Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Kein Zugang zu Antivirensoftware mehr, I-Explorer hängt sich auf (https://www.trojaner-board.de/124903-kein-zugang-antivirensoftware-mehr-i-explorer-haengt.html)

Joshua1966 30.09.2012 12:02
Kein Zugang zu Antivirensoftware mehr, I-Explorer hängt sich auf
 
Hallo liebe Experten,

hab seit gestern ein kleines Problem:
Mein Internet Explorer findet zwar meine Startseite (google), aber wenn ich eine andere Seite aufrufe, muss ich teilweise ewig warten, bzw. die Seiten kommen gar nicht.
Mit dem Firefox klappt alles, bis auf Seiten mit Antivirensoftware. Zum Beispiel auf Dr Web kann ich auf den Link zum download nicht zugreifen:
Es erscheint die Meldung:
Zitat:
404. That’s an error.

The requested URL /cureit/?lng=de was not found on this server. That’s all we know.
Mein OTL Log:
PHP-Code:
OTL logfile created on30.09.2012 12:41:05 Run 3
OTL by OldTimer Version 3.2.69.0     Folder C:\Users\Standart\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version 6.0.6002) - Type NTWorkstation
Internet Explorer (Version 9.0.8112.16421)
Locale00000407 CountryDeutschland LanguageDEU Date Formatdd.MM.yyyy
 
3,00 Gb Total Physical Memory 1,77 Gb Available Physical Memory 58,88Memory free
6,20 Gb Paging File 5,02 Gb Available in Paging File 81,01Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 99,70 Gb Total Space 18,59 Gb Free Space 18,64Space Free Partition TypeNTFS
Drive D: | 10,00 Gb Total Space 6,10 Gb Free Space 60,99Space Free Partition TypeNTFS
 
Computer NameJOSHUA User NameWolfgang Logged in as Administrator.
Boot ModeNormal Scan ModeCurrent user
Company Name WhitelistOff Skip Microsoft FilesOff No Company Name WhitelistOn File Age 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC C:\Users\Standart\Desktop\OTL.exe (OldTimer Tools)
PRC C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH CoKG)
PRC C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH CoKG)
PRC C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH CoKG)
PRC C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH CoKG)
PRC C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
PRC C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC C:\Windows\explorer.exe (Microsoft Corporation)
 
 
[color=#E56717]========== Modules (No Company Name) ==========[/color]
 
MOD C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\00a4922fbf869a79c043b665035516b6\System.Windows.Forms.ni.dll ()
MOD C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\d239f585ee55f833dbe21e897e1265ac\PresentationFramework.ni.dll ()
MOD C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b7de318e9fd1ef519ca6c1f3b5dba8e0\PresentationCore.ni.dll ()
MOD C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\a6e37a05b8d0cedbc5c3ea266ae3fc31\WindowsBase.ni.dll ()
MOD C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\4230ed1c7990e4ee8352baf67a2a85fa\System.Drawing.ni.dll ()
MOD C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\31fab24c51c0cfe8b8115f24545f169f\System.Runtime.Remoting.ni.dll ()
MOD C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\b68bee05c7e518172982cc92059c3315\System.Xaml.ni.dll ()
MOD C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\608d29d7cc89f3a9a195c91354561915\PresentationFramework.Aero.ni.dll ()
MOD C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\09bd2126bba2ab4f29ed52afde1470d7\System.Core.ni.dll ()
MOD C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\9abe44a0f82070ead5f1256683a4d25a\System.Xml.ni.dll ()
MOD C:\Windows\assembly\NativeImages_v4.0.30319_32\System\a6be120e49f895ef6b00e9918402395b\System.ni.dll ()
MOD C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\c1af4ec9a36f671617a8ecaec00373f4\mscorlib.ni.dll ()
MOD C:\Users\Standart\AppData\Local\Temp\8aefdf3f-82dc-462e-be91-2ca1c43911cf\CliSecureRT.dll ()
MOD C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
MOD C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD C:\Program Files\WinRAR\RarExt.dll ()
 
 
[color=#E56717]========== Services (SafeList) ==========[/color]
 
SRV - (getPlusHelper) -- C:\Program Files\NOS\bin\getPlus_Helper.dll File not found
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH CoKG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH CoKG)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (TuneUp.ProgramStatisticsSvc) -- C:\Windows\System32\TUProgSt.exe (TuneUp Software)
SRV - (TuneUp.Defrag) -- C:\Windows\System32\TuneUpDefragService.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - (SBRE) -- C:\Windows\system32\drivers\SBREdrv.sys File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (a4iqq86d) --  File not found
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (ssudmdm) -- C:\Windows\System32\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (dg_ssudbus) -- C:\Windows\System32\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys ()
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys ()
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (NETw4v32) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (acehlp10) -- C:\Windows\System32\drivers\acehlp10.sys (Protect Software GmbH)
DRV - (acedrv10) -- C:\Windows\System32\drivers\ACEDRV10.sys (Protect Software GmbH)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (SigmaTelInc.)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant SystemsInc.)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (e1express) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (bcm4sbxp) -- C:\Windows\System32\drivers\bcm4sbxp.sys (Broadcom Corporation)
 
 
[color=#E56717]========== Standard Registry (All) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL hxxp://go.microsoft.com/fwlink/?LinkId=69157
IE HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page about:NoAdd-ons
IE HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page C:\Windows\System32\blank.htm
IE HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page about:SecurityRisk
IE HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page hxxp://go.microsoft.com/fwlink/?LinkId=69157
IE HKLM\..\URLSearchHook: {0e3dbc69-a682-48da-84e1-82c63a5d678e} - C:\Program Files\Bigpoint_Games_DE\prxtbBig1.dll (Conduit Ltd.)
IE HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7DADE
IE HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2438727
 
IE HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL hxxp://www.google.de/ig/dell?hl=de&client=dell-row&channel=de&ibd=6070426
IE HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL hxxp://support.euro.dell.com/suppo [Binary data over 200 bytes]
IE HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page C:\Windows\system32\blank.htm
IE HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages hxxp://www.google.de/ [binary data]
IE HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page hxxp://www.google.de/
IE HKCU\..\URLSearchHook: {0e3dbc69-a682-48da-84e1-82c63a5d678e} - C:\Program Files\Bigpoint_Games_DE\prxtbBig1.dll (Conduit Ltd.)
IE HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE HKCU\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings"ProxyEnable" 0
 
 
[color=#E56717]========== FireFox ==========[/color]
 
FF HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayerC:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayerC:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe SystemsInc.)
FF HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
FF HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPluginC:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF HKLM\Software\MozillaPlugins\@java.com/JavaPluginC:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun MicrosystemsInc.)
FF HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll Microsoft Corporation)
FF HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+(R),version=1.6.2.91C:\Program Files\NOS\bin\np_gp.dll File not found
FF HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayerC:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
 
FF HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2010.08.18 17:11:20 000,000,000 | ---M]
FF HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\ComponentsC:\Program Files\Mozilla Firefox\components [2011.08.25 18:24:51 000,000,000 | ---M]
FF HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\PluginsC:\Program Files\Mozilla Firefox\plugins [2012.09.30 12:08:46 000,000,000 | ---M]
 
[2011.07.12 19:36:12 000,000,000 | ---M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011.08.25 18:24:51 000,000,000 | ---M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2007.11.18 15:20:48 000,000,000 | ---M] (AdVantage) -- C:\Program Files\Mozilla Firefox\extensions\{A89AED22-9133-424c-88E7-C8235C5FF302}
[2011.07.10 15:49:12 000,000,000 | ---M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011.08.25 18:24:51 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.07.10 15:48:44 000,476,904 | ---- | M] (Sun MicrosystemsInc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2007.04.23 02:02:18 000,717,312 | ---- | M] (DivX,Inc.) -- C:\Program Files\mozilla firefox\plugins\npdivx32.dll
[2003.07.14 22:56:52 000,013,888 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL
[2008.10.14 22:33:30 000,095,600 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2009.10.23 15:01:34 000,102,400 | ---- | M] (Zylom) -- C:\Program Files\mozilla firefox\plugins\npzylomgamesplayer.dll
[2010.01.01 10:00:00 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 10:00:00 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.01 10:00:00 000,002,364 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2010.01.01 10:00:00 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.01 10:00:00 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.01 10:00:00 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 Hosts127.0.0.1       localhost
O1 Hosts: ::1             localhost
O2 BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 BHO: (Bigpoint Games DE Toolbar) - {0e3dbc69-a682-48da-84e1-82c63a5d678e} - C:\Program Files\Bigpoint_Games_DE\prxtbBig1.dll (Conduit Ltd.)
O2 BHO: (Java(tmPlug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun MicrosystemsInc.)
O3 HKLM\..\Toolbar: (Bigpoint Games DE Toolbar) - {0e3dbc69-a682-48da-84e1-82c63a5d678e} - C:\Program Files\Bigpoint_Games_DE\prxtbBig1.dll (Conduit Ltd.)
O3 HKCU\..\Toolbar\WebBrowser: (Bigpoint Games DE Toolbar) - {0E3DBC69-A682-48DA-84E1-82C63A5D678E} - C:\Program Files\Bigpoint_Games_DE\prxtbBig1.dll (Conduit Ltd.)
O4 HKLM..\Run: [avgntC:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH CoKG)
O4 HKLM..\Run: [NvCplDaemonC:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 HKLM..\Run: [NVHotkeyC:\Windows\System32\nvHotkey.dll (NVIDIA Corporation)
O4 HKLM..\Run: [NvMediaCenterC:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 HKLM..\Run: [NvSvcC:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 HKLM..\Run: [SynTPEnhC:\Program Files\Synaptics\SynTP\SynTPEnh.exe (SynapticsInc.)
O4 HKLM..\Run: [Windows DefenderC:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 HKCU..\Run: [SidebarC:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 HKCU..\Run: [WMPNSCFGC:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 StartupC:\Users\Wolfgang.Joshua.000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Password Safe.lnk C:\Program Files\Password Safe\pwsafe.exe (SourceForge.net)
O6 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ExplorerBindDirectlyToPropertySetStorage 0
O6 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\SystemConsentPromptBehaviorAdmin 2
O6 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\SystemConsentPromptBehaviorUser 1
O6 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\SystemEnableInstallerDetection 1
O6 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\SystemEnableSecureUIAPaths 1
O6 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\SystemEnableVirtualization 1
O6 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\SystemPromptOnSecureDesktop 1
O6 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\SystemValidateAdminCodeSignatures 0
O6 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Systemdontdisplaylastusername 0
O6 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Systemlegalnoticecaption 
O6 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Systemlegalnoticetext 
O6 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Systemscforceoption 0
O6 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Systemshutdownwithoutlogon 1
O6 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Systemundockwithoutlogon 1
O6 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\SystemFilterAdministratorToken 0
O6 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\SystemEnableUIADesktopToggle 0
O6 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormatsCF_TEXT 1
O6 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormatsCF_BITMAP 2
O6 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormatsCF_OEMTEXT 7
O6 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormatsCF_DIB 8
O6 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormatsCF_PALETTE 9
O6 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormatsCF_UNICODETEXT 13
O6 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormatsCF_DIBV5 17
O8 Extra context menu itemWeb-Suche C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found
O9 Extra ButtonRecherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10 NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\System32\wshbth.dll (Microsoft Corporation)
O10 Protocol_Catalog9\Catalog_Entries\000000000001 C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 Protocol_Catalog9\Catalog_Entries\000000000002 C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 Protocol_Catalog9\Catalog_Entries\000000000003 C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 Protocol_Catalog9\Catalog_Entries\000000000004 C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 Protocol_Catalog9\Catalog_Entries\000000000005 C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 Protocol_Catalog9\Catalog_Entries\000000000006 C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 Protocol_Catalog9\Catalog_Entries\000000000007 C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 Protocol_Catalog9\Catalog_Entries\000000000008 C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 Protocol_Catalog9\Catalog_Entries\000000000009 C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 Protocol_Catalog9\Catalog_Entries\000000000010 C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 Protocol_Catalog9\Catalog_Entries\000000000011 C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 Protocol_Catalog9\Catalog_Entries\000000000012 C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 Protocol_Catalog9\Catalog_Entries\000000000013 C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 Protocol_Catalog9\Catalog_Entries\000000000014 C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 Protocol_Catalog9\Catalog_Entries\000000000015 C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 Protocol_Catalog9\Catalog_Entries\000000000016 C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 Protocol_Catalog9\Catalog_Entries\000000000017 C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 Protocol_Catalog9\Catalog_Entries\000000000018 C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 Protocol_Catalog9\Catalog_Entries\000000000019 C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 Protocol_Catalog9\Catalog_Entries\000000000020 C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 Protocol_Catalog9\Catalog_Entries\000000000021 C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 Protocol_Catalog9\Catalog_Entries\000000000022 C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 Protocol_Catalog9\Catalog_Entries\000000000023 C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 Protocol_Catalog9\Catalog_Entries\000000000024 C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 Protocol_Catalog9\Catalog_Entries\000000000025 C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 Protocol_Catalog9\Catalog_Entries\000000000026 C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 Protocol_Catalog9\Catalog_Entries\000000000027 C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 Protocol_Catalog9\Catalog_Entries\000000000028 C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 Protocol_Catalog9\Catalog_Entries\000000000029 C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 Protocol_Catalog9\Catalog_Entries\000000000030 C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 Protocol_Catalog9\Catalog_Entries\000000000031 C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 Protocol_Catalog9\Catalog_Entries\000000000032 C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 Protocol_Catalog9\Catalog_Entries\000000000033 C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O13 gopher Prefixmissing
O16 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603Chxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1Bhxxp://game.zylom.com/activex/zylomgamesplayer.cab (Zylom Games Player)
O16 DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBAhxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBAhxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2FF582BE-CF30-47B1-892B-CFCD9A4900A2}: NameServer 192.168.2.1
O17 HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AA6E897D-42F9-4B33-92E7-8FD5DBE9B426}: DhcpNameServer 192.168.2.1
O18 Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 Protocol\Handler\msdaipp No CLSID value found
O18 Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 HKLM WinlogonShell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 HKLM WinlogonUserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 HKLM WinlogonVMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation)
O20 HKLM WinlogonVMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\System32\sysdm.cpl (Microsoft Corporation)
O21 SSODLWebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)
O22 SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon C:\Windows\System32\browseui.dll (Microsoft Corporation)
O24 Desktop WallPaperC:\Windows\Web\Wallpaper\img24.jpg
O24 Desktop BackupWallPaperC:\Windows\Web\Wallpaper\img24.jpg
O27 HKLM IFEO\apnstub.exeDebugger C:\Windows\System32\dllhost.exe (Microsoft Corporation)
O27 HKLM IFEO\avnotify.exeDebugger C:\Windows\System32\dllhost.exe (Microsoft Corporation)
O27 HKLM IFEO\ipmgui.exeDebugger C:\Windows\System32\dllhost.exe (Microsoft Corporation)
O29 HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 LSAAuthentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 LSASecurity Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 LSASecurity Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 LSASecurity Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 LSASecurity Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 LSASecurity Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O31 SafeBootAlternateShell cmd.exe
O32 HKLM CDRomAutoRun 1
O32 AutoRun File - [2006.09.18 23:43:36 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 HKLM BootExecute: (autocheck autochk *)
O35 HKLM\..comfile [open] -- "%1" %*
O35 HKLM\..exefile [open] -- "%1" %*
O37 HKLM\...com [@ = comfile] -- "%1" %*
O37 HKLM\...exe [@ = exefile] -- "%1" %*
O38 SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2012.09.29 09:43:24 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_42.dll
[2012.09.29 09:40:15 000,000,000 | ---C] -- C:\Program Files\Common Files\PX Storage Engine
[2012.09.29 09:40:11 000,000,000 | ---C] -- C:\Program Files\Winamp
[2012.09.22 12:36:28 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.09.22 12:36:27 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.09.22 12:36:26 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012.09.22 12:36:26 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.09.22 12:36:26 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.09.22 12:36:24 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.09.22 12:36:24 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.09.22 12:36:23 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.09.04 17:00:12 000,000,000 | ---C] -- C:\Users\Wolfgang.Joshua.000\AppData\Local\NokiaAccount
[6 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2012.09.30 12:40:00 000,000,428 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{2AACFABE-3B33-4DAF-B213-B138ADF0F46B}.job
[2012.09.30 12:39:00 000,000,424 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{8B064243-A5B6-4219-86F7-5D7CF3E2AFC6}.job
[2012.09.30 12:04:47 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.09.30 12:04:33 000,000,522 | ---- | M] () -- C:\Windows\tasks\1-Klick-Wartung.job
[2012.09.30 12:04:26 000,003,568 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.30 12:04:26 000,003,568 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.30 12:04:17 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.09.30 12:03:36 3217,506,304 | -HS- | M] () -- C:\hiberfil.sys
[2012.09.30 11:48:14 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.09.29 18:40:11 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.09.29 13:09:34 000,371,736 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.09.04 17:15:36 000,634,650 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.09.04 17:15:35 000,674,832 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.09.04 17:15:35 000,146,290 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.09.04 17:15:35 000,120,214 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[6 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2012.09.02 14:06:52 3217,506,304 | -HS- | C] () -- C:\hiberfil.sys
[2012.03.15 18:05:24 012,815,642 | ---- | C] () -- C:\Users\Wolfgang.Joshua.000\AppData\Roaming\SMRBackup162.dat
[2011.12.11 16:55:26 000,110,080 | ---- | C] () -- C:\Windows\System32\advd.dll
[2011.12.11 16:55:26 000,023,040 | ---- | C] () -- C:\Windows\System32\auth.dll
[2011.12.11 16:55:25 000,237,568 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2011.11.29 17:38:12 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2011.11.29 17:38:12 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2011.11.29 17:38:12 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2011.11.29 17:38:12 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2011.10.15 13:11:58 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2011.05.28 08:51:39 000,027,620 | ---- | C] () -- C:\Users\Wolfgang.Joshua.000\AppData\Roaming\nvModes.001
[2011.05.28 08:46:42 000,027,620 | ---- | C] () -- C:\Users\Wolfgang.Joshua.000\AppData\Roaming\nvModes.dat
[2011.05.28 07:42:41 000,000,136 | ---- | C] () -- C:\ProgramData\~54057860
[2011.05.28 07:42:37 000,000,336 | ---- | C] () -- C:\ProgramData\54057860
[2011.03.13 22:00:49 000,000,026 | ---- | C] () -- C:\Windows\NeoSetup.INI
[2010.10.20 18:23:49 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010.10.20 18:21:52 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010.03.28 11:59:57 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010.03.28 11:59:57 000,000,008 RHS- | C] () -- C:\ProgramData\CB031D1D89.sys
[2009.12.16 11:23:14 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2009.06.15 19:21:59 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.03.10 23:00:20 000,025,182 | ---- | C] () -- C:\Program Files\Manual.htm
[2009.03.10 23:00:20 000,017,985 | ---- | C] () -- C:\Program Files\FAQ.htm
[2008.08.11 20:07:06 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2007.06.09 19:10:20 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html
 
[color=#E56717]========== ZeroAccess Check ==========[/color]
 
[2006.11.02 14:54:22 000,000,227 RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.10 23:28:20 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.10 23:28:26 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" Both
 
[color=#E56717]========== Alternate Data Streams ==========[/color]
 
@Alternate Data Stream 126 bytes -> C:\ProgramData\TEMP:9AB56A06

End of report 
Ich bitte um Hilfe...

Liebe Grüße

Wolfgang

cosinus 01.10.2012 13:58
Zitat:
Boot Mode: SafeMode with Networking |
Wenn dieser Modus funktioniert, kannst du erstmal routinemäßig einen Vollscan mit malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! NICHTS voreilig aus der Quarantäne entfernen!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset




Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log

Joshua1966 02.10.2012 14:48
OK, hab hoffentlich alles so gemacht wie vorgegeben.
Hier ersteinmal die log files von Malware:

Code:
Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.10.02.03

Windows Vista Service Pack 2 x86 NTFS (Safe Mode/Networking)
Internet Explorer 9.0.8112.16421
Standart :: JOSHUA [limited]

02.10.2012 09:52:46
mbam-log-2012-10-02 (11-39-56).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 399740
Time elapsed: 1 hour(s), 29 minute(s), 34 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 2
HKCU\SOFTWARE\AdVantage (Adware.Vomba) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avnotify.exe (Security.Hijack) -> No action taken.

Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|4E3E0230AEBB4E96 (Trojan.SpyEyes) -> Data: C:\Recycle.Bin\Recycle.Bin.exe -> No action taken.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\Standart\AppData\Local\Temp\tmpad904501\monilku.exe (Trojan.Ransom) -> No action taken.

(end)
und
Code:
Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.10.02.03

Windows Vista Service Pack 2 x86 NTFS (Safe Mode/Networking)
Internet Explorer 9.0.8112.16421
Standart :: JOSHUA [limited]

02.10.2012 09:52:46
mbam-log-2012-10-02 (09-52-46).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 399740
Time elapsed: 1 hour(s), 29 minute(s), 34 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 2
HKCU\SOFTWARE\AdVantage (Adware.Vomba) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avnotify.exe (Security.Hijack) -> Delete on reboot.

Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|4E3E0230AEBB4E96 (Trojan.SpyEyes) -> Data: C:\Recycle.Bin\Recycle.Bin.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\Standart\AppData\Local\Temp\tmpad904501\monilku.exe (Trojan.Ransom) -> Quarantined and deleted successfully.

(end)
sowie das log von Eset:
Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=b447be856ccb614c84574a53acd67e1a
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-10-02 01:28:44
# local_time=2012-10-02 03:28:44 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 135449797 135449797 0 0
# compatibility_mode=1792 16777215 100 0 9759941 9759941 0 0
# compatibility_mode=5892 16776574 100 100 9833991 186705499 0 0
# compatibility_mode=8192 67108863 100 0 174 174 0 0
# scanned=199507
# found=2
# cleaned=0
# scan_time=11753
C:\Users\Standart\AppData\Roaming\Mozilla\Firefox\Profiles\i09ap2f7.default\user.js        JS/SecurityDisabler.A.Gen application (unable to clean)        00000000000000000000000000000000        I
C:\Users\Standart\AppData\Roaming\Vouvr\casys.exe        Win32/Spy.Zbot.AAO trojan (unable to clean)        00000000000000000000000000000000        I
Vielen Dank

Wolfgang

cosinus 02.10.2012 19:24
Code:
Standart :: JOSHUA [limited]
Wieso denn limitiert? Hast du keine Adminrechte?

Zitat:
Keine Aktion durchgeführt.
-> No action taken.
Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! Bitte nachholen falls noch nicht getan!

NICHTS voreilig aus der Quarantäne löschen!

Joshua1966 03.10.2012 09:18
Doch ich bin als Admin angemeldet gewesen. Keine Ahnung warum hier limitiert steht.

Ich ab nach dem Scan mit Malware die Anweisungen vom Programm befolgt, deswegen der 2. log-Auszug. Das 1. log ist vor dem booten und das 2. war nach dem booten dann auch da...?

Zitat:
-> Quarantined and deleted successfully.

(end)
Der Rechner verhält sich immer noch wie zuvor. Ich komme auf keine Antivirenseite, es sei denn ich boote mit "safemode with networking". Dann hab ich Zugang zu den Antivirenseiten bzw. kann mir etwas downloaden (z.b. Malware)

cosinus 03.10.2012 18:43
adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Suche.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Rx].txt. (x=fortlaufende Nummer)

Joshua1966 03.10.2012 19:27
Nachfolgend der Inhalt der Textdatei:

Code:
# AdwCleaner v2.003 - Datei am 10/03/2012 um 20:24:33 erstellt
# Aktualisiert am 23/09/2012 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzer : Wolfgang - JOSHUA
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Standart\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gefunden : C:\Program Files\Bigpoint_Games_DE
Ordner Gefunden : C:\Program Files\Conduit
Ordner Gefunden : C:\Program Files\SweetIM
Ordner Gefunden : C:\ProgramData\Trymedia

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Bigpoint_Games_DE
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0E3DBC69-A682-48DA-84E1-82C63A5D678E}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0E3DBC69-A682-48DA-84E1-82C63A5D678E}
Schlüssel Gefunden : HKCU\Software\SweetIm
Schlüssel Gefunden : HKLM\Software\Bigpoint_Games_DE
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{69E0089F-28BC-4BB5-862B-E2B07C3B83C6}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\TR.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{05AF3849-AE45-4608-8349-258AA9B1E421}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{0E3DBC69-A682-48DA-84E1-82C63A5D678E}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{602D9049-B4AC-4A25-BF75-A9B54D747CBA}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Conduit.Engine
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{862DEF42-89AA-49FA-AE1F-8A84B1B08A17}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT2438727
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT2843456
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TR.TRFactory
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TR.TRFactory.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gefunden : HKLM\Software\Conduit
Schlüssel Gefunden : HKLM\Software\GamesBarSetup
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1B5011B6-A6BB-4F4B-AA46-C387DC3EF613}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F51E51FC-F214-465E-AAFA-F2F59D609A2E}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E3DBC69-A682-48DA-84E1-82C63A5D678E}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{05AF3849-AE45-4608-8349-258AA9B1E421}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Bigpoint_Games_DE Toolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Software
Schlüssel Gefunden : HKLM\Software\SweetIm
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{0E3DBC69-A682-48DA-84E1-82C63A5D678E}]
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{0E3DBC69-A682-48DA-84E1-82C63A5D678E}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{0E3DBC69-A682-48DA-84E1-82C63A5D678E}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{0E3DBC69-A682-48DA-84E1-82C63A5D678E}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v6.0 (de)

*************************

AdwCleaner[R1].txt - [3822 octets] - [03/10/2012 20:24:33]

########## EOF - \AdwCleaner[R1].txt - [3882 octets] ##########

cosinus 03.10.2012 20:33
adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Löschen.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Sx].txt. (x=fortlaufende Nummer)

Joshua1966 04.10.2012 17:00
So, gemacht, nachfolgend der Inhalt der Datei....

Code:
# AdwCleaner v2.003 - Datei am 10/04/2012 um 17:48:54 erstellt
# Aktualisiert am 23/09/2012 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzer : Wolfgang - JOSHUA
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Standart\Desktop\Antivirus\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gelöscht : C:\Program Files\Bigpoint_Games_DE
Ordner Gelöscht : C:\Program Files\Conduit
Ordner Gelöscht : C:\Program Files\SweetIM
Ordner Gelöscht : C:\ProgramData\Trymedia

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Bigpoint_Games_DE
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0E3DBC69-A682-48DA-84E1-82C63A5D678E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0E3DBC69-A682-48DA-84E1-82C63A5D678E}
Schlüssel Gelöscht : HKCU\Software\SweetIm
Schlüssel Gelöscht : HKLM\Software\Bigpoint_Games_DE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{69E0089F-28BC-4BB5-862B-E2B07C3B83C6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\TR.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{05AF3849-AE45-4608-8349-258AA9B1E421}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{0E3DBC69-A682-48DA-84E1-82C63A5D678E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{602D9049-B4AC-4A25-BF75-A9B54D747CBA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Conduit.Engine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{862DEF42-89AA-49FA-AE1F-8A84B1B08A17}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2438727
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2843456
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TR.TRFactory
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TR.TRFactory.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\GamesBarSetup
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1B5011B6-A6BB-4F4B-AA46-C387DC3EF613}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F51E51FC-F214-465E-AAFA-F2F59D609A2E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E3DBC69-A682-48DA-84E1-82C63A5D678E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{05AF3849-AE45-4608-8349-258AA9B1E421}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Bigpoint_Games_DE Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Software
Schlüssel Gelöscht : HKLM\Software\SweetIm
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{0E3DBC69-A682-48DA-84E1-82C63A5D678E}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{0E3DBC69-A682-48DA-84E1-82C63A5D678E}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{0E3DBC69-A682-48DA-84E1-82C63A5D678E}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{0E3DBC69-A682-48DA-84E1-82C63A5D678E}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

Wiederhergestellt : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-21-2220789123-478904379-3072460713-1001\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\\ Mozilla Firefox v6.0 (de)

*************************

AdwCleaner[S1].txt - [4415 octets] - [04/10/2012 17:48:54]
AdwCleaner[R2].txt - [4019 octets] - [04/10/2012 17:48:38]
AdwCleaner[R1].txt - [3949 octets] - [03/10/2012 20:24:33]

########## EOF - \AdwCleaner[S1].txt - [4595 octets] ##########
Situation ist unverändert, kein Zugang zu Antiviren SW und I-Net Explorer hängt sich auf...

cosinus 04.10.2012 19:19
Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log
CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Joshua1966 04.10.2012 21:09
OK, hier das OTL log vor dem custom scan:
Code:
OTL logfile created on: 04.10.2012 21:00:04 - Run 4
OTL by OldTimer - Version 3.2.70.2    Folder = C:\Users\Standart\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,88 Gb Available Physical Memory | 62,67% Memory free
6,20 Gb Paging File | 5,04 Gb Available in Paging File | 81,41% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 99,70 Gb Total Space | 17,92 Gb Free Space | 17,97% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 6,10 Gb Free Space | 60,99% Space Free | Partition Type: NTFS
 
Computer Name: JOSHUA | User Name: Wolfgang | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Standart\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\00a4922fbf869a79c043b665035516b6\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\d239f585ee55f833dbe21e897e1265ac\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b7de318e9fd1ef519ca6c1f3b5dba8e0\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\a6e37a05b8d0cedbc5c3ea266ae3fc31\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\4230ed1c7990e4ee8352baf67a2a85fa\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\31fab24c51c0cfe8b8115f24545f169f\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\b68bee05c7e518172982cc92059c3315\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\608d29d7cc89f3a9a195c91354561915\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\09bd2126bba2ab4f29ed52afde1470d7\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\9abe44a0f82070ead5f1256683a4d25a\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\a6be120e49f895ef6b00e9918402395b\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\c1af4ec9a36f671617a8ecaec00373f4\mscorlib.ni.dll ()
MOD - C:\Users\Standart\AppData\Local\Temp\8aefdf3f-82dc-462e-be91-2ca1c43911cf\CliSecureRT.dll ()
MOD - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (getPlusHelper) -- C:\Program Files\NOS\bin\getPlus_Helper.dll File not found
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (TuneUp.ProgramStatisticsSvc) -- C:\Windows\System32\TUProgSt.exe (TuneUp Software)
SRV - (TuneUp.Defrag) -- C:\Windows\System32\TuneUpDefragService.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (SBRE) -- C:\Windows\system32\drivers\SBREdrv.sys File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (asc6lyzf) --  File not found
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (ssudmdm) -- C:\Windows\System32\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (dg_ssudbus) -- C:\Windows\System32\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys ()
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys ()
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (NETw4v32) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (acehlp10) -- C:\Windows\System32\drivers\acehlp10.sys (Protect Software GmbH)
DRV - (acedrv10) -- C:\Windows\System32\drivers\ACEDRV10.sys (Protect Software GmbH)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (SigmaTel, Inc.)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (e1express) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (bcm4sbxp) -- C:\Windows\System32\drivers\bcm4sbxp.sys (Broadcom Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7DADE
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.de/ig/dell?hl=de&client=dell-row&channel=de&ibd=6070426
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://support.euro.dell.com/suppo [Binary data over 200 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.google.de/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+(R),version=1.6.2.91: C:\Program Files\NOS\bin\np_gp.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.08.25 18:24:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.09.30 12:08:46 | 000,000,000 | ---D | M]
 
[2012.10.02 12:02:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wolfgang.Joshua.000\AppData\Roaming\mozilla\Extensions
[2011.07.12 19:36:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2007.11.18 15:20:48 | 000,000,000 | ---D | M] (AdVantage) -- C:\Program Files\Mozilla Firefox\extensions\{A89AED22-9133-424c-88E7-C8235C5FF302}
[2011.07.10 15:49:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2010.08.18 17:11:20 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011.08.25 18:24:51 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.07.10 15:48:44 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009.10.23 15:01:34 | 000,102,400 | ---- | M] (Zylom) -- C:\Program Files\mozilla firefox\plugins\npzylomgamesplayer.dll
[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\RunOnce: [Report] \AdwCleaner[S1].txt ()
O4 - Startup: C:\Users\Wolfgang.Joshua.000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Password Safe.lnk = C:\Program Files\Password Safe\pwsafe.exe (SourceForge.net)
O8 - Extra context menu item: Web-Suche - C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Unable to open value key)
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} hxxp://game.zylom.com/activex/zylomgamesplayer.cab (Zylom Games Player)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Unable to open value key)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2FF582BE-CF30-47B1-892B-CFCD9A4900A2}: NameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AA6E897D-42F9-4B33-92E7-8FD5DBE9B426}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O27 - HKLM IFEO\apnstub.exe: Debugger - C:\Windows\System32\dllhost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avnotify.exe: Debugger - C:\Windows\System32\dllhost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ipmgui.exe: Debugger - C:\Windows\System32\dllhost.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.10.02 12:09:57 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.10.02 12:05:01 | 000,000,000 | ---D | C] -- C:\Users\Wolfgang.Joshua.000\AppData\Roaming\Avira
[2012.10.02 12:02:14 | 000,000,000 | ---D | C] -- C:\Users\Wolfgang.Joshua.000\AppData\Local\Mozilla
[2012.10.02 12:01:18 | 000,000,000 | ---D | C] -- C:\Users\Wolfgang.Joshua.000\AppData\Local\PasswordSafe
[2012.10.02 11:57:21 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Wolfgang.Joshua.000\Desktop\esetsmartinstaller_enu.exe
[2012.09.29 09:43:24 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_42.dll
[2012.09.29 09:40:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PX Storage Engine
[2012.09.29 09:40:11 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp
[2012.09.22 12:36:28 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.09.22 12:36:27 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.09.22 12:36:26 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012.09.22 12:36:26 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.09.22 12:36:26 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.09.22 12:36:24 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.09.22 12:36:24 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.09.22 12:36:23 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[6 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.10.04 21:00:00 | 000,000,522 | ---- | M] () -- C:\Windows\tasks\1-Klick-Wartung.job
[2012.10.04 21:00:00 | 000,000,428 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{2AACFABE-3B33-4DAF-B213-B138ADF0F46B}.job
[2012.10.04 20:59:00 | 000,000,424 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{8B064243-A5B6-4219-86F7-5D7CF3E2AFC6}.job
[2012.10.04 20:48:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.10.04 20:48:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.10.04 20:05:46 | 000,003,568 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.04 20:05:46 | 000,003,568 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.04 20:05:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.04 20:05:31 | 3217,539,072 | -HS- | M] () -- C:\hiberfil.sys
[2012.10.04 18:43:21 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.10.02 15:42:05 | 000,027,620 | ---- | M] () -- C:\Users\Wolfgang.Joshua.000\AppData\Roaming\nvModes.001
[2012.10.02 13:28:50 | 000,027,620 | ---- | M] () -- C:\Users\Wolfgang.Joshua.000\AppData\Roaming\nvModes.dat
[2012.10.02 11:57:22 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Wolfgang.Joshua.000\Desktop\esetsmartinstaller_enu.exe
[2012.09.29 13:09:34 | 000,371,736 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[6 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.10.02 11:59:00 | 3217,539,072 | -HS- | C] () -- C:\hiberfil.sys
[2012.03.15 18:05:24 | 012,815,642 | ---- | C] () -- C:\Users\Wolfgang.Joshua.000\AppData\Roaming\SMRBackup162.dat
[2011.12.11 16:55:26 | 000,110,080 | ---- | C] () -- C:\Windows\System32\advd.dll
[2011.12.11 16:55:26 | 000,023,040 | ---- | C] () -- C:\Windows\System32\auth.dll
[2011.12.11 16:55:25 | 000,237,568 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2011.11.29 17:38:12 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2011.11.29 17:38:12 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2011.11.29 17:38:12 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2011.11.29 17:38:12 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2011.10.15 13:11:58 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2011.05.28 08:51:39 | 000,027,620 | ---- | C] () -- C:\Users\Wolfgang.Joshua.000\AppData\Roaming\nvModes.001
[2011.05.28 08:46:42 | 000,027,620 | ---- | C] () -- C:\Users\Wolfgang.Joshua.000\AppData\Roaming\nvModes.dat
[2011.05.28 07:42:41 | 000,000,136 | ---- | C] () -- C:\ProgramData\~54057860
[2011.05.28 07:42:37 | 000,000,336 | ---- | C] () -- C:\ProgramData\54057860
[2011.03.13 22:00:49 | 000,000,026 | ---- | C] () -- C:\Windows\NeoSetup.INI
[2010.10.20 18:23:49 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010.10.20 18:21:52 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010.03.28 11:59:57 | 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010.03.28 11:59:57 | 000,000,008 | RHS- | C] () -- C:\ProgramData\CB031D1D89.sys
[2009.12.16 11:23:14 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2009.06.15 19:21:59 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.03.10 23:00:20 | 000,025,182 | ---- | C] () -- C:\Program Files\Manual.htm
[2009.03.10 23:00:20 | 000,017,985 | ---- | C] () -- C:\Program Files\FAQ.htm
[2008.08.11 20:07:06 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2007.06.09 19:10:20 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html
 
========== ZeroAccess Check ==========
 
[2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.10 23:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.10 23:28:26 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:9AB56A06

< End of report >
und nun der custom scan log:

Code:
OTL logfile created on: 04.10.2012 21:47:35 - Run 5
OTL by OldTimer - Version 3.2.70.2    Folder = C:\Users\Standart\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,72 Gb Available Physical Memory | 57,39% Memory free
6,20 Gb Paging File | 5,12 Gb Available in Paging File | 82,57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 99,70 Gb Total Space | 18,04 Gb Free Space | 18,09% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 6,10 Gb Free Space | 60,99% Space Free | Partition Type: NTFS
 
Computer Name: JOSHUA | User Name: Wolfgang | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Standart\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\00a4922fbf869a79c043b665035516b6\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\d239f585ee55f833dbe21e897e1265ac\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b7de318e9fd1ef519ca6c1f3b5dba8e0\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\a6e37a05b8d0cedbc5c3ea266ae3fc31\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\4230ed1c7990e4ee8352baf67a2a85fa\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\31fab24c51c0cfe8b8115f24545f169f\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\b68bee05c7e518172982cc92059c3315\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\608d29d7cc89f3a9a195c91354561915\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\09bd2126bba2ab4f29ed52afde1470d7\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\9abe44a0f82070ead5f1256683a4d25a\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\a6be120e49f895ef6b00e9918402395b\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\c1af4ec9a36f671617a8ecaec00373f4\mscorlib.ni.dll ()
MOD - C:\Users\Standart\AppData\Local\Temp\8aefdf3f-82dc-462e-be91-2ca1c43911cf\CliSecureRT.dll ()
MOD - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (getPlusHelper) -- C:\Program Files\NOS\bin\getPlus_Helper.dll File not found
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (TuneUp.ProgramStatisticsSvc) -- C:\Windows\System32\TUProgSt.exe (TuneUp Software)
SRV - (TuneUp.Defrag) -- C:\Windows\System32\TuneUpDefragService.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (SBRE) -- C:\Windows\system32\drivers\SBREdrv.sys File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (asc6lyzf) --  File not found
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (ssudmdm) -- C:\Windows\System32\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (dg_ssudbus) -- C:\Windows\System32\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys ()
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys ()
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (NETw4v32) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (acehlp10) -- C:\Windows\System32\drivers\acehlp10.sys (Protect Software GmbH)
DRV - (acedrv10) -- C:\Windows\System32\drivers\ACEDRV10.sys (Protect Software GmbH)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (SigmaTel, Inc.)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (e1express) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (bcm4sbxp) -- C:\Windows\System32\drivers\bcm4sbxp.sys (Broadcom Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7DADE
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-2220789123-478904379-3072460713-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.de/ig/dell?hl=de&client=dell-row&channel=de&ibd=6070426
IE - HKU\S-1-5-21-2220789123-478904379-3072460713-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://support.euro.dell.com/suppo [Binary data over 200 bytes]
IE - HKU\S-1-5-21-2220789123-478904379-3072460713-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.google.de/ [binary data]
IE - HKU\S-1-5-21-2220789123-478904379-3072460713-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-2220789123-478904379-3072460713-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2220789123-478904379-3072460713-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-2220789123-478904379-3072460713-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.google.de/ [binary data]
IE - HKU\S-1-5-21-2220789123-478904379-3072460713-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-2220789123-478904379-3072460713-1001\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2220789123-478904379-3072460713-1001\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-2220789123-478904379-3072460713-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2220789123-478904379-3072460713-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7DADE
IE - HKU\S-1-5-21-2220789123-478904379-3072460713-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+(R),version=1.6.2.91: C:\Program Files\NOS\bin\np_gp.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.08.25 18:24:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.09.30 12:08:46 | 000,000,000 | ---D | M]
 
[2012.10.02 12:02:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wolfgang.Joshua.000\AppData\Roaming\mozilla\Extensions
[2011.07.12 19:36:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2007.11.18 15:20:48 | 000,000,000 | ---D | M] (AdVantage) -- C:\Program Files\Mozilla Firefox\extensions\{A89AED22-9133-424c-88E7-C8235C5FF302}
[2011.07.10 15:49:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2010.08.18 17:11:20 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011.08.25 18:24:51 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.07.10 15:48:44 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009.10.23 15:01:34 | 000,102,400 | ---- | M] (Zylom) -- C:\Program Files\mozilla firefox\plugins\npzylomgamesplayer.dll
[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-2220789123-478904379-3072460713-1001\..\Toolbar\WebBrowser: (no name) - {0E3DBC69-A682-48DA-84E1-82C63A5D678E} - No CLSID value found.
O3 - HKU\S-1-5-21-2220789123-478904379-3072460713-1001\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-2220789123-478904379-3072460713-1001\..\Toolbar\WebBrowser: (no name) - {266FCDCA-7BB3-4DA7-B3BF-F845DEA2EBD6} - No CLSID value found.
O3 - HKU\S-1-5-21-2220789123-478904379-3072460713-1001\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKU\S-1-5-21-2220789123-478904379-3072460713-1001\..\Toolbar\WebBrowser: (no name) - {7B13EC3E-999A-4B70-B9CB-2617B8323822} - No CLSID value found.
O3 - HKU\S-1-5-21-2220789123-478904379-3072460713-1001\..\Toolbar\WebBrowser: (no name) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2220789123-478904379-3072460713-1001..\Run: [Atsyt] C:\Users\Standart\AppData\Roaming\Vouvr\casys.exe ()
O4 - HKU\S-1-5-21-2220789123-478904379-3072460713-1001..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup File not found
O4 - HKU\S-1-5-21-2220789123-478904379-3072460713-1001..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKU\S-1-5-21-2220789123-478904379-3072460713-1001..\Run: [PhonostarAgent] C:\Program Files\phonostar\ps_agent.exe File not found
O4 - HKU\S-1-5-21-2220789123-478904379-3072460713-1001..\Run: [rQcDdQaEEBwu] C:\ProgramData\rQcDdQaEEBwu.exe File not found
O4 - HKU\S-1-5-21-2220789123-478904379-3072460713-1001..\Run: [Spotify] "C:\Users\Standart\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart File not found
O4 - HKU\S-1-5-21-2220789123-478904379-3072460713-1001..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 File not found
O4 - HKU\S-1-5-21-2220789123-478904379-3072460713-1000..\RunOnce: [Report] \AdwCleaner[S1].txt ()
O4 - Startup: C:\Users\Wolfgang.Joshua.000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Password Safe.lnk = C:\Program Files\Password Safe\pwsafe.exe (SourceForge.net)
O8 - Extra context menu item: Web-Suche - C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Unable to open value key)
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} hxxp://game.zylom.com/activex/zylomgamesplayer.cab (Zylom Games Player)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Unable to open value key)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2FF582BE-CF30-47B1-892B-CFCD9A4900A2}: NameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AA6E897D-42F9-4B33-92E7-8FD5DBE9B426}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O27 - HKLM IFEO\apnstub.exe: Debugger - C:\Windows\System32\dllhost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avnotify.exe: Debugger - C:\Windows\System32\dllhost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ipmgui.exe: Debugger - C:\Windows\System32\dllhost.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software)
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe - (Avanquest Software )
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Printkey2000.lnk - C:\Program Files\PrintKey2000\Printkey2000.exe - (Fred's Software)
MsConfig - StartUpFolder: C:^Users^Wolfgang^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^BUFFALO NAS Navigator.lnk - C:\Program Files\BUFFALO\NASNAVI\NasNavi.exe - (BUFFALO INC.)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: AnyDVD - hkey= - key= -  File not found
MsConfig - StartUpReg: DAEMON Tools - hkey= - key= - C:\Program Files\DAEMON Tools\daemon.exe (DT Soft Ltd.)
MsConfig - StartUpReg: Google Desktop Search - hkey= - key= -  File not found
MsConfig - StartUpReg: KiesHelper - hkey= - key= - C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung)
MsConfig - StartUpReg: KiesTrayAgent - hkey= - key= - C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
MsConfig - StartUpReg: NokiaMServer - hkey= - key= -  File not found
MsConfig - StartUpReg: NokiaMusic FastStart - hkey= - key= -  File not found
MsConfig - StartUpReg: NokiaOviSuite2 - hkey= - key= -  File not found
MsConfig - StartUpReg: PC Suite Tray - hkey= - key= -  File not found
MsConfig - StartUpReg: RoxWatchTray - hkey= - key= - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
MsConfig - StartUpReg: Skype - hkey= - key= - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 2
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {1897C549-AE52-4571-8996-44854F5612B2} - Microsoft .NET Framework 1.1 Security Update (KB2656370)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.4
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.4
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.XVID - C:\Windows\System32\xvidvfw.dll ()
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.10.02 12:09:57 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.10.02 12:05:01 | 000,000,000 | ---D | C] -- C:\Users\Wolfgang.Joshua.000\AppData\Roaming\Avira
[2012.10.02 12:02:14 | 000,000,000 | ---D | C] -- C:\Users\Wolfgang.Joshua.000\AppData\Local\Mozilla
[2012.10.02 12:01:18 | 000,000,000 | ---D | C] -- C:\Users\Wolfgang.Joshua.000\AppData\Local\PasswordSafe
[2012.10.02 11:57:21 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Wolfgang.Joshua.000\Desktop\esetsmartinstaller_enu.exe
[2012.09.29 09:40:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PX Storage Engine
[2012.09.29 09:40:11 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp
[6 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.10.04 21:50:00 | 000,000,428 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{2AACFABE-3B33-4DAF-B213-B138ADF0F46B}.job
[2012.10.04 21:49:00 | 000,000,424 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{8B064243-A5B6-4219-86F7-5D7CF3E2AFC6}.job
[2012.10.04 21:48:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.10.04 21:00:00 | 000,000,522 | ---- | M] () -- C:\Windows\tasks\1-Klick-Wartung.job
[2012.10.04 20:48:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.10.04 20:05:46 | 000,003,568 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.04 20:05:46 | 000,003,568 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.04 20:05:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.04 20:05:31 | 3217,539,072 | -HS- | M] () -- C:\hiberfil.sys
[2012.10.04 18:43:21 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.10.02 15:42:05 | 000,027,620 | ---- | M] () -- C:\Users\Wolfgang.Joshua.000\AppData\Roaming\nvModes.001
[2012.10.02 13:28:50 | 000,027,620 | ---- | M] () -- C:\Users\Wolfgang.Joshua.000\AppData\Roaming\nvModes.dat
[2012.10.02 11:57:22 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Wolfgang.Joshua.000\Desktop\esetsmartinstaller_enu.exe
[2012.09.29 13:09:34 | 000,371,736 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[6 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.10.02 11:59:00 | 3217,539,072 | -HS- | C] () -- C:\hiberfil.sys
[2012.03.15 18:05:24 | 012,815,642 | ---- | C] () -- C:\Users\Wolfgang.Joshua.000\AppData\Roaming\SMRBackup162.dat
[2011.12.11 16:55:26 | 000,110,080 | ---- | C] () -- C:\Windows\System32\advd.dll
[2011.12.11 16:55:26 | 000,023,040 | ---- | C] () -- C:\Windows\System32\auth.dll
[2011.12.11 16:55:25 | 000,237,568 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2011.11.29 17:38:12 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2011.11.29 17:38:12 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2011.11.29 17:38:12 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2011.11.29 17:38:12 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2011.10.15 13:11:58 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2011.05.28 08:51:39 | 000,027,620 | ---- | C] () -- C:\Users\Wolfgang.Joshua.000\AppData\Roaming\nvModes.001
[2011.05.28 08:46:42 | 000,027,620 | ---- | C] () -- C:\Users\Wolfgang.Joshua.000\AppData\Roaming\nvModes.dat
[2011.05.28 07:42:41 | 000,000,136 | ---- | C] () -- C:\ProgramData\~54057860
[2011.05.28 07:42:37 | 000,000,336 | ---- | C] () -- C:\ProgramData\54057860
[2011.03.13 22:00:49 | 000,000,026 | ---- | C] () -- C:\Windows\NeoSetup.INI
[2010.10.20 18:23:49 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010.10.20 18:21:52 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010.03.28 11:59:57 | 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010.03.28 11:59:57 | 000,000,008 | RHS- | C] () -- C:\ProgramData\CB031D1D89.sys
[2009.12.16 11:23:14 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2009.06.15 19:21:59 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.03.10 23:00:20 | 000,025,182 | ---- | C] () -- C:\Program Files\Manual.htm
[2009.03.10 23:00:20 | 000,017,985 | ---- | C] () -- C:\Program Files\FAQ.htm
[2008.08.11 20:07:06 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2007.06.09 19:10:20 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html
 
========== ZeroAccess Check ==========
 
[2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.10 23:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.10 23:28:26 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2010.10.11 22:15:22 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.10.11 22:15:22 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.12.20 20:02:28 | 000,000,000 | ---D | M] -- C:\Users\Standart\AppData\Roaming\Agnitum
[2008.10.09 21:11:00 | 000,000,000 | ---D | M] -- C:\Users\Standart\AppData\Roaming\AmuletAdventure
[2008.12.26 15:35:56 | 000,000,000 | ---D | M] -- C:\Users\Standart\AppData\Roaming\Ashampoo
[2008.07.25 18:13:47 | 000,000,000 | ---D | M] -- C:\Users\Standart\AppData\Roaming\cerasus.media
[2011.12.12 18:48:00 | 000,000,000 | ---D | M] -- C:\Users\Standart\AppData\Roaming\concept design
[2011.03.19 15:55:56 | 000,000,000 | ---D | M] -- C:\Users\Standart\AppData\Roaming\EasySuite
[2011.12.12 18:48:00 | 000,000,000 | ---D | M] -- C:\Users\Standart\AppData\Roaming\Franzis
[2011.01.24 22:33:11 | 000,000,000 | ---D | M] -- C:\Users\Standart\AppData\Roaming\Meridian93
[2009.01.08 19:51:11 | 000,000,000 | ---D | M] -- C:\Users\Standart\AppData\Roaming\MyPhoneExplorer
[2012.09.29 16:45:33 | 000,000,000 | ---D | M] -- C:\Users\Standart\AppData\Roaming\Niomd
[2010.03.25 08:32:01 | 000,000,000 | ---D | M] -- C:\Users\Standart\AppData\Roaming\Nokia
[2010.03.13 12:52:43 | 000,000,000 | ---D | M] -- C:\Users\Standart\AppData\Roaming\Nokia Ovi Suite
[2011.12.25 21:12:36 | 000,000,000 | ---D | M] -- C:\Users\Standart\AppData\Roaming\Nokia Suite
[2011.07.23 20:48:17 | 000,000,000 | ---D | M] -- C:\Users\Standart\AppData\Roaming\PC Suite
[2008.05.04 17:02:19 | 000,000,000 | ---D | M] -- C:\Users\Standart\AppData\Roaming\PeerNetworking
[2011.12.31 13:52:21 | 000,000,000 | ---D | M] -- C:\Users\Standart\AppData\Roaming\PersBackup5
[2012.09.29 10:09:19 | 000,000,000 | ---D | M] -- C:\Users\Standart\AppData\Roaming\phonostar GmbH
[2007.08.15 17:36:14 | 000,000,000 | ---D | M] -- C:\Users\Standart\AppData\Roaming\phonostar-Player
[2007.12.02 20:11:26 | 000,000,000 | ---D | M] -- C:\Users\Standart\AppData\Roaming\pokerth
[2007.09.09 08:04:14 | 000,000,000 | ---D | M] -- C:\Users\Standart\AppData\Roaming\Qlikworld
[2012.02.28 21:28:33 | 000,000,000 | ---D | M] -- C:\Users\Standart\AppData\Roaming\RavensburgerTipToi
[2012.10.04 21:02:29 | 000,000,000 | ---D | M] -- C:\Users\Standart\AppData\Roaming\Refi
[2009.04.04 13:23:06 | 000,000,000 | ---D | M] -- C:\Users\Standart\AppData\Roaming\RobinsonCrusoeBFGDE
[2011.12.26 11:33:03 | 000,000,000 | ---D | M] -- C:\Users\Standart\AppData\Roaming\Samsung
[2009.12.11 10:34:46 | 000,000,000 | ---D | M] -- C:\Users\Standart\AppData\Roaming\ScreenSeven
[2009.12.15 08:29:00 | 000,000,000 | ---D | M] -- C:\Users\Standart\AppData\Roaming\SpeedProject
[2012.09.29 09:47:38 | 000,000,000 | ---D | M] -- C:\Users\Standart\AppData\Roaming\streamripper
[2008.08.08 20:18:19 | 000,000,000 | ---D | M] -- C:\Users\Standart\AppData\Roaming\Teleca
[2011.12.26 14:36:00 | 000,000,000 | ---D | M] -- C:\Users\Standart\AppData\Roaming\temp
[2008.07.15 10:53:03 | 000,000,000 | ---D | M] -- C:\Users\Standart\AppData\Roaming\Template
[2010.03.31 16:37:23 | 000,000,000 | ---D | M] -- C:\Users\Standart\AppData\Roaming\Total Eclipse
[2011.12.03 15:41:20 | 000,000,000 | ---D | M] -- C:\Users\Standart\AppData\Roaming\TuneUp Software
[2012.09.29 16:45:33 | 000,000,000 | ---D | M] -- C:\Users\Standart\AppData\Roaming\Vouvr
[2009.12.21 10:29:12 | 000,000,000 | ---D | M] -- C:\Users\Standart\AppData\Roaming\Vso
[2010.10.11 22:15:22 | 000,000,000 | ---D | M] -- C:\Users\TEMP.Joshua\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.03.18 20:46:49 | 000,000,000 | ---D | M] -- C:\Users\Wolfgang\AppData\Roaming\Nokia
[2010.08.18 16:44:11 | 000,000,000 | ---D | M] -- C:\Users\Wolfgang\AppData\Roaming\PC Suite
[2007.12.20 18:50:01 | 000,000,000 | ---D | M] -- C:\Users\Wolfgang\AppData\Roaming\phonostar-Player
[2008.08.11 20:18:37 | 000,000,000 | ---D | M] -- C:\Users\Wolfgang\AppData\Roaming\Samsung
[2009.12.10 20:48:42 | 000,000,000 | ---D | M] -- C:\Users\Wolfgang\AppData\Roaming\ScreenSeven
[2009.12.15 08:29:54 | 000,000,000 | ---D | M] -- C:\Users\Wolfgang\AppData\Roaming\SpeedProject
[2009.12.06 12:09:35 | 000,000,000 | ---D | M] -- C:\Users\Wolfgang\AppData\Roaming\TuneUp Software
[2010.03.28 11:39:08 | 000,000,000 | ---D | M] -- C:\Users\Wolfgang\AppData\Roaming\Vso
[2010.10.11 22:15:22 | 000,000,000 | ---D | M] -- C:\Users\Wolfgang.Joshua\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.01.24 22:33:14 | 000,000,000 | ---D | M] -- C:\Users\Wolfgang.Joshua\AppData\Roaming\Meridian93
[2010.10.15 09:54:07 | 000,000,000 | ---D | M] -- C:\Users\Wolfgang.Joshua\AppData\Roaming\PC Suite
[2010.10.19 17:32:24 | 000,000,000 | ---D | M] -- C:\Users\Wolfgang.Joshua\AppData\Roaming\SpeedProject
[2010.10.15 09:46:58 | 000,000,000 | ---D | M] -- C:\Users\Wolfgang.Joshua\AppData\Roaming\TuneUp Software
[2012.09.29 09:35:44 | 000,000,000 | ---D | M] -- C:\Users\Wolfgang.Joshua.000\AppData\Roaming\concept design
[2010.10.11 22:15:22 | 000,000,000 | ---D | M] -- C:\Users\Wolfgang.Joshua.000\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.12.11 16:56:10 | 000,000,000 | ---D | M] -- C:\Users\Wolfgang.Joshua.000\AppData\Roaming\Franzis
[2011.12.25 22:44:25 | 000,000,000 | ---D | M] -- C:\Users\Wolfgang.Joshua.000\AppData\Roaming\Nokia
[2012.06.14 16:00:47 | 000,000,000 | ---D | M] -- C:\Users\Wolfgang.Joshua.000\AppData\Roaming\Runscanner.net
[2012.06.21 17:32:11 | 000,000,000 | ---D | M] -- C:\Users\Wolfgang.Joshua.000\AppData\Roaming\SpeedProject
[2011.04.15 19:13:05 | 000,000,000 | ---D | M] -- C:\Users\Wolfgang.Joshua.000\AppData\Roaming\TuneUp Software
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
[2011.12.20 23:37:12 | 000,000,000 | ---D | M] -- C:\ProgramData\Application Data\Agnitum
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.12.11 17:04:08 | 000,000,000 | ---D | M] -- C:\Users\Wolfgang.Joshua.000\AppData\Roaming\Adobe
[2012.10.02 12:05:01 | 000,000,000 | ---D | M] -- C:\Users\Wolfgang.Joshua.000\AppData\Roaming\Avira
[2012.09.29 09:35:44 | 000,000,000 | ---D | M] -- C:\Users\Wolfgang.Joshua.000\AppData\Roaming\concept design
[2010.10.11 22:15:22 | 000,000,000 | ---D | M] -- C:\Users\Wolfgang.Joshua.000\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.12.11 16:56:10 | 000,000,000 | ---D | M] -- C:\Users\Wolfgang.Joshua.000\AppData\Roaming\Franzis
[2011.04.15 19:13:34 | 000,000,000 | ---D | M] -- C:\Users\Wolfgang.Joshua.000\AppData\Roaming\Identities
[2009.06.12 10:06:13 | 000,000,000 | ---D | M] -- C:\Users\Wolfgang.Joshua.000\AppData\Roaming\Macromedia
[2012.04.20 20:08:15 | 000,000,000 | ---D | M] -- C:\Users\Wolfgang.Joshua.000\AppData\Roaming\Malwarebytes
[2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\Wolfgang.Joshua.000\AppData\Roaming\Media Center Programs
[2011.07.10 15:49:15 | 000,000,000 | --SD | M] -- C:\Users\Wolfgang.Joshua.000\AppData\Roaming\Microsoft
[2012.10.02 12:02:22 | 000,000,000 | ---D | M] -- C:\Users\Wolfgang.Joshua.000\AppData\Roaming\Mozilla
[2011.12.25 22:44:25 | 000,000,000 | ---D | M] -- C:\Users\Wolfgang.Joshua.000\AppData\Roaming\Nokia
[2012.06.14 16:00:47 | 000,000,000 | ---D | M] -- C:\Users\Wolfgang.Joshua.000\AppData\Roaming\Runscanner.net
[2012.06.21 17:32:11 | 000,000,000 | ---D | M] -- C:\Users\Wolfgang.Joshua.000\AppData\Roaming\SpeedProject
[2011.04.15 19:13:05 | 000,000,000 | ---D | M] -- C:\Users\Wolfgang.Joshua.000\AppData\Roaming\TuneUp Software
 
< %APPDATA%\*.exe /s >
[2012.06.14 15:49:09 | 000,157,184 | ---- | M] () -- C:\Users\Wolfgang.Joshua.000\AppData\Roaming\Runscanner.net\VirusTotalUpload.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2008.01.19 00:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.19 00:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.19 00:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.19 00:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2007.04.26 22:29:07 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=8B10CE1C1F9F1D47E4DEB1A547A00CD4 -- C:\Windows\System32\drivers\AGP440.sys
[2007.04.26 22:29:07 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=8B10CE1C1F9F1D47E4DEB1A547A00CD4 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_8ed06b47\AGP440.sys
[2007.04.26 22:29:07 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=8B10CE1C1F9F1D47E4DEB1A547A00CD4 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.16400_none_b82caac9c18a4e3b\AGP440.sys
[2007.04.26 22:29:07 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=BF34B4A0E0B64440C5389AA6B902F4AD -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.20496_none_b85af81edaeb8461\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.04.10 23:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.10 23:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.10 23:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.19 00:41:32 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.19 00:41:32 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2007.04.26 22:29:49 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=5653737BAD8C6C10136451C195C19881 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20485_none_db8a029f3dbd443b\atapi.sys
[2007.04.26 22:29:40 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=9E7E85EC61D1C9C3171CC08427108863 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_5a9555b4\atapi.sys
[2007.04.26 22:29:40 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=9E7E85EC61D1C9C3171CC08427108863 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20509_none_dbe4850d3d78c736\atapi.sys
[2007.04.26 22:29:49 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=A779CA2C76DA4FCB595E692C05E8E4EB -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_82339ef2\atapi.sys
[2007.04.26 22:29:49 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=A779CA2C76DA4FCB595E692C05E8E4EB -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16391_none_daf194c024ab5b06\atapi.sys
[2008.03.21 14:13:37 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008.03.21 14:13:37 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008.03.21 14:13:37 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_64dfd8ea\atapi.sys
[2008.03.21 14:13:37 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2008.01.19 00:42:52 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.19 00:42:52 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009.04.10 23:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.10 23:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.19 00:35:38 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.19 00:42:10 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.19 00:42:10 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.19 00:36:20 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009.04.10 23:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.10 23:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2007.05.02 17:19:05 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll
[2007.05.02 17:19:05 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll
[2008.01.19 00:36:48 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2006.11.02 11:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll
[2009.04.10 23:28:26 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2009.04.10 23:28:26 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.19 00:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.19 00:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.19 00:33:38 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.19 00:33:38 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2006.11.02 11:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.09.07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.04.10 23:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.10 23:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008.01.19 00:33:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2006.11.02 10:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys
[2008.01.18 22:56:50 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.18 22:56:50 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2007.11.18 15:16:08 | 000,685,816 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\drivers\sptd.sys
 
< %systemroot%\System32\config\*.sav >
[2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006.11.02 12:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[6 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
 
<          >
[2006.11.02 15:01:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2006.11.02 15:01:49 | 000,032,632 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2007.05.02 18:18:03 | 000,000,424 | -H-- | C] () -- C:\Windows\Tasks\User_Feed_Synchronization-{8B064243-A5B6-4219-86F7-5D7CF3E2AFC6}.job
[2009.07.01 17:08:10 | 000,001,094 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2009.07.01 17:08:11 | 000,001,098 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2009.12.06 12:11:08 | 000,000,522 | ---- | C] () -- C:\Windows\Tasks\1-Klick-Wartung.job
[2010.10.15 09:49:44 | 000,000,428 | -H-- | C] () -- C:\Windows\Tasks\User_Feed_Synchronization-{2AACFABE-3B33-4DAF-B213-B138ADF0F46B}.job
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:9AB56A06

< End of report >

cosinus 05.10.2012 12:24
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
DRV - (asc6lyzf) --  File not found
[2010.08.18 17:11:20 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
O3 - HKU\S-1-5-21-2220789123-478904379-3072460713-1001\..\Toolbar\WebBrowser: (no name) - {0E3DBC69-A682-48DA-84E1-82C63A5D678E} - No CLSID value found.
O3 - HKU\S-1-5-21-2220789123-478904379-3072460713-1001\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-2220789123-478904379-3072460713-1001\..\Toolbar\WebBrowser: (no name) - {266FCDCA-7BB3-4DA7-B3BF-F845DEA2EBD6} - No CLSID value found.
O3 - HKU\S-1-5-21-2220789123-478904379-3072460713-1001\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKU\S-1-5-21-2220789123-478904379-3072460713-1001\..\Toolbar\WebBrowser: (no name) - {7B13EC3E-999A-4B70-B9CB-2617B8323822} - No CLSID value found.
O3 - HKU\S-1-5-21-2220789123-478904379-3072460713-1001\..\Toolbar\WebBrowser: (no name) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - No CLSID value found.
O4 - HKU\S-1-5-21-2220789123-478904379-3072460713-1001..\Run: [Atsyt] C:\Users\Standart\AppData\Roaming\Vouvr\casys.exe ()
O4 - HKU\S-1-5-21-2220789123-478904379-3072460713-1001..\Run: [rQcDdQaEEBwu] C:\ProgramData\rQcDdQaEEBwu.exe File not found
O4 - HKU\S-1-5-21-2220789123-478904379-3072460713-1001..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup File not found
O4 - HKU\S-1-5-21-2220789123-478904379-3072460713-1001..\Run: [PhonostarAgent] C:\Program Files\phonostar\ps_agent.exe File not found
O8 - Extra context menu item: Web-Suche - C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found
O4 - HKU\S-1-5-21-2220789123-478904379-3072460713-1001..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 File not found
O27 - HKLM IFEO\apnstub.exe: Debugger - C:\Windows\System32\dllhost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avnotify.exe: Debugger - C:\Windows\System32\dllhost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ipmgui.exe: Debugger - C:\Windows\System32\dllhost.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:9AB56A06
:Files
C:\Users\Standart\AppData\Roaming\Mozilla\Firefox\Profiles\i09ap2f7.default\user.js
C:\Program Files\Adobe\Acrobat 7.0
C:\Users\Standart\AppData\Roaming\Vouvr
C:\ProgramData\~54057860
C:\ProgramData\54057860
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Joshua1966 05.10.2012 16:54
Alles wie beschrieben durchgeführt, Rechner hat sich neu gestartet. Das logfile hab ich in dem _OTL Verzeichnis gefunden:
Code:
All processes killed
========== OTL ==========
Error: No service named asc6lyzf was found to stop!
Service\Driver key asc6lyzf not found.
File  File not found not found.
C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\defaults\preferences folder moved successfully.
C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\defaults folder moved successfully.
C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\chrome folder moved successfully.
Folder move failed. C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION scheduled to be moved on reboot.
Registry value HKEY_USERS\S-1-5-21-2220789123-478904379-3072460713-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0E3DBC69-A682-48DA-84E1-82C63A5D678E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0E3DBC69-A682-48DA-84E1-82C63A5D678E}\ not found.
Registry value HKEY_USERS\S-1-5-21-2220789123-478904379-3072460713-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\S-1-5-21-2220789123-478904379-3072460713-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{266FCDCA-7BB3-4DA7-B3BF-F845DEA2EBD6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{266FCDCA-7BB3-4DA7-B3BF-F845DEA2EBD6}\ not found.
Registry value HKEY_USERS\S-1-5-21-2220789123-478904379-3072460713-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
Registry value HKEY_USERS\S-1-5-21-2220789123-478904379-3072460713-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7B13EC3E-999A-4B70-B9CB-2617B8323822} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7B13EC3E-999A-4B70-B9CB-2617B8323822}\ not found.
Registry value HKEY_USERS\S-1-5-21-2220789123-478904379-3072460713-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}\ not found.
Registry value HKEY_USERS\S-1-5-21-2220789123-478904379-3072460713-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Atsyt deleted successfully.
C:\Users\Standart\AppData\Roaming\Vouvr\casys.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-2220789123-478904379-3072460713-1001\Software\Microsoft\Windows\CurrentVersion\Run\\rQcDdQaEEBwu deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2220789123-478904379-3072460713-1001\Software\Microsoft\Windows\CurrentVersion\Run\\DellSupport deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2220789123-478904379-3072460713-1001\Software\Microsoft\Windows\CurrentVersion\Run\\PhonostarAgent deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Web-Suche\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2220789123-478904379-3072460713-1001\Software\Microsoft\Windows\CurrentVersion\Run\\updateMgr deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\apnstub.exe\ deleted successfully.
File move failed. C:\Windows\System32\dllhost.exe scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avnotify.exe\ deleted successfully.
File move failed. C:\Windows\System32\dllhost.exe scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ipmgui.exe\ deleted successfully.
File move failed. C:\Windows\System32\dllhost.exe scheduled to be moved on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
ADS C:\ProgramData\TEMP:9AB56A06 deleted successfully.
========== FILES ==========
C:\Users\Standart\AppData\Roaming\Mozilla\Firefox\Profiles\i09ap2f7.default\user.js moved successfully.
File\Folder C:\Program Files\Adobe\Acrobat 7.0 not found.
C:\Users\Standart\AppData\Roaming\Vouvr folder moved successfully.
C:\ProgramData\~54057860 moved successfully.
C:\ProgramData\54057860 moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Standart\Desktop\cmd.bat deleted successfully.
C:\Users\Standart\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 17811050 bytes
->Flash cache emptied: 41 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
User: Standart
->Temp folder emptied: 44975390 bytes
->Temporary Internet Files folder emptied: 498533834 bytes
->Java cache emptied: 16550854 bytes
->FireFox cache emptied: 58989447 bytes
->Google Chrome cache emptied: 18081131 bytes
->Flash cache emptied: 50013754 bytes
 
User: TEMP
->Temp folder emptied: 2165 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 41 bytes
 
User: TEMP.Joshua
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 114094 bytes
->Flash cache emptied: 41 bytes
 
User: Wolfgang
->Temp folder emptied: 10834383 bytes
->Temporary Internet Files folder emptied: 148891527 bytes
->Java cache emptied: 7580031 bytes
->FireFox cache emptied: 34287996 bytes
->Flash cache emptied: 22609 bytes
 
User: Wolfgang.Joshua
->Temp folder emptied: 80490015 bytes
->Temporary Internet Files folder emptied: 13388047 bytes
->FireFox cache emptied: 78566032 bytes
->Flash cache emptied: 1431 bytes
 
User: Wolfgang.Joshua.000
->Temp folder emptied: 81153156 bytes
->Temporary Internet Files folder emptied: 275758050 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 55560840 bytes
->Flash cache emptied: 497 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 4694016 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 929087584 bytes
RecycleBin emptied: 102145560 bytes
 
Total Files Cleaned = 2.410,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.70.2 log created on 10052012_173840
1.Fortschritte, ich kann wieder auf Antivirenseiten zugreifen, wie zum Beispiel Malwarebyte. Aber, der I-Explorer hängt sich immer noch auf. Ich komme an die Seite, aber kann dann nichts mehr weiter anklicken, er friert quasi ein.

Vielen Dank mal zwischendurch !!!

Gruß

Wolfgang

cosinus 05.10.2012 18:22
Das war ja auch erst der 1. Streich :blabla:

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtg4nzy0ywy5/settings_2012-09-04.png

Joshua1966 05.10.2012 22:01
Hier das Log vom TDSS:
Code:
22:57:09.0024 2916  TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
22:57:09.0225 2916  ============================================================
22:57:09.0225 2916  Current date / time: 2012/10/05 22:57:09.0225
22:57:09.0225 2916  SystemInfo:
22:57:09.0225 2916 
22:57:09.0226 2916  OS Version: 6.0.6002 ServicePack: 2.0
22:57:09.0226 2916  Product type: Workstation
22:57:09.0226 2916  ComputerName: JOSHUA
22:57:09.0226 2916  UserName: Wolfgang
22:57:09.0226 2916  Windows directory: C:\Windows
22:57:09.0226 2916  System windows directory: C:\Windows
22:57:09.0226 2916  Processor architecture: Intel x86
22:57:09.0226 2916  Number of processors: 2
22:57:09.0226 2916  Page size: 0x1000
22:57:09.0226 2916  Boot type: Normal boot
22:57:09.0226 2916  ============================================================
22:57:10.0503 2916  Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
22:57:10.0506 2916  ============================================================
22:57:10.0506 2916  \Device\Harddisk0\DR0:
22:57:10.0506 2916  MBR partitions:
22:57:10.0506 2916  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2B800, BlocksNum 0x1400000
22:57:10.0506 2916  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x142B800, BlocksNum 0xC768800
22:57:10.0539 2916  ============================================================
22:57:10.0597 2916  C: <-> \Device\Harddisk0\DR0\Partition2
22:57:10.0639 2916  D: <-> \Device\Harddisk0\DR0\Partition1
22:57:10.0640 2916  ============================================================
22:57:10.0640 2916  Initialize success
22:57:10.0640 2916  ============================================================
22:57:36.0701 2428  ============================================================
22:57:36.0701 2428  Scan started
22:57:36.0701 2428  Mode: Manual; SigCheck; TDLFS;
22:57:36.0701 2428  ============================================================
22:57:37.0381 2428  ================ Scan system memory ========================
22:57:37.0381 2428  System memory - ok
22:57:37.0381 2428  ================ Scan services =============================
22:57:37.0795 2428  [ 553BA53445795CBC0D4F9FA37EB855A6 ] acedrv10        C:\Windows\system32\drivers\acedrv10.sys
22:57:37.0977 2428  acedrv10 - ok
22:57:38.0002 2428  [ 8CE00B6A46962A1808B19CD1DAE5170C ] acehlp10        C:\Windows\system32\drivers\acehlp10.sys
22:57:38.0020 2428  acehlp10 - ok
22:57:38.0067 2428  [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI            C:\Windows\system32\drivers\acpi.sys
22:57:38.0090 2428  ACPI - ok
22:57:38.0139 2428  [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB ] adp94xx        C:\Windows\system32\drivers\adp94xx.sys
22:57:38.0168 2428  adp94xx - ok
22:57:38.0198 2428  [ B84088CA3CDCA97DA44A984C6CE1CCAD ] adpahci        C:\Windows\system32\drivers\adpahci.sys
22:57:38.0219 2428  adpahci - ok
22:57:38.0247 2428  [ 7880C67BCCC27C86FD05AA2AFB5EA469 ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
22:57:38.0262 2428  adpu160m - ok
22:57:38.0277 2428  [ 9AE713F8E30EFC2ABCCD84904333DF4D ] adpu320        C:\Windows\system32\drivers\adpu320.sys
22:57:38.0293 2428  adpu320 - ok
22:57:38.0344 2428  [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc    C:\Windows\System32\aelupsvc.dll
22:57:38.0453 2428  AeLookupSvc - ok
22:57:38.0524 2428  [ 3911B972B55FEA0478476B2E777B29FA ] AFD            C:\Windows\system32\drivers\afd.sys
22:57:38.0561 2428  AFD - ok
22:57:38.0593 2428  [ 8B10CE1C1F9F1D47E4DEB1A547A00CD4 ] agp440          C:\Windows\system32\drivers\agp440.sys
22:57:38.0608 2428  agp440 - ok
22:57:38.0655 2428  [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx        C:\Windows\system32\drivers\djsvs.sys
22:57:38.0669 2428  aic78xx - ok
22:57:38.0716 2428  [ A1545B731579895D8CC44FC0481C1192 ] ALG            C:\Windows\System32\alg.exe
22:57:38.0879 2428  ALG - ok
22:57:38.0911 2428  [ 5C42A992E68724D2CD3DDB4FC3B0409F ] aliide          C:\Windows\system32\drivers\aliide.sys
22:57:38.0926 2428  aliide - ok
22:57:38.0949 2428  [ 848F27E5B27C1C253F6CEFDC1A5D8F21 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
22:57:38.0964 2428  amdagp - ok
22:57:38.0984 2428  [ 849DFACDDE533DA5D1810F0CAF84EB19 ] amdide          C:\Windows\system32\drivers\amdide.sys
22:57:39.0000 2428  amdide - ok
22:57:39.0036 2428  [ DC487885BCEF9F28EECE6FAC0E5DDFC5 ] AmdK7          C:\Windows\system32\drivers\amdk7.sys
22:57:39.0259 2428  AmdK7 - ok
22:57:39.0287 2428  [ 0CA0071DA4315B00FC1328CA86B425DA ] AmdK8          C:\Windows\system32\drivers\amdk8.sys
22:57:39.0354 2428  AmdK8 - ok
22:57:39.0497 2428  [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
22:57:39.0514 2428  AntiVirSchedulerService - ok
22:57:39.0572 2428  [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService  C:\Program Files\Avira\AntiVir Desktop\avguard.exe
22:57:39.0586 2428  AntiVirService - ok
22:57:39.0656 2428  [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo        C:\Windows\System32\appinfo.dll
22:57:39.0709 2428  Appinfo - ok
22:57:39.0718 2428  [ 5F673180268BB1FDB69C99B6619FE379 ] arc            C:\Windows\system32\drivers\arc.sys
22:57:39.0734 2428  arc - ok
22:57:39.0787 2428  [ 957F7540B5E7F602E44648C7DE5A1C05 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
22:57:39.0801 2428  arcsas - ok
22:57:39.0936 2428  [ 40C145F12FF461A0220303BDA134F598 ] aspnet_state    C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
22:57:39.0950 2428  aspnet_state - ok
22:57:40.0007 2428  [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
22:57:40.0075 2428  AsyncMac - ok
22:57:40.0127 2428  [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi          C:\Windows\system32\drivers\atapi.sys
22:57:40.0143 2428  atapi - ok
22:57:40.0217 2428  [ F8A2A11291A994B1A1F0867CFFAA6E18 ] Ati External Event Utility C:\Windows\system32\Ati2evxx.exe
22:57:40.0334 2428  Ati External Event Utility - ok
22:57:40.0441 2428  [ 72BC628AF75C4C3250F2A3BAC260265A ] atksgt          C:\Windows\system32\DRIVERS\atksgt.sys
22:57:40.0461 2428  atksgt - ok
22:57:40.0514 2428  [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
22:57:40.0556 2428  AudioEndpointBuilder - ok
22:57:40.0566 2428  [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv        C:\Windows\System32\Audiosrv.dll
22:57:40.0594 2428  Audiosrv - ok
22:57:40.0634 2428  [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
22:57:40.0648 2428  avgntflt - ok
22:57:40.0692 2428  [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
22:57:40.0707 2428  avipbb - ok
22:57:40.0744 2428  [ 53E56450DA16A1A7F0D002F511113F67 ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
22:57:40.0758 2428  avkmgr - ok
22:57:40.0803 2428  [ 08015D34F6FDD0B355805BAD978497C3 ] bcm4sbxp        C:\Windows\system32\DRIVERS\bcm4sbxp.sys
22:57:40.0873 2428  bcm4sbxp - ok
22:57:40.0937 2428  [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep            C:\Windows\system32\drivers\Beep.sys
22:57:40.0983 2428  Beep - ok
22:57:41.0054 2428  [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE            C:\Windows\System32\bfe.dll
22:57:41.0102 2428  BFE - ok
22:57:41.0219 2428  [ 93952506C6D67330367F7E7934B6A02F ] BITS            C:\Windows\System32\qmgr.dll
22:57:41.0311 2428  BITS - ok
22:57:41.0317 2428  blbdrive - ok
22:57:41.0360 2428  [ 35F376253F687BDE63976CCB3F2108CA ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
22:57:41.0400 2428  bowser - ok
22:57:41.0449 2428  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
22:57:41.0489 2428  BrFiltLo - ok
22:57:41.0522 2428  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
22:57:41.0564 2428  BrFiltUp - ok
22:57:41.0606 2428  [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser        C:\Windows\System32\browser.dll
22:57:41.0657 2428  Browser - ok
22:57:41.0679 2428  [ B304E75CFF293029EDDF094246747113 ] Brserid        C:\Windows\system32\drivers\brserid.sys
22:57:41.0739 2428  Brserid - ok
22:57:41.0762 2428  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
22:57:41.0830 2428  BrSerWdm - ok
22:57:41.0857 2428  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
22:57:41.0925 2428  BrUsbMdm - ok
22:57:41.0946 2428  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
22:57:42.0017 2428  BrUsbSer - ok
22:57:42.0068 2428  [ 6D39C954799B63BA866910234CF7D726 ] BthEnum        C:\Windows\system32\DRIVERS\BthEnum.sys
22:57:42.0112 2428  BthEnum - ok
22:57:42.0154 2428  [ 9A966A8E86D1771911AE34A20D11BFF3 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
22:57:42.0191 2428  BTHMODEM - ok
22:57:42.0227 2428  [ 5904EFA25F829BF84EA6FB045134A1D8 ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
22:57:42.0276 2428  BthPan - ok
22:57:42.0326 2428  [ 611FF3F2F095C8D4A6D4CFD9DCC09793 ] BTHPORT        C:\Windows\system32\Drivers\BTHport.sys
22:57:42.0394 2428  BTHPORT - ok
22:57:42.0431 2428  [ A4C8377FA4A994E07075107DBE2E3DCE ] BthServ        C:\Windows\System32\bthserv.dll
22:57:42.0474 2428  BthServ - ok
22:57:42.0507 2428  [ D330803EAB2A15CAEC7F011F1D4CB30E ] BTHUSB          C:\Windows\system32\Drivers\BTHUSB.sys
22:57:42.0556 2428  BTHUSB - ok
22:57:42.0622 2428  [ 4A28E7BD365377D0512B7EF8C7596D2C ] btwaudio        C:\Windows\system32\drivers\btwaudio.sys
22:57:42.0638 2428  btwaudio - ok
22:57:42.0661 2428  [ 5FFDE57253D665067B0886612817EB11 ] btwavdt        C:\Windows\system32\drivers\btwavdt.sys
22:57:42.0674 2428  btwavdt - ok
22:57:42.0703 2428  [ AB07DC8B05C31A4F95FC73019BE9DB15 ] btwrchid        C:\Windows\system32\DRIVERS\btwrchid.sys
22:57:42.0715 2428  btwrchid - ok
22:57:42.0955 2428  [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
22:57:43.0019 2428  cdfs - ok
22:57:43.0127 2428  [ 6B4BFFB9BECD728097024276430DB314 ] cdrom          C:\Windows\system32\DRIVERS\cdrom.sys
22:57:43.0177 2428  cdrom - ok
22:57:43.0236 2428  [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc    C:\Windows\System32\certprop.dll
22:57:43.0289 2428  CertPropSvc - ok
22:57:43.0319 2428  [ DA8E0AFC7BAA226C538EF53AC2F90897 ] circlass        C:\Windows\system32\drivers\circlass.sys
22:57:43.0368 2428  circlass - ok
22:57:43.0396 2428  [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS            C:\Windows\system32\CLFS.sys
22:57:43.0418 2428  CLFS - ok
22:57:43.0451 2428  [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:57:43.0465 2428  clr_optimization_v2.0.50727_32 - ok
22:57:43.0552 2428  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:57:43.0567 2428  clr_optimization_v4.0.30319_32 - ok
22:57:43.0625 2428  [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
22:57:43.0668 2428  CmBatt - ok
22:57:43.0686 2428  [ DE11A06E187756ECB86CFA82DAC40FF7 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
22:57:43.0701 2428  cmdide - ok
22:57:43.0739 2428  [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
22:57:43.0754 2428  Compbatt - ok
22:57:43.0757 2428  COMSysApp - ok
22:57:43.0770 2428  [ 2A213AE086BBEC5E937553C7D9A2B22C ] crcdisk        C:\Windows\system32\drivers\crcdisk.sys
22:57:43.0784 2428  crcdisk - ok
22:57:43.0805 2428  [ 22A7F883508176489F559EE745B5BF5D ] Crusoe          C:\Windows\system32\drivers\crusoe.sys
22:57:43.0870 2428  Crusoe - ok
22:57:43.0935 2428  [ 75C6A297E364014840B48ECCD7525E30 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
22:57:43.0988 2428  CryptSvc - ok
22:57:44.0055 2428  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch      C:\Windows\system32\rpcss.dll
22:57:44.0105 2428  DcomLaunch - ok
22:57:44.0139 2428  [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
22:57:44.0184 2428  DfsC - ok
22:57:44.0348 2428  [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR            C:\Windows\system32\DFSR.exe
22:57:44.0502 2428  DFSR - ok
22:57:44.0573 2428  [ D8522960163FA593694E441194A9A574 ] dg_ssudbus      C:\Windows\system32\DRIVERS\ssudbus.sys
22:57:44.0587 2428  dg_ssudbus - ok
22:57:44.0638 2428  [ 9028559C132146FB75EB7ACF384B086A ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
22:57:44.0680 2428  Dhcp - ok
22:57:44.0741 2428  [ 5D4AEFC3386920236A548271F8F1AF6A ] disk            C:\Windows\system32\drivers\disk.sys
22:57:44.0758 2428  disk - ok
22:57:44.0790 2428  [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache        C:\Windows\System32\dnsrslvr.dll
22:57:44.0835 2428  Dnscache - ok
22:57:44.0887 2428  [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc        C:\Windows\System32\dot3svc.dll
22:57:44.0932 2428  dot3svc - ok
22:57:44.0983 2428  [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS            C:\Windows\system32\dps.dll
22:57:45.0015 2428  DPS - ok
22:57:45.0065 2428  [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud        C:\Windows\system32\drivers\drmkaud.sys
22:57:45.0098 2428  drmkaud - ok
22:57:45.0154 2428  [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl        C:\Windows\System32\drivers\dxgkrnl.sys
22:57:45.0191 2428  DXGKrnl - ok
22:57:45.0250 2428  [ 7505290504C8E2D172FA378CC0497BCC ] e1express      C:\Windows\system32\DRIVERS\e1e6032.sys
22:57:45.0328 2428  e1express - ok
22:57:45.0365 2428  [ F88FB26547FD2CE6D0A5AF2985892C48 ] E1G60          C:\Windows\system32\DRIVERS\E1G60I32.sys
22:57:45.0420 2428  E1G60 - ok
22:57:45.0456 2428  [ C0B95E40D85CD807D614E264248A45B9 ] EapHost        C:\Windows\System32\eapsvc.dll
22:57:45.0497 2428  EapHost - ok
22:57:45.0551 2428  [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache          C:\Windows\system32\drivers\ecache.sys
22:57:45.0568 2428  Ecache - ok
22:57:45.0650 2428  [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr        C:\Windows\ehome\ehRecvr.exe
22:57:45.0694 2428  ehRecvr - ok
22:57:45.0729 2428  [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched        C:\Windows\ehome\ehsched.exe
22:57:45.0775 2428  ehSched - ok
22:57:45.0792 2428  [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart        C:\Windows\ehome\ehstart.dll
22:57:45.0832 2428  ehstart - ok
22:57:45.0866 2428  [ E8F3F21A71720C84BCF423B80028359F ] elxstor        C:\Windows\system32\drivers\elxstor.sys
22:57:45.0888 2428  elxstor - ok
22:57:45.0944 2428  [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt        C:\Windows\system32\emdmgmt.dll
22:57:46.0027 2428  EMDMgmt - ok
22:57:46.0071 2428  [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem    C:\Windows\system32\es.dll
22:57:46.0117 2428  EventSystem - ok
22:57:46.0224 2428  [ F10E7AA8BDF4488E3DFA989B8E7F7C9F ] EvtEng          C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
22:57:46.0261 2428  EvtEng ( UnsignedFile.Multi.Generic ) - warning
22:57:46.0261 2428  EvtEng - detected UnsignedFile.Multi.Generic (1)
22:57:46.0307 2428  [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat          C:\Windows\system32\drivers\exfat.sys
22:57:46.0368 2428  exfat - ok
22:57:46.0425 2428  [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat        C:\Windows\system32\drivers\fastfat.sys
22:57:46.0461 2428  fastfat - ok
22:57:46.0510 2428  [ 63BDADA84951B9C03E641800E176898A ] fdc            C:\Windows\system32\DRIVERS\fdc.sys
22:57:46.0580 2428  fdc - ok
22:57:46.0617 2428  [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost        C:\Windows\system32\fdPHost.dll
22:57:46.0647 2428  fdPHost - ok
22:57:46.0683 2428  [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub        C:\Windows\system32\fdrespub.dll
22:57:46.0753 2428  FDResPub - ok
22:57:46.0793 2428  [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
22:57:46.0809 2428  FileInfo - ok
22:57:46.0837 2428  [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace      C:\Windows\system32\drivers\filetrace.sys
22:57:46.0882 2428  Filetrace - ok
22:57:46.0920 2428  [ 6603957EFF5EC62D25075EA8AC27DE68 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
22:57:46.0993 2428  flpydisk - ok
22:57:47.0022 2428  [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
22:57:47.0043 2428  FltMgr - ok
22:57:47.0150 2428  [ 8CE364388C8ECA59B14B539179276D44 ] FontCache      C:\Windows\system32\FntCache.dll
22:57:47.0305 2428  FontCache - ok
22:57:47.0380 2428  [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
22:57:47.0394 2428  FontCache3.0.0.0 - ok
22:57:47.0429 2428  [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
22:57:47.0479 2428  Fs_Rec - ok
22:57:47.0524 2428  [ 4E1CD0A45C50A8882616CAE5BF82F3C5 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
22:57:47.0539 2428  gagp30kx - ok
22:57:47.0620 2428  getPlusHelper - ok
22:57:47.0671 2428  [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc          C:\Windows\System32\gpsvc.dll
22:57:47.0728 2428  gpsvc - ok
22:57:47.0832 2428  [ 626A24ED1228580B9518C01930936DF9 ] gupdate1c9912216cfd88b C:\Program Files\Google\Update\GoogleUpdate.exe
22:57:47.0846 2428  gupdate1c9912216cfd88b - ok
22:57:47.0858 2428  [ 626A24ED1228580B9518C01930936DF9 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
22:57:47.0872 2428  gupdatem - ok
22:57:47.0925 2428  [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
22:57:47.0977 2428  HdAudAddService - ok
22:57:48.0037 2428  [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
22:57:48.0138 2428  HDAudBus - ok
22:57:48.0257 2428  [ FCB3F4BE408F72C1BD81BCABA87FC22F ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
22:57:48.0339 2428  HidBth - ok
22:57:48.0411 2428  [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr          C:\Windows\system32\drivers\hidir.sys
22:57:48.0476 2428  HidIr - ok
22:57:48.0514 2428  [ 84067081F3318162797385E11A8F0582 ] hidserv        C:\Windows\system32\hidserv.dll
22:57:48.0549 2428  hidserv - ok
22:57:48.0588 2428  [ CCA4B519B17E23A00B826C55716809CC ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
22:57:48.0627 2428  HidUsb - ok
22:57:48.0671 2428  [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc          C:\Windows\system32\kmsvc.dll
22:57:48.0714 2428  hkmsvc - ok
22:57:48.0738 2428  [ DF353B401001246853763C4B7AAA6F50 ] HpCISSs        C:\Windows\system32\drivers\hpcisss.sys
22:57:48.0752 2428  HpCISSs - ok
22:57:48.0831 2428  [ 53229DCF431D76434816CD29251168A0 ] HSF_DPV        C:\Windows\system32\DRIVERS\HSX_DPV.sys
22:57:48.0967 2428  HSF_DPV - ok
22:57:48.0998 2428  [ 31F949D452201F2F0AF0C88D7DB512CD ] HSXHWAZL        C:\Windows\system32\DRIVERS\HSXHWAZL.sys
22:57:49.0034 2428  HSXHWAZL - ok
22:57:49.0087 2428  [ F870AA3E254628EBEAFE754108D664DE ] HTTP            C:\Windows\system32\drivers\HTTP.sys
22:57:49.0146 2428  HTTP - ok
22:57:49.0164 2428  [ 324C2152FF2C61ABAE92D09F3CCA4D63 ] i2omp          C:\Windows\system32\drivers\i2omp.sys
22:57:49.0178 2428  i2omp - ok
22:57:49.0229 2428  [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
22:57:49.0268 2428  i8042prt - ok
22:57:49.0295 2428  [ C957BF4B5D80B46C5017BF0101E6C906 ] iaStorV        C:\Windows\system32\drivers\iastorv.sys
22:57:49.0312 2428  iaStorV - ok
22:57:49.0476 2428  [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT        C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
22:57:49.0481 2428  IDriverT ( UnsignedFile.Multi.Generic ) - warning
22:57:49.0481 2428  IDriverT - detected UnsignedFile.Multi.Generic (1)
22:57:49.0580 2428  [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc          C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
22:57:49.0674 2428  idsvc - ok
22:57:49.0729 2428  [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp          C:\Windows\system32\drivers\iirsp.sys
22:57:49.0743 2428  iirsp - ok
22:57:49.0821 2428  [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT          C:\Windows\System32\ikeext.dll
22:57:49.0881 2428  IKEEXT - ok
22:57:49.0963 2428  [ 83AA759F3189E6370C30DE5DC5590718 ] intelide        C:\Windows\system32\drivers\intelide.sys
22:57:49.0979 2428  intelide - ok
22:57:50.0037 2428  [ 224191001E78C89DFA78924C3EA595FF ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
22:57:50.0077 2428  intelppm - ok
22:57:50.0118 2428  [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum      C:\Windows\system32\ipbusenum.dll
22:57:50.0167 2428  IPBusEnum - ok
22:57:50.0185 2428  [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:57:50.0226 2428  IpFilterDriver - ok
22:57:50.0260 2428  [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
22:57:50.0303 2428  iphlpsvc - ok
22:57:50.0311 2428  IpInIp - ok
22:57:50.0342 2428  [ 40F34F8ABA2A015D780E4B09138B6C17 ] IPMIDRV        C:\Windows\system32\drivers\ipmidrv.sys
22:57:50.0390 2428  IPMIDRV - ok
22:57:50.0414 2428  [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT          C:\Windows\system32\DRIVERS\ipnat.sys
22:57:50.0446 2428  IPNAT - ok
22:57:50.0469 2428  [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
22:57:50.0499 2428  IRENUM - ok
22:57:50.0516 2428  [ 2F8ECE2699E7E2070545E9B0960A8ED2 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
22:57:50.0530 2428  isapnp - ok
22:57:50.0599 2428  [ 232FA340531D940AAC623B121A595034 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
22:57:50.0618 2428  iScsiPrt - ok
22:57:50.0640 2428  [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
22:57:50.0655 2428  iteatapi - ok
22:57:50.0681 2428  [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid        C:\Windows\system32\drivers\iteraid.sys
22:57:50.0695 2428  iteraid - ok
22:57:50.0736 2428  [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
22:57:50.0751 2428  kbdclass - ok
22:57:50.0789 2428  [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
22:57:50.0826 2428  kbdhid - ok
22:57:50.0863 2428  [ A3E186B4B935905B829219502557314E ] KeyIso          C:\Windows\system32\lsass.exe
22:57:50.0908 2428  KeyIso - ok
22:57:50.0952 2428  [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
22:57:50.0981 2428  KSecDD - ok
22:57:51.0047 2428  [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm          C:\Windows\system32\msdtckrm.dll
22:57:51.0126 2428  KtmRm - ok
22:57:51.0164 2428  [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer    C:\Windows\system32\srvsvc.dll
22:57:51.0214 2428  LanmanServer - ok
22:57:51.0273 2428  [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
22:57:51.0325 2428  LanmanWorkstation - ok
22:57:51.0363 2428  [ 4127E8B6DDB4090E815C1F8852C277D3 ] lirsgt          C:\Windows\system32\DRIVERS\lirsgt.sys
22:57:51.0377 2428  lirsgt - ok
22:57:51.0420 2428  [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
22:57:51.0470 2428  lltdio - ok
22:57:51.0520 2428  [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc        C:\Windows\System32\lltdsvc.dll
22:57:51.0568 2428  lltdsvc - ok
22:57:51.0597 2428  [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts        C:\Windows\System32\lmhsvc.dll
22:57:51.0648 2428  lmhosts - ok
22:57:51.0693 2428  [ A2262FB9F28935E862B4DB46438C80D2 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
22:57:51.0707 2428  LSI_FC - ok
22:57:51.0732 2428  [ 30D73327D390F72A62F32C103DAF1D6D ] LSI_SAS        C:\Windows\system32\drivers\lsi_sas.sys
22:57:51.0747 2428  LSI_SAS - ok
22:57:51.0767 2428  [ E1E36FEFD45849A95F1AB81DE0159FE3 ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
22:57:51.0781 2428  LSI_SCSI - ok
22:57:51.0827 2428  [ 8F5C7426567798E62A3B3614965D62CC ] luafv          C:\Windows\system32\drivers\luafv.sys
22:57:51.0857 2428  luafv - ok
22:57:51.0876 2428  [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc        C:\Windows\system32\Mcx2Svc.dll
22:57:51.0903 2428  Mcx2Svc - ok
22:57:51.0950 2428  [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk        C:\Windows\system32\DRIVERS\mdmxsdk.sys
22:57:51.0978 2428  mdmxsdk - ok
22:57:52.0000 2428  [ D153B14FC6598EAE8422A2037553ADCE ] megasas        C:\Windows\system32\drivers\megasas.sys
22:57:52.0015 2428  megasas - ok
22:57:52.0062 2428  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS          C:\Windows\system32\mmcss.dll
22:57:52.0103 2428  MMCSS - ok
22:57:52.0120 2428  [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem          C:\Windows\system32\drivers\modem.sys
22:57:52.0166 2428  Modem - ok
22:57:52.0206 2428  [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor        C:\Windows\system32\DRIVERS\monitor.sys
22:57:52.0251 2428  monitor - ok
22:57:52.0300 2428  [ 5BF6A1326A335C5298477754A506D263 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
22:57:52.0315 2428  mouclass - ok
22:57:52.0335 2428  [ 93B8D4869E12CFBE663915502900876F ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
22:57:52.0377 2428  mouhid - ok
22:57:52.0429 2428  [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
22:57:52.0444 2428  MountMgr - ok
22:57:52.0474 2428  [ 583A41F26278D9E0EA548163D6139397 ] mpio            C:\Windows\system32\drivers\mpio.sys
22:57:52.0489 2428  mpio - ok
22:57:52.0508 2428  [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
22:57:52.0532 2428  mpsdrv - ok
22:57:52.0579 2428  [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc          C:\Windows\system32\mpssvc.dll
22:57:52.0648 2428  MpsSvc - ok
22:57:52.0673 2428  [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
22:57:52.0687 2428  Mraid35x - ok
22:57:52.0715 2428  [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
22:57:52.0734 2428  MRxDAV - ok
22:57:52.0769 2428  [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
22:57:52.0820 2428  mrxsmb - ok
22:57:52.0863 2428  [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:57:52.0882 2428  mrxsmb10 - ok
22:57:52.0901 2428  [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:57:52.0918 2428  mrxsmb20 - ok
22:57:52.0930 2428  [ 0D1C042188FFE61A702A9DF5944DE5BA ] msahci          C:\Windows\system32\drivers\msahci.sys
22:57:52.0945 2428  msahci - ok
22:57:52.0965 2428  [ 3FC82A2AE4CC149165A94699183D3028 ] msdsm          C:\Windows\system32\drivers\msdsm.sys
22:57:52.0981 2428  msdsm - ok
22:57:53.0026 2428  [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC          C:\Windows\System32\msdtc.exe
22:57:53.0071 2428  MSDTC - ok
22:57:53.0095 2428  [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
22:57:53.0140 2428  Msfs - ok
22:57:53.0159 2428  [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
22:57:53.0174 2428  msisadrv - ok
22:57:53.0218 2428  [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI        C:\Windows\system32\iscsiexe.dll
22:57:53.0264 2428  MSiSCSI - ok
22:57:53.0270 2428  msiserver - ok
22:57:53.0308 2428  [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV        C:\Windows\system32\drivers\MSKSSRV.sys
22:57:53.0337 2428  MSKSSRV - ok
22:57:53.0392 2428  [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
22:57:53.0442 2428  MSPCLOCK - ok
22:57:53.0461 2428  [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM          C:\Windows\system32\drivers\MSPQM.sys
22:57:53.0491 2428  MSPQM - ok
22:57:53.0529 2428  [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC          C:\Windows\system32\drivers\MsRPC.sys
22:57:53.0548 2428  MsRPC - ok
22:57:53.0667 2428  [ E384487CB84BE41D09711C30CA79646C ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
22:57:53.0682 2428  mssmbios - ok
22:57:53.0697 2428  [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE          C:\Windows\system32\drivers\MSTEE.sys
22:57:53.0740 2428  MSTEE - ok
22:57:53.0758 2428  [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup            C:\Windows\system32\Drivers\mup.sys
22:57:53.0775 2428  Mup - ok
22:57:53.0826 2428  [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent        C:\Windows\system32\qagentRT.dll
22:57:53.0876 2428  napagent - ok
22:57:53.0955 2428  [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP    C:\Windows\system32\DRIVERS\nwifi.sys
22:57:53.0991 2428  NativeWifiP - ok
22:57:54.0054 2428  [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS            C:\Windows\system32\drivers\ndis.sys
22:57:54.0104 2428  NDIS - ok
22:57:54.0144 2428  [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
22:57:54.0185 2428  NdisTapi - ok
22:57:54.0201 2428  [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio        C:\Windows\system32\DRIVERS\ndisuio.sys
22:57:54.0231 2428  Ndisuio - ok
22:57:54.0247 2428  [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan        C:\Windows\system32\DRIVERS\ndiswan.sys
22:57:54.0271 2428  NdisWan - ok
22:57:54.0288 2428  [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy        C:\Windows\system32\drivers\NDProxy.sys
22:57:54.0325 2428  NDProxy - ok
22:57:54.0366 2428  [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS        C:\Windows\system32\DRIVERS\netbios.sys
22:57:54.0414 2428  NetBIOS - ok
22:57:54.0444 2428  [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt          C:\Windows\system32\DRIVERS\netbt.sys
22:57:54.0486 2428  netbt - ok
22:57:54.0508 2428  [ A3E186B4B935905B829219502557314E ] Netlogon        C:\Windows\system32\lsass.exe
22:57:54.0525 2428  Netlogon - ok
22:57:54.0577 2428  [ C8052711DAECC48B982434C5116CA401 ] Netman          C:\Windows\System32\netman.dll
22:57:54.0635 2428  Netman - ok
22:57:54.0659 2428  [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm        C:\Windows\System32\netprofm.dll
22:57:54.0712 2428  netprofm - ok
22:57:54.0752 2428  [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:57:54.0767 2428  NetTcpPortSharing - ok
22:57:54.0901 2428  [ 6522DD40A5F67CED020BD81B856613FB ] NETw4v32        C:\Windows\system32\DRIVERS\NETw4v32.sys
22:57:55.0207 2428  NETw4v32 - ok
22:57:55.0251 2428  [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960        C:\Windows\system32\drivers\nfrd960.sys
22:57:55.0265 2428  nfrd960 - ok
22:57:55.0423 2428  [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc          C:\Windows\System32\nlasvc.dll
22:57:55.0456 2428  NlaSvc - ok
22:57:55.0495 2428  [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
22:57:55.0519 2428  Npfs - ok
22:57:55.0560 2428  [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi            C:\Windows\system32\nsisvc.dll
22:57:55.0608 2428  nsi - ok
22:57:55.0632 2428  [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
22:57:55.0679 2428  nsiproxy - ok
22:57:55.0742 2428  [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
22:57:55.0796 2428  Ntfs - ok
22:57:55.0827 2428  [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi      C:\Windows\system32\drivers\ntrigdigi.sys
22:57:55.0892 2428  ntrigdigi - ok
22:57:55.0901 2428  [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null            C:\Windows\system32\drivers\Null.sys
22:57:55.0932 2428  Null - ok
22:57:56.0238 2428  [ DC89868592D74DE404406C9420C3F277 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
22:57:56.0912 2428  nvlddmkm - ok
22:57:56.0965 2428  [ E69E946F80C1C31C53003BFBF50CBB7C ] nvraid          C:\Windows\system32\drivers\nvraid.sys
22:57:56.0980 2428  nvraid - ok
22:57:56.0997 2428  [ 9E0BA19A28C498A6D323D065DB76DFFC ] nvstor          C:\Windows\system32\drivers\nvstor.sys
22:57:57.0012 2428  nvstor - ok
22:57:57.0030 2428  [ 055081FD5076401C1EE1BCAB08D81911 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
22:57:57.0046 2428  nv_agp - ok
22:57:57.0052 2428  NwlnkFlt - ok
22:57:57.0061 2428  NwlnkFwd - ok
22:57:57.0119 2428  [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
22:57:57.0153 2428  ohci1394 - ok
22:57:57.0225 2428  [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose            C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:57:57.0238 2428  ose - ok
22:57:57.0295 2428  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc        C:\Windows\system32\p2psvc.dll
22:57:57.0430 2428  p2pimsvc - ok
22:57:57.0445 2428  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc          C:\Windows\system32\p2psvc.dll
22:57:57.0492 2428  p2psvc - ok
22:57:57.0558 2428  [ 0FA9B5055484649D63C303FE404E5F4D ] Parport        C:\Windows\system32\drivers\parport.sys
22:57:57.0624 2428  Parport - ok
22:57:57.0663 2428  [ B9C2B89F08670E159F7181891E449CD9 ] partmgr        C:\Windows\system32\drivers\partmgr.sys
22:57:57.0680 2428  partmgr - ok
22:57:57.0697 2428  [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm          C:\Windows\system32\drivers\parvdm.sys
22:57:57.0764 2428  Parvdm - ok
22:57:57.0803 2428  [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc          C:\Windows\System32\pcasvc.dll
22:57:57.0850 2428  PcaSvc - ok
22:57:57.0928 2428  [ FD2041E9BA03DB7764B2248F02475079 ] pccsmcfd        C:\Windows\system32\DRIVERS\pccsmcfd.sys
22:57:57.0955 2428  pccsmcfd - ok
22:57:57.0994 2428  [ 941DC1D19E7E8620F40BBC206981EFDB ] pci            C:\Windows\system32\drivers\pci.sys
22:57:58.0014 2428  pci - ok
22:57:58.0041 2428  [ 54D23DC5B5072311116826FDB7F6E83E ] pciide          C:\Windows\system32\DRIVERS\pciide.sys
22:57:58.0056 2428  pciide - ok
22:57:58.0087 2428  [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
22:57:58.0104 2428  pcmcia - ok
22:57:58.0156 2428  [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
22:57:58.0294 2428  PEAUTH - ok
22:57:58.0396 2428  [ B1689DF169143F57053F795390C99DB3 ] pla            C:\Windows\system32\pla.dll
22:57:58.0467 2428  pla - ok
22:57:58.0520 2428  [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
22:57:58.0565 2428  PlugPlay - ok
22:57:58.0606 2428  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg    C:\Windows\system32\p2psvc.dll
22:57:58.0932 2428  PNRPAutoReg - ok
22:57:58.0956 2428  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc        C:\Windows\system32\p2psvc.dll
22:57:59.0266 2428  PNRPsvc - ok
22:57:59.0338 2428  [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent    C:\Windows\System32\ipsecsvc.dll
22:57:59.0398 2428  PolicyAgent - ok
22:57:59.0452 2428  [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
22:57:59.0494 2428  PptpMiniport - ok
22:57:59.0517 2428  [ 0E3CEF5D28B40CF273281D620C50700A ] Processor      C:\Windows\system32\drivers\processr.sys
22:57:59.0579 2428  Processor - ok
22:57:59.0620 2428  [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc        C:\Windows\system32\profsvc.dll
22:57:59.0646 2428  ProfSvc - ok
22:57:59.0664 2428  [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
22:57:59.0681 2428  ProtectedStorage - ok
22:57:59.0714 2428  [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
22:57:59.0748 2428  PSched - ok
22:57:59.0791 2428  [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20        C:\Windows\system32\Drivers\PxHelp20.sys
22:57:59.0803 2428  PxHelp20 - ok
22:57:59.0867 2428  [ CCDAC889326317792480C0A67156A1EC ] ql2300          C:\Windows\system32\drivers\ql2300.sys
22:57:59.0916 2428  ql2300 - ok
22:57:59.0967 2428  [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
22:57:59.0983 2428  ql40xx - ok
22:58:00.0043 2428  [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE          C:\Windows\system32\qwave.dll
22:58:00.0079 2428  QWAVE - ok
22:58:00.0119 2428  [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
22:58:00.0135 2428  QWAVEdrv - ok
22:58:00.0253 2428  [ A6201FD4D96F7FA7DB3AD609BE60FF5C ] R300            C:\Windows\system32\DRIVERS\atikmdag.sys
22:58:00.0420 2428  R300 - ok
22:58:00.0445 2428  [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
22:58:00.0490 2428  RasAcd - ok
22:58:00.0519 2428  [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto        C:\Windows\System32\rasauto.dll
22:58:00.0566 2428  RasAuto - ok
22:58:00.0609 2428  [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp        C:\Windows\system32\DRIVERS\rasl2tp.sys
22:58:00.0658 2428  Rasl2tp - ok
22:58:00.0700 2428  [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan          C:\Windows\System32\rasmans.dll
22:58:00.0747 2428  RasMan - ok
22:58:00.0775 2428  [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
22:58:00.0816 2428  RasPppoe - ok
22:58:00.0845 2428  [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp        C:\Windows\system32\DRIVERS\rassstp.sys
22:58:00.0888 2428  RasSstp - ok
22:58:00.0924 2428  [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss          C:\Windows\system32\DRIVERS\rdbss.sys
22:58:00.0961 2428  rdbss - ok
22:58:01.0006 2428  [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
22:58:01.0051 2428  RDPCDD - ok
22:58:01.0099 2428  [ 0245418224CFA77BF4B41C2FE0622258 ] rdpdr          C:\Windows\system32\drivers\rdpdr.sys
22:58:01.0146 2428  rdpdr - ok
22:58:01.0152 2428  [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
22:58:01.0181 2428  RDPENCDD - ok
22:58:01.0236 2428  [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD          C:\Windows\system32\drivers\RDPWD.sys
22:58:01.0287 2428  RDPWD - ok
22:58:01.0324 2428  [ 7274BD434B6165BAA382BDD87F6CA4CE ] RegSrvc        C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
22:58:01.0367 2428  RegSrvc ( UnsignedFile.Multi.Generic ) - warning
22:58:01.0367 2428  RegSrvc - detected UnsignedFile.Multi.Generic (1)
22:58:01.0431 2428  [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess    C:\Windows\System32\mprdim.dll
22:58:01.0480 2428  RemoteAccess - ok
22:58:01.0512 2428  [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry  C:\Windows\system32\regsvc.dll
22:58:01.0559 2428  RemoteRegistry - ok
22:58:01.0601 2428  [ 6482707F9F4DA0ECBAB43B2E0398A101 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
22:58:01.0641 2428  RFCOMM - ok
22:58:01.0695 2428  [ D85E3FA9F5B1F29BB4ED185C450D1470 ] rimmptsk        C:\Windows\system32\DRIVERS\rimmptsk.sys
22:58:01.0723 2428  rimmptsk - ok
22:58:01.0755 2428  [ DB8EB01C58C9FADA00C70B1775278AE0 ] rimsptsk        C:\Windows\system32\DRIVERS\rimsptsk.sys
22:58:01.0795 2428  rimsptsk - ok
22:58:01.0812 2428  [ 6C1F93C0760C9F79A1869D07233DF39D ] rismxdp        C:\Windows\system32\DRIVERS\rixdptsk.sys
22:58:01.0853 2428  rismxdp - ok
22:58:01.0959 2428  [ EBCDE8B48FADC6479D96A56D0A432160 ] RoxMediaDB9    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
22:58:02.0018 2428  RoxMediaDB9 ( UnsignedFile.Multi.Generic ) - warning
22:58:02.0018 2428  RoxMediaDB9 - detected UnsignedFile.Multi.Generic (1)
22:58:02.0094 2428  [ AB2B1DE1C8F31EFCE2384B14B3DC4260 ] RoxWatch9      C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
22:58:02.0100 2428  RoxWatch9 ( UnsignedFile.Multi.Generic ) - warning
22:58:02.0100 2428  RoxWatch9 - detected UnsignedFile.Multi.Generic (1)
22:58:02.0130 2428  [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator      C:\Windows\system32\locator.exe
22:58:02.0172 2428  RpcLocator - ok
22:58:02.0211 2428  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs          C:\Windows\system32\rpcss.dll
22:58:02.0246 2428  RpcSs - ok
22:58:02.0295 2428  [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
22:58:02.0324 2428  rspndr - ok
22:58:02.0330 2428  [ A3E186B4B935905B829219502557314E ] SamSs          C:\Windows\system32\lsass.exe
22:58:02.0348 2428  SamSs - ok
22:58:02.0390 2428  [ 3CE8F073A557E172B330109436984E30 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
22:58:02.0405 2428  sbp2port - ok
22:58:02.0428 2428  SBRE - ok
22:58:02.0469 2428  [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
22:58:02.0510 2428  SCardSvr - ok
22:58:02.0560 2428  [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule        C:\Windows\system32\schedsvc.dll
22:58:02.0639 2428  Schedule - ok
22:58:02.0671 2428  [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc    C:\Windows\System32\certprop.dll
22:58:02.0694 2428  SCPolicySvc - ok
22:58:02.0732 2428  [ 8F36B54688C31EED4580129040C6A3D3 ] sdbus          C:\Windows\system32\DRIVERS\sdbus.sys
22:58:02.0756 2428  sdbus - ok
22:58:02.0801 2428  [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
22:58:02.0849 2428  SDRSVC - ok
22:58:02.0878 2428  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
22:58:02.0948 2428  secdrv - ok
22:58:02.0977 2428  [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon        C:\Windows\system32\seclogon.dll
22:58:03.0023 2428  seclogon - ok
22:58:03.0049 2428  [ A9BBAB5759771E523F55563D6CBE140F ] SENS            C:\Windows\System32\sens.dll
22:58:03.0097 2428  SENS - ok
22:58:03.0116 2428  [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum        C:\Windows\system32\drivers\serenum.sys
22:58:03.0185 2428  Serenum - ok
22:58:03.0207 2428  [ C70D69A918B178D3C3B06339B40C2E1B ] Serial          C:\Windows\system32\drivers\serial.sys
22:58:03.0256 2428  Serial - ok
22:58:03.0279 2428  [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
22:58:03.0308 2428  sermouse - ok
22:58:03.0461 2428  [ E802089FEC30A95FDFD218995308F9B3 ] ServiceLayer    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
22:58:03.0495 2428  ServiceLayer - ok
22:58:03.0534 2428  [ D2193326F729B163125610DBF3E17D57 ] SessionEnv      C:\Windows\system32\sessenv.dll
22:58:03.0567 2428  SessionEnv - ok
22:58:03.0605 2428  [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk        C:\Windows\system32\DRIVERS\sffdisk.sys
22:58:03.0647 2428  sffdisk - ok
22:58:03.0672 2428  [ 8FD08A310645FE872EEEC6E08C6BF3EE ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
22:58:03.0731 2428  sffp_mmc - ok
22:58:03.0771 2428  [ 9F66A46C55D6F1CCABC79BB7AFCCC545 ] sffp_sd        C:\Windows\system32\DRIVERS\sffp_sd.sys
22:58:03.0795 2428  sffp_sd - ok
22:58:03.0811 2428  [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy        C:\Windows\system32\drivers\sfloppy.sys
22:58:03.0860 2428  sfloppy - ok
22:58:03.0917 2428  [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
22:58:03.0965 2428  SharedAccess - ok
22:58:04.0020 2428  [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
22:58:04.0086 2428  ShellHWDetection - ok
22:58:04.0123 2428  [ 08072B2FB92477FC813271A84B3A8698 ] sisagp          C:\Windows\system32\drivers\sisagp.sys
22:58:04.0137 2428  sisagp - ok
22:58:04.0153 2428  [ CEDD6F4E7D84E9F98B34B3FE988373AA ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
22:58:04.0167 2428  SiSRaid2 - ok
22:58:04.0181 2428  [ DF843C528C4F69D12CE41CE462E973A7 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
22:58:04.0196 2428  SiSRaid4 - ok
22:58:04.0508 2428  [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc          C:\Windows\system32\SLsvc.exe
22:58:04.0716 2428  slsvc - ok
22:58:04.0772 2428  [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify      C:\Windows\system32\SLUINotify.dll
22:58:04.0828 2428  SLUINotify - ok
22:58:04.0851 2428  [ 7B75299A4D201D6A6533603D6914AB04 ] Smb            C:\Windows\system32\DRIVERS\smb.sys
22:58:04.0887 2428  Smb - ok
22:58:04.0918 2428  [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
22:58:04.0935 2428  SNMPTRAP - ok
22:58:04.0974 2428  [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr          C:\Windows\system32\drivers\spldr.sys
22:58:04.0989 2428  spldr - ok
22:58:05.0035 2428  [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler        C:\Windows\System32\spoolsv.exe
22:58:05.0059 2428  Spooler - ok
22:58:05.0134 2428  [ D390675B8CE45E5FB359338E5E649329 ] sptd            C:\Windows\system32\Drivers\sptd.sys
22:58:05.0134 2428  Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: D390675B8CE45E5FB359338E5E649329
22:58:05.0136 2428  sptd ( LockedFile.Multi.Generic ) - warning
22:58:05.0136 2428  sptd - detected LockedFile.Multi.Generic (1)
22:58:05.0182 2428  [ 41987F9FC0E61ADF54F581E15029AD91 ] srv            C:\Windows\system32\DRIVERS\srv.sys
22:58:05.0222 2428  srv - ok
22:58:05.0253 2428  [ FF33AFF99564B1AA534F58868CBE41EF ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
22:58:05.0285 2428  srv2 - ok
22:58:05.0317 2428  [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
22:58:05.0354 2428  srvnet - ok
22:58:05.0382 2428  [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV        C:\Windows\System32\ssdpsrv.dll
22:58:05.0415 2428  SSDPSRV - ok
22:58:05.0467 2428  [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv          C:\Windows\system32\DRIVERS\ssmdrv.sys
22:58:05.0479 2428  ssmdrv - ok
22:58:05.0518 2428  [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc        C:\Windows\system32\sstpsvc.dll
22:58:05.0558 2428  SstpSvc - ok
22:58:05.0643 2428  [ 1B4052F016BA5E087689ABA536A0A927 ] ssudmdm        C:\Windows\system32\DRIVERS\ssudmdm.sys
22:58:05.0658 2428  ssudmdm - ok
22:58:05.0713 2428  [ 306521935042FC0A6988D528643619B3 ] StarOpen        C:\Windows\system32\drivers\StarOpen.sys
22:58:05.0736 2428  StarOpen ( UnsignedFile.Multi.Generic ) - warning
22:58:05.0736 2428  StarOpen - detected UnsignedFile.Multi.Generic (1)
22:58:05.0806 2428  [ 9CEA131B5EB0EA653F6B3EA80B54956D ] STHDA          C:\Windows\system32\drivers\stwrt.sys
22:58:05.0854 2428  STHDA - ok
22:58:05.0903 2428  [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc          C:\Windows\System32\wiaservc.dll
22:58:06.0049 2428  stisvc - ok
22:58:06.0112 2428  [ 51778FD315C9882F1CBD932743E62A72 ] stllssvr        C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
22:58:06.0118 2428  stllssvr ( UnsignedFile.Multi.Generic ) - warning
22:58:06.0118 2428  stllssvr - detected UnsignedFile.Multi.Generic (1)
22:58:06.0162 2428  [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
22:58:06.0180 2428  swenum - ok
22:58:06.0362 2428  [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv          C:\Windows\System32\swprv.dll
22:58:06.0403 2428  swprv - ok
22:58:06.0435 2428  [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx        C:\Windows\system32\drivers\symc8xx.sys
22:58:06.0450 2428  Symc8xx - ok
22:58:06.0491 2428  [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
22:58:06.0506 2428  Sym_hi - ok
22:58:06.0533 2428  [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
22:58:06.0548 2428  Sym_u3 - ok
22:58:06.0613 2428  [ 1F5192248A364D4AB68DB063D18A2139 ] SynTP          C:\Windows\system32\DRIVERS\SynTP.sys
22:58:06.0630 2428  SynTP - ok
22:58:06.0668 2428  [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain        C:\Windows\system32\sysmain.dll
22:58:06.0786 2428  SysMain - ok
22:58:06.0814 2428  [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
22:58:06.0849 2428  TabletInputService - ok
22:58:06.0896 2428  [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv        C:\Windows\System32\tapisrv.dll
22:58:06.0942 2428  TapiSrv - ok
22:58:06.0992 2428  [ CB05822CD9CC6C688168E113C603DBE7 ] TBS            C:\Windows\System32\tbssvc.dll
22:58:07.0028 2428  TBS - ok
22:58:07.0093 2428  [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip          C:\Windows\system32\drivers\tcpip.sys
22:58:07.0139 2428  Tcpip - ok
22:58:07.0163 2428  [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
22:58:07.0202 2428  Tcpip6 - ok
22:58:07.0252 2428  [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
22:58:07.0287 2428  tcpipreg - ok
22:58:07.0365 2428  [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
22:58:07.0409 2428  TDPIPE - ok
22:58:07.0435 2428  [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP          C:\Windows\system32\drivers\tdtcp.sys
22:58:07.0485 2428  TDTCP - ok
22:58:07.0537 2428  [ 76B06EB8A01FC8624D699E7045303E54 ] tdx            C:\Windows\system32\DRIVERS\tdx.sys
22:58:07.0575 2428  tdx - ok
22:58:07.0617 2428  [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
22:58:07.0634 2428  TermDD - ok
22:58:07.0684 2428  [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService    C:\Windows\System32\termsrv.dll
22:58:07.0765 2428  TermService - ok
22:58:07.0799 2428  [ C7230FBEE14437716701C15BE02C27B8 ] Themes          C:\Windows\system32\shsvcs.dll
22:58:07.0820 2428  Themes - ok
22:58:07.0840 2428  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER    C:\Windows\system32\mmcss.dll
22:58:07.0874 2428  THREADORDER - ok
22:58:07.0916 2428  [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks          C:\Windows\System32\trkwks.dll
22:58:07.0959 2428  TrkWks - ok
22:58:08.0026 2428  [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
22:58:08.0062 2428  TrustedInstaller - ok
22:58:08.0093 2428  [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
22:58:08.0142 2428  tssecsrv - ok
22:58:08.0197 2428  [ 6A29CD69D1128BDF49A705BEFC614A5B ] TuneUp.Defrag  C:\Windows\System32\TuneUpDefragService.exe
22:58:08.0245 2428  TuneUp.Defrag - ok
22:58:08.0306 2428  [ 51EE2913ED525DE18FDA96DCCBC5386A ] TuneUp.ProgramStatisticsSvc C:\Windows\System32\TUProgSt.exe
22:58:08.0371 2428  TuneUp.ProgramStatisticsSvc - ok
22:58:08.0418 2428  [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp          C:\Windows\system32\DRIVERS\tunmp.sys
22:58:08.0434 2428  tunmp - ok
22:58:08.0494 2428  [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
22:58:08.0531 2428  tunnel - ok
22:58:08.0586 2428  [ C3ADE15414120033A36C0F293D4A4121 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
22:58:08.0600 2428  uagp35 - ok
22:58:08.0699 2428  [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
22:58:08.0725 2428  udfs - ok
22:58:08.0759 2428  [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect      C:\Windows\system32\UI0Detect.exe
22:58:08.0793 2428  UI0Detect - ok
22:58:08.0821 2428  [ 6D72EF05921ABDF59FC45C7EBFE7E8DD ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
22:58:08.0835 2428  uliagpkx - ok
22:58:08.0863 2428  [ 3CD4EA35A6221B85DCC25DAA46313F8D ] uliahci        C:\Windows\system32\drivers\uliahci.sys
22:58:08.0882 2428  uliahci - ok
22:58:08.0905 2428  [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata          C:\Windows\system32\drivers\ulsata.sys
22:58:08.0920 2428  UlSata - ok
22:58:08.0938 2428  [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2        C:\Windows\system32\drivers\ulsata2.sys
22:58:08.0953 2428  ulsata2 - ok
22:58:08.0975 2428  [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus          C:\Windows\system32\DRIVERS\umbus.sys
22:58:09.0005 2428  umbus - ok
22:58:09.0053 2428  [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost        C:\Windows\System32\upnphost.dll
22:58:09.0091 2428  upnphost - ok
22:58:09.0164 2428  [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp        C:\Windows\system32\DRIVERS\usbccgp.sys
22:58:09.0221 2428  usbccgp - ok
22:58:09.0238 2428  [ E9476E6C486E76BC4898074768FB7131 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
22:58:09.0300 2428  usbcir - ok
22:58:09.0343 2428  [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci        C:\Windows\system32\DRIVERS\usbehci.sys
22:58:09.0382 2428  usbehci - ok
22:58:09.0425 2428  [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
22:58:09.0454 2428  usbhub - ok
22:58:09.0490 2428  [ 38DBC7DD6CC5A72011F187425384388B ] usbohci        C:\Windows\system32\drivers\usbohci.sys
22:58:09.0540 2428  usbohci - ok
22:58:09.0594 2428  [ B51E52ACF758BE00EF3A58EA452FE360 ] usbprint        C:\Windows\system32\drivers\usbprint.sys
22:58:09.0643 2428  usbprint - ok
22:58:09.0702 2428  [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR        C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:58:09.0785 2428  USBSTOR - ok
22:58:09.0853 2428  [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci        C:\Windows\system32\DRIVERS\usbuhci.sys
22:58:09.0894 2428  usbuhci - ok
22:58:09.0925 2428  [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms          C:\Windows\System32\uxsms.dll
22:58:09.0967 2428  UxSms - ok
22:58:10.0003 2428  [ 2E2E93041C8058BC7DE6F0D743C4A0C6 ] UxTuneUp        C:\Windows\System32\uxtuneup.dll
22:58:10.0017 2428  UxTuneUp - ok
22:58:10.0067 2428  [ CD88D1B7776DC17A119049742EC07EB4 ] vds            C:\Windows\System32\vds.exe
22:58:10.0116 2428  vds - ok
22:58:10.0164 2428  [ 7D92BE0028ECDEDEC74617009084B5EF ] vga            C:\Windows\system32\DRIVERS\vgapnp.sys
22:58:10.0235 2428  vga - ok
22:58:10.0282 2428  [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave        C:\Windows\System32\drivers\vga.sys
22:58:10.0330 2428  VgaSave - ok
22:58:10.0354 2428  [ D5929A28BDFF4367A12CAF06AF901971 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
22:58:10.0369 2428  viaagp - ok
22:58:10.0388 2428  [ 56A4DE5F02F2E88182B0981119B4DD98 ] ViaC7          C:\Windows\system32\drivers\viac7.sys
22:58:10.0454 2428  ViaC7 - ok
22:58:10.0487 2428  [ C0ACE9D0F5A5EE0B00F58345947A57FC ] viaide          C:\Windows\system32\drivers\viaide.sys
22:58:10.0502 2428  viaide - ok
22:58:10.0528 2428  [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
22:58:10.0550 2428  volmgr - ok
22:58:10.0598 2428  [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx        C:\Windows\system32\drivers\volmgrx.sys
22:58:10.0620 2428  volmgrx - ok
22:58:10.0671 2428  [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap        C:\Windows\system32\drivers\volsnap.sys
22:58:10.0694 2428  volsnap - ok
22:58:10.0719 2428  [ D984439746D42B30FC65A4C3546C6829 ] vsmraid        C:\Windows\system32\drivers\vsmraid.sys
22:58:10.0734 2428  vsmraid - ok
22:58:10.0792 2428  [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS            C:\Windows\system32\vssvc.exe
22:58:10.0919 2428  VSS - ok
22:58:10.0958 2428  [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time        C:\Windows\system32\w32time.dll
22:58:10.0990 2428  W32Time - ok
22:58:11.0026 2428  [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
22:58:11.0097 2428  WacomPen - ok
22:58:11.0134 2428  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
22:58:11.0172 2428  Wanarp - ok
22:58:11.0177 2428  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
22:58:11.0202 2428  Wanarpv6 - ok
22:58:11.0235 2428  [ A3CD60FD826381B49F03832590E069AF ] wcncsvc        C:\Windows\System32\wcncsvc.dll
22:58:11.0264 2428  wcncsvc - ok
22:58:11.0302 2428  [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
22:58:11.0345 2428  WcsPlugInService - ok
22:58:11.0376 2428  [ AFC5AD65B991C1E205CF25CFDBF7A6F4 ] Wd              C:\Windows\system32\drivers\wd.sys
22:58:11.0390 2428  Wd - ok
22:58:11.0452 2428  [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
22:58:11.0514 2428  Wdf01000 - ok
22:58:11.0567 2428  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
22:58:11.0618 2428  WdiServiceHost - ok
22:58:11.0623 2428  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost  C:\Windows\system32\wdi.dll
22:58:11.0656 2428  WdiSystemHost - ok
22:58:11.0697 2428  [ 04C37D8107320312FBAE09926103D5E2 ] WebClient      C:\Windows\System32\webclnt.dll
22:58:11.0719 2428  WebClient - ok
22:58:11.0755 2428  [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc          C:\Windows\system32\wecsvc.dll
22:58:11.0815 2428  Wecsvc - ok
22:58:11.0848 2428  [ 670FF720071ED741206D69BD995EA453 ] wercplsupport  C:\Windows\System32\wercplsupport.dll
22:58:11.0874 2428  wercplsupport - ok
22:58:11.0913 2428  [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc          C:\Windows\System32\WerSvc.dll
22:58:11.0941 2428  WerSvc - ok
22:58:11.0983 2428  [ 6D2350BB6E77E800FC4BE4E5B7A2E89A ] winachsf        C:\Windows\system32\DRIVERS\HSX_CNXT.sys
22:58:12.0022 2428  winachsf - ok
22:58:12.0138 2428  [ 4575AA12561C5648483403541D0D7F2B ] WinDefend      C:\Program Files\Windows Defender\mpsvc.dll
22:58:12.0158 2428  WinDefend - ok
22:58:12.0165 2428  WinHttpAutoProxySvc - ok
22:58:12.0246 2428  [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt        C:\Windows\system32\wbem\WMIsvc.dll
22:58:12.0271 2428  Winmgmt - ok
22:58:12.0360 2428  [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM          C:\Windows\system32\WsmSvc.dll
22:58:12.0492 2428  WinRM - ok
22:58:12.0569 2428  [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc        C:\Windows\System32\wlansvc.dll
22:58:12.0694 2428  Wlansvc - ok
22:58:12.0737 2428  [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi        C:\Windows\system32\DRIVERS\wmiacpi.sys
22:58:12.0760 2428  WmiAcpi - ok
22:58:12.0820 2428  [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
22:58:12.0844 2428  wmiApSrv - ok
22:58:13.0067 2428  [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc  C:\Program Files\Windows Media Player\wmpnetwk.exe
22:58:13.0240 2428  WMPNetworkSvc - ok
22:58:13.0327 2428  [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
22:58:13.0399 2428  WPCSvc - ok
22:58:13.0477 2428  [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
22:58:13.0589 2428  WPDBusEnum - ok
22:58:13.0643 2428  [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb          C:\Windows\system32\DRIVERS\wpdusb.sys
22:58:13.0680 2428  WpdUsb - ok
22:58:13.0803 2428  [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
22:58:13.0835 2428  WPFFontCache_v0400 - ok
22:58:13.0873 2428  [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl        C:\Windows\system32\drivers\ws2ifsl.sys
22:58:13.0918 2428  ws2ifsl - ok
22:58:13.0952 2428  [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc          C:\Windows\System32\wscsvc.dll
22:58:13.0972 2428  wscsvc - ok
22:58:13.0978 2428  WSearch - ok
22:58:14.0089 2428  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
22:58:14.0186 2428  wuauserv - ok
22:58:14.0300 2428  [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
22:58:14.0331 2428  WUDFRd - ok
22:58:14.0350 2428  [ 575A4190D989F64732119E4114045A4F ] wudfsvc        C:\Windows\System32\WUDFSvc.dll
22:58:14.0383 2428  wudfsvc - ok
22:58:14.0422 2428  [ 5A7FF9A18FF6D7E0527FE3ABF9204EF8 ] XAudio          C:\Windows\system32\DRIVERS\xaudio.sys
22:58:14.0435 2428  XAudio - ok
22:58:14.0471 2428  [ 28DC5D626E036A75A572556F0A6EB1F6 ] XAudioService  C:\Windows\system32\DRIVERS\xaudio.exe
22:58:14.0522 2428  XAudioService - ok
22:58:14.0564 2428  ================ Scan global ===============================
22:58:14.0605 2428  [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
22:58:14.0679 2428  [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
22:58:14.0697 2428  [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
22:58:14.0750 2428  [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
22:58:14.0755 2428  [Global] - ok
22:58:14.0755 2428  ================ Scan MBR ==================================
22:58:14.0774 2428  [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
22:58:15.0458 2428  \Device\Harddisk0\DR0 ( TDSS File System ) - warning
22:58:15.0458 2428  \Device\Harddisk0\DR0 - detected TDSS File System (1)
22:58:15.0458 2428  ================ Scan VBR ==================================
22:58:15.0496 2428  [ CAD60F4449ACA2C65347DAD7024CC1A6 ] \Device\Harddisk0\DR0\Partition1
22:58:15.0498 2428  \Device\Harddisk0\DR0\Partition1 - ok
22:58:15.0515 2428  [ ECBD938FC5C24153E16F139973F09DF4 ] \Device\Harddisk0\DR0\Partition2
22:58:15.0518 2428  \Device\Harddisk0\DR0\Partition2 - ok
22:58:15.0518 2428  ============================================================
22:58:15.0518 2428  Scan finished
22:58:15.0518 2428  ============================================================
22:58:15.0534 2816  Detected object count: 9
22:58:15.0534 2816  Actual detected object count: 9
22:58:44.0191 2816  EvtEng ( UnsignedFile.Multi.Generic ) - skipped by user
22:58:44.0191 2816  EvtEng ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:58:44.0194 2816  IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
22:58:44.0194 2816  IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:58:44.0196 2816  RegSrvc ( UnsignedFile.Multi.Generic ) - skipped by user
22:58:44.0196 2816  RegSrvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:58:44.0199 2816  RoxMediaDB9 ( UnsignedFile.Multi.Generic ) - skipped by user
22:58:44.0199 2816  RoxMediaDB9 ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:58:44.0201 2816  RoxWatch9 ( UnsignedFile.Multi.Generic ) - skipped by user
22:58:44.0201 2816  RoxWatch9 ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:58:44.0204 2816  sptd ( LockedFile.Multi.Generic ) - skipped by user
22:58:44.0204 2816  sptd ( LockedFile.Multi.Generic ) - User select action: Skip
22:58:44.0207 2816  StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user
22:58:44.0207 2816  StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:58:44.0209 2816  stllssvr ( UnsignedFile.Multi.Generic ) - skipped by user
22:58:44.0210 2816  stllssvr ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:58:44.0212 2816  \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
22:58:44.0212 2816  \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
22:58:54.0937 1508  Deinitialize success

cosinus 07.10.2012 04:57
Code:
\Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
Diesen Eintrag bitte mit dem TDSS-Killer fixen. Aber bitte nur diesen Eintrag!

Um das zu tun musst du den TDSS-Killer neu starten und einen neuen Scan machen. Wenn du danach die Ergebnisse siehst, stellst du bitte diesen Eintrag auf CURE bzw. DELETE (je nachdem was dir angeboten wird, alle anderen bitte auf SKIP lassen! ) und klickst dann unten rechts auf continue

Starte Windows danach neu und mach wieder ein komplett neues Log mit dem TDSS-Killer. Wie immer wieder in CODE-Tags posten.

Joshua1966 07.10.2012 07:54
Eintrag wurde gelöscht wie vorgegeben:

Code:
08:45:30.0706 0868  TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
08:45:30.0859 0868  ============================================================
08:45:30.0859 0868  Current date / time: 2012/10/07 08:45:30.0859
08:45:30.0859 0868  SystemInfo:
08:45:30.0859 0868 
08:45:30.0860 0868  OS Version: 6.0.6002 ServicePack: 2.0
08:45:30.0860 0868  Product type: Workstation
08:45:30.0860 0868  ComputerName: JOSHUA
08:45:30.0860 0868  UserName: Wolfgang
08:45:30.0860 0868  Windows directory: C:\Windows
08:45:30.0860 0868  System windows directory: C:\Windows
08:45:30.0860 0868  Processor architecture: Intel x86
08:45:30.0860 0868  Number of processors: 2
08:45:30.0860 0868  Page size: 0x1000
08:45:30.0860 0868  Boot type: Normal boot
08:45:30.0860 0868  ============================================================
08:45:33.0175 0868  Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
08:45:33.0177 0868  ============================================================
08:45:33.0177 0868  \Device\Harddisk0\DR0:
08:45:33.0195 0868  MBR partitions:
08:45:33.0195 0868  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2B800, BlocksNum 0x1400000
08:45:33.0195 0868  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x142B800, BlocksNum 0xC768800
08:45:33.0221 0868  ============================================================
08:45:33.0377 0868  C: <-> \Device\Harddisk0\DR0\Partition2
08:45:33.0566 0868  D: <-> \Device\Harddisk0\DR0\Partition1
08:45:33.0567 0868  ============================================================
08:45:33.0567 0868  Initialize success
08:45:33.0567 0868  ============================================================
08:45:41.0512 3968  ============================================================
08:45:41.0512 3968  Scan started
08:45:41.0512 3968  Mode: Manual; SigCheck; TDLFS;
08:45:41.0512 3968  ============================================================
08:45:42.0985 3968  ================ Scan system memory ========================
08:45:42.0985 3968  System memory - ok
08:45:42.0985 3968  ================ Scan services =============================
08:45:43.0688 3968  [ 553BA53445795CBC0D4F9FA37EB855A6 ] acedrv10        C:\Windows\system32\drivers\acedrv10.sys
08:45:43.0922 3968  acedrv10 - ok
08:45:43.0951 3968  [ 8CE00B6A46962A1808B19CD1DAE5170C ] acehlp10        C:\Windows\system32\drivers\acehlp10.sys
08:45:43.0967 3968  acehlp10 - ok
08:45:44.0033 3968  [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI            C:\Windows\system32\drivers\acpi.sys
08:45:44.0077 3968  ACPI - ok
08:45:44.0165 3968  [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB ] adp94xx        C:\Windows\system32\drivers\adp94xx.sys
08:45:44.0197 3968  adp94xx - ok
08:45:44.0247 3968  [ B84088CA3CDCA97DA44A984C6CE1CCAD ] adpahci        C:\Windows\system32\drivers\adpahci.sys
08:45:44.0269 3968  adpahci - ok
08:45:44.0284 3968  [ 7880C67BCCC27C86FD05AA2AFB5EA469 ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
08:45:44.0302 3968  adpu160m - ok
08:45:44.0311 3968  [ 9AE713F8E30EFC2ABCCD84904333DF4D ] adpu320        C:\Windows\system32\drivers\adpu320.sys
08:45:44.0328 3968  adpu320 - ok
08:45:44.0381 3968  [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc    C:\Windows\System32\aelupsvc.dll
08:45:44.0512 3968  AeLookupSvc - ok
08:45:44.0586 3968  [ 3911B972B55FEA0478476B2E777B29FA ] AFD            C:\Windows\system32\drivers\afd.sys
08:45:44.0643 3968  AFD - ok
08:45:44.0708 3968  [ 8B10CE1C1F9F1D47E4DEB1A547A00CD4 ] agp440          C:\Windows\system32\drivers\agp440.sys
08:45:44.0734 3968  agp440 - ok
08:45:44.0803 3968  [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx        C:\Windows\system32\drivers\djsvs.sys
08:45:44.0962 3968  aic78xx - ok
08:45:45.0053 3968  [ A1545B731579895D8CC44FC0481C1192 ] ALG            C:\Windows\System32\alg.exe
08:45:45.0408 3968  ALG - ok
08:45:45.0437 3968  [ 5C42A992E68724D2CD3DDB4FC3B0409F ] aliide          C:\Windows\system32\drivers\aliide.sys
08:45:45.0453 3968  aliide - ok
08:45:45.0475 3968  [ 848F27E5B27C1C253F6CEFDC1A5D8F21 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
08:45:45.0492 3968  amdagp - ok
08:45:45.0521 3968  [ 849DFACDDE533DA5D1810F0CAF84EB19 ] amdide          C:\Windows\system32\drivers\amdide.sys
08:45:45.0557 3968  amdide - ok
08:45:45.0584 3968  [ DC487885BCEF9F28EECE6FAC0E5DDFC5 ] AmdK7          C:\Windows\system32\drivers\amdk7.sys
08:45:45.0839 3968  AmdK7 - ok
08:45:45.0913 3968  [ 0CA0071DA4315B00FC1328CA86B425DA ] AmdK8          C:\Windows\system32\drivers\amdk8.sys
08:45:46.0010 3968  AmdK8 - ok
08:45:46.0334 3968  [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
08:45:46.0350 3968  AntiVirSchedulerService - ok
08:45:46.0431 3968  [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService  C:\Program Files\Avira\AntiVir Desktop\avguard.exe
08:45:46.0445 3968  AntiVirService - ok
08:45:46.0519 3968  [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo        C:\Windows\System32\appinfo.dll
08:45:46.0635 3968  Appinfo - ok
08:45:46.0670 3968  [ 5F673180268BB1FDB69C99B6619FE379 ] arc            C:\Windows\system32\drivers\arc.sys
08:45:46.0686 3968  arc - ok
08:45:46.0736 3968  [ 957F7540B5E7F602E44648C7DE5A1C05 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
08:45:46.0752 3968  arcsas - ok
08:45:46.0973 3968  [ 40C145F12FF461A0220303BDA134F598 ] aspnet_state    C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
08:45:46.0987 3968  aspnet_state - ok
08:45:47.0067 3968  [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
08:45:47.0156 3968  AsyncMac - ok
08:45:47.0187 3968  [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi          C:\Windows\system32\drivers\atapi.sys
08:45:47.0202 3968  atapi - ok
08:45:47.0304 3968  [ F8A2A11291A994B1A1F0867CFFAA6E18 ] Ati External Event Utility C:\Windows\system32\Ati2evxx.exe
08:45:47.0382 3968  Ati External Event Utility - ok
08:45:47.0456 3968  [ 72BC628AF75C4C3250F2A3BAC260265A ] atksgt          C:\Windows\system32\DRIVERS\atksgt.sys
08:45:47.0473 3968  atksgt - ok
08:45:47.0563 3968  [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
08:45:47.0648 3968  AudioEndpointBuilder - ok
08:45:47.0658 3968  [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv        C:\Windows\System32\Audiosrv.dll
08:45:47.0684 3968  Audiosrv - ok
08:45:47.0760 3968  [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
08:45:47.0774 3968  avgntflt - ok
08:45:47.0862 3968  [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
08:45:47.0877 3968  avipbb - ok
08:45:47.0937 3968  [ 53E56450DA16A1A7F0D002F511113F67 ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
08:45:47.0950 3968  avkmgr - ok
08:45:48.0018 3968  [ 08015D34F6FDD0B355805BAD978497C3 ] bcm4sbxp        C:\Windows\system32\DRIVERS\bcm4sbxp.sys
08:45:48.0088 3968  bcm4sbxp - ok
08:45:48.0141 3968  [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep            C:\Windows\system32\drivers\Beep.sys
08:45:48.0185 3968  Beep - ok
08:45:48.0269 3968  [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE            C:\Windows\System32\bfe.dll
08:45:48.0343 3968  BFE - ok
08:45:48.0444 3968  [ 93952506C6D67330367F7E7934B6A02F ] BITS            C:\Windows\System32\qmgr.dll
08:45:48.0503 3968  BITS - ok
08:45:48.0510 3968  blbdrive - ok
08:45:48.0563 3968  [ 35F376253F687BDE63976CCB3F2108CA ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
08:45:48.0726 3968  bowser - ok
08:45:48.0775 3968  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
08:45:48.0837 3968  BrFiltLo - ok
08:45:48.0859 3968  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
08:45:49.0012 3968  BrFiltUp - ok
08:45:49.0054 3968  [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser        C:\Windows\System32\browser.dll
08:45:49.0118 3968  Browser - ok
08:45:49.0160 3968  [ B304E75CFF293029EDDF094246747113 ] Brserid        C:\Windows\system32\drivers\brserid.sys
08:45:49.0222 3968  Brserid - ok
08:45:49.0243 3968  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
08:45:49.0314 3968  BrSerWdm - ok
08:45:49.0361 3968  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
08:45:49.0447 3968  BrUsbMdm - ok
08:45:49.0473 3968  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
08:45:49.0540 3968  BrUsbSer - ok
08:45:49.0594 3968  [ 6D39C954799B63BA866910234CF7D726 ] BthEnum        C:\Windows\system32\DRIVERS\BthEnum.sys
08:45:49.0647 3968  BthEnum - ok
08:45:49.0691 3968  [ 9A966A8E86D1771911AE34A20D11BFF3 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
08:45:49.0751 3968  BTHMODEM - ok
08:45:49.0786 3968  [ 5904EFA25F829BF84EA6FB045134A1D8 ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
08:45:49.0835 3968  BthPan - ok
08:45:49.0924 3968  [ 611FF3F2F095C8D4A6D4CFD9DCC09793 ] BTHPORT        C:\Windows\system32\Drivers\BTHport.sys
08:45:49.0974 3968  BTHPORT - ok
08:45:50.0002 3968  [ A4C8377FA4A994E07075107DBE2E3DCE ] BthServ        C:\Windows\System32\bthserv.dll
08:45:50.0078 3968  BthServ - ok
08:45:50.0111 3968  [ D330803EAB2A15CAEC7F011F1D4CB30E ] BTHUSB          C:\Windows\system32\Drivers\BTHUSB.sys
08:45:50.0182 3968  BTHUSB - ok
08:45:50.0249 3968  [ 4A28E7BD365377D0512B7EF8C7596D2C ] btwaudio        C:\Windows\system32\drivers\btwaudio.sys
08:45:50.0280 3968  btwaudio - ok
08:45:50.0309 3968  [ 5FFDE57253D665067B0886612817EB11 ] btwavdt        C:\Windows\system32\drivers\btwavdt.sys
08:45:50.0454 3968  btwavdt - ok
08:45:50.0562 3968  [ AB07DC8B05C31A4F95FC73019BE9DB15 ] btwrchid        C:\Windows\system32\DRIVERS\btwrchid.sys
08:45:50.0600 3968  btwrchid - ok
08:45:50.0670 3968  [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
08:45:50.0734 3968  cdfs - ok
08:45:50.0820 3968  [ 6B4BFFB9BECD728097024276430DB314 ] cdrom          C:\Windows\system32\DRIVERS\cdrom.sys
08:45:50.0988 3968  cdrom - ok
08:45:51.0062 3968  [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc    C:\Windows\System32\certprop.dll
08:45:51.0125 3968  CertPropSvc - ok
08:45:51.0178 3968  [ DA8E0AFC7BAA226C538EF53AC2F90897 ] circlass        C:\Windows\system32\drivers\circlass.sys
08:45:51.0243 3968  circlass - ok
08:45:51.0267 3968  [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS            C:\Windows\system32\CLFS.sys
08:45:51.0292 3968  CLFS - ok
08:45:51.0310 3968  [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:45:51.0325 3968  clr_optimization_v2.0.50727_32 - ok
08:45:51.0411 3968  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
08:45:51.0441 3968  clr_optimization_v4.0.30319_32 - ok
08:45:51.0495 3968  [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
08:45:51.0705 3968  CmBatt - ok
08:45:51.0734 3968  [ DE11A06E187756ECB86CFA82DAC40FF7 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
08:45:51.0750 3968  cmdide - ok
08:45:51.0798 3968  [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
08:45:51.0821 3968  Compbatt - ok
08:45:51.0830 3968  COMSysApp - ok
08:45:51.0841 3968  [ 2A213AE086BBEC5E937553C7D9A2B22C ] crcdisk        C:\Windows\system32\drivers\crcdisk.sys
08:45:51.0856 3968  crcdisk - ok
08:45:51.0876 3968  [ 22A7F883508176489F559EE745B5BF5D ] Crusoe          C:\Windows\system32\drivers\crusoe.sys
08:45:51.0983 3968  Crusoe - ok
08:45:52.0081 3968  [ 75C6A297E364014840B48ECCD7525E30 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
08:45:52.0136 3968  CryptSvc - ok
08:45:52.0192 3968  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch      C:\Windows\system32\rpcss.dll
08:45:52.0252 3968  DcomLaunch - ok
08:45:52.0321 3968  [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
08:45:52.0388 3968  DfsC - ok
08:45:53.0008 3968  [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR            C:\Windows\system32\DFSR.exe
08:45:53.0172 3968  DFSR - ok
08:45:53.0322 3968  [ D8522960163FA593694E441194A9A574 ] dg_ssudbus      C:\Windows\system32\DRIVERS\ssudbus.sys
08:45:53.0337 3968  dg_ssudbus - ok
08:45:53.0575 3968  [ 9028559C132146FB75EB7ACF384B086A ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
08:45:53.0616 3968  Dhcp - ok
08:45:53.0734 3968  [ 5D4AEFC3386920236A548271F8F1AF6A ] disk            C:\Windows\system32\drivers\disk.sys
08:45:53.0753 3968  disk - ok
08:45:53.0783 3968  [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache        C:\Windows\System32\dnsrslvr.dll
08:45:53.0894 3968  Dnscache - ok
08:45:53.0946 3968  [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc        C:\Windows\System32\dot3svc.dll
08:45:53.0992 3968  dot3svc - ok
08:45:54.0084 3968  [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS            C:\Windows\system32\dps.dll
08:45:54.0115 3968  DPS - ok
08:45:54.0191 3968  [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud        C:\Windows\system32\drivers\drmkaud.sys
08:45:54.0247 3968  drmkaud - ok
08:45:54.0403 3968  [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl        C:\Windows\System32\drivers\dxgkrnl.sys
08:45:54.0463 3968  DXGKrnl - ok
08:45:54.0587 3968  [ 7505290504C8E2D172FA378CC0497BCC ] e1express      C:\Windows\system32\DRIVERS\e1e6032.sys
08:45:54.0920 3968  e1express - ok
08:45:55.0057 3968  [ F88FB26547FD2CE6D0A5AF2985892C48 ] E1G60          C:\Windows\system32\DRIVERS\E1G60I32.sys
08:45:55.0213 3968  E1G60 - ok
08:45:55.0315 3968  [ C0B95E40D85CD807D614E264248A45B9 ] EapHost        C:\Windows\System32\eapsvc.dll
08:45:55.0410 3968  EapHost - ok
08:45:55.0674 3968  [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache          C:\Windows\system32\drivers\ecache.sys
08:45:55.0758 3968  Ecache - ok
08:45:55.0957 3968  [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr        C:\Windows\ehome\ehRecvr.exe
08:45:56.0343 3968  ehRecvr - ok
08:45:56.0478 3968  [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched        C:\Windows\ehome\ehsched.exe
08:45:56.0766 3968  ehSched - ok
08:45:56.0852 3968  [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart        C:\Windows\ehome\ehstart.dll
08:45:56.0947 3968  ehstart - ok
08:45:57.0203 3968  [ E8F3F21A71720C84BCF423B80028359F ] elxstor        C:\Windows\system32\drivers\elxstor.sys
08:45:57.0408 3968  elxstor - ok
08:45:57.0824 3968  [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt        C:\Windows\system32\emdmgmt.dll
08:45:58.0365 3968  EMDMgmt - ok
08:45:58.0428 3968  [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem    C:\Windows\system32\es.dll
08:45:58.0491 3968  EventSystem - ok
08:45:58.0680 3968  [ F10E7AA8BDF4488E3DFA989B8E7F7C9F ] EvtEng          C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
08:45:58.0766 3968  EvtEng ( UnsignedFile.Multi.Generic ) - warning
08:45:58.0766 3968  EvtEng - detected UnsignedFile.Multi.Generic (1)
08:45:58.0834 3968  [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat          C:\Windows\system32\drivers\exfat.sys
08:45:58.0884 3968  exfat - ok
08:45:58.0941 3968  [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat        C:\Windows\system32\drivers\fastfat.sys
08:45:59.0013 3968  fastfat - ok
08:45:59.0059 3968  [ 63BDADA84951B9C03E641800E176898A ] fdc            C:\Windows\system32\DRIVERS\fdc.sys
08:45:59.0145 3968  fdc - ok
08:45:59.0199 3968  [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost        C:\Windows\system32\fdPHost.dll
08:45:59.0271 3968  fdPHost - ok
08:45:59.0298 3968  [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub        C:\Windows\system32\fdrespub.dll
08:45:59.0388 3968  FDResPub - ok
08:45:59.0419 3968  [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
08:45:59.0463 3968  FileInfo - ok
08:45:59.0485 3968  [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace      C:\Windows\system32\drivers\filetrace.sys
08:45:59.0529 3968  Filetrace - ok
08:45:59.0558 3968  [ 6603957EFF5EC62D25075EA8AC27DE68 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
08:45:59.0629 3968  flpydisk - ok
08:45:59.0693 3968  [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
08:45:59.0715 3968  FltMgr - ok
08:45:59.0854 3968  [ 8CE364388C8ECA59B14B539179276D44 ] FontCache      C:\Windows\system32\FntCache.dll
08:45:59.0988 3968  FontCache - ok
08:46:00.0084 3968  [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
08:46:00.0100 3968  FontCache3.0.0.0 - ok
08:46:00.0144 3968  [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
08:46:00.0193 3968  Fs_Rec - ok
08:46:00.0240 3968  [ 4E1CD0A45C50A8882616CAE5BF82F3C5 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
08:46:00.0273 3968  gagp30kx - ok
08:46:00.0317 3968  getPlusHelper - ok
08:46:00.0386 3968  [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc          C:\Windows\System32\gpsvc.dll
08:46:00.0521 3968  gpsvc - ok
08:46:00.0658 3968  [ 626A24ED1228580B9518C01930936DF9 ] gupdate1c9912216cfd88b C:\Program Files\Google\Update\GoogleUpdate.exe
08:46:00.0672 3968  gupdate1c9912216cfd88b - ok
08:46:00.0694 3968  [ 626A24ED1228580B9518C01930936DF9 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
08:46:00.0707 3968  gupdatem - ok
08:46:00.0762 3968  [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
08:46:00.0819 3968  HdAudAddService - ok
08:46:00.0942 3968  [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
08:46:01.0086 3968  HDAudBus - ok
08:46:01.0128 3968  [ FCB3F4BE408F72C1BD81BCABA87FC22F ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
08:46:01.0187 3968  HidBth - ok
08:46:01.0226 3968  [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr          C:\Windows\system32\drivers\hidir.sys
08:46:01.0303 3968  HidIr - ok
08:46:01.0340 3968  [ 84067081F3318162797385E11A8F0582 ] hidserv        C:\Windows\system32\hidserv.dll
08:46:01.0358 3968  hidserv - ok
08:46:01.0392 3968  [ CCA4B519B17E23A00B826C55716809CC ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
08:46:01.0441 3968  HidUsb - ok
08:46:01.0486 3968  [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc          C:\Windows\system32\kmsvc.dll
08:46:01.0552 3968  hkmsvc - ok
08:46:01.0575 3968  [ DF353B401001246853763C4B7AAA6F50 ] HpCISSs        C:\Windows\system32\drivers\hpcisss.sys
08:46:01.0609 3968  HpCISSs - ok
08:46:01.0821 3968  [ 53229DCF431D76434816CD29251168A0 ] HSF_DPV        C:\Windows\system32\DRIVERS\HSX_DPV.sys
08:46:01.0981 3968  HSF_DPV - ok
08:46:02.0002 3968  [ 31F949D452201F2F0AF0C88D7DB512CD ] HSXHWAZL        C:\Windows\system32\DRIVERS\HSXHWAZL.sys
08:46:02.0038 3968  HSXHWAZL - ok
08:46:02.0162 3968  [ F870AA3E254628EBEAFE754108D664DE ] HTTP            C:\Windows\system32\drivers\HTTP.sys
08:46:02.0271 3968  HTTP - ok
08:46:02.0302 3968  [ 324C2152FF2C61ABAE92D09F3CCA4D63 ] i2omp          C:\Windows\system32\drivers\i2omp.sys
08:46:02.0323 3968  i2omp - ok
08:46:02.0377 3968  [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
08:46:02.0417 3968  i8042prt - ok
08:46:02.0443 3968  [ C957BF4B5D80B46C5017BF0101E6C906 ] iaStorV        C:\Windows\system32\drivers\iastorv.sys
08:46:02.0464 3968  iaStorV - ok
08:46:02.0658 3968  [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT        C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
08:46:02.0683 3968  IDriverT ( UnsignedFile.Multi.Generic ) - warning
08:46:02.0683 3968  IDriverT - detected UnsignedFile.Multi.Generic (1)
08:46:02.0784 3968  [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc          C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
08:46:02.0845 3968  idsvc - ok
08:46:02.0900 3968  [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp          C:\Windows\system32\drivers\iirsp.sys
08:46:02.0935 3968  iirsp - ok
08:46:03.0139 3968  [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT          C:\Windows\System32\ikeext.dll
08:46:03.0197 3968  IKEEXT - ok
08:46:03.0278 3968  [ 83AA759F3189E6370C30DE5DC5590718 ] intelide        C:\Windows\system32\drivers\intelide.sys
08:46:03.0324 3968  intelide - ok
08:46:03.0408 3968  [ 224191001E78C89DFA78924C3EA595FF ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
08:46:03.0481 3968  intelppm - ok
08:46:03.0556 3968  [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum      C:\Windows\system32\ipbusenum.dll
08:46:03.0627 3968  IPBusEnum - ok
08:46:03.0644 3968  [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
08:46:03.0684 3968  IpFilterDriver - ok
08:46:03.0720 3968  [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
08:46:03.0774 3968  iphlpsvc - ok
08:46:03.0780 3968  IpInIp - ok
08:46:03.0857 3968  [ 40F34F8ABA2A015D780E4B09138B6C17 ] IPMIDRV        C:\Windows\system32\drivers\ipmidrv.sys
08:46:03.0920 3968  IPMIDRV - ok
08:46:03.0974 3968  [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT          C:\Windows\system32\DRIVERS\ipnat.sys
08:46:04.0093 3968  IPNAT - ok
08:46:04.0140 3968  [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
08:46:04.0170 3968  IRENUM - ok
08:46:04.0198 3968  [ 2F8ECE2699E7E2070545E9B0960A8ED2 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
08:46:04.0214 3968  isapnp - ok
08:46:04.0315 3968  [ 232FA340531D940AAC623B121A595034 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
08:46:04.0335 3968  iScsiPrt - ok
08:46:04.0367 3968  [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
08:46:04.0400 3968  iteatapi - ok
08:46:04.0418 3968  [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid        C:\Windows\system32\drivers\iteraid.sys
08:46:04.0433 3968  iteraid - ok
08:46:04.0473 3968  [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
08:46:04.0489 3968  kbdclass - ok
08:46:04.0583 3968  [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
08:46:04.0630 3968  kbdhid - ok
08:46:04.0668 3968  [ A3E186B4B935905B829219502557314E ] KeyIso          C:\Windows\system32\lsass.exe
08:46:04.0735 3968  KeyIso - ok
08:46:04.0857 3968  [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
08:46:04.0888 3968  KSecDD - ok
08:46:04.0995 3968  [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm          C:\Windows\system32\msdtckrm.dll
08:46:05.0086 3968  KtmRm - ok
08:46:05.0124 3968  [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer    C:\Windows\system32\srvsvc.dll
08:46:05.0184 3968  LanmanServer - ok
08:46:05.0244 3968  [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
08:46:05.0306 3968  LanmanWorkstation - ok
08:46:05.0345 3968  [ 4127E8B6DDB4090E815C1F8852C277D3 ] lirsgt          C:\Windows\system32\DRIVERS\lirsgt.sys
08:46:05.0359 3968  lirsgt - ok
08:46:05.0413 3968  [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
08:46:05.0482 3968  lltdio - ok
08:46:05.0514 3968  [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc        C:\Windows\System32\lltdsvc.dll
08:46:05.0561 3968  lltdsvc - ok
08:46:05.0601 3968  [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts        C:\Windows\System32\lmhsvc.dll
08:46:05.0651 3968  lmhosts - ok
08:46:05.0753 3968  [ A2262FB9F28935E862B4DB46438C80D2 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
08:46:05.0770 3968  LSI_FC - ok
08:46:05.0803 3968  [ 30D73327D390F72A62F32C103DAF1D6D ] LSI_SAS        C:\Windows\system32\drivers\lsi_sas.sys
08:46:05.0838 3968  LSI_SAS - ok
08:46:05.0871 3968  [ E1E36FEFD45849A95F1AB81DE0159FE3 ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
08:46:05.0887 3968  LSI_SCSI - ok
08:46:05.0942 3968  [ 8F5C7426567798E62A3B3614965D62CC ] luafv          C:\Windows\system32\drivers\luafv.sys
08:46:05.0988 3968  luafv - ok
08:46:06.0047 3968  [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc        C:\Windows\system32\Mcx2Svc.dll
08:46:06.0074 3968  Mcx2Svc - ok
08:46:06.0121 3968  [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk        C:\Windows\system32\DRIVERS\mdmxsdk.sys
08:46:06.0149 3968  mdmxsdk - ok
08:46:06.0171 3968  [ D153B14FC6598EAE8422A2037553ADCE ] megasas        C:\Windows\system32\drivers\megasas.sys
08:46:06.0192 3968  megasas - ok
08:46:06.0233 3968  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS          C:\Windows\system32\mmcss.dll
08:46:06.0285 3968  MMCSS - ok
08:46:06.0302 3968  [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem          C:\Windows\system32\drivers\modem.sys
08:46:06.0359 3968  Modem - ok
08:46:06.0410 3968  [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor        C:\Windows\system32\DRIVERS\monitor.sys
08:46:06.0454 3968  monitor - ok
08:46:06.0493 3968  [ 5BF6A1326A335C5298477754A506D263 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
08:46:06.0508 3968  mouclass - ok
08:46:06.0539 3968  [ 93B8D4869E12CFBE663915502900876F ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
08:46:06.0605 3968  mouhid - ok
08:46:06.0656 3968  [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
08:46:06.0692 3968  MountMgr - ok
08:46:06.0733 3968  [ 583A41F26278D9E0EA548163D6139397 ] mpio            C:\Windows\system32\drivers\mpio.sys
08:46:06.0749 3968  mpio - ok
08:46:06.0767 3968  [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
08:46:06.0825 3968  mpsdrv - ok
08:46:06.0884 3968  [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc          C:\Windows\system32\mpssvc.dll
08:46:06.0952 3968  MpsSvc - ok
08:46:06.0966 3968  [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
08:46:06.0983 3968  Mraid35x - ok
08:46:07.0019 3968  [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
08:46:07.0062 3968  MRxDAV - ok
08:46:07.0096 3968  [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
08:46:07.0157 3968  mrxsmb - ok
08:46:07.0201 3968  [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
08:46:07.0258 3968  mrxsmb10 - ok
08:46:07.0283 3968  [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
08:46:07.0300 3968  mrxsmb20 - ok
08:46:07.0323 3968  [ 0D1C042188FFE61A702A9DF5944DE5BA ] msahci          C:\Windows\system32\drivers\msahci.sys
08:46:07.0341 3968  msahci - ok
08:46:07.0358 3968  [ 3FC82A2AE4CC149165A94699183D3028 ] msdsm          C:\Windows\system32\drivers\msdsm.sys
08:46:07.0373 3968  msdsm - ok
08:46:07.0419 3968  [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC          C:\Windows\System32\msdtc.exe
08:46:07.0487 3968  MSDTC - ok
08:46:07.0521 3968  [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
08:46:07.0570 3968  Msfs - ok
08:46:07.0596 3968  [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
08:46:07.0614 3968  msisadrv - ok
08:46:07.0689 3968  [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI        C:\Windows\system32\iscsiexe.dll
08:46:07.0890 3968  MSiSCSI - ok
08:46:07.0899 3968  msiserver - ok
08:46:07.0946 3968  [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV        C:\Windows\system32\drivers\MSKSSRV.sys
08:46:07.0992 3968  MSKSSRV - ok
08:46:08.0052 3968  [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
08:46:08.0112 3968  MSPCLOCK - ok
08:46:08.0132 3968  [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM          C:\Windows\system32\drivers\MSPQM.sys
08:46:08.0161 3968  MSPQM - ok
08:46:08.0201 3968  [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC          C:\Windows\system32\drivers\MsRPC.sys
08:46:08.0218 3968  MsRPC - ok
08:46:08.0238 3968  [ E384487CB84BE41D09711C30CA79646C ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
08:46:08.0254 3968  mssmbios - ok
08:46:08.0290 3968  [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE          C:\Windows\system32\drivers\MSTEE.sys
08:46:08.0365 3968  MSTEE - ok
08:46:08.0385 3968  [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup            C:\Windows\system32\Drivers\mup.sys
08:46:08.0423 3968  Mup - ok
08:46:08.0507 3968  [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent        C:\Windows\system32\qagentRT.dll
08:46:08.0636 3968  napagent - ok
08:46:08.0738 3968  [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP    C:\Windows\system32\DRIVERS\nwifi.sys
08:46:08.0852 3968  NativeWifiP - ok
08:46:09.0050 3968  [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS            C:\Windows\system32\drivers\ndis.sys
08:46:09.0105 3968  NDIS - ok
08:46:09.0159 3968  [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
08:46:09.0223 3968  NdisTapi - ok
08:46:09.0239 3968  [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio        C:\Windows\system32\DRIVERS\ndisuio.sys
08:46:09.0283 3968  Ndisuio - ok
08:46:09.0307 3968  [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan        C:\Windows\system32\DRIVERS\ndiswan.sys
08:46:09.0347 3968  NdisWan - ok
08:46:09.0371 3968  [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy        C:\Windows\system32\drivers\NDProxy.sys
08:46:09.0418 3968  NDProxy - ok
08:46:09.0459 3968  [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS        C:\Windows\system32\DRIVERS\netbios.sys
08:46:09.0518 3968  NetBIOS - ok
08:46:09.0604 3968  [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt          C:\Windows\system32\DRIVERS\netbt.sys
08:46:09.0645 3968  netbt - ok
08:46:09.0679 3968  [ A3E186B4B935905B829219502557314E ] Netlogon        C:\Windows\system32\lsass.exe
08:46:09.0695 3968  Netlogon - ok
08:46:09.0797 3968  [ C8052711DAECC48B982434C5116CA401 ] Netman          C:\Windows\System32\netman.dll
08:46:09.0873 3968  Netman - ok
08:46:09.0944 3968  [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm        C:\Windows\System32\netprofm.dll
08:46:09.0995 3968  netprofm - ok
08:46:10.0034 3968  [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
08:46:10.0077 3968  NetTcpPortSharing - ok
08:46:10.0359 3968  [ 6522DD40A5F67CED020BD81B856613FB ] NETw4v32        C:\Windows\system32\DRIVERS\NETw4v32.sys
08:46:10.0523 3968  NETw4v32 - ok
08:46:10.0699 3968  [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960        C:\Windows\system32\drivers\nfrd960.sys
08:46:10.0756 3968  nfrd960 - ok
08:46:10.0794 3968  [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc          C:\Windows\System32\nlasvc.dll
08:46:10.0827 3968  NlaSvc - ok
08:46:10.0866 3968  [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
08:46:11.0005 3968  Npfs - ok
08:46:11.0086 3968  [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi            C:\Windows\system32\nsisvc.dll
08:46:11.0135 3968  nsi - ok
08:46:11.0158 3968  [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
08:46:11.0239 3968  nsiproxy - ok
08:46:11.0366 3968  [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
08:46:11.0425 3968  Ntfs - ok
08:46:11.0465 3968  [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi      C:\Windows\system32\drivers\ntrigdigi.sys
08:46:11.0607 3968  ntrigdigi - ok
08:46:11.0727 3968  [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null            C:\Windows\system32\drivers\Null.sys
08:46:11.0761 3968  Null - ok
08:46:12.0975 3968  [ DC89868592D74DE404406C9420C3F277 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
08:46:13.0873 3968  nvlddmkm - ok
08:46:13.0913 3968  [ E69E946F80C1C31C53003BFBF50CBB7C ] nvraid          C:\Windows\system32\drivers\nvraid.sys
08:46:13.0988 3968  nvraid - ok
08:46:14.0024 3968  [ 9E0BA19A28C498A6D323D065DB76DFFC ] nvstor          C:\Windows\system32\drivers\nvstor.sys
08:46:14.0070 3968  nvstor - ok
08:46:14.0101 3968  [ 055081FD5076401C1EE1BCAB08D81911 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
08:46:14.0170 3968  nv_agp - ok
08:46:14.0176 3968  NwlnkFlt - ok
08:46:14.0185 3968  NwlnkFwd - ok
08:46:14.0246 3968  [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
08:46:14.0339 3968  ohci1394 - ok
08:46:14.0407 3968  [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose            C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
08:46:14.0420 3968  ose - ok
08:46:14.0511 3968  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc        C:\Windows\system32\p2psvc.dll
08:46:14.0591 3968  p2pimsvc - ok
08:46:14.0611 3968  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc          C:\Windows\system32\p2psvc.dll
08:46:14.0641 3968  p2psvc - ok
08:46:14.0685 3968  [ 0FA9B5055484649D63C303FE404E5F4D ] Parport        C:\Windows\system32\drivers\parport.sys
08:46:14.0772 3968  Parport - ok
08:46:14.0812 3968  [ B9C2B89F08670E159F7181891E449CD9 ] partmgr        C:\Windows\system32\drivers\partmgr.sys
08:46:14.0830 3968  partmgr - ok
08:46:14.0846 3968  [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm          C:\Windows\system32\drivers\parvdm.sys
08:46:14.0937 3968  Parvdm - ok
08:46:14.0974 3968  [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc          C:\Windows\System32\pcasvc.dll
08:46:15.0020 3968  PcaSvc - ok
08:46:15.0099 3968  [ FD2041E9BA03DB7764B2248F02475079 ] pccsmcfd        C:\Windows\system32\DRIVERS\pccsmcfd.sys
08:46:15.0148 3968  pccsmcfd - ok
08:46:15.0200 3968  [ 941DC1D19E7E8620F40BBC206981EFDB ] pci            C:\Windows\system32\drivers\pci.sys
08:46:15.0230 3968  pci - ok
08:46:15.0267 3968  [ 54D23DC5B5072311116826FDB7F6E83E ] pciide          C:\Windows\system32\DRIVERS\pciide.sys
08:46:15.0283 3968  pciide - ok
08:46:15.0326 3968  [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
08:46:15.0344 3968  pcmcia - ok
08:46:15.0405 3968  [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
08:46:15.0541 3968  PEAUTH - ok
08:46:15.0679 3968  [ B1689DF169143F57053F795390C99DB3 ] pla            C:\Windows\system32\pla.dll
08:46:15.0748 3968  pla - ok
08:46:15.0814 3968  [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
08:46:15.0859 3968  PlugPlay - ok
08:46:15.0989 3968  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg    C:\Windows\system32\p2psvc.dll
08:46:16.0063 3968  PNRPAutoReg - ok
08:46:16.0078 3968  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc        C:\Windows\system32\p2psvc.dll
08:46:16.0132 3968  PNRPsvc - ok
08:46:16.0198 3968  [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent    C:\Windows\System32\ipsecsvc.dll
08:46:16.0235 3968  PolicyAgent - ok
08:46:16.0323 3968  [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
08:46:16.0398 3968  PptpMiniport - ok
08:46:16.0477 3968  [ 0E3CEF5D28B40CF273281D620C50700A ] Processor      C:\Windows\system32\drivers\processr.sys
08:46:16.0538 3968  Processor - ok
08:46:16.0580 3968  [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc        C:\Windows\system32\profsvc.dll
08:46:16.0609 3968  ProfSvc - ok
08:46:16.0624 3968  [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
08:46:16.0640 3968  ProtectedStorage - ok
08:46:16.0685 3968  [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
08:46:16.0730 3968  PSched - ok
08:46:16.0761 3968  [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20        C:\Windows\system32\Drivers\PxHelp20.sys
08:46:16.0799 3968  PxHelp20 - ok
08:46:16.0861 3968  [ CCDAC889326317792480C0A67156A1EC ] ql2300          C:\Windows\system32\drivers\ql2300.sys
08:46:16.0918 3968  ql2300 - ok
08:46:16.0972 3968  [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
08:46:16.0989 3968  ql40xx - ok
08:46:17.0047 3968  [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE          C:\Windows\system32\qwave.dll
08:46:17.0183 3968  QWAVE - ok
08:46:17.0223 3968  [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
08:46:17.0301 3968  QWAVEdrv - ok
08:46:17.0535 3968  [ A6201FD4D96F7FA7DB3AD609BE60FF5C ] R300            C:\Windows\system32\DRIVERS\atikmdag.sys
08:46:17.0691 3968  R300 - ok
08:46:17.0761 3968  [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
08:46:17.0817 3968  RasAcd - ok
08:46:17.0857 3968  [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto        C:\Windows\System32\rasauto.dll
08:46:17.0925 3968  RasAuto - ok
08:46:17.0969 3968  [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp        C:\Windows\system32\DRIVERS\rasl2tp.sys
08:46:18.0028 3968  Rasl2tp - ok
08:46:18.0071 3968  [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan          C:\Windows\System32\rasmans.dll
08:46:18.0119 3968  RasMan - ok
08:46:18.0146 3968  [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
08:46:18.0186 3968  RasPppoe - ok
08:46:18.0204 3968  [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp        C:\Windows\system32\DRIVERS\rassstp.sys
08:46:18.0235 3968  RasSstp - ok
08:46:18.0306 3968  [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss          C:\Windows\system32\DRIVERS\rdbss.sys
08:46:18.0354 3968  rdbss - ok
08:46:18.0377 3968  [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
08:46:18.0433 3968  RDPCDD - ok
08:46:18.0481 3968  [ 0245418224CFA77BF4B41C2FE0622258 ] rdpdr          C:\Windows\system32\drivers\rdpdr.sys
08:46:18.0528 3968  rdpdr - ok
08:46:18.0535 3968  [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
08:46:18.0565 3968  RDPENCDD - ok
08:46:18.0641 3968  [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD          C:\Windows\system32\drivers\RDPWD.sys
08:46:18.0713 3968  RDPWD - ok
08:46:18.0750 3968  [ 7274BD434B6165BAA382BDD87F6CA4CE ] RegSrvc        C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
08:46:18.0781 3968  RegSrvc ( UnsignedFile.Multi.Generic ) - warning
08:46:18.0781 3968  RegSrvc - detected UnsignedFile.Multi.Generic (1)
08:46:18.0835 3968  [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess    C:\Windows\System32\mprdim.dll
08:46:18.0885 3968  RemoteAccess - ok
08:46:18.0927 3968  [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry  C:\Windows\system32\regsvc.dll
08:46:18.0974 3968  RemoteRegistry - ok
08:46:19.0017 3968  [ 6482707F9F4DA0ECBAB43B2E0398A101 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
08:46:19.0067 3968  RFCOMM - ok
08:46:19.0100 3968  [ D85E3FA9F5B1F29BB4ED185C450D1470 ] rimmptsk        C:\Windows\system32\DRIVERS\rimmptsk.sys
08:46:19.0128 3968  rimmptsk - ok
08:46:19.0160 3968  [ DB8EB01C58C9FADA00C70B1775278AE0 ] rimsptsk        C:\Windows\system32\DRIVERS\rimsptsk.sys
08:46:19.0200 3968  rimsptsk - ok
08:46:19.0285 3968  [ 6C1F93C0760C9F79A1869D07233DF39D ] rismxdp        C:\Windows\system32\DRIVERS\rixdptsk.sys
08:46:19.0390 3968  rismxdp - ok
08:46:19.0603 3968  [ EBCDE8B48FADC6479D96A56D0A432160 ] RoxMediaDB9    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
08:46:19.0666 3968  RoxMediaDB9 ( UnsignedFile.Multi.Generic ) - warning
08:46:19.0666 3968  RoxMediaDB9 - detected UnsignedFile.Multi.Generic (1)
08:46:19.0710 3968  [ AB2B1DE1C8F31EFCE2384B14B3DC4260 ] RoxWatch9      C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
08:46:19.0730 3968  RoxWatch9 ( UnsignedFile.Multi.Generic ) - warning
08:46:19.0730 3968  RoxWatch9 - detected UnsignedFile.Multi.Generic (1)
08:46:19.0757 3968  [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator      C:\Windows\system32\locator.exe
08:46:19.0788 3968  RpcLocator - ok
08:46:19.0893 3968  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs          C:\Windows\system32\rpcss.dll
08:46:19.0930 3968  RpcSs - ok
08:46:20.0000 3968  [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
08:46:20.0045 3968  rspndr - ok
08:46:20.0055 3968  [ A3E186B4B935905B829219502557314E ] SamSs          C:\Windows\system32\lsass.exe
08:46:20.0072 3968  SamSs - ok
08:46:20.0116 3968  [ 3CE8F073A557E172B330109436984E30 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
08:46:20.0145 3968  sbp2port - ok
08:46:20.0165 3968  SBRE - ok
08:46:20.0207 3968  [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
08:46:20.0258 3968  SCardSvr - ok
08:46:20.0354 3968  [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule        C:\Windows\system32\schedsvc.dll
08:46:20.0443 3968  Schedule - ok
08:46:20.0475 3968  [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc    C:\Windows\System32\certprop.dll
08:46:20.0499 3968  SCPolicySvc - ok
08:46:20.0581 3968  [ 8F36B54688C31EED4580129040C6A3D3 ] sdbus          C:\Windows\system32\DRIVERS\sdbus.sys
08:46:20.0617 3968  sdbus - ok
08:46:20.0660 3968  [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
08:46:20.0731 3968  SDRSVC - ok
08:46:20.0749 3968  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
08:46:20.0820 3968  secdrv - ok
08:46:20.0848 3968  [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon        C:\Windows\system32\seclogon.dll
08:46:20.0892 3968  seclogon - ok
08:46:20.0939 3968  [ A9BBAB5759771E523F55563D6CBE140F ] SENS            C:\Windows\System32\sens.dll
08:46:20.0990 3968  SENS - ok
08:46:21.0010 3968  [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum        C:\Windows\system32\drivers\serenum.sys
08:46:21.0077 3968  Serenum - ok
08:46:21.0111 3968  [ C70D69A918B178D3C3B06339B40C2E1B ] Serial          C:\Windows\system32\drivers\serial.sys
08:46:21.0164 3968  Serial - ok
08:46:21.0205 3968  [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
08:46:21.0289 3968  sermouse - ok
08:46:21.0487 3968  [ E802089FEC30A95FDFD218995308F9B3 ] ServiceLayer    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
08:46:21.0530 3968  ServiceLayer - ok
08:46:21.0561 3968  [ D2193326F729B163125610DBF3E17D57 ] SessionEnv      C:\Windows\system32\sessenv.dll
08:46:21.0608 3968  SessionEnv - ok
08:46:21.0676 3968  [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk        C:\Windows\system32\DRIVERS\sffdisk.sys
08:46:21.0730 3968  sffdisk - ok
08:46:21.0776 3968  [ 8FD08A310645FE872EEEC6E08C6BF3EE ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
08:46:21.0858 3968  sffp_mmc - ok
08:46:21.0909 3968  [ 9F66A46C55D6F1CCABC79BB7AFCCC545 ] sffp_sd        C:\Windows\system32\DRIVERS\sffp_sd.sys
08:46:21.0933 3968  sffp_sd - ok
08:46:21.0971 3968  [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy        C:\Windows\system32\drivers\sfloppy.sys
08:46:22.0020 3968  sfloppy - ok
08:46:22.0133 3968  [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
08:46:22.0280 3968  SharedAccess - ok
08:46:22.0325 3968  [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
08:46:22.0390 3968  ShellHWDetection - ok
08:46:22.0427 3968  [ 08072B2FB92477FC813271A84B3A8698 ] sisagp          C:\Windows\system32\drivers\sisagp.sys
08:46:22.0444 3968  sisagp - ok
08:46:22.0457 3968  [ CEDD6F4E7D84E9F98B34B3FE988373AA ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
08:46:22.0472 3968  SiSRaid2 - ok
08:46:22.0485 3968  [ DF843C528C4F69D12CE41CE462E973A7 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
08:46:22.0502 3968  SiSRaid4 - ok
08:46:22.0701 3968  [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc          C:\Windows\system32\SLsvc.exe
08:46:22.0920 3968  slsvc - ok
08:46:22.0955 3968  [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify      C:\Windows\system32\SLUINotify.dll
08:46:23.0009 3968  SLUINotify - ok
08:46:23.0056 3968  [ 7B75299A4D201D6A6533603D6914AB04 ] Smb            C:\Windows\system32\DRIVERS\smb.sys
08:46:23.0089 3968  Smb - ok
08:46:23.0134 3968  [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
08:46:23.0151 3968  SNMPTRAP - ok
08:46:23.0200 3968  [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr          C:\Windows\system32\drivers\spldr.sys
08:46:23.0249 3968  spldr - ok
08:46:23.0317 3968  [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler        C:\Windows\System32\spoolsv.exe
08:46:23.0353 3968  Spooler - ok
08:46:23.0627 3968  [ D390675B8CE45E5FB359338E5E649329 ] sptd            C:\Windows\system32\Drivers\sptd.sys
08:46:23.0628 3968  Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: D390675B8CE45E5FB359338E5E649329
08:46:23.0631 3968  sptd ( LockedFile.Multi.Generic ) - warning
08:46:23.0631 3968  sptd - detected LockedFile.Multi.Generic (1)
08:46:23.0703 3968  [ 41987F9FC0E61ADF54F581E15029AD91 ] srv            C:\Windows\system32\DRIVERS\srv.sys
08:46:23.0770 3968  srv - ok
08:46:23.0896 3968  [ FF33AFF99564B1AA534F58868CBE41EF ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
08:46:23.0945 3968  srv2 - ok
08:46:23.0966 3968  [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
08:46:24.0037 3968  srvnet - ok
08:46:24.0116 3968  [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV        C:\Windows\System32\ssdpsrv.dll
08:46:24.0540 3968  SSDPSRV - ok
08:46:24.0683 3968  [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv          C:\Windows\system32\DRIVERS\ssmdrv.sys
08:46:24.0694 3968  ssmdrv - ok
08:46:24.0734 3968  [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc        C:\Windows\system32\sstpsvc.dll
08:46:24.0819 3968  SstpSvc - ok
08:46:24.0937 3968  [ 1B4052F016BA5E087689ABA536A0A927 ] ssudmdm        C:\Windows\system32\DRIVERS\ssudmdm.sys
08:46:24.0986 3968  ssudmdm - ok
08:46:25.0050 3968  [ 306521935042FC0A6988D528643619B3 ] StarOpen        C:\Windows\system32\drivers\StarOpen.sys
08:46:25.0073 3968  StarOpen ( UnsignedFile.Multi.Generic ) - warning
08:46:25.0073 3968  StarOpen - detected UnsignedFile.Multi.Generic (1)
08:46:25.0266 3968  [ 9CEA131B5EB0EA653F6B3EA80B54956D ] STHDA          C:\Windows\system32\drivers\stwrt.sys
08:46:25.0403 3968  STHDA - ok
08:46:25.0452 3968  [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc          C:\Windows\System32\wiaservc.dll
08:46:25.0502 3968  stisvc - ok
08:46:25.0573 3968  [ 51778FD315C9882F1CBD932743E62A72 ] stllssvr        C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
08:46:25.0610 3968  stllssvr ( UnsignedFile.Multi.Generic ) - warning
08:46:25.0610 3968  stllssvr - detected UnsignedFile.Multi.Generic (1)
08:46:25.0678 3968  [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
08:46:25.0693 3968  swenum - ok
08:46:25.0744 3968  [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv          C:\Windows\System32\swprv.dll
08:46:25.0796 3968  swprv - ok
08:46:25.0829 3968  [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx        C:\Windows\system32\drivers\symc8xx.sys
08:46:25.0855 3968  Symc8xx - ok
08:46:25.0873 3968  [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
08:46:25.0888 3968  Sym_hi - ok
08:46:25.0915 3968  [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
08:46:25.0945 3968  Sym_u3 - ok
08:46:25.0995 3968  [ 1F5192248A364D4AB68DB063D18A2139 ] SynTP          C:\Windows\system32\DRIVERS\SynTP.sys
08:46:26.0010 3968  SynTP - ok
08:46:26.0051 3968  [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain        C:\Windows\system32\sysmain.dll
08:46:26.0123 3968  SysMain - ok
08:46:26.0163 3968  [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
08:46:26.0198 3968  TabletInputService - ok
08:46:26.0267 3968  [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv        C:\Windows\System32\tapisrv.dll
08:46:26.0324 3968  TapiSrv - ok
08:46:26.0396 3968  [ CB05822CD9CC6C688168E113C603DBE7 ] TBS            C:\Windows\System32\tbssvc.dll
08:46:26.0445 3968  TBS - ok
08:46:26.0587 3968  [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip          C:\Windows\system32\drivers\tcpip.sys
08:46:26.0703 3968  Tcpip - ok
08:46:26.0755 3968  [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
08:46:26.0795 3968  Tcpip6 - ok
08:46:26.0901 3968  [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
08:46:26.0935 3968  tcpipreg - ok
08:46:26.0959 3968  [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
08:46:27.0012 3968  TDPIPE - ok
08:46:27.0029 3968  [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP          C:\Windows\system32\drivers\tdtcp.sys
08:46:27.0083 3968  TDTCP - ok
08:46:27.0130 3968  [ 76B06EB8A01FC8624D699E7045303E54 ] tdx            C:\Windows\system32\DRIVERS\tdx.sys
08:46:27.0178 3968  tdx - ok
08:46:27.0222 3968  [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
08:46:27.0238 3968  TermDD - ok
08:46:27.0437 3968  [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService    C:\Windows\System32\termsrv.dll
08:46:27.0591 3968  TermService - ok
08:46:27.0682 3968  [ C7230FBEE14437716701C15BE02C27B8 ] Themes          C:\Windows\system32\shsvcs.dll
08:46:27.0703 3968  Themes - ok
08:46:27.0710 3968  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER    C:\Windows\system32\mmcss.dll
08:46:27.0740 3968  THREADORDER - ok
08:46:27.0776 3968  [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks          C:\Windows\System32\trkwks.dll
08:46:27.0832 3968  TrkWks - ok
08:46:27.0942 3968  [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
08:46:27.0978 3968  TrustedInstaller - ok
08:46:28.0019 3968  [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
08:46:28.0080 3968  tssecsrv - ok
08:46:28.0146 3968  [ 6A29CD69D1128BDF49A705BEFC614A5B ] TuneUp.Defrag  C:\Windows\System32\TuneUpDefragService.exe
08:46:28.0182 3968  TuneUp.Defrag - ok
08:46:28.0371 3968  [ 51EE2913ED525DE18FDA96DCCBC5386A ] TuneUp.ProgramStatisticsSvc C:\Windows\System32\TUProgSt.exe
08:46:28.0408 3968  TuneUp.ProgramStatisticsSvc - ok
08:46:28.0467 3968  [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp          C:\Windows\system32\DRIVERS\tunmp.sys
08:46:28.0483 3968  tunmp - ok
08:46:28.0521 3968  [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
08:46:28.0558 3968  tunnel - ok
08:46:28.0590 3968  [ C3ADE15414120033A36C0F293D4A4121 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
08:46:28.0620 3968  uagp35 - ok
08:46:28.0726 3968  [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
08:46:28.0799 3968  udfs - ok
08:46:28.0830 3968  [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect      C:\Windows\system32\UI0Detect.exe
08:46:28.0862 3968  UI0Detect - ok
08:46:28.0881 3968  [ 6D72EF05921ABDF59FC45C7EBFE7E8DD ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
08:46:28.0914 3968  uliagpkx - ok
08:46:28.0945 3968  [ 3CD4EA35A6221B85DCC25DAA46313F8D ] uliahci        C:\Windows\system32\drivers\uliahci.sys
08:46:28.0967 3968  uliahci - ok
08:46:28.0986 3968  [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata          C:\Windows\system32\drivers\ulsata.sys
08:46:29.0003 3968  UlSata - ok
08:46:29.0020 3968  [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2        C:\Windows\system32\drivers\ulsata2.sys
08:46:29.0037 3968  ulsata2 - ok
08:46:29.0058 3968  [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus          C:\Windows\system32\DRIVERS\umbus.sys
08:46:29.0088 3968  umbus - ok
08:46:29.0224 3968  [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost        C:\Windows\System32\upnphost.dll
08:46:29.0258 3968  upnphost - ok
08:46:29.0358 3968  [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp        C:\Windows\system32\DRIVERS\usbccgp.sys
08:46:29.0414 3968  usbccgp - ok
08:46:29.0453 3968  [ E9476E6C486E76BC4898074768FB7131 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
08:46:29.0538 3968  usbcir - ok
08:46:29.0592 3968  [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci        C:\Windows\system32\DRIVERS\usbehci.sys
08:46:29.0616 3968  usbehci - ok
08:46:29.0663 3968  [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
08:46:29.0801 3968  usbhub - ok
08:46:29.0895 3968  [ 38DBC7DD6CC5A72011F187425384388B ] usbohci        C:\Windows\system32\drivers\usbohci.sys
08:46:30.0013 3968  usbohci - ok
08:46:30.0088 3968  [ B51E52ACF758BE00EF3A58EA452FE360 ] usbprint        C:\Windows\system32\drivers\usbprint.sys
08:46:30.0139 3968  usbprint - ok
08:46:30.0306 3968  [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR        C:\Windows\system32\DRIVERS\USBSTOR.SYS
08:46:30.0404 3968  USBSTOR - ok
08:46:30.0501 3968  [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci        C:\Windows\system32\DRIVERS\usbuhci.sys
08:46:30.0556 3968  usbuhci - ok
08:46:30.0597 3968  [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms          C:\Windows\System32\uxsms.dll
08:46:30.0637 3968  UxSms - ok
08:46:30.0675 3968  [ 2E2E93041C8058BC7DE6F0D743C4A0C6 ] UxTuneUp        C:\Windows\System32\uxtuneup.dll
08:46:30.0688 3968  UxTuneUp - ok
08:46:30.0750 3968  [ CD88D1B7776DC17A119049742EC07EB4 ] vds            C:\Windows\System32\vds.exe
08:46:30.0800 3968  vds - ok
08:46:30.0857 3968  [ 7D92BE0028ECDEDEC74617009084B5EF ] vga            C:\Windows\system32\DRIVERS\vgapnp.sys
08:46:30.0928 3968  vga - ok
08:46:30.0986 3968  [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave        C:\Windows\System32\drivers\vga.sys
08:46:31.0034 3968  VgaSave - ok
08:46:31.0059 3968  [ D5929A28BDFF4367A12CAF06AF901971 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
08:46:31.0093 3968  viaagp - ok
08:46:31.0126 3968  [ 56A4DE5F02F2E88182B0981119B4DD98 ] ViaC7          C:\Windows\system32\drivers\viac7.sys
08:46:31.0192 3968  ViaC7 - ok
08:46:31.0225 3968  [ C0ACE9D0F5A5EE0B00F58345947A57FC ] viaide          C:\Windows\system32\drivers\viaide.sys
08:46:31.0242 3968  viaide - ok
08:46:31.0277 3968  [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
08:46:31.0316 3968  volmgr - ok
08:46:31.0391 3968  [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx        C:\Windows\system32\drivers\volmgrx.sys
08:46:31.0431 3968  volmgrx - ok
08:46:31.0519 3968  [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap        C:\Windows\system32\drivers\volsnap.sys
08:46:31.0542 3968  volsnap - ok
08:46:31.0568 3968  [ D984439746D42B30FC65A4C3546C6829 ] vsmraid        C:\Windows\system32\drivers\vsmraid.sys
08:46:31.0603 3968  vsmraid - ok
08:46:31.0764 3968  [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS            C:\Windows\system32\vssvc.exe
08:46:31.0857 3968  VSS - ok
08:46:31.0925 3968  [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time        C:\Windows\system32\w32time.dll
08:46:31.0992 3968  W32Time - ok
08:46:32.0064 3968  [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
08:46:32.0145 3968  WacomPen - ok
08:46:32.0205 3968  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
08:46:32.0243 3968  Wanarp - ok
08:46:32.0249 3968  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
08:46:32.0274 3968  Wanarpv6 - ok
08:46:32.0517 3968  [ A3CD60FD826381B49F03832590E069AF ] wcncsvc        C:\Windows\System32\wcncsvc.dll
08:46:32.0663 3968  wcncsvc - ok
08:46:32.0751 3968  [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
08:46:32.0794 3968  WcsPlugInService - ok
08:46:32.0859 3968  [ AFC5AD65B991C1E205CF25CFDBF7A6F4 ] Wd              C:\Windows\system32\drivers\wd.sys
08:46:32.0874 3968  Wd - ok
08:46:33.0078 3968  [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
08:46:33.0123 3968  Wdf01000 - ok
08:46:33.0193 3968  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
08:46:33.0245 3968  WdiServiceHost - ok
08:46:33.0250 3968  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost  C:\Windows\system32\wdi.dll
08:46:33.0283 3968  WdiSystemHost - ok
08:46:33.0335 3968  [ 04C37D8107320312FBAE09926103D5E2 ] WebClient      C:\Windows\System32\webclnt.dll
08:46:33.0356 3968  WebClient - ok
08:46:33.0404 3968  [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc          C:\Windows\system32\wecsvc.dll
08:46:33.0464 3968  Wecsvc - ok
08:46:33.0496 3968  [ 670FF720071ED741206D69BD995EA453 ] wercplsupport  C:\Windows\System32\wercplsupport.dll
08:46:33.0541 3968  wercplsupport - ok
08:46:33.0584 3968  [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc          C:\Windows\System32\WerSvc.dll
08:46:33.0628 3968  WerSvc - ok
08:46:33.0709 3968  [ 6D2350BB6E77E800FC4BE4E5B7A2E89A ] winachsf        C:\Windows\system32\DRIVERS\HSX_CNXT.sys
08:46:33.0750 3968  winachsf - ok
08:46:33.0931 3968  [ 4575AA12561C5648483403541D0D7F2B ] WinDefend      C:\Program Files\Windows Defender\mpsvc.dll
08:46:33.0955 3968  WinDefend - ok
08:46:33.0963 3968  WinHttpAutoProxySvc - ok
08:46:34.0163 3968  [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt        C:\Windows\system32\wbem\WMIsvc.dll
08:46:34.0205 3968  Winmgmt - ok
08:46:34.0420 3968  [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM          C:\Windows\system32\WsmSvc.dll
08:46:34.0563 3968  WinRM - ok
08:46:34.0651 3968  [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc        C:\Windows\System32\wlansvc.dll
08:46:34.0721 3968  Wlansvc - ok
08:46:34.0764 3968  [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi        C:\Windows\system32\DRIVERS\wmiacpi.sys
08:46:34.0834 3968  WmiAcpi - ok
08:46:34.0892 3968  [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
08:46:35.0004 3968  wmiApSrv - ok
08:46:35.0117 3968  [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc  C:\Program Files\Windows Media Player\wmpnetwk.exe
08:46:35.0245 3968  WMPNetworkSvc - ok
08:46:35.0299 3968  [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
08:46:35.0449 3968  WPCSvc - ok
08:46:35.0559 3968  [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
08:46:35.0638 3968  WPDBusEnum - ok
08:46:35.0703 3968  [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb          C:\Windows\system32\DRIVERS\wpdusb.sys
08:46:35.0829 3968  WpdUsb - ok
08:46:36.0063 3968  [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
08:46:36.0095 3968  WPFFontCache_v0400 - ok
08:46:36.0133 3968  [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl        C:\Windows\system32\drivers\ws2ifsl.sys
08:46:36.0178 3968  ws2ifsl - ok
08:46:36.0212 3968  [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc          C:\Windows\System32\wscsvc.dll
08:46:36.0241 3968  wscsvc - ok
08:46:36.0249 3968  WSearch - ok
08:46:36.0438 3968  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
08:46:36.0529 3968  wuauserv - ok
08:46:36.0649 3968  [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
08:46:36.0681 3968  WUDFRd - ok
08:46:36.0721 3968  [ 575A4190D989F64732119E4114045A4F ] wudfsvc        C:\Windows\System32\WUDFSvc.dll
08:46:36.0754 3968  wudfsvc - ok
08:46:36.0793 3968  [ 5A7FF9A18FF6D7E0527FE3ABF9204EF8 ] XAudio          C:\Windows\system32\DRIVERS\xaudio.sys
08:46:36.0820 3968  XAudio - ok
08:46:36.0876 3968  [ 28DC5D626E036A75A572556F0A6EB1F6 ] XAudioService  C:\Windows\system32\DRIVERS\xaudio.exe
08:46:36.0896 3968  XAudioService - ok
08:46:36.0954 3968  ================ Scan global ===============================
08:46:37.0022 3968  [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
08:46:37.0140 3968  [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
08:46:37.0224 3968  [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
08:46:37.0354 3968  [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
08:46:37.0358 3968  [Global] - ok
08:46:37.0359 3968  ================ Scan MBR ==================================
08:46:37.0378 3968  [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
08:46:38.0514 3968  \Device\Harddisk0\DR0 - ok
08:46:38.0516 3968  ================ Scan VBR ==================================
08:46:38.0545 3968  [ CAD60F4449ACA2C65347DAD7024CC1A6 ] \Device\Harddisk0\DR0\Partition1
08:46:38.0576 3968  \Device\Harddisk0\DR0\Partition1 - ok
08:46:38.0597 3968  [ ECBD938FC5C24153E16F139973F09DF4 ] \Device\Harddisk0\DR0\Partition2
08:46:38.0599 3968  \Device\Harddisk0\DR0\Partition2 - ok
08:46:38.0600 3968  ============================================================
08:46:38.0600 3968  Scan finished
08:46:38.0600 3968  ============================================================
08:46:38.0615 3584  Detected object count: 8
08:46:38.0616 3584  Actual detected object count: 8
08:49:38.0753 3584  EvtEng ( UnsignedFile.Multi.Generic ) - skipped by user
08:49:38.0753 3584  EvtEng ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:49:38.0756 3584  IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
08:49:38.0756 3584  IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:49:38.0760 3584  RegSrvc ( UnsignedFile.Multi.Generic ) - skipped by user
08:49:38.0760 3584  RegSrvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:49:38.0763 3584  RoxMediaDB9 ( UnsignedFile.Multi.Generic ) - skipped by user
08:49:38.0763 3584  RoxMediaDB9 ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:49:38.0763 3584  RoxWatch9 ( UnsignedFile.Multi.Generic ) - skipped by user
08:49:38.0763 3584  RoxWatch9 ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:49:38.0766 3584  sptd ( LockedFile.Multi.Generic ) - skipped by user
08:49:38.0766 3584  sptd ( LockedFile.Multi.Generic ) - User select action: Skip
08:49:38.0769 3584  StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user
08:49:38.0769 3584  StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:49:38.0772 3584  stllssvr ( UnsignedFile.Multi.Generic ) - skipped by user
08:49:38.0772 3584  stllssvr ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:49:42.0717 1908  Deinitialize success
Situation unverändert, I-Explorer noch nicht einsatzfähig...

cosinus 07.10.2012 09:16
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Joshua1966 07.10.2012 09:56
Das log von Combofix:

Code:
ComboFix 12-10-04.02 - Wolfgang 07.10.2012  10:42:06.1.2 - x86
Microsoft® Windows Vista™ Home Premium  6.0.6002.2.1252.49.1031.18.3070.2007 [GMT 2:00]
ausgeführt von:: c:\users\Standart\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\version.txt
c:\programdata\CB031D1D89.sys
c:\programdata\Roaming
c:\programdata\Roaming\Intel\Wireless\Settings\Settings.ini
c:\users\Standart\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Vista Recovery
c:\users\Standart\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Vista Recovery\Uninstall Windows Vista Recovery.lnk
c:\users\Standart\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Vista Recovery\Windows Vista Recovery.lnk
c:\users\Standart\AppData\Roaming\Niomd
c:\users\Standart\AppData\Roaming\Niomd\ofoq.owk
c:\users\Wolfgang\AppData\Roaming\inst.exe
c:\windows\IsUn0407.exe
c:\windows\iun6002.exe
c:\windows\system32\muzapp.exe
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-09-07 bis 2012-10-07  ))))))))))))))))))))))))))))))
.
.
2012-10-07 08:49 . 2012-10-07 08:49        --------        d-----w-        c:\users\Wolfgang\AppData\Local\temp
2012-10-07 08:49 . 2012-10-07 08:49        --------        d-----w-        c:\users\Wolfgang.Joshua\AppData\Local\temp
2012-10-07 08:49 . 2012-10-07 08:49        --------        d-----w-        c:\users\TEMP\AppData\Local\temp
2012-10-07 08:49 . 2012-10-07 08:49        --------        d-----w-        c:\users\TEMP.Joshua\AppData\Local\temp
2012-10-07 06:39 . 2012-10-07 06:39        --------        d-----w-        C:\TDSSKiller_Quarantine
2012-10-05 15:38 . 2012-10-05 15:38        --------        d-----w-        C:\_OTL
2012-10-02 10:09 . 2012-10-02 10:09        --------        d-----w-        c:\program files\ESET
2012-10-02 10:05 . 2012-10-02 10:05        --------        d-----w-        c:\users\Wolfgang.Joshua.000\AppData\Roaming\Avira
2012-10-02 10:02 . 2012-10-02 10:02        --------        d-----w-        c:\users\Wolfgang.Joshua.000\AppData\Local\Mozilla
2012-10-02 10:01 . 2012-10-02 11:03        --------        d-----w-        c:\users\Wolfgang.Joshua.000\AppData\Local\PasswordSafe
2012-09-29 14:45 . 2012-10-05 15:40        --------        d-----w-        c:\users\Standart\AppData\Roaming\Refi
2012-09-29 11:27 . 2012-09-29 11:27        --------        d-----w-        c:\users\Standart\AppData\Local\Winamp Toolbar
2012-09-29 08:09 . 2012-09-29 08:09        --------        d-----w-        c:\users\Standart\AppData\Roaming\phonostar GmbH
2012-09-29 07:47 . 2012-09-29 07:47        --------        d-----w-        c:\users\Standart\AppData\Roaming\streamripper
2012-09-29 07:45 . 2012-09-29 08:05        --------        d-----w-        c:\users\Standart\AppData\Roaming\Winamp
2012-09-29 07:43 . 2009-09-04 15:29        1892184        ----a-w-        c:\windows\system32\D3DX9_42.dll
2012-09-29 07:40 . 2012-09-29 07:40        --------        d-----w-        c:\program files\Common Files\PX Storage Engine
2012-09-29 07:40 . 2012-09-29 11:44        --------        d-----w-        c:\program files\Winamp
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-07 15:04 . 2012-04-20 18:07        22856        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-08-21 15:09 . 2012-08-21 15:09        696520        ----a-w-        c:\windows\system32\FlashPlayerApp.exe
2012-08-21 15:09 . 2011-06-02 08:18        73416        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-25 16:24 . 2011-07-12 17:36        134104        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-10 1233920]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-17 815104]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-10-04 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-10-04 8497696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-10-04 81920]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2007-10-04 86016]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-09 348664]
.
c:\users\Wolfgang.Joshua.000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Password Safe.lnk - c:\program files\Password Safe\pwsafe.exe [2012-6-21 3825152]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Printkey2000.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Printkey2000.lnk
backup=c:\windows\pss\Printkey2000.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Wolfgang^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^BUFFALO NAS Navigator.lnk]
path=c:\users\Wolfgang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BUFFALO NAS Navigator.lnk
backup=c:\windows\pss\BUFFALO NAS Navigator.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-15 00:04        39792        ----a-w-        c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
2007-09-18 14:16        171464        ----a-w-        c:\program files\DAEMON Tools\daemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesHelper]
2011-11-29 19:58        935312        ----a-w-        c:\program files\Samsung\Kies\KiesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent]
2011-11-29 19:58        3508624        ----a-w-        c:\program files\Samsung\Kies\KiesTrayAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2006-11-05 10:22        221184        ----a-w-        c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-06-02 09:56        24264488        ----a-r-        c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-04-08 10:59        254696        ----a-w-        c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
S2 acedrv10;acedrv10;c:\windows\system32\drivers\acedrv10.sys [x]
S2 acehlp10;acehlp10;c:\windows\system32\drivers\acehlp10.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs        REG_MULTI_SZ          BthServ
getPlusHelper        REG_MULTI_SZ          getPlusHelper
LocalServiceAndNoImpersonation        REG_MULTI_SZ          FontCache
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
Inhalt des "geplante Tasks" Ordners
.
2012-10-07 c:\windows\Tasks\1-Klick-Wartung.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-11-16 11:45]
.
2012-10-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-17 17:06]
.
2012-10-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-17 17:06]
.
2012-10-07 c:\windows\Tasks\User_Feed_Synchronization-{2AACFABE-3B33-4DAF-B213-B138ADF0F46B}.job
- c:\windows\system32\msfeedssync.exe [2011-04-17 06:57]
.
2012-10-07 c:\windows\Tasks\User_Feed_Synchronization-{8B064243-A5B6-4219-86F7-5D7CF3E2AFC6}.job
- c:\windows\system32\msfeedssync.exe [2011-04-17 06:57]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
TCP: Interfaces\{2FF582BE-CF30-47B1-892B-CFCD9A4900A2}: NameServer = 192.168.2.1
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab
FF - ProfilePath - c:\users\Wolfgang.Joshua.000\AppData\Roaming\Mozilla\Firefox\Profiles\0pv0bhrv.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-RunOnce-OTL - c:\users\Standart\Desktop\OTL.exe
MSConfigStartUp-AnyDVD - c:\program files\SlySoft\AnyDVD\AnyDVD.exe
MSConfigStartUp-Google Desktop Search - c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
MSConfigStartUp-NokiaMusic FastStart - c:\program files\Nokia\Ovi Player\NokiaOviPlayer.exe
MSConfigStartUp-NokiaOviSuite2 - c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
MSConfigStartUp-PC Suite Tray - c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-10-07 10:49
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2012-10-07  10:52:23
ComboFix-quarantined-files.txt  2012-10-07 08:52
.
Vor Suchlauf: 19 Verzeichnis(se), 22.494.519.296 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 22.215.032.832 Bytes frei
.
- - End Of File - - 656E35314096A82FF70B30213AEDDDB4

cosinus 07.10.2012 18:05
Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

Joshua1966 07.10.2012 20:33
Alles ohne große Probleme erledigt, hier der Scan von GMER:
Code:
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-10-07 21:03:07
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 SAMSUNG_HM120JI rev.YF100-15
Running: 5hofgytt.exe; Driver: C:\Users\WOLFGA~1.000\AppData\Local\Temp\pwldypow.sys


---- System - GMER 1.0.15 ----

SSDT            900893BE                                                                                                            ZwCreateSection
SSDT            900893C8                                                                                                            ZwRequestWaitReplyPort
SSDT            900893C3                                                                                                            ZwSetContextThread
SSDT            900893CD                                                                                                            ZwSetSecurityObject
SSDT            900893D2                                                                                                            ZwSystemDebugControl
SSDT            9008935F                                                                                                            ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text          ntkrnlpa.exe!KeSetEvent + 215                                                                                        822F08D8 4 Bytes  [BE, 93, 08, 90]
.text          ntkrnlpa.exe!KeSetEvent + 539                                                                                        822F0BFC 4 Bytes  [C8, 93, 08, 90] {ENTER 0x893, 0x90}
.text          ntkrnlpa.exe!KeSetEvent + 56D                                                                                        822F0C30 4 Bytes  [C3, 93, 08, 90]
.text          ntkrnlpa.exe!KeSetEvent + 5D1                                                                                        822F0C94 4 Bytes  [CD, 93, 08, 90]
.text          ntkrnlpa.exe!KeSetEvent + 619                                                                                        822F0CDC 4 Bytes  [D2, 93, 08, 90]
.text          ...                                                                                                                 
?              C:\Windows\System32\Drivers\sptd.sys                                                                                Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
.text          C:\Windows\system32\DRIVERS\nvlddmkm.sys                                                                            section is writeable [0x8EE07360, 0x35B8D2, 0xE8000020]
.text          USBPORT.SYS!DllUnload                                                                                                8F86A41B 5 Bytes  JMP 8652F538
.reloc          C:\Windows\system32\drivers\acehlp10.sys                                                                            section is executable [0x8F99CB80, 0x37FC7, 0xE0000060]
.text          a7bjv531.SYS                                                                                                        8A581000 22 Bytes  [82, 83, 21, 82, 6C, 82, 21, ...]
.text          a7bjv531.SYS                                                                                                        8A581017 106 Bytes  [00, 32, 57, 77, 80, 3D, 55, ...]
.text          a7bjv531.SYS                                                                                                        8A581082 74 Bytes  [25, 82, F8, AD, 2E, 82, E6, ...]
.text          a7bjv531.SYS                                                                                                        8A5810CE 73 Bytes  [00, 00, 00, 00, 01, C2, 03, ...]
.text          a7bjv531.SYS                                                                                                        8A581118 185 Bytes  [3F, 48, 3E, 8A, 3C, CC, 3D, ...]
.text          ...                                                                                                                 
.reloc          C:\Windows\system32\drivers\acedrv10.sys                                                                            section is executable [0xA12FF000, 0x459C1, 0xE0000060]
.text          C:\Windows\system32\DRIVERS\atksgt.sys                                                                              section is writeable [0xA1345300, 0x3ACC8, 0xE8000020]
.text          C:\Windows\system32\DRIVERS\lirsgt.sys                                                                              section is writeable [0xA1388300, 0x1B7E, 0xE8000020]
?              C:\Users\WOLFGA~1.000\AppData\Local\Temp\inyafakj.sys                                                                Das System kann die angegebene Datei nicht finden. !

---- User code sections - GMER 1.0.15 ----

.text          C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[3128] ntdll.dll!DbgUiRemoteBreakin                77DBCD44 1 Byte  [C3]
.text          C:\Program Files\Mozilla Firefox\plugin-container.exe[3748] USER32.dll!SetWindowLongA                                7645E7CD 5 Bytes  JMP 616FA2FB C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text          C:\Program Files\Mozilla Firefox\plugin-container.exe[3748] USER32.dll!SetWindowLongW                                764613B4 5 Bytes  JMP 616FA28D C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text          C:\Program Files\Mozilla Firefox\plugin-container.exe[3748] USER32.dll!GetWindowInfo                                7646428E 5 Bytes  JMP 61501BD2 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text          C:\Program Files\Mozilla Firefox\plugin-container.exe[3748] USER32.dll!TrackPopupMenu                                764714F3 5 Bytes  JMP 6150219D C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text          C:\Program Files\Mozilla Firefox\firefox.exe[4024] ntdll.dll!LdrLoadDll                                              77D59378 5 Bytes  JMP 00F91410 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT            \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar]                                            [8068261E] \SystemRoot\System32\Drivers\sptd.sys
IAT            \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar]                                            [80681AD4] \SystemRoot\System32\Drivers\sptd.sys
IAT            \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort]                                    [80682748] \SystemRoot\System32\Drivers\sptd.sys
IAT            \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort]                                            [80681B9C] \SystemRoot\System32\Drivers\sptd.sys
IAT            \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort]                                      [80681C1A] \SystemRoot\System32\Drivers\sptd.sys
IAT            \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR]                                                  [8069729A] \SystemRoot\System32\Drivers\sptd.sys
IAT            \SystemRoot\System32\Drivers\a7bjv531.SYS[ataport.SYS!AtaPortNotification]                                          000000DC
IAT            \SystemRoot\System32\Drivers\a7bjv531.SYS[ataport.SYS!AtaPortWritePortUchar]                                        000000A2
IAT            \SystemRoot\System32\Drivers\a7bjv531.SYS[ataport.SYS!AtaPortWritePortUlong]                                        00000333
IAT            \SystemRoot\System32\Drivers\a7bjv531.SYS[ataport.SYS!AtaPortGetPhysicalAddress]                                    000003D8
IAT            \SystemRoot\System32\Drivers\a7bjv531.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong]                          0000024D
IAT            \SystemRoot\System32\Drivers\a7bjv531.SYS[ataport.SYS!AtaPortGetScatterGatherList]                                  00000201
IAT            \SystemRoot\System32\Drivers\a7bjv531.SYS[ataport.SYS!AtaPortReadPortUchar]                                          000001EF
IAT            \SystemRoot\System32\Drivers\a7bjv531.SYS[ataport.SYS!AtaPortStallExecution]                                        0000031F
IAT            \SystemRoot\System32\Drivers\a7bjv531.SYS[ataport.SYS!AtaPortGetParentBusType]                                      000000A1
IAT            \SystemRoot\System32\Drivers\a7bjv531.SYS[ataport.SYS!AtaPortRequestCallback]                                        0000025C
IAT            \SystemRoot\System32\Drivers\a7bjv531.SYS[ataport.SYS!AtaPortWritePortBufferUshort]                                  000003BE
IAT            \SystemRoot\System32\Drivers\a7bjv531.SYS[ataport.SYS!AtaPortGetUnCachedExtension]                                  00000215
IAT            \SystemRoot\System32\Drivers\a7bjv531.SYS[ataport.SYS!AtaPortCompleteRequest]                                        000000DD
IAT            \SystemRoot\System32\Drivers\a7bjv531.SYS[ataport.SYS!AtaPortMoveMemory]                                            00000190
IAT            \SystemRoot\System32\Drivers\a7bjv531.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests]                              00000182
IAT            \SystemRoot\System32\Drivers\a7bjv531.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb]                                00000363
IAT            \SystemRoot\System32\Drivers\a7bjv531.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb]                                  00000258
IAT            \SystemRoot\System32\Drivers\a7bjv531.SYS[ataport.SYS!AtaPortReadPortUshort]                                        0000030E
IAT            \SystemRoot\System32\Drivers\a7bjv531.SYS[ataport.SYS!AtaPortReadPortBufferUshort]                                  0000017E
IAT            \SystemRoot\System32\Drivers\a7bjv531.SYS[ataport.SYS!AtaPortInitialize]                                            00000254
IAT            \SystemRoot\System32\Drivers\a7bjv531.SYS[ataport.SYS!AtaPortGetDeviceBase]                                          0000019E
IAT            \SystemRoot\System32\Drivers\a7bjv531.SYS[ataport.SYS!AtaPortDeviceStateChange]                                      000000AB

---- Devices - GMER 1.0.15 ----

Device          \FileSystem\Ntfs \Ntfs                                                                                              84B771E8
Device          \FileSystem\fastfat \FatCdrom                                                                                        89997528

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                                              Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)

Device          \Driver\volmgr \Device\VolMgrControl                                                                                84B741E8
Device          \Driver\usbuhci \Device\USBPDO-0                                                                                    8661D530
Device          \Driver\usbuhci \Device\USBPDO-1                                                                                    8661D530
Device          \Driver\PCI_NTPNP5717 \Device\00000052                                                                              sptd.sys
Device          \Driver\usbuhci \Device\USBPDO-2                                                                                    8661D530
Device          \Driver\usbuhci \Device\USBPDO-3                                                                                    8661D530
Device          \Driver\usbehci \Device\USBPDO-4                                                                                    8660F790
Device          \Driver\volmgr \Device\HarddiskVolume1                                                                              84B741E8
Device          \Driver\volmgr \Device\HarddiskVolume2                                                                              84B741E8
Device          \Driver\cdrom \Device\CdRom0                                                                                        8659B1E8
Device          \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0                                                                          84B761E8
Device          \Driver\atapi \Device\Ide\IdePort0                                                                                  84B761E8
Device          \Driver\atapi \Device\Ide\IdePort1                                                                                  84B761E8
Device          \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1                                                                          84B761E8
Device          \Driver\volmgr \Device\HarddiskVolume3                                                                              84B741E8
Device          \Driver\cdrom \Device\CdRom1                                                                                        8659B1E8
Device          \Driver\volmgr \Device\HarddiskVolume4                                                                              84B741E8
Device          \Driver\netbt \Device\NetBt_Wins_Export                                                                              89294790
Device          \Driver\iScsiPrt \Device\RaidPort0                                                                                  866AC1E8
Device          \Driver\usbuhci \Device\USBFDO-0                                                                                    8661D530
Device          \Driver\usbuhci \Device\USBFDO-1                                                                                    8661D530
Device          \Driver\netbt \Device\NetBT_Tcpip_{AA6E897D-42F9-4B33-92E7-8FD5DBE9B426}                                            89294790
Device          \Driver\usbuhci \Device\USBFDO-2                                                                                    8661D530
Device          \Driver\usbuhci \Device\USBFDO-3                                                                                    8661D530
Device          \Driver\usbehci \Device\USBFDO-4                                                                                    8660F790
Device          \Driver\netbt \Device\NetBT_Tcpip_{2FF582BE-CF30-47B1-892B-CFCD9A4900A2}                                            89294790
Device          \Driver\a7bjv531 \Device\Scsi\a7bjv5311Port3Path0Target0Lun0                                                        866CE1E8
Device          \Driver\a7bjv531 \Device\Scsi\a7bjv5311                                                                              866CE1E8
Device          \FileSystem\fastfat \Fat                                                                                            89997528

AttachedDevice  \FileSystem\fastfat \Fat                                                                                            fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg            HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000b0d31c433                                         
Reg            HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00197ee85f30                                         
Reg            HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00197ee85f30@0016b812c00f                            0x05 0x53 0x03 0x2F ...
Reg            HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00197ee85f30@c8979f380a2f                            0xC6 0x2F 0xE1 0xEB ...
Reg            HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00197ee85f30@2c44014b6da1                            0x2B 0xD4 0x21 0xBB ...
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1                                                                  771343423
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2                                                                  285507792
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0                                                                  1
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4                                   
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                  C:\Program Files\DAEMON Tools\
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                  0
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                              0x56 0x4B 0x77 0x8E ...
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001                           
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                        0x20 0x01 0x00 0x00 ...
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                      0x6F 0x47 0x88 0xA4 ...
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40                     
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                0x6D 0x9F 0x1B 0xA1 ...
Reg            HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\000b0d31c433 (not active ControlSet)                     
Reg            HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00197ee85f30 (not active ControlSet)                     
Reg            HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00197ee85f30@0016b812c00f                                0x05 0x53 0x03 0x2F ...
Reg            HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00197ee85f30@c8979f380a2f                                0xC6 0x2F 0xE1 0xEB ...
Reg            HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00197ee85f30@2c44014b6da1                                0x2B 0xD4 0x21 0xBB ...
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)               
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                      C:\Program Files\DAEMON Tools\
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                      0
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                  0x56 0x4B 0x77 0x8E ...
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)       
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                            0x20 0x01 0x00 0x00 ...
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                          0x6F 0x47 0x88 0xA4 ...
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) 
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                    0x6D 0x9F 0x1B 0xA1 ...

---- Files - GMER 1.0.15 ----

File            C:\Users\Standart\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S6R3HI5P\version[1].xml      243 bytes
File            C:\Users\Standart\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S6R3HI5P\version[2].htm      2175 bytes

---- EOF - GMER 1.0.15 ----
nun das OSAM log:
Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 21:08:57 on 07.10.2012

OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit
Default Browser: Microsoft Corporation Internet Explorer 9.00.8112.16421

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"1-Klick-Wartung.job" - "TuneUp Software GmbH" - C:\Program Files\TuneUp Utilities 2009\OneClickStarter.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"DModem.cpl" - ? - C:\Windows\system32\DModem.cpl
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl
"iPROSet.cpl" - "Intel Corporation" - C:\Windows\system32\iPROSet.cpl
"ISUSPM.cpl" - "InstallShield Software Corporation" - C:\Windows\system32\ISUSPM.cpl
"PhysX.cpl" - ? - C:\Windows\system32\PhysX.cpl
"stacgui.cpl" - "SigmaTel, Inc." - C:\Windows\system32\stacgui.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"PROSet Tools" - "Intel Corporation" - C:\Windows\System32\iPROSet.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"a7bjv531" (a7bjv531) - "Microsoft Corporation" - C:\Windows\system32\drivers\a7bjv531.sys  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"acedrv10" (acedrv10) - "Protect Software GmbH" - C:\Windows\system32\drivers\acedrv10.sys
"acehlp10" (acehlp10) - "Protect Software GmbH" - C:\Windows\system32\drivers\acehlp10.sys
"atksgt" (atksgt) - ? - C:\Windows\System32\DRIVERS\atksgt.sys  (File found, but it contains no detailed information)
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"avkmgr" (avkmgr) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avkmgr.sys
"catchme" (catchme) - ? - C:\Users\WOLFGA~1.000\AppData\Local\Temp\catchme.sys  (File not found)
"inyafakj" (inyafakj) - ? - C:\Users\WOLFGA~1.000\AppData\Local\Temp\inyafakj.sys  (Hidden registry entry, rootkit activity | File not found)
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"lirsgt" (lirsgt) - ? - C:\Windows\System32\DRIVERS\lirsgt.sys  (File found, but it contains no detailed information)
"pwldypow" (pwldypow) - ? - C:\Users\WOLFGA~1.000\AppData\Local\Temp\pwldypow.sys  (Hidden registry entry, rootkit activity | File not found)
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\Windows\System32\Drivers\PxHelp20.sys
"SBRE" (SBRE) - ? - C:\Windows\system32\drivers\SBREdrv.sys  (File not found)
"sptd" (sptd) - "Duplex Secure Ltd." - C:\Windows\System32\Drivers\sptd.sys  (File is exclusively opened, access blocked)
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys
"StarOpen" (StarOpen) - ? - C:\Windows\system32\drivers\StarOpen.sys  (File found, but it contains no detailed information)

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807553E5-5146-11D5-A672-00B0D022E945} "text/xml" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
{3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -  (File not found | COM-object registry key not found)
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -  (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -  (File not found | COM-object registry key not found)
{DE902992-61FC-4A01-8091-53E1895C9775} "CDR Icon Handler" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellXP.dll
{7AD101F2-0B93-4D66-A1CA-DF73F3C4377B} "CDR preview provider" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellVista.dll
{7FA63AC0-F5BC-4F3B-A9CF-94328D812B62} "CDR Property Handler" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellVista.dll
{1462EBAA-96E7-4D93-9A66-0E4068DE4FCF} "CDR Thumbnail provider" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellXP.dll
{DE902994-61FC-4A01-8091-53E1895C9775} "CMX Icon Handler" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellXP.dll
{1462EBAC-96E7-4D93-9A66-0E4068DE4FCF} "CMX Thumbnail provider" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellXP.dll
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -  (File not found | COM-object registry key not found)
{DE902993-61FC-4A01-8091-53E1895C9775} "CPT Icon Handler" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellXP.dll
{7FA63AC1-F5BC-4F3B-A9CF-94328D812B62} "CPT Property Handler" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellVista.dll
{1462EBAB-96E7-4D93-9A66-0E4068DE4FCF} "CPT Thumbnail provider" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellXP.dll
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -  (File not found | COM-object registry key not found)
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -  (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\OFFICE11\msohev.dll
{00020d75-0000-0000-c000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\OFFICE11\MLSHEXT.DLL
{7842554E-6BED-11D2-8CDB-B05550C10000} "Monitor Class" - "Broadcom Corporation." - C:\Windows\system32\btncopy.dll
{0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\OFFICE11\OLKFSTUB.DLL
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -  (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -  (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{738D66C6-0149-4D40-84E4-A7BB2D0CE949} "Sony Ericsson Datei-Manager" - ? -  (File not found | COM-object registry key not found)
{4838CD50-7E5D-4811-9B17-C47A85539F28} "TuneUp Disk Space Explorer Shell Extension" - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2009\DseShExt-x86.dll
{4858E7D9-8E12-45a3-B6A3-1CD128C9D403} "TuneUp Shredder Shell Extension" - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2009\SDShelEx-win32.dll
{44440D00-FF19-4AFC-B765-9A0970567D97} "TuneUp Theme Extension" - "TuneUp Software" - C:\Windows\System32\uxtuneup.dll
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -  (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Program Files\WinRAR\rarext.dll  (File found, but it contains no detailed information)

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_26.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
{BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} "Zylom Games Player" - "Zylom Games" - C:\ProgramData\Zylom\ZylomGamesPlayer\zylomgamesplayer.dll / hxxp://game.zylom.com/activex/zylomgamesplayer.cab
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" - ? -  (File not found | COM-object registry key not found) / hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? -  (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"@btrez.dll,-4015" - ? - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Recherchieren" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Wolfgang.Joshua.000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"Password Safe.lnk" - "SourceForge.net" - C:\Program Files\Password Safe\pwsafe.exe  (Shortcut exists | File exists)
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Canon BJ Language Monitor MG5200 series" - "CANON INC." - C:\Windows\system32\CNMLMAE.DLL
"Canon BJNP Port" - "CANON INC." - C:\Windows\system32\CNMNPPM.DLL
"HP Master Monitor" - "Hewlett-Packard" - C:\Windows\system32\HPBMMON.DLL
"Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\Windows\system32\mdimon.dll
"Redirected Port" - ? - C:\Windows\system32\redmonnt.dll  (File found, but it contains no detailed information)

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@%SystemRoot%\System32\uxtuneup.dll,-4096" (UxTuneUp) - "TuneUp Software" - C:\Windows\System32\uxtuneup.dll
"@C:\Program Files\NOS\bin\getPlus_Helper.dll,-101" (getPlusHelper) - ? - C:\Program Files\NOS\bin\getPlus_Helper.dll  (File not found)
"@c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
"Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"Google Update Service (gupdate1c9912216cfd88b)" (gupdate1c9912216cfd88b) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
"Intel(R) PROSet/Wireless Event Log" (EvtEng) - "Intel Corporation" - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
"Intel(R) PROSet/Wireless Registry Service" (RegSrvc) - "Intel Corporation" - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"stllssvr" (stllssvr) - "MicroVision Development, Inc." - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
und das log-file von aswMBR:
Code:
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-07 21:10:21
-----------------------------
21:10:21.692    OS Version: Windows 6.0.6002 Service Pack 2
21:10:21.692    Number of processors: 2 586 0xF06
21:10:21.693    ComputerName: JOSHUA  UserName:
21:10:22.731    Initialize success
21:12:18.223    AVAST engine defs: 12100701
21:12:28.409    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
21:12:28.411    Disk 0 Vendor: SAMSUNG_HM120JI YF100-15 Size: 114473MB BusType: 3
21:12:28.726    Disk 0 MBR read successfully
21:12:28.729    Disk 0 MBR scan
21:12:28.750    Disk 0 Windows VISTA default MBR code
21:12:28.825    Disk 0 Partition 1 00    DE Dell Utility Dell 8.0      86 MB offset 63
21:12:29.002    Disk 0 Partition 2 00    07    HPFS/NTFS NTFS        10240 MB offset 178176
21:12:29.087    Disk 0 Partition 3 80 (A) 07    HPFS/NTFS NTFS      102097 MB offset 21149696
21:12:29.094    Disk 0 Partition - 00    0F Extended LBA              2048 MB offset 230244352
21:12:29.293    Disk 0 Partition 4 00    DD              MSDOS5.0    2047 MB offset 230246400
21:12:29.406    Disk 0 scanning sectors +234438656
21:12:29.993    Disk 0 scanning C:\Windows\system32\drivers
21:13:55.458    Service scanning
21:14:14.986    Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
21:14:21.968    Modules scanning
21:14:43.538    Disk 0 trace - called modules:
21:14:43.575    ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x84b761e8]<<
21:14:43.581    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85d51ac8]
21:14:43.587    3 CLASSPNP.SYS[8a9ab8b3] -> nt!IofCallDriver -> [0x85579898]
21:14:43.592    5 acpi.sys[807a16bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x8557b5e0]
21:14:43.598    \Driver\atapi[0x855b3890] -> IRP_MJ_CREATE -> 0x84b761e8
21:14:44.197    AVAST engine scan C:\Windows
21:14:49.699    AVAST engine scan C:\Windows\system32
21:20:41.870    AVAST engine scan C:\Windows\system32\drivers
21:22:25.659    AVAST engine scan C:\Users\Wolfgang.Joshua.000
21:25:37.896    AVAST engine scan C:\ProgramData
21:27:43.453    Scan finished successfully
21:28:23.983    Disk 0 MBR has been saved successfully to "C:\MBR.dat"
21:28:23.989    The log file has been saved successfully to "C:\aswMBR.txt"

cosinus 07.10.2012 20:50
Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Joshua1966 09.10.2012 17:57
Das ging ein bisschen länger, hier das Malwarebyte log:

Code:
Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.10.08.06

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Wolfgang :: JOSHUA [Administrator]

08.10.2012 18:11:55
mbam-log-2012-10-08 (20-07-13).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 449463
Laufzeit: 1 Stunde(n), 49 Minute(n), 49 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 3
C:\TDSSKiller_Quarantine\07.10.2012_08.22.01\tdlfs0000\tsk0003.dta (Rootkit.Agent) -> Keine Aktion durchgeführt.
C:\TDSSKiller_Quarantine\07.10.2012_08.22.01\tdlfs0000\tsk0007.dta (Rootkit.Agent) -> Keine Aktion durchgeführt.
C:\TDSSKiller_Quarantine\07.10.2012_08.22.01\tdlfs0000\tsk0008.dta (Rootkit.TDSS) -> Keine Aktion durchgeführt.

(Ende)
und das Superantispy log:

Code:
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 10/08/2012 at 11:15 PM

Application Version : 5.6.1008

Core Rules Database Version : 9359
Trace Rules Database Version: 7171

Scan type      : Complete Scan
Total Scan Time : 02:59:37

Operating System Information
Windows Vista Home Premium 32-bit, Service Pack 2 (Build 6.00.6002)
UAC Off - Administrator (Limited User)

Memory items scanned      : 626
Memory threats detected  : 0
Registry items scanned    : 40708
Registry threats detected : 0
File items scanned        : 164317
File threats detected    : 220

Adware.Tracking Cookie
        C:\Users\Standart\AppData\Roaming\Microsoft\Windows\Cookies\SI8YJBBY.txt [ /doubleclick.net ]
        C:\Users\Standart\AppData\Roaming\Microsoft\Windows\Cookies\39QCBKSG.txt [ /fastclick.net ]
        C:\Users\Standart\AppData\Roaming\Microsoft\Windows\Cookies\Y4WEY0GB.txt [ /adfarm1.adition.com ]
        C:\Users\Standart\AppData\Roaming\Microsoft\Windows\Cookies\P0Y82I7E.txt [ /apmebf.com ]
        C:\Users\Standart\AppData\Roaming\Microsoft\Windows\Cookies\WUYBRU67.txt [ /mediaplex.com ]
        C:\Users\Standart\AppData\Roaming\Microsoft\Windows\Cookies\HL28GLI7.txt [ /ad1.adfarm1.adition.com ]
        C:\USERS\STANDART\AppData\Roaming\Microsoft\Windows\Cookies\Low\220Y312T.txt [ Cookie:standart@doubleclick.net/ ]
        C:\USERS\STANDART\AppData\Roaming\Microsoft\Windows\Cookies\Low\Y6T30JT8.txt [ Cookie:standart@tracker.vinsight.de/ ]
        C:\USERS\STANDART\AppData\Roaming\Microsoft\Windows\Cookies\Low\PCSH2ZG7.txt [ Cookie:standart@casalemedia.com/ ]
        C:\USERS\STANDART\AppData\Roaming\Microsoft\Windows\Cookies\Low\22IQ97XP.txt [ Cookie:standart@adx2.chip.de/ ]
        C:\USERS\STANDART\AppData\Roaming\Microsoft\Windows\Cookies\Low\G7X11QCL.txt [ Cookie:standart@track.adform.net/ ]
        C:\USERS\STANDART\AppData\Roaming\Microsoft\Windows\Cookies\Low\I541WWZK.txt [ Cookie:standart@www.etracker.de/ ]
        C:\USERS\STANDART\AppData\Roaming\Microsoft\Windows\Cookies\Low\NRWU9XOR.txt [ Cookie:standart@www.zanox-affiliate.de/ ]
        C:\USERS\STANDART\AppData\Roaming\Microsoft\Windows\Cookies\Low\Y1IW9A35.txt [ Cookie:standart@fl01.ct2.comclick.com/ ]
        C:\USERS\STANDART\AppData\Roaming\Microsoft\Windows\Cookies\Low\GMLZUN3M.txt [ Cookie:standart@e2.emediate.se/ ]
        C:\USERS\STANDART\AppData\Roaming\Microsoft\Windows\Cookies\Low\E9QKL029.txt [ Cookie:standart@yieldmanager.net/ ]
        C:\USERS\STANDART\AppData\Roaming\Microsoft\Windows\Cookies\Low\QVUKI9MS.txt [ Cookie:standart@ad4.adfarm1.adition.com/ ]
        C:\USERS\STANDART\AppData\Roaming\Microsoft\Windows\Cookies\Low\HTFCG733.txt [ Cookie:standart@zanox.com/ ]
        C:\USERS\STANDART\AppData\Roaming\Microsoft\Windows\Cookies\Low\G0S4TXB5.txt [ Cookie:standart@imrworldwide.com/cgi-bin ]
        C:\USERS\STANDART\AppData\Roaming\Microsoft\Windows\Cookies\Low\T86WTET1.txt [ Cookie:standart@ru4.com/ ]
        C:\USERS\STANDART\AppData\Roaming\Microsoft\Windows\Cookies\Low\UGF8U4JG.txt [ Cookie:standart@tribalfusion.com/ ]
        C:\USERS\STANDART\AppData\Roaming\Microsoft\Windows\Cookies\Low\ME0KW673.txt [ Cookie:standart@rambler.ru/ ]
        C:\USERS\STANDART\AppData\Roaming\Microsoft\Windows\Cookies\Low\3OJRSAEK.txt [ Cookie:standart@tradedoubler.com/ ]
        C:\USERS\STANDART\AppData\Roaming\Microsoft\Windows\Cookies\Low\T4711FUY.txt [ Cookie:standart@serving-sys.com/ ]
        C:\USERS\STANDART\AppData\Roaming\Microsoft\Windows\Cookies\Low\5PCZ3UO5.txt [ Cookie:standart@atwola.com/ ]
        C:\USERS\STANDART\AppData\Roaming\Microsoft\Windows\Cookies\Low\01S5BS2U.txt [ Cookie:standart@fastclick.net/ ]
        C:\USERS\STANDART\AppData\Roaming\Microsoft\Windows\Cookies\Low\LJSPDMS9.txt [ Cookie:standart@ad.mlnadvertising.com/ ]
        C:\USERS\STANDART\AppData\Roaming\Microsoft\Windows\Cookies\Low\QWHER5KH.txt [ Cookie:standart@ad.yieldmanager.com/ ]
        C:\USERS\STANDART\AppData\Roaming\Microsoft\Windows\Cookies\Low\0KMGUB71.txt [ Cookie:standart@traffictrack.de/ ]
        C:\USERS\STANDART\AppData\Roaming\Microsoft\Windows\Cookies\Low\K2JJPUS1.txt [ Cookie:standart@im.banner.t-online.de/ ]
        C:\USERS\STANDART\AppData\Roaming\Microsoft\Windows\Cookies\Low\OUJBIWA9.txt [ Cookie:standart@ar.atwola.com/ ]
        C:\USERS\STANDART\AppData\Roaming\Microsoft\Windows\Cookies\Low\UU9P3I5F.txt [ Cookie:standart@bs.serving-sys.com/ ]
        C:\USERS\STANDART\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZSVJSLRA.txt [ Cookie:standart@adfarm1.adition.com/ ]
        C:\USERS\STANDART\AppData\Roaming\Microsoft\Windows\Cookies\Low\VBHK9K6N.txt [ Cookie:standart@atdmt.com/ ]
        C:\USERS\STANDART\AppData\Roaming\Microsoft\Windows\Cookies\Low\E4RNO1M2.txt [ Cookie:standart@adtech.de/ ]
        C:\USERS\STANDART\AppData\Roaming\Microsoft\Windows\Cookies\Low\YUGT752H.txt [ Cookie:standart@ad3.adfarm1.adition.com/ ]
        C:\USERS\STANDART\AppData\Roaming\Microsoft\Windows\Cookies\Low\L68RDC2E.txt [ Cookie:standart@tacoda.at.atwola.com/ ]
        C:\USERS\STANDART\AppData\Roaming\Microsoft\Windows\Cookies\Low\F44PJT4H.txt [ Cookie:standart@adxpose.com/ ]
        C:\USERS\STANDART\AppData\Roaming\Microsoft\Windows\Cookies\Low\88N3TOT9.txt [ Cookie:standart@zanox-affiliate.de/ ]
        C:\USERS\STANDART\AppData\Roaming\Microsoft\Windows\Cookies\Low\5FOMPYWV.txt [ Cookie:standart@eas.apm.emediate.eu/ ]
        C:\USERS\STANDART\AppData\Roaming\Microsoft\Windows\Cookies\Low\XNX0LYTR.txt [ Cookie:standart@collective-media.net/ ]
        C:\USERS\STANDART\AppData\Roaming\Microsoft\Windows\Cookies\Low\93GHYNT6.txt [ Cookie:standart@imedia.cz/ ]
        C:\USERS\STANDART\AppData\Roaming\Microsoft\Windows\Cookies\Low\69PR9NTO.txt [ Cookie:standart@adbrite.com/ ]
        C:\USERS\STANDART\AppData\Roaming\Microsoft\Windows\Cookies\Low\0CSR5V6P.txt [ Cookie:standart@revsci.net/ ]
        C:\USERS\STANDART\AppData\Roaming\Microsoft\Windows\Cookies\Low\KM6V1KSV.txt [ Cookie:standart@adserver.psinternet.de/ ]
        C:\USERS\STANDART\AppData\Roaming\Microsoft\Windows\Cookies\Low\EHK4HE25.txt [ Cookie:standart@ad.adnet.de/ ]
        C:\USERS\STANDART\AppData\Roaming\Microsoft\Windows\Cookies\Low\MJTDQSDI.txt [ Cookie:standart@ww251.smartadserver.com/ ]
        C:\USERS\STANDART\AppData\Roaming\Microsoft\Windows\Cookies\Low\0TGGD3O2.txt [ Cookie:standart@adx.chip.de/ ]
        C:\USERS\STANDART\AppData\Roaming\Microsoft\Windows\Cookies\Low\0G6FIB2P.txt [ Cookie:standart@ad2.adfarm1.adition.com/ ]
        C:\USERS\STANDART\AppData\Roaming\Microsoft\Windows\Cookies\Low\RGH7PLSH.txt [ Cookie:standart@mediaplex.com/ ]
        C:\USERS\STANDART\AppData\Roaming\Microsoft\Windows\Cookies\Low\B9BHKKBC.txt [ Cookie:standart@2o7.net/ ]
        C:\USERS\STANDART\AppData\Roaming\Microsoft\Windows\Cookies\Low\CD0SHKUM.txt [ Cookie:standart@webmasterplan.com/ ]
        C:\USERS\STANDART\AppData\Roaming\Microsoft\Windows\Cookies\Low\TGCLQCOK.txt [ Cookie:standart@ad.dyntracker.de/ ]
        C:\USERS\STANDART\AppData\Roaming\Microsoft\Windows\Cookies\Low\C0YSGXC8.txt [ Cookie:standart@ad.zanox.com/ ]
        C:\USERS\STANDART\AppData\Roaming\Microsoft\Windows\Cookies\Low\GEOQWHE0.txt [ Cookie:standart@teufel-media.de/ ]
        C:\USERS\STANDART\AppData\Roaming\Microsoft\Windows\Cookies\Low\LKBQPTM5.txt [ Cookie:standart@ad1.adfarm1.adition.com/ ]
        C:\USERS\STANDART\AppData\Roaming\Microsoft\Windows\Cookies\Low\PJM86I24.txt [ Cookie:standart@eliteprospects.com/ ]
        C:\USERS\STANDART\Cookies\SI8YJBBY.txt [ Cookie:standart@doubleclick.net/ ]
        C:\USERS\STANDART\Cookies\39QCBKSG.txt [ Cookie:standart@fastclick.net/ ]
        C:\USERS\STANDART\Cookies\Y4WEY0GB.txt [ Cookie:standart@adfarm1.adition.com/ ]
        C:\USERS\STANDART\Cookies\WUYBRU67.txt [ Cookie:standart@mediaplex.com/ ]
        C:\USERS\STANDART\Cookies\HL28GLI7.txt [ Cookie:standart@ad1.adfarm1.adition.com/ ]
        C:\USERS\WOLFGANG\AppData\Roaming\Microsoft\Windows\Cookies\wolfgang@flixbanner.bearshare[1].txt [ Cookie:wolfgang@flixbanner.bearshare.com/ ]
        C:\USERS\WOLFGANG\AppData\Roaming\Microsoft\Windows\Cookies\wolfgang@questionmarket[1].txt [ Cookie:wolfgang@questionmarket.com/ ]
        C:\USERS\WOLFGANG\AppData\Roaming\Microsoft\Windows\Cookies\wolfgang@ad.zanox[1].txt [ Cookie:wolfgang@ad.zanox.com/ ]
        C:\USERS\WOLFGANG\AppData\Roaming\Microsoft\Windows\Cookies\wolfgang@atwola[1].txt [ Cookie:wolfgang@atwola.com/ ]
        C:\USERS\WOLFGANG\AppData\Roaming\Microsoft\Windows\Cookies\wolfgang@adx.chip[1].txt [ Cookie:wolfgang@adx.chip.de/ ]
        C:\USERS\WOLFGANG\AppData\Roaming\Microsoft\Windows\Cookies\wolfgang@guj.122.2o7[1].txt [ Cookie:wolfgang@guj.122.2o7.net/ ]
        C:\USERS\WOLFGANG\AppData\Roaming\Microsoft\Windows\Cookies\wolfgang@as1.falkag[1].txt [ Cookie:wolfgang@as1.falkag.de/ ]
        C:\USERS\WOLFGANG\AppData\Roaming\Microsoft\Windows\Cookies\Low\wolfgang@serving-sys[2].txt [ Cookie:wolfgang@serving-sys.com/ ]
        C:\USERS\WOLFGANG\AppData\Roaming\Microsoft\Windows\Cookies\Low\wolfgang@divx.adbureau[2].txt [ Cookie:wolfgang@divx.adbureau.net/ ]
        C:\USERS\WOLFGANG\AppData\Roaming\Microsoft\Windows\Cookies\Low\wolfgang@statse.webtrendslive[2].txt [ Cookie:wolfgang@statse.webtrendslive.com/ ]
        C:\USERS\WOLFGANG\AppData\Roaming\Microsoft\Windows\Cookies\Low\wolfgang@adopt.euroclick[2].txt [ Cookie:wolfgang@adopt.euroclick.com/ ]
        C:\USERS\WOLFGANG\AppData\Roaming\Microsoft\Windows\Cookies\Low\wolfgang@www.etracker[1].txt [ Cookie:wolfgang@www.etracker.de/ ]
        C:\USERS\WOLFGANG\AppData\Roaming\Microsoft\Windows\Cookies\Low\wolfgang@euros4click[1].txt [ Cookie:wolfgang@euros4click.de/ ]
        C:\USERS\WOLFGANG\AppData\Roaming\Microsoft\Windows\Cookies\Low\wolfgang@ad.zanox[2].txt [ Cookie:wolfgang@ad.zanox.com/ ]
        C:\USERS\WOLFGANG\AppData\Roaming\Microsoft\Windows\Cookies\Low\wolfgang@zanox[1].txt [ Cookie:wolfgang@zanox.com/ ]
        C:\USERS\WOLFGANG\AppData\Roaming\Microsoft\Windows\Cookies\Low\wolfgang@ehg-idg.hitbox[1].txt [ Cookie:wolfgang@ehg-idg.hitbox.com/ ]
        C:\USERS\WOLFGANG\AppData\Roaming\Microsoft\Windows\Cookies\Low\wolfgang@partners.webmasterplan[2].txt [ Cookie:wolfgang@partners.webmasterplan.com/ ]
        C:\USERS\WOLFGANG\AppData\Roaming\Microsoft\Windows\Cookies\Low\wolfgang@tradedoubler[1].txt [ Cookie:wolfgang@tradedoubler.com/ ]
        C:\USERS\WOLFGANG\AppData\Roaming\Microsoft\Windows\Cookies\Low\wolfgang@mediavantage[1].txt [ Cookie:wolfgang@mediavantage.de/ ]
        C:\USERS\WOLFGANG\AppData\Roaming\Microsoft\Windows\Cookies\Low\wolfgang@eas.apm.emediate[2].txt [ Cookie:wolfgang@eas.apm.emediate.eu/ ]
        C:\USERS\WOLFGANG\AppData\Roaming\Microsoft\Windows\Cookies\Low\wolfgang@imrworldwide[2].txt [ Cookie:wolfgang@imrworldwide.com/cgi-bin ]
        C:\USERS\WOLFGANG\AppData\Roaming\Microsoft\Windows\Cookies\Low\wolfgang@ad.yieldmanager[1].txt [ Cookie:wolfgang@ad.yieldmanager.com/ ]
        C:\USERS\WOLFGANG\AppData\Roaming\Microsoft\Windows\Cookies\Low\wolfgang@divx.112.2o7[1].txt [ Cookie:wolfgang@divx.112.2o7.net/ ]
        C:\USERS\WOLFGANG\AppData\Roaming\Microsoft\Windows\Cookies\Low\wolfgang@indextools[1].txt [ Cookie:wolfgang@indextools.com/ ]
        C:\USERS\WOLFGANG\AppData\Roaming\Microsoft\Windows\Cookies\Low\wolfgang@as1.falkag[1].txt [ Cookie:wolfgang@as1.falkag.de/ ]
        C:\USERS\WOLFGANG\AppData\Roaming\Microsoft\Windows\Cookies\Low\wolfgang@komtrack[2].txt [ Cookie:wolfgang@komtrack.com/ ]
        C:\USERS\WOLFGANG\AppData\Roaming\Microsoft\Windows\Cookies\Low\wolfgang@adtech[2].txt [ Cookie:wolfgang@adtech.de/ ]
        C:\USERS\WOLFGANG\AppData\Roaming\Microsoft\Windows\Cookies\Low\wolfgang@pro-market[2].txt [ Cookie:wolfgang@pro-market.net/ ]
        C:\USERS\WOLFGANG\Cookies\wolfgang@flixbanner.bearshare[1].txt [ Cookie:wolfgang@flixbanner.bearshare.com/ ]
        C:\USERS\WOLFGANG\Cookies\wolfgang@questionmarket[1].txt [ Cookie:wolfgang@questionmarket.com/ ]
        C:\USERS\WOLFGANG\Cookies\wolfgang@ad.zanox[1].txt [ Cookie:wolfgang@ad.zanox.com/ ]
        C:\USERS\WOLFGANG\Cookies\wolfgang@atwola[1].txt [ Cookie:wolfgang@atwola.com/ ]
        C:\USERS\WOLFGANG\Cookies\wolfgang@adx.chip[1].txt [ Cookie:wolfgang@adx.chip.de/ ]
        C:\USERS\WOLFGANG\Cookies\wolfgang@guj.122.2o7[1].txt [ Cookie:wolfgang@guj.122.2o7.net/ ]
        C:\USERS\WOLFGANG\Cookies\wolfgang@as1.falkag[1].txt [ Cookie:wolfgang@as1.falkag.de/ ]
        C:\USERS\WOLFGANG.JOSHUA\AppData\Roaming\Microsoft\Windows\Cookies\Low\wolfgang@www.active-tracking[1].txt [ Cookie:wolfgang@www.active-tracking.de/ ]
        C:\USERS\WOLFGANG.JOSHUA\AppData\Roaming\Microsoft\Windows\Cookies\Low\wolfgang@ad.yieldmanager[2].txt [ Cookie:wolfgang@ad.yieldmanager.com/ ]
        C:\USERS\WOLFGANG.JOSHUA.000\AppData\Roaming\Microsoft\Windows\Cookies\7EJ2XW9F.txt [ Cookie:wolfgang@ad2.adfarm1.adition.com/ ]
        C:\USERS\WOLFGANG.JOSHUA.000\AppData\Roaming\Microsoft\Windows\Cookies\HV7UNY31.txt [ Cookie:wolfgang@adfarm1.adition.com/ ]
        C:\USERS\WOLFGANG.JOSHUA.000\AppData\Roaming\Microsoft\Windows\Cookies\Low\I2VYQLD4.txt [ Cookie:wolfgang@ad2.adfarm1.adition.com/ ]
        C:\USERS\WOLFGANG.JOSHUA.000\AppData\Roaming\Microsoft\Windows\Cookies\Low\wolfgang@2o7[1].txt [ Cookie:wolfgang@2o7.net/ ]
        C:\USERS\WOLFGANG.JOSHUA.000\AppData\Roaming\Microsoft\Windows\Cookies\Low\2HS1A2GC.txt [ Cookie:wolfgang@adfarm1.adition.com/ ]
        C:\USERS\WOLFGANG.JOSHUA.000\AppData\Roaming\Microsoft\Windows\Cookies\Low\wolfgang@atdmt[2].txt [ Cookie:wolfgang@atdmt.com/ ]
        C:\USERS\WOLFGANG.JOSHUA.000\AppData\Roaming\Microsoft\Windows\Cookies\Low\wolfgang@ad.adnet[1].txt [ Cookie:wolfgang@ad.adnet.de/ ]
        C:\USERS\WOLFGANG.JOSHUA.000\AppData\Roaming\Microsoft\Windows\Cookies\Low\13FSD5NH.txt [ Cookie:wolfgang@zanox.com/ ]
        C:\USERS\WOLFGANG.JOSHUA.000\AppData\Roaming\Microsoft\Windows\Cookies\Low\wolfgang@smartadserver[2].txt [ Cookie:wolfgang@smartadserver.com/ ]
        C:\USERS\WOLFGANG.JOSHUA.000\AppData\Roaming\Microsoft\Windows\Cookies\Low\wolfgang@tracking.quisma[1].txt [ Cookie:wolfgang@tracking.quisma.com/ ]
        C:\USERS\WOLFGANG.JOSHUA.000\AppData\Roaming\Microsoft\Windows\Cookies\Low\wolfgang@tradedoubler[1].txt [ Cookie:wolfgang@tradedoubler.com/ ]
        C:\USERS\WOLFGANG.JOSHUA.000\AppData\Roaming\Microsoft\Windows\Cookies\Low\wolfgang@ww251.smartadserver[1].txt [ Cookie:wolfgang@ww251.smartadserver.com/ ]
        C:\USERS\WOLFGANG.JOSHUA.000\AppData\Roaming\Microsoft\Windows\Cookies\Low\IYVOKCZ6.txt [ Cookie:wolfgang@tracking.mlsat02.de/tmobile/ ]
        C:\USERS\WOLFGANG.JOSHUA.000\AppData\Roaming\Microsoft\Windows\Cookies\Low\EPT11BSA.txt [ Cookie:wolfgang@webmasterplan.com/ ]
        C:\USERS\WOLFGANG.JOSHUA.000\Cookies\7EJ2XW9F.txt [ Cookie:wolfgang@ad2.adfarm1.adition.com/ ]
        C:\USERS\WOLFGANG.JOSHUA.000\Cookies\HV7UNY31.txt [ Cookie:wolfgang@adfarm1.adition.com/ ]
        cdn1.static.youporn.phncdn.com [ C:\USERS\STANDART\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\TSJ38KNE ]
        core.saymedia.com [ C:\USERS\STANDART\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\TSJ38KNE ]
        s0.2mdn.net [ C:\USERS\STANDART\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\TSJ38KNE ]
        C:\USERS\WOLFGANG\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\WOLFGANG@AD.ANW[2].TXT [ /AD.ANW ]
        C:\USERS\WOLFGANG\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\WOLFGANG@BS.SERVING-SYS[1].TXT [ /BS.SERVING-SYS ]
        C:\USERS\WOLFGANG\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\WOLFGANG@IM.BANNER.T-ONLINE[1].TXT [ /IM.BANNER.T-ONLINE ]
        C:\USERS\WOLFGANG\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\WOLFGANG@HMT.CONNEXPROMOTIONS[2].TXT [ /HMT.CONNEXPROMOTIONS ]
        C:\USERS\WOLFGANG\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\WOLFGANG@DOUBLECLICK[2].TXT [ /DOUBLECLICK ]
        C:\USERS\WOLFGANG\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\WOLFGANG@AD.UK.TANGOZEBRA[1].TXT [ /AD.UK.TANGOZEBRA ]
        C:\USERS\WOLFGANG\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\WOLFGANG@CONTENT.YIELDMANAGER[2].TXT [ /CONTENT.YIELDMANAGER ]
        C:\USERS\WOLFGANG\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\WOLFGANG@CONTENT.YIELDMANAGER[3].TXT [ /CONTENT.YIELDMANAGER ]
        C:\USERS\WOLFGANG\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\WOLFGANG@WWW.ZANOX-AFFILIATE[1].TXT [ /WWW.ZANOX-AFFILIATE ]
        C:\USERS\WOLFGANG\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\WOLFGANG@PERF.OVERTURE[1].TXT [ /PERF.OVERTURE ]
        C:\USERS\WOLFGANG\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\WOLFGANG@ADSERVER.71I[1].TXT [ /ADSERVER.71I ]
        C:\USERS\WOLFGANG\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\WOLFGANG@AD.71I[1].TXT [ /AD.71I ]
        C:\USERS\WOLFGANG\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\WOLFGANG@DOUBLECLICK[2].TXT [ /DOUBLECLICK ]
        C:\USERS\WOLFGANG.JOSHUA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\WOLFGANG@INVITEMEDIA[1].TXT [ /INVITEMEDIA ]
        C:\USERS\WOLFGANG.JOSHUA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\WOLFGANG@DOUBLECLICK[1].TXT [ /DOUBLECLICK ]
        statse.webtrendslive.com [ C:\USERS\WOLFGANG.JOSHUA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5LWW4YSG.DEFAULT\COOKIES.SQLITE ]
        bridge1.admarketplace.net [ C:\USERS\WOLFGANG.JOSHUA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5LWW4YSG.DEFAULT\COOKIES.SQLITE ]
        .admarketplace.net [ C:\USERS\WOLFGANG.JOSHUA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5LWW4YSG.DEFAULT\COOKIES.SQLITE ]
        .doubleclick.net [ C:\USERS\WOLFGANG.JOSHUA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5LWW4YSG.DEFAULT\COOKIES.SQLITE ]
        findmyhood.com [ C:\USERS\WOLFGANG.JOSHUA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5LWW4YSG.DEFAULT\COOKIES.SQLITE ]
        .advertise.com [ C:\USERS\WOLFGANG.JOSHUA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5LWW4YSG.DEFAULT\COOKIES.SQLITE ]
        .ads.quartermedia.de [ C:\USERS\WOLFGANG.JOSHUA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5LWW4YSG.DEFAULT\COOKIES.SQLITE ]
        .ads.quartermedia.de [ C:\USERS\WOLFGANG.JOSHUA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5LWW4YSG.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\WOLFGANG.JOSHUA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5LWW4YSG.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\WOLFGANG.JOSHUA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5LWW4YSG.DEFAULT\COOKIES.SQLITE ]
        .ads.quartermedia.de [ C:\USERS\WOLFGANG.JOSHUA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5LWW4YSG.DEFAULT\COOKIES.SQLITE ]
        www.usenext.de [ C:\USERS\WOLFGANG.JOSHUA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5LWW4YSG.DEFAULT\COOKIES.SQLITE ]
        www.usenext.de [ C:\USERS\WOLFGANG.JOSHUA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5LWW4YSG.DEFAULT\COOKIES.SQLITE ]
        .apmebf.com [ C:\USERS\WOLFGANG.JOSHUA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5LWW4YSG.DEFAULT\COOKIES.SQLITE ]
        .apmebf.com [ C:\USERS\WOLFGANG.JOSHUA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5LWW4YSG.DEFAULT\COOKIES.SQLITE ]
        go.dynamic-tracking.de [ C:\USERS\WOLFGANG.JOSHUA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5LWW4YSG.DEFAULT\COOKIES.SQLITE ]
        .usenext.de [ C:\USERS\WOLFGANG.JOSHUA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5LWW4YSG.DEFAULT\COOKIES.SQLITE ]
        .vinvest.122.2o7.net [ C:\USERS\WOLFGANG.JOSHUA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5LWW4YSG.DEFAULT\COOKIES.SQLITE ]
        ad.zanox.com [ C:\USERS\WOLFGANG.JOSHUA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5LWW4YSG.DEFAULT\COOKIES.SQLITE ]
        .tracking.3gnet.de [ C:\USERS\WOLFGANG.JOSHUA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5LWW4YSG.DEFAULT\COOKIES.SQLITE ]
        .traffictrack.de [ C:\USERS\WOLFGANG.JOSHUA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5LWW4YSG.DEFAULT\COOKIES.SQLITE ]
        .traffictrack.de [ C:\USERS\WOLFGANG.JOSHUA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5LWW4YSG.DEFAULT\COOKIES.SQLITE ]
        .www.traffictrack.de [ C:\USERS\WOLFGANG.JOSHUA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5LWW4YSG.DEFAULT\COOKIES.SQLITE ]
        .kaspersky.122.2o7.net [ C:\USERS\WOLFGANG.JOSHUA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5LWW4YSG.DEFAULT\COOKIES.SQLITE ]
        n-traffic.com [ C:\USERS\WOLFGANG.JOSHUA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5LWW4YSG.DEFAULT\COOKIES.SQLITE ]
        .yadro.ru [ C:\USERS\WOLFGANG.JOSHUA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5LWW4YSG.DEFAULT\COOKIES.SQLITE ]
        adx.chip.de [ C:\USERS\WOLFGANG.JOSHUA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5LWW4YSG.DEFAULT\COOKIES.SQLITE ]
        .mediaplex.com [ C:\USERS\WOLFGANG.JOSHUA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5LWW4YSG.DEFAULT\COOKIES.SQLITE ]
        .bs.serving-sys.com [ C:\USERS\WOLFGANG.JOSHUA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5LWW4YSG.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\WOLFGANG.JOSHUA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5LWW4YSG.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\WOLFGANG.JOSHUA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5LWW4YSG.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\WOLFGANG.JOSHUA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5LWW4YSG.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\WOLFGANG.JOSHUA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5LWW4YSG.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\WOLFGANG.JOSHUA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5LWW4YSG.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\WOLFGANG.JOSHUA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5LWW4YSG.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\WOLFGANG.JOSHUA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5LWW4YSG.DEFAULT\COOKIES.SQLITE ]
        ad.zanox.com [ C:\USERS\WOLFGANG.JOSHUA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5LWW4YSG.DEFAULT\COOKIES.SQLITE ]
        .tradedoubler.com [ C:\USERS\WOLFGANG.JOSHUA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5LWW4YSG.DEFAULT\COOKIES.SQLITE ]
        .tradedoubler.com [ C:\USERS\WOLFGANG.JOSHUA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5LWW4YSG.DEFAULT\COOKIES.SQLITE ]
        .tradedoubler.com [ C:\USERS\WOLFGANG.JOSHUA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5LWW4YSG.DEFAULT\COOKIES.SQLITE ]
        .tracking.quisma.com [ C:\USERS\WOLFGANG.JOSHUA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5LWW4YSG.DEFAULT\COOKIES.SQLITE ]
        .traffictrack.de [ C:\USERS\WOLFGANG.JOSHUA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5LWW4YSG.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\WOLFGANG.JOSHUA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5LWW4YSG.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\WOLFGANG.JOSHUA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5LWW4YSG.DEFAULT\COOKIES.SQLITE ]
        ad4.adfarm1.adition.com [ C:\USERS\WOLFGANG.JOSHUA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5LWW4YSG.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\WOLFGANG.JOSHUA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5LWW4YSG.DEFAULT\COOKIES.SQLITE ]
        ad2.adfarm1.adition.com [ C:\USERS\WOLFGANG.JOSHUA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5LWW4YSG.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\WOLFGANG.JOSHUA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5LWW4YSG.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\WOLFGANG.JOSHUA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5LWW4YSG.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\WOLFGANG.JOSHUA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5LWW4YSG.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\WOLFGANG.JOSHUA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5LWW4YSG.DEFAULT\COOKIES.SQLITE ]
        www.zanox-affiliate.de [ C:\USERS\WOLFGANG.JOSHUA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5LWW4YSG.DEFAULT\COOKIES.SQLITE ]
        .zanox-affiliate.de [ C:\USERS\WOLFGANG.JOSHUA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5LWW4YSG.DEFAULT\COOKIES.SQLITE ]
        de.sitestat.com [ C:\USERS\WOLFGANG.JOSHUA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5LWW4YSG.DEFAULT\COOKIES.SQLITE ]
        de.sitestat.com [ C:\USERS\WOLFGANG.JOSHUA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5LWW4YSG.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\WOLFGANG.JOSHUA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5LWW4YSG.DEFAULT\COOKIES.SQLITE ]
        .zanox.com [ C:\USERS\WOLFGANG.JOSHUA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5LWW4YSG.DEFAULT\COOKIES.SQLITE ]
        .traffictrack.de [ C:\USERS\WOLFGANG.JOSHUA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5LWW4YSG.DEFAULT\COOKIES.SQLITE ]
        .ads.quartermedia.de [ C:\USERS\WOLFGANG.JOSHUA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5LWW4YSG.DEFAULT\COOKIES.SQLITE ]
        .ad.adnet.de [ C:\USERS\WOLFGANG.JOSHUA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5LWW4YSG.DEFAULT\COOKIES.SQLITE ]
        .ad.adnet.de [ C:\USERS\WOLFGANG.JOSHUA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5LWW4YSG.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\WOLFGANG.JOSHUA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5LWW4YSG.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\WOLFGANG.JOSHUA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5LWW4YSG.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\WOLFGANG.JOSHUA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5LWW4YSG.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\WOLFGANG.JOSHUA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5LWW4YSG.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\WOLFGANG.JOSHUA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5LWW4YSG.DEFAULT\COOKIES.SQLITE ]
        www.etracker.de [ C:\USERS\WOLFGANG.JOSHUA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5LWW4YSG.DEFAULT\COOKIES.SQLITE ]
        www.etracker.de [ C:\USERS\WOLFGANG.JOSHUA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5LWW4YSG.DEFAULT\COOKIES.SQLITE ]
        .bizzclick.com [ C:\USERS\WOLFGANG.JOSHUA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5LWW4YSG.DEFAULT\COOKIES.SQLITE ]
        .rambler.ru [ C:\USERS\WOLFGANG.JOSHUA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5LWW4YSG.DEFAULT\COOKIES.SQLITE ]
        C:\USERS\WOLFGANG.JOSHUA.000\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\WOLFGANG@AD4.ADFARM1.ADITION[1].TXT [ /AD4.ADFARM1.ADITION ]
        C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SYSTEM@APMEBF[1].TXT [ /APMEBF ]
        C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SYSTEM@DOUBLECLICK[2].TXT [ /DOUBLECLICK ]
        C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SYSTEM@ATDMT[1].TXT [ /ATDMT ]
        C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SYSTEM@ADTECH[1].TXT [ /ADTECH ]
        C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SYSTEM@APMEBF[2].TXT [ /APMEBF ]
        C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SYSTEM@VIDEOEGG.ADBUREAU[2].TXT [ /VIDEOEGG.ADBUREAU ]
        C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SYSTEM@MEDIA6DEGREES[2].TXT [ /MEDIA6DEGREES ]
        C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SYSTEM@AD.ZANOX[1].TXT [ /AD.ZANOX ]
        C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SYSTEM@AD.YIELDMANAGER[2].TXT [ /AD.YIELDMANAGER ]
        C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SYSTEM@AD.YIELDMANAGER[1].TXT [ /AD.YIELDMANAGER ]
        C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SYSTEM@CONTENT.YIELDMANAGER[1].TXT [ /CONTENT.YIELDMANAGER ]
        C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SYSTEM@CONTENT.YIELDMANAGER[2].TXT [ /CONTENT.YIELDMANAGER ]
        C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SYSTEM@FASTCLICK[2].TXT [ /FASTCLICK ]
        C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SYSTEM@ZANOX[1].TXT [ /ZANOX ]
        C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SYSTEM@BIZZCLICK[1].TXT [ /BIZZCLICK ]

Trojan.Agent/Gen-RogueAV
        C:\PROGRAM FILES\AGEIA TECHNOLOGIES\V2.4.1\NXCOOKING.DLL
Leider hab ich beim superantispy versehentlich auf löschen gedrückt, aber ich hoffe da ist nix schief gegangen. :aufsmaul:
Kann es denn sein das mein I-Explorer zerschossen ist und ich den neu installieren muss ? Der tut immer noch nicht so wie er soll.

LG

Wolfgang

cosinus 09.10.2012 19:06
Nur Cookies, wahrscheinlich ein Fehlalarm und isolierte Elemente in der Q vom TDSS-Killer wurden gefunden

Zitat:
Kann es denn sein das mein I-Explorer zerschossen ist und ich den neu installieren muss ? Der tut immer noch nicht so wie er soll.
Was genau passiert da nicht? Startet er nicht, lädt er nicht?

Joshua1966 09.10.2012 19:58
Hat sich erledigt, ich hab auf die Version 7 downgegradet und jetzt klappt alles. Nun muss ich nur noch wieder updaten und dann sollte alles laufen. Vermute die Version 9 hat einen Schuss bekommen...

Mein System ist nun wohl sauber ?

:dankeschoen:

Tolle Arbeit !

LG
Wolfgang

cosinus 09.10.2012 20:19
IE7 ist keine Option! Das Teil ist zu alt! Installiere den IE9 wieder und schau ob sich dadurch der IE wieder glattgezogen hat

Joshua1966 10.10.2012 06:37
Ist schon klar, bin auch - voerst übergangsweise- umgestiegen auf Chrome bzw. Firefox.

cosinus 10.10.2012 12:38
Auch wenn du einen anderen Browser verwendest muss der IE so aktuell wie möglich sein!
Der IE ist einfach zu tief im Betriebssystem drin, daher ist ein uralter IE7 keine Option!

Joshua1966 10.10.2012 19:05
Alles erledigt ! Internet Explorer 9 erfolgreich installiert...

cosinus 11.10.2012 11:42
Und der funzt jetzt auch? :D

Joshua1966 11.10.2012 18:04
Hmmm...das ist nun komisch. er funktioniert immer noch nicht.
Aber mal der Reihe nach:

Ich starte den Explore, meine Startseite (google) kommt auch korrekt.
Aber dann, Explorer hängt sich nach Aufruf einer Webseite auf, der Name der Seite wird oben im Tab übernommen, aber dann kommt nur noch der Ring (Sanduhr).
Dann kann ich auch nicht mehr auf die Favoritenleiste zugreifen...hängt sich quasi auf.
Ich dachte da hab ich mir was geschossen, hab den 9er deinstalliert, der 7er hat danach geklappt ohne Probleme. Nun hab ich mit Mühe den 9er wieder, und es ist wieder so wie vorher.

Ist da doch noch was faul ?

cosinus 12.10.2012 08:58
Dann musste selbst mal schauen => https://www.google.de/search?q=ie9+h...ient=firefox-a


Alle Zeitangaben in WEZ +1. Es ist jetzt 23:53 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19