Hallo liebe Experten,

hab seit gestern ein kleines Problem:
Mein Internet Explorer findet zwar meine Startseite (google), aber wenn ich eine andere Seite aufrufe, muss ich teilweise ewig warten, bzw. die Seiten kommen gar nicht.
Mit dem Firefox klappt alles, bis auf Seiten mit Antivirensoftware. Zum Beispiel auf Dr. Web kann ich auf den Link zum download nicht zugreifen:
Es erscheint die Meldung:

Zitat:

404. That’s an error.

The requested URL /cureit/?lng=de was not found on this server. That’s all we know.

Mein OTL Log:

PHP-Code:

OTL logfile created on: 30.09.2012 12:41:05 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Standart\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,77 Gb Available Physical Memory | 58,88% Memory free
6,20 Gb Paging File | 5,02 Gb Available in Paging File | 81,01% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 99,70 Gb Total Space | 18,59 Gb Free Space | 18,64% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 6,10 Gb Free Space | 60,99% Space Free | Partition Type: NTFS
 
Computer Name: JOSHUA | User Name: Wolfgang | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - C:\Users\Standart\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
 
 
[color=#E56717]========== Modules (No Company Name) ==========[/color]
 
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\00a4922fbf869a79c043b665035516b6\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\d239f585ee55f833dbe21e897e1265ac\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b7de318e9fd1ef519ca6c1f3b5dba8e0\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\a6e37a05b8d0cedbc5c3ea266ae3fc31\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\4230ed1c7990e4ee8352baf67a2a85fa\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\31fab24c51c0cfe8b8115f24545f169f\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\b68bee05c7e518172982cc92059c3315\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\608d29d7cc89f3a9a195c91354561915\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\09bd2126bba2ab4f29ed52afde1470d7\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\9abe44a0f82070ead5f1256683a4d25a\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\a6be120e49f895ef6b00e9918402395b\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\c1af4ec9a36f671617a8ecaec00373f4\mscorlib.ni.dll ()
MOD - C:\Users\Standart\AppData\Local\Temp\8aefdf3f-82dc-462e-be91-2ca1c43911cf\CliSecureRT.dll ()
MOD - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()
 
 
[color=#E56717]========== Services (SafeList) ==========[/color]
 
SRV - (getPlusHelper) -- C:\Program Files\NOS\bin\getPlus_Helper.dll File not found
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (TuneUp.ProgramStatisticsSvc) -- C:\Windows\System32\TUProgSt.exe (TuneUp Software)
SRV - (TuneUp.Defrag) -- C:\Windows\System32\TuneUpDefragService.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - (SBRE) -- C:\Windows\system32\drivers\SBREdrv.sys File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (a4iqq86d) --  File not found
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (ssudmdm) -- C:\Windows\System32\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (dg_ssudbus) -- C:\Windows\System32\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys ()
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys ()
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (NETw4v32) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (acehlp10) -- C:\Windows\System32\drivers\acehlp10.sys (Protect Software GmbH)
DRV - (acedrv10) -- C:\Windows\System32\drivers\ACEDRV10.sys (Protect Software GmbH)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (SigmaTel, Inc.)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (e1express) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (bcm4sbxp) -- C:\Windows\System32\drivers\bcm4sbxp.sys (Broadcom Corporation)
 
 
[color=#E56717]========== Standard Registry (All) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\..\URLSearchHook: {0e3dbc69-a682-48da-84e1-82c63a5d678e} - C:\Program Files\Bigpoint_Games_DE\prxtbBig1.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7DADE
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2438727
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.de/ig/dell?hl=de&client=dell-row&channel=de&ibd=6070426
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://support.euro.dell.com/suppo [Binary data over 200 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.google.de/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\..\URLSearchHook: {0e3dbc69-a682-48da-84e1-82c63a5d678e} - C:\Program Files\Bigpoint_Games_DE\prxtbBig1.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKCU\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+(R),version=1.6.2.91: C:\Program Files\NOS\bin\np_gp.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2010.08.18 17:11:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.08.25 18:24:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.09.30 12:08:46 | 000,000,000 | ---D | M]
 
[2011.07.12 19:36:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011.08.25 18:24:51 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2007.11.18 15:20:48 | 000,000,000 | ---D | M] (AdVantage) -- C:\Program Files\Mozilla Firefox\extensions\{A89AED22-9133-424c-88E7-C8235C5FF302}
[2011.07.10 15:49:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011.08.25 18:24:51 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.07.10 15:48:44 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2007.04.23 02:02:18 | 000,717,312 | ---- | M] (DivX,Inc.) -- C:\Program Files\mozilla firefox\plugins\npdivx32.dll
[2003.07.14 22:56:52 | 000,013,888 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL
[2008.10.14 22:33:30 | 000,095,600 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2009.10.23 15:01:34 | 000,102,400 | ---- | M] (Zylom) -- C:\Program Files\mozilla firefox\plugins\npzylomgamesplayer.dll
[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.01 10:00:00 | 000,002,364 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Bigpoint Games DE Toolbar) - {0e3dbc69-a682-48da-84e1-82c63a5d678e} - C:\Program Files\Bigpoint_Games_DE\prxtbBig1.dll (Conduit Ltd.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Bigpoint Games DE Toolbar) - {0e3dbc69-a682-48da-84e1-82c63a5d678e} - C:\Program Files\Bigpoint_Games_DE\prxtbBig1.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Bigpoint Games DE Toolbar) - {0E3DBC69-A682-48DA-84E1-82C63A5D678E} - C:\Program Files\Bigpoint_Games_DE\prxtbBig1.dll (Conduit Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Wolfgang.Joshua.000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Password Safe.lnk = C:\Program Files\Password Safe\pwsafe.exe (SourceForge.net)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8 - Extra context menu item: Web-Suche - C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\System32\wshbth.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} hxxp://game.zylom.com/activex/zylomgamesplayer.cab (Zylom Games Player)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2FF582BE-CF30-47B1-892B-CFCD9A4900A2}: NameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AA6E897D-42F9-4B33-92E7-8FD5DBE9B426}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\System32\sysdm.cpl (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\System32\browseui.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O27 - HKLM IFEO\apnstub.exe: Debugger - C:\Windows\System32\dllhost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avnotify.exe: Debugger - C:\Windows\System32\dllhost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ipmgui.exe: Debugger - C:\Windows\System32\dllhost.exe (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2012.09.29 09:43:24 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_42.dll
[2012.09.29 09:40:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PX Storage Engine
[2012.09.29 09:40:11 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp
[2012.09.22 12:36:28 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.09.22 12:36:27 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.09.22 12:36:26 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012.09.22 12:36:26 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.09.22 12:36:26 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.09.22 12:36:24 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.09.22 12:36:24 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.09.22 12:36:23 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.09.04 17:00:12 | 000,000,000 | ---D | C] -- C:\Users\Wolfgang.Joshua.000\AppData\Local\NokiaAccount
[6 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2012.09.30 12:40:00 | 000,000,428 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{2AACFABE-3B33-4DAF-B213-B138ADF0F46B}.job
[2012.09.30 12:39:00 | 000,000,424 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{8B064243-A5B6-4219-86F7-5D7CF3E2AFC6}.job
[2012.09.30 12:04:47 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.09.30 12:04:33 | 000,000,522 | ---- | M] () -- C:\Windows\tasks\1-Klick-Wartung.job
[2012.09.30 12:04:26 | 000,003,568 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.30 12:04:26 | 000,003,568 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.30 12:04:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.09.30 12:03:36 | 3217,506,304 | -HS- | M] () -- C:\hiberfil.sys
[2012.09.30 11:48:14 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.09.29 18:40:11 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.09.29 13:09:34 | 000,371,736 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.09.04 17:15:36 | 000,634,650 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.09.04 17:15:35 | 000,674,832 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.09.04 17:15:35 | 000,146,290 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.09.04 17:15:35 | 000,120,214 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[6 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2012.09.02 14:06:52 | 3217,506,304 | -HS- | C] () -- C:\hiberfil.sys
[2012.03.15 18:05:24 | 012,815,642 | ---- | C] () -- C:\Users\Wolfgang.Joshua.000\AppData\Roaming\SMRBackup162.dat
[2011.12.11 16:55:26 | 000,110,080 | ---- | C] () -- C:\Windows\System32\advd.dll
[2011.12.11 16:55:26 | 000,023,040 | ---- | C] () -- C:\Windows\System32\auth.dll
[2011.12.11 16:55:25 | 000,237,568 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2011.11.29 17:38:12 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2011.11.29 17:38:12 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2011.11.29 17:38:12 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2011.11.29 17:38:12 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2011.10.15 13:11:58 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2011.05.28 08:51:39 | 000,027,620 | ---- | C] () -- C:\Users\Wolfgang.Joshua.000\AppData\Roaming\nvModes.001
[2011.05.28 08:46:42 | 000,027,620 | ---- | C] () -- C:\Users\Wolfgang.Joshua.000\AppData\Roaming\nvModes.dat
[2011.05.28 07:42:41 | 000,000,136 | ---- | C] () -- C:\ProgramData\~54057860
[2011.05.28 07:42:37 | 000,000,336 | ---- | C] () -- C:\ProgramData\54057860
[2011.03.13 22:00:49 | 000,000,026 | ---- | C] () -- C:\Windows\NeoSetup.INI
[2010.10.20 18:23:49 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010.10.20 18:21:52 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010.03.28 11:59:57 | 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010.03.28 11:59:57 | 000,000,008 | RHS- | C] () -- C:\ProgramData\CB031D1D89.sys
[2009.12.16 11:23:14 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2009.06.15 19:21:59 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.03.10 23:00:20 | 000,025,182 | ---- | C] () -- C:\Program Files\Manual.htm
[2009.03.10 23:00:20 | 000,017,985 | ---- | C] () -- C:\Program Files\FAQ.htm
[2008.08.11 20:07:06 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2007.06.09 19:10:20 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html
 
[color=#E56717]========== ZeroAccess Check ==========[/color]
 
[2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.10 23:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.10 23:28:26 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[color=#E56717]========== Alternate Data Streams ==========[/color]
 
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:9AB56A06

< End of report > 


Ich bitte um Hilfe...

Liebe Grüße

Wolfgang

Zitat:

Boot Mode: SafeMode with Networking |

Wenn dieser Modus funktioniert, kannst du erstmal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! NICHTS voreilig aus der Quarantäne entfernen!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

• Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
• Lade und starte Eset Online Scanner
• Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
• Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
• Klicke auf Starten.
• Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
• Klicke am Ende des Suchlaufs auf Fertig stellen.
• Schließe das Fenster von ESET.
• Explorer öffnen.
• C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
• Logfile hier posten.
• Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
• Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code: Alles auswählenAufklappen

ATTFilter

 hier steht das Log
         

OK, hab hoffentlich alles so gemacht wie vorgegeben.
Hier ersteinmal die log files von Malware:

Code: Alles auswählenAufklappen

ATTFilter

 Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.10.02.03

Windows Vista Service Pack 2 x86 NTFS (Safe Mode/Networking)
Internet Explorer 9.0.8112.16421
Standart :: JOSHUA [limited]

02.10.2012 09:52:46
mbam-log-2012-10-02 (11-39-56).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 399740
Time elapsed: 1 hour(s), 29 minute(s), 34 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 2
HKCU\SOFTWARE\AdVantage (Adware.Vomba) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avnotify.exe (Security.Hijack) -> No action taken.

Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|4E3E0230AEBB4E96 (Trojan.SpyEyes) -> Data: C:\Recycle.Bin\Recycle.Bin.exe -> No action taken.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\Standart\AppData\Local\Temp\tmpad904501\monilku.exe (Trojan.Ransom) -> No action taken.

(end)
         

und

Code: Alles auswählenAufklappen

ATTFilter

 Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.10.02.03

Windows Vista Service Pack 2 x86 NTFS (Safe Mode/Networking)
Internet Explorer 9.0.8112.16421
Standart :: JOSHUA [limited]

02.10.2012 09:52:46
mbam-log-2012-10-02 (09-52-46).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 399740
Time elapsed: 1 hour(s), 29 minute(s), 34 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 2
HKCU\SOFTWARE\AdVantage (Adware.Vomba) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avnotify.exe (Security.Hijack) -> Delete on reboot.

Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|4E3E0230AEBB4E96 (Trojan.SpyEyes) -> Data: C:\Recycle.Bin\Recycle.Bin.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\Standart\AppData\Local\Temp\tmpad904501\monilku.exe (Trojan.Ransom) -> Quarantined and deleted successfully.

(end)
         

sowie das log von Eset:

Code: Alles auswählenAufklappen

ATTFilter

 ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=b447be856ccb614c84574a53acd67e1a
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-10-02 01:28:44
# local_time=2012-10-02 03:28:44 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 135449797 135449797 0 0
# compatibility_mode=1792 16777215 100 0 9759941 9759941 0 0
# compatibility_mode=5892 16776574 100 100 9833991 186705499 0 0
# compatibility_mode=8192 67108863 100 0 174 174 0 0
# scanned=199507
# found=2
# cleaned=0
# scan_time=11753
C:\Users\Standart\AppData\Roaming\Mozilla\Firefox\Profiles\i09ap2f7.default\user.js	JS/SecurityDisabler.A.Gen application (unable to clean)	00000000000000000000000000000000	I
C:\Users\Standart\AppData\Roaming\Vouvr\casys.exe	Win32/Spy.Zbot.AAO trojan (unable to clean)	00000000000000000000000000000000	I
         

Vielen Dank

Wolfgang

Code: Alles auswählenAufklappen

ATTFilter

Standart :: JOSHUA [limited]
         

Wieso denn limitiert? Hast du keine Adminrechte?

Zitat:

Keine Aktion durchgeführt.
-> No action taken.

Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! Bitte nachholen falls noch nicht getan!

NICHTS voreilig aus der Quarantäne löschen!

Doch ich bin als Admin angemeldet gewesen. Keine Ahnung warum hier limitiert steht.

Ich ab nach dem Scan mit Malware die Anweisungen vom Programm befolgt, deswegen der 2. log-Auszug. Das 1. log ist vor dem booten und das 2. war nach dem booten dann auch da...?

Zitat:

-> Quarantined and deleted successfully.

(end)

Der Rechner verhält sich immer noch wie zuvor. Ich komme auf keine Antivirenseite, es sei denn ich boote mit "safemode with networking". Dann hab ich Zugang zu den Antivirenseiten bzw. kann mir etwas downloaden (z.b. Malware)

adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!

• Starte die adwcleaner.exe mit einem Doppelklick.
• Klicke auf Suche.
• Nach Ende des Suchlaufs öffnet sich eine Textdatei.
• Poste mir den Inhalt mit deiner nächsten Antwort.
• Die Logdatei findest du auch unter C:\AdwCleaner[Rx].txt. (x=fortlaufende Nummer)

Nachfolgend der Inhalt der Textdatei:

Code: Alles auswählenAufklappen

ATTFilter

# AdwCleaner v2.003 - Datei am 10/03/2012 um 20:24:33 erstellt
# Aktualisiert am 23/09/2012 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzer : Wolfgang - JOSHUA
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Standart\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gefunden : C:\Program Files\Bigpoint_Games_DE
Ordner Gefunden : C:\Program Files\Conduit
Ordner Gefunden : C:\Program Files\SweetIM
Ordner Gefunden : C:\ProgramData\Trymedia

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Bigpoint_Games_DE
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0E3DBC69-A682-48DA-84E1-82C63A5D678E}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0E3DBC69-A682-48DA-84E1-82C63A5D678E}
Schlüssel Gefunden : HKCU\Software\SweetIm
Schlüssel Gefunden : HKLM\Software\Bigpoint_Games_DE
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{69E0089F-28BC-4BB5-862B-E2B07C3B83C6}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\TR.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{05AF3849-AE45-4608-8349-258AA9B1E421}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{0E3DBC69-A682-48DA-84E1-82C63A5D678E}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{602D9049-B4AC-4A25-BF75-A9B54D747CBA}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Conduit.Engine
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{862DEF42-89AA-49FA-AE1F-8A84B1B08A17}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT2438727
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT2843456
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TR.TRFactory
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TR.TRFactory.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gefunden : HKLM\Software\Conduit
Schlüssel Gefunden : HKLM\Software\GamesBarSetup
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1B5011B6-A6BB-4F4B-AA46-C387DC3EF613}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F51E51FC-F214-465E-AAFA-F2F59D609A2E}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E3DBC69-A682-48DA-84E1-82C63A5D678E}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{05AF3849-AE45-4608-8349-258AA9B1E421}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Bigpoint_Games_DE Toolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Software
Schlüssel Gefunden : HKLM\Software\SweetIm
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{0E3DBC69-A682-48DA-84E1-82C63A5D678E}]
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{0E3DBC69-A682-48DA-84E1-82C63A5D678E}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{0E3DBC69-A682-48DA-84E1-82C63A5D678E}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{0E3DBC69-A682-48DA-84E1-82C63A5D678E}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v6.0 (de)

*************************

AdwCleaner[R1].txt - [3822 octets] - [03/10/2012 20:24:33]

########## EOF - \AdwCleaner[R1].txt - [3882 octets] ##########
         

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

• Schließe alle offenen Programme und Browser.
• Starte die adwcleaner.exe mit einem Doppelklick.
• Klicke auf Löschen.
• Bestätige jeweils mit Ok.
• Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
• Poste mir den Inhalt mit deiner nächsten Antwort.
• Die Logdatei findest du auch unter C:\AdwCleaner[Sx].txt. (x=fortlaufende Nummer)

So, gemacht, nachfolgend der Inhalt der Datei....

Code: Alles auswählenAufklappen

ATTFilter

# AdwCleaner v2.003 - Datei am 10/04/2012 um 17:48:54 erstellt
# Aktualisiert am 23/09/2012 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzer : Wolfgang - JOSHUA
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Standart\Desktop\Antivirus\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gelöscht : C:\Program Files\Bigpoint_Games_DE
Ordner Gelöscht : C:\Program Files\Conduit
Ordner Gelöscht : C:\Program Files\SweetIM
Ordner Gelöscht : C:\ProgramData\Trymedia

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Bigpoint_Games_DE
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0E3DBC69-A682-48DA-84E1-82C63A5D678E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0E3DBC69-A682-48DA-84E1-82C63A5D678E}
Schlüssel Gelöscht : HKCU\Software\SweetIm
Schlüssel Gelöscht : HKLM\Software\Bigpoint_Games_DE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{69E0089F-28BC-4BB5-862B-E2B07C3B83C6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\TR.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{05AF3849-AE45-4608-8349-258AA9B1E421}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{0E3DBC69-A682-48DA-84E1-82C63A5D678E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{602D9049-B4AC-4A25-BF75-A9B54D747CBA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Conduit.Engine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{862DEF42-89AA-49FA-AE1F-8A84B1B08A17}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2438727
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2843456
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TR.TRFactory
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TR.TRFactory.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\GamesBarSetup
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1B5011B6-A6BB-4F4B-AA46-C387DC3EF613}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F51E51FC-F214-465E-AAFA-F2F59D609A2E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E3DBC69-A682-48DA-84E1-82C63A5D678E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{05AF3849-AE45-4608-8349-258AA9B1E421}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Bigpoint_Games_DE Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Software
Schlüssel Gelöscht : HKLM\Software\SweetIm
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{0E3DBC69-A682-48DA-84E1-82C63A5D678E}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{0E3DBC69-A682-48DA-84E1-82C63A5D678E}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{0E3DBC69-A682-48DA-84E1-82C63A5D678E}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{0E3DBC69-A682-48DA-84E1-82C63A5D678E}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

Wiederhergestellt : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-21-2220789123-478904379-3072460713-1001\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\\ Mozilla Firefox v6.0 (de)

*************************

AdwCleaner[S1].txt - [4415 octets] - [04/10/2012 17:48:54]
AdwCleaner[R2].txt - [4019 octets] - [04/10/2012 17:48:38]
AdwCleaner[R1].txt - [3949 octets] - [03/10/2012 20:24:33]

########## EOF - \AdwCleaner[S1].txt - [4595 octets] ##########
         

Situation ist unverändert, kein Zugang zu Antiviren SW und I-Net Explorer hängt sich auf...

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code: Alles auswählenAufklappen

ATTFilter

 hier steht das Log
         

CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.

• Starte bitte die OTL.exe.
  Vista und Win7 User mit Rechtsklick "als Administrator starten"
• Setze oben mittig den Haken bei Scanne alle Benutzer
• Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code: Alles auswählenAufklappen

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         

• Schliesse bitte nun alle Programme. (Wichtig)
• Klicke nun bitte auf den Quick Scan Button.
• Klick auf .
• Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

OK, hier das OTL log vor dem custom scan:

Code: Alles auswählenAufklappen

ATTFilter

OTL logfile created on: 04.10.2012 21:00:04 - Run 4
OTL by OldTimer - Version 3.2.70.2     Folder = C:\Users\Standart\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,88 Gb Available Physical Memory | 62,67% Memory free
6,20 Gb Paging File | 5,04 Gb Available in Paging File | 81,41% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 99,70 Gb Total Space | 17,92 Gb Free Space | 17,97% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 6,10 Gb Free Space | 60,99% Space Free | Partition Type: NTFS
 
Computer Name: JOSHUA | User Name: Wolfgang | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Standart\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\00a4922fbf869a79c043b665035516b6\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\d239f585ee55f833dbe21e897e1265ac\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b7de318e9fd1ef519ca6c1f3b5dba8e0\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\a6e37a05b8d0cedbc5c3ea266ae3fc31\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\4230ed1c7990e4ee8352baf67a2a85fa\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\31fab24c51c0cfe8b8115f24545f169f\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\b68bee05c7e518172982cc92059c3315\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\608d29d7cc89f3a9a195c91354561915\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\09bd2126bba2ab4f29ed52afde1470d7\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\9abe44a0f82070ead5f1256683a4d25a\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\a6be120e49f895ef6b00e9918402395b\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\c1af4ec9a36f671617a8ecaec00373f4\mscorlib.ni.dll ()
MOD - C:\Users\Standart\AppData\Local\Temp\8aefdf3f-82dc-462e-be91-2ca1c43911cf\CliSecureRT.dll ()
MOD - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (getPlusHelper) -- C:\Program Files\NOS\bin\getPlus_Helper.dll File not found
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (TuneUp.ProgramStatisticsSvc) -- C:\Windows\System32\TUProgSt.exe (TuneUp Software)
SRV - (TuneUp.Defrag) -- C:\Windows\System32\TuneUpDefragService.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (SBRE) -- C:\Windows\system32\drivers\SBREdrv.sys File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (asc6lyzf) --  File not found
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (ssudmdm) -- C:\Windows\System32\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (dg_ssudbus) -- C:\Windows\System32\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys ()
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys ()
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (NETw4v32) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (acehlp10) -- C:\Windows\System32\drivers\acehlp10.sys (Protect Software GmbH)
DRV - (acedrv10) -- C:\Windows\System32\drivers\ACEDRV10.sys (Protect Software GmbH)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (SigmaTel, Inc.)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (e1express) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (bcm4sbxp) -- C:\Windows\System32\drivers\bcm4sbxp.sys (Broadcom Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7DADE
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.de/ig/dell?hl=de&client=dell-row&channel=de&ibd=6070426
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://support.euro.dell.com/suppo [Binary data over 200 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.google.de/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+(R),version=1.6.2.91: C:\Program Files\NOS\bin\np_gp.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.08.25 18:24:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.09.30 12:08:46 | 000,000,000 | ---D | M]
 
[2012.10.02 12:02:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wolfgang.Joshua.000\AppData\Roaming\mozilla\Extensions
[2011.07.12 19:36:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2007.11.18 15:20:48 | 000,000,000 | ---D | M] (AdVantage) -- C:\Program Files\Mozilla Firefox\extensions\{A89AED22-9133-424c-88E7-C8235C5FF302}
[2011.07.10 15:49:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2010.08.18 17:11:20 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011.08.25 18:24:51 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.07.10 15:48:44 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009.10.23 15:01:34 | 000,102,400 | ---- | M] (Zylom) -- C:\Program Files\mozilla firefox\plugins\npzylomgamesplayer.dll
[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\RunOnce: [Report] \AdwCleaner[S1].txt ()
O4 - Startup: C:\Users\Wolfgang.Joshua.000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Password Safe.lnk = C:\Program Files\Password Safe\pwsafe.exe (SourceForge.net)
O8 - Extra context menu item: Web-Suche - C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Unable to open value key)
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} hxxp://game.zylom.com/activex/zylomgamesplayer.cab (Zylom Games Player)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Unable to open value key)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2FF582BE-CF30-47B1-892B-CFCD9A4900A2}: NameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AA6E897D-42F9-4B33-92E7-8FD5DBE9B426}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O27 - HKLM IFEO\apnstub.exe: Debugger - C:\Windows\System32\dllhost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avnotify.exe: Debugger - C:\Windows\System32\dllhost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ipmgui.exe: Debugger - C:\Windows\System32\dllhost.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.10.02 12:09:57 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.10.02 12:05:01 | 000,000,000 | ---D | C] -- C:\Users\Wolfgang.Joshua.000\AppData\Roaming\Avira
[2012.10.02 12:02:14 | 000,000,000 | ---D | C] -- C:\Users\Wolfgang.Joshua.000\AppData\Local\Mozilla
[2012.10.02 12:01:18 | 000,000,000 | ---D | C] -- C:\Users\Wolfgang.Joshua.000\AppData\Local\PasswordSafe
[2012.10.02 11:57:21 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Wolfgang.Joshua.000\Desktop\esetsmartinstaller_enu.exe
[2012.09.29 09:43:24 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_42.dll
[2012.09.29 09:40:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PX Storage Engine
[2012.09.29 09:40:11 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp
[2012.09.22 12:36:28 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.09.22 12:36:27 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.09.22 12:36:26 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012.09.22 12:36:26 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.09.22 12:36:26 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.09.22 12:36:24 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.09.22 12:36:24 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.09.22 12:36:23 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[6 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.10.04 21:00:00 | 000,000,522 | ---- | M] () -- C:\Windows\tasks\1-Klick-Wartung.job
[2012.10.04 21:00:00 | 000,000,428 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{2AACFABE-3B33-4DAF-B213-B138ADF0F46B}.job
[2012.10.04 20:59:00 | 000,000,424 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{8B064243-A5B6-4219-86F7-5D7CF3E2AFC6}.job
[2012.10.04 20:48:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.10.04 20:48:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.10.04 20:05:46 | 000,003,568 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.04 20:05:46 | 000,003,568 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.04 20:05:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.04 20:05:31 | 3217,539,072 | -HS- | M] () -- C:\hiberfil.sys
[2012.10.04 18:43:21 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.10.02 15:42:05 | 000,027,620 | ---- | M] () -- C:\Users\Wolfgang.Joshua.000\AppData\Roaming\nvModes.001
[2012.10.02 13:28:50 | 000,027,620 | ---- | M] () -- C:\Users\Wolfgang.Joshua.000\AppData\Roaming\nvModes.dat
[2012.10.02 11:57:22 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Wolfgang.Joshua.000\Desktop\esetsmartinstaller_enu.exe
[2012.09.29 13:09:34 | 000,371,736 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[6 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.10.02 11:59:00 | 3217,539,072 | -HS- | C] () -- C:\hiberfil.sys
[2012.03.15 18:05:24 | 012,815,642 | ---- | C] () -- C:\Users\Wolfgang.Joshua.000\AppData\Roaming\SMRBackup162.dat
[2011.12.11 16:55:26 | 000,110,080 | ---- | C] () -- C:\Windows\System32\advd.dll
[2011.12.11 16:55:26 | 000,023,040 | ---- | C] () -- C:\Windows\System32\auth.dll
[2011.12.11 16:55:25 | 000,237,568 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2011.11.29 17:38:12 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2011.11.29 17:38:12 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2011.11.29 17:38:12 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2011.11.29 17:38:12 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2011.10.15 13:11:58 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2011.05.28 08:51:39 | 000,027,620 | ---- | C] () -- C:\Users\Wolfgang.Joshua.000\AppData\Roaming\nvModes.001
[2011.05.28 08:46:42 | 000,027,620 | ---- | C] () -- C:\Users\Wolfgang.Joshua.000\AppData\Roaming\nvModes.dat
[2011.05.28 07:42:41 | 000,000,136 | ---- | C] () -- C:\ProgramData\~54057860
[2011.05.28 07:42:37 | 000,000,336 | ---- | C] () -- C:\ProgramData\54057860
[2011.03.13 22:00:49 | 000,000,026 | ---- | C] () -- C:\Windows\NeoSetup.INI
[2010.10.20 18:23:49 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010.10.20 18:21:52 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010.03.28 11:59:57 | 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010.03.28 11:59:57 | 000,000,008 | RHS- | C] () -- C:\ProgramData\CB031D1D89.sys
[2009.12.16 11:23:14 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2009.06.15 19:21:59 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.03.10 23:00:20 | 000,025,182 | ---- | C] () -- C:\Program Files\Manual.htm
[2009.03.10 23:00:20 | 000,017,985 | ---- | C] () -- C:\Program Files\FAQ.htm
[2008.08.11 20:07:06 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2007.06.09 19:10:20 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html
 
========== ZeroAccess Check ==========
 
[2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.10 23:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.10 23:28:26 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:9AB56A06

< End of report >
         

und nun der custom scan log:

Code: Alles auswählenAufklappen

ATTFilter

OTL logfile created on: 04.10.2012 21:47:35 - Run 5
OTL by OldTimer - Version 3.2.70.2     Folder = C:\Users\Standart\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,72 Gb Available Physical Memory | 57,39% Memory free
6,20 Gb Paging File | 5,12 Gb Available in Paging File | 82,57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 99,70 Gb Total Space | 18,04 Gb Free Space | 18,09% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 6,10 Gb Free Space | 60,99% Space Free | Partition Type: NTFS
 
Computer Name: JOSHUA | User Name: Wolfgang | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Standart\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\00a4922fbf869a79c043b665035516b6\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\d239f585ee55f833dbe21e897e1265ac\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b7de318e9fd1ef519ca6c1f3b5dba8e0\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\a6e37a05b8d0cedbc5c3ea266ae3fc31\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\4230ed1c7990e4ee8352baf67a2a85fa\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\31fab24c51c0cfe8b8115f24545f169f\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\b68bee05c7e518172982cc92059c3315\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\608d29d7cc89f3a9a195c91354561915\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\09bd2126bba2ab4f29ed52afde1470d7\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\9abe44a0f82070ead5f1256683a4d25a\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\a6be120e49f895ef6b00e9918402395b\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\c1af4ec9a36f671617a8ecaec00373f4\mscorlib.ni.dll ()
MOD - C:\Users\Standart\AppData\Local\Temp\8aefdf3f-82dc-462e-be91-2ca1c43911cf\CliSecureRT.dll ()
MOD - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (getPlusHelper) -- C:\Program Files\NOS\bin\getPlus_Helper.dll File not found
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (TuneUp.ProgramStatisticsSvc) -- C:\Windows\System32\TUProgSt.exe (TuneUp Software)
SRV - (TuneUp.Defrag) -- C:\Windows\System32\TuneUpDefragService.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (SBRE) -- C:\Windows\system32\drivers\SBREdrv.sys File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (asc6lyzf) --  File not found
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (ssudmdm) -- C:\Windows\System32\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (dg_ssudbus) -- C:\Windows\System32\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys ()
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys ()
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (NETw4v32) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (acehlp10) -- C:\Windows\System32\drivers\acehlp10.sys (Protect Software GmbH)
DRV - (acedrv10) -- C:\Windows\System32\drivers\ACEDRV10.sys (Protect Software GmbH)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (SigmaTel, Inc.)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (e1express) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (bcm4sbxp) -- C:\Windows\System32\drivers\bcm4sbxp.sys (Broadcom Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7DADE
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-2220789123-478904379-3072460713-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.de/ig/dell?hl=de&client=dell-row&channel=de&ibd=6070426
IE - HKU\S-1-5-21-2220789123-478904379-3072460713-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://support.euro.dell.com/suppo [Binary data over 200 bytes]
IE - HKU\S-1-5-21-2220789123-478904379-3072460713-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.google.de/ [binary data]
IE - HKU\S-1-5-21-2220789123-478904379-3072460713-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-2220789123-478904379-3072460713-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2220789123-478904379-3072460713-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-2220789123-478904379-3072460713-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.google.de/ [binary data]
IE - HKU\S-1-5-21-2220789123-478904379-3072460713-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-2220789123-478904379-3072460713-1001\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2220789123-478904379-3072460713-1001\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-2220789123-478904379-3072460713-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2220789123-478904379-3072460713-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7DADE
IE - HKU\S-1-5-21-2220789123-478904379-3072460713-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+(R),version=1.6.2.91: C:\Program Files\NOS\bin\np_gp.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.08.25 18:24:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.09.30 12:08:46 | 000,000,000 | ---D | M]
 
[2012.10.02 12:02:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wolfgang.Joshua.000\AppData\Roaming\mozilla\Extensions
[2011.07.12 19:36:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2007.11.18 15:20:48 | 000,000,000 | ---D | M] (AdVantage) -- C:\Program Files\Mozilla Firefox\extensions\{A89AED22-9133-424c-88E7-C8235C5FF302}
[2011.07.10 15:49:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2010.08.18 17:11:20 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011.08.25 18:24:51 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.07.10 15:48:44 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009.10.23 15:01:34 | 000,102,400 | ---- | M] (Zylom) -- C:\Program Files\mozilla firefox\plugins\npzylomgamesplayer.dll
[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-2220789123-478904379-3072460713-1001\..\Toolbar\WebBrowser: (no name) - {0E3DBC69-A682-48DA-84E1-82C63A5D678E} - No CLSID value found.
O3 - HKU\S-1-5-21-2220789123-478904379-3072460713-1001\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-2220789123-478904379-3072460713-1001\..\Toolbar\WebBrowser: (no name) - {266FCDCA-7BB3-4DA7-B3BF-F845DEA2EBD6} - No CLSID value found.
O3 - HKU\S-1-5-21-2220789123-478904379-3072460713-1001\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKU\S-1-5-21-2220789123-478904379-3072460713-1001\..\Toolbar\WebBrowser: (no name) - {7B13EC3E-999A-4B70-B9CB-2617B8323822} - No CLSID value found.
O3 - HKU\S-1-5-21-2220789123-478904379-3072460713-1001\..\Toolbar\WebBrowser: (no name) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2220789123-478904379-3072460713-1001..\Run: [Atsyt] C:\Users\Standart\AppData\Roaming\Vouvr\casys.exe ()
O4 - HKU\S-1-5-21-2220789123-478904379-3072460713-1001..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup File not found
O4 - HKU\S-1-5-21-2220789123-478904379-3072460713-1001..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKU\S-1-5-21-2220789123-478904379-3072460713-1001..\Run: [PhonostarAgent] C:\Program Files\phonostar\ps_agent.exe File not found
O4 - HKU\S-1-5-21-2220789123-478904379-3072460713-1001..\Run: [rQcDdQaEEBwu] C:\ProgramData\rQcDdQaEEBwu.exe File not found
O4 - HKU\S-1-5-21-2220789123-478904379-3072460713-1001..\Run: [Spotify] "C:\Users\Standart\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart File not found
O4 - HKU\S-1-5-21-2220789123-478904379-3072460713-1001..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 File not found
O4 - HKU\S-1-5-21-2220789123-478904379-3072460713-1000..\RunOnce: [Report] \AdwCleaner[S1].txt ()
O4 - Startup: C:\Users\Wolfgang.Joshua.000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Password Safe.lnk = C:\Program Files\Password Safe\pwsafe.exe (SourceForge.net)
O8 - Extra context menu item: Web-Suche - C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Unable to open value key)
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} hxxp://game.zylom.com/activex/zylomgamesplayer.cab (Zylom Games Player)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Unable to open value key)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2FF582BE-CF30-47B1-892B-CFCD9A4900A2}: NameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AA6E897D-42F9-4B33-92E7-8FD5DBE9B426}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O27 - HKLM IFEO\apnstub.exe: Debugger - C:\Windows\System32\dllhost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avnotify.exe: Debugger - C:\Windows\System32\dllhost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ipmgui.exe: Debugger - C:\Windows\System32\dllhost.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software)
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe - (Avanquest Software )
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Printkey2000.lnk - C:\Program Files\PrintKey2000\Printkey2000.exe - (Fred's Software)
MsConfig - StartUpFolder: C:^Users^Wolfgang^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^BUFFALO NAS Navigator.lnk - C:\Program Files\BUFFALO\NASNAVI\NasNavi.exe - (BUFFALO INC.)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: AnyDVD - hkey= - key= -  File not found
MsConfig - StartUpReg: DAEMON Tools - hkey= - key= - C:\Program Files\DAEMON Tools\daemon.exe (DT Soft Ltd.)
MsConfig - StartUpReg: Google Desktop Search - hkey= - key= -  File not found
MsConfig - StartUpReg: KiesHelper - hkey= - key= - C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung)
MsConfig - StartUpReg: KiesTrayAgent - hkey= - key= - C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
MsConfig - StartUpReg: NokiaMServer - hkey= - key= -  File not found
MsConfig - StartUpReg: NokiaMusic FastStart - hkey= - key= -  File not found
MsConfig - StartUpReg: NokiaOviSuite2 - hkey= - key= -  File not found
MsConfig - StartUpReg: PC Suite Tray - hkey= - key= -  File not found
MsConfig - StartUpReg: RoxWatchTray - hkey= - key= - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
MsConfig - StartUpReg: Skype - hkey= - key= - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 2
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {1897C549-AE52-4571-8996-44854F5612B2} - Microsoft .NET Framework 1.1 Security Update (KB2656370)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.4
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.4
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.XVID - C:\Windows\System32\xvidvfw.dll ()
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.10.02 12:09:57 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.10.02 12:05:01 | 000,000,000 | ---D | C] -- C:\Users\Wolfgang.Joshua.000\AppData\Roaming\Avira
[2012.10.02 12:02:14 | 000,000,000 | ---D | C] -- C:\Users\Wolfgang.Joshua.000\AppData\Local\Mozilla
[2012.10.02 12:01:18 | 000,000,000 | ---D | C] -- C:\Users\Wolfgang.Joshua.000\AppData\Local\PasswordSafe
[2012.10.02 11:57:21 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Wolfgang.Joshua.000\Desktop\esetsmartinstaller_enu.exe
[2012.09.29 09:40:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PX Storage Engine
[2012.09.29 09:40:11 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp
[6 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.10.04 21:50:00 | 000,000,428 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{2AACFABE-3B33-4DAF-B213-B138ADF0F46B}.job
[2012.10.04 21:49:00 | 000,000,424 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{8B064243-A5B6-4219-86F7-5D7CF3E2AFC6}.job
[2012.10.04 21:48:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.10.04 21:00:00 | 000,000,522 | ---- | M] () -- C:\Windows\tasks\1-Klick-Wartung.job
[2012.10.04 20:48:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.10.04 20:05:46 | 000,003,568 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.04 20:05:46 | 000,003,568 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.04 20:05:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.04 20:05:31 | 3217,539,072 | -HS- | M] () -- C:\hiberfil.sys
[2012.10.04 18:43:21 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.10.02 15:42:05 | 000,027,620 | ---- | M] () -- C:\Users\Wolfgang.Joshua.000\AppData\Roaming\nvModes.001
[2012.10.02 13:28:50 | 000,027,620 | ---- | M] () -- C:\Users\Wolfgang.Joshua.000\AppData\Roaming\nvModes.dat
[2012.10.02 11:57:22 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Wolfgang.Joshua.000\Desktop\esetsmartinstaller_enu.exe
[2012.09.29 13:09:34 | 000,371,736 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[6 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.10.02 11:59:00 | 3217,539,072 | -HS- | C] () -- C:\hiberfil.sys
[2012.03.15 18:05:24 | 012,815,642 | ---- | C] () -- C:\Users\Wolfgang.Joshua.000\AppData\Roaming\SMRBackup162.dat
[2011.12.11 16:55:26 | 000,110,080 | ---- | C] () -- C:\Windows\System32\advd.dll
[2011.12.11 16:55:26 | 000,023,040 | ---- | C] () -- C:\Windows\System32\auth.dll
[2011.12.11 16:55:25 | 000,237,568 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2011.11.29 17:38:12 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2011.11.29 17:38:12 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2011.11.29 17:38:12 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2011.11.29 17:38:12 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2011.10.15 13:11:58 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2011.05.28 08:51:39 | 000,027,620 | ---- | C] () -- C:\Users\Wolfgang.Joshua.000\AppData\Roaming\nvModes.001
[2011.05.28 08:46:42 | 000,027,620 | ---- | C] () -- C:\Users\Wolfgang.Joshua.000\AppData\Roaming\nvModes.dat
[2011.05.28 07:42:41 | 000,000,136 | ---- | C] () -- C:\ProgramData\~54057860
[2011.05.28 07:42:37 | 000,000,336 | ---- | C] () -- C:\ProgramData\54057860
[2011.03.13 22:00:49 | 000,000,026 | ---- | C] () -- C:\Windows\NeoSetup.INI
[2010.10.20 18:23:49 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010.10.20 18:21:52 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010.03.28 11:59:57 | 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010.03.28 11:59:57 | 000,000,008 | RHS- | C] () -- C:\ProgramData\CB031D1D89.sys
[2009.12.16 11:23:14 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2009.06.15 19:21:59 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.03.10 23:00:20 | 000,025,182 | ---- | C] () -- C:\Program Files\Manual.htm
[2009.03.10 23:00:20 | 000,017,985 | ---- | C] () -- C:\Program Files\FAQ.htm
[2008.08.11 20:07:06 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2007.06.09 19:10:20 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html
 
========== ZeroAccess Check ==========
 
[2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.10 23:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.10 23:28:26 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2010.10.11 22:15:22 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.10.11 22:15:22 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.12.20 20:02:28 | 000,000,000 | ---D | M] -- C:\Users\Standart\AppData\Roaming\Agnitum
[2008.10.09 21:11:00 | 000,000,000 | ---D | M] -- C:\Users\Standart\AppData\Roaming\AmuletAdventure
[2008.12.26 15:35:56 | 000,000,000 | ---D | M] -- C:\Users\Standart\AppData\Roaming\Ashampoo
[2008.07.25 18:13:47 | 000,000,000 | ---D | M] -- C:\Users\Standart\AppData\Roaming\cerasus.media
[2011.12.12 18:48:00 | 000,000,000 | ---D | M] -- C:\Users\Standart\AppData\Roaming\concept design
[2011.03.19 15:55:56 | 000,000,000 | ---D | M] -- C:\Users\Standart\AppData\Roaming\EasySuite
[2011.12.12 18:48:00 | 000,000,000 | ---D | M] -- C:\Users\Standart\AppData\Roaming\Franzis
[2011.01.24 22:33:11 | 000,000,000 | ---D | M] -- C:\Users\Standart\AppData\Roaming\Meridian93
[2009.01.08 19:51:11 | 000,000,000 | ---D | M] -- C:\Users\Standart\AppData\Roaming\MyPhoneExplorer
[2012.09.29 16:45:33 | 000,000,000 | ---D | M] -- C:\Users\Standart\AppData\Roaming\Niomd
[2010.03.25 08:32:01 | 000,000,000 | ---D | M] -- C:\Users\Standart\AppData\Roaming\Nokia
[2010.03.13 12:52:43 | 000,000,000 | ---D | M] -- C:\Users\Standart\AppData\Roaming\Nokia Ovi Suite
[2011.12.25 21:12:36 | 000,000,000 | ---D | M] -- C:\Users\Standart\AppData\Roaming\Nokia Suite
[2011.07.23 20:48:17 | 000,000,000 | ---D | M] -- C:\Users\Standart\AppData\Roaming\PC Suite
[2008.05.04 17:02:19 | 000,000,000 | ---D | M] -- C:\Users\Standart\AppData\Roaming\PeerNetworking
[2011.12.31 13:52:21 | 000,000,000 | ---D | M] -- C:\Users\Standart\AppData\Roaming\PersBackup5
[2012.09.29 10:09:19 | 000,000,000 | ---D | M] -- C:\Users\Standart\AppData\Roaming\phonostar GmbH
[2007.08.15 17:36:14 | 000,000,000 | ---D | M] -- C:\Users\Standart\AppData\Roaming\phonostar-Player
[2007.12.02 20:11:26 | 000,000,000 | ---D | M] -- C:\Users\Standart\AppData\Roaming\pokerth
[2007.09.09 08:04:14 | 000,000,000 | ---D | M] -- C:\Users\Standart\AppData\Roaming\Qlikworld
[2012.02.28 21:28:33 | 000,000,000 | ---D | M] -- C:\Users\Standart\AppData\Roaming\RavensburgerTipToi
[2012.10.04 21:02:29 | 000,000,000 | ---D | M] -- C:\Users\Standart\AppData\Roaming\Refi
[2009.04.04 13:23:06 | 000,000,000 | ---D | M] -- C:\Users\Standart\AppData\Roaming\RobinsonCrusoeBFGDE
[2011.12.26 11:33:03 | 000,000,000 | ---D | M] -- C:\Users\Standart\AppData\Roaming\Samsung
[2009.12.11 10:34:46 | 000,000,000 | ---D | M] -- C:\Users\Standart\AppData\Roaming\ScreenSeven
[2009.12.15 08:29:00 | 000,000,000 | ---D | M] -- C:\Users\Standart\AppData\Roaming\SpeedProject
[2012.09.29 09:47:38 | 000,000,000 | ---D | M] -- C:\Users\Standart\AppData\Roaming\streamripper
[2008.08.08 20:18:19 | 000,000,000 | ---D | M] -- C:\Users\Standart\AppData\Roaming\Teleca
[2011.12.26 14:36:00 | 000,000,000 | ---D | M] -- C:\Users\Standart\AppData\Roaming\temp
[2008.07.15 10:53:03 | 000,000,000 | ---D | M] -- C:\Users\Standart\AppData\Roaming\Template
[2010.03.31 16:37:23 | 000,000,000 | ---D | M] -- C:\Users\Standart\AppData\Roaming\Total Eclipse
[2011.12.03 15:41:20 | 000,000,000 | ---D | M] -- C:\Users\Standart\AppData\Roaming\TuneUp Software
[2012.09.29 16:45:33 | 000,000,000 | ---D | M] -- C:\Users\Standart\AppData\Roaming\Vouvr
[2009.12.21 10:29:12 | 000,000,000 | ---D | M] -- C:\Users\Standart\AppData\Roaming\Vso
[2010.10.11 22:15:22 | 000,000,000 | ---D | M] -- C:\Users\TEMP.Joshua\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.03.18 20:46:49 | 000,000,000 | ---D | M] -- C:\Users\Wolfgang\AppData\Roaming\Nokia
[2010.08.18 16:44:11 | 000,000,000 | ---D | M] -- C:\Users\Wolfgang\AppData\Roaming\PC Suite
[2007.12.20 18:50:01 | 000,000,000 | ---D | M] -- C:\Users\Wolfgang\AppData\Roaming\phonostar-Player
[2008.08.11 20:18:37 | 000,000,000 | ---D | M] -- C:\Users\Wolfgang\AppData\Roaming\Samsung
[2009.12.10 20:48:42 | 000,000,000 | ---D | M] -- C:\Users\Wolfgang\AppData\Roaming\ScreenSeven
[2009.12.15 08:29:54 | 000,000,000 | ---D | M] -- C:\Users\Wolfgang\AppData\Roaming\SpeedProject
[2009.12.06 12:09:35 | 000,000,000 | ---D | M] -- C:\Users\Wolfgang\AppData\Roaming\TuneUp Software
[2010.03.28 11:39:08 | 000,000,000 | ---D | M] -- C:\Users\Wolfgang\AppData\Roaming\Vso
[2010.10.11 22:15:22 | 000,000,000 | ---D | M] -- C:\Users\Wolfgang.Joshua\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.01.24 22:33:14 | 000,000,000 | ---D | M] -- C:\Users\Wolfgang.Joshua\AppData\Roaming\Meridian93
[2010.10.15 09:54:07 | 000,000,000 | ---D | M] -- C:\Users\Wolfgang.Joshua\AppData\Roaming\PC Suite
[2010.10.19 17:32:24 | 000,000,000 | ---D | M] -- C:\Users\Wolfgang.Joshua\AppData\Roaming\SpeedProject
[2010.10.15 09:46:58 | 000,000,000 | ---D | M] -- C:\Users\Wolfgang.Joshua\AppData\Roaming\TuneUp Software
[2012.09.29 09:35:44 | 000,000,000 | ---D | M] -- C:\Users\Wolfgang.Joshua.000\AppData\Roaming\concept design
[2010.10.11 22:15:22 | 000,000,000 | ---D | M] -- C:\Users\Wolfgang.Joshua.000\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.12.11 16:56:10 | 000,000,000 | ---D | M] -- C:\Users\Wolfgang.Joshua.000\AppData\Roaming\Franzis
[2011.12.25 22:44:25 | 000,000,000 | ---D | M] -- C:\Users\Wolfgang.Joshua.000\AppData\Roaming\Nokia
[2012.06.14 16:00:47 | 000,000,000 | ---D | M] -- C:\Users\Wolfgang.Joshua.000\AppData\Roaming\Runscanner.net
[2012.06.21 17:32:11 | 000,000,000 | ---D | M] -- C:\Users\Wolfgang.Joshua.000\AppData\Roaming\SpeedProject
[2011.04.15 19:13:05 | 000,000,000 | ---D | M] -- C:\Users\Wolfgang.Joshua.000\AppData\Roaming\TuneUp Software
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
[2011.12.20 23:37:12 | 000,000,000 | ---D | M] -- C:\ProgramData\Application Data\Agnitum
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.12.11 17:04:08 | 000,000,000 | ---D | M] -- C:\Users\Wolfgang.Joshua.000\AppData\Roaming\Adobe
[2012.10.02 12:05:01 | 000,000,000 | ---D | M] -- C:\Users\Wolfgang.Joshua.000\AppData\Roaming\Avira
[2012.09.29 09:35:44 | 000,000,000 | ---D | M] -- C:\Users\Wolfgang.Joshua.000\AppData\Roaming\concept design
[2010.10.11 22:15:22 | 000,000,000 | ---D | M] -- C:\Users\Wolfgang.Joshua.000\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.12.11 16:56:10 | 000,000,000 | ---D | M] -- C:\Users\Wolfgang.Joshua.000\AppData\Roaming\Franzis
[2011.04.15 19:13:34 | 000,000,000 | ---D | M] -- C:\Users\Wolfgang.Joshua.000\AppData\Roaming\Identities
[2009.06.12 10:06:13 | 000,000,000 | ---D | M] -- C:\Users\Wolfgang.Joshua.000\AppData\Roaming\Macromedia
[2012.04.20 20:08:15 | 000,000,000 | ---D | M] -- C:\Users\Wolfgang.Joshua.000\AppData\Roaming\Malwarebytes
[2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\Wolfgang.Joshua.000\AppData\Roaming\Media Center Programs
[2011.07.10 15:49:15 | 000,000,000 | --SD | M] -- C:\Users\Wolfgang.Joshua.000\AppData\Roaming\Microsoft
[2012.10.02 12:02:22 | 000,000,000 | ---D | M] -- C:\Users\Wolfgang.Joshua.000\AppData\Roaming\Mozilla
[2011.12.25 22:44:25 | 000,000,000 | ---D | M] -- C:\Users\Wolfgang.Joshua.000\AppData\Roaming\Nokia
[2012.06.14 16:00:47 | 000,000,000 | ---D | M] -- C:\Users\Wolfgang.Joshua.000\AppData\Roaming\Runscanner.net
[2012.06.21 17:32:11 | 000,000,000 | ---D | M] -- C:\Users\Wolfgang.Joshua.000\AppData\Roaming\SpeedProject
[2011.04.15 19:13:05 | 000,000,000 | ---D | M] -- C:\Users\Wolfgang.Joshua.000\AppData\Roaming\TuneUp Software
 
< %APPDATA%\*.exe /s >
[2012.06.14 15:49:09 | 000,157,184 | ---- | M] () -- C:\Users\Wolfgang.Joshua.000\AppData\Roaming\Runscanner.net\VirusTotalUpload.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2008.01.19 00:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.19 00:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.19 00:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.19 00:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2007.04.26 22:29:07 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=8B10CE1C1F9F1D47E4DEB1A547A00CD4 -- C:\Windows\System32\drivers\AGP440.sys
[2007.04.26 22:29:07 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=8B10CE1C1F9F1D47E4DEB1A547A00CD4 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_8ed06b47\AGP440.sys
[2007.04.26 22:29:07 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=8B10CE1C1F9F1D47E4DEB1A547A00CD4 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.16400_none_b82caac9c18a4e3b\AGP440.sys
[2007.04.26 22:29:07 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=BF34B4A0E0B64440C5389AA6B902F4AD -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.20496_none_b85af81edaeb8461\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.04.10 23:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.10 23:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.10 23:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.19 00:41:32 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.19 00:41:32 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2007.04.26 22:29:49 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=5653737BAD8C6C10136451C195C19881 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20485_none_db8a029f3dbd443b\atapi.sys
[2007.04.26 22:29:40 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=9E7E85EC61D1C9C3171CC08427108863 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_5a9555b4\atapi.sys
[2007.04.26 22:29:40 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=9E7E85EC61D1C9C3171CC08427108863 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20509_none_dbe4850d3d78c736\atapi.sys
[2007.04.26 22:29:49 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=A779CA2C76DA4FCB595E692C05E8E4EB -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_82339ef2\atapi.sys
[2007.04.26 22:29:49 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=A779CA2C76DA4FCB595E692C05E8E4EB -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16391_none_daf194c024ab5b06\atapi.sys
[2008.03.21 14:13:37 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008.03.21 14:13:37 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008.03.21 14:13:37 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_64dfd8ea\atapi.sys
[2008.03.21 14:13:37 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2008.01.19 00:42:52 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.19 00:42:52 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009.04.10 23:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.10 23:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.19 00:35:38 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.19 00:42:10 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.19 00:42:10 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.19 00:36:20 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009.04.10 23:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.10 23:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2007.05.02 17:19:05 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll
[2007.05.02 17:19:05 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll
[2008.01.19 00:36:48 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2006.11.02 11:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll
[2009.04.10 23:28:26 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2009.04.10 23:28:26 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.19 00:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.19 00:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.19 00:33:38 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.19 00:33:38 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2006.11.02 11:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.09.07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.04.10 23:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.10 23:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008.01.19 00:33:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2006.11.02 10:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys
[2008.01.18 22:56:50 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.18 22:56:50 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2007.11.18 15:16:08 | 000,685,816 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\drivers\sptd.sys
 
< %systemroot%\System32\config\*.sav >
[2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006.11.02 12:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[6 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
 
<           >
[2006.11.02 15:01:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2006.11.02 15:01:49 | 000,032,632 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2007.05.02 18:18:03 | 000,000,424 | -H-- | C] () -- C:\Windows\Tasks\User_Feed_Synchronization-{8B064243-A5B6-4219-86F7-5D7CF3E2AFC6}.job
[2009.07.01 17:08:10 | 000,001,094 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2009.07.01 17:08:11 | 000,001,098 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2009.12.06 12:11:08 | 000,000,522 | ---- | C] () -- C:\Windows\Tasks\1-Klick-Wartung.job
[2010.10.15 09:49:44 | 000,000,428 | -H-- | C] () -- C:\Windows\Tasks\User_Feed_Synchronization-{2AACFABE-3B33-4DAF-B213-B138ADF0F46B}.job
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:9AB56A06

< End of report >
         

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code: Alles auswählenAufklappen

ATTFilter

:OTL
DRV - (asc6lyzf) --  File not found
[2010.08.18 17:11:20 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
O3 - HKU\S-1-5-21-2220789123-478904379-3072460713-1001\..\Toolbar\WebBrowser: (no name) - {0E3DBC69-A682-48DA-84E1-82C63A5D678E} - No CLSID value found.
O3 - HKU\S-1-5-21-2220789123-478904379-3072460713-1001\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-2220789123-478904379-3072460713-1001\..\Toolbar\WebBrowser: (no name) - {266FCDCA-7BB3-4DA7-B3BF-F845DEA2EBD6} - No CLSID value found.
O3 - HKU\S-1-5-21-2220789123-478904379-3072460713-1001\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKU\S-1-5-21-2220789123-478904379-3072460713-1001\..\Toolbar\WebBrowser: (no name) - {7B13EC3E-999A-4B70-B9CB-2617B8323822} - No CLSID value found.
O3 - HKU\S-1-5-21-2220789123-478904379-3072460713-1001\..\Toolbar\WebBrowser: (no name) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - No CLSID value found.
O4 - HKU\S-1-5-21-2220789123-478904379-3072460713-1001..\Run: [Atsyt] C:\Users\Standart\AppData\Roaming\Vouvr\casys.exe ()
O4 - HKU\S-1-5-21-2220789123-478904379-3072460713-1001..\Run: [rQcDdQaEEBwu] C:\ProgramData\rQcDdQaEEBwu.exe File not found
O4 - HKU\S-1-5-21-2220789123-478904379-3072460713-1001..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup File not found
O4 - HKU\S-1-5-21-2220789123-478904379-3072460713-1001..\Run: [PhonostarAgent] C:\Program Files\phonostar\ps_agent.exe File not found
O8 - Extra context menu item: Web-Suche - C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found
O4 - HKU\S-1-5-21-2220789123-478904379-3072460713-1001..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 File not found
O27 - HKLM IFEO\apnstub.exe: Debugger - C:\Windows\System32\dllhost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avnotify.exe: Debugger - C:\Windows\System32\dllhost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ipmgui.exe: Debugger - C:\Windows\System32\dllhost.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:9AB56A06
:Files
C:\Users\Standart\AppData\Roaming\Mozilla\Firefox\Profiles\i09ap2f7.default\user.js
C:\Program Files\Adobe\Acrobat 7.0
C:\Users\Standart\AppData\Roaming\Vouvr
C:\ProgramData\~54057860
C:\ProgramData\54057860
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
         

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Alles wie beschrieben durchgeführt, Rechner hat sich neu gestartet. Das logfile hab ich in dem _OTL Verzeichnis gefunden:

Code: Alles auswählenAufklappen

ATTFilter

All processes killed
========== OTL ==========
Error: No service named asc6lyzf was found to stop!
Service\Driver key asc6lyzf not found.
File   File not found not found.
C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\defaults\preferences folder moved successfully.
C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\defaults folder moved successfully.
C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\chrome folder moved successfully.
Folder move failed. C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION scheduled to be moved on reboot.
Registry value HKEY_USERS\S-1-5-21-2220789123-478904379-3072460713-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0E3DBC69-A682-48DA-84E1-82C63A5D678E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0E3DBC69-A682-48DA-84E1-82C63A5D678E}\ not found.
Registry value HKEY_USERS\S-1-5-21-2220789123-478904379-3072460713-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\S-1-5-21-2220789123-478904379-3072460713-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{266FCDCA-7BB3-4DA7-B3BF-F845DEA2EBD6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{266FCDCA-7BB3-4DA7-B3BF-F845DEA2EBD6}\ not found.
Registry value HKEY_USERS\S-1-5-21-2220789123-478904379-3072460713-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
Registry value HKEY_USERS\S-1-5-21-2220789123-478904379-3072460713-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7B13EC3E-999A-4B70-B9CB-2617B8323822} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7B13EC3E-999A-4B70-B9CB-2617B8323822}\ not found.
Registry value HKEY_USERS\S-1-5-21-2220789123-478904379-3072460713-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}\ not found.
Registry value HKEY_USERS\S-1-5-21-2220789123-478904379-3072460713-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Atsyt deleted successfully.
C:\Users\Standart\AppData\Roaming\Vouvr\casys.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-2220789123-478904379-3072460713-1001\Software\Microsoft\Windows\CurrentVersion\Run\\rQcDdQaEEBwu deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2220789123-478904379-3072460713-1001\Software\Microsoft\Windows\CurrentVersion\Run\\DellSupport deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2220789123-478904379-3072460713-1001\Software\Microsoft\Windows\CurrentVersion\Run\\PhonostarAgent deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Web-Suche\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2220789123-478904379-3072460713-1001\Software\Microsoft\Windows\CurrentVersion\Run\\updateMgr deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\apnstub.exe\ deleted successfully.
File move failed. C:\Windows\System32\dllhost.exe scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avnotify.exe\ deleted successfully.
File move failed. C:\Windows\System32\dllhost.exe scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ipmgui.exe\ deleted successfully.
File move failed. C:\Windows\System32\dllhost.exe scheduled to be moved on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
ADS C:\ProgramData\TEMP:9AB56A06 deleted successfully.
========== FILES ==========
C:\Users\Standart\AppData\Roaming\Mozilla\Firefox\Profiles\i09ap2f7.default\user.js moved successfully.
File\Folder C:\Program Files\Adobe\Acrobat 7.0 not found.
C:\Users\Standart\AppData\Roaming\Vouvr folder moved successfully.
C:\ProgramData\~54057860 moved successfully.
C:\ProgramData\54057860 moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Standart\Desktop\cmd.bat deleted successfully.
C:\Users\Standart\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 17811050 bytes
->Flash cache emptied: 41 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
User: Standart
->Temp folder emptied: 44975390 bytes
->Temporary Internet Files folder emptied: 498533834 bytes
->Java cache emptied: 16550854 bytes
->FireFox cache emptied: 58989447 bytes
->Google Chrome cache emptied: 18081131 bytes
->Flash cache emptied: 50013754 bytes
 
User: TEMP
->Temp folder emptied: 2165 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 41 bytes
 
User: TEMP.Joshua
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 114094 bytes
->Flash cache emptied: 41 bytes
 
User: Wolfgang
->Temp folder emptied: 10834383 bytes
->Temporary Internet Files folder emptied: 148891527 bytes
->Java cache emptied: 7580031 bytes
->FireFox cache emptied: 34287996 bytes
->Flash cache emptied: 22609 bytes
 
User: Wolfgang.Joshua
->Temp folder emptied: 80490015 bytes
->Temporary Internet Files folder emptied: 13388047 bytes
->FireFox cache emptied: 78566032 bytes
->Flash cache emptied: 1431 bytes
 
User: Wolfgang.Joshua.000
->Temp folder emptied: 81153156 bytes
->Temporary Internet Files folder emptied: 275758050 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 55560840 bytes
->Flash cache emptied: 497 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 4694016 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 929087584 bytes
RecycleBin emptied: 102145560 bytes
 
Total Files Cleaned = 2.410,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.70.2 log created on 10052012_173840
         

1.Fortschritte, ich kann wieder auf Antivirenseiten zugreifen, wie zum Beispiel Malwarebyte. Aber, der I-Explorer hängt sich immer noch auf. Ich komme an die Seite, aber kann dann nichts mehr weiter anklicken, er friert quasi ein.

Vielen Dank mal zwischendurch !!!

Gruß

Wolfgang

Das war ja auch erst der 1. Streich

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

Hier das Log vom TDSS:

Code: Alles auswählenAufklappen

ATTFilter

22:57:09.0024 2916  TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
22:57:09.0225 2916  ============================================================
22:57:09.0225 2916  Current date / time: 2012/10/05 22:57:09.0225
22:57:09.0225 2916  SystemInfo:
22:57:09.0225 2916  
22:57:09.0226 2916  OS Version: 6.0.6002 ServicePack: 2.0
22:57:09.0226 2916  Product type: Workstation
22:57:09.0226 2916  ComputerName: JOSHUA
22:57:09.0226 2916  UserName: Wolfgang
22:57:09.0226 2916  Windows directory: C:\Windows
22:57:09.0226 2916  System windows directory: C:\Windows
22:57:09.0226 2916  Processor architecture: Intel x86
22:57:09.0226 2916  Number of processors: 2
22:57:09.0226 2916  Page size: 0x1000
22:57:09.0226 2916  Boot type: Normal boot
22:57:09.0226 2916  ============================================================
22:57:10.0503 2916  Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
22:57:10.0506 2916  ============================================================
22:57:10.0506 2916  \Device\Harddisk0\DR0:
22:57:10.0506 2916  MBR partitions:
22:57:10.0506 2916  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2B800, BlocksNum 0x1400000
22:57:10.0506 2916  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x142B800, BlocksNum 0xC768800
22:57:10.0539 2916  ============================================================
22:57:10.0597 2916  C: <-> \Device\Harddisk0\DR0\Partition2
22:57:10.0639 2916  D: <-> \Device\Harddisk0\DR0\Partition1
22:57:10.0640 2916  ============================================================
22:57:10.0640 2916  Initialize success
22:57:10.0640 2916  ============================================================
22:57:36.0701 2428  ============================================================
22:57:36.0701 2428  Scan started
22:57:36.0701 2428  Mode: Manual; SigCheck; TDLFS; 
22:57:36.0701 2428  ============================================================
22:57:37.0381 2428  ================ Scan system memory ========================
22:57:37.0381 2428  System memory - ok
22:57:37.0381 2428  ================ Scan services =============================
22:57:37.0795 2428  [ 553BA53445795CBC0D4F9FA37EB855A6 ] acedrv10        C:\Windows\system32\drivers\acedrv10.sys
22:57:37.0977 2428  acedrv10 - ok
22:57:38.0002 2428  [ 8CE00B6A46962A1808B19CD1DAE5170C ] acehlp10        C:\Windows\system32\drivers\acehlp10.sys
22:57:38.0020 2428  acehlp10 - ok
22:57:38.0067 2428  [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI            C:\Windows\system32\drivers\acpi.sys
22:57:38.0090 2428  ACPI - ok
22:57:38.0139 2428  [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
22:57:38.0168 2428  adp94xx - ok
22:57:38.0198 2428  [ B84088CA3CDCA97DA44A984C6CE1CCAD ] adpahci         C:\Windows\system32\drivers\adpahci.sys
22:57:38.0219 2428  adpahci - ok
22:57:38.0247 2428  [ 7880C67BCCC27C86FD05AA2AFB5EA469 ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
22:57:38.0262 2428  adpu160m - ok
22:57:38.0277 2428  [ 9AE713F8E30EFC2ABCCD84904333DF4D ] adpu320         C:\Windows\system32\drivers\adpu320.sys
22:57:38.0293 2428  adpu320 - ok
22:57:38.0344 2428  [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
22:57:38.0453 2428  AeLookupSvc - ok
22:57:38.0524 2428  [ 3911B972B55FEA0478476B2E777B29FA ] AFD             C:\Windows\system32\drivers\afd.sys
22:57:38.0561 2428  AFD - ok
22:57:38.0593 2428  [ 8B10CE1C1F9F1D47E4DEB1A547A00CD4 ] agp440          C:\Windows\system32\drivers\agp440.sys
22:57:38.0608 2428  agp440 - ok
22:57:38.0655 2428  [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
22:57:38.0669 2428  aic78xx - ok
22:57:38.0716 2428  [ A1545B731579895D8CC44FC0481C1192 ] ALG             C:\Windows\System32\alg.exe
22:57:38.0879 2428  ALG - ok
22:57:38.0911 2428  [ 5C42A992E68724D2CD3DDB4FC3B0409F ] aliide          C:\Windows\system32\drivers\aliide.sys
22:57:38.0926 2428  aliide - ok
22:57:38.0949 2428  [ 848F27E5B27C1C253F6CEFDC1A5D8F21 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
22:57:38.0964 2428  amdagp - ok
22:57:38.0984 2428  [ 849DFACDDE533DA5D1810F0CAF84EB19 ] amdide          C:\Windows\system32\drivers\amdide.sys
22:57:39.0000 2428  amdide - ok
22:57:39.0036 2428  [ DC487885BCEF9F28EECE6FAC0E5DDFC5 ] AmdK7           C:\Windows\system32\drivers\amdk7.sys
22:57:39.0259 2428  AmdK7 - ok
22:57:39.0287 2428  [ 0CA0071DA4315B00FC1328CA86B425DA ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
22:57:39.0354 2428  AmdK8 - ok
22:57:39.0497 2428  [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
22:57:39.0514 2428  AntiVirSchedulerService - ok
22:57:39.0572 2428  [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService  C:\Program Files\Avira\AntiVir Desktop\avguard.exe
22:57:39.0586 2428  AntiVirService - ok
22:57:39.0656 2428  [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo         C:\Windows\System32\appinfo.dll
22:57:39.0709 2428  Appinfo - ok
22:57:39.0718 2428  [ 5F673180268BB1FDB69C99B6619FE379 ] arc             C:\Windows\system32\drivers\arc.sys
22:57:39.0734 2428  arc - ok
22:57:39.0787 2428  [ 957F7540B5E7F602E44648C7DE5A1C05 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
22:57:39.0801 2428  arcsas - ok
22:57:39.0936 2428  [ 40C145F12FF461A0220303BDA134F598 ] aspnet_state    C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
22:57:39.0950 2428  aspnet_state - ok
22:57:40.0007 2428  [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
22:57:40.0075 2428  AsyncMac - ok
22:57:40.0127 2428  [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi           C:\Windows\system32\drivers\atapi.sys
22:57:40.0143 2428  atapi - ok
22:57:40.0217 2428  [ F8A2A11291A994B1A1F0867CFFAA6E18 ] Ati External Event Utility C:\Windows\system32\Ati2evxx.exe
22:57:40.0334 2428  Ati External Event Utility - ok
22:57:40.0441 2428  [ 72BC628AF75C4C3250F2A3BAC260265A ] atksgt          C:\Windows\system32\DRIVERS\atksgt.sys
22:57:40.0461 2428  atksgt - ok
22:57:40.0514 2428  [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
22:57:40.0556 2428  AudioEndpointBuilder - ok
22:57:40.0566 2428  [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv        C:\Windows\System32\Audiosrv.dll
22:57:40.0594 2428  Audiosrv - ok
22:57:40.0634 2428  [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
22:57:40.0648 2428  avgntflt - ok
22:57:40.0692 2428  [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
22:57:40.0707 2428  avipbb - ok
22:57:40.0744 2428  [ 53E56450DA16A1A7F0D002F511113F67 ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
22:57:40.0758 2428  avkmgr - ok
22:57:40.0803 2428  [ 08015D34F6FDD0B355805BAD978497C3 ] bcm4sbxp        C:\Windows\system32\DRIVERS\bcm4sbxp.sys
22:57:40.0873 2428  bcm4sbxp - ok
22:57:40.0937 2428  [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep            C:\Windows\system32\drivers\Beep.sys
22:57:40.0983 2428  Beep - ok
22:57:41.0054 2428  [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE             C:\Windows\System32\bfe.dll
22:57:41.0102 2428  BFE - ok
22:57:41.0219 2428  [ 93952506C6D67330367F7E7934B6A02F ] BITS            C:\Windows\System32\qmgr.dll
22:57:41.0311 2428  BITS - ok
22:57:41.0317 2428  blbdrive - ok
22:57:41.0360 2428  [ 35F376253F687BDE63976CCB3F2108CA ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
22:57:41.0400 2428  bowser - ok
22:57:41.0449 2428  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
22:57:41.0489 2428  BrFiltLo - ok
22:57:41.0522 2428  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
22:57:41.0564 2428  BrFiltUp - ok
22:57:41.0606 2428  [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser         C:\Windows\System32\browser.dll
22:57:41.0657 2428  Browser - ok
22:57:41.0679 2428  [ B304E75CFF293029EDDF094246747113 ] Brserid         C:\Windows\system32\drivers\brserid.sys
22:57:41.0739 2428  Brserid - ok
22:57:41.0762 2428  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
22:57:41.0830 2428  BrSerWdm - ok
22:57:41.0857 2428  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
22:57:41.0925 2428  BrUsbMdm - ok
22:57:41.0946 2428  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
22:57:42.0017 2428  BrUsbSer - ok
22:57:42.0068 2428  [ 6D39C954799B63BA866910234CF7D726 ] BthEnum         C:\Windows\system32\DRIVERS\BthEnum.sys
22:57:42.0112 2428  BthEnum - ok
22:57:42.0154 2428  [ 9A966A8E86D1771911AE34A20D11BFF3 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
22:57:42.0191 2428  BTHMODEM - ok
22:57:42.0227 2428  [ 5904EFA25F829BF84EA6FB045134A1D8 ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
22:57:42.0276 2428  BthPan - ok
22:57:42.0326 2428  [ 611FF3F2F095C8D4A6D4CFD9DCC09793 ] BTHPORT         C:\Windows\system32\Drivers\BTHport.sys
22:57:42.0394 2428  BTHPORT - ok
22:57:42.0431 2428  [ A4C8377FA4A994E07075107DBE2E3DCE ] BthServ         C:\Windows\System32\bthserv.dll
22:57:42.0474 2428  BthServ - ok
22:57:42.0507 2428  [ D330803EAB2A15CAEC7F011F1D4CB30E ] BTHUSB          C:\Windows\system32\Drivers\BTHUSB.sys
22:57:42.0556 2428  BTHUSB - ok
22:57:42.0622 2428  [ 4A28E7BD365377D0512B7EF8C7596D2C ] btwaudio        C:\Windows\system32\drivers\btwaudio.sys
22:57:42.0638 2428  btwaudio - ok
22:57:42.0661 2428  [ 5FFDE57253D665067B0886612817EB11 ] btwavdt         C:\Windows\system32\drivers\btwavdt.sys
22:57:42.0674 2428  btwavdt - ok
22:57:42.0703 2428  [ AB07DC8B05C31A4F95FC73019BE9DB15 ] btwrchid        C:\Windows\system32\DRIVERS\btwrchid.sys
22:57:42.0715 2428  btwrchid - ok
22:57:42.0955 2428  [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
22:57:43.0019 2428  cdfs - ok
22:57:43.0127 2428  [ 6B4BFFB9BECD728097024276430DB314 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
22:57:43.0177 2428  cdrom - ok
22:57:43.0236 2428  [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc     C:\Windows\System32\certprop.dll
22:57:43.0289 2428  CertPropSvc - ok
22:57:43.0319 2428  [ DA8E0AFC7BAA226C538EF53AC2F90897 ] circlass        C:\Windows\system32\drivers\circlass.sys
22:57:43.0368 2428  circlass - ok
22:57:43.0396 2428  [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS            C:\Windows\system32\CLFS.sys
22:57:43.0418 2428  CLFS - ok
22:57:43.0451 2428  [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:57:43.0465 2428  clr_optimization_v2.0.50727_32 - ok
22:57:43.0552 2428  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:57:43.0567 2428  clr_optimization_v4.0.30319_32 - ok
22:57:43.0625 2428  [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
22:57:43.0668 2428  CmBatt - ok
22:57:43.0686 2428  [ DE11A06E187756ECB86CFA82DAC40FF7 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
22:57:43.0701 2428  cmdide - ok
22:57:43.0739 2428  [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
22:57:43.0754 2428  Compbatt - ok
22:57:43.0757 2428  COMSysApp - ok
22:57:43.0770 2428  [ 2A213AE086BBEC5E937553C7D9A2B22C ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
22:57:43.0784 2428  crcdisk - ok
22:57:43.0805 2428  [ 22A7F883508176489F559EE745B5BF5D ] Crusoe          C:\Windows\system32\drivers\crusoe.sys
22:57:43.0870 2428  Crusoe - ok
22:57:43.0935 2428  [ 75C6A297E364014840B48ECCD7525E30 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
22:57:43.0988 2428  CryptSvc - ok
22:57:44.0055 2428  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch      C:\Windows\system32\rpcss.dll
22:57:44.0105 2428  DcomLaunch - ok
22:57:44.0139 2428  [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
22:57:44.0184 2428  DfsC - ok
22:57:44.0348 2428  [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR            C:\Windows\system32\DFSR.exe
22:57:44.0502 2428  DFSR - ok
22:57:44.0573 2428  [ D8522960163FA593694E441194A9A574 ] dg_ssudbus      C:\Windows\system32\DRIVERS\ssudbus.sys
22:57:44.0587 2428  dg_ssudbus - ok
22:57:44.0638 2428  [ 9028559C132146FB75EB7ACF384B086A ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
22:57:44.0680 2428  Dhcp - ok
22:57:44.0741 2428  [ 5D4AEFC3386920236A548271F8F1AF6A ] disk            C:\Windows\system32\drivers\disk.sys
22:57:44.0758 2428  disk - ok
22:57:44.0790 2428  [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache        C:\Windows\System32\dnsrslvr.dll
22:57:44.0835 2428  Dnscache - ok
22:57:44.0887 2428  [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc         C:\Windows\System32\dot3svc.dll
22:57:44.0932 2428  dot3svc - ok
22:57:44.0983 2428  [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS             C:\Windows\system32\dps.dll
22:57:45.0015 2428  DPS - ok
22:57:45.0065 2428  [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
22:57:45.0098 2428  drmkaud - ok
22:57:45.0154 2428  [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
22:57:45.0191 2428  DXGKrnl - ok
22:57:45.0250 2428  [ 7505290504C8E2D172FA378CC0497BCC ] e1express       C:\Windows\system32\DRIVERS\e1e6032.sys
22:57:45.0328 2428  e1express - ok
22:57:45.0365 2428  [ F88FB26547FD2CE6D0A5AF2985892C48 ] E1G60           C:\Windows\system32\DRIVERS\E1G60I32.sys
22:57:45.0420 2428  E1G60 - ok
22:57:45.0456 2428  [ C0B95E40D85CD807D614E264248A45B9 ] EapHost         C:\Windows\System32\eapsvc.dll
22:57:45.0497 2428  EapHost - ok
22:57:45.0551 2428  [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache          C:\Windows\system32\drivers\ecache.sys
22:57:45.0568 2428  Ecache - ok
22:57:45.0650 2428  [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
22:57:45.0694 2428  ehRecvr - ok
22:57:45.0729 2428  [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched         C:\Windows\ehome\ehsched.exe
22:57:45.0775 2428  ehSched - ok
22:57:45.0792 2428  [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart         C:\Windows\ehome\ehstart.dll
22:57:45.0832 2428  ehstart - ok
22:57:45.0866 2428  [ E8F3F21A71720C84BCF423B80028359F ] elxstor         C:\Windows\system32\drivers\elxstor.sys
22:57:45.0888 2428  elxstor - ok
22:57:45.0944 2428  [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt         C:\Windows\system32\emdmgmt.dll
22:57:46.0027 2428  EMDMgmt - ok
22:57:46.0071 2428  [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem     C:\Windows\system32\es.dll
22:57:46.0117 2428  EventSystem - ok
22:57:46.0224 2428  [ F10E7AA8BDF4488E3DFA989B8E7F7C9F ] EvtEng          C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
22:57:46.0261 2428  EvtEng ( UnsignedFile.Multi.Generic ) - warning
22:57:46.0261 2428  EvtEng - detected UnsignedFile.Multi.Generic (1)
22:57:46.0307 2428  [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat           C:\Windows\system32\drivers\exfat.sys
22:57:46.0368 2428  exfat - ok
22:57:46.0425 2428  [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
22:57:46.0461 2428  fastfat - ok
22:57:46.0510 2428  [ 63BDADA84951B9C03E641800E176898A ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
22:57:46.0580 2428  fdc - ok
22:57:46.0617 2428  [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost         C:\Windows\system32\fdPHost.dll
22:57:46.0647 2428  fdPHost - ok
22:57:46.0683 2428  [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub        C:\Windows\system32\fdrespub.dll
22:57:46.0753 2428  FDResPub - ok
22:57:46.0793 2428  [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
22:57:46.0809 2428  FileInfo - ok
22:57:46.0837 2428  [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
22:57:46.0882 2428  Filetrace - ok
22:57:46.0920 2428  [ 6603957EFF5EC62D25075EA8AC27DE68 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
22:57:46.0993 2428  flpydisk - ok
22:57:47.0022 2428  [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
22:57:47.0043 2428  FltMgr - ok
22:57:47.0150 2428  [ 8CE364388C8ECA59B14B539179276D44 ] FontCache       C:\Windows\system32\FntCache.dll
22:57:47.0305 2428  FontCache - ok
22:57:47.0380 2428  [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
22:57:47.0394 2428  FontCache3.0.0.0 - ok
22:57:47.0429 2428  [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
22:57:47.0479 2428  Fs_Rec - ok
22:57:47.0524 2428  [ 4E1CD0A45C50A8882616CAE5BF82F3C5 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
22:57:47.0539 2428  gagp30kx - ok
22:57:47.0620 2428  getPlusHelper - ok
22:57:47.0671 2428  [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc           C:\Windows\System32\gpsvc.dll
22:57:47.0728 2428  gpsvc - ok
22:57:47.0832 2428  [ 626A24ED1228580B9518C01930936DF9 ] gupdate1c9912216cfd88b C:\Program Files\Google\Update\GoogleUpdate.exe
22:57:47.0846 2428  gupdate1c9912216cfd88b - ok
22:57:47.0858 2428  [ 626A24ED1228580B9518C01930936DF9 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
22:57:47.0872 2428  gupdatem - ok
22:57:47.0925 2428  [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
22:57:47.0977 2428  HdAudAddService - ok
22:57:48.0037 2428  [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
22:57:48.0138 2428  HDAudBus - ok
22:57:48.0257 2428  [ FCB3F4BE408F72C1BD81BCABA87FC22F ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
22:57:48.0339 2428  HidBth - ok
22:57:48.0411 2428  [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr           C:\Windows\system32\drivers\hidir.sys
22:57:48.0476 2428  HidIr - ok
22:57:48.0514 2428  [ 84067081F3318162797385E11A8F0582 ] hidserv         C:\Windows\system32\hidserv.dll
22:57:48.0549 2428  hidserv - ok
22:57:48.0588 2428  [ CCA4B519B17E23A00B826C55716809CC ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
22:57:48.0627 2428  HidUsb - ok
22:57:48.0671 2428  [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc          C:\Windows\system32\kmsvc.dll
22:57:48.0714 2428  hkmsvc - ok
22:57:48.0738 2428  [ DF353B401001246853763C4B7AAA6F50 ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys
22:57:48.0752 2428  HpCISSs - ok
22:57:48.0831 2428  [ 53229DCF431D76434816CD29251168A0 ] HSF_DPV         C:\Windows\system32\DRIVERS\HSX_DPV.sys
22:57:48.0967 2428  HSF_DPV - ok
22:57:48.0998 2428  [ 31F949D452201F2F0AF0C88D7DB512CD ] HSXHWAZL        C:\Windows\system32\DRIVERS\HSXHWAZL.sys
22:57:49.0034 2428  HSXHWAZL - ok
22:57:49.0087 2428  [ F870AA3E254628EBEAFE754108D664DE ] HTTP            C:\Windows\system32\drivers\HTTP.sys
22:57:49.0146 2428  HTTP - ok
22:57:49.0164 2428  [ 324C2152FF2C61ABAE92D09F3CCA4D63 ] i2omp           C:\Windows\system32\drivers\i2omp.sys
22:57:49.0178 2428  i2omp - ok
22:57:49.0229 2428  [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
22:57:49.0268 2428  i8042prt - ok
22:57:49.0295 2428  [ C957BF4B5D80B46C5017BF0101E6C906 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys
22:57:49.0312 2428  iaStorV - ok
22:57:49.0476 2428  [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT        C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
22:57:49.0481 2428  IDriverT ( UnsignedFile.Multi.Generic ) - warning
22:57:49.0481 2428  IDriverT - detected UnsignedFile.Multi.Generic (1)
22:57:49.0580 2428  [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
22:57:49.0674 2428  idsvc - ok
22:57:49.0729 2428  [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
22:57:49.0743 2428  iirsp - ok
22:57:49.0821 2428  [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT          C:\Windows\System32\ikeext.dll
22:57:49.0881 2428  IKEEXT - ok
22:57:49.0963 2428  [ 83AA759F3189E6370C30DE5DC5590718 ] intelide        C:\Windows\system32\drivers\intelide.sys
22:57:49.0979 2428  intelide - ok
22:57:50.0037 2428  [ 224191001E78C89DFA78924C3EA595FF ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
22:57:50.0077 2428  intelppm - ok
22:57:50.0118 2428  [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
22:57:50.0167 2428  IPBusEnum - ok
22:57:50.0185 2428  [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:57:50.0226 2428  IpFilterDriver - ok
22:57:50.0260 2428  [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
22:57:50.0303 2428  iphlpsvc - ok
22:57:50.0311 2428  IpInIp - ok
22:57:50.0342 2428  [ 40F34F8ABA2A015D780E4B09138B6C17 ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys
22:57:50.0390 2428  IPMIDRV - ok
22:57:50.0414 2428  [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys
22:57:50.0446 2428  IPNAT - ok
22:57:50.0469 2428  [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
22:57:50.0499 2428  IRENUM - ok
22:57:50.0516 2428  [ 2F8ECE2699E7E2070545E9B0960A8ED2 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
22:57:50.0530 2428  isapnp - ok
22:57:50.0599 2428  [ 232FA340531D940AAC623B121A595034 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
22:57:50.0618 2428  iScsiPrt - ok
22:57:50.0640 2428  [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
22:57:50.0655 2428  iteatapi - ok
22:57:50.0681 2428  [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid         C:\Windows\system32\drivers\iteraid.sys
22:57:50.0695 2428  iteraid - ok
22:57:50.0736 2428  [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
22:57:50.0751 2428  kbdclass - ok
22:57:50.0789 2428  [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
22:57:50.0826 2428  kbdhid - ok
22:57:50.0863 2428  [ A3E186B4B935905B829219502557314E ] KeyIso          C:\Windows\system32\lsass.exe
22:57:50.0908 2428  KeyIso - ok
22:57:50.0952 2428  [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
22:57:50.0981 2428  KSecDD - ok
22:57:51.0047 2428  [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm           C:\Windows\system32\msdtckrm.dll
22:57:51.0126 2428  KtmRm - ok
22:57:51.0164 2428  [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer    C:\Windows\system32\srvsvc.dll
22:57:51.0214 2428  LanmanServer - ok
22:57:51.0273 2428  [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
22:57:51.0325 2428  LanmanWorkstation - ok
22:57:51.0363 2428  [ 4127E8B6DDB4090E815C1F8852C277D3 ] lirsgt          C:\Windows\system32\DRIVERS\lirsgt.sys
22:57:51.0377 2428  lirsgt - ok
22:57:51.0420 2428  [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
22:57:51.0470 2428  lltdio - ok
22:57:51.0520 2428  [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
22:57:51.0568 2428  lltdsvc - ok
22:57:51.0597 2428  [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts         C:\Windows\System32\lmhsvc.dll
22:57:51.0648 2428  lmhosts - ok
22:57:51.0693 2428  [ A2262FB9F28935E862B4DB46438C80D2 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
22:57:51.0707 2428  LSI_FC - ok
22:57:51.0732 2428  [ 30D73327D390F72A62F32C103DAF1D6D ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
22:57:51.0747 2428  LSI_SAS - ok
22:57:51.0767 2428  [ E1E36FEFD45849A95F1AB81DE0159FE3 ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
22:57:51.0781 2428  LSI_SCSI - ok
22:57:51.0827 2428  [ 8F5C7426567798E62A3B3614965D62CC ] luafv           C:\Windows\system32\drivers\luafv.sys
22:57:51.0857 2428  luafv - ok
22:57:51.0876 2428  [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
22:57:51.0903 2428  Mcx2Svc - ok
22:57:51.0950 2428  [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk         C:\Windows\system32\DRIVERS\mdmxsdk.sys
22:57:51.0978 2428  mdmxsdk - ok
22:57:52.0000 2428  [ D153B14FC6598EAE8422A2037553ADCE ] megasas         C:\Windows\system32\drivers\megasas.sys
22:57:52.0015 2428  megasas - ok
22:57:52.0062 2428  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS           C:\Windows\system32\mmcss.dll
22:57:52.0103 2428  MMCSS - ok
22:57:52.0120 2428  [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem           C:\Windows\system32\drivers\modem.sys
22:57:52.0166 2428  Modem - ok
22:57:52.0206 2428  [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
22:57:52.0251 2428  monitor - ok
22:57:52.0300 2428  [ 5BF6A1326A335C5298477754A506D263 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
22:57:52.0315 2428  mouclass - ok
22:57:52.0335 2428  [ 93B8D4869E12CFBE663915502900876F ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
22:57:52.0377 2428  mouhid - ok
22:57:52.0429 2428  [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
22:57:52.0444 2428  MountMgr - ok
22:57:52.0474 2428  [ 583A41F26278D9E0EA548163D6139397 ] mpio            C:\Windows\system32\drivers\mpio.sys
22:57:52.0489 2428  mpio - ok
22:57:52.0508 2428  [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
22:57:52.0532 2428  mpsdrv - ok
22:57:52.0579 2428  [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc          C:\Windows\system32\mpssvc.dll
22:57:52.0648 2428  MpsSvc - ok
22:57:52.0673 2428  [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
22:57:52.0687 2428  Mraid35x - ok
22:57:52.0715 2428  [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
22:57:52.0734 2428  MRxDAV - ok
22:57:52.0769 2428  [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
22:57:52.0820 2428  mrxsmb - ok
22:57:52.0863 2428  [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:57:52.0882 2428  mrxsmb10 - ok
22:57:52.0901 2428  [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:57:52.0918 2428  mrxsmb20 - ok
22:57:52.0930 2428  [ 0D1C042188FFE61A702A9DF5944DE5BA ] msahci          C:\Windows\system32\drivers\msahci.sys
22:57:52.0945 2428  msahci - ok
22:57:52.0965 2428  [ 3FC82A2AE4CC149165A94699183D3028 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
22:57:52.0981 2428  msdsm - ok
22:57:53.0026 2428  [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC           C:\Windows\System32\msdtc.exe
22:57:53.0071 2428  MSDTC - ok
22:57:53.0095 2428  [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
22:57:53.0140 2428  Msfs - ok
22:57:53.0159 2428  [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
22:57:53.0174 2428  msisadrv - ok
22:57:53.0218 2428  [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
22:57:53.0264 2428  MSiSCSI - ok
22:57:53.0270 2428  msiserver - ok
22:57:53.0308 2428  [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
22:57:53.0337 2428  MSKSSRV - ok
22:57:53.0392 2428  [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
22:57:53.0442 2428  MSPCLOCK - ok
22:57:53.0461 2428  [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
22:57:53.0491 2428  MSPQM - ok
22:57:53.0529 2428  [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
22:57:53.0548 2428  MsRPC - ok
22:57:53.0667 2428  [ E384487CB84BE41D09711C30CA79646C ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
22:57:53.0682 2428  mssmbios - ok
22:57:53.0697 2428  [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
22:57:53.0740 2428  MSTEE - ok
22:57:53.0758 2428  [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup             C:\Windows\system32\Drivers\mup.sys
22:57:53.0775 2428  Mup - ok
22:57:53.0826 2428  [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent        C:\Windows\system32\qagentRT.dll
22:57:53.0876 2428  napagent - ok
22:57:53.0955 2428  [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
22:57:53.0991 2428  NativeWifiP - ok
22:57:54.0054 2428  [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS            C:\Windows\system32\drivers\ndis.sys
22:57:54.0104 2428  NDIS - ok
22:57:54.0144 2428  [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
22:57:54.0185 2428  NdisTapi - ok
22:57:54.0201 2428  [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
22:57:54.0231 2428  Ndisuio - ok
22:57:54.0247 2428  [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
22:57:54.0271 2428  NdisWan - ok
22:57:54.0288 2428  [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
22:57:54.0325 2428  NDProxy - ok
22:57:54.0366 2428  [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
22:57:54.0414 2428  NetBIOS - ok
22:57:54.0444 2428  [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt           C:\Windows\system32\DRIVERS\netbt.sys
22:57:54.0486 2428  netbt - ok
22:57:54.0508 2428  [ A3E186B4B935905B829219502557314E ] Netlogon        C:\Windows\system32\lsass.exe
22:57:54.0525 2428  Netlogon - ok
22:57:54.0577 2428  [ C8052711DAECC48B982434C5116CA401 ] Netman          C:\Windows\System32\netman.dll
22:57:54.0635 2428  Netman - ok
22:57:54.0659 2428  [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm        C:\Windows\System32\netprofm.dll
22:57:54.0712 2428  netprofm - ok
22:57:54.0752 2428  [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:57:54.0767 2428  NetTcpPortSharing - ok
22:57:54.0901 2428  [ 6522DD40A5F67CED020BD81B856613FB ] NETw4v32        C:\Windows\system32\DRIVERS\NETw4v32.sys
22:57:55.0207 2428  NETw4v32 - ok
22:57:55.0251 2428  [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
22:57:55.0265 2428  nfrd960 - ok
22:57:55.0423 2428  [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc          C:\Windows\System32\nlasvc.dll
22:57:55.0456 2428  NlaSvc - ok
22:57:55.0495 2428  [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
22:57:55.0519 2428  Npfs - ok
22:57:55.0560 2428  [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi             C:\Windows\system32\nsisvc.dll
22:57:55.0608 2428  nsi - ok
22:57:55.0632 2428  [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
22:57:55.0679 2428  nsiproxy - ok
22:57:55.0742 2428  [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
22:57:55.0796 2428  Ntfs - ok
22:57:55.0827 2428  [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi       C:\Windows\system32\drivers\ntrigdigi.sys
22:57:55.0892 2428  ntrigdigi - ok
22:57:55.0901 2428  [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null            C:\Windows\system32\drivers\Null.sys
22:57:55.0932 2428  Null - ok
22:57:56.0238 2428  [ DC89868592D74DE404406C9420C3F277 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
22:57:56.0912 2428  nvlddmkm - ok
22:57:56.0965 2428  [ E69E946F80C1C31C53003BFBF50CBB7C ] nvraid          C:\Windows\system32\drivers\nvraid.sys
22:57:56.0980 2428  nvraid - ok
22:57:56.0997 2428  [ 9E0BA19A28C498A6D323D065DB76DFFC ] nvstor          C:\Windows\system32\drivers\nvstor.sys
22:57:57.0012 2428  nvstor - ok
22:57:57.0030 2428  [ 055081FD5076401C1EE1BCAB08D81911 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
22:57:57.0046 2428  nv_agp - ok
22:57:57.0052 2428  NwlnkFlt - ok
22:57:57.0061 2428  NwlnkFwd - ok
22:57:57.0119 2428  [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
22:57:57.0153 2428  ohci1394 - ok
22:57:57.0225 2428  [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:57:57.0238 2428  ose - ok
22:57:57.0295 2428  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc        C:\Windows\system32\p2psvc.dll
22:57:57.0430 2428  p2pimsvc - ok
22:57:57.0445 2428  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc          C:\Windows\system32\p2psvc.dll
22:57:57.0492 2428  p2psvc - ok
22:57:57.0558 2428  [ 0FA9B5055484649D63C303FE404E5F4D ] Parport         C:\Windows\system32\drivers\parport.sys
22:57:57.0624 2428  Parport - ok
22:57:57.0663 2428  [ B9C2B89F08670E159F7181891E449CD9 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
22:57:57.0680 2428  partmgr - ok
22:57:57.0697 2428  [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm          C:\Windows\system32\drivers\parvdm.sys
22:57:57.0764 2428  Parvdm - ok
22:57:57.0803 2428  [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc          C:\Windows\System32\pcasvc.dll
22:57:57.0850 2428  PcaSvc - ok
22:57:57.0928 2428  [ FD2041E9BA03DB7764B2248F02475079 ] pccsmcfd        C:\Windows\system32\DRIVERS\pccsmcfd.sys
22:57:57.0955 2428  pccsmcfd - ok
22:57:57.0994 2428  [ 941DC1D19E7E8620F40BBC206981EFDB ] pci             C:\Windows\system32\drivers\pci.sys
22:57:58.0014 2428  pci - ok
22:57:58.0041 2428  [ 54D23DC5B5072311116826FDB7F6E83E ] pciide          C:\Windows\system32\DRIVERS\pciide.sys
22:57:58.0056 2428  pciide - ok
22:57:58.0087 2428  [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
22:57:58.0104 2428  pcmcia - ok
22:57:58.0156 2428  [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
22:57:58.0294 2428  PEAUTH - ok
22:57:58.0396 2428  [ B1689DF169143F57053F795390C99DB3 ] pla             C:\Windows\system32\pla.dll
22:57:58.0467 2428  pla - ok
22:57:58.0520 2428  [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
22:57:58.0565 2428  PlugPlay - ok
22:57:58.0606 2428  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg     C:\Windows\system32\p2psvc.dll
22:57:58.0932 2428  PNRPAutoReg - ok
22:57:58.0956 2428  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc         C:\Windows\system32\p2psvc.dll
22:57:59.0266 2428  PNRPsvc - ok
22:57:59.0338 2428  [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
22:57:59.0398 2428  PolicyAgent - ok
22:57:59.0452 2428  [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
22:57:59.0494 2428  PptpMiniport - ok
22:57:59.0517 2428  [ 0E3CEF5D28B40CF273281D620C50700A ] Processor       C:\Windows\system32\drivers\processr.sys
22:57:59.0579 2428  Processor - ok
22:57:59.0620 2428  [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc         C:\Windows\system32\profsvc.dll
22:57:59.0646 2428  ProfSvc - ok
22:57:59.0664 2428  [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
22:57:59.0681 2428  ProtectedStorage - ok
22:57:59.0714 2428  [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
22:57:59.0748 2428  PSched - ok
22:57:59.0791 2428  [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20        C:\Windows\system32\Drivers\PxHelp20.sys
22:57:59.0803 2428  PxHelp20 - ok
22:57:59.0867 2428  [ CCDAC889326317792480C0A67156A1EC ] ql2300          C:\Windows\system32\drivers\ql2300.sys
22:57:59.0916 2428  ql2300 - ok
22:57:59.0967 2428  [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
22:57:59.0983 2428  ql40xx - ok
22:58:00.0043 2428  [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE           C:\Windows\system32\qwave.dll
22:58:00.0079 2428  QWAVE - ok
22:58:00.0119 2428  [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
22:58:00.0135 2428  QWAVEdrv - ok
22:58:00.0253 2428  [ A6201FD4D96F7FA7DB3AD609BE60FF5C ] R300            C:\Windows\system32\DRIVERS\atikmdag.sys
22:58:00.0420 2428  R300 - ok
22:58:00.0445 2428  [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
22:58:00.0490 2428  RasAcd - ok
22:58:00.0519 2428  [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto         C:\Windows\System32\rasauto.dll
22:58:00.0566 2428  RasAuto - ok
22:58:00.0609 2428  [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
22:58:00.0658 2428  Rasl2tp - ok
22:58:00.0700 2428  [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan          C:\Windows\System32\rasmans.dll
22:58:00.0747 2428  RasMan - ok
22:58:00.0775 2428  [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
22:58:00.0816 2428  RasPppoe - ok
22:58:00.0845 2428  [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
22:58:00.0888 2428  RasSstp - ok
22:58:00.0924 2428  [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
22:58:00.0961 2428  rdbss - ok
22:58:01.0006 2428  [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
22:58:01.0051 2428  RDPCDD - ok
22:58:01.0099 2428  [ 0245418224CFA77BF4B41C2FE0622258 ] rdpdr           C:\Windows\system32\drivers\rdpdr.sys
22:58:01.0146 2428  rdpdr - ok
22:58:01.0152 2428  [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
22:58:01.0181 2428  RDPENCDD - ok
22:58:01.0236 2428  [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
22:58:01.0287 2428  RDPWD - ok
22:58:01.0324 2428  [ 7274BD434B6165BAA382BDD87F6CA4CE ] RegSrvc         C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
22:58:01.0367 2428  RegSrvc ( UnsignedFile.Multi.Generic ) - warning
22:58:01.0367 2428  RegSrvc - detected UnsignedFile.Multi.Generic (1)
22:58:01.0431 2428  [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess    C:\Windows\System32\mprdim.dll
22:58:01.0480 2428  RemoteAccess - ok
22:58:01.0512 2428  [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry  C:\Windows\system32\regsvc.dll
22:58:01.0559 2428  RemoteRegistry - ok
22:58:01.0601 2428  [ 6482707F9F4DA0ECBAB43B2E0398A101 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
22:58:01.0641 2428  RFCOMM - ok
22:58:01.0695 2428  [ D85E3FA9F5B1F29BB4ED185C450D1470 ] rimmptsk        C:\Windows\system32\DRIVERS\rimmptsk.sys
22:58:01.0723 2428  rimmptsk - ok
22:58:01.0755 2428  [ DB8EB01C58C9FADA00C70B1775278AE0 ] rimsptsk        C:\Windows\system32\DRIVERS\rimsptsk.sys
22:58:01.0795 2428  rimsptsk - ok
22:58:01.0812 2428  [ 6C1F93C0760C9F79A1869D07233DF39D ] rismxdp         C:\Windows\system32\DRIVERS\rixdptsk.sys
22:58:01.0853 2428  rismxdp - ok
22:58:01.0959 2428  [ EBCDE8B48FADC6479D96A56D0A432160 ] RoxMediaDB9     C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
22:58:02.0018 2428  RoxMediaDB9 ( UnsignedFile.Multi.Generic ) - warning
22:58:02.0018 2428  RoxMediaDB9 - detected UnsignedFile.Multi.Generic (1)
22:58:02.0094 2428  [ AB2B1DE1C8F31EFCE2384B14B3DC4260 ] RoxWatch9       C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
22:58:02.0100 2428  RoxWatch9 ( UnsignedFile.Multi.Generic ) - warning
22:58:02.0100 2428  RoxWatch9 - detected UnsignedFile.Multi.Generic (1)
22:58:02.0130 2428  [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator      C:\Windows\system32\locator.exe
22:58:02.0172 2428  RpcLocator - ok
22:58:02.0211 2428  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs           C:\Windows\system32\rpcss.dll
22:58:02.0246 2428  RpcSs - ok
22:58:02.0295 2428  [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
22:58:02.0324 2428  rspndr - ok
22:58:02.0330 2428  [ A3E186B4B935905B829219502557314E ] SamSs           C:\Windows\system32\lsass.exe
22:58:02.0348 2428  SamSs - ok
22:58:02.0390 2428  [ 3CE8F073A557E172B330109436984E30 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
22:58:02.0405 2428  sbp2port - ok
22:58:02.0428 2428  SBRE - ok
22:58:02.0469 2428  [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
22:58:02.0510 2428  SCardSvr - ok
22:58:02.0560 2428  [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule        C:\Windows\system32\schedsvc.dll
22:58:02.0639 2428  Schedule - ok
22:58:02.0671 2428  [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc     C:\Windows\System32\certprop.dll
22:58:02.0694 2428  SCPolicySvc - ok
22:58:02.0732 2428  [ 8F36B54688C31EED4580129040C6A3D3 ] sdbus           C:\Windows\system32\DRIVERS\sdbus.sys
22:58:02.0756 2428  sdbus - ok
22:58:02.0801 2428  [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
22:58:02.0849 2428  SDRSVC - ok
22:58:02.0878 2428  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
22:58:02.0948 2428  secdrv - ok
22:58:02.0977 2428  [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon        C:\Windows\system32\seclogon.dll
22:58:03.0023 2428  seclogon - ok
22:58:03.0049 2428  [ A9BBAB5759771E523F55563D6CBE140F ] SENS            C:\Windows\System32\sens.dll
22:58:03.0097 2428  SENS - ok
22:58:03.0116 2428  [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum         C:\Windows\system32\drivers\serenum.sys
22:58:03.0185 2428  Serenum - ok
22:58:03.0207 2428  [ C70D69A918B178D3C3B06339B40C2E1B ] Serial          C:\Windows\system32\drivers\serial.sys
22:58:03.0256 2428  Serial - ok
22:58:03.0279 2428  [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
22:58:03.0308 2428  sermouse - ok
22:58:03.0461 2428  [ E802089FEC30A95FDFD218995308F9B3 ] ServiceLayer    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
22:58:03.0495 2428  ServiceLayer - ok
22:58:03.0534 2428  [ D2193326F729B163125610DBF3E17D57 ] SessionEnv      C:\Windows\system32\sessenv.dll
22:58:03.0567 2428  SessionEnv - ok
22:58:03.0605 2428  [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk         C:\Windows\system32\DRIVERS\sffdisk.sys
22:58:03.0647 2428  sffdisk - ok
22:58:03.0672 2428  [ 8FD08A310645FE872EEEC6E08C6BF3EE ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
22:58:03.0731 2428  sffp_mmc - ok
22:58:03.0771 2428  [ 9F66A46C55D6F1CCABC79BB7AFCCC545 ] sffp_sd         C:\Windows\system32\DRIVERS\sffp_sd.sys
22:58:03.0795 2428  sffp_sd - ok
22:58:03.0811 2428  [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
22:58:03.0860 2428  sfloppy - ok
22:58:03.0917 2428  [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
22:58:03.0965 2428  SharedAccess - ok
22:58:04.0020 2428  [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
22:58:04.0086 2428  ShellHWDetection - ok
22:58:04.0123 2428  [ 08072B2FB92477FC813271A84B3A8698 ] sisagp          C:\Windows\system32\drivers\sisagp.sys
22:58:04.0137 2428  sisagp - ok
22:58:04.0153 2428  [ CEDD6F4E7D84E9F98B34B3FE988373AA ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
22:58:04.0167 2428  SiSRaid2 - ok
22:58:04.0181 2428  [ DF843C528C4F69D12CE41CE462E973A7 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
22:58:04.0196 2428  SiSRaid4 - ok
22:58:04.0508 2428  [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc           C:\Windows\system32\SLsvc.exe
22:58:04.0716 2428  slsvc - ok
22:58:04.0772 2428  [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify      C:\Windows\system32\SLUINotify.dll
22:58:04.0828 2428  SLUINotify - ok
22:58:04.0851 2428  [ 7B75299A4D201D6A6533603D6914AB04 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
22:58:04.0887 2428  Smb - ok
22:58:04.0918 2428  [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
22:58:04.0935 2428  SNMPTRAP - ok
22:58:04.0974 2428  [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr           C:\Windows\system32\drivers\spldr.sys
22:58:04.0989 2428  spldr - ok
22:58:05.0035 2428  [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler         C:\Windows\System32\spoolsv.exe
22:58:05.0059 2428  Spooler - ok
22:58:05.0134 2428  [ D390675B8CE45E5FB359338E5E649329 ] sptd            C:\Windows\system32\Drivers\sptd.sys
22:58:05.0134 2428  Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: D390675B8CE45E5FB359338E5E649329
22:58:05.0136 2428  sptd ( LockedFile.Multi.Generic ) - warning
22:58:05.0136 2428  sptd - detected LockedFile.Multi.Generic (1)
22:58:05.0182 2428  [ 41987F9FC0E61ADF54F581E15029AD91 ] srv             C:\Windows\system32\DRIVERS\srv.sys
22:58:05.0222 2428  srv - ok
22:58:05.0253 2428  [ FF33AFF99564B1AA534F58868CBE41EF ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
22:58:05.0285 2428  srv2 - ok
22:58:05.0317 2428  [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
22:58:05.0354 2428  srvnet - ok
22:58:05.0382 2428  [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
22:58:05.0415 2428  SSDPSRV - ok
22:58:05.0467 2428  [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv          C:\Windows\system32\DRIVERS\ssmdrv.sys
22:58:05.0479 2428  ssmdrv - ok
22:58:05.0518 2428  [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
22:58:05.0558 2428  SstpSvc - ok
22:58:05.0643 2428  [ 1B4052F016BA5E087689ABA536A0A927 ] ssudmdm         C:\Windows\system32\DRIVERS\ssudmdm.sys
22:58:05.0658 2428  ssudmdm - ok
22:58:05.0713 2428  [ 306521935042FC0A6988D528643619B3 ] StarOpen        C:\Windows\system32\drivers\StarOpen.sys
22:58:05.0736 2428  StarOpen ( UnsignedFile.Multi.Generic ) - warning
22:58:05.0736 2428  StarOpen - detected UnsignedFile.Multi.Generic (1)
22:58:05.0806 2428  [ 9CEA131B5EB0EA653F6B3EA80B54956D ] STHDA           C:\Windows\system32\drivers\stwrt.sys
22:58:05.0854 2428  STHDA - ok
22:58:05.0903 2428  [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc          C:\Windows\System32\wiaservc.dll
22:58:06.0049 2428  stisvc - ok
22:58:06.0112 2428  [ 51778FD315C9882F1CBD932743E62A72 ] stllssvr        C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
22:58:06.0118 2428  stllssvr ( UnsignedFile.Multi.Generic ) - warning
22:58:06.0118 2428  stllssvr - detected UnsignedFile.Multi.Generic (1)
22:58:06.0162 2428  [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
22:58:06.0180 2428  swenum - ok
22:58:06.0362 2428  [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv           C:\Windows\System32\swprv.dll
22:58:06.0403 2428  swprv - ok
22:58:06.0435 2428  [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys
22:58:06.0450 2428  Symc8xx - ok
22:58:06.0491 2428  [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
22:58:06.0506 2428  Sym_hi - ok
22:58:06.0533 2428  [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
22:58:06.0548 2428  Sym_u3 - ok
22:58:06.0613 2428  [ 1F5192248A364D4AB68DB063D18A2139 ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
22:58:06.0630 2428  SynTP - ok
22:58:06.0668 2428  [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain         C:\Windows\system32\sysmain.dll
22:58:06.0786 2428  SysMain - ok
22:58:06.0814 2428  [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
22:58:06.0849 2428  TabletInputService - ok
22:58:06.0896 2428  [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv         C:\Windows\System32\tapisrv.dll
22:58:06.0942 2428  TapiSrv - ok
22:58:06.0992 2428  [ CB05822CD9CC6C688168E113C603DBE7 ] TBS             C:\Windows\System32\tbssvc.dll
22:58:07.0028 2428  TBS - ok
22:58:07.0093 2428  [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
22:58:07.0139 2428  Tcpip - ok
22:58:07.0163 2428  [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
22:58:07.0202 2428  Tcpip6 - ok
22:58:07.0252 2428  [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
22:58:07.0287 2428  tcpipreg - ok
22:58:07.0365 2428  [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
22:58:07.0409 2428  TDPIPE - ok
22:58:07.0435 2428  [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
22:58:07.0485 2428  TDTCP - ok
22:58:07.0537 2428  [ 76B06EB8A01FC8624D699E7045303E54 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
22:58:07.0575 2428  tdx - ok
22:58:07.0617 2428  [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
22:58:07.0634 2428  TermDD - ok
22:58:07.0684 2428  [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService     C:\Windows\System32\termsrv.dll
22:58:07.0765 2428  TermService - ok
22:58:07.0799 2428  [ C7230FBEE14437716701C15BE02C27B8 ] Themes          C:\Windows\system32\shsvcs.dll
22:58:07.0820 2428  Themes - ok
22:58:07.0840 2428  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER     C:\Windows\system32\mmcss.dll
22:58:07.0874 2428  THREADORDER - ok
22:58:07.0916 2428  [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks          C:\Windows\System32\trkwks.dll
22:58:07.0959 2428  TrkWks - ok
22:58:08.0026 2428  [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
22:58:08.0062 2428  TrustedInstaller - ok
22:58:08.0093 2428  [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
22:58:08.0142 2428  tssecsrv - ok
22:58:08.0197 2428  [ 6A29CD69D1128BDF49A705BEFC614A5B ] TuneUp.Defrag   C:\Windows\System32\TuneUpDefragService.exe
22:58:08.0245 2428  TuneUp.Defrag - ok
22:58:08.0306 2428  [ 51EE2913ED525DE18FDA96DCCBC5386A ] TuneUp.ProgramStatisticsSvc C:\Windows\System32\TUProgSt.exe
22:58:08.0371 2428  TuneUp.ProgramStatisticsSvc - ok
22:58:08.0418 2428  [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp           C:\Windows\system32\DRIVERS\tunmp.sys
22:58:08.0434 2428  tunmp - ok
22:58:08.0494 2428  [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
22:58:08.0531 2428  tunnel - ok
22:58:08.0586 2428  [ C3ADE15414120033A36C0F293D4A4121 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
22:58:08.0600 2428  uagp35 - ok
22:58:08.0699 2428  [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
22:58:08.0725 2428  udfs - ok
22:58:08.0759 2428  [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
22:58:08.0793 2428  UI0Detect - ok
22:58:08.0821 2428  [ 6D72EF05921ABDF59FC45C7EBFE7E8DD ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
22:58:08.0835 2428  uliagpkx - ok
22:58:08.0863 2428  [ 3CD4EA35A6221B85DCC25DAA46313F8D ] uliahci         C:\Windows\system32\drivers\uliahci.sys
22:58:08.0882 2428  uliahci - ok
22:58:08.0905 2428  [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata          C:\Windows\system32\drivers\ulsata.sys
22:58:08.0920 2428  UlSata - ok
22:58:08.0938 2428  [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys
22:58:08.0953 2428  ulsata2 - ok
22:58:08.0975 2428  [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
22:58:09.0005 2428  umbus - ok
22:58:09.0053 2428  [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost        C:\Windows\System32\upnphost.dll
22:58:09.0091 2428  upnphost - ok
22:58:09.0164 2428  [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
22:58:09.0221 2428  usbccgp - ok
22:58:09.0238 2428  [ E9476E6C486E76BC4898074768FB7131 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
22:58:09.0300 2428  usbcir - ok
22:58:09.0343 2428  [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
22:58:09.0382 2428  usbehci - ok
22:58:09.0425 2428  [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
22:58:09.0454 2428  usbhub - ok
22:58:09.0490 2428  [ 38DBC7DD6CC5A72011F187425384388B ] usbohci         C:\Windows\system32\drivers\usbohci.sys
22:58:09.0540 2428  usbohci - ok
22:58:09.0594 2428  [ B51E52ACF758BE00EF3A58EA452FE360 ] usbprint        C:\Windows\system32\drivers\usbprint.sys
22:58:09.0643 2428  usbprint - ok
22:58:09.0702 2428  [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:58:09.0785 2428  USBSTOR - ok
22:58:09.0853 2428  [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
22:58:09.0894 2428  usbuhci - ok
22:58:09.0925 2428  [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms           C:\Windows\System32\uxsms.dll
22:58:09.0967 2428  UxSms - ok
22:58:10.0003 2428  [ 2E2E93041C8058BC7DE6F0D743C4A0C6 ] UxTuneUp        C:\Windows\System32\uxtuneup.dll
22:58:10.0017 2428  UxTuneUp - ok
22:58:10.0067 2428  [ CD88D1B7776DC17A119049742EC07EB4 ] vds             C:\Windows\System32\vds.exe
22:58:10.0116 2428  vds - ok
22:58:10.0164 2428  [ 7D92BE0028ECDEDEC74617009084B5EF ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
22:58:10.0235 2428  vga - ok
22:58:10.0282 2428  [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave         C:\Windows\System32\drivers\vga.sys
22:58:10.0330 2428  VgaSave - ok
22:58:10.0354 2428  [ D5929A28BDFF4367A12CAF06AF901971 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
22:58:10.0369 2428  viaagp - ok
22:58:10.0388 2428  [ 56A4DE5F02F2E88182B0981119B4DD98 ] ViaC7           C:\Windows\system32\drivers\viac7.sys
22:58:10.0454 2428  ViaC7 - ok
22:58:10.0487 2428  [ C0ACE9D0F5A5EE0B00F58345947A57FC ] viaide          C:\Windows\system32\drivers\viaide.sys
22:58:10.0502 2428  viaide - ok
22:58:10.0528 2428  [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
22:58:10.0550 2428  volmgr - ok
22:58:10.0598 2428  [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
22:58:10.0620 2428  volmgrx - ok
22:58:10.0671 2428  [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
22:58:10.0694 2428  volsnap - ok
22:58:10.0719 2428  [ D984439746D42B30FC65A4C3546C6829 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
22:58:10.0734 2428  vsmraid - ok
22:58:10.0792 2428  [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS             C:\Windows\system32\vssvc.exe
22:58:10.0919 2428  VSS - ok
22:58:10.0958 2428  [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time         C:\Windows\system32\w32time.dll
22:58:10.0990 2428  W32Time - ok
22:58:11.0026 2428  [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
22:58:11.0097 2428  WacomPen - ok
22:58:11.0134 2428  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
22:58:11.0172 2428  Wanarp - ok
22:58:11.0177 2428  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
22:58:11.0202 2428  Wanarpv6 - ok
22:58:11.0235 2428  [ A3CD60FD826381B49F03832590E069AF ] wcncsvc         C:\Windows\System32\wcncsvc.dll
22:58:11.0264 2428  wcncsvc - ok
22:58:11.0302 2428  [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
22:58:11.0345 2428  WcsPlugInService - ok
22:58:11.0376 2428  [ AFC5AD65B991C1E205CF25CFDBF7A6F4 ] Wd              C:\Windows\system32\drivers\wd.sys
22:58:11.0390 2428  Wd - ok
22:58:11.0452 2428  [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
22:58:11.0514 2428  Wdf01000 - ok
22:58:11.0567 2428  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
22:58:11.0618 2428  WdiServiceHost - ok
22:58:11.0623 2428  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
22:58:11.0656 2428  WdiSystemHost - ok
22:58:11.0697 2428  [ 04C37D8107320312FBAE09926103D5E2 ] WebClient       C:\Windows\System32\webclnt.dll
22:58:11.0719 2428  WebClient - ok
22:58:11.0755 2428  [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc          C:\Windows\system32\wecsvc.dll
22:58:11.0815 2428  Wecsvc - ok
22:58:11.0848 2428  [ 670FF720071ED741206D69BD995EA453 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
22:58:11.0874 2428  wercplsupport - ok
22:58:11.0913 2428  [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc          C:\Windows\System32\WerSvc.dll
22:58:11.0941 2428  WerSvc - ok
22:58:11.0983 2428  [ 6D2350BB6E77E800FC4BE4E5B7A2E89A ] winachsf        C:\Windows\system32\DRIVERS\HSX_CNXT.sys
22:58:12.0022 2428  winachsf - ok
22:58:12.0138 2428  [ 4575AA12561C5648483403541D0D7F2B ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
22:58:12.0158 2428  WinDefend - ok
22:58:12.0165 2428  WinHttpAutoProxySvc - ok
22:58:12.0246 2428  [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
22:58:12.0271 2428  Winmgmt - ok
22:58:12.0360 2428  [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM           C:\Windows\system32\WsmSvc.dll
22:58:12.0492 2428  WinRM - ok
22:58:12.0569 2428  [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc         C:\Windows\System32\wlansvc.dll
22:58:12.0694 2428  Wlansvc - ok
22:58:12.0737 2428  [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
22:58:12.0760 2428  WmiAcpi - ok
22:58:12.0820 2428  [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
22:58:12.0844 2428  wmiApSrv - ok
22:58:13.0067 2428  [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
22:58:13.0240 2428  WMPNetworkSvc - ok
22:58:13.0327 2428  [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
22:58:13.0399 2428  WPCSvc - ok
22:58:13.0477 2428  [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
22:58:13.0589 2428  WPDBusEnum - ok
22:58:13.0643 2428  [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb          C:\Windows\system32\DRIVERS\wpdusb.sys
22:58:13.0680 2428  WpdUsb - ok
22:58:13.0803 2428  [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
22:58:13.0835 2428  WPFFontCache_v0400 - ok
22:58:13.0873 2428  [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
22:58:13.0918 2428  ws2ifsl - ok
22:58:13.0952 2428  [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc          C:\Windows\System32\wscsvc.dll
22:58:13.0972 2428  wscsvc - ok
22:58:13.0978 2428  WSearch - ok
22:58:14.0089 2428  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
22:58:14.0186 2428  wuauserv - ok
22:58:14.0300 2428  [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
22:58:14.0331 2428  WUDFRd - ok
22:58:14.0350 2428  [ 575A4190D989F64732119E4114045A4F ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
22:58:14.0383 2428  wudfsvc - ok
22:58:14.0422 2428  [ 5A7FF9A18FF6D7E0527FE3ABF9204EF8 ] XAudio          C:\Windows\system32\DRIVERS\xaudio.sys
22:58:14.0435 2428  XAudio - ok
22:58:14.0471 2428  [ 28DC5D626E036A75A572556F0A6EB1F6 ] XAudioService   C:\Windows\system32\DRIVERS\xaudio.exe
22:58:14.0522 2428  XAudioService - ok
22:58:14.0564 2428  ================ Scan global ===============================
22:58:14.0605 2428  [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
22:58:14.0679 2428  [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
22:58:14.0697 2428  [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
22:58:14.0750 2428  [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
22:58:14.0755 2428  [Global] - ok
22:58:14.0755 2428  ================ Scan MBR ==================================
22:58:14.0774 2428  [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
22:58:15.0458 2428  \Device\Harddisk0\DR0 ( TDSS File System ) - warning
22:58:15.0458 2428  \Device\Harddisk0\DR0 - detected TDSS File System (1)
22:58:15.0458 2428  ================ Scan VBR ==================================
22:58:15.0496 2428  [ CAD60F4449ACA2C65347DAD7024CC1A6 ] \Device\Harddisk0\DR0\Partition1
22:58:15.0498 2428  \Device\Harddisk0\DR0\Partition1 - ok
22:58:15.0515 2428  [ ECBD938FC5C24153E16F139973F09DF4 ] \Device\Harddisk0\DR0\Partition2
22:58:15.0518 2428  \Device\Harddisk0\DR0\Partition2 - ok
22:58:15.0518 2428  ============================================================
22:58:15.0518 2428  Scan finished
22:58:15.0518 2428  ============================================================
22:58:15.0534 2816  Detected object count: 9
22:58:15.0534 2816  Actual detected object count: 9
22:58:44.0191 2816  EvtEng ( UnsignedFile.Multi.Generic ) - skipped by user
22:58:44.0191 2816  EvtEng ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:58:44.0194 2816  IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
22:58:44.0194 2816  IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:58:44.0196 2816  RegSrvc ( UnsignedFile.Multi.Generic ) - skipped by user
22:58:44.0196 2816  RegSrvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:58:44.0199 2816  RoxMediaDB9 ( UnsignedFile.Multi.Generic ) - skipped by user
22:58:44.0199 2816  RoxMediaDB9 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:58:44.0201 2816  RoxWatch9 ( UnsignedFile.Multi.Generic ) - skipped by user
22:58:44.0201 2816  RoxWatch9 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:58:44.0204 2816  sptd ( LockedFile.Multi.Generic ) - skipped by user
22:58:44.0204 2816  sptd ( LockedFile.Multi.Generic ) - User select action: Skip 
22:58:44.0207 2816  StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user
22:58:44.0207 2816  StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:58:44.0209 2816  stllssvr ( UnsignedFile.Multi.Generic ) - skipped by user
22:58:44.0210 2816  stllssvr ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:58:44.0212 2816  \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
22:58:44.0212 2816  \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip 
22:58:54.0937 1508  Deinitialize success