVir Desktop\avguard.exe
14:16:47.0762 3404  AntiVirService - ok
14:16:47.0793 3404  [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo         C:\Windows\System32\appinfo.dll
14:16:47.0793 3404  Appinfo - ok
14:16:47.0871 3404  [ 3DEBBECF665DCDDE3A95D9B902010817 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:16:47.0887 3404  Apple Mobile Device - ok
14:16:47.0949 3404  [ 5D2888182FB46632511ACEE92FDAD522 ] arc             C:\Windows\system32\drivers\arc.sys
14:16:47.0965 3404  arc - ok
14:16:47.0996 3404  [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
14:16:47.0996 3404  arcsas - ok
14:16:48.0043 3404  [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
14:16:48.0058 3404  AsyncMac - ok
14:16:48.0105 3404  [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi           C:\Windows\system32\drivers\atapi.sys
14:16:48.0105 3404  atapi - ok
14:16:48.0168 3404  [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
14:16:48.0168 3404  AudioEndpointBuilder - ok
14:16:48.0183 3404  [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv        C:\Windows\System32\Audiosrv.dll
14:16:48.0199 3404  Audiosrv - ok
14:16:48.0246 3404  [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
14:16:48.0261 3404  avgntflt - ok
14:16:48.0308 3404  [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
14:16:48.0308 3404  avipbb - ok
14:16:48.0355 3404  [ 53E56450DA16A1A7F0D002F511113F67 ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
14:16:48.0355 3404  avkmgr - ok
14:16:48.0386 3404  [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep            C:\Windows\system32\drivers\Beep.sys
14:16:48.0386 3404  Beep - ok
14:16:48.0433 3404  [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE             C:\Windows\System32\bfe.dll
14:16:48.0448 3404  BFE - ok
14:16:48.0636 3404  [ 93952506C6D67330367F7E7934B6A02F ] BITS            C:\Windows\system32\qmgr.dll
14:16:48.0667 3404  BITS - ok
14:16:48.0714 3404  [ D4DF28447741FD3D953526E33A617397 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
14:16:48.0714 3404  blbdrive - ok
14:16:48.0854 3404  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
14:16:48.0885 3404  Bonjour Service - ok
14:16:48.0932 3404  [ 35F376253F687BDE63976CCB3F2108CA ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
14:16:48.0963 3404  bowser - ok
14:16:48.0994 3404  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
14:16:49.0010 3404  BrFiltLo - ok
14:16:49.0057 3404  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
14:16:49.0072 3404  BrFiltUp - ok
14:16:49.0119 3404  [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser         C:\Windows\System32\browser.dll
14:16:49.0150 3404  Browser - ok
14:16:49.0182 3404  [ B304E75CFF293029EDDF094246747113 ] Brserid         C:\Windows\system32\drivers\brserid.sys
14:16:49.0182 3404  Brserid - ok
14:16:49.0197 3404  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
14:16:49.0197 3404  BrSerWdm - ok
14:16:49.0228 3404  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
14:16:49.0228 3404  BrUsbMdm - ok
14:16:49.0260 3404  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
14:16:49.0275 3404  BrUsbSer - ok
14:16:49.0322 3404  [ C0B236E51FD8DB8EF7ACE66A81C7F32D ] BthAvrcp        C:\Windows\system32\DRIVERS\BthAvrcp.sys
14:16:49.0322 3404  BthAvrcp - ok
14:16:49.0369 3404  [ 6D39C954799B63BA866910234CF7D726 ] BthEnum         C:\Windows\system32\DRIVERS\BthEnum.sys
14:16:49.0384 3404  BthEnum - ok
14:16:49.0431 3404  [ 9A966A8E86D1771911AE34A20D11BFF3 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
14:16:49.0431 3404  BTHMODEM - ok
14:16:49.0478 3404  [ 5904EFA25F829BF84EA6FB045134A1D8 ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
14:16:49.0478 3404  BthPan - ok
14:16:49.0587 3404  [ 611FF3F2F095C8D4A6D4CFD9DCC09793 ] BTHPORT         C:\Windows\system32\Drivers\BTHport.sys
14:16:49.0603 3404  BTHPORT - ok
14:16:49.0650 3404  [ A4C8377FA4A994E07075107DBE2E3DCE ] BthServ         C:\Windows\System32\bthserv.dll
14:16:49.0665 3404  BthServ - ok
14:16:49.0696 3404  [ D330803EAB2A15CAEC7F011F1D4CB30E ] BTHUSB          C:\Windows\system32\Drivers\BTHUSB.sys
14:16:49.0696 3404  BTHUSB - ok
14:16:49.0759 3404  catchme - ok
14:16:49.0821 3404  [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
14:16:49.0837 3404  cdfs - ok
14:16:49.0868 3404  [ 6B4BFFB9BECD728097024276430DB314 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
14:16:49.0868 3404  cdrom - ok
14:16:49.0915 3404  [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc     C:\Windows\System32\certprop.dll
14:16:49.0915 3404  CertPropSvc - ok
14:16:49.0962 3404  [ E5D4133F37219DBCFE102BC61072589D ] circlass        C:\Windows\system32\drivers\circlass.sys
14:16:49.0977 3404  circlass - ok
14:16:50.0024 3404  [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS            C:\Windows\system32\CLFS.sys
14:16:50.0024 3404  CLFS - ok
14:16:50.0086 3404  [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:16:50.0102 3404  clr_optimization_v2.0.50727_32 - ok
14:16:50.0149 3404  [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
14:16:50.0149 3404  CmBatt - ok
14:16:50.0180 3404  [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
14:16:50.0196 3404  cmdide - ok
14:16:50.0227 3404  [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
14:16:50.0227 3404  Compbatt - ok
14:16:50.0242 3404  COMSysApp - ok
14:16:50.0289 3404  [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
14:16:50.0289 3404  crcdisk - ok
14:16:50.0320 3404  [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe          C:\Windows\system32\drivers\crusoe.sys
14:16:50.0320 3404  Crusoe - ok
14:16:50.0383 3404  [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
14:16:50.0398 3404  CryptSvc - ok
14:16:50.0461 3404  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch      C:\Windows\system32\rpcss.dll
14:16:50.0508 3404  DcomLaunch - ok
14:16:50.0554 3404  [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
14:16:50.0554 3404  DfsC - ok
14:16:50.0664 3404  [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR            C:\Windows\system32\DFSR.exe
14:16:50.0726 3404  DFSR - ok
14:16:50.0788 3404  [ 9028559C132146FB75EB7ACF384B086A ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
14:16:50.0804 3404  Dhcp - ok
14:16:50.0835 3404  [ 5D4AEFC3386920236A548271F8F1AF6A ] disk            C:\Windows\system32\drivers\disk.sys
14:16:50.0851 3404  disk - ok
14:16:50.0882 3404  [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache        C:\Windows\System32\dnsrslvr.dll
14:16:50.0898 3404  Dnscache - ok
14:16:50.0944 3404  [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc         C:\Windows\System32\dot3svc.dll
14:16:50.0944 3404  dot3svc - ok
14:16:51.0022 3404  [ 4F59C172C094E1A1D46463A8DC061CBD ] Dot4            C:\Windows\system32\DRIVERS\Dot4.sys
14:16:51.0022 3404  Dot4 - ok
14:16:51.0100 3404  [ 80BF3BA09F6F2523C8F6B7CC6DBF7BD5 ] Dot4Print       C:\Windows\system32\DRIVERS\Dot4Prt.sys
14:16:51.0100 3404  Dot4Print - ok
14:16:51.0132 3404  [ C55004CA6B419B6695970DFE849B122F ] dot4usb         C:\Windows\system32\DRIVERS\dot4usb.sys
14:16:51.0132 3404  dot4usb - ok
14:16:51.0178 3404  [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS             C:\Windows\system32\dps.dll
14:16:51.0178 3404  DPS - ok
14:16:51.0210 3404  [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
14:16:51.0210 3404  drmkaud - ok
14:16:51.0272 3404  [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
14:16:51.0303 3404  DXGKrnl - ok
14:16:51.0319 3404  [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60           C:\Windows\system32\DRIVERS\E1G60I32.sys
14:16:51.0334 3404  E1G60 - ok
14:16:51.0366 3404  [ C0B95E40D85CD807D614E264248A45B9 ] EapHost         C:\Windows\System32\eapsvc.dll
14:16:51.0366 3404  EapHost - ok
14:16:51.0412 3404  [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache          C:\Windows\system32\drivers\ecache.sys
14:16:51.0412 3404  Ecache - ok
14:16:51.0490 3404  [ 3A511ED3C9A9DA2CD5A50FF46178063A ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
14:16:51.0506 3404  ehRecvr - ok
14:16:51.0537 3404  [ A3D94C93333619458AF4BDE7531234C5 ] ehSched         C:\Windows\ehome\ehsched.exe
14:16:51.0537 3404  ehSched - ok
14:16:51.0553 3404  [ 487BA5C5BB442BD172F120DC197811C2 ] ehstart         C:\Windows\ehome\ehstart.dll
14:16:51.0584 3404  ehstart - ok
14:16:51.0631 3404  [ 23B62471681A124889978F6295B3F4C6 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
14:16:51.0662 3404  elxstor - ok
14:16:51.0724 3404  [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt         C:\Windows\system32\emdmgmt.dll
14:16:51.0740 3404  EMDMgmt - ok
14:16:51.0771 3404  [ FC37A2212B56663BBABEF748266A58C7 ] EMSCR           C:\Windows\system32\DRIVERS\EMS7SK.sys
14:16:51.0771 3404  EMSCR - ok
14:16:51.0802 3404  [ 3DB974F3935483555D7148663F726C61 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
14:16:51.0802 3404  ErrDev - ok
14:16:51.0818 3404  [ A498240D0E1F0B27702E3DF77B0C6E56 ] ESDCR           C:\Windows\system32\DRIVERS\ESD7SK.sys
14:16:51.0834 3404  ESDCR - ok
14:16:51.0849 3404  [ CE6E1032802EE415955721A208A86718 ] ESMCR           C:\Windows\system32\DRIVERS\ESM7SK.sys
14:16:51.0865 3404  ESMCR - ok
14:16:51.0927 3404  [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem     C:\Windows\system32\es.dll
14:16:51.0927 3404  EventSystem - ok
14:16:51.0974 3404  [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat           C:\Windows\system32\drivers\exfat.sys
14:16:51.0990 3404  exfat - ok
14:16:52.0021 3404  [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
14:16:52.0021 3404  fastfat - ok
14:16:52.0068 3404  [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
14:16:52.0068 3404  fdc - ok
14:16:52.0099 3404  [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost         C:\Windows\system32\fdPHost.dll
14:16:52.0099 3404  fdPHost - ok
14:16:52.0114 3404  [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub        C:\Windows\system32\fdrespub.dll
14:16:52.0130 3404  FDResPub - ok
14:16:52.0146 3404  [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
14:16:52.0161 3404  FileInfo - ok
14:16:52.0208 3404  [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
14:16:52.0208 3404  Filetrace - ok
14:16:52.0270 3404  [ 227846995AFEEFA70D328BF5334A86A5 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
14:16:52.0380 3404  FLEXnet Licensing Service - ok
14:16:52.0426 3404  [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
14:16:52.0426 3404  flpydisk - ok
14:16:52.0473 3404  [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
14:16:52.0473 3404  FltMgr - ok
14:16:52.0551 3404  [ 8CE364388C8ECA59B14B539179276D44 ] FontCache       C:\Windows\system32\FntCache.dll
14:16:52.0598 3404  FontCache - ok
14:16:52.0645 3404  [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
14:16:52.0645 3404  FontCache3.0.0.0 - ok
14:16:52.0692 3404  [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
14:16:52.0692 3404  Fs_Rec - ok
14:16:52.0723 3404  [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
14:16:52.0723 3404  gagp30kx - ok
14:16:52.0770 3404  [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
14:16:52.0770 3404  GEARAspiWDM - ok
14:16:52.0816 3404  [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc           C:\Windows\System32\gpsvc.dll
14:16:52.0848 3404  gpsvc - ok
14:16:52.0926 3404  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
14:16:52.0941 3404  gupdate - ok
14:16:52.0957 3404  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
14:16:52.0957 3404  gupdatem - ok
14:16:53.0019 3404  [ 408DDD80EEDE47175F6844817B90213E ] gusvc           C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
14:16:53.0019 3404  gusvc - ok
14:16:53.0082 3404  [ 3F90E001369A07243763BD5A523D8722 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
14:16:53.0097 3404  HdAudAddService - ok
14:16:53.0160 3404  [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
14:16:53.0191 3404  HDAudBus - ok
14:16:53.0222 3404  [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth          C:\Windows\system32\drivers\hidbth.sys
14:16:53.0222 3404  HidBth - ok
14:16:53.0253 3404  [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr           C:\Windows\system32\drivers\hidir.sys
14:16:53.0253 3404  HidIr - ok
14:16:53.0316 3404  [ 84067081F3318162797385E11A8F0582 ] hidserv         C:\Windows\System32\hidserv.dll
14:16:53.0316 3404  hidserv - ok
14:16:53.0362 3404  [ CCA4B519B17E23A00B826C55716809CC ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
14:16:53.0362 3404  HidUsb - ok
14:16:53.0394 3404  [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc          C:\Windows\system32\kmsvc.dll
14:16:53.0409 3404  hkmsvc - ok
14:16:53.0440 3404  [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys
14:16:53.0440 3404  HpCISSs - ok
14:16:53.0534 3404  [ ED377B3C83FDEA8D906109A085D219BA ] hpqcxs08        C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
14:16:53.0534 3404  hpqcxs08 - ok
14:16:53.0596 3404  [ EE4C7A4CF2316701FFDE90F404520265 ] hpqddsvc        C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
14:16:53.0596 3404  hpqddsvc - ok
14:16:53.0643 3404  [ F870AA3E254628EBEAFE754108D664DE ] HTTP            C:\Windows\system32\drivers\HTTP.sys
14:16:53.0674 3404  HTTP - ok
14:16:53.0721 3404  [ C6B032D69650985468160FC9937CF5B4 ] i2omp           C:\Windows\system32\drivers\i2omp.sys
14:16:53.0721 3404  i2omp - ok
14:16:53.0752 3404  [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
14:16:53.0752 3404  i8042prt - ok
14:16:53.0862 3404  [ 62F534791AE488A475A3E508D92AF4CC ] ialm            C:\Windows\system32\DRIVERS\igdkmd32.sys
14:16:53.0940 3404  ialm - ok
14:16:53.0986 3404  [ 707C1692214B1C290271067197F075F6 ] iaStor          C:\Windows\system32\drivers\iastor.sys
14:16:53.0986 3404  iaStor - ok
14:16:54.0018 3404  [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys
14:16:54.0033 3404  iaStorV - ok
14:16:54.0111 3404  [ DAF66902F08796F9C694901660E5A64A ] IDriverT        C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
14:16:54.0158 3404  IDriverT - ok
14:16:54.0236 3404  [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
14:16:54.0345 3404  idsvc - ok
14:16:54.0470 3404  [ 62F534791AE488A475A3E508D92AF4CC ] igfx            C:\Windows\system32\DRIVERS\igdkmd32.sys
14:16:54.0501 3404  igfx - ok
14:16:54.0548 3404  [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
14:16:54.0548 3404  iirsp - ok
14:16:54.0595 3404  [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT          C:\Windows\System32\ikeext.dll
14:16:54.0626 3404  IKEEXT - ok
14:16:54.0704 3404  [ 98FB74EC7F46E25EC082F1925EEF39CD ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
14:16:54.0766 3404  IntcAzAudAddService - ok
14:16:54.0782 3404  [ 83AA759F3189E6370C30DE5DC5590718 ] intelide        C:\Windows\system32\drivers\intelide.sys
14:16:54.0782 3404  intelide - ok
14:16:54.0813 3404  [ 224191001E78C89DFA78924C3EA595FF ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
14:16:54.0813 3404  intelppm - ok
14:16:54.0829 3404  [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
14:16:54.0844 3404  IPBusEnum - ok
14:16:54.0876 3404  [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:16:54.0876 3404  IpFilterDriver - ok
14:16:54.0922 3404  [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
14:16:54.0922 3404  iphlpsvc - ok
14:16:54.0938 3404  IpInIp - ok
14:16:54.0969 3404  [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys
14:16:54.0969 3404  IPMIDRV - ok
14:16:55.0000 3404  [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys
14:16:55.0000 3404  IPNAT - ok
14:16:55.0078 3404  [ 178FE38B7740F598391EB2F51AE4CCAC ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
14:16:55.0110 3404  iPod Service - ok
14:16:55.0125 3404  [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
14:16:55.0125 3404  IRENUM - ok
14:16:55.0156 3404  [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
14:16:55.0156 3404  isapnp - ok
14:16:55.0188 3404  [ 232FA340531D940AAC623B121A595034 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
14:16:55.0203 3404  iScsiPrt - ok
14:16:55.0234 3404  [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
14:16:55.0234 3404  iteatapi - ok
14:16:55.0250 3404  [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid         C:\Windows\system32\drivers\iteraid.sys
14:16:55.0250 3404  iteraid - ok
14:16:55.0281 3404  [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
14:16:55.0281 3404  kbdclass - ok
14:16:55.0328 3404  [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
14:16:55.0328 3404  kbdhid - ok
14:16:55.0359 3404  [ A3E186B4B935905B829219502557314E ] KeyIso          C:\Windows\system32\lsass.exe
14:16:55.0359 3404  KeyIso - ok
14:16:55.0390 3404  [ 566C5FD480FDBCE3BA5CF9FBCFFAEA9A ] KMWDFILTER      C:\Windows\system32\DRIVERS\KMWDFILTER.sys
14:16:55.0390 3404  KMWDFILTER - ok
14:16:55.0437 3404  [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
14:16:55.0453 3404  KSecDD - ok
14:16:55.0484 3404  [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm           C:\Windows\system32\msdtckrm.dll
14:16:55.0515 3404  KtmRm - ok
14:16:55.0562 3404  [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer    C:\Windows\System32\srvsvc.dll
14:16:55.0562 3404  LanmanServer - ok
14:16:55.0624 3404  [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
14:16:55.0624 3404  LanmanWorkstation - ok
14:16:55.0671 3404  [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
14:16:55.0671 3404  lltdio - ok
14:16:55.0718 3404  [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
14:16:55.0718 3404  lltdsvc - ok
14:16:55.0749 3404  [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts         C:\Windows\System32\lmhsvc.dll
14:16:55.0749 3404  lmhosts - ok
14:16:55.0765 3404  [ C7E15E82879BF3235B559563D4185365 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
14:16:55.0780 3404  LSI_FC - ok
14:16:55.0796 3404  [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
14:16:55.0796 3404  LSI_SAS - ok
14:16:55.0827 3404  [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
14:16:55.0827 3404  LSI_SCSI - ok
14:16:55.0858 3404  [ 8F5C7426567798E62A3B3614965D62CC ] luafv           C:\Windows\system32\drivers\luafv.sys
14:16:55.0858 3404  luafv - ok
14:16:55.0890 3404  [ 3BD2AD18179DEAD6652E87157FB98E4A ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
14:16:55.0890 3404  Mcx2Svc - ok
14:16:55.0905 3404  [ 0001CE609D66632FA17B84705F658879 ] megasas         C:\Windows\system32\drivers\megasas.sys
14:16:55.0905 3404  megasas - ok
14:16:55.0952 3404  [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR          C:\Windows\system32\drivers\megasr.sys
14:16:55.0952 3404  MegaSR - ok
14:16:55.0983 3404  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS           C:\Windows\system32\mmcss.dll
14:16:55.0983 3404  MMCSS - ok
14:16:55.0999 3404  [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem           C:\Windows\system32\drivers\modem.sys
14:16:55.0999 3404  Modem - ok
14:16:56.0014 3404  [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
14:16:56.0014 3404  monitor - ok
14:16:56.0030 3404  [ 5BF6A1326A335C5298477754A506D263 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
14:16:56.0030 3404  mouclass - ok
14:16:56.0046 3404  [ 93B8D4869E12CFBE663915502900876F ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
14:16:56.0046 3404  mouhid - ok
14:16:56.0061 3404  [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
14:16:56.0061 3404  MountMgr - ok
14:16:56.0092 3404  [ 511D011289755DD9F9A7579FB0B064E6 ] mpio            C:\Windows\system32\drivers\mpio.sys
14:16:56.0092 3404  mpio - ok
14:16:56.0124 3404  [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
14:16:56.0124 3404  mpsdrv - ok
14:16:56.0186 3404  [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc          C:\Windows\system32\mpssvc.dll
14:16:56.0186 3404  MpsSvc - ok
14:16:56.0217 3404  [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
14:16:56.0217 3404  Mraid35x - ok
14:16:56.0264 3404  [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
14:16:56.0264 3404  MRxDAV - ok
14:16:56.0295 3404  [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
14:16:56.0295 3404  mrxsmb - ok
14:16:56.0358 3404  [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:16:56.0358 3404  mrxsmb10 - ok
14:16:56.0373 3404  [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:16:56.0373 3404  mrxsmb20 - ok
14:16:56.0404 3404  [ 28023E86F17001F7CD9B15A5BC9AE07D ] msahci          C:\Windows\system32\drivers\msahci.sys
14:16:56.0404 3404  msahci - ok
14:16:56.0436 3404  [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
14:16:56.0436 3404  msdsm - ok
14:16:56.0467 3404  [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC           C:\Windows\System32\msdtc.exe
14:16:56.0467 3404  MSDTC - ok
14:16:56.0482 3404  [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
14:16:56.0482 3404  Msfs - ok
14:16:56.0498 3404  [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
14:16:56.0498 3404  msisadrv - ok
14:16:56.0529 3404  [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
14:16:56.0529 3404  MSiSCSI - ok
14:16:56.0545 3404  msiserver - ok
14:16:56.0560 3404  [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
14:16:56.0560 3404  MSKSSRV - ok
14:16:56.0576 3404  [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
14:16:56.0576 3404  MSPCLOCK - ok
14:16:56.0592 3404  [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
14:16:56.0592 3404  MSPQM - ok
14:16:56.0623 3404  [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
14:16:56.0638 3404  MsRPC - ok
14:16:56.0654 3404  [ E384487CB84BE41D09711C30CA79646C ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
14:16:56.0654 3404  mssmbios - ok
14:16:56.0670 3404  [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
14:16:56.0670 3404  MSTEE - ok
14:16:56.0670 3404  [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup             C:\Windows\system32\Drivers\mup.sys
14:16:56.0685 3404  Mup - ok
14:16:56.0732 3404  [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent        C:\Windows\system32\qagentRT.dll
14:16:56.0732 3404  napagent - ok
14:16:56.0763 3404  [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
14:16:56.0779 3404  NativeWifiP - ok
14:16:56.0872 3404  [ 6D8FCDD5BB3B676EF58FA234073492C6 ] NBService       P:\Nero\Nero 7\Nero BackItUp\NBService.exe
14:16:56.0888 3404  NBService - ok
14:16:56.0950 3404  [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS            C:\Windows\system32\drivers\ndis.sys
14:16:56.0966 3404  NDIS - ok
14:16:56.0997 3404  [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
14:16:56.0997 3404  NdisTapi - ok
14:16:57.0013 3404  [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
14:16:57.0013 3404  Ndisuio - ok
14:16:57.0028 3404  [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
14:16:57.0028 3404  NdisWan - ok
14:16:57.0044 3404  [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
14:16:57.0044 3404  NDProxy - ok
14:16:57.0091 3404  [ 949941E4DE88DF1FAF49A4B3CFFB756F ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
14:16:57.0091 3404  Net Driver HPZ12 - ok
14:16:57.0106 3404  [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
14:16:57.0106 3404  NetBIOS - ok
14:16:57.0153 3404  [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt           C:\Windows\system32\DRIVERS\netbt.sys
14:16:57.0169 3404  netbt - ok
14:16:57.0184 3404  [ A3E186B4B935905B829219502557314E ] Netlogon        C:\Windows\system32\lsass.exe
14:16:57.0184 3404  Netlogon - ok
14:16:57.0200 3404  [ C8052711DAECC48B982434C5116CA401 ] Netman          C:\Windows\System32\netman.dll
14:16:57.0216 3404  Netman - ok
14:16:57.0231 3404  [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm        C:\Windows\System32\netprofm.dll
14:16:57.0231 3404  netprofm - ok
14:16:57.0262 3404  [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:16:57.0278 3404  NetTcpPortSharing - ok
14:16:57.0387 3404  [ 9CA26DCCF0B84A6FF2B54FBB2A94520B ] NETw5v32        C:\Windows\system32\DRIVERS\NETw5v32.sys
14:16:57.0481 3404  NETw5v32 - ok
14:16:57.0512 3404  [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
14:16:57.0512 3404  nfrd960 - ok
14:16:57.0543 3404  [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc          C:\Windows\System32\nlasvc.dll
14:16:57.0543 3404  NlaSvc - ok
14:16:57.0621 3404  [ 060DAF68493AD7ADF104413E5A62AFA8 ] NMIndexingService C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
14:16:57.0668 3404  NMIndexingService - ok
14:16:57.0730 3404  [ 4A8A2AA0706B659175169DECF198E9D7 ] nmwcd           C:\Windows\system32\drivers\ccdcmb.sys
14:16:57.0730 3404  nmwcd - ok
14:16:57.0762 3404  [ FD3E61831095AC62E6840D986B5A2016 ] nmwcdc          C:\Windows\system32\drivers\ccdcmbo.sys
14:16:57.0762 3404  nmwcdc - ok
14:16:57.0793 3404  [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
14:16:57.0793 3404  Npfs - ok
14:16:57.0824 3404  [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi             C:\Windows\system32\nsisvc.dll
14:16:57.0824 3404  nsi - ok
14:16:57.0840 3404  [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
14:16:57.0840 3404  nsiproxy - ok
14:16:57.0918 3404  [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
14:16:57.0949 3404  Ntfs - ok
14:16:57.0980 3404  [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi       C:\Windows\system32\drivers\ntrigdigi.sys
14:16:57.0980 3404  ntrigdigi - ok
14:16:57.0996 3404  [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null            C:\Windows\system32\drivers\Null.sys
14:16:58.0011 3404  Null - ok
14:16:58.0027 3404  [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
14:16:58.0027 3404  nvraid - ok
14:16:58.0058 3404  [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
14:16:58.0058 3404  nvstor - ok
14:16:58.0074 3404  [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
14:16:58.0089 3404  nv_agp - ok
14:16:58.0089 3404  NwlnkFlt - ok
14:16:58.0105 3404  NwlnkFwd - ok
14:16:58.0120 3404  [ BE32DA025A0BE1878F0EE8D6D9386CD5 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
14:16:58.0120 3404  ohci1394 - ok
14:16:58.0183 3404  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:16:58.0198 3404  ose - ok
14:16:58.0245 3404  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc        C:\Windows\system32\p2psvc.dll
14:16:58.0276 3404  p2pimsvc - ok
14:16:58.0292 3404  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc          C:\Windows\system32\p2psvc.dll
14:16:58.0308 3404  p2psvc - ok
14:16:58.0323 3404  [ 8A79FDF04A73428597E2CAF9D0D67850 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
14:16:58.0339 3404  Parport - ok
14:16:58.0386 3404  [ B9C2B89F08670E159F7181891E449CD9 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
14:16:58.0386 3404  partmgr - ok
14:16:58.0417 3404  [ 6C580025C81CAF3AE9E3617C22CAD00E ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys
14:16:58.0417 3404  Parvdm - ok
14:16:58.0432 3404  [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc          C:\Windows\System32\pcasvc.dll
14:16:58.0432 3404  PcaSvc - ok
14:16:58.0479 3404  [ FD2041E9BA03DB7764B2248F02475079 ] pccsmcfd        C:\Windows\system32\DRIVERS\pccsmcfd.sys
14:16:58.0479 3404  pccsmcfd - ok
14:16:58.0526 3404  [ 941DC1D19E7E8620F40BBC206981EFDB ] pci             C:\Windows\system32\drivers\pci.sys
14:16:58.0526 3404  pci - ok
14:16:58.0542 3404  [ FC175F5DDAB666D7F4D17449A547626F ] pciide          C:\Windows\system32\drivers\pciide.sys
14:16:58.0542 3404  pciide - ok
14:16:58.0573 3404  [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
14:16:58.0588 3404  pcmcia - ok
14:16:58.0635 3404  [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
14:16:58.0666 3404  PEAUTH - ok
14:16:58.0729 3404  [ B1689DF169143F57053F795390C99DB3 ] pla             C:\Windows\system32\pla.dll
14:16:58.0776 3404  pla - ok
14:16:58.0822 3404  [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
14:16:58.0838 3404  PlugPlay - ok
14:16:58.0854 3404  [ 2F4CA141A609CAF5C98F6E4760EF1B9B ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
14:16:58.0869 3404  Pml Driver HPZ12 - ok
14:16:58.0916 3404  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg     C:\Windows\system32\p2psvc.dll
14:16:58.0916 3404  PNRPAutoReg - ok
14:16:58.0947 3404  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc         C:\Windows\system32\p2psvc.dll
14:16:58.0963 3404  PNRPsvc - ok
14:16:58.0994 3404  [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
14:16:58.0994 3404  PolicyAgent - ok
14:16:59.0041 3404  [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
14:16:59.0041 3404  PptpMiniport - ok
14:16:59.0056 3404  [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor       C:\Windows\system32\drivers\processr.sys
14:16:59.0072 3404  Processor - ok
14:16:59.0103 3404  [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc         C:\Windows\system32\profsvc.dll
14:16:59.0103 3404  ProfSvc - ok
14:16:59.0119 3404  [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
14:16:59.0119 3404  ProtectedStorage - ok
14:16:59.0166 3404  [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
14:16:59.0166 3404  PSched - ok
14:16:59.0212 3404  [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
14:16:59.0244 3404  ql2300 - ok
14:16:59.0275 3404  [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
14:16:59.0275 3404  ql40xx - ok
14:16:59.0322 3404  [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE           C:\Windows\system32\qwave.dll
14:16:59.0322 3404  QWAVE - ok
14:16:59.0353 3404  [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
14:16:59.0353 3404  QWAVEdrv - ok
14:16:59.0368 3404  [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
14:16:59.0368 3404  RasAcd - ok
14:16:59.0384 3404  [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto         C:\Windows\System32\rasauto.dll
14:16:59.0400 3404  RasAuto - ok
14:16:59.0400 3404  [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
14:16:59.0400 3404  Rasl2tp - ok
14:16:59.0446 3404  [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan          C:\Windows\System32\rasmans.dll
14:16:59.0462 3404  RasMan - ok
14:16:59.0493 3404  [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
14:16:59.0509 3404  RasPppoe - ok
14:16:59.0540 3404  [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
14:16:59.0540 3404  RasSstp - ok
14:16:59.0587 3404  [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
14:16:59.0587 3404  rdbss - ok
14:16:59.0618 3404  [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
14:16:59.0618 3404  RDPCDD - ok
14:16:59.0665 3404  [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr           C:\Windows\system32\drivers\rdpdr.sys
14:16:59.0665 3404  rdpdr - ok
14:16:59.0665 3404  [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
14:16:59.0665 3404  RDPENCDD - ok
14:16:59.0727 3404  [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
14:16:59.0727 3404  RDPWD - ok
14:16:59.0758 3404  [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess    C:\Windows\System32\mprdim.dll
14:16:59.0758 3404  RemoteAccess - ok
14:16:59.0805 3404  [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry  C:\Windows\system32\regsvc.dll
14:16:59.0805 3404  RemoteRegistry - ok
14:16:59.0852 3404  [ 6482707F9F4DA0ECBAB43B2E0398A101 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
14:16:59.0868 3404  RFCOMM - ok
14:16:59.0883 3404  [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator      C:\Windows\system32\locator.exe
14:16:59.0883 3404  RpcLocator - ok
14:16:59.0914 3404  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs           C:\Windows\system32\rpcss.dll
14:16:59.0930 3404  RpcSs - ok
14:16:59.0946 3404  [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
14:16:59.0946 3404  rspndr - ok
14:16:59.0992 3404  [ 2D19A7469EA19993D0C12E627F4530BC ] RTL8169         C:\Windows\system32\DRIVERS\Rtlh86.sys
14:16:59.0992 3404  RTL8169 - ok
14:17:00.0008 3404  [ A3E186B4B935905B829219502557314E ] SamSs           C:\Windows\system32\lsass.exe
14:17:00.0008 3404  SamSs - ok
14:17:00.0055 3404  [ 3CE8F073A557E172B330109436984E30 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
14:17:00.0070 3404  sbp2port - ok
14:17:00.0102 3404  [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
14:17:00.0102 3404  SCardSvr - ok
14:17:00.0164 3404  [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule        C:\Windows\system32\schedsvc.dll
14:17:00.0195 3404  Schedule - ok
14:17:00.0211 3404  [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc     C:\Windows\System32\certprop.dll
14:17:00.0211 3404  SCPolicySvc - ok
14:17:00.0258 3404  [ 8F36B54688C31EED4580129040C6A3D3 ] sdbus           C:\Windows\system32\DRIVERS\sdbus.sys
14:17:00.0258 3404  sdbus - ok
14:17:00.0289 3404  [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
14:17:00.0304 3404  SDRSVC - ok
14:17:00.0320 3404  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
14:17:00.0320 3404  secdrv - ok
14:17:00.0336 3404  [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon        C:\Windows\system32\seclogon.dll
14:17:00.0336 3404  seclogon - ok
14:17:00.0367 3404  [ A9BBAB5759771E523F55563D6CBE140F ] SENS            C:\Windows\system32\sens.dll
14:17:00.0367 3404  SENS - ok
14:17:00.0414 3404  [ A59E73BCB63F4F30183CF0A22C29FAF5 ] Ser2pl          C:\Windows\system32\DRIVERS\ser2pl.sys
14:17:00.0414 3404  Ser2pl - ok
14:17:00.0460 3404  [ CE9EC966638EF0B10B864DDEDF62A099 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
14:17:00.0460 3404  Serenum - ok
14:17:00.0492 3404  [ 6D663022DB3E7058907784AE14B69898 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
14:17:00.0492 3404  Serial - ok
14:17:00.0507 3404  [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
14:17:00.0507 3404  sermouse - ok
14:17:00.0585 3404  [ 58D5BFDF3ADF49FE9CABD78CC61D92F6 ] ServiceLayer    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
14:17:00.0616 3404  ServiceLayer - ok
14:17:00.0663 3404  [ D2193326F729B163125610DBF3E17D57 ] SessionEnv      C:\Windows\system32\sessenv.dll
14:17:00.0663 3404  SessionEnv - ok
14:17:00.0694 3404  [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
14:17:00.0694 3404  sffdisk - ok
14:17:00.0726 3404  [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
14:17:00.0726 3404  sffp_mmc - ok
14:17:00.0741 3404  [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
14:17:00.0741 3404  sffp_sd - ok
14:17:00.0772 3404  [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
14:17:00.0772 3404  sfloppy - ok
14:17:00.0804 3404  [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
14:17:00.0819 3404  SharedAccess - ok
14:17:00.0882 3404  [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
14:17:00.0882 3404  ShellHWDetection - ok
14:17:00.0928 3404  [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp          C:\Windows\system32\drivers\sisagp.sys
14:17:00.0928 3404  sisagp - ok
14:17:00.0944 3404  [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
14:17:00.0960 3404  SiSRaid2 - ok
14:17:00.0975 3404  [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
14:17:00.0975 3404  SiSRaid4 - ok
14:17:01.0100 3404  [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc           C:\Windows\system32\SLsvc.exe
14:17:01.0209 3404  slsvc - ok
14:17:01.0240 3404  [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify      C:\Windows\system32\SLUINotify.dll
14:17:01.0256 3404  SLUINotify - ok
14:17:01.0303 3404  [ 7B75299A4D201D6A6533603D6914AB04 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
14:17:01.0303 3404  Smb - ok
14:17:01.0334 3404  [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
14:17:01.0350 3404  SNMPTRAP - ok
14:17:01.0365 3404  [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr           C:\Windows\system32\drivers\spldr.sys
14:17:01.0365 3404  spldr - ok
14:17:01.0396 3404  [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler         C:\Windows\System32\spoolsv.exe
14:17:01.0412 3404  Spooler - ok
14:17:01.0490 3404  [ 4F576E516CC76EC50A244586BCFA1C78 ] sptd            C:\Windows\System32\Drivers\sptd.sys
14:17:01.0521 3404  sptd - ok
14:17:01.0537 3404  [ 7B426B8E809EDF081D771EF429345528 ] sp_rsdrv2       C:\Windows\system32\drivers\sp_rsdrv2.sys
14:17:01.0537 3404  sp_rsdrv2 - ok
14:17:01.0584 3404  [ 41987F9FC0E61ADF54F581E15029AD91 ] srv             C:\Windows\system32\DRIVERS\srv.sys
14:17:01.0584 3404  srv - ok
14:17:01.0646 3404  [ FF33AFF99564B1AA534F58868CBE41EF ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
14:17:01.0646 3404  srv2 - ok
14:17:01.0662 3404  [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
14:17:01.0662 3404  srvnet - ok
14:17:01.0693 3404  [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
14:17:01.0708 3404  SSDPSRV - ok
14:17:01.0740 3404  [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv          C:\Windows\system32\DRIVERS\ssmdrv.sys
14:17:01.0740 3404  ssmdrv - ok
14:17:01.0771 3404  [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
14:17:01.0786 3404  SstpSvc - ok
14:17:01.0833 3404  [ BB807054A6F06E4A6361CB6C10CC64B1 ] ST2012_Svc      C:\Program Files\Spyware Terminator\st_rsser.exe
14:17:01.0864 3404  ST2012_Svc - ok
14:17:01.0911 3404  [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc          C:\Windows\System32\wiaservc.dll
14:17:01.0942 3404  stisvc - ok
14:17:01.0958 3404  [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
14:17:01.0974 3404  swenum - ok
14:17:02.0005 3404  [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv           C:\Windows\System32\swprv.dll
14:17:02.0036 3404  swprv - ok
14:17:02.0052 3404  [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys
14:17:02.0052 3404  Symc8xx - ok
14:17:02.0083 3404  [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
14:17:02.0083 3404  Sym_hi - ok
14:17:02.0098 3404  [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
14:17:02.0098 3404  Sym_u3 - ok
14:17:02.0145 3404  [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain         C:\Windows\system32\sysmain.dll
14:17:02.0161 3404  SysMain - ok
14:17:02.0192 3404  [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
14:17:02.0192 3404  TabletInputService - ok
14:17:02.0254 3404  [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv         C:\Windows\System32\tapisrv.dll
14:17:02.0254 3404  TapiSrv - ok
14:17:02.0286 3404  [ CB05822CD9CC6C688168E113C603DBE7 ] TBS             C:\Windows\System32\tbssvc.dll
14:17:02.0301 3404  TBS - ok
14:17:02.0364 3404  [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
14:17:02.0395 3404  Tcpip - ok
14:17:02.0442 3404  [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
14:17:02.0457 3404  Tcpip6 - ok
14:17:02.0504 3404  [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
14:17:02.0504 3404  tcpipreg - ok
14:17:02.0520 3404  [ 5CA437A08509FB7ECF843480FC1232E2 ] TcUsb           C:\Windows\system32\Drivers\tcusb.sys
14:17:02.0520 3404  TcUsb - ok
14:17:02.0551 3404  [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
14:17:02.0551 3404  TDPIPE - ok
14:17:02.0566 3404  [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
14:17:02.0566 3404  TDTCP - ok
14:17:02.0598 3404  [ 76B06EB8A01FC8624D699E7045303E54 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
14:17:02.0613 3404  tdx - ok
14:17:02.0644 3404  [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
14:17:02.0644 3404  TermDD - ok
14:17:02.0691 3404  [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService     C:\Windows\System32\termsrv.dll
14:17:02.0722 3404  TermService - ok
14:17:02.0738 3404  [ C7230FBEE14437716701C15BE02C27B8 ] Themes          C:\Windows\system32\shsvcs.dll
14:17:02.0754 3404  Themes - ok
14:17:02.0769 3404  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER     C:\Windows\system32\mmcss.dll
14:17:02.0769 3404  THREADORDER - ok
14:17:02.0785 3404  [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks          C:\Windows\System32\trkwks.dll
14:17:02.0800 3404  TrkWks - ok
14:17:02.0847 3404  [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
14:17:02.0847 3404  TrustedInstaller - ok
14:17:02.0878 3404  [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
14:17:02.0878 3404  tssecsrv - ok
14:17:02.0894 3404  [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp           C:\Windows\system32\DRIVERS\tunmp.sys
14:17:02.0894 3404  tunmp - ok
14:17:02.0941 3404  [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
14:17:02.0941 3404  tunnel - ok
14:17:02.0956 3404  [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35          C:\Windows\system32\drivers\uagp35.sys
14:17:02.0972 3404  uagp35 - ok
14:17:03.0003 3404  [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
14:17:03.0019 3404  udfs - ok
14:17:03.0050 3404  [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
14:17:03.0050 3404  UI0Detect - ok
14:17:03.0066 3404  [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
14:17:03.0081 3404  uliagpkx - ok
14:17:03.0112 3404  [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci         C:\Windows\system32\drivers\uliahci.sys
14:17:03.0112 3404  uliahci - ok
14:17:03.0144 3404  [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata          C:\Windows\system32\drivers\ulsata.sys
14:17:03.0144 3404  UlSata - ok
14:17:03.0175 3404  [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys
14:17:03.0175 3404  ulsata2 - ok
14:17:03.0190 3404  [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
14:17:03.0206 3404  umbus - ok
14:17:03.0237 3404  [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost        C:\Windows\System32\upnphost.dll
14:17:03.0253 3404  upnphost - ok
14:17:03.0284 3404  [ 587E643A4E2FFD9A00F114B057CEB773 ] upperdev        C:\Windows\system32\DRIVERS\usbser_lowerflt.sys
14:17:03.0284 3404  upperdev - ok
14:17:03.0315 3404  [ 60A68A5EA173A97971EE9F1FF49EB2B3 ] USBAAPL         C:\Windows\system32\Drivers\usbaapl.sys
14:17:03.0315 3404  USBAAPL - ok
14:17:03.0346 3404  [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
14:17:03.0362 3404  usbccgp - ok
14:17:03.0393 3404  [ E9476E6C486E76BC4898074768FB7131 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
14:17:03.0393 3404  usbcir - ok
14:17:03.0424 3404  [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
14:17:03.0424 3404  usbehci - ok
14:17:03.0487 3404  [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
14:17:03.0487 3404  usbhub - ok
14:17:03.0518 3404  [ 38DBC7DD6CC5A72011F187425384388B ] usbohci         C:\Windows\system32\drivers\usbohci.sys
14:17:03.0518 3404  usbohci - ok
14:17:03.0549 3404  [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
14:17:03.0549 3404  usbprint - ok
14:17:03.0596 3404  [ A508C9BD8724980512136B039BBA65E9 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
14:17:03.0596 3404  usbscan - ok
14:17:03.0643 3404  [ D575246188F63DE0ACCF6EAC5FB59E6A ] usbser          C:\Windows\system32\drivers\usbser.sys
14:17:03.0643 3404  usbser - ok
14:17:03.0658 3404  [ FCA6A196D47CB972A0E4ADC0DB9CD17C ] UsbserFilt      C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys
14:17:03.0658 3404  UsbserFilt - ok
14:17:03.0705 3404  [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:17:03.0705 3404  USBSTOR - ok
14:17:03.0736 3404  [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
14:17:03.0736 3404  usbuhci - ok
14:17:03.0768 3404  [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
14:17:03.0768 3404  usbvideo - ok
14:17:03.0799 3404  [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms           C:\Windows\System32\uxsms.dll
14:17:03.0799 3404  UxSms - ok
14:17:03.0861 3404  [ CD88D1B7776DC17A119049742EC07EB4 ] vds             C:\Windows\System32\vds.exe
14:17:03.0877 3404  vds - ok
14:17:03.0892 3404  [ 87B06E1F30B749A114F74622D013F8D4 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
14:17:03.0908 3404  vga - ok
14:17:03.0924 3404  [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave         C:\Windows\System32\drivers\vga.sys
14:17:03.0939 3404  VgaSave - ok
14:17:03.0955 3404  [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp          C:\Windows\system32\drivers\viaagp.sys
14:17:03.0955 3404  viaagp - ok
14:17:03.0986 3404  [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7           C:\Windows\system32\drivers\viac7.sys
14:17:03.0986 3404  ViaC7 - ok
14:17:04.0002 3404  [ AADF5587A4063F52C2C3FED7887426FC ] viaide          C:\Windows\system32\drivers\viaide.sys
14:17:04.0002 3404  viaide - ok
14:17:04.0033 3404  [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
14:17:04.0033 3404  volmgr - ok
14:17:04.0080 3404  [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
14:17:04.0095 3404  volmgrx - ok
14:17:04.0142 3404  [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
14:17:04.0158 3404  volsnap - ok
14:17:04.0204 3404  [ 587253E09325E6BF226B299774B728A9 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
14:17:04.0204 3404  vsmraid - ok
14:17:04.0282 3404  [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS             C:\Windows\system32\vssvc.exe
14:17:04.0329 3404  VSS - ok
14:17:04.0360 3404  [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time         C:\Windows\system32\w32time.dll
14:17:04.0376 3404  W32Time - ok
14:17:04.0423 3404  [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
14:17:04.0423 3404  WacomPen - ok
14:17:04.0454 3404  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
14:17:04.0470 3404  Wanarp - ok
14:17:04.0470 3404  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
14:17:04.0485 3404  Wanarpv6 - ok
14:17:04.0516 3404  [ A3CD60FD826381B49F03832590E069AF ] wcncsvc         C:\Windows\System32\wcncsvc.dll
14:17:04.0548 3404  wcncsvc - ok
14:17:04.0579 3404  [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
14:17:04.0579 3404  WcsPlugInService - ok
14:17:04.0610 3404  [ 78FE9542363F297B18C027B2D7E7C07F ] Wd              C:\Windows\system32\drivers\wd.sys
14:17:04.0626 3404  Wd - ok
14:17:04.0626 3404  WDC_SAM - ok
14:17:04.0672 3404  [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
14:17:04.0704 3404  Wdf01000 - ok
14:17:04.0719 3404  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
14:17:04.0719 3404  WdiServiceHost - ok
14:17:04.0766 3404  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
14:17:04.0766 3404  WdiSystemHost - ok
14:17:04.0813 3404  [ 04C37D8107320312FBAE09926103D5E2 ] WebClient       C:\Windows\System32\webclnt.dll
14:17:04.0828 3404  WebClient - ok
14:17:04.0875 3404  [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc          C:\Windows\system32\wecsvc.dll
14:17:04.0891 3404  Wecsvc - ok
14:17:04.0922 3404  [ 670FF720071ED741206D69BD995EA453 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
14:17:04.0922 3404  wercplsupport - ok
14:17:04.0969 3404  [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc          C:\Windows\System32\WerSvc.dll
14:17:04.0969 3404  WerSvc - ok
14:17:05.0031 3404  [ 4575AA12561C5648483403541D0D7F2B ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
14:17:05.0078 3404  WinDefend - ok
14:17:05.0094 3404  WinHttpAutoProxySvc - ok
14:17:05.0172 3404  [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
14:17:05.0218 3404  Winmgmt - ok
14:17:05.0296 3404  [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM           C:\Windows\system32\WsmSvc.dll
14:17:05.0343 3404  WinRM - ok
14:17:05.0421 3404  [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc         C:\Windows\System32\wlansvc.dll
14:17:05.0452 3404  Wlansvc - ok
14:17:05.0499 3404  [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
14:17:05.0499 3404  WmiAcpi - ok
14:17:05.0546 3404  [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
14:17:05.0577 3404  wmiApSrv - ok
14:17:05.0671 3404  [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
14:17:05.0780 3404  WMPNetworkSvc - ok
14:17:05.0811 3404  [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
14:17:05.0827 3404  WPCSvc - ok
14:17:05.0874 3404  [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
14:17:05.0874 3404  WPDBusEnum - ok
14:17:05.0920 3404  [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb          C:\Windows\system32\DRIVERS\wpdusb.sys
14:17:05.0920 3404  WpdUsb - ok
14:17:05.0967 3404  [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
14:17:05.0967 3404  ws2ifsl - ok
14:17:05.0998 3404  [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc          C:\Windows\system32\wscsvc.dll
14:17:06.0014 3404  wscsvc - ok
14:17:06.0014 3404  WSearch - ok
14:17:06.0139 3404  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
14:17:06.0217 3404  wuauserv - ok
14:17:06.0248 3404  [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
14:17:06.0248 3404  WUDFRd - ok
14:17:06.0279 3404  [ 575A4190D989F64732119E4114045A4F ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
14:17:06.0295 3404  wudfsvc - ok
14:17:06.0326 3404  ================ Scan global ===============================
14:17:06.0373 3404  [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
14:17:06.0420 3404  [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
14:17:06.0466 3404  [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
14:17:06.0513 3404  [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
14:17:06.0544 3404  [Global] - ok
14:17:06.0544 3404  ================ Scan MBR ==================================
14:17:06.0560 3404  [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
14:17:06.0810 3404  \Device\Harddisk0\DR0 - ok
14:17:06.0810 3404  ================ Scan VBR ==================================
14:17:06.0810 3404  [ 3658E1257F2218762EC2F4D3B837C934 ] \Device\Harddisk0\DR0\Partition1
14:17:06.0825 3404  \Device\Harddisk0\DR0\Partition1 - ok
14:17:06.0841 3404  [ FEA590CB5E6F31F505461621FB2A80E8 ] \Device\Harddisk0\DR0\Partition2
14:17:06.0841 3404  \Device\Harddisk0\DR0\Partition2 - ok
14:17:06.0856 3404  [ E369EB07718DD63880F277C7FE954877 ] \Device\Harddisk0\DR0\Partition3
14:17:06.0856 3404  \Device\Harddisk0\DR0\Partition3 - ok
14:17:06.0856 3404  ============================================================
14:17:06.0856 3404  Scan finished
14:17:06.0856 3404  ============================================================
14:17:06.0872 3780  Detected object count: 0
14:17:06.0872 3780  Actual detected object count: 0
14:17:34.0047 3984  Deinitialize success
         
sowie die OTL.txt:

Code:
ATTFilter
OTL logfile created on: 21.10.2012 14:18:23 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Doeni\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19328)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 1,03 Gb Available Physical Memory | 51,79% Memory free
4,22 Gb Paging File | 3,12 Gb Available in Paging File | 74,04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 126,95 Gb Total Space | 17,92 Gb Free Space | 14,11% Space Free | Partition Type: NTFS
Drive E: | 78,12 Gb Total Space | 17,10 Gb Free Space | 21,89% Space Free | Partition Type: NTFS
Drive P: | 27,80 Gb Total Space | 10,84 Gb Free Space | 38,99% Space Free | Partition Type: NTFS
 
Computer Name: DOENI-PC | User Name: Doeni | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.10.19 16:04:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Doeni\Downloads\OTL.exe
PRC - [2012.08.09 10:25:14 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.04.24 02:11:55 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011.09.14 00:26:26 | 000,573,104 | ---- | M] (Crawler.com) -- C:\Programme\Spyware Terminator\st_rsser.exe
PRC - [2009.04.11 08:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2007.03.28 20:47:34 | 000,021,504 | ---- | M] (UPEK Inc.) -- C:\Programme\Protector Suite QL\upeksvr.exe
PRC - [2007.03.28 20:30:18 | 000,053,776 | ---- | M] (UPEK Inc.) -- C:\Programme\Protector Suite QL\psqltray.exe
PRC - [2006.10.05 14:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2009.11.04 02:14:04 | 000,054,272 | ---- | M] () -- P:\Notepad++\NppShell_01.dll
MOD - [2008.09.16 21:18:06 | 000,132,608 | ---- | M] () -- P:\winRAR\RarExt.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.09.14 00:26:26 | 000,573,104 | ---- | M] (Crawler.com) [Auto | Running] -- C:\Programme\Spyware Terminator\st_rsser.exe -- (ST2012_Svc)
SRV - [2010.12.30 00:14:07 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009.06.02 11:10:08 | 000,637,952 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006.10.05 14:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\wdcsam.sys -- (WDC_SAM)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Doeni\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\Doeni\AppData\Local\Temp\aswMBR.sys -- (aswMBR)
DRV - [2012.04.27 10:20:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.04.25 00:32:27 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.04.16 21:17:40 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.06.21 11:24:06 | 000,032,768 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\sp_rsdrv2.sys -- (sp_rsdrv2)
DRV - [2010.06.23 10:21:32 | 000,259,176 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.08.27 09:53:18 | 000,027,488 | ---- | M] (CSR, plc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BthAvrcp.sys -- (BthAvrcp)
DRV - [2009.04.29 16:47:47 | 000,682,232 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2009.02.09 09:37:56 | 000,007,808 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2009.02.09 09:37:48 | 000,007,808 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2009.02.09 09:37:46 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2009.02.09 09:37:46 | 000,017,664 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2008.10.09 15:42:42 | 000,017,408 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV - [2008.08.26 11:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008.06.26 06:30:50 | 003,662,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32)
DRV - [2007.10.18 13:33:48 | 000,119,424 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2007.04.11 10:40:14 | 000,046,592 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ESD7SK.sys -- (ESDCR)
DRV - [2007.04.11 10:40:10 | 000,063,488 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ESM7SK.sys -- (ESMCR)
DRV - [2007.04.11 10:40:06 | 000,067,584 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\EMS7SK.sys -- (EMSCR)
DRV - [2006.10.05 12:39:40 | 001,161,152 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D0 FE 70 16 64 8F CD 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/ie.aspx?q={searchTerms}
IE - HKCU\..\SearchScopes\Google.de: "URL" = hxxp://www.google.de/search?hl=de&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.tagesschau.de"
FF - prefs.js..extensions.enabledItems: {446c03e0-2c35-11db-a98b-0800200c9a66}:0.6.2.15
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: P:\itunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: P:\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: P:\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: P:\codecs\rm\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: P:\codecs\rm\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: P:\adobe\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player:  File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: P:\Nokia PC Suite 7\bkmrksync\ [2009.10.28 20:26:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.01.08 15:31:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.01.08 15:31:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 0.9\extensions\\Components: P:\Mozilla Sunbird\components [2012.01.08 15:31:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 0.9\extensions\\Plugins: P:\Mozilla Sunbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: P:\thunderbird\components [2012.01.08 15:31:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: P:\thunderbird\plugins [2012.01.08 15:31:18 | 000,000,000 | ---D | M]
 
[2009.01.16 13:25:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Doeni\AppData\Roaming\mozilla\Extensions
[2012.10.21 13:34:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Doeni\AppData\Roaming\mozilla\Firefox\Profiles\knc1cg7b.default\extensions
[2011.06.25 16:46:11 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\Doeni\AppData\Roaming\mozilla\Firefox\Profiles\knc1cg7b.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2011.06.25 16:46:09 | 000,000,000 | ---D | M] (Favicon Picker 2) -- C:\Users\Doeni\AppData\Roaming\mozilla\Firefox\Profiles\knc1cg7b.default\extensions\{446c03e0-2c35-11db-a98b-0800200c9a66}
[2011.05.19 21:40:38 | 000,000,000 | ---D | M] (Fast Video Download (with SearchMenu)) -- C:\Users\Doeni\AppData\Roaming\mozilla\Firefox\Profiles\knc1cg7b.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}
[2009.04.01 22:40:04 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\Doeni\AppData\Roaming\mozilla\Firefox\Profiles\knc1cg7b.default\extensions\moveplayer@movenetworks.com
[2012.10.21 13:34:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Doeni\AppData\Roaming\mozilla\Firefox\Profiles\knc1cg7b.default\extensions\staged-xpis
[2009.01.16 13:25:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Doeni\AppData\Roaming\mozilla\Firefox\Profiles\knc1cg7b.default\extensions\toolbar_extras@de.yahoo.com
[2009.12.02 15:51:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Doeni\AppData\Roaming\mozilla\Sunbird\Profiles\33a9gc06.default\extensions
[2012.10.21 13:34:44 | 020,549,299 | ---- | M] () (No name found) -- C:\Users\Doeni\AppData\Roaming\mozilla\firefox\profiles\knc1cg7b.default\extensions\staged-xpis\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}\tmp-1.xpi
[2012.10.21 13:33:30 | 000,316,177 | ---- | M] () (No name found) -- C:\Users\Doeni\AppData\Roaming\mozilla\firefox\profiles\knc1cg7b.default\extensions\staged-xpis\{c50ca3c4-5656-43c2-a061-13e717f73fc8}\tmp.xpi
[2010.10.20 13:24:24 | 000,002,895 | ---- | M] () -- C:\Users\Doeni\AppData\Roaming\mozilla\firefox\profiles\knc1cg7b.default\searchplugins\blackle.xml
[2012.03.13 22:37:03 | 000,002,289 | ---- | M] () -- C:\Users\Doeni\AppData\Roaming\mozilla\firefox\profiles\knc1cg7b.default\searchplugins\ecosia.xml
[2010.03.31 13:57:34 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2009.01.16 13:25:33 | 000,000,000 | ---D | M] (Yahoo! Deutschland Toolbar und Extras) -- C:\Programme\Mozilla Firefox\extensions\toolbar_extras@de.yahoo.com
[2009.11.23 15:57:32 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2010.03.31 13:57:34 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
[2010.04.04 23:36:42 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.04.04 23:36:42 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.04.04 23:36:42 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.04.04 23:36:42 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.04.04 23:36:42 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.10.21 12:53:38 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - P:\java\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [PSQLLauncher] C:\Program Files\Protector Suite QL\launcher.exe (UPEK Inc.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableCAD = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\InfoDelivery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MaxRecentDocs = 9
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - P:\office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Doeni\Desktop\PartyPoker.lnk File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Doeni\Desktop\PartyPoker.lnk File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{21C445E5-65D2-42D3-A32A-7C08AAEC225D}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (vrlogon.dll) - C:\Windows\System32\vrlogon.dll (UPEK Inc.)
O20 - Winlogon\Notify\psfus: DllName - (C:\Windows\system32\psqlpwd.dll) - C:\Windows\System32\psqlpwd.dll (UPEK Inc.)
O24 - Desktop WallPaper: C:\Users\Doeni\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Doeni\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.10.21 13:48:58 | 002,213,464 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Doeni\Desktop\tdsskiller.exe
[2012.10.21 13:48:10 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Doeni\Desktop\aswMBR.exe
[2012.10.21 12:57:01 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.10.21 12:57:01 | 000,000,000 | ---D | C] -- C:\Users\Doeni\AppData\Local\temp
[2012.10.21 12:55:27 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.10.21 12:42:35 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.10.21 12:42:34 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.10.21 12:42:34 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.10.21 12:42:29 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012.10.21 12:42:25 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.10.21 12:41:58 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.10.21 12:35:03 | 004,985,492 | R--- | C] (Swearware) -- C:\Users\Doeni\Desktop\ComboFix.exe
[2012.10.18 21:22:26 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.10.18 21:22:26 | 000,630,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012.10.18 21:22:26 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2012.10.18 21:22:26 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2012.10.18 21:22:25 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.10.18 21:22:23 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2012.10.18 21:22:21 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2012.10.18 21:22:21 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2012.10.18 21:22:21 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.10.18 21:22:19 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2012.10.18 21:22:19 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.10.18 21:22:19 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2012.10.18 21:22:18 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2012.10.18 21:22:17 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.10.18 21:22:16 | 000,174,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2012.10.18 21:22:16 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2012.10.18 21:22:16 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2012.10.18 21:22:15 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.10.18 21:21:52 | 002,047,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.10.18 21:21:39 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2012.10.18 21:21:32 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2012.10.18 21:17:31 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012.10.18 21:17:31 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.10.21 14:16:04 | 000,000,512 | ---- | M] () -- C:\Users\Doeni\Desktop\MBR.dat
[2012.10.21 13:54:01 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.10.21 13:48:59 | 002,213,464 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Doeni\Desktop\tdsskiller.exe
[2012.10.21 13:48:16 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Doeni\Desktop\aswMBR.exe
[2012.10.21 13:03:32 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.21 13:03:32 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.21 13:03:23 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.10.21 13:02:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.21 13:00:08 | 000,001,076 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.10.21 12:53:38 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012.10.21 12:35:04 | 004,985,492 | R--- | M] (Swearware) -- C:\Users\Doeni\Desktop\ComboFix.exe
[2012.10.21 12:20:45 | 000,105,472 | ---- | M] () -- C:\Users\Doeni\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.10.19 15:57:01 | 000,000,020 | ---- | M] () -- C:\Users\Doeni\defogger_reenable
[2012.10.19 15:31:12 | 001,745,776 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.10.15 14:39:00 | 000,001,022 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012.10.12 17:47:32 | 000,618,442 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.10.12 17:47:32 | 000,587,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.10.12 17:47:32 | 000,122,842 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.10.12 17:47:32 | 000,101,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.10.21 14:16:04 | 000,000,512 | ---- | C] () -- C:\Users\Doeni\Desktop\MBR.dat
[2012.10.21 12:42:35 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.10.21 12:42:35 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.10.21 12:42:34 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.10.21 12:42:34 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.10.21 12:42:34 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.10.19 15:56:38 | 000,000,020 | ---- | C] () -- C:\Users\Doeni\defogger_reenable
[2012.06.14 19:52:18 | 000,072,220 | ---- | C] () -- C:\Users\Doeni\ESt2011_Kölzer_Sarah.elfo
[2011.10.20 21:59:30 | 000,007,596 | ---- | C] () -- C:\Users\Doeni\ESt2010_Kölzer_Sarah.elfo
[2011.09.17 12:39:50 | 000,032,768 | ---- | C] () -- C:\Windows\System32\drivers\sp_rsdrv2.sys
[2011.08.05 18:32:35 | 000,000,680 | RHS- | C] () -- C:\Users\Doeni\ntuser.pol
[2010.03.15 17:54:31 | 000,004,096 | -H-- | C] () -- C:\Users\Doeni\AppData\Local\keyfile3.drm
[2009.05.25 18:20:02 | 000,110,241 | ---- | C] () -- C:\Users\Doeni\AppData\Roaming\mdbu.bin
[2009.02.14 03:10:39 | 000,000,680 | ---- | C] () -- C:\Users\Doeni\AppData\Local\d3d9caps.dat
[2009.01.16 13:41:43 | 000,105,472 | ---- | C] () -- C:\Users\Doeni\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
         

und extras.txt als ZIP angehängt:


Alt 21.10.2012, 19:21   #6
M-K-D-B
/// TB-Ausbilder
 
Avira findet 'TR/Crypt.ZPACK.Gen' und 'TR/Agent.53248.57' - Standard

Avira findet 'TR/Crypt.ZPACK.Gen' und 'TR/Agent.53248.57'



Servus,




Schritt 1
Downloade Dir bitte Malwarebytes
  • Installiere das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere Quick-Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.




Schritt 2

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset







Schritt 3
Downloade Dir bitte SecurityCheck
  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS- Box.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Wenn der Scan beendet wurde sollte sich ein Textdokument ( checkup.txt ) öffnen.
Poste den Inhalt bitte hier.





Wie läuft dein Rechner derzeit?
Gibt es noch Probleme? Wenn ja, welche?






Bitte poste mit deiner nächsten Antwort
  • die Logdatei von MBAM,
  • die Logdatei von ESET,
  • die Logdatei von SecurityCheck,
  • die Beantwortung der gestellten Fragen.
__________________
--> Avira findet 'TR/Crypt.ZPACK.Gen' und 'TR/Agent.53248.57'

Alt 22.10.2012, 11:50   #7
Doeni
 
Avira findet 'TR/Crypt.ZPACK.Gen' und 'TR/Agent.53248.57' - Standard

Avira findet 'TR/Crypt.ZPACK.Gen' und 'TR/Agent.53248.57'



Hey Matthias,

keine Funde bei den Scans. Sieht wohl ganz gut aus?
Computer läuft auch ganz normal. Nichts auffälliges.

Code:
ATTFilter
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.10.21.08

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.19328
Doeni :: DOENI-PC [Administrator]

22.10.2012 09:39:27
mbam-log-2012-10-22 (09-39-27).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 232219
Laufzeit: 5 Minute(n), 27 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         

ESET Online Scanner hat auch nichts gefunden, daher gab es da wohl keine Log ausgabe.


Checkup:
Code:
ATTFilter
Results of screen317's Security Check version 0.99.53  
 Windows Vista Service Pack 2 x86   
 Internet Explorer 8 Out of date! 
``````````````Antivirus/Firewall Check:`````````````` 
Avira Desktop   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Spyware Terminator 2012   
 Malwarebytes Anti-Malware Version 1.65.1.1000  
 Java(TM) 6 Update 19  
 Java version out of Date! 
 Adobe Flash Player 10 Flash Player out of Date! 
  Adobe Flash Player 	10.3.183.11 Flash Player out of Date!  
 Adobe Reader 9 Adobe Reader out of Date! 
 Mozilla Firefox (3.6.3) Firefox out of Date!  
 Mozilla Thunderbird (2.0.0 Thunderbird out of Date!  
````````Process Check: objlist.exe by Laurent````````  
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log``````````````````````
         

Alt 22.10.2012, 16:45   #8
M-K-D-B
/// TB-Ausbilder
 
Avira findet 'TR/Crypt.ZPACK.Gen' und 'TR/Agent.53248.57' - Standard

Avira findet 'TR/Crypt.ZPACK.Gen' und 'TR/Agent.53248.57'



Servus,



Wenn du keine Probleme mehr hast, dann sind wir hier fertig. Deine Logdateien sind sauber.
Zum Schluss müssen wir noch ein paar abschließende Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern.



Schritt 1
Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
  • Downloade dir bitte die neueste Java-Version von hier
  • Speichere die jxpiinstall.exe
  • Schließe alle laufenden Programme. Speziell deinen Browser.
  • Starte die jxpiinstall.exe. Diese wird den Installer für die neueste Java Version ( Java 7 Update 9 ) herunter laden.
  • Entferne den Haken bei "Installieren Sie die Ask-Toolbar ..." während der Installation.
  • Wenn die Installation beendet wurde
    Start --> Systemsteuerung --> Programme und deinstalliere alle älteren Java Versionen.
  • Starte deinen Rechner neu sobald alle älteren Versionen deinstalliert wurden.
Nach dem Neustart
  • Öffne erneut die Systemsteuerung --> Programme und klicke auf das Java Symbol.
  • Im Reiter Allgemein, klicke unter Temporäre Internetdateien auf Einstellungen.
  • Klicke auf Dateien löschen....
  • Gehe sicher das überall ein Haken gesetzt ist und klicke OK.
  • Klicke erneut OK.





Schritt 2
Deine Version von Adobe Flash Player ist veraltet.
Bitte folge diesen Schritte, um Adobe Flash zu aktualisieren:
  • Bitte besuche diese Seite von Adobe.
  • Wähle dein Betriebssystem und deinen Internetbrowser ("Internet Explorer" oder "other" für Firefox zum Beispiel)
  • Deaktiviere gegebenenfalls den Haken vor Google Chrome bzw. McAfee Security Scan.
  • Installiere die neuste Version auf deinem Computer.





Schritt 3
Deinstalliere bitte deine aktuelle Version von Adobe Reader
Start--> Systemsteuerung--> Programme deinstallieren--> Adobe Reader
und lade dir die neue Version von Hier herunter-
Entferne den Hacken für den McAfee SecurityScan bzw. Google Chrome.





Schritt 4
  • Klicke auf > Hilfe > Über Firefox
  • Warte bis das Update geladen ist, klicke auf Update installieren und lasse Firefox neu starten.
  • Prüfe bitte, ob weitere Updates vorliegen oder ob Firefox aktuell ist.
  • Klicke nun auf > Add-ons > > Auf Updates überprüfen
  • Nach einem weiteren Neustart von Firefox sollte alles aktuell sein.

Prüfe bitte auch (regelmässig) ob folgende Links fehlende Updates bei deinen Plugins zeigen:




Schritt 5
Starte DeFogger und klicke auf Re-enable.
Gegebenenfalls muss dein Rechner neu gestartet werden.





Schritt 6
Ich würde dir empfehlen, 1 mal pro Woche auch mit diesem Scanner dein System zu prüfen.
Möchtest Du ESET denoch deinstallieren,
Drücke bitte die + R Taste und kopiere folgenden Text in das Ausführen Fenster.
Code:
ATTFilter
"%PROGRAMFILES%\Eset\Eset Online Scanner\OnlineScannerUninstaller.exe"
         
und drücke OK.





Schritt 7
Bitte vor der folgenden Aktion wieder temporär Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren.

Windows-Taste + R drücke. Kopiere nun folgende Zeile in die Kommandozeile und klicke OK.
Code:
ATTFilter
Combofix /Uninstall
         


Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert, damit auch aus dieser die Schädlinge verschwinden.

Nun die eben deaktivierten Programme wieder aktivieren.





Schritt 8
Starte bitte OTL und klicke auf Bereinigung.
Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen.





Schritt 9
Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.



Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich diesen Thread aus meinen Abos löschen kann.
__________________
Grüße aus Bayern

=========================

Das Trojaner-Board unterstützen

Alt 22.10.2012, 19:51   #9
Doeni
 
Avira findet 'TR/Crypt.ZPACK.Gen' und 'TR/Agent.53248.57' - Standard

Avira findet 'TR/Crypt.ZPACK.Gen' und 'TR/Agent.53248.57'



Hey Matthias,

Super

Es sieht alles gut aus!

VIIIEEEELEN DANK, für deine Hilfe und die Tipps!!!

Doeni

Alt 23.10.2012, 16:15   #10
M-K-D-B
/// TB-Ausbilder
 
Avira findet 'TR/Crypt.ZPACK.Gen' und 'TR/Agent.53248.57' - Standard

Avira findet 'TR/Crypt.ZPACK.Gen' und 'TR/Agent.53248.57'



Ich bin froh, dass wir helfen konnten

Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen, schicke mir bitte eine PM.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen.
__________________
Grüße aus Bayern

=========================

Das Trojaner-Board unterstützen

Antwort

Themen zu Avira findet 'TR/Crypt.ZPACK.Gen' und 'TR/Agent.53248.57'
32 bit, antivir, avira, bho, bonjour, desktop, error, excel, firefox, flash player, helper, home, install.exe, logfile, malware, mp3, programm, realtek, recuva, recycle.bin, registry, required, scan, security, software, spyware, viren, virus, vista, windows



Ähnliche Themen: Avira findet 'TR/Crypt.ZPACK.Gen' und 'TR/Agent.53248.57'


  1. Win7: AVIRA findet TR/Vundo.Gen, TR/Trustezeb.235520 und TR/Crypt.ZPACK.188761
    Plagegeister aller Art und deren Bekämpfung - 18.10.2015 (27)
  2. TR\Crypt.ZPACK.1679.21 Avira-Stopp
    Plagegeister aller Art und deren Bekämpfung - 03.06.2015 (1)
  3. Windows 7: Avira findet TR/Crypt.ZPACK.174803
    Log-Analyse und Auswertung - 31.05.2015 (2)
  4. Avira Free Antivirus findet ' TR/Crypt.ZPACK.93528 '
    Plagegeister aller Art und deren Bekämpfung - 17.11.2014 (11)
  5. TR/Crypt.ZPACK.97339 von Avira entdeckt
    Log-Analyse und Auswertung - 21.09.2014 (16)
  6. avira findet : tr/crypt.zpack.36522 ,tr/crypt.xpack.gen ,adware/installcore.gen
    Plagegeister aller Art und deren Bekämpfung - 06.01.2014 (4)
  7. TR/Crypt/ZPACK.Gen8 in Avira Quarantäne
    Log-Analyse und Auswertung - 04.03.2013 (20)
  8. Avira findet TR/Crypt.ZPACK.Gen8, TR/Vcaredrix.A.3 und Tr/Crpyt.EPACK.Gen8
    Plagegeister aller Art und deren Bekämpfung - 30.08.2012 (21)
  9. Avira findet TR/Kazy.81861, TR/Crypt.ZPACK.Gen2, TR/ATRAPS.Gen2
    Log-Analyse und Auswertung - 02.08.2012 (1)
  10. TR/Agent.53248
    Log-Analyse und Auswertung - 03.04.2012 (22)
  11. TR/Agent.379392.F, TR/Drop.Agent.dil, TR/Crypt.ZPACK.Gen2 bei AntiVir gefunden
    Plagegeister aller Art und deren Bekämpfung - 25.12.2011 (43)
  12. Befall TR/Crypt.ZPACK.Gen sowie Agent.AO.205 und Agent.AO.223
    Log-Analyse und Auswertung - 26.12.2010 (6)
  13. Kurze Fragen zu TR/Crypt.XPACK.Gen + TR/Crypt.ZPACK.Gen + Avira Scan
    Plagegeister aller Art und deren Bekämpfung - 02.12.2010 (3)
  14. RKIT/agent.biiu, TR/agent.ruo, TR/Crypt.ZPACK.Gen alle guten Dinge sind drei hahahaha
    Plagegeister aller Art und deren Bekämpfung - 06.09.2010 (25)
  15. Svchost.exe lastet CPU zu fast 100% aus / AntiVir findet 'TR/Crypt.ZPACK.Gen'
    Plagegeister aller Art und deren Bekämpfung - 14.06.2010 (8)
  16. Antivir findet TR/Crypt.ZPACK.Gen2
    Plagegeister aller Art und deren Bekämpfung - 05.01.2010 (3)
  17. AVIRA findet Malware: TR/Crypt.ZPACK.Gen
    Plagegeister aller Art und deren Bekämpfung - 06.12.2009 (11)

Zum Thema Avira findet 'TR/Crypt.ZPACK.Gen' und 'TR/Agent.53248.57' - Hallo! Avira hat Dienstag- und Mittwochabend nachfolgende Viren gefunden und in Quarantäne gelegt. Seitdem ist wieder alles ruhig. Hier die Ereignisse von avira: Code: Alles auswählen Aufklappen ATTFilter Echzeit Scanner: - Avira findet 'TR/Crypt.ZPACK.Gen' und 'TR/Agent.53248.57'...
Archiv
Du betrachtest: Avira findet 'TR/Crypt.ZPACK.Gen' und 'TR/Agent.53248.57' auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.