Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   TR/Agent.53248 (https://www.trojaner-board.de/112818-tr-agent-53248-a.html)

baum89 31.03.2012 23:38
TR/Agent.53248
 
Hallo zusammen,

ich habe leider anscheinend wieder ein größeres Problem. Avira hat so eben den Trojaner TR/Agent.53248 entdeckt.

Nun habe ich gelesen, dass das ein Downloader für en Backdoor ist. Bevor ich nun alle logfiles etc. poste...könnt ihr mir das bestätigen? weil ich in einem andren Forum gelesen habe, dass mein System nur mehr oder weniger hinüber ist.
Vorhin hat sich mein Rechner auch komplett aufgehängt und es waren rosa Streifen etc aufm Bildschirm zu sehen. Nach Neutstart geht nun wieder alles, aber irgendwas stimmt da ja nicht.

Vielen Dank im Voraus!

Ich sehe eben, dass ein weiterer Nutzer anscheinend ein ähnliches Problem mit diesem Trojaner hat (LaurenLaw)

baum89 01.04.2012 01:08
TR/Agent.53248
 
TR/Agent.53248

Hallo zusammen,

ich habe leider anscheinend wieder ein größeres Problem. Avira hat so eben den Trojaner TR/Agent.53248 entdeckt.

Nun habe ich gelesen, dass das ein Downloader für en Backdoor ist. Bevor ich nun alle logfiles etc. poste...könnt ihr mir das bestätigen? weil ich in einem andren Forum gelesen habe, dass mein System nur mehr oder weniger hinüber ist.
Vorhin hat sich mein Rechner auch komplett aufgehängt und es waren rosa Streifen etc aufm Bildschirm zu sehen. Nach Neutstart geht nun wieder alles, aber irgendwas stimmt da ja nicht.

Edit: habe nur die Logfiles ; Habe den Trojaner in Quarantäne verschoben

dds.logfile

.DDS Logfile:
Code:
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Klemens at 1:15:33 on 2012-04-01
Microsoft® Windows Vista™ Home Premium  6.0.6002.2.1252.49.1031.18.3066.1652 [GMT 2:00]
.
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Packard Bell\Packard Bell PowerSave Solution\ePowerSvc.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\gateProtect\VPN Client\bin\Service.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe
C:\Windows\system32\IoctlSvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\CyberLink\Shared files\brs.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\Standardbenutzer\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Packard Bell\Packard Bell PowerSave Solution\ePowerTray.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclIrSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Packard Bell\Packard Bell PowerSave Solution\ePowerEvent.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Opera\opera.exe
C:\Windows\system32\conime.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=2&o=vp32&d=0311&m=easynote_tj65
uDefault_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=2&o=vp32&d=0311&m=easynote_tj65
mStart Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=2&o=vp32&d=0311&m=easynote_tj65
mDefault_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=2&o=vp32&d=0311&m=easynote_tj65
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: SwissAcademic.Citavi.Picker.IEPicker: {609d670f-b735-4da7-ac6d-f3bd358e325e} - mscoree.dll
BHO: Windows Live Anmelde-Hilfsprogramm: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [SmpcSys] c:\program files\packard bell\setupmypc\SmpSys.exe
uRun: [<NO NAME>]
uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe
uRun: [PC Suite Tray] "c:\program files\nokia\nokia pc suite 7\PCSuite.exe" -onlytray
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [cAudioFilterAgent] c:\program files\conexant\caudiofilteragent\cAudioFilterAgent.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [PLFSetI] c:\program files\PLFSetI.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [LManager] c:\program files\launch manager\LManager.exe
mRun: [PDVD8LanguageShortcut] "c:\program files\cyberlink\powerdvd8\language\Language.exe"
mRun: [BDRegion] c:\program files\cyberlink\shared files\brs.exe
mRun: [Acer ePower Management] c:\program files\packard bell\packard bell powersave solution\ePowerTrayLauncher.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Citavi Picker... - file://c:\programdata\swiss academic software\citavi picker\internet explorer\ShowContextMenu.html
IE: Free YouTube to MP3 Converter - c:\users\klemens\appdata\roaming\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {619D670F-B735-4da7-AC6D-F3BD358E325E} - {609D670F-B735-4da7-AC6D-F3BD358E325E} - mscoree.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{02F2549F-CEE6-4D37-8146-583415C35235} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{52DC480B-E7BC-4F9C-B4F1-FCFAAF50FB5B} : DhcpNameServer = 192.168.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
.
============= SERVICES / DRIVERS ===============
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-5-21 218688]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};Power Control [2011/03/18 16:10:47];c:\program files\cyberlink\powerdvd8\000.fcl [2009-3-6 87536]
R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\avira\antivir desktop\sched.exe [2011-3-19 136360]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-3-19 269480]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-3-19 66616]
R2 ePowerSvc;Acer ePower Service;c:\program files\packard bell\packard bell powersave solution\ePowerSvc.exe [2011-3-18 707104]
R2 FontCache;Windows-Dienst für Schriftartencache;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 GPVPNService;gateProtect VPN Service;c:\program files\gateprotect\vpn client\bin\Service.exe [2010-10-20 167936]
R2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files\newtech infosystems\packard bell mybackup\IScheduleSvc.exe [2009-5-26 62208]
R3 BazisVirtualCDBus;WinCDEmu Virtual Bus Driver;c:\windows\system32\drivers\BazisVirtualCDBus.sys [2011-5-15 107616]
R3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60x.sys [2008-9-4 223232]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2011-3-19 3715072]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2011-3-19 64032]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update-Dienst (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-1-10 136176]
S2 Norton Internet Security;Norton Internet Security;"c:\program files\norton internet security\engine\16.0.0.125\ccsvchst.exe" /s "norton internet security" /m "c:\program files\norton internet security\engine\16.0.0.125\dimaster.dll" /prefetch:1 --> c:\program files\norton internet security\engine\16.0.0.125\ccSvcHst.exe [?]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2008-1-21 179712]
S3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-1-10 136176]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2011-5-18 137600]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2011-5-18 8576]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-03-31 15:20:05        6582328        ----a-w-        c:\programdata\microsoft\windows defender\definition updates\{efd260d3-5de3-4ded-a0dc-a4a40a7cbf5e}\mpengine.dll
2012-03-09 14:59:49        --------        d-----w-        c:\users\klemens\appdata\local\Microsoft Games
.
==================== Find3M  ====================
.
2012-03-09 14:13:25        414368        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-23 08:18:36        237072        ------w-        c:\windows\system32\MpSigStub.exe
.
============= FINISH:  1:15:53,71 ===============
--- --- ---


-----------------------------------------------------

attach logifile:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 18.03.2011 15:50:54
System Uptime: 31.03.2012 23:49:05 (2 hours ago)
.
Motherboard: Packard Bell | | SJV50MV
Processor: Intel(R) Core(TM)2 Duo CPU T6500 @ 2.10GHz | U2E1 | 1200/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 151 GiB total, 62,7 GiB free.
D: is FIXED (NTFS) - 137 GiB total, 93,247 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Cisco Systems VPN Adapter
Device ID: ROOT\NET\0001
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter
PNP Device ID: ROOT\NET\0001
Service: CVirtA
.
==== System Restore Points ===================
.
RP288: 24.02.2012 07:46:02 - Windows Update
RP289: 26.02.2012 20:07:10 - Geplanter Prüfpunkt
RP290: 27.02.2012 20:54:18 - Geplanter Prüfpunkt
RP291: 29.02.2012 12:51:19 - Windows Update
RP292: 03.03.2012 02:04:26 - Windows Update
RP293: 04.03.2012 13:39:17 - Geplanter Prüfpunkt
RP294: 05.03.2012 08:38:44 - Geplanter Prüfpunkt
RP295: 06.03.2012 13:05:14 - Geplanter Prüfpunkt
RP296: 07.03.2012 20:13:30 - Windows Update
RP297: 08.03.2012 14:28:02 - Geplanter Prüfpunkt
RP298: 09.03.2012 11:17:41 - Geplanter Prüfpunkt
RP299: 12.03.2012 08:04:36 - Windows Update
RP300: 13.03.2012 14:22:30 - Windows Update
RP301: 15.03.2012 15:25:14 - Geplanter Prüfpunkt
RP302: 18.03.2012 23:39:25 - Windows Update
RP303: 21.03.2012 15:18:59 - Windows Update
RP304: 24.03.2012 11:26:50 - Windows Update
RP305: 29.03.2012 11:51:25 - Windows Update
RP306: 30.03.2012 14:41:36 - Geplanter Prüfpunkt
RP307: 31.03.2012 17:19:15 - Windows Update
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Photoshop Elements 6.0
Adobe Reader 9 - Deutsch
Avira AntiVir Personal - Free Antivirus
Backup Manager Basic
Broadcom Gigabit NetLink Controller
Choice Guard
Cisco Systems VPN Client 5.0.07.0410
Citavi
Compatibility Pack für 2007 Office System
Conexant HD Audio
CyberLink PowerDVD 8
DAEMON Tools Lite
FIFA 11
Free YouTube to MP3 Converter version 3.10.9.908
gateProtect VPN Client 3.0
Google Chrome
Google SketchUp 8
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Identity Card
Infocenter
InfraRecorder
Java Auto Updater
Java(TM) 6 Update 29
Junk Mail filter update
Kyocera Product Library
Launch Manager
Mein CEWE FOTOBUCH
MetaBoli
Microsoft .NET Framework 3.5 Language Pack SP1 - deu
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile DEU Language Pack
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (German) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (German) 2007
Microsoft Office PowerPoint MUI (German) 2007
Microsoft Office PowerPoint Viewer 2007 (German)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Italian) 2007
Microsoft Office Proofing (German) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (German) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (German) 2007
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
MSVC80_x86_v2
MSVC90_x86
MSVCRT
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 8 Essentials
neroxml
Nokia Connectivity Cable Driver
Nokia Flashing Cable Driver
Nokia Ovi Suite
Nokia Ovi Suite Software Updater
Nokia PC Suite
Norton Internet Security
NVIDIA Drivers
NVIDIA PhysX
Opera 11.62
Ovi Desktop Sync Engine
OviMPlatform
Packard Bell MyBackup
Packard Bell PowerSave Solution
Packard Bell Recovery Management
PackardBell ScreenSaver
Pando Media Booster
PC Connectivity Solution
PDF24 Creator 3.5.2
Phoenix Service Software 2009.20.010.39068
Realtek USB 2.0 Card Reader
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2518870)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
SetupMyPC
ShotOnline
ShotOnline - remove only
Skype Click to Call
Skype™ 5.5
Synaptics Pointing Device Driver
Trillian
Uninstall 1.0.0.1
Update für Microsoft Office Excel 2007 Help (KB963678)
Update für Microsoft Office Powerpoint 2007 Help (KB963669)
Update für Microsoft Office Word 2007 Help (KB963665)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Updator
Video Web Camera
VLC media player 1.1.10
Winamp
Winamp Erkennungs-Plug-in
WinCDEmu
Windows-Treiberpaket - Nokia Modem (02/25/2011 4.7)
Windows-Treiberpaket - Nokia Modem (02/25/2011 7.01.0.9)
Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
Windows Live-Uploadtool
Windows Live Anmelde-Assistent
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Fotogalerie
Windows Live Mail
Windows Live Messenger
Windows Live Sync
Windows Live Writer
WinRAR 4.00 (32-bit)
Zattoo4 4.0.5
.
==== End Of File ===========================

Gmer.txt


GMER Logfile:
Code:
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-04-01 02:04:02
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.PB3O
Running: 154urq61.exe; Driver: C:\Users\Klemens\AppData\Local\Temp\uxtiafoc.sys


---- System - GMER 1.0.15 ----

SSDT            927A9C86                                      ZwCreateSection
SSDT            927A9C8B                                      ZwSetContextThread
SSDT            927A9C27                                      ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text          ntkrnlpa.exe!KeSetEvent + 215                82CF0998 4 Bytes  [86, 9C, 7A, 92]
.text          ntkrnlpa.exe!KeSetEvent + 56D                82CF0CF0 4 Bytes  [8B, 9C, 7A, 92]
.text          ntkrnlpa.exe!KeSetEvent + 621                82CF0DA4 4 Bytes  [27, 9C, 7A, 92] {DAA ; PUSHF ; JP 0xffffffffffffff96}
.text          c:\Program Files\CyberLink\PowerDVD8\000.fcl  section is writeable [0xA2AFB000, 0x2892, 0xE8000020]
.vmp2          c:\Program Files\CyberLink\PowerDVD8\000.fcl  entry point in ".vmp2" section [0xA2B1E050]
?              C:\Users\Klemens\AppData\Local\Temp\mbr.sys  Das System kann die angegebene Datei nicht finden. !

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0      Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
AttachedDevice  \FileSystem\fastfat \Fat                      fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
--- --- ---


Vielen Dank im Voraus!

Nicht, dass ich übersehen wurde..

push

cosinus 02.04.2012 13:19
Zitat:
Avira hat so eben den Trojaner TR/Agent.53248 entdeckt.
Solche Angaben reichen nicht, bitte poste die vollständigen Angaben/Logs der Virenscanner.

baum89 02.04.2012 13:46
Habe das ausversehen 2 Themen eröffnet. Aber in einem ja alle Logfiles wie in der Anleitung beschrieben hochgeladen.

Bei Avira kam lediglich die Meldung Trojanisches Pferd TR/Agent.53248 gefunden.

Bitte um Anweisung, was euch denn noch fehlt.

Nachdem ich den Trojaner in die Quarantäne verschoben habe, hat Avira bei mehrere Suchläufen keine Bedrohnung mehr gefunden. Der Trojaner hatte ich im Temp Ordner befunden, also nicht direkt in den Systemdateien

Gruß

cosinus 02.04.2012 14:37
Zitat:
Bei Avira kam lediglich die Meldung Trojanisches Pferd TR/Agent.53248 gefunden.
Sry das ist Quatsch. Zu einem gefundenen Schädling gibt es auch einen Fundort. Und der fehlt mir!
Avira hat Logdateien! Einfach mal nachsehen unter Berichte/Ereignisse!

baum89 02.04.2012 14:44
Die Datei 'C:\Users\Standardbenutzer\AppData\Local\Temp\cgs8h0.exe'
enthielt einen Virus oder unerwünschtes Programm 'TR/Agent.53248' [trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4a6323c1.qua' verschoben!

cosinus 02.04.2012 15:34
Bitte erstmal routinemäßig einen Vollscan mit malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset





Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log

baum89 02.04.2012 16:53
Die Scanns laufen noch, allerdings gibt es nochwas zu berichten.

Ich bekam eben eine Email bei meinem Yahoo Postfach mit dem Betreff: "MAILER-DAEMON-Failure Notice" Darin aufgeführt sind einige meiner Freunde mit ihren E-Mail Adressen..scheint so als würde da jm meine Adresse zum verschicken von SPAM benutzen

Malwarebytes Anti-Malware 1.60.1.1000
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: v2012.04.02.05

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Klemens :: KLEMENS-PC [Administrator]

02.04.2012 16:38:08
mbam-log-2012-04-02 (16-38-08).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 334012
Laufzeit: 1 Stunde(n), 21 Minute(n), 5 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)



-----------------------

Code:
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=6339daf0f317c5408f2f1780d332975d
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-04-02 05:01:35
# local_time=2012-04-02 07:01:35 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1797 16775165 100 94 192496 69917277 94452 0
# compatibility_mode=5892 16776574 100 100 0 170913184 0 0
# compatibility_mode=8192 67108863 100 0 557 557 0 0
# scanned=146583
# found=3
# cleaned=0
# scan_time=5638
C:\Program Files\ODEON\JAF\JAF-S.exe        a variant of Win32/Packed.Themida application (unable to clean)        00000000000000000000000000000000        I
C:\Program Files\ODEON\JAF\JAF_customer_care.exe        a variant of Win32/Packed.Themida application (unable to clean)        00000000000000000000000000000000        I
C:\Program Files\ODEON\JAF\JAF_VodaFone.exe        a variant of Win32/Packed.Themida application (unable to clean)        00000000000000000000000000000000        I
Das mit den Emails macht mit doch starke Sorgen. Ich schreibe im moment meine Abschlussarbeit und muss viele Kontakte und Termine per E-mail organisieren. Deswegen wäre es auch problematisch, wenn ich die Adresse einfach löschen würde.
Allerdings wäre es natürlich auch schlimm, wenn mein Prof. eine SPAM Email von mir bekommt..

Hoffe das lässt sich was machen!

mfg und vielen dank im Voraus

Klemens

cosinus 02.04.2012 19:51
Zitat:
C:\Program Files\ODEON\JAF\JAF-S.exe
Was ist das, wo hast du das her?
Das Passwort zu deinem E-Mail-Konto hast du erstmal von einem anderen sauberen System aus geändert?

baum89 02.04.2012 20:11
Passwort habe ich geändert.
leider kann ich dir nicht sagen was das für ein Programm ist, da ich selber keine Ahnung habe. Hatte mit dem Programm noch nicht bewusst zu tun.

Wie soll ich weiter vorgehen?

Vielen Dank im Voraus

Gruß Klemens

cosinus 02.04.2012 20:49
Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

baum89 03.04.2012 00:12
OTL-Txt
OTL Logfile:
Code:
OTL logfile created on: 03.04.2012 00:54:56 - Run 1
OTL by OldTimer - Version 3.2.39.2    Folder = C:\Users\Standardbenutzer\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 2,02 Gb Available Physical Memory | 67,60% Memory free
14,62 Gb Paging File | 13,71 Gb Available in Paging File | 93,80% Paging File free
Paging file location(s): c:\pagefile.sys 12000 12000 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 151,49 Gb Total Space | 65,79 Gb Free Space | 43,43% Space Free | Partition Type: NTFS
Drive D: | 136,83 Gb Total Space | 93,25 Gb Free Space | 68,15% Space Free | Partition Type: NTFS
 
Computer Name: KLEMENS-PC | User Name: Klemens | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.04.03 00:52:56 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Standardbenutzer\Desktop\OTL.exe
PRC - [2012.03.27 16:54:59 | 000,949,104 | ---- | M] (Opera Software) -- C:\Programme\Opera\opera.exe
PRC - [2012.03.22 12:14:16 | 000,452,880 | ---- | M] (SANDBOXIE L.T.D) -- C:\Programme\Sandboxie\SbieCtrl.exe
PRC - [2012.03.22 12:14:16 | 000,074,512 | ---- | M] (SANDBOXIE L.T.D) -- C:\Programme\Sandboxie\SbieSvc.exe
PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.07.18 11:31:35 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.04.27 11:56:53 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011.03.04 15:36:11 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.10.20 11:21:42 | 000,167,936 | ---- | M] () -- C:\Programme\gateProtect\VPN Client\bin\Service.exe
PRC - [2010.09.27 11:58:24 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2010.01.14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.06.23 18:19:14 | 000,711,200 | ---- | M] (Acer Incorporated) -- C:\Programme\Packard Bell\Packard Bell PowerSave Solution\ePowerTray.exe
PRC - [2009.06.23 18:19:14 | 000,707,104 | ---- | M] (Acer Incorporated) -- C:\Programme\Packard Bell\Packard Bell PowerSave Solution\ePowerSvc.exe
PRC - [2009.06.23 18:19:12 | 000,453,152 | ---- | M] (Acer Incorporated) -- C:\Programme\Packard Bell\Packard Bell PowerSave Solution\ePowerEvent.exe
PRC - [2009.05.26 16:26:20 | 000,062,208 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Programme\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe
PRC - [2009.04.11 08:28:15 | 000,117,248 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.03.07 00:48:52 | 000,075,048 | ---- | M] (cyberlink) -- C:\Programme\CyberLink\Shared files\brs.exe
PRC - [2009.02.19 05:42:50 | 000,866,824 | ---- | M] (Dritek System Inc.) -- C:\Programme\Launch Manager\LManager.exe
PRC - [2008.11.06 05:53:58 | 000,474,168 | ---- | M] (Conexant Systems, Inc.) -- C:\Programme\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe
PRC - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2003.06.07 23:30:08 | 000,057,344 | ---- | M] () -- C:\Programme\Launch Manager\PowerUtl.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.04.01 18:44:38 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.03.22 12:14:16 | 000,074,512 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Programme\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.11.17 09:39:02 | 003,993,576 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2011.07.18 11:31:35 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.06.08 13:02:00 | 000,633,856 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2011.04.27 11:56:53 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.10.20 11:21:42 | 000,167,936 | ---- | M] () [Auto | Running] -- C:\Programme\gateProtect\VPN Client\bin\Service.exe -- (GPVPNService)
SRV - [2010.09.27 11:58:24 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2009.06.23 18:19:14 | 000,707,104 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Packard Bell\Packard Bell PowerSave Solution\ePowerSvc.exe -- (ePowerSvc)
SRV - [2009.05.26 16:26:20 | 000,062,208 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Programme\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2009.03.25 19:52:50 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\NIS\1000000.07D\SRTSPX.SYS -- (SRTSPX)
DRV - File not found [File_System | System | Stopped] -- C:\Windows\system32\drivers\NIS\1000000.07D\SRTSP.SYS -- (SRTSP)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\NAVEX15.SYS -- (NAVEX15)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\NAVENG.SYS -- (NAVENG)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2012.03.22 12:14:14 | 000,134,416 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Programme\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - [2011.07.18 11:31:36 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.07.18 11:31:36 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.05.15 21:35:25 | 000,107,616 | ---- | M] (SysProgs.org) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BazisVirtualCDBus.sys -- (BazisVirtualCDBus)
DRV - [2010.10.01 21:13:16 | 000,025,984 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901)
DRV - [2010.09.27 11:56:00 | 000,308,859 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2010.06.17 15:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.06.22 15:50:00 | 009,753,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009.05.01 07:43:34 | 000,064,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2009.03.17 20:28:50 | 000,452,096 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2009.03.06 15:48:38 | 000,087,536 | ---- | M] (CyberLink Corp.) [2011/03/18 16:10:47] [Kernel | Auto | Running] -- c:\Programme\CyberLink\PowerDVD8\000.fcl -- ({FE4C91E7-22C2-4D0C-9F6B-82F1B7742054})
DRV - [2008.12.29 19:51:14 | 003,715,072 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)
DRV - [2008.11.16 18:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)
DRV - [2008.09.04 06:12:56 | 000,223,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x) Broadcom NetLink (TM)
DRV - [2008.08.26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008.07.24 01:29:16 | 000,047,744 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vserial.sys -- (vserial)
DRV - [2008.07.24 01:29:16 | 000,015,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vsb.sys -- (vsbus)
DRV - [2007.01.18 20:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=2&o=vp32&d=0311&m=easynote_tj65
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=2&o=vp32&d=0311&m=easynote_tj65
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
IE - HKU\S-1-5-21-1129854550-330154470-1764584127-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=2&o=vp32&d=0311&m=easynote_tj65
IE - HKU\S-1-5-21-1129854550-330154470-1764584127-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1129854550-330154470-1764584127-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=2&o=vp32&d=0311&m=easynote_tj65
IE - HKU\S-1-5-21-1129854550-330154470-1764584127-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1129854550-330154470-1764584127-1000\..\SearchScopes,DefaultScope = {9578FADB-414A-4F1D-9763-7499B00C9B8B}
IE - HKU\S-1-5-21-1129854550-330154470-1764584127-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1129854550-330154470-1764584127-1000\..\SearchScopes\{9578FADB-414A-4F1D-9763-7499B00C9B8B}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACPW
IE - HKU\S-1-5-21-1129854550-330154470-1764584127-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-1129854550-330154470-1764584127-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=2&o=vp32&d=0311&m=easynote_tj65
IE - HKU\S-1-5-21-1129854550-330154470-1764584127-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1129854550-330154470-1764584127-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=2&o=vp32&d=0311&m=easynote_tj65
IE - HKU\S-1-5-21-1129854550-330154470-1764584127-1001\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1129854550-330154470-1764584127-1001\..\SearchScopes,DefaultScope = {D080A951-CA5C-4C32-B3B8-95860AB77E7C}
IE - HKU\S-1-5-21-1129854550-330154470-1764584127-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1129854550-330154470-1764584127-1001\..\SearchScopes\{D080A951-CA5C-4C32-B3B8-95860AB77E7C}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACPW
IE - HKU\S-1-5-21-1129854550-330154470-1764584127-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_228.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.142\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.142\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.142\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_228.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Users\Klemens\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google-Suche = C:\Users\Klemens\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: Google Mail = C:\Users\Klemens\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Acer ePower Management] C:\Programme\Packard Bell\Packard Bell PowerSave Solution\ePowerTrayLauncher.exe (Acer Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BDRegion] c:\Programme\CyberLink\Shared files\brs.exe (cyberlink)
O4 - HKLM..\Run: [cAudioFilterAgent] C:\Programme\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe (Conexant Systems, Inc.)
O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1129854550-330154470-1764584127-1000..\Run: [Pando Media Booster] C:\Programme\Pando Networks\Media Booster\PMB.exe ()
O4 - HKU\S-1-5-21-1129854550-330154470-1764584127-1000..\Run: [SmpcSys] C:\Programme\Packard Bell\SetupMyPC\SmpSys.exe (Acer Incorporated)
O4 - HKU\S-1-5-21-1129854550-330154470-1764584127-1001..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray File not found
O4 - HKU\S-1-5-21-1129854550-330154470-1764584127-1001..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)
O4 - HKU\S-1-5-21-1129854550-330154470-1764584127-1001..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [*WerKernelReporting] C:\Windows\System32\WerFault.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O8 - Extra context menu item: &Citavi Picker... - C:\ProgramData\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Klemens\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{02F2549F-CEE6-4D37-8146-583415C35235}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{52DC480B-E7BC-4F9C-B4F1-FCFAAF50FB5B}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img36.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img36.jpg
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{d46593bd-835b-11e0-b06a-001f16b69d2d}\Shell - "" = AutoRun
O33 - MountPoints2\{d46593bd-835b-11e0-b06a-001f16b69d2d}\Shell\AutoRun\command - "" = F:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VPN Client.lnk - C:\Windows\Installer\{1CE60928-8325-49A8-8B06-633E48DD2B67}\Icon3E5562ED7.ico - ()
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= -  File not found
MsConfig - StartUpReg: BackupManagerTray - hkey= - key= - C:\Program Files\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe (NewTech Infosystems, Inc.)
MsConfig - StartUpReg: RemoteControl8 - hkey= - key= - c:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
MsConfig - StartUpReg: Skype - hkey= - key= - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig - StartUpReg: VideoWebCamera - hkey= - key= - C:\Program Files\VideoWebCamera\VideoWebCamera.exe (Suyin)
MsConfig - StartUpReg: WinampAgent - hkey= - key= - C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
MsConfig - State: "startup" - 2
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} -
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.04.02 17:18:19 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.04.02 16:36:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.04.02 16:36:51 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.04.02 16:36:50 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.04.01 21:59:30 | 000,000,000 | ---D | C] -- C:\Users\Klemens\AppData\Roaming\Malwarebytes
[2012.04.01 21:59:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.04.01 18:20:31 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.04.01 18:19:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012.04.01 18:18:39 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012.04.01 17:09:53 | 000,000,000 | ---D | C] -- C:\Program Files\Defraggler
[2012.04.01 15:14:06 | 000,000,000 | R--D | C] -- C:\Sandbox
[2012.04.01 15:12:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie
[2012.04.01 15:12:37 | 000,000,000 | ---D | C] -- C:\Program Files\Sandboxie
[2012.04.01 12:50:36 | 000,000,000 | ---D | C] -- C:\Users\Klemens\AppData\Local\NokiaAccount
[2012.04.01 12:30:31 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.03.09 16:59:49 | 000,000,000 | ---D | C] -- C:\Users\Klemens\AppData\Local\Microsoft Games
[2012.03.09 16:12:41 | 000,000,000 | R--D | C] -- C:\Users\Klemens\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8
 
========== Files - Modified Within 30 Days ==========
 
[2012.04.03 00:54:52 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.04.03 00:54:52 | 000,592,304 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.04.03 00:54:52 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.04.03 00:54:52 | 000,100,378 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.04.03 00:50:01 | 000,207,782 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012.04.03 00:49:50 | 000,207,782 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012.04.03 00:49:48 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.04.03 00:49:32 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.04.03 00:49:31 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.04.03 00:49:30 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.04.03 00:49:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.04.02 20:30:00 | 000,000,448 | ---- | M] () -- C:\Windows\tasks\Packard Bell Customer Registration Reminder - Klemens.job
[2012.04.02 20:27:00 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.04.02 16:36:53 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.04.01 18:25:36 | 000,001,894 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012.04.01 17:09:54 | 000,001,704 | ---- | M] () -- C:\Users\Public\Desktop\Defraggler.lnk
[2012.04.01 16:54:36 | 239,099,432 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.04.01 15:13:20 | 000,002,528 | ---- | M] () -- C:\Windows\Sandboxie.ini
[2012.04.01 15:04:13 | 000,415,400 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.04.01 13:04:15 | 000,021,810 | ---- | M] () -- C:\Users\Klemens\Documents\cc_20120401_130412.reg
[2012.04.01 12:33:37 | 000,033,018 | ---- | M] () -- C:\Users\Klemens\Documents\cc_20120401_123327.reg
[2012.04.01 12:30:32 | 000,000,806 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.04.01 00:55:34 | 000,000,000 | ---- | M] () -- C:\Users\Klemens\defogger_reenable
[2012.03.31 20:29:02 | 000,001,973 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.03.28 19:09:16 | 000,073,256 | ---- | M] () -- C:\Windows\System32\UpdateList.dat
 
========== Files Created - No Company Name ==========
 
[2012.04.02 16:36:53 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.04.01 18:29:37 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.04.01 18:25:36 | 000,001,894 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012.04.01 18:25:36 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012.04.01 17:09:54 | 000,001,704 | ---- | C] () -- C:\Users\Public\Desktop\Defraggler.lnk
[2012.04.01 16:54:36 | 239,099,432 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012.04.01 13:04:14 | 000,021,810 | ---- | C] () -- C:\Users\Klemens\Documents\cc_20120401_130412.reg
[2012.04.01 12:33:31 | 000,033,018 | ---- | C] () -- C:\Users\Klemens\Documents\cc_20120401_123327.reg
[2012.04.01 12:30:32 | 000,000,806 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.04.01 00:55:34 | 000,000,000 | ---- | C] () -- C:\Users\Klemens\defogger_reenable
[2012.03.28 19:09:16 | 000,073,256 | ---- | C] () -- C:\Windows\System32\UpdateList.dat
[2011.05.07 18:22:21 | 000,017,408 | ---- | C] () -- C:\Users\Klemens\AppData\Local\WebpageIcons.db
[2011.05.05 20:09:56 | 000,000,680 | ---- | C] () -- C:\Users\Klemens\AppData\Local\d3d9caps.dat
[2011.03.23 21:49:28 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011.03.23 21:49:28 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011.03.20 23:04:19 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.03.19 19:17:59 | 000,002,528 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2011.03.19 01:29:17 | 000,004,184 | ---- | C] () -- C:\Windows\System32\drivers\CDConfig.bin
[2011.03.18 17:00:09 | 000,207,782 | ---- | C] () -- C:\ProgramData\nvModes.001
[2011.03.18 16:57:36 | 000,207,782 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010.09.27 12:03:08 | 000,201,512 | ---- | C] () -- C:\Windows\System32\vpnapi.dll
 
========== LOP Check ==========
 
[2012.04.01 12:32:51 | 000,000,000 | ---D | M] -- C:\Users\Klemens\AppData\Roaming\DAEMON Tools Lite
[2011.03.29 21:57:51 | 000,000,000 | ---D | M] -- C:\Users\Klemens\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.08.10 14:29:57 | 000,000,000 | ---D | M] -- C:\Users\Klemens\AppData\Roaming\gateProtect
[2011.05.21 06:21:42 | 000,000,000 | ---D | M] -- C:\Users\Klemens\AppData\Roaming\Leadertech
[2011.09.25 12:54:13 | 000,000,000 | ---D | M] -- C:\Users\Klemens\AppData\Roaming\Nokia
[2011.03.19 19:08:38 | 000,000,000 | ---D | M] -- C:\Users\Klemens\AppData\Roaming\Opera
[2011.08.03 09:38:57 | 000,000,000 | ---D | M] -- C:\Users\Klemens\AppData\Roaming\PC Suite
[2011.11.14 11:44:20 | 000,000,000 | ---D | M] -- C:\Users\Klemens\AppData\Roaming\Swiss Academic Software
[2012.04.01 15:06:56 | 000,000,000 | ---D | M] -- C:\Users\Standardbenutzer\AppData\Roaming\Dropbox
[2011.09.12 19:33:01 | 000,000,000 | ---D | M] -- C:\Users\Standardbenutzer\AppData\Roaming\DVDVideoSoft
[2011.10.29 18:12:02 | 000,000,000 | ---D | M] -- C:\Users\Standardbenutzer\AppData\Roaming\InfraRecorder
[2011.09.26 12:35:11 | 000,000,000 | ---D | M] -- C:\Users\Standardbenutzer\AppData\Roaming\Nokia
[2011.03.19 19:47:08 | 000,000,000 | ---D | M] -- C:\Users\Standardbenutzer\AppData\Roaming\Opera
[2011.07.02 14:11:19 | 000,000,000 | ---D | M] -- C:\Users\Standardbenutzer\AppData\Roaming\PC Suite
[2012.04.01 17:44:08 | 000,000,000 | ---D | M] -- C:\Users\Standardbenutzer\AppData\Roaming\QuickScan
[2011.11.13 15:30:52 | 000,000,000 | ---D | M] -- C:\Users\Standardbenutzer\AppData\Roaming\Swiss Academic Software
[2011.04.09 14:25:43 | 000,000,000 | ---D | M] -- C:\Users\Standardbenutzer\AppData\Roaming\Template
[2012.04.02 20:30:00 | 000,000,448 | ---- | M] () -- C:\Windows\Tasks\Packard Bell Customer Registration Reminder - Klemens.job
[2012.04.02 20:34:36 | 000,032,510 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.04.01 13:36:38 | 000,000,000 | ---D | M] -- C:\Users\Klemens\AppData\Roaming\Adobe
[2011.03.19 18:57:31 | 000,000,000 | ---D | M] -- C:\Users\Klemens\AppData\Roaming\Avira
[2012.04.01 12:32:51 | 000,000,000 | ---D | M] -- C:\Users\Klemens\AppData\Roaming\DAEMON Tools Lite
[2011.03.29 21:57:51 | 000,000,000 | ---D | M] -- C:\Users\Klemens\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.08.10 14:29:57 | 000,000,000 | ---D | M] -- C:\Users\Klemens\AppData\Roaming\gateProtect
[2011.03.18 16:59:54 | 000,000,000 | ---D | M] -- C:\Users\Klemens\AppData\Roaming\Identities
[2011.03.18 17:04:33 | 000,000,000 | ---D | M] -- C:\Users\Klemens\AppData\Roaming\InstallShield
[2011.05.21 06:21:42 | 000,000,000 | ---D | M] -- C:\Users\Klemens\AppData\Roaming\Leadertech
[2011.03.18 17:07:15 | 000,000,000 | ---D | M] -- C:\Users\Klemens\AppData\Roaming\Macromedia
[2012.04.01 21:59:30 | 000,000,000 | ---D | M] -- C:\Users\Klemens\AppData\Roaming\Malwarebytes
[2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\Klemens\AppData\Roaming\Media Center Programs
[2012.01.21 18:44:55 | 000,000,000 | --SD | M] -- C:\Users\Klemens\AppData\Roaming\Microsoft
[2011.05.21 05:45:11 | 000,000,000 | ---D | M] -- C:\Users\Klemens\AppData\Roaming\Nero
[2011.09.25 12:54:13 | 000,000,000 | ---D | M] -- C:\Users\Klemens\AppData\Roaming\Nokia
[2011.03.19 19:08:38 | 000,000,000 | ---D | M] -- C:\Users\Klemens\AppData\Roaming\Opera
[2011.08.03 09:38:57 | 000,000,000 | ---D | M] -- C:\Users\Klemens\AppData\Roaming\PC Suite
[2011.12.10 21:03:45 | 000,000,000 | ---D | M] -- C:\Users\Klemens\AppData\Roaming\Skype
[2011.05.21 17:49:53 | 000,000,000 | ---D | M] -- C:\Users\Klemens\AppData\Roaming\skypePM
[2011.11.14 11:44:20 | 000,000,000 | ---D | M] -- C:\Users\Klemens\AppData\Roaming\Swiss Academic Software
[2012.04.01 12:32:51 | 000,000,000 | ---D | M] -- C:\Users\Klemens\AppData\Roaming\Winamp
[2011.05.28 16:27:36 | 000,000,000 | ---D | M] -- C:\Users\Klemens\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2008.03.12 08:38:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_4c9c5a00\atapi.sys
[2008.03.12 08:38:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_dd1bb97e219e87cb\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008.03.12 08:24:20 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=96DC4E1A9F90CCD489950A8935425C59 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_dda556493abc2795\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2009.02.12 18:26:18 | 000,407,576 | ---- | M] (Intel Corporation) MD5=1ADAA4F16073FD0C7270F451FD024E97 -- C:\Acer\Preload\Autorun\DRV\AHCI\X64\IaStor.sys
[2009.02.12 18:11:50 | 000,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\Acer\Preload\Autorun\DRV\AHCI\X86\IaStor.sys
[2009.02.12 18:11:50 | 000,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\Windows\System32\drivers\iaStor.sys
[2009.02.12 18:11:50 | 000,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_ea118ff5\iaStor.sys
[2009.02.12 18:11:50 | 000,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_c491546e\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2008.01.21 05:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 05:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 05:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
<          >

< End of report >
--- --- ---




Extrax.Txt

OTL Logfile:
Code:
OTL Extras logfile created on: 03.04.2012 00:54:56 - Run 1
OTL by OldTimer - Version 3.2.39.2    Folder = C:\Users\Standardbenutzer\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 2,02 Gb Available Physical Memory | 67,60% Memory free
14,62 Gb Paging File | 13,71 Gb Available in Paging File | 93,80% Paging File free
Paging file location(s): c:\pagefile.sys 12000 12000 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 151,49 Gb Total Space | 65,79 Gb Free Space | 43,43% Space Free | Partition Type: NTFS
Drive D: | 136,83 Gb Total Space | 93,25 Gb Free Space | 68,15% Space Free | Partition Type: NTFS
 
Computer Name: KLEMENS-PC | User Name: Klemens | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{26F417C7-69DE-48B4-B6E9-5B8E4196844E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{43CCC414-C02C-4006-82B8-9A8C07B0F01D}" = lport=2869 | protocol=6 | dir=in | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05532053-EDE5-4292-9F7A-F7AADC367AA8}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"{05D2D758-90AF-4236-A1A2-4451910E2889}" = protocol=17 | dir=in | app=e:\alicecd.exe |
"{10BCFA9A-6220-4081-A393-3195C745D431}" = protocol=6 | dir=in | app=c:\program files\shotonline\shotonline.exe |
"{122212C3-994B-416A-B1E8-B90BCE223B2C}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{15867312-0A5A-494F-9A28-ACF6BA728D95}" = protocol=6 | dir=in | app=e:\alicecd.exe |
"{1896A5B3-F20E-44E6-84D1-62709AF00B7B}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{1A42B123-8DD7-48DB-92BE-7A88BCE41C47}" = protocol=17 | dir=in | app=c:\program files\shotonline\shotonline.exe |
"{28B62C50-5792-423E-9165-C10C0FDEAFF7}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{4A73B785-2D91-4F8C-89BC-873FD262BE07}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{52C944B5-4137-44D0-B634-E13EE7C5B41D}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{53F70F89-9422-4389-AC6B-6D93C2B90E71}" = protocol=6 | dir=in | app=c:\users\standardbenutzer\appdata\roaming\dropbox\bin\dropbox.exe |
"{6D727FB3-240A-4831-A7D0-873ED5EECB8B}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{7D098023-5758-452B-B354-DB40DC6060D8}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{7E5DB964-FDF2-40E9-9EF4-E0436966EBF5}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{9656A844-F6B1-495E-9B68-3D21B79998BA}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{AD1AF50F-64E7-4CA7-8BE4-DD01F37FFC9A}" = protocol=17 | dir=in | app=c:\users\standardbenutzer\appdata\roaming\dropbox\bin\dropbox.exe |
"{AD76AFAB-EE44-4C78-9316-76560D905341}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{ADCE2F88-56D8-4F2F-AC0D-05AF1DFF5C2A}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{D9F8AD7B-EFA8-499B-9111-7CF806F376CD}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E08AEE87-21F4-4428-ADDE-14A5D8052FC4}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{FC2E7430-0A1E-4705-B83C-AA0AAC4175C9}" = dir=in | app=c:\program files\cyberlink\powerdvd8\powerdvd8.exe |
"TCP Query User{40592B21-1F3A-47B4-BFE6-595AA15CD42D}C:\program files\trillian\trillian.exe" = protocol=6 | dir=in | app=c:\program files\trillian\trillian.exe |
"TCP Query User{4AE8CB09-DAB7-4854-A48D-2A2F327A9EA3}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe |
"TCP Query User{6668E8C0-A5A8-4357-A73F-4F8E4DCBE2D6}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"TCP Query User{BB44C4D7-8D12-4C39-9D2C-D84A77F28ECA}C:\users\standardbenutzer\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\standardbenutzer\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{F08A9F71-765B-4C55-8BBB-A5F8EB299F61}C:\program files\trillian\trillian.exe" = protocol=6 | dir=in | app=c:\program files\trillian\trillian.exe |
"TCP Query User{F93E9518-5B0D-495E-97C8-5C759C963752}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe |
"UDP Query User{24DA48D3-021B-4D4B-9068-BA8C9A5AA3CE}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe |
"UDP Query User{3FDC6875-D75D-489B-9252-8707D6A4C4C1}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"UDP Query User{5A9EEBCB-B132-4291-8156-54DC382EB9BD}C:\users\standardbenutzer\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\standardbenutzer\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{5CBFC8D6-49C7-44C8-9B0A-AA5CA8019102}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe |
"UDP Query User{662A1BE7-6D06-43F4-BDE9-1AE5354779C3}C:\program files\trillian\trillian.exe" = protocol=17 | dir=in | app=c:\program files\trillian\trillian.exe |
"UDP Query User{6A7B28D7-2635-4DA7-BD6E-38A5DCD1FB6A}C:\program files\trillian\trillian.exe" = protocol=17 | dir=in | app=c:\program files\trillian\trillian.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{1CE60928-8325-49A8-8B06-633E48DD2B67}" = Cisco Systems VPN Client 5.0.07.0410
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Packard Bell PowerSave Solution
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{5C1BF3AC-B19D-4C26-B0A0-90833A521031}" = Nero 8 Essentials
"{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B96DADA-1A27-4A04-8CB2-CC45168D05FA}" = Windows Live Fotogalerie
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{709817E4-5439-4206-8738-796B34B623BD}" = MetaBoli
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}" = Norton Internet Security
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Packard Bell Recovery Management
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{835686C5-8650-49EB-8CA0-4528B4035495}" = Windows Live Call
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{8C1E2925-14F8-45AA-B999-1E2A74BF5607}" = Windows Live Sync
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AF0B106-56F1-461B-A270-95BC1682E282}" = Broadcom Gigabit NetLink Controller
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Video Web Camera
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.2) - Deutsch
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{C373F7C4-05D2-4047-96D1-6AF30661C6AA}" = PC Connectivity Solution
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DF5F687F-8018-4542-9F98-7084E9022917}" = Windows Live Essentials
"{E12C6653-1FF0-4686-ADB8-589C13AE761F}" = Citavi
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"CNXT_AUDIO_HDA" = Conexant HD Audio
"Defraggler" = Defraggler
"ESET Online Scanner" = ESET Online Scanner v3
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.9.908
"gateProtect VPN Client 3.0" = gateProtect VPN Client 3.0
"Google Chrome" = Google Chrome
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Identity Card" = Identity Card
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Packard Bell MyBackup
"Kyocera Product Library" = Kyocera Product Library
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Drivers" = NVIDIA Drivers
"Opera 11.62.1347" = Opera 11.62
"PackardBell Screensaver" = PackardBell ScreenSaver
"Phoenix Service Software 2009.20.010.39068_is1" = Phoenix Service Software 2009.20.010.39068
"Sandboxie" = Sandboxie 3.66 (32-bit)
"SetupMyPC" = SetupMyPC
"ShotOnline" = ShotOnline
"ShotOnline GER" = ShotOnline - remove only
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Trillian" = Trillian
"Uninstall_is1" = Uninstall 1.0.0.1
"Updator" = Updator
"VLC media player" = VLC media player 1.1.10
"Winamp" = Winamp
"WinCDEmu" = WinCDEmu
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.00 (32-bit)
"Zattoo4" = Zattoo4 4.0.5
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1129854550-330154470-1764584127-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1129854550-330154470-1764584127-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"R for Windows 2.13.1_is1" = R for Windows 2.13.1
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 26.03.2012 13:09:28 | Computer Name = Klemens-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksCal.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 26.03.2012 13:09:28 | Computer Name = Klemens-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksss.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 26.03.2012 13:09:28 | Computer Name = Klemens-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksWP.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 26.03.2012 13:10:35 | Computer Name = Klemens-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 27.03.2012 00:33:52 | Computer Name = Klemens-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksdb.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 27.03.2012 00:33:52 | Computer Name = Klemens-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksCal.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 27.03.2012 00:33:52 | Computer Name = Klemens-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksss.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 27.03.2012 00:33:52 | Computer Name = Klemens-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksWP.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 27.03.2012 00:34:42 | Computer Name = Klemens-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 27.03.2012 06:54:54 | Computer Name = Klemens-PC | Source = WinMgmt | ID = 10
Description =
 
[ OSession Events ]
Error - 14.12.2011 14:33:42 | Computer Name = Klemens-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 514
 seconds with 420 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 01.04.2012 15:54:42 | Computer Name = Klemens-PC | Source = DCOM | ID = 10016
Description =
 
Error - 01.04.2012 15:54:42 | Computer Name = Klemens-PC | Source = DCOM | ID = 10016
Description =
 
Error - 01.04.2012 15:54:45 | Computer Name = Klemens-PC | Source = DCOM | ID = 10016
Description =
 
Error - 01.04.2012 16:11:07 | Computer Name = Klemens-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 01.04.2012 16:11:07 | Computer Name = Klemens-PC | Source = Service Control Manager | ID = 7026
Description =
 
Error - 01.04.2012 16:11:53 | Computer Name = Klemens-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 02.04.2012 05:43:18 | Computer Name = Klemens-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 02.04.2012 05:43:18 | Computer Name = Klemens-PC | Source = Service Control Manager | ID = 7026
Description =
 
Error - 02.04.2012 18:51:07 | Computer Name = Klemens-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 02.04.2012 18:51:07 | Computer Name = Klemens-PC | Source = Service Control Manager | ID = 7026
Description =
 
 
< End of report >
--- --- ---


Edit: Ich habe nochmal nachgeschaut, wg der ODEON JAF.exe ich glaube, dass hatte ich mal im Zusammenhang mit meinem Handy. Das hatte sich beim Update aufgehängt und dann hab ich es via dead flash wieder neu aufgesetzt. Aber das ist en weilchen her schon und ich kann es auch nicht zu 100% sagen, dass ich das Programm daher habe

Hatte eben beim Hochfahren ein Blue Screen. Nach Neustart geht es jetzt nun wieder.

Der Computer ist nach einem schwerwiegenden Fehler neu gestartet. Der Fehlercode war: 0x00000050 (0x90544000, 0x00000000, 0x82cb3536, 0x00000000). Ein volles Abbild wurde gespeichert in: C:\Windows\MEMORY.DMP.

die DMP Datei kann ich leider nicht öffen, wenn du Sie brauchst kann ich sie aber natürlich noch als zip hochladen

cosinus 03.04.2012 15:48
Ist ziemlich unauffällig

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten, Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

baum89 03.04.2012 16:42
Code:
 

17:37:32.0082 2804        TDSS rootkit removing tool 2.7.25.0 Apr  3 2012 13:42:32
17:37:32.0331 2804        ============================================================
17:37:32.0331 2804        Current date / time: 2012/04/03 17:37:32.0331
17:37:32.0331 2804        SystemInfo:
17:37:32.0331 2804       
17:37:32.0331 2804        OS Version: 6.0.6002 ServicePack: 2.0
17:37:32.0331 2804        Product type: Workstation
17:37:32.0331 2804        ComputerName: KLEMENS-PC
17:37:32.0331 2804        UserName: Klemens
17:37:32.0331 2804        Windows directory: C:\Windows
17:37:32.0331 2804        System windows directory: C:\Windows
17:37:32.0331 2804        Processor architecture: Intel x86
17:37:32.0331 2804        Number of processors: 2
17:37:32.0331 2804        Page size: 0x1000
17:37:32.0331 2804        Boot type: Normal boot
17:37:32.0331 2804        ============================================================
17:37:32.0909 2804        Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
17:37:32.0909 2804        \Device\Harddisk0\DR0:
17:37:32.0924 2804        MBR used
17:37:32.0924 2804        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1388800, BlocksNum 0x12EFBFE0
17:37:32.0924 2804        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14284800, BlocksNum 0x111A9000
17:37:33.0018 2804        Initialize success
17:37:33.0018 2804        ============================================================
17:37:53.0380 3916        ============================================================
17:37:53.0380 3916        Scan started
17:37:53.0380 3916        Mode: Manual; SigCheck; TDLFS;
17:37:53.0380 3916        ============================================================
17:37:53.0926 3916        ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
17:37:54.0098 3916        ACPI - ok
17:37:54.0222 3916        AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
17:37:54.0238 3916        AdobeARMservice - ok
17:37:54.0394 3916        AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
17:37:54.0425 3916        AdobeFlashPlayerUpdateSvc - ok
17:37:54.0612 3916        adp94xx        (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
17:37:54.0675 3916        adp94xx - ok
17:37:54.0753 3916        adpahci        (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
17:37:54.0800 3916        adpahci - ok
17:37:54.0831 3916        adpu160m        (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
17:37:54.0846 3916        adpu160m - ok
17:37:54.0878 3916        adpu320        (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
17:37:54.0909 3916        adpu320 - ok
17:37:55.0018 3916        AeLookupSvc    (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
17:37:55.0255 3916        AeLookupSvc - ok
17:37:55.0415 3916        AFD            (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
17:37:55.0500 3916        AFD - ok
17:37:55.0685 3916        agp440          (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
17:37:55.0715 3916        agp440 - ok
17:37:56.0000 3916        aic78xx        (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
17:37:56.0025 3916        aic78xx - ok
17:37:56.0135 3916        ALG            (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
17:37:56.0277 3916        ALG - ok
17:37:56.0464 3916        aliide          (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
17:37:56.0495 3916        aliide - ok
17:37:56.0620 3916        amdagp          (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
17:37:56.0667 3916        amdagp - ok
17:37:56.0807 3916        amdide          (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
17:37:56.0823 3916        amdide - ok
17:37:56.0932 3916        AmdK7          (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
17:37:56.0995 3916        AmdK7 - ok
17:37:57.0119 3916        AmdK8          (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
17:37:57.0197 3916        AmdK8 - ok
17:37:57.0353 3916        AntiVirSchedulerService (c27d46b06d340293670450fce9dfb166) C:\Program Files\Avira\AntiVir Desktop\sched.exe
17:37:57.0369 3916        AntiVirSchedulerService - ok
17:37:57.0385 3916        AntiVirService  (72d90e56563165984224493069c69ed4) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
17:37:57.0400 3916        AntiVirService - ok
17:37:57.0525 3916        Appinfo        (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
17:37:57.0619 3916        Appinfo - ok
17:37:57.0759 3916        arc            (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
17:37:57.0775 3916        arc - ok
17:37:57.0884 3916        arcsas          (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
17:37:57.0915 3916        arcsas - ok
17:37:57.0946 3916        AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
17:37:58.0009 3916        AsyncMac - ok
17:37:58.0071 3916        atapi          (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
17:37:58.0087 3916        atapi - ok
17:37:58.0133 3916        AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
17:37:58.0196 3916        AudioEndpointBuilder - ok
17:37:58.0196 3916        Audiosrv        (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
17:37:58.0221 3916        Audiosrv - ok
17:37:58.0476 3916        avgntflt        (1e4114685de1ffa9675e09c6a1fb3f4b) C:\Windows\system32\DRIVERS\avgntflt.sys
17:37:58.0551 3916        avgntflt - ok
17:37:58.0651 3916        avipbb          (0f78d3dae6dedd99ae54c9491c62adf2) C:\Windows\system32\DRIVERS\avipbb.sys
17:37:58.0666 3916        avipbb - ok
17:37:58.0736 3916        b57nd60x        (502f1c30bd50b32d00ce4dcaecc3d3c7) C:\Windows\system32\DRIVERS\b57nd60x.sys
17:37:58.0796 3916        b57nd60x - ok
17:37:58.0976 3916        BazisVirtualCDBus (57aa10dd50410211c93ddc84ad55f7b3) C:\Windows\system32\DRIVERS\BazisVirtualCDBus.sys
17:37:59.0011 3916        BazisVirtualCDBus - ok
17:37:59.0136 3916        Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
17:37:59.0198 3916        Beep - ok
17:37:59.0292 3916        BFE            (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
17:37:59.0401 3916        BFE - ok
17:37:59.0619 3916        BITS            (93952506c6d67330367f7e7934b6a02f) C:\Windows\System32\qmgr.dll
17:37:59.0760 3916        BITS - ok
17:37:59.0978 3916        blbdrive        (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
17:38:00.0040 3916        blbdrive - ok
17:38:00.0165 3916        bowser          (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
17:38:00.0228 3916        bowser - ok
17:38:00.0368 3916        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
17:38:00.0399 3916        BrFiltLo - ok
17:38:00.0524 3916        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
17:38:00.0586 3916        BrFiltUp - ok
17:38:00.0696 3916        Browser        (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
17:38:00.0774 3916        Browser - ok
17:38:00.0867 3916        Brserid        (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
17:38:01.0054 3916        Brserid - ok
17:38:01.0164 3916        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
17:38:01.0236 3916        BrSerWdm - ok
17:38:01.0301 3916        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
17:38:01.0391 3916        BrUsbMdm - ok
17:38:01.0546 3916        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
17:38:01.0636 3916        BrUsbSer - ok
17:38:01.0731 3916        BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
17:38:01.0831 3916        BTHMODEM - ok
17:38:01.0936 3916        cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
17:38:01.0986 3916        cdfs - ok
17:38:02.0166 3916        cdrom          (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
17:38:02.0213 3916        cdrom - ok
17:38:02.0307 3916        CertPropSvc    (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
17:38:02.0369 3916        CertPropSvc - ok
17:38:02.0400 3916        circlass        (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
17:38:02.0478 3916        circlass - ok
17:38:02.0619 3916        CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
17:38:02.0650 3916        CLFS - ok
17:38:02.0759 3916        clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:38:02.0790 3916        clr_optimization_v2.0.50727_32 - ok
17:38:02.0931 3916        clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:38:02.0978 3916        clr_optimization_v4.0.30319_32 - ok
17:38:03.0056 3916        CmBatt          (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
17:38:03.0118 3916        CmBatt - ok
17:38:03.0134 3916        cmdide          (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
17:38:03.0165 3916        cmdide - ok
17:38:03.0305 3916        CnxtHdAudService (01b80273c019f0f25f27fa2e80a85578) C:\Windows\system32\drivers\CHDRT32.sys
17:38:03.0399 3916        CnxtHdAudService - ok
17:38:03.0524 3916        Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
17:38:03.0555 3916        Compbatt - ok
17:38:03.0602 3916        COMSysApp - ok
17:38:03.0742 3916        crcdisk        (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
17:38:03.0773 3916        crcdisk - ok
17:38:03.0820 3916        Crusoe          (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
17:38:03.0867 3916        Crusoe - ok
17:38:03.0945 3916        CryptSvc        (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll
17:38:03.0992 3916        CryptSvc - ok
17:38:04.0054 3916        CVirtA          (b5ecadf7708960f1818c7fa015f4c239) C:\Windows\system32\DRIVERS\CVirtA.sys
17:38:04.0101 3916        CVirtA - ok
17:38:04.0266 3916        CVPND          (30443eef52f5fb043654859eaa8e5247) C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
17:38:04.0391 3916        CVPND - ok
17:38:04.0531 3916        CVPNDRVA        (cb90b2762b1a1d0b40496400c55b6ade) C:\Windows\system32\Drivers\CVPNDRVA.sys
17:38:04.0596 3916        CVPNDRVA ( UnsignedFile.Multi.Generic ) - warning
17:38:04.0596 3916        CVPNDRVA - detected UnsignedFile.Multi.Generic (1)
17:38:04.0671 3916        DcomLaunch      (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
17:38:04.0776 3916        DcomLaunch - ok
17:38:04.0961 3916        DfsC            (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
17:38:05.0016 3916        DfsC - ok
17:38:05.0245 3916        DFSR            (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
17:38:05.0432 3916        DFSR - ok
17:38:05.0572 3916        Dhcp            (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
17:38:05.0619 3916        Dhcp - ok
17:38:05.0713 3916        disk            (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
17:38:05.0744 3916        disk - ok
17:38:05.0775 3916        DKbFltr        (73baf270d24fe726b9cd7f80bb17a23d) C:\Windows\system32\DRIVERS\DKbFltr.sys
17:38:05.0791 3916        DKbFltr - ok
17:38:05.0884 3916        DNE            (b5aa5aa5ac327bd7c1aec0c58f0c1144) C:\Windows\system32\DRIVERS\dne2000.sys
17:38:05.0915 3916        DNE - ok
17:38:06.0025 3916        Dnscache        (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
17:38:06.0071 3916        Dnscache - ok
17:38:06.0149 3916        dot3svc        (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
17:38:06.0212 3916        dot3svc - ok
17:38:06.0243 3916        DPS            (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
17:38:06.0290 3916        DPS - ok
17:38:06.0446 3916        drmkaud        (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
17:38:06.0524 3916        drmkaud - ok
17:38:06.0586 3916        DXGKrnl        (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
17:38:06.0633 3916        DXGKrnl - ok
17:38:06.0758 3916        E1G60          (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
17:38:06.0820 3916        E1G60 - ok
17:38:06.0867 3916        EapHost        (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
17:38:06.0898 3916        EapHost - ok
17:38:06.0992 3916        Ecache          (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
17:38:07.0023 3916        Ecache - ok
17:38:07.0085 3916        ehRecvr        (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
17:38:07.0148 3916        ehRecvr - ok
17:38:07.0163 3916        ehSched        (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
17:38:07.0241 3916        ehSched - ok
17:38:07.0281 3916        ehstart        (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
17:38:07.0311 3916        ehstart - ok
17:38:07.0431 3916        elxstor        (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
17:38:07.0486 3916        elxstor - ok
17:38:07.0641 3916        EMDMgmt        (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
17:38:07.0721 3916        EMDMgmt - ok
17:38:07.0891 3916        ePowerSvc      (2072cbe938dd355c4a52e9a4dcf5439f) C:\Program Files\Packard Bell\Packard Bell PowerSave Solution\ePowerSvc.exe
17:38:07.0991 3916        ePowerSvc - ok
17:38:08.0104 3916        ErrDev          (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
17:38:08.0167 3916        ErrDev - ok
17:38:08.0229 3916        EventSystem    (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
17:38:08.0276 3916        EventSystem - ok
17:38:08.0370 3916        exfat          (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
17:38:08.0432 3916        exfat - ok
17:38:08.0479 3916        fastfat        (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
17:38:08.0526 3916        fastfat - ok
17:38:08.0619 3916        fdc            (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
17:38:08.0666 3916        fdc - ok
17:38:08.0713 3916        fdPHost        (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
17:38:08.0744 3916        fdPHost - ok
17:38:08.0900 3916        FDResPub        (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
17:38:08.0994 3916        FDResPub - ok
17:38:09.0087 3916        FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
17:38:09.0103 3916        FileInfo - ok
17:38:09.0118 3916        Filetrace      (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
17:38:09.0165 3916        Filetrace - ok
17:38:09.0274 3916        FLEXnet Licensing Service (227846995afeefa70d328bf5334a86a5) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
17:38:09.0352 3916        FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning
17:38:09.0352 3916        FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)
17:38:09.0430 3916        flpydisk        (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
17:38:09.0493 3916        flpydisk - ok
17:38:09.0555 3916        FltMgr          (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
17:38:09.0586 3916        FltMgr - ok
17:38:09.0742 3916        FontCache      (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
17:38:09.0883 3916        FontCache - ok
17:38:09.0961 3916        FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
17:38:09.0992 3916        FontCache3.0.0.0 - ok
17:38:10.0101 3916        Fs_Rec          (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
17:38:10.0132 3916        Fs_Rec - ok
17:38:10.0210 3916        gagp30kx        (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
17:38:10.0226 3916        gagp30kx - ok
17:38:10.0267 3916        gpsvc          (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
17:38:10.0387 3916        gpsvc - ok
17:38:10.0532 3916        GPVPNService    (676cc03365c8b1daceb5260ae0fe1e8e) C:\Program Files\gateProtect\VPN Client\bin\Service.exe
17:38:10.0542 3916        GPVPNService ( UnsignedFile.Multi.Generic ) - warning
17:38:10.0542 3916        GPVPNService - detected UnsignedFile.Multi.Generic (1)
17:38:10.0637 3916        gupdate        (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
17:38:10.0652 3916        gupdate - ok
17:38:10.0667 3916        gupdatem        (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
17:38:10.0682 3916        gupdatem - ok
17:38:10.0802 3916        HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
17:38:10.0892 3916        HdAudAddService - ok
17:38:11.0074 3916        HDAudBus        (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
17:38:11.0183 3916        HDAudBus - ok
17:38:11.0292 3916        HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
17:38:11.0386 3916        HidBth - ok
17:38:11.0402 3916        HidIr          (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
17:38:11.0495 3916        HidIr - ok
17:38:11.0589 3916        hidserv        (84067081f3318162797385e11a8f0582) C:\Windows\system32\hidserv.dll
17:38:11.0651 3916        hidserv - ok
17:38:11.0776 3916        HidUsb          (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
17:38:11.0838 3916        HidUsb - ok
17:38:11.0932 3916        hkmsvc          (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
17:38:12.0010 3916        hkmsvc - ok
17:38:12.0041 3916        HpCISSs        (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
17:38:12.0072 3916        HpCISSs - ok
17:38:12.0166 3916        HSFHWAZL        (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
17:38:12.0228 3916        HSFHWAZL - ok
17:38:12.0322 3916        HSF_DPV        (ec36f1d542ed4252390d446bf6d4dfd0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
17:38:12.0447 3916        HSF_DPV - ok
17:38:12.0618 3916        HTTP            (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
17:38:12.0712 3916        HTTP - ok
17:38:12.0806 3916        i2omp          (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
17:38:12.0821 3916        i2omp - ok
17:38:12.0868 3916        i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
17:38:12.0915 3916        i8042prt - ok
17:38:13.0024 3916        iaStor          (71ecc07bc7c5e24c3dd01d8a29a24054) C:\Windows\system32\DRIVERS\iaStor.sys
17:38:13.0071 3916        iaStor - ok
17:38:13.0133 3916        iaStorV        (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
17:38:13.0164 3916        iaStorV - ok
17:38:13.0242 3916        idsvc          (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:38:13.0293 3916        idsvc - ok
17:38:13.0458 3916        iirsp          (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
17:38:13.0483 3916        iirsp - ok
17:38:13.0623 3916        IKEEXT          (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
17:38:13.0753 3916        IKEEXT - ok
17:38:13.0933 3916        intelide        (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
17:38:13.0953 3916        intelide - ok
17:38:14.0018 3916        intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
17:38:14.0090 3916        intelppm - ok
17:38:14.0137 3916        IPBusEnum      (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
17:38:14.0184 3916        IPBusEnum - ok
17:38:14.0293 3916        IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:38:14.0356 3916        IpFilterDriver - ok
17:38:14.0449 3916        iphlpsvc        (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
17:38:14.0527 3916        iphlpsvc - ok
17:38:14.0636 3916        IpInIp - ok
17:38:14.0714 3916        IPMIDRV        (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
17:38:14.0777 3916        IPMIDRV - ok
17:38:14.0855 3916        IPNAT          (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
17:38:14.0917 3916        IPNAT - ok
17:38:15.0120 3916        irda            (e50a95179211b12946f7e035d60af560) C:\Windows\system32\DRIVERS\irda.sys
17:38:15.0167 3916        irda - ok
17:38:15.0260 3916        IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
17:38:15.0307 3916        IRENUM - ok
17:38:15.0338 3916        Irmon          (cbb0d940221a281bcfeaea695bd1cda5) C:\Windows\System32\irmon.dll
17:38:15.0432 3916        Irmon - ok
17:38:15.0518 3916        isapnp          (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
17:38:15.0548 3916        isapnp - ok
17:38:15.0588 3916        iScsiPrt        (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
17:38:15.0613 3916        iScsiPrt - ok
17:38:15.0775 3916        iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
17:38:15.0780 3916        iteatapi - ok
17:38:15.0875 3916        iteraid        (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
17:38:15.0905 3916        iteraid - ok
17:38:16.0015 3916        k57nd60x        (eac21e8014c7e6ee341afffb7e2bbd54) C:\Windows\system32\DRIVERS\k57nd60x.sys
17:38:16.0080 3916        k57nd60x - ok
17:38:16.0205 3916        kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
17:38:16.0225 3916        kbdclass - ok
17:38:16.0295 3916        kbdhid          (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
17:38:16.0335 3916        kbdhid - ok
17:38:16.0360 3916        KeyIso          (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
17:38:16.0420 3916        KeyIso - ok
17:38:16.0530 3916        KSecDD          (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
17:38:16.0600 3916        KSecDD - ok
17:38:16.0725 3916        KtmRm          (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
17:38:16.0815 3916        KtmRm - ok
17:38:16.0920 3916        LanmanServer    (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\system32\srvsvc.dll
17:38:16.0975 3916        LanmanServer - ok
17:38:17.0140 3916        LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
17:38:17.0200 3916        LanmanWorkstation - ok
17:38:17.0315 3916        lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
17:38:17.0355 3916        lltdio - ok
17:38:17.0495 3916        lltdsvc        (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
17:38:17.0555 3916        lltdsvc - ok
17:38:17.0650 3916        lmhosts        (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
17:38:17.0730 3916        lmhosts - ok
17:38:17.0855 3916        LSI_FC          (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
17:38:17.0885 3916        LSI_FC - ok
17:38:17.0920 3916        LSI_SAS        (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
17:38:17.0935 3916        LSI_SAS - ok
17:38:18.0005 3916        LSI_SCSI        (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
17:38:18.0020 3916        LSI_SCSI - ok
17:38:18.0035 3916        luafv          (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
17:38:18.0095 3916        luafv - ok
17:38:18.0185 3916        Mcx2Svc        (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
17:38:18.0235 3916        Mcx2Svc - ok
17:38:18.0330 3916        megasas        (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
17:38:18.0355 3916        megasas - ok
17:38:18.0400 3916        MegaSR          (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
17:38:18.0465 3916        MegaSR - ok
17:38:18.0580 3916        MMCSS          (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
17:38:18.0645 3916        MMCSS - ok
17:38:18.0695 3916        Modem          (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
17:38:18.0750 3916        Modem - ok
17:38:18.0820 3916        monitor        (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
17:38:18.0880 3916        monitor - ok
17:38:18.0935 3916        mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
17:38:18.0960 3916        mouclass - ok
17:38:19.0050 3916        mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
17:38:19.0115 3916        mouhid - ok
17:38:19.0280 3916        MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
17:38:19.0300 3916        MountMgr - ok
17:38:19.0400 3916        mpio            (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
17:38:19.0430 3916        mpio - ok
17:38:19.0455 3916        mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
17:38:19.0515 3916        mpsdrv - ok
17:38:19.0770 3916        MpsSvc          (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
17:38:19.0890 3916        MpsSvc - ok
17:38:20.0061 3916        Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
17:38:20.0077 3916        Mraid35x - ok
17:38:20.0217 3916        MRxDAV          (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
17:38:20.0262 3916        MRxDAV - ok
17:38:20.0377 3916        mrxsmb          (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
17:38:20.0467 3916        mrxsmb - ok
17:38:20.0532 3916        mrxsmb10        (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:38:20.0572 3916        mrxsmb10 - ok
17:38:20.0652 3916        mrxsmb20        (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:38:20.0672 3916        mrxsmb20 - ok
17:38:20.0727 3916        msahci          (f70590424eefbf5c27a40c67afdb8383) C:\Windows\system32\drivers\msahci.sys
17:38:20.0747 3916        msahci - ok
17:38:20.0912 3916        msdsm          (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
17:38:20.0932 3916        msdsm - ok
17:38:21.0087 3916        MSDTC          (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
17:38:21.0152 3916        MSDTC - ok
17:38:21.0312 3916        Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
17:38:21.0417 3916        Msfs - ok
17:38:21.0517 3916        msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
17:38:21.0542 3916        msisadrv - ok
17:38:21.0652 3916        MSiSCSI        (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
17:38:21.0742 3916        MSiSCSI - ok
17:38:21.0812 3916        msiserver - ok
17:38:21.0862 3916        MSKSSRV        (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
17:38:21.0912 3916        MSKSSRV - ok
17:38:22.0042 3916        MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
17:38:22.0117 3916        MSPCLOCK - ok
17:38:22.0182 3916        MSPQM          (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
17:38:22.0262 3916        MSPQM - ok
17:38:22.0312 3916        MsRPC          (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
17:38:22.0332 3916        MsRPC - ok
17:38:22.0402 3916        mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
17:38:22.0417 3916        mssmbios - ok
17:38:22.0462 3916        MSTEE          (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
17:38:22.0502 3916        MSTEE - ok
17:38:22.0697 3916        Mup            (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
17:38:22.0717 3916        Mup - ok
17:38:22.0827 3916        napagent        (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
17:38:22.0892 3916        napagent - ok
17:38:23.0022 3916        NativeWifiP    (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
17:38:23.0047 3916        NativeWifiP - ok
17:38:23.0067 3916        NAVENG - ok
17:38:23.0077 3916        NAVEX15 - ok
17:38:23.0297 3916        NDIS            (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
17:38:23.0347 3916        NDIS - ok
17:38:23.0610 3916        NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
17:38:23.0657 3916        NdisTapi - ok
17:38:23.0844 3916        Ndisuio        (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
17:38:23.0891 3916        Ndisuio - ok
17:38:24.0078 3916        NdisWan        (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
17:38:24.0125 3916        NdisWan - ok
17:38:24.0219 3916        NDProxy        (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
17:38:24.0265 3916        NDProxy - ok
17:38:24.0421 3916        Nero BackItUp Scheduler 3 (40d7d0a208ee863bca8d89e299216f15) C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
17:38:24.0457 3916        Nero BackItUp Scheduler 3 - ok
17:38:24.0577 3916        NetBIOS        (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
17:38:24.0632 3916        NetBIOS - ok
17:38:24.0707 3916        netbt          (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
17:38:24.0772 3916        netbt - ok
17:38:24.0852 3916        Netlogon        (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
17:38:24.0872 3916        Netlogon - ok
17:38:25.0022 3916        Netman          (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
17:38:25.0102 3916        Netman - ok
17:38:25.0247 3916        netprofm        (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
17:38:25.0317 3916        netprofm - ok
17:38:25.0427 3916        NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:38:25.0447 3916        NetTcpPortSharing - ok
17:38:25.0832 3916        NETw5v32        (ae642d069681a826d5f16e4f6ad158f3) C:\Windows\system32\DRIVERS\NETw5v32.sys
17:38:26.0152 3916        NETw5v32 - ok
17:38:26.0352 3916        nfrd960        (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
17:38:26.0377 3916        nfrd960 - ok
17:38:26.0452 3916        NlaSvc          (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
17:38:26.0497 3916        NlaSvc - ok
17:38:26.0592 3916        NMIndexingService (cd4326bc339f98de21aa07b208a305ae) C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
17:38:26.0627 3916        NMIndexingService - ok
17:38:26.0887 3916        Npfs            (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
17:38:26.0932 3916        Npfs - ok
17:38:26.0977 3916        npggsvc - ok
17:38:27.0022 3916        NSCIRDA        (6d8d2e5652fc2442c810c5d8be784148) C:\Windows\system32\DRIVERS\nscirda.sys
17:38:27.0097 3916        NSCIRDA - ok
17:38:27.0117 3916        nsi            (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
17:38:27.0177 3916        nsi - ok
17:38:27.0311 3916        nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
17:38:27.0357 3916        nsiproxy - ok
17:38:27.0435 3916        Ntfs            (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
17:38:27.0498 3916        Ntfs - ok
17:38:27.0560 3916        NTI IScheduleSvc (0f0f75069c8016645dfcae93a190cacf) C:\Program Files\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe
17:38:27.0576 3916        NTI IScheduleSvc - ok
17:38:27.0638 3916        NTIDrvr        (6dcaa65f49ef3b97a5cffc0cb5de1c2f) C:\Windows\system32\drivers\NTIDrvr.sys
17:38:27.0654 3916        NTIDrvr - ok
17:38:27.0685 3916        ntrigdigi      (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
17:38:27.0747 3916        ntrigdigi - ok
17:38:27.0763 3916        Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
17:38:27.0810 3916        Null - ok
17:38:27.0872 3916        NVHDA          (603b0c9bb86f7b3efb88a482c6663ec4) C:\Windows\system32\drivers\nvhda32v.sys
17:38:27.0872 3916        NVHDA - ok
17:38:28.0184 3916        nvlddmkm        (3a3eb304b9bd9f4f6b3b745972f2c1e5) C:\Windows\system32\DRIVERS\nvlddmkm.sys
17:38:28.0742 3916        nvlddmkm - ok
17:38:28.0827 3916        nvraid          (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
17:38:28.0842 3916        nvraid - ok
17:38:28.0852 3916        nvstor          (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
17:38:28.0872 3916        nvstor - ok
17:38:28.0917 3916        nvsvc          (c4efe7a3370351ed15ae728517fe09cb) C:\Windows\system32\nvvsvc.exe
17:38:28.0937 3916        nvsvc - ok
17:38:29.0077 3916        nv_agp          (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
17:38:29.0092 3916        nv_agp - ok
17:38:29.0167 3916        NwlnkFlt - ok
17:38:29.0177 3916        NwlnkFwd - ok
17:38:29.0262 3916        odserv          (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
17:38:29.0292 3916        odserv - ok
17:38:29.0462 3916        ohci1394        (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
17:38:29.0522 3916        ohci1394 - ok
17:38:29.0622 3916        ose            (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:38:29.0642 3916        ose - ok
17:38:29.0747 3916        p2pimsvc        (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
17:38:29.0857 3916        p2pimsvc - ok
17:38:29.0947 3916        p2psvc          (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
17:38:29.0982 3916        p2psvc - ok
17:38:30.0167 3916        Parport        (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
17:38:30.0237 3916        Parport - ok
17:38:30.0382 3916        partmgr        (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
17:38:30.0412 3916        partmgr - ok
17:38:30.0547 3916        Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
17:38:30.0627 3916        Parvdm - ok
17:38:30.0777 3916        PcaSvc          (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
17:38:30.0827 3916        PcaSvc - ok
17:38:30.0967 3916        pccsmcfd        (fd2041e9ba03db7764b2248f02475079) C:\Windows\system32\DRIVERS\pccsmcfd.sys
17:38:31.0022 3916        pccsmcfd - ok
17:38:31.0142 3916        pci            (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
17:38:31.0162 3916        pci - ok
17:38:31.0362 3916        pciide          (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
17:38:31.0392 3916        pciide - ok
17:38:31.0493 3916        pcmcia          (b7c5a8769541900f6dfa6fe0c5e4d513) C:\Windows\system32\DRIVERS\pcmcia.sys
17:38:31.0509 3916        pcmcia - ok
17:38:31.0571 3916        PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
17:38:31.0759 3916        PEAUTH - ok
17:38:31.0935 3916        pla            (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
17:38:32.0070 3916        pla - ok
17:38:32.0300 3916        PLFlash DeviceIoControl Service (875e4e0661f3a5994df9e5e3a0a4f96b) C:\Windows\system32\IoctlSvc.exe
17:38:32.0320 3916        PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - warning
17:38:32.0320 3916        PLFlash DeviceIoControl Service - detected UnsignedFile.Multi.Generic (1)
17:38:32.0510 3916        PlugPlay        (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
17:38:32.0565 3916        PlugPlay - ok
17:38:32.0780 3916        PNRPAutoReg    (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
17:38:32.0845 3916        PNRPAutoReg - ok
17:38:32.0950 3916        PNRPsvc        (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
17:38:33.0010 3916        PNRPsvc - ok
17:38:33.0320 3916        PolicyAgent    (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
17:38:33.0450 3916        PolicyAgent - ok
17:38:33.0750 3916        PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
17:38:33.0805 3916        PptpMiniport - ok
17:38:33.0900 3916        Processor      (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
17:38:33.0940 3916        Processor - ok
17:38:33.0990 3916        ProfSvc        (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
17:38:34.0045 3916        ProfSvc - ok
17:38:34.0320 3916        ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
17:38:34.0340 3916        ProtectedStorage - ok
17:38:34.0425 3916        PSched          (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
17:38:34.0465 3916        PSched - ok
17:38:34.0495 3916        PxHelp20        (e42e3433dbb4cffe8fdd91eab29aea8e) C:\Windows\system32\Drivers\PxHelp20.sys
17:38:34.0505 3916        PxHelp20 - ok
17:38:34.0635 3916        ql2300          (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
17:38:34.0785 3916        ql2300 - ok
17:38:35.0015 3916        ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
17:38:35.0066 3916        ql40xx - ok
17:38:35.0269 3916        QWAVE          (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
17:38:35.0362 3916        QWAVE - ok
17:38:35.0752 3916        QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
17:38:35.0784 3916        QWAVEdrv - ok
17:38:35.0859 3916        RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
17:38:35.0914 3916        RasAcd - ok
17:38:35.0944 3916        RasAuto        (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
17:38:35.0994 3916        RasAuto - ok
17:38:36.0089 3916        Rasl2tp        (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
17:38:36.0144 3916        Rasl2tp - ok
17:38:36.0214 3916        RasMan          (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
17:38:36.0259 3916        RasMan - ok
17:38:36.0319 3916        RasPppoe        (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
17:38:36.0349 3916        RasPppoe - ok
17:38:36.0384 3916        RasSstp        (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
17:38:36.0409 3916        RasSstp - ok
17:38:36.0439 3916        rdbss          (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
17:38:36.0479 3916        rdbss - ok
17:38:36.0539 3916        RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
17:38:36.0589 3916        RDPCDD - ok
17:38:36.0619 3916        rdpdr          (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
17:38:36.0664 3916        rdpdr - ok
17:38:36.0739 3916        RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
17:38:36.0789 3916        RDPENCDD - ok
17:38:36.0834 3916        RDPWD          (79c6df8477250f5c54f7c5ae1d6b814e) C:\Windows\system32\drivers\RDPWD.sys
17:38:36.0894 3916        RDPWD - ok
17:38:36.0979 3916        RemoteAccess    (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
17:38:37.0024 3916        RemoteAccess - ok
17:38:37.0079 3916        RemoteRegistry  (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
17:38:37.0109 3916        RemoteRegistry - ok
17:38:37.0169 3916        RpcLocator      (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
17:38:37.0204 3916        RpcLocator - ok
17:38:37.0289 3916        RpcSs          (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
17:38:37.0334 3916        RpcSs - ok
17:38:37.0399 3916        rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
17:38:37.0449 3916        rspndr - ok
17:38:37.0489 3916        RTSTOR          (d97d8259293b7a82cb891f37f997df3f) C:\Windows\system32\drivers\RTSTOR.SYS
17:38:37.0524 3916        RTSTOR - ok
17:38:37.0584 3916        SamSs          (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
17:38:37.0609 3916        SamSs - ok
17:38:37.0664 3916        SbieDrv        (06f16ace5a2a70d8c63752cbb4c6a49d) C:\Program Files\Sandboxie\SbieDrv.sys
17:38:37.0689 3916        SbieDrv - ok
17:38:37.0714 3916        SbieSvc        (569655df98d880680d2904940c94d16c) C:\Program Files\Sandboxie\SbieSvc.exe
17:38:37.0729 3916        SbieSvc - ok
17:38:37.0814 3916        sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
17:38:37.0834 3916        sbp2port - ok
17:38:37.0864 3916        SCardSvr        (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
17:38:37.0899 3916        SCardSvr - ok
17:38:37.0999 3916        Schedule        (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
17:38:38.0099 3916        Schedule - ok
17:38:38.0199 3916        SCPolicySvc    (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
17:38:38.0234 3916        SCPolicySvc - ok
17:38:38.0264 3916        sdbus          (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
17:38:38.0304 3916        sdbus - ok
17:38:38.0354 3916        SDRSVC          (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
17:38:38.0419 3916        SDRSVC - ok
17:38:38.0504 3916        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
17:38:38.0594 3916        secdrv - ok
17:38:38.0634 3916        seclogon        (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
17:38:38.0684 3916        seclogon - ok
17:38:38.0810 3916        SENS            (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll
17:38:38.0873 3916        SENS - ok
17:38:39.0013 3916        Serenum        (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
17:38:39.0074 3916        Serenum - ok
17:38:39.0264 3916        Serial          (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
17:38:39.0373 3916        Serial - ok
17:38:39.0639 3916        sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
17:38:39.0685 3916        sermouse - ok
17:38:39.0763 3916        ServiceLayer    (8c1f87f5fdd92229d1754b98f073913f) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
17:38:39.0795 3916        ServiceLayer ( UnsignedFile.Multi.Generic ) - warning
17:38:39.0795 3916        ServiceLayer - detected UnsignedFile.Multi.Generic (1)
17:38:39.0951 3916        SessionEnv      (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
17:38:39.0997 3916        SessionEnv - ok
17:38:40.0169 3916        sffdisk        (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
17:38:40.0200 3916        sffdisk - ok
17:38:40.0319 3916        sffp_mmc        (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
17:38:40.0379 3916        sffp_mmc - ok
17:38:40.0501 3916        sffp_sd        (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
17:38:40.0547 3916        sffp_sd - ok
17:38:40.0735 3916        sfloppy        (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
17:38:40.0818 3916        sfloppy - ok
17:38:40.0938 3916        SharedAccess    (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
17:38:41.0013 3916        SharedAccess - ok
17:38:41.0214 3916        ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
17:38:41.0261 3916        ShellHWDetection - ok
17:38:41.0355 3916        sisagp          (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
17:38:41.0386 3916        sisagp - ok
17:38:41.0386 3916        SiSRaid2        (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
17:38:41.0417 3916        SiSRaid2 - ok
17:38:41.0417 3916        SiSRaid4        (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
17:38:41.0433 3916        SiSRaid4 - ok
17:38:41.0604 3916        slsvc          (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
17:38:41.0869 3916        slsvc - ok
17:38:41.0963 3916        SLUINotify      (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
17:38:42.0009 3916        SLUINotify - ok
17:38:42.0087 3916        Smb            (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
17:38:42.0150 3916        Smb - ok
17:38:42.0259 3916        SNMPTRAP        (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
17:38:42.0275 3916        SNMPTRAP - ok
17:38:42.0384 3916        spldr          (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
17:38:42.0415 3916        spldr - ok
17:38:42.0509 3916        Spooler        (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
17:38:42.0555 3916        Spooler - ok
17:38:42.0633 3916        SRTSP - ok
17:38:42.0665 3916        SRTSPX - ok
17:38:42.0821 3916        srv            (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
17:38:42.0867 3916        srv - ok
17:38:42.0961 3916        srv2            (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
17:38:43.0008 3916        srv2 - ok
17:38:43.0023 3916        srvnet          (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
17:38:43.0055 3916        srvnet - ok
17:38:43.0133 3916        SSDPSRV        (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
17:38:43.0195 3916        SSDPSRV - ok
17:38:43.0289 3916        ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
17:38:43.0304 3916        ssmdrv - ok
17:38:43.0340 3916        SstpSvc        (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
17:38:43.0360 3916        SstpSvc - ok
17:38:43.0518 3916        stisvc          (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
17:38:43.0580 3916        stisvc - ok
17:38:43.0658 3916        swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
17:38:43.0674 3916        swenum - ok
17:38:43.0721 3916        swprv          (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
17:38:43.0767 3916        swprv - ok
17:38:43.0855 3916        Symc8xx        (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
17:38:43.0870 3916        Symc8xx - ok
17:38:43.0885 3916        Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
17:38:43.0900 3916        Sym_hi - ok
17:38:43.0910 3916        Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
17:38:43.0925 3916        Sym_u3 - ok
17:38:43.0975 3916        SynTP          (5c3e900f41426a372de60675afc8aa07) C:\Windows\system32\DRIVERS\SynTP.sys
17:38:44.0045 3916        SynTP - ok
17:38:44.0201 3916        SysMain        (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
17:38:44.0263 3916        SysMain - ok
17:38:44.0341 3916        TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
17:38:44.0419 3916        TabletInputService - ok
17:38:44.0497 3916        tap0901        (5c7c939bbd03784fe58c80578d065cc9) C:\Windows\system32\DRIVERS\tap0901.sys
17:38:44.0544 3916        tap0901 - ok
17:38:44.0560 3916        TapiSrv        (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
17:38:44.0606 3916        TapiSrv - ok
17:38:44.0716 3916        TBS            (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
17:38:44.0762 3916        TBS - ok
17:38:44.0950 3916        Tcpip          (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
17:38:45.0043 3916        Tcpip - ok
17:38:45.0168 3916        Tcpip6          (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
17:38:45.0277 3916        Tcpip6 - ok
17:38:45.0402 3916        tcpipreg        (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
17:38:45.0433 3916        tcpipreg - ok
17:38:45.0480 3916        TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
17:38:45.0542 3916        TDPIPE - ok
17:38:45.0605 3916        TDTCP          (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
17:38:45.0652 3916        TDTCP - ok
17:38:45.0735 3916        tdx            (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
17:38:45.0810 3916        tdx - ok
17:38:45.0945 3916        TermDD          (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
17:38:45.0970 3916        TermDD - ok
17:38:46.0010 3916        TermService    (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
17:38:46.0095 3916        TermService - ok
17:38:46.0190 3916        Themes          (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
17:38:46.0215 3916        Themes - ok
17:38:46.0415 3916        THREADORDER    (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
17:38:46.0470 3916        THREADORDER - ok
17:38:46.0657 3916        TrkWks          (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
17:38:46.0704 3916        TrkWks - ok
17:38:46.0810 3916        TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
17:38:46.0865 3916        TrustedInstaller - ok
17:38:46.0980 3916        tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
17:38:47.0035 3916        tssecsrv - ok
17:38:47.0070 3916        tunmp          (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
17:38:47.0115 3916        tunmp - ok
17:38:47.0205 3916        tunnel          (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
17:38:47.0262 3916        tunnel - ok
17:38:47.0308 3916        uagp35          (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
17:38:47.0355 3916        uagp35 - ok
17:38:47.0433 3916        UBHelper        (d79c0b9bb011218b93705cbf77fa3e5e) C:\Windows\system32\drivers\UBHelper.sys
17:38:47.0449 3916        UBHelper - ok
17:38:47.0496 3916        udfs            (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
17:38:47.0527 3916        udfs - ok
17:38:47.0574 3916        UI0Detect      (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
17:38:47.0620 3916        UI0Detect - ok
17:38:47.0698 3916        uliagpkx        (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
17:38:47.0714 3916        uliagpkx - ok
17:38:47.0730 3916        uliahci        (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
17:38:47.0761 3916        uliahci - ok
17:38:47.0776 3916        UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
17:38:47.0792 3916        UlSata - ok
17:38:48.0104 3916        ulsata2        (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
17:38:48.0166 3916        ulsata2 - ok
17:38:48.0322 3916        umbus          (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
17:38:48.0385 3916        umbus - ok
17:38:48.0541 3916        upnphost        (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
17:38:48.0603 3916        upnphost - ok
17:38:48.0837 3916        usbccgp        (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
17:38:48.0900 3916        usbccgp - ok
17:38:49.0040 3916        usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
17:38:49.0118 3916        usbcir - ok
17:38:49.0196 3916        usbehci        (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
17:38:49.0227 3916        usbehci - ok
17:38:49.0258 3916        usbhub          (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
17:38:49.0305 3916        usbhub - ok
17:38:49.0441 3916        usbohci        (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
17:38:49.0534 3916        usbohci - ok
17:38:49.0675 3916        usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
17:38:49.0722 3916        usbprint - ok
17:38:49.0815 3916        usbser          (d575246188f63de0accf6eac5fb59e6a) C:\Windows\system32\drivers\usbser.sys
17:38:49.0846 3916        usbser - ok
17:38:49.0878 3916        USBSTOR        (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:38:49.0898 3916        USBSTOR - ok
17:38:49.0983 3916        usbuhci        (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
17:38:50.0023 3916        usbuhci - ok
17:38:50.0038 3916        usbvideo        (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
17:38:50.0110 3916        usbvideo - ok
17:38:50.0141 3916        UxSms          (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
17:38:50.0172 3916        UxSms - ok
17:38:50.0313 3916        vds            (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
17:38:50.0375 3916        vds - ok
17:38:50.0500 3916        vga            (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
17:38:50.0547 3916        vga - ok
17:38:50.0703 3916        VgaSave        (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
17:38:50.0750 3916        VgaSave - ok
17:38:50.0890 3916        viaagp          (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
17:38:50.0906 3916        viaagp - ok
17:38:50.0968 3916        ViaC7          (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
17:38:51.0015 3916        ViaC7 - ok
17:38:51.0062 3916        viaide          (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
17:38:51.0077 3916        viaide - ok
17:38:51.0140 3916        volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
17:38:51.0155 3916        volmgr - ok
17:38:51.0186 3916        volmgrx        (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
17:38:51.0202 3916        volmgrx - ok
17:38:51.0233 3916        volsnap        (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
17:38:51.0249 3916        volsnap - ok
17:38:51.0280 3916        vsbus          (1c8a783e90c34d205596f1ab4a97e261) C:\Windows\system32\DRIVERS\vsb.sys
17:38:51.0296 3916        vsbus ( UnsignedFile.Multi.Generic ) - warning
17:38:51.0296 3916        vsbus - detected UnsignedFile.Multi.Generic (1)
17:38:51.0342 3916        vserial        (3377daa1cb8cac46a538c236f5f3d58f) C:\Windows\system32\DRIVERS\vserial.sys
17:38:51.0358 3916        vserial ( UnsignedFile.Multi.Generic ) - warning
17:38:51.0358 3916        vserial - detected UnsignedFile.Multi.Generic (1)
17:38:51.0405 3916        vsmraid        (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
17:38:51.0420 3916        vsmraid - ok
17:38:51.0498 3916        VSS            (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
17:38:51.0608 3916        VSS - ok
17:38:51.0764 3916        W32Time        (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
17:38:51.0810 3916        W32Time - ok
17:38:51.0951 3916        WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
17:38:52.0044 3916        WacomPen - ok
17:38:52.0122 3916        Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
17:38:52.0169 3916        Wanarp - ok
17:38:52.0185 3916        Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
17:38:52.0216 3916        Wanarpv6 - ok
17:38:52.0310 3916        wcncsvc        (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
17:38:52.0346 3916        wcncsvc - ok
17:38:52.0401 3916        WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
17:38:52.0446 3916        WcsPlugInService - ok
17:38:52.0518 3916        Wd              (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
17:38:52.0549 3916        Wd - ok
17:38:52.0674 3916        Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
17:38:52.0768 3916        Wdf01000 - ok
17:38:52.0846 3916        WdiServiceHost  (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
17:38:52.0908 3916        WdiServiceHost - ok
17:38:52.0908 3916        WdiSystemHost  (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
17:38:52.0948 3916        WdiSystemHost - ok
17:38:53.0033 3916        WebClient      (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
17:38:53.0095 3916        WebClient - ok
17:38:53.0251 3916        Wecsvc          (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
17:38:53.0313 3916        Wecsvc - ok
17:38:53.0469 3916        wercplsupport  (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
17:38:53.0532 3916        wercplsupport - ok
17:38:53.0610 3916        WerSvc          (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
17:38:53.0657 3916        WerSvc - ok
17:38:53.0766 3916        winachsf        (5c7bdcf5864db00323fe2d90fa26a8a2) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
17:38:53.0844 3916        winachsf - ok
17:38:53.0969 3916        WinDefend      (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
17:38:54.0000 3916        WinDefend - ok
17:38:54.0015 3916        WinHttpAutoProxySvc - ok
17:38:54.0203 3916        Winmgmt        (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
17:38:54.0249 3916        Winmgmt - ok
17:38:54.0515 3916        WinRM          (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
17:38:54.0624 3916        WinRM - ok
17:38:54.0749 3916        Wlansvc        (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
17:38:54.0858 3916        Wlansvc - ok
17:38:54.0936 3916        WmiAcpi        (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
17:38:54.0967 3916        WmiAcpi - ok
17:38:55.0092 3916        wmiApSrv        (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
17:38:55.0123 3916        wmiApSrv - ok
17:38:55.0326 3916        WMPNetworkSvc  (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
17:38:55.0396 3916        WMPNetworkSvc - ok
17:38:55.0581 3916        WPCSvc          (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
17:38:55.0628 3916        WPCSvc - ok
17:38:55.0784 3916        WPDBusEnum      (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
17:38:55.0846 3916        WPDBusEnum - ok
17:38:55.0995 3916        WpdUsb          (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
17:38:56.0020 3916        WpdUsb - ok
17:38:56.0292 3916        WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
17:38:56.0339 3916        WPFFontCache_v0400 - ok
17:38:56.0417 3916        ws2ifsl        (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
17:38:56.0463 3916        ws2ifsl - ok
17:38:56.0495 3916        wscsvc          (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\System32\wscsvc.dll
17:38:56.0526 3916        wscsvc - ok
17:38:56.0557 3916        WSearch - ok
17:38:56.0853 3916        wuauserv        (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
17:38:57.0056 3916        wuauserv - ok
17:38:57.0228 3916        WudfPf          (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
17:38:57.0259 3916        WudfPf - ok
17:38:57.0446 3916        WUDFRd          (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
17:38:57.0493 3916        WUDFRd - ok
17:38:57.0633 3916        wudfsvc        (2c0206ff8d2c75ac027d1096fa2fafda) C:\Windows\System32\WUDFSvc.dll
17:38:57.0680 3916        wudfsvc - ok
17:38:57.0805 3916        {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054} (556b5cfe8d21b256add7f87d7f4b4123) c:\Program Files\CyberLink\PowerDVD8\000.fcl
17:38:57.0821 3916        {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054} - ok
17:38:57.0836 3916        MBR (0x1B8)    (beedf9b7f43a72a91456f7131afc11b2) \Device\Harddisk0\DR0
17:39:00.0112 3916        \Device\Harddisk0\DR0 - ok
17:39:00.0143 3916        Boot (0x1200)  (243637fc1b285cffacf78e6aa6ce938e) \Device\Harddisk0\DR0\Partition0
17:39:00.0190 3916        \Device\Harddisk0\DR0\Partition0 - ok
17:39:00.0221 3916        Boot (0x1200)  (bfc8e88389a995a75790fa68c504c8fb) \Device\Harddisk0\DR0\Partition1
17:39:00.0252 3916        \Device\Harddisk0\DR0\Partition1 - ok
17:39:00.0252 3916        ============================================================
17:39:00.0252 3916        Scan finished
17:39:00.0252 3916        ============================================================
17:39:00.0283 3064        Detected object count: 7
17:39:00.0283 3064        Actual detected object count: 7
17:39:31.0446 3064        CVPNDRVA ( UnsignedFile.Multi.Generic ) - skipped by user
17:39:31.0446 3064        CVPNDRVA ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:39:31.0446 3064        FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
17:39:31.0446 3064        FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:39:31.0446 3064        GPVPNService ( UnsignedFile.Multi.Generic ) - skipped by user
17:39:31.0446 3064        GPVPNService ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:39:31.0446 3064        PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - skipped by user
17:39:31.0446 3064        PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:39:31.0446 3064        ServiceLayer ( UnsignedFile.Multi.Generic ) - skipped by user
17:39:31.0446 3064        ServiceLayer ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:39:31.0461 3064        vsbus ( UnsignedFile.Multi.Generic ) - skipped by user
17:39:31.0461 3064        vsbus ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:39:31.0461 3064        vserial ( UnsignedFile.Multi.Generic ) - skipped by user
17:39:31.0461 3064        vserial ( UnsignedFile.Multi.Generic ) - User select action: Skip

cosinus 03.04.2012 18:39
Ist auch unauffällig. Noch Probleme?


Alle Zeitangaben in WEZ +1. Es ist jetzt 04:20 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55