Trojaner-Board
Seite 2 von 3 1 2 3
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Kein Zugang zu Antivirensoftware mehr, I-Explorer hängt sich auf (https://www.trojaner-board.de/124903-kein-zugang-antivirensoftware-mehr-i-explorer-haengt.html)

cosinus 07.10.2012 04:57
Code:
\Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
Diesen Eintrag bitte mit dem TDSS-Killer fixen. Aber bitte nur diesen Eintrag!

Um das zu tun musst du den TDSS-Killer neu starten und einen neuen Scan machen. Wenn du danach die Ergebnisse siehst, stellst du bitte diesen Eintrag auf CURE bzw. DELETE (je nachdem was dir angeboten wird, alle anderen bitte auf SKIP lassen! ) und klickst dann unten rechts auf continue

Starte Windows danach neu und mach wieder ein komplett neues Log mit dem TDSS-Killer. Wie immer wieder in CODE-Tags posten.

Joshua1966 07.10.2012 07:54
Eintrag wurde gelöscht wie vorgegeben:

Code:
08:45:30.0706 0868  TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
08:45:30.0859 0868  ============================================================
08:45:30.0859 0868  Current date / time: 2012/10/07 08:45:30.0859
08:45:30.0859 0868  SystemInfo:
08:45:30.0859 0868 
08:45:30.0860 0868  OS Version: 6.0.6002 ServicePack: 2.0
08:45:30.0860 0868  Product type: Workstation
08:45:30.0860 0868  ComputerName: JOSHUA
08:45:30.0860 0868  UserName: Wolfgang
08:45:30.0860 0868  Windows directory: C:\Windows
08:45:30.0860 0868  System windows directory: C:\Windows
08:45:30.0860 0868  Processor architecture: Intel x86
08:45:30.0860 0868  Number of processors: 2
08:45:30.0860 0868  Page size: 0x1000
08:45:30.0860 0868  Boot type: Normal boot
08:45:30.0860 0868  ============================================================
08:45:33.0175 0868  Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
08:45:33.0177 0868  ============================================================
08:45:33.0177 0868  \Device\Harddisk0\DR0:
08:45:33.0195 0868  MBR partitions:
08:45:33.0195 0868  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2B800, BlocksNum 0x1400000
08:45:33.0195 0868  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x142B800, BlocksNum 0xC768800
08:45:33.0221 0868  ============================================================
08:45:33.0377 0868  C: <-> \Device\Harddisk0\DR0\Partition2
08:45:33.0566 0868  D: <-> \Device\Harddisk0\DR0\Partition1
08:45:33.0567 0868  ============================================================
08:45:33.0567 0868  Initialize success
08:45:33.0567 0868  ============================================================
08:45:41.0512 3968  ============================================================
08:45:41.0512 3968  Scan started
08:45:41.0512 3968  Mode: Manual; SigCheck; TDLFS;
08:45:41.0512 3968  ============================================================
08:45:42.0985 3968  ================ Scan system memory ========================
08:45:42.0985 3968  System memory - ok
08:45:42.0985 3968  ================ Scan services =============================
08:45:43.0688 3968  [ 553BA53445795CBC0D4F9FA37EB855A6 ] acedrv10        C:\Windows\system32\drivers\acedrv10.sys
08:45:43.0922 3968  acedrv10 - ok
08:45:43.0951 3968  [ 8CE00B6A46962A1808B19CD1DAE5170C ] acehlp10        C:\Windows\system32\drivers\acehlp10.sys
08:45:43.0967 3968  acehlp10 - ok
08:45:44.0033 3968  [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI            C:\Windows\system32\drivers\acpi.sys
08:45:44.0077 3968  ACPI - ok
08:45:44.0165 3968  [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB ] adp94xx        C:\Windows\system32\drivers\adp94xx.sys
08:45:44.0197 3968  adp94xx - ok
08:45:44.0247 3968  [ B84088CA3CDCA97DA44A984C6CE1CCAD ] adpahci        C:\Windows\system32\drivers\adpahci.sys
08:45:44.0269 3968  adpahci - ok
08:45:44.0284 3968  [ 7880C67BCCC27C86FD05AA2AFB5EA469 ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
08:45:44.0302 3968  adpu160m - ok
08:45:44.0311 3968  [ 9AE713F8E30EFC2ABCCD84904333DF4D ] adpu320        C:\Windows\system32\drivers\adpu320.sys
08:45:44.0328 3968  adpu320 - ok
08:45:44.0381 3968  [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc    C:\Windows\System32\aelupsvc.dll
08:45:44.0512 3968  AeLookupSvc - ok
08:45:44.0586 3968  [ 3911B972B55FEA0478476B2E777B29FA ] AFD            C:\Windows\system32\drivers\afd.sys
08:45:44.0643 3968  AFD - ok
08:45:44.0708 3968  [ 8B10CE1C1F9F1D47E4DEB1A547A00CD4 ] agp440          C:\Windows\system32\drivers\agp440.sys
08:45:44.0734 3968  agp440 - ok
08:45:44.0803 3968  [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx        C:\Windows\system32\drivers\djsvs.sys
08:45:44.0962 3968  aic78xx - ok
08:45:45.0053 3968  [ A1545B731579895D8CC44FC0481C1192 ] ALG            C:\Windows\System32\alg.exe
08:45:45.0408 3968  ALG - ok
08:45:45.0437 3968  [ 5C42A992E68724D2CD3DDB4FC3B0409F ] aliide          C:\Windows\system32\drivers\aliide.sys
08:45:45.0453 3968  aliide - ok
08:45:45.0475 3968  [ 848F27E5B27C1C253F6CEFDC1A5D8F21 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
08:45:45.0492 3968  amdagp - ok
08:45:45.0521 3968  [ 849DFACDDE533DA5D1810F0CAF84EB19 ] amdide          C:\Windows\system32\drivers\amdide.sys
08:45:45.0557 3968  amdide - ok
08:45:45.0584 3968  [ DC487885BCEF9F28EECE6FAC0E5DDFC5 ] AmdK7          C:\Windows\system32\drivers\amdk7.sys
08:45:45.0839 3968  AmdK7 - ok
08:45:45.0913 3968  [ 0CA0071DA4315B00FC1328CA86B425DA ] AmdK8          C:\Windows\system32\drivers\amdk8.sys
08:45:46.0010 3968  AmdK8 - ok
08:45:46.0334 3968  [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
08:45:46.0350 3968  AntiVirSchedulerService - ok
08:45:46.0431 3968  [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService  C:\Program Files\Avira\AntiVir Desktop\avguard.exe
08:45:46.0445 3968  AntiVirService - ok
08:45:46.0519 3968  [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo        C:\Windows\System32\appinfo.dll
08:45:46.0635 3968  Appinfo - ok
08:45:46.0670 3968  [ 5F673180268BB1FDB69C99B6619FE379 ] arc            C:\Windows\system32\drivers\arc.sys
08:45:46.0686 3968  arc - ok
08:45:46.0736 3968  [ 957F7540B5E7F602E44648C7DE5A1C05 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
08:45:46.0752 3968  arcsas - ok
08:45:46.0973 3968  [ 40C145F12FF461A0220303BDA134F598 ] aspnet_state    C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
08:45:46.0987 3968  aspnet_state - ok
08:45:47.0067 3968  [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
08:45:47.0156 3968  AsyncMac - ok
08:45:47.0187 3968  [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi          C:\Windows\system32\drivers\atapi.sys
08:45:47.0202 3968  atapi - ok
08:45:47.0304 3968  [ F8A2A11291A994B1A1F0867CFFAA6E18 ] Ati External Event Utility C:\Windows\system32\Ati2evxx.exe
08:45:47.0382 3968  Ati External Event Utility - ok
08:45:47.0456 3968  [ 72BC628AF75C4C3250F2A3BAC260265A ] atksgt          C:\Windows\system32\DRIVERS\atksgt.sys
08:45:47.0473 3968  atksgt - ok
08:45:47.0563 3968  [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
08:45:47.0648 3968  AudioEndpointBuilder - ok
08:45:47.0658 3968  [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv        C:\Windows\System32\Audiosrv.dll
08:45:47.0684 3968  Audiosrv - ok
08:45:47.0760 3968  [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
08:45:47.0774 3968  avgntflt - ok
08:45:47.0862 3968  [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
08:45:47.0877 3968  avipbb - ok
08:45:47.0937 3968  [ 53E56450DA16A1A7F0D002F511113F67 ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
08:45:47.0950 3968  avkmgr - ok
08:45:48.0018 3968  [ 08015D34F6FDD0B355805BAD978497C3 ] bcm4sbxp        C:\Windows\system32\DRIVERS\bcm4sbxp.sys
08:45:48.0088 3968  bcm4sbxp - ok
08:45:48.0141 3968  [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep            C:\Windows\system32\drivers\Beep.sys
08:45:48.0185 3968  Beep - ok
08:45:48.0269 3968  [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE            C:\Windows\System32\bfe.dll
08:45:48.0343 3968  BFE - ok
08:45:48.0444 3968  [ 93952506C6D67330367F7E7934B6A02F ] BITS            C:\Windows\System32\qmgr.dll
08:45:48.0503 3968  BITS - ok
08:45:48.0510 3968  blbdrive - ok
08:45:48.0563 3968  [ 35F376253F687BDE63976CCB3F2108CA ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
08:45:48.0726 3968  bowser - ok
08:45:48.0775 3968  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
08:45:48.0837 3968  BrFiltLo - ok
08:45:48.0859 3968  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
08:45:49.0012 3968  BrFiltUp - ok
08:45:49.0054 3968  [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser        C:\Windows\System32\browser.dll
08:45:49.0118 3968  Browser - ok
08:45:49.0160 3968  [ B304E75CFF293029EDDF094246747113 ] Brserid        C:\Windows\system32\drivers\brserid.sys
08:45:49.0222 3968  Brserid - ok
08:45:49.0243 3968  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
08:45:49.0314 3968  BrSerWdm - ok
08:45:49.0361 3968  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
08:45:49.0447 3968  BrUsbMdm - ok
08:45:49.0473 3968  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
08:45:49.0540 3968  BrUsbSer - ok
08:45:49.0594 3968  [ 6D39C954799B63BA866910234CF7D726 ] BthEnum        C:\Windows\system32\DRIVERS\BthEnum.sys
08:45:49.0647 3968  BthEnum - ok
08:45:49.0691 3968  [ 9A966A8E86D1771911AE34A20D11BFF3 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
08:45:49.0751 3968  BTHMODEM - ok
08:45:49.0786 3968  [ 5904EFA25F829BF84EA6FB045134A1D8 ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
08:45:49.0835 3968  BthPan - ok
08:45:49.0924 3968  [ 611FF3F2F095C8D4A6D4CFD9DCC09793 ] BTHPORT        C:\Windows\system32\Drivers\BTHport.sys
08:45:49.0974 3968  BTHPORT - ok
08:45:50.0002 3968  [ A4C8377FA4A994E07075107DBE2E3DCE ] BthServ        C:\Windows\System32\bthserv.dll
08:45:50.0078 3968  BthServ - ok
08:45:50.0111 3968  [ D330803EAB2A15CAEC7F011F1D4CB30E ] BTHUSB          C:\Windows\system32\Drivers\BTHUSB.sys
08:45:50.0182 3968  BTHUSB - ok
08:45:50.0249 3968  [ 4A28E7BD365377D0512B7EF8C7596D2C ] btwaudio        C:\Windows\system32\drivers\btwaudio.sys
08:45:50.0280 3968  btwaudio - ok
08:45:50.0309 3968  [ 5FFDE57253D665067B0886612817EB11 ] btwavdt        C:\Windows\system32\drivers\btwavdt.sys
08:45:50.0454 3968  btwavdt - ok
08:45:50.0562 3968  [ AB07DC8B05C31A4F95FC73019BE9DB15 ] btwrchid        C:\Windows\system32\DRIVERS\btwrchid.sys
08:45:50.0600 3968  btwrchid - ok
08:45:50.0670 3968  [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
08:45:50.0734 3968  cdfs - ok
08:45:50.0820 3968  [ 6B4BFFB9BECD728097024276430DB314 ] cdrom          C:\Windows\system32\DRIVERS\cdrom.sys
08:45:50.0988 3968  cdrom - ok
08:45:51.0062 3968  [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc    C:\Windows\System32\certprop.dll
08:45:51.0125 3968  CertPropSvc - ok
08:45:51.0178 3968  [ DA8E0AFC7BAA226C538EF53AC2F90897 ] circlass        C:\Windows\system32\drivers\circlass.sys
08:45:51.0243 3968  circlass - ok
08:45:51.0267 3968  [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS            C:\Windows\system32\CLFS.sys
08:45:51.0292 3968  CLFS - ok
08:45:51.0310 3968  [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:45:51.0325 3968  clr_optimization_v2.0.50727_32 - ok
08:45:51.0411 3968  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
08:45:51.0441 3968  clr_optimization_v4.0.30319_32 - ok
08:45:51.0495 3968  [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
08:45:51.0705 3968  CmBatt - ok
08:45:51.0734 3968  [ DE11A06E187756ECB86CFA82DAC40FF7 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
08:45:51.0750 3968  cmdide - ok
08:45:51.0798 3968  [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
08:45:51.0821 3968  Compbatt - ok
08:45:51.0830 3968  COMSysApp - ok
08:45:51.0841 3968  [ 2A213AE086BBEC5E937553C7D9A2B22C ] crcdisk        C:\Windows\system32\drivers\crcdisk.sys
08:45:51.0856 3968  crcdisk - ok
08:45:51.0876 3968  [ 22A7F883508176489F559EE745B5BF5D ] Crusoe          C:\Windows\system32\drivers\crusoe.sys
08:45:51.0983 3968  Crusoe - ok
08:45:52.0081 3968  [ 75C6A297E364014840B48ECCD7525E30 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
08:45:52.0136 3968  CryptSvc - ok
08:45:52.0192 3968  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch      C:\Windows\system32\rpcss.dll
08:45:52.0252 3968  DcomLaunch - ok
08:45:52.0321 3968  [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
08:45:52.0388 3968  DfsC - ok
08:45:53.0008 3968  [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR            C:\Windows\system32\DFSR.exe
08:45:53.0172 3968  DFSR - ok
08:45:53.0322 3968  [ D8522960163FA593694E441194A9A574 ] dg_ssudbus      C:\Windows\system32\DRIVERS\ssudbus.sys
08:45:53.0337 3968  dg_ssudbus - ok
08:45:53.0575 3968  [ 9028559C132146FB75EB7ACF384B086A ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
08:45:53.0616 3968  Dhcp - ok
08:45:53.0734 3968  [ 5D4AEFC3386920236A548271F8F1AF6A ] disk            C:\Windows\system32\drivers\disk.sys
08:45:53.0753 3968  disk - ok
08:45:53.0783 3968  [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache        C:\Windows\System32\dnsrslvr.dll
08:45:53.0894 3968  Dnscache - ok
08:45:53.0946 3968  [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc        C:\Windows\System32\dot3svc.dll
08:45:53.0992 3968  dot3svc - ok
08:45:54.0084 3968  [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS            C:\Windows\system32\dps.dll
08:45:54.0115 3968  DPS - ok
08:45:54.0191 3968  [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud        C:\Windows\system32\drivers\drmkaud.sys
08:45:54.0247 3968  drmkaud - ok
08:45:54.0403 3968  [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl        C:\Windows\System32\drivers\dxgkrnl.sys
08:45:54.0463 3968  DXGKrnl - ok
08:45:54.0587 3968  [ 7505290504C8E2D172FA378CC0497BCC ] e1express      C:\Windows\system32\DRIVERS\e1e6032.sys
08:45:54.0920 3968  e1express - ok
08:45:55.0057 3968  [ F88FB26547FD2CE6D0A5AF2985892C48 ] E1G60          C:\Windows\system32\DRIVERS\E1G60I32.sys
08:45:55.0213 3968  E1G60 - ok
08:45:55.0315 3968  [ C0B95E40D85CD807D614E264248A45B9 ] EapHost        C:\Windows\System32\eapsvc.dll
08:45:55.0410 3968  EapHost - ok
08:45:55.0674 3968  [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache          C:\Windows\system32\drivers\ecache.sys
08:45:55.0758 3968  Ecache - ok
08:45:55.0957 3968  [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr        C:\Windows\ehome\ehRecvr.exe
08:45:56.0343 3968  ehRecvr - ok
08:45:56.0478 3968  [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched        C:\Windows\ehome\ehsched.exe
08:45:56.0766 3968  ehSched - ok
08:45:56.0852 3968  [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart        C:\Windows\ehome\ehstart.dll
08:45:56.0947 3968  ehstart - ok
08:45:57.0203 3968  [ E8F3F21A71720C84BCF423B80028359F ] elxstor        C:\Windows\system32\drivers\elxstor.sys
08:45:57.0408 3968  elxstor - ok
08:45:57.0824 3968  [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt        C:\Windows\system32\emdmgmt.dll
08:45:58.0365 3968  EMDMgmt - ok
08:45:58.0428 3968  [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem    C:\Windows\system32\es.dll
08:45:58.0491 3968  EventSystem - ok
08:45:58.0680 3968  [ F10E7AA8BDF4488E3DFA989B8E7F7C9F ] EvtEng          C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
08:45:58.0766 3968  EvtEng ( UnsignedFile.Multi.Generic ) - warning
08:45:58.0766 3968  EvtEng - detected UnsignedFile.Multi.Generic (1)
08:45:58.0834 3968  [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat          C:\Windows\system32\drivers\exfat.sys
08:45:58.0884 3968  exfat - ok
08:45:58.0941 3968  [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat        C:\Windows\system32\drivers\fastfat.sys
08:45:59.0013 3968  fastfat - ok
08:45:59.0059 3968  [ 63BDADA84951B9C03E641800E176898A ] fdc            C:\Windows\system32\DRIVERS\fdc.sys
08:45:59.0145 3968  fdc - ok
08:45:59.0199 3968  [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost        C:\Windows\system32\fdPHost.dll
08:45:59.0271 3968  fdPHost - ok
08:45:59.0298 3968  [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub        C:\Windows\system32\fdrespub.dll
08:45:59.0388 3968  FDResPub - ok
08:45:59.0419 3968  [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
08:45:59.0463 3968  FileInfo - ok
08:45:59.0485 3968  [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace      C:\Windows\system32\drivers\filetrace.sys
08:45:59.0529 3968  Filetrace - ok
08:45:59.0558 3968  [ 6603957EFF5EC62D25075EA8AC27DE68 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
08:45:59.0629 3968  flpydisk - ok
08:45:59.0693 3968  [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
08:45:59.0715 3968  FltMgr - ok
08:45:59.0854 3968  [ 8CE364388C8ECA59B14B539179276D44 ] FontCache      C:\Windows\system32\FntCache.dll
08:45:59.0988 3968  FontCache - ok
08:46:00.0084 3968  [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
08:46:00.0100 3968  FontCache3.0.0.0 - ok
08:46:00.0144 3968  [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
08:46:00.0193 3968  Fs_Rec - ok
08:46:00.0240 3968  [ 4E1CD0A45C50A8882616CAE5BF82F3C5 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
08:46:00.0273 3968  gagp30kx - ok
08:46:00.0317 3968  getPlusHelper - ok
08:46:00.0386 3968  [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc          C:\Windows\System32\gpsvc.dll
08:46:00.0521 3968  gpsvc - ok
08:46:00.0658 3968  [ 626A24ED1228580B9518C01930936DF9 ] gupdate1c9912216cfd88b C:\Program Files\Google\Update\GoogleUpdate.exe
08:46:00.0672 3968  gupdate1c9912216cfd88b - ok
08:46:00.0694 3968  [ 626A24ED1228580B9518C01930936DF9 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
08:46:00.0707 3968  gupdatem - ok
08:46:00.0762 3968  [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
08:46:00.0819 3968  HdAudAddService - ok
08:46:00.0942 3968  [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
08:46:01.0086 3968  HDAudBus - ok
08:46:01.0128 3968  [ FCB3F4BE408F72C1BD81BCABA87FC22F ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
08:46:01.0187 3968  HidBth - ok
08:46:01.0226 3968  [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr          C:\Windows\system32\drivers\hidir.sys
08:46:01.0303 3968  HidIr - ok
08:46:01.0340 3968  [ 84067081F3318162797385E11A8F0582 ] hidserv        C:\Windows\system32\hidserv.dll
08:46:01.0358 3968  hidserv - ok
08:46:01.0392 3968  [ CCA4B519B17E23A00B826C55716809CC ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
08:46:01.0441 3968  HidUsb - ok
08:46:01.0486 3968  [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc          C:\Windows\system32\kmsvc.dll
08:46:01.0552 3968  hkmsvc - ok
08:46:01.0575 3968  [ DF353B401001246853763C4B7AAA6F50 ] HpCISSs        C:\Windows\system32\drivers\hpcisss.sys
08:46:01.0609 3968  HpCISSs - ok
08:46:01.0821 3968  [ 53229DCF431D76434816CD29251168A0 ] HSF_DPV        C:\Windows\system32\DRIVERS\HSX_DPV.sys
08:46:01.0981 3968  HSF_DPV - ok
08:46:02.0002 3968  [ 31F949D452201F2F0AF0C88D7DB512CD ] HSXHWAZL        C:\Windows\system32\DRIVERS\HSXHWAZL.sys
08:46:02.0038 3968  HSXHWAZL - ok
08:46:02.0162 3968  [ F870AA3E254628EBEAFE754108D664DE ] HTTP            C:\Windows\system32\drivers\HTTP.sys
08:46:02.0271 3968  HTTP - ok
08:46:02.0302 3968  [ 324C2152FF2C61ABAE92D09F3CCA4D63 ] i2omp          C:\Windows\system32\drivers\i2omp.sys
08:46:02.0323 3968  i2omp - ok
08:46:02.0377 3968  [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
08:46:02.0417 3968  i8042prt - ok
08:46:02.0443 3968  [ C957BF4B5D80B46C5017BF0101E6C906 ] iaStorV        C:\Windows\system32\drivers\iastorv.sys
08:46:02.0464 3968  iaStorV - ok
08:46:02.0658 3968  [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT        C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
08:46:02.0683 3968  IDriverT ( UnsignedFile.Multi.Generic ) - warning
08:46:02.0683 3968  IDriverT - detected UnsignedFile.Multi.Generic (1)
08:46:02.0784 3968  [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc          C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
08:46:02.0845 3968  idsvc - ok
08:46:02.0900 3968  [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp          C:\Windows\system32\drivers\iirsp.sys
08:46:02.0935 3968  iirsp - ok
08:46:03.0139 3968  [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT          C:\Windows\System32\ikeext.dll
08:46:03.0197 3968  IKEEXT - ok
08:46:03.0278 3968  [ 83AA759F3189E6370C30DE5DC5590718 ] intelide        C:\Windows\system32\drivers\intelide.sys
08:46:03.0324 3968  intelide - ok
08:46:03.0408 3968  [ 224191001E78C89DFA78924C3EA595FF ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
08:46:03.0481 3968  intelppm - ok
08:46:03.0556 3968  [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum      C:\Windows\system32\ipbusenum.dll
08:46:03.0627 3968  IPBusEnum - ok
08:46:03.0644 3968  [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
08:46:03.0684 3968  IpFilterDriver - ok
08:46:03.0720 3968  [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
08:46:03.0774 3968  iphlpsvc - ok
08:46:03.0780 3968  IpInIp - ok
08:46:03.0857 3968  [ 40F34F8ABA2A015D780E4B09138B6C17 ] IPMIDRV        C:\Windows\system32\drivers\ipmidrv.sys
08:46:03.0920 3968  IPMIDRV - ok
08:46:03.0974 3968  [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT          C:\Windows\system32\DRIVERS\ipnat.sys
08:46:04.0093 3968  IPNAT - ok
08:46:04.0140 3968  [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
08:46:04.0170 3968  IRENUM - ok
08:46:04.0198 3968  [ 2F8ECE2699E7E2070545E9B0960A8ED2 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
08:46:04.0214 3968  isapnp - ok
08:46:04.0315 3968  [ 232FA340531D940AAC623B121A595034 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
08:46:04.0335 3968  iScsiPrt - ok
08:46:04.0367 3968  [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
08:46:04.0400 3968  iteatapi - ok
08:46:04.0418 3968  [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid        C:\Windows\system32\drivers\iteraid.sys
08:46:04.0433 3968  iteraid - ok
08:46:04.0473 3968  [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
08:46:04.0489 3968  kbdclass - ok
08:46:04.0583 3968  [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
08:46:04.0630 3968  kbdhid - ok
08:46:04.0668 3968  [ A3E186B4B935905B829219502557314E ] KeyIso          C:\Windows\system32\lsass.exe
08:46:04.0735 3968  KeyIso - ok
08:46:04.0857 3968  [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
08:46:04.0888 3968  KSecDD - ok
08:46:04.0995 3968  [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm          C:\Windows\system32\msdtckrm.dll
08:46:05.0086 3968  KtmRm - ok
08:46:05.0124 3968  [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer    C:\Windows\system32\srvsvc.dll
08:46:05.0184 3968  LanmanServer - ok
08:46:05.0244 3968  [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
08:46:05.0306 3968  LanmanWorkstation - ok
08:46:05.0345 3968  [ 4127E8B6DDB4090E815C1F8852C277D3 ] lirsgt          C:\Windows\system32\DRIVERS\lirsgt.sys
08:46:05.0359 3968  lirsgt - ok
08:46:05.0413 3968  [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
08:46:05.0482 3968  lltdio - ok
08:46:05.0514 3968  [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc        C:\Windows\System32\lltdsvc.dll
08:46:05.0561 3968  lltdsvc - ok
08:46:05.0601 3968  [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts        C:\Windows\System32\lmhsvc.dll
08:46:05.0651 3968  lmhosts - ok
08:46:05.0753 3968  [ A2262FB9F28935E862B4DB46438C80D2 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
08:46:05.0770 3968  LSI_FC - ok
08:46:05.0803 3968  [ 30D73327D390F72A62F32C103DAF1D6D ] LSI_SAS        C:\Windows\system32\drivers\lsi_sas.sys
08:46:05.0838 3968  LSI_SAS - ok
08:46:05.0871 3968  [ E1E36FEFD45849A95F1AB81DE0159FE3 ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
08:46:05.0887 3968  LSI_SCSI - ok
08:46:05.0942 3968  [ 8F5C7426567798E62A3B3614965D62CC ] luafv          C:\Windows\system32\drivers\luafv.sys
08:46:05.0988 3968  luafv - ok
08:46:06.0047 3968  [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc        C:\Windows\system32\Mcx2Svc.dll
08:46:06.0074 3968  Mcx2Svc - ok
08:46:06.0121 3968  [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk        C:\Windows\system32\DRIVERS\mdmxsdk.sys
08:46:06.0149 3968  mdmxsdk - ok
08:46:06.0171 3968  [ D153B14FC6598EAE8422A2037553ADCE ] megasas        C:\Windows\system32\drivers\megasas.sys
08:46:06.0192 3968  megasas - ok
08:46:06.0233 3968  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS          C:\Windows\system32\mmcss.dll
08:46:06.0285 3968  MMCSS - ok
08:46:06.0302 3968  [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem          C:\Windows\system32\drivers\modem.sys
08:46:06.0359 3968  Modem - ok
08:46:06.0410 3968  [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor        C:\Windows\system32\DRIVERS\monitor.sys
08:46:06.0454 3968  monitor - ok
08:46:06.0493 3968  [ 5BF6A1326A335C5298477754A506D263 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
08:46:06.0508 3968  mouclass - ok
08:46:06.0539 3968  [ 93B8D4869E12CFBE663915502900876F ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
08:46:06.0605 3968  mouhid - ok
08:46:06.0656 3968  [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
08:46:06.0692 3968  MountMgr - ok
08:46:06.0733 3968  [ 583A41F26278D9E0EA548163D6139397 ] mpio            C:\Windows\system32\drivers\mpio.sys
08:46:06.0749 3968  mpio - ok
08:46:06.0767 3968  [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
08:46:06.0825 3968  mpsdrv - ok
08:46:06.0884 3968  [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc          C:\Windows\system32\mpssvc.dll
08:46:06.0952 3968  MpsSvc - ok
08:46:06.0966 3968  [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
08:46:06.0983 3968  Mraid35x - ok
08:46:07.0019 3968  [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
08:46:07.0062 3968  MRxDAV - ok
08:46:07.0096 3968  [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
08:46:07.0157 3968  mrxsmb - ok
08:46:07.0201 3968  [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
08:46:07.0258 3968  mrxsmb10 - ok
08:46:07.0283 3968  [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
08:46:07.0300 3968  mrxsmb20 - ok
08:46:07.0323 3968  [ 0D1C042188FFE61A702A9DF5944DE5BA ] msahci          C:\Windows\system32\drivers\msahci.sys
08:46:07.0341 3968  msahci - ok
08:46:07.0358 3968  [ 3FC82A2AE4CC149165A94699183D3028 ] msdsm          C:\Windows\system32\drivers\msdsm.sys
08:46:07.0373 3968  msdsm - ok
08:46:07.0419 3968  [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC          C:\Windows\System32\msdtc.exe
08:46:07.0487 3968  MSDTC - ok
08:46:07.0521 3968  [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
08:46:07.0570 3968  Msfs - ok
08:46:07.0596 3968  [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
08:46:07.0614 3968  msisadrv - ok
08:46:07.0689 3968  [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI        C:\Windows\system32\iscsiexe.dll
08:46:07.0890 3968  MSiSCSI - ok
08:46:07.0899 3968  msiserver - ok
08:46:07.0946 3968  [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV        C:\Windows\system32\drivers\MSKSSRV.sys
08:46:07.0992 3968  MSKSSRV - ok
08:46:08.0052 3968  [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
08:46:08.0112 3968  MSPCLOCK - ok
08:46:08.0132 3968  [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM          C:\Windows\system32\drivers\MSPQM.sys
08:46:08.0161 3968  MSPQM - ok
08:46:08.0201 3968  [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC          C:\Windows\system32\drivers\MsRPC.sys
08:46:08.0218 3968  MsRPC - ok
08:46:08.0238 3968  [ E384487CB84BE41D09711C30CA79646C ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
08:46:08.0254 3968  mssmbios - ok
08:46:08.0290 3968  [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE          C:\Windows\system32\drivers\MSTEE.sys
08:46:08.0365 3968  MSTEE - ok
08:46:08.0385 3968  [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup            C:\Windows\system32\Drivers\mup.sys
08:46:08.0423 3968  Mup - ok
08:46:08.0507 3968  [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent        C:\Windows\system32\qagentRT.dll
08:46:08.0636 3968  napagent - ok
08:46:08.0738 3968  [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP    C:\Windows\system32\DRIVERS\nwifi.sys
08:46:08.0852 3968  NativeWifiP - ok
08:46:09.0050 3968  [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS            C:\Windows\system32\drivers\ndis.sys
08:46:09.0105 3968  NDIS - ok
08:46:09.0159 3968  [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
08:46:09.0223 3968  NdisTapi - ok
08:46:09.0239 3968  [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio        C:\Windows\system32\DRIVERS\ndisuio.sys
08:46:09.0283 3968  Ndisuio - ok
08:46:09.0307 3968  [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan        C:\Windows\system32\DRIVERS\ndiswan.sys
08:46:09.0347 3968  NdisWan - ok
08:46:09.0371 3968  [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy        C:\Windows\system32\drivers\NDProxy.sys
08:46:09.0418 3968  NDProxy - ok
08:46:09.0459 3968  [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS        C:\Windows\system32\DRIVERS\netbios.sys
08:46:09.0518 3968  NetBIOS - ok
08:46:09.0604 3968  [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt          C:\Windows\system32\DRIVERS\netbt.sys
08:46:09.0645 3968  netbt - ok
08:46:09.0679 3968  [ A3E186B4B935905B829219502557314E ] Netlogon        C:\Windows\system32\lsass.exe
08:46:09.0695 3968  Netlogon - ok
08:46:09.0797 3968  [ C8052711DAECC48B982434C5116CA401 ] Netman          C:\Windows\System32\netman.dll
08:46:09.0873 3968  Netman - ok
08:46:09.0944 3968  [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm        C:\Windows\System32\netprofm.dll
08:46:09.0995 3968  netprofm - ok
08:46:10.0034 3968  [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
08:46:10.0077 3968  NetTcpPortSharing - ok
08:46:10.0359 3968  [ 6522DD40A5F67CED020BD81B856613FB ] NETw4v32        C:\Windows\system32\DRIVERS\NETw4v32.sys
08:46:10.0523 3968  NETw4v32 - ok
08:46:10.0699 3968  [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960        C:\Windows\system32\drivers\nfrd960.sys
08:46:10.0756 3968  nfrd960 - ok
08:46:10.0794 3968  [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc          C:\Windows\System32\nlasvc.dll
08:46:10.0827 3968  NlaSvc - ok
08:46:10.0866 3968  [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
08:46:11.0005 3968  Npfs - ok
08:46:11.0086 3968  [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi            C:\Windows\system32\nsisvc.dll
08:46:11.0135 3968  nsi - ok
08:46:11.0158 3968  [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
08:46:11.0239 3968  nsiproxy - ok
08:46:11.0366 3968  [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
08:46:11.0425 3968  Ntfs - ok
08:46:11.0465 3968  [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi      C:\Windows\system32\drivers\ntrigdigi.sys
08:46:11.0607 3968  ntrigdigi - ok
08:46:11.0727 3968  [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null            C:\Windows\system32\drivers\Null.sys
08:46:11.0761 3968  Null - ok
08:46:12.0975 3968  [ DC89868592D74DE404406C9420C3F277 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
08:46:13.0873 3968  nvlddmkm - ok
08:46:13.0913 3968  [ E69E946F80C1C31C53003BFBF50CBB7C ] nvraid          C:\Windows\system32\drivers\nvraid.sys
08:46:13.0988 3968  nvraid - ok
08:46:14.0024 3968  [ 9E0BA19A28C498A6D323D065DB76DFFC ] nvstor          C:\Windows\system32\drivers\nvstor.sys
08:46:14.0070 3968  nvstor - ok
08:46:14.0101 3968  [ 055081FD5076401C1EE1BCAB08D81911 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
08:46:14.0170 3968  nv_agp - ok
08:46:14.0176 3968  NwlnkFlt - ok
08:46:14.0185 3968  NwlnkFwd - ok
08:46:14.0246 3968  [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
08:46:14.0339 3968  ohci1394 - ok
08:46:14.0407 3968  [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose            C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
08:46:14.0420 3968  ose - ok
08:46:14.0511 3968  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc        C:\Windows\system32\p2psvc.dll
08:46:14.0591 3968  p2pimsvc - ok
08:46:14.0611 3968  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc          C:\Windows\system32\p2psvc.dll
08:46:14.0641 3968  p2psvc - ok
08:46:14.0685 3968  [ 0FA9B5055484649D63C303FE404E5F4D ] Parport        C:\Windows\system32\drivers\parport.sys
08:46:14.0772 3968  Parport - ok
08:46:14.0812 3968  [ B9C2B89F08670E159F7181891E449CD9 ] partmgr        C:\Windows\system32\drivers\partmgr.sys
08:46:14.0830 3968  partmgr - ok
08:46:14.0846 3968  [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm          C:\Windows\system32\drivers\parvdm.sys
08:46:14.0937 3968  Parvdm - ok
08:46:14.0974 3968  [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc          C:\Windows\System32\pcasvc.dll
08:46:15.0020 3968  PcaSvc - ok
08:46:15.0099 3968  [ FD2041E9BA03DB7764B2248F02475079 ] pccsmcfd        C:\Windows\system32\DRIVERS\pccsmcfd.sys
08:46:15.0148 3968  pccsmcfd - ok
08:46:15.0200 3968  [ 941DC1D19E7E8620F40BBC206981EFDB ] pci            C:\Windows\system32\drivers\pci.sys
08:46:15.0230 3968  pci - ok
08:46:15.0267 3968  [ 54D23DC5B5072311116826FDB7F6E83E ] pciide          C:\Windows\system32\DRIVERS\pciide.sys
08:46:15.0283 3968  pciide - ok
08:46:15.0326 3968  [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
08:46:15.0344 3968  pcmcia - ok
08:46:15.0405 3968  [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
08:46:15.0541 3968  PEAUTH - ok
08:46:15.0679 3968  [ B1689DF169143F57053F795390C99DB3 ] pla            C:\Windows\system32\pla.dll
08:46:15.0748 3968  pla - ok
08:46:15.0814 3968  [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
08:46:15.0859 3968  PlugPlay - ok
08:46:15.0989 3968  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg    C:\Windows\system32\p2psvc.dll
08:46:16.0063 3968  PNRPAutoReg - ok
08:46:16.0078 3968  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc        C:\Windows\system32\p2psvc.dll
08:46:16.0132 3968  PNRPsvc - ok
08:46:16.0198 3968  [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent    C:\Windows\System32\ipsecsvc.dll
08:46:16.0235 3968  PolicyAgent - ok
08:46:16.0323 3968  [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
08:46:16.0398 3968  PptpMiniport - ok
08:46:16.0477 3968  [ 0E3CEF5D28B40CF273281D620C50700A ] Processor      C:\Windows\system32\drivers\processr.sys
08:46:16.0538 3968  Processor - ok
08:46:16.0580 3968  [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc        C:\Windows\system32\profsvc.dll
08:46:16.0609 3968  ProfSvc - ok
08:46:16.0624 3968  [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
08:46:16.0640 3968  ProtectedStorage - ok
08:46:16.0685 3968  [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
08:46:16.0730 3968  PSched - ok
08:46:16.0761 3968  [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20        C:\Windows\system32\Drivers\PxHelp20.sys
08:46:16.0799 3968  PxHelp20 - ok
08:46:16.0861 3968  [ CCDAC889326317792480C0A67156A1EC ] ql2300          C:\Windows\system32\drivers\ql2300.sys
08:46:16.0918 3968  ql2300 - ok
08:46:16.0972 3968  [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
08:46:16.0989 3968  ql40xx - ok
08:46:17.0047 3968  [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE          C:\Windows\system32\qwave.dll
08:46:17.0183 3968  QWAVE - ok
08:46:17.0223 3968  [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
08:46:17.0301 3968  QWAVEdrv - ok
08:46:17.0535 3968  [ A6201FD4D96F7FA7DB3AD609BE60FF5C ] R300            C:\Windows\system32\DRIVERS\atikmdag.sys
08:46:17.0691 3968  R300 - ok
08:46:17.0761 3968  [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
08:46:17.0817 3968  RasAcd - ok
08:46:17.0857 3968  [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto        C:\Windows\System32\rasauto.dll
08:46:17.0925 3968  RasAuto - ok
08:46:17.0969 3968  [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp        C:\Windows\system32\DRIVERS\rasl2tp.sys
08:46:18.0028 3968  Rasl2tp - ok
08:46:18.0071 3968  [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan          C:\Windows\System32\rasmans.dll
08:46:18.0119 3968  RasMan - ok
08:46:18.0146 3968  [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
08:46:18.0186 3968  RasPppoe - ok
08:46:18.0204 3968  [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp        C:\Windows\system32\DRIVERS\rassstp.sys
08:46:18.0235 3968  RasSstp - ok
08:46:18.0306 3968  [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss          C:\Windows\system32\DRIVERS\rdbss.sys
08:46:18.0354 3968  rdbss - ok
08:46:18.0377 3968  [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
08:46:18.0433 3968  RDPCDD - ok
08:46:18.0481 3968  [ 0245418224CFA77BF4B41C2FE0622258 ] rdpdr          C:\Windows\system32\drivers\rdpdr.sys
08:46:18.0528 3968  rdpdr - ok
08:46:18.0535 3968  [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
08:46:18.0565 3968  RDPENCDD - ok
08:46:18.0641 3968  [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD          C:\Windows\system32\drivers\RDPWD.sys
08:46:18.0713 3968  RDPWD - ok
08:46:18.0750 3968  [ 7274BD434B6165BAA382BDD87F6CA4CE ] RegSrvc        C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
08:46:18.0781 3968  RegSrvc ( UnsignedFile.Multi.Generic ) - warning
08:46:18.0781 3968  RegSrvc - detected UnsignedFile.Multi.Generic (1)
08:46:18.0835 3968  [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess    C:\Windows\System32\mprdim.dll
08:46:18.0885 3968  RemoteAccess - ok
08:46:18.0927 3968  [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry  C:\Windows\system32\regsvc.dll
08:46:18.0974 3968  RemoteRegistry - ok
08:46:19.0017 3968  [ 6482707F9F4DA0ECBAB43B2E0398A101 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
08:46:19.0067 3968  RFCOMM - ok
08:46:19.0100 3968  [ D85E3FA9F5B1F29BB4ED185C450D1470 ] rimmptsk        C:\Windows\system32\DRIVERS\rimmptsk.sys
08:46:19.0128 3968  rimmptsk - ok
08:46:19.0160 3968  [ DB8EB01C58C9FADA00C70B1775278AE0 ] rimsptsk        C:\Windows\system32\DRIVERS\rimsptsk.sys
08:46:19.0200 3968  rimsptsk - ok
08:46:19.0285 3968  [ 6C1F93C0760C9F79A1869D07233DF39D ] rismxdp        C:\Windows\system32\DRIVERS\rixdptsk.sys
08:46:19.0390 3968  rismxdp - ok
08:46:19.0603 3968  [ EBCDE8B48FADC6479D96A56D0A432160 ] RoxMediaDB9    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
08:46:19.0666 3968  RoxMediaDB9 ( UnsignedFile.Multi.Generic ) - warning
08:46:19.0666 3968  RoxMediaDB9 - detected UnsignedFile.Multi.Generic (1)
08:46:19.0710 3968  [ AB2B1DE1C8F31EFCE2384B14B3DC4260 ] RoxWatch9      C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
08:46:19.0730 3968  RoxWatch9 ( UnsignedFile.Multi.Generic ) - warning
08:46:19.0730 3968  RoxWatch9 - detected UnsignedFile.Multi.Generic (1)
08:46:19.0757 3968  [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator      C:\Windows\system32\locator.exe
08:46:19.0788 3968  RpcLocator - ok
08:46:19.0893 3968  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs          C:\Windows\system32\rpcss.dll
08:46:19.0930 3968  RpcSs - ok
08:46:20.0000 3968  [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
08:46:20.0045 3968  rspndr - ok
08:46:20.0055 3968  [ A3E186B4B935905B829219502557314E ] SamSs          C:\Windows\system32\lsass.exe
08:46:20.0072 3968  SamSs - ok
08:46:20.0116 3968  [ 3CE8F073A557E172B330109436984E30 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
08:46:20.0145 3968  sbp2port - ok
08:46:20.0165 3968  SBRE - ok
08:46:20.0207 3968  [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
08:46:20.0258 3968  SCardSvr - ok
08:46:20.0354 3968  [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule        C:\Windows\system32\schedsvc.dll
08:46:20.0443 3968  Schedule - ok
08:46:20.0475 3968  [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc    C:\Windows\System32\certprop.dll
08:46:20.0499 3968  SCPolicySvc - ok
08:46:20.0581 3968  [ 8F36B54688C31EED4580129040C6A3D3 ] sdbus          C:\Windows\system32\DRIVERS\sdbus.sys
08:46:20.0617 3968  sdbus - ok
08:46:20.0660 3968  [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
08:46:20.0731 3968  SDRSVC - ok
08:46:20.0749 3968  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
08:46:20.0820 3968  secdrv - ok
08:46:20.0848 3968  [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon        C:\Windows\system32\seclogon.dll
08:46:20.0892 3968  seclogon - ok
08:46:20.0939 3968  [ A9BBAB5759771E523F55563D6CBE140F ] SENS            C:\Windows\System32\sens.dll
08:46:20.0990 3968  SENS - ok
08:46:21.0010 3968  [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum        C:\Windows\system32\drivers\serenum.sys
08:46:21.0077 3968  Serenum - ok
08:46:21.0111 3968  [ C70D69A918B178D3C3B06339B40C2E1B ] Serial          C:\Windows\system32\drivers\serial.sys
08:46:21.0164 3968  Serial - ok
08:46:21.0205 3968  [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
08:46:21.0289 3968  sermouse - ok
08:46:21.0487 3968  [ E802089FEC30A95FDFD218995308F9B3 ] ServiceLayer    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
08:46:21.0530 3968  ServiceLayer - ok
08:46:21.0561 3968  [ D2193326F729B163125610DBF3E17D57 ] SessionEnv      C:\Windows\system32\sessenv.dll
08:46:21.0608 3968  SessionEnv - ok
08:46:21.0676 3968  [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk        C:\Windows\system32\DRIVERS\sffdisk.sys
08:46:21.0730 3968  sffdisk - ok
08:46:21.0776 3968  [ 8FD08A310645FE872EEEC6E08C6BF3EE ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
08:46:21.0858 3968  sffp_mmc - ok
08:46:21.0909 3968  [ 9F66A46C55D6F1CCABC79BB7AFCCC545 ] sffp_sd        C:\Windows\system32\DRIVERS\sffp_sd.sys
08:46:21.0933 3968  sffp_sd - ok
08:46:21.0971 3968  [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy        C:\Windows\system32\drivers\sfloppy.sys
08:46:22.0020 3968  sfloppy - ok
08:46:22.0133 3968  [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
08:46:22.0280 3968  SharedAccess - ok
08:46:22.0325 3968  [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
08:46:22.0390 3968  ShellHWDetection - ok
08:46:22.0427 3968  [ 08072B2FB92477FC813271A84B3A8698 ] sisagp          C:\Windows\system32\drivers\sisagp.sys
08:46:22.0444 3968  sisagp - ok
08:46:22.0457 3968  [ CEDD6F4E7D84E9F98B34B3FE988373AA ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
08:46:22.0472 3968  SiSRaid2 - ok
08:46:22.0485 3968  [ DF843C528C4F69D12CE41CE462E973A7 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
08:46:22.0502 3968  SiSRaid4 - ok
08:46:22.0701 3968  [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc          C:\Windows\system32\SLsvc.exe
08:46:22.0920 3968  slsvc - ok
08:46:22.0955 3968  [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify      C:\Windows\system32\SLUINotify.dll
08:46:23.0009 3968  SLUINotify - ok
08:46:23.0056 3968  [ 7B75299A4D201D6A6533603D6914AB04 ] Smb            C:\Windows\system32\DRIVERS\smb.sys
08:46:23.0089 3968  Smb - ok
08:46:23.0134 3968  [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
08:46:23.0151 3968  SNMPTRAP - ok
08:46:23.0200 3968  [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr          C:\Windows\system32\drivers\spldr.sys
08:46:23.0249 3968  spldr - ok
08:46:23.0317 3968  [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler        C:\Windows\System32\spoolsv.exe
08:46:23.0353 3968  Spooler - ok
08:46:23.0627 3968  [ D390675B8CE45E5FB359338E5E649329 ] sptd            C:\Windows\system32\Drivers\sptd.sys
08:46:23.0628 3968  Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: D390675B8CE45E5FB359338E5E649329
08:46:23.0631 3968  sptd ( LockedFile.Multi.Generic ) - warning
08:46:23.0631 3968  sptd - detected LockedFile.Multi.Generic (1)
08:46:23.0703 3968  [ 41987F9FC0E61ADF54F581E15029AD91 ] srv            C:\Windows\system32\DRIVERS\srv.sys
08:46:23.0770 3968  srv - ok
08:46:23.0896 3968  [ FF33AFF99564B1AA534F58868CBE41EF ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
08:46:23.0945 3968  srv2 - ok
08:46:23.0966 3968  [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
08:46:24.0037 3968  srvnet - ok
08:46:24.0116 3968  [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV        C:\Windows\System32\ssdpsrv.dll
08:46:24.0540 3968  SSDPSRV - ok
08:46:24.0683 3968  [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv          C:\Windows\system32\DRIVERS\ssmdrv.sys
08:46:24.0694 3968  ssmdrv - ok
08:46:24.0734 3968  [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc        C:\Windows\system32\sstpsvc.dll
08:46:24.0819 3968  SstpSvc - ok
08:46:24.0937 3968  [ 1B4052F016BA5E087689ABA536A0A927 ] ssudmdm        C:\Windows\system32\DRIVERS\ssudmdm.sys
08:46:24.0986 3968  ssudmdm - ok
08:46:25.0050 3968  [ 306521935042FC0A6988D528643619B3 ] StarOpen        C:\Windows\system32\drivers\StarOpen.sys
08:46:25.0073 3968  StarOpen ( UnsignedFile.Multi.Generic ) - warning
08:46:25.0073 3968  StarOpen - detected UnsignedFile.Multi.Generic (1)
08:46:25.0266 3968  [ 9CEA131B5EB0EA653F6B3EA80B54956D ] STHDA          C:\Windows\system32\drivers\stwrt.sys
08:46:25.0403 3968  STHDA - ok
08:46:25.0452 3968  [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc          C:\Windows\System32\wiaservc.dll
08:46:25.0502 3968  stisvc - ok
08:46:25.0573 3968  [ 51778FD315C9882F1CBD932743E62A72 ] stllssvr        C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
08:46:25.0610 3968  stllssvr ( UnsignedFile.Multi.Generic ) - warning
08:46:25.0610 3968  stllssvr - detected UnsignedFile.Multi.Generic (1)
08:46:25.0678 3968  [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
08:46:25.0693 3968  swenum - ok
08:46:25.0744 3968  [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv          C:\Windows\System32\swprv.dll
08:46:25.0796 3968  swprv - ok
08:46:25.0829 3968  [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx        C:\Windows\system32\drivers\symc8xx.sys
08:46:25.0855 3968  Symc8xx - ok
08:46:25.0873 3968  [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
08:46:25.0888 3968  Sym_hi - ok
08:46:25.0915 3968  [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
08:46:25.0945 3968  Sym_u3 - ok
08:46:25.0995 3968  [ 1F5192248A364D4AB68DB063D18A2139 ] SynTP          C:\Windows\system32\DRIVERS\SynTP.sys
08:46:26.0010 3968  SynTP - ok
08:46:26.0051 3968  [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain        C:\Windows\system32\sysmain.dll
08:46:26.0123 3968  SysMain - ok
08:46:26.0163 3968  [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
08:46:26.0198 3968  TabletInputService - ok
08:46:26.0267 3968  [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv        C:\Windows\System32\tapisrv.dll
08:46:26.0324 3968  TapiSrv - ok
08:46:26.0396 3968  [ CB05822CD9CC6C688168E113C603DBE7 ] TBS            C:\Windows\System32\tbssvc.dll
08:46:26.0445 3968  TBS - ok
08:46:26.0587 3968  [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip          C:\Windows\system32\drivers\tcpip.sys
08:46:26.0703 3968  Tcpip - ok
08:46:26.0755 3968  [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
08:46:26.0795 3968  Tcpip6 - ok
08:46:26.0901 3968  [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
08:46:26.0935 3968  tcpipreg - ok
08:46:26.0959 3968  [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
08:46:27.0012 3968  TDPIPE - ok
08:46:27.0029 3968  [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP          C:\Windows\system32\drivers\tdtcp.sys
08:46:27.0083 3968  TDTCP - ok
08:46:27.0130 3968  [ 76B06EB8A01FC8624D699E7045303E54 ] tdx            C:\Windows\system32\DRIVERS\tdx.sys
08:46:27.0178 3968  tdx - ok
08:46:27.0222 3968  [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
08:46:27.0238 3968  TermDD - ok
08:46:27.0437 3968  [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService    C:\Windows\System32\termsrv.dll
08:46:27.0591 3968  TermService - ok
08:46:27.0682 3968  [ C7230FBEE14437716701C15BE02C27B8 ] Themes          C:\Windows\system32\shsvcs.dll
08:46:27.0703 3968  Themes - ok
08:46:27.0710 3968  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER    C:\Windows\system32\mmcss.dll
08:46:27.0740 3968  THREADORDER - ok
08:46:27.0776 3968  [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks          C:\Windows\System32\trkwks.dll
08:46:27.0832 3968  TrkWks - ok
08:46:27.0942 3968  [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
08:46:27.0978 3968  TrustedInstaller - ok
08:46:28.0019 3968  [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
08:46:28.0080 3968  tssecsrv - ok
08:46:28.0146 3968  [ 6A29CD69D1128BDF49A705BEFC614A5B ] TuneUp.Defrag  C:\Windows\System32\TuneUpDefragService.exe
08:46:28.0182 3968  TuneUp.Defrag - ok
08:46:28.0371 3968  [ 51EE2913ED525DE18FDA96DCCBC5386A ] TuneUp.ProgramStatisticsSvc C:\Windows\System32\TUProgSt.exe
08:46:28.0408 3968  TuneUp.ProgramStatisticsSvc - ok
08:46:28.0467 3968  [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp          C:\Windows\system32\DRIVERS\tunmp.sys
08:46:28.0483 3968  tunmp - ok
08:46:28.0521 3968  [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
08:46:28.0558 3968  tunnel - ok
08:46:28.0590 3968  [ C3ADE15414120033A36C0F293D4A4121 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
08:46:28.0620 3968  uagp35 - ok
08:46:28.0726 3968  [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
08:46:28.0799 3968  udfs - ok
08:46:28.0830 3968  [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect      C:\Windows\system32\UI0Detect.exe
08:46:28.0862 3968  UI0Detect - ok
08:46:28.0881 3968  [ 6D72EF05921ABDF59FC45C7EBFE7E8DD ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
08:46:28.0914 3968  uliagpkx - ok
08:46:28.0945 3968  [ 3CD4EA35A6221B85DCC25DAA46313F8D ] uliahci        C:\Windows\system32\drivers\uliahci.sys
08:46:28.0967 3968  uliahci - ok
08:46:28.0986 3968  [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata          C:\Windows\system32\drivers\ulsata.sys
08:46:29.0003 3968  UlSata - ok
08:46:29.0020 3968  [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2        C:\Windows\system32\drivers\ulsata2.sys
08:46:29.0037 3968  ulsata2 - ok
08:46:29.0058 3968  [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus          C:\Windows\system32\DRIVERS\umbus.sys
08:46:29.0088 3968  umbus - ok
08:46:29.0224 3968  [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost        C:\Windows\System32\upnphost.dll
08:46:29.0258 3968  upnphost - ok
08:46:29.0358 3968  [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp        C:\Windows\system32\DRIVERS\usbccgp.sys
08:46:29.0414 3968  usbccgp - ok
08:46:29.0453 3968  [ E9476E6C486E76BC4898074768FB7131 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
08:46:29.0538 3968  usbcir - ok
08:46:29.0592 3968  [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci        C:\Windows\system32\DRIVERS\usbehci.sys
08:46:29.0616 3968  usbehci - ok
08:46:29.0663 3968  [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
08:46:29.0801 3968  usbhub - ok
08:46:29.0895 3968  [ 38DBC7DD6CC5A72011F187425384388B ] usbohci        C:\Windows\system32\drivers\usbohci.sys
08:46:30.0013 3968  usbohci - ok
08:46:30.0088 3968  [ B51E52ACF758BE00EF3A58EA452FE360 ] usbprint        C:\Windows\system32\drivers\usbprint.sys
08:46:30.0139 3968  usbprint - ok
08:46:30.0306 3968  [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR        C:\Windows\system32\DRIVERS\USBSTOR.SYS
08:46:30.0404 3968  USBSTOR - ok
08:46:30.0501 3968  [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci        C:\Windows\system32\DRIVERS\usbuhci.sys
08:46:30.0556 3968  usbuhci - ok
08:46:30.0597 3968  [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms          C:\Windows\System32\uxsms.dll
08:46:30.0637 3968  UxSms - ok
08:46:30.0675 3968  [ 2E2E93041C8058BC7DE6F0D743C4A0C6 ] UxTuneUp        C:\Windows\System32\uxtuneup.dll
08:46:30.0688 3968  UxTuneUp - ok
08:46:30.0750 3968  [ CD88D1B7776DC17A119049742EC07EB4 ] vds            C:\Windows\System32\vds.exe
08:46:30.0800 3968  vds - ok
08:46:30.0857 3968  [ 7D92BE0028ECDEDEC74617009084B5EF ] vga            C:\Windows\system32\DRIVERS\vgapnp.sys
08:46:30.0928 3968  vga - ok
08:46:30.0986 3968  [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave        C:\Windows\System32\drivers\vga.sys
08:46:31.0034 3968  VgaSave - ok
08:46:31.0059 3968  [ D5929A28BDFF4367A12CAF06AF901971 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
08:46:31.0093 3968  viaagp - ok
08:46:31.0126 3968  [ 56A4DE5F02F2E88182B0981119B4DD98 ] ViaC7          C:\Windows\system32\drivers\viac7.sys
08:46:31.0192 3968  ViaC7 - ok
08:46:31.0225 3968  [ C0ACE9D0F5A5EE0B00F58345947A57FC ] viaide          C:\Windows\system32\drivers\viaide.sys
08:46:31.0242 3968  viaide - ok
08:46:31.0277 3968  [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
08:46:31.0316 3968  volmgr - ok
08:46:31.0391 3968  [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx        C:\Windows\system32\drivers\volmgrx.sys
08:46:31.0431 3968  volmgrx - ok
08:46:31.0519 3968  [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap        C:\Windows\system32\drivers\volsnap.sys
08:46:31.0542 3968  volsnap - ok
08:46:31.0568 3968  [ D984439746D42B30FC65A4C3546C6829 ] vsmraid        C:\Windows\system32\drivers\vsmraid.sys
08:46:31.0603 3968  vsmraid - ok
08:46:31.0764 3968  [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS            C:\Windows\system32\vssvc.exe
08:46:31.0857 3968  VSS - ok
08:46:31.0925 3968  [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time        C:\Windows\system32\w32time.dll
08:46:31.0992 3968  W32Time - ok
08:46:32.0064 3968  [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
08:46:32.0145 3968  WacomPen - ok
08:46:32.0205 3968  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
08:46:32.0243 3968  Wanarp - ok
08:46:32.0249 3968  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
08:46:32.0274 3968  Wanarpv6 - ok
08:46:32.0517 3968  [ A3CD60FD826381B49F03832590E069AF ] wcncsvc        C:\Windows\System32\wcncsvc.dll
08:46:32.0663 3968  wcncsvc - ok
08:46:32.0751 3968  [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
08:46:32.0794 3968  WcsPlugInService - ok
08:46:32.0859 3968  [ AFC5AD65B991C1E205CF25CFDBF7A6F4 ] Wd              C:\Windows\system32\drivers\wd.sys
08:46:32.0874 3968  Wd - ok
08:46:33.0078 3968  [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
08:46:33.0123 3968  Wdf01000 - ok
08:46:33.0193 3968  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
08:46:33.0245 3968  WdiServiceHost - ok
08:46:33.0250 3968  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost  C:\Windows\system32\wdi.dll
08:46:33.0283 3968  WdiSystemHost - ok
08:46:33.0335 3968  [ 04C37D8107320312FBAE09926103D5E2 ] WebClient      C:\Windows\System32\webclnt.dll
08:46:33.0356 3968  WebClient - ok
08:46:33.0404 3968  [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc          C:\Windows\system32\wecsvc.dll
08:46:33.0464 3968  Wecsvc - ok
08:46:33.0496 3968  [ 670FF720071ED741206D69BD995EA453 ] wercplsupport  C:\Windows\System32\wercplsupport.dll
08:46:33.0541 3968  wercplsupport - ok
08:46:33.0584 3968  [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc          C:\Windows\System32\WerSvc.dll
08:46:33.0628 3968  WerSvc - ok
08:46:33.0709 3968  [ 6D2350BB6E77E800FC4BE4E5B7A2E89A ] winachsf        C:\Windows\system32\DRIVERS\HSX_CNXT.sys
08:46:33.0750 3968  winachsf - ok
08:46:33.0931 3968  [ 4575AA12561C5648483403541D0D7F2B ] WinDefend      C:\Program Files\Windows Defender\mpsvc.dll
08:46:33.0955 3968  WinDefend - ok
08:46:33.0963 3968  WinHttpAutoProxySvc - ok
08:46:34.0163 3968  [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt        C:\Windows\system32\wbem\WMIsvc.dll
08:46:34.0205 3968  Winmgmt - ok
08:46:34.0420 3968  [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM          C:\Windows\system32\WsmSvc.dll
08:46:34.0563 3968  WinRM - ok
08:46:34.0651 3968  [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc        C:\Windows\System32\wlansvc.dll
08:46:34.0721 3968  Wlansvc - ok
08:46:34.0764 3968  [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi        C:\Windows\system32\DRIVERS\wmiacpi.sys
08:46:34.0834 3968  WmiAcpi - ok
08:46:34.0892 3968  [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
08:46:35.0004 3968  wmiApSrv - ok
08:46:35.0117 3968  [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc  C:\Program Files\Windows Media Player\wmpnetwk.exe
08:46:35.0245 3968  WMPNetworkSvc - ok
08:46:35.0299 3968  [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
08:46:35.0449 3968  WPCSvc - ok
08:46:35.0559 3968  [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
08:46:35.0638 3968  WPDBusEnum - ok
08:46:35.0703 3968  [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb          C:\Windows\system32\DRIVERS\wpdusb.sys
08:46:35.0829 3968  WpdUsb - ok
08:46:36.0063 3968  [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
08:46:36.0095 3968  WPFFontCache_v0400 - ok
08:46:36.0133 3968  [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl        C:\Windows\system32\drivers\ws2ifsl.sys
08:46:36.0178 3968  ws2ifsl - ok
08:46:36.0212 3968  [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc          C:\Windows\System32\wscsvc.dll
08:46:36.0241 3968  wscsvc - ok
08:46:36.0249 3968  WSearch - ok
08:46:36.0438 3968  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
08:46:36.0529 3968  wuauserv - ok
08:46:36.0649 3968  [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
08:46:36.0681 3968  WUDFRd - ok
08:46:36.0721 3968  [ 575A4190D989F64732119E4114045A4F ] wudfsvc        C:\Windows\System32\WUDFSvc.dll
08:46:36.0754 3968  wudfsvc - ok
08:46:36.0793 3968  [ 5A7FF9A18FF6D7E0527FE3ABF9204EF8 ] XAudio          C:\Windows\system32\DRIVERS\xaudio.sys
08:46:36.0820 3968  XAudio - ok
08:46:36.0876 3968  [ 28DC5D626E036A75A572556F0A6EB1F6 ] XAudioService  C:\Windows\system32\DRIVERS\xaudio.exe
08:46:36.0896 3968  XAudioService - ok
08:46:36.0954 3968  ================ Scan global ===============================
08:46:37.0022 3968  [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
08:46:37.0140 3968  [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
08:46:37.0224 3968  [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
08:46:37.0354 3968  [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
08:46:37.0358 3968  [Global] - ok
08:46:37.0359 3968  ================ Scan MBR ==================================
08:46:37.0378 3968  [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
08:46:38.0514 3968  \Device\Harddisk0\DR0 - ok
08:46:38.0516 3968  ================ Scan VBR ==================================
08:46:38.0545 3968  [ CAD60F4449ACA2C65347DAD7024CC1A6 ] \Device\Harddisk0\DR0\Partition1
08:46:38.0576 3968  \Device\Harddisk0\DR0\Partition1 - ok
08:46:38.0597 3968  [ ECBD938FC5C24153E16F139973F09DF4 ] \Device\Harddisk0\DR0\Partition2
08:46:38.0599 3968  \Device\Harddisk0\DR0\Partition2 - ok
08:46:38.0600 3968  ============================================================
08:46:38.0600 3968  Scan finished
08:46:38.0600 3968  ============================================================
08:46:38.0615 3584  Detected object count: 8
08:46:38.0616 3584  Actual detected object count: 8
08:49:38.0753 3584  EvtEng ( UnsignedFile.Multi.Generic ) - skipped by user
08:49:38.0753 3584  EvtEng ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:49:38.0756 3584  IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
08:49:38.0756 3584  IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:49:38.0760 3584  RegSrvc ( UnsignedFile.Multi.Generic ) - skipped by user
08:49:38.0760 3584  RegSrvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:49:38.0763 3584  RoxMediaDB9 ( UnsignedFile.Multi.Generic ) - skipped by user
08:49:38.0763 3584  RoxMediaDB9 ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:49:38.0763 3584  RoxWatch9 ( UnsignedFile.Multi.Generic ) - skipped by user
08:49:38.0763 3584  RoxWatch9 ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:49:38.0766 3584  sptd ( LockedFile.Multi.Generic ) - skipped by user
08:49:38.0766 3584  sptd ( LockedFile.Multi.Generic ) - User select action: Skip
08:49:38.0769 3584  StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user
08:49:38.0769 3584  StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:49:38.0772 3584  stllssvr ( UnsignedFile.Multi.Generic ) - skipped by user
08:49:38.0772 3584  stllssvr ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:49:42.0717 1908  Deinitialize success
Situation unverändert, I-Explorer noch nicht einsatzfähig...

cosinus 07.10.2012 09:16
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Joshua1966 07.10.2012 09:56
Das log von Combofix:

Code:
ComboFix 12-10-04.02 - Wolfgang 07.10.2012  10:42:06.1.2 - x86
Microsoft® Windows Vista™ Home Premium  6.0.6002.2.1252.49.1031.18.3070.2007 [GMT 2:00]
ausgeführt von:: c:\users\Standart\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\version.txt
c:\programdata\CB031D1D89.sys
c:\programdata\Roaming
c:\programdata\Roaming\Intel\Wireless\Settings\Settings.ini
c:\users\Standart\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Vista Recovery
c:\users\Standart\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Vista Recovery\Uninstall Windows Vista Recovery.lnk
c:\users\Standart\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Vista Recovery\Windows Vista Recovery.lnk
c:\users\Standart\AppData\Roaming\Niomd
c:\users\Standart\AppData\Roaming\Niomd\ofoq.owk
c:\users\Wolfgang\AppData\Roaming\inst.exe
c:\windows\IsUn0407.exe
c:\windows\iun6002.exe
c:\windows\system32\muzapp.exe
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-09-07 bis 2012-10-07  ))))))))))))))))))))))))))))))
.
.
2012-10-07 08:49 . 2012-10-07 08:49        --------        d-----w-        c:\users\Wolfgang\AppData\Local\temp
2012-10-07 08:49 . 2012-10-07 08:49        --------        d-----w-        c:\users\Wolfgang.Joshua\AppData\Local\temp
2012-10-07 08:49 . 2012-10-07 08:49        --------        d-----w-        c:\users\TEMP\AppData\Local\temp
2012-10-07 08:49 . 2012-10-07 08:49        --------        d-----w-        c:\users\TEMP.Joshua\AppData\Local\temp
2012-10-07 06:39 . 2012-10-07 06:39        --------        d-----w-        C:\TDSSKiller_Quarantine
2012-10-05 15:38 . 2012-10-05 15:38        --------        d-----w-        C:\_OTL
2012-10-02 10:09 . 2012-10-02 10:09        --------        d-----w-        c:\program files\ESET
2012-10-02 10:05 . 2012-10-02 10:05        --------        d-----w-        c:\users\Wolfgang.Joshua.000\AppData\Roaming\Avira
2012-10-02 10:02 . 2012-10-02 10:02        --------        d-----w-        c:\users\Wolfgang.Joshua.000\AppData\Local\Mozilla
2012-10-02 10:01 . 2012-10-02 11:03        --------        d-----w-        c:\users\Wolfgang.Joshua.000\AppData\Local\PasswordSafe
2012-09-29 14:45 . 2012-10-05 15:40        --------        d-----w-        c:\users\Standart\AppData\Roaming\Refi
2012-09-29 11:27 . 2012-09-29 11:27        --------        d-----w-        c:\users\Standart\AppData\Local\Winamp Toolbar
2012-09-29 08:09 . 2012-09-29 08:09        --------        d-----w-        c:\users\Standart\AppData\Roaming\phonostar GmbH
2012-09-29 07:47 . 2012-09-29 07:47        --------        d-----w-        c:\users\Standart\AppData\Roaming\streamripper
2012-09-29 07:45 . 2012-09-29 08:05        --------        d-----w-        c:\users\Standart\AppData\Roaming\Winamp
2012-09-29 07:43 . 2009-09-04 15:29        1892184        ----a-w-        c:\windows\system32\D3DX9_42.dll
2012-09-29 07:40 . 2012-09-29 07:40        --------        d-----w-        c:\program files\Common Files\PX Storage Engine
2012-09-29 07:40 . 2012-09-29 11:44        --------        d-----w-        c:\program files\Winamp
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-07 15:04 . 2012-04-20 18:07        22856        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-08-21 15:09 . 2012-08-21 15:09        696520        ----a-w-        c:\windows\system32\FlashPlayerApp.exe
2012-08-21 15:09 . 2011-06-02 08:18        73416        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-25 16:24 . 2011-07-12 17:36        134104        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-10 1233920]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-17 815104]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-10-04 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-10-04 8497696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-10-04 81920]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2007-10-04 86016]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-09 348664]
.
c:\users\Wolfgang.Joshua.000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Password Safe.lnk - c:\program files\Password Safe\pwsafe.exe [2012-6-21 3825152]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Printkey2000.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Printkey2000.lnk
backup=c:\windows\pss\Printkey2000.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Wolfgang^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^BUFFALO NAS Navigator.lnk]
path=c:\users\Wolfgang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BUFFALO NAS Navigator.lnk
backup=c:\windows\pss\BUFFALO NAS Navigator.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-15 00:04        39792        ----a-w-        c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
2007-09-18 14:16        171464        ----a-w-        c:\program files\DAEMON Tools\daemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesHelper]
2011-11-29 19:58        935312        ----a-w-        c:\program files\Samsung\Kies\KiesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent]
2011-11-29 19:58        3508624        ----a-w-        c:\program files\Samsung\Kies\KiesTrayAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2006-11-05 10:22        221184        ----a-w-        c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-06-02 09:56        24264488        ----a-r-        c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-04-08 10:59        254696        ----a-w-        c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
S2 acedrv10;acedrv10;c:\windows\system32\drivers\acedrv10.sys [x]
S2 acehlp10;acehlp10;c:\windows\system32\drivers\acehlp10.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs        REG_MULTI_SZ          BthServ
getPlusHelper        REG_MULTI_SZ          getPlusHelper
LocalServiceAndNoImpersonation        REG_MULTI_SZ          FontCache
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
Inhalt des "geplante Tasks" Ordners
.
2012-10-07 c:\windows\Tasks\1-Klick-Wartung.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-11-16 11:45]
.
2012-10-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-17 17:06]
.
2012-10-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-17 17:06]
.
2012-10-07 c:\windows\Tasks\User_Feed_Synchronization-{2AACFABE-3B33-4DAF-B213-B138ADF0F46B}.job
- c:\windows\system32\msfeedssync.exe [2011-04-17 06:57]
.
2012-10-07 c:\windows\Tasks\User_Feed_Synchronization-{8B064243-A5B6-4219-86F7-5D7CF3E2AFC6}.job
- c:\windows\system32\msfeedssync.exe [2011-04-17 06:57]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
TCP: Interfaces\{2FF582BE-CF30-47B1-892B-CFCD9A4900A2}: NameServer = 192.168.2.1
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab
FF - ProfilePath - c:\users\Wolfgang.Joshua.000\AppData\Roaming\Mozilla\Firefox\Profiles\0pv0bhrv.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-RunOnce-OTL - c:\users\Standart\Desktop\OTL.exe
MSConfigStartUp-AnyDVD - c:\program files\SlySoft\AnyDVD\AnyDVD.exe
MSConfigStartUp-Google Desktop Search - c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
MSConfigStartUp-NokiaMusic FastStart - c:\program files\Nokia\Ovi Player\NokiaOviPlayer.exe
MSConfigStartUp-NokiaOviSuite2 - c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
MSConfigStartUp-PC Suite Tray - c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-10-07 10:49
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2012-10-07  10:52:23
ComboFix-quarantined-files.txt  2012-10-07 08:52
.
Vor Suchlauf: 19 Verzeichnis(se), 22.494.519.296 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 22.215.032.832 Bytes frei
.
- - End Of File - - 656E35314096A82FF70B30213AEDDDB4

cosinus 07.10.2012 18:05
Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

Joshua1966 07.10.2012 20:33
Alles ohne große Probleme erledigt, hier der Scan von GMER:
Code:
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-10-07 21:03:07
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 SAMSUNG_HM120JI rev.YF100-15
Running: 5hofgytt.exe; Driver: C:\Users\WOLFGA~1.000\AppData\Local\Temp\pwldypow.sys


---- System - GMER 1.0.15 ----

SSDT            900893BE                                                                                                            ZwCreateSection
SSDT            900893C8                                                                                                            ZwRequestWaitReplyPort
SSDT            900893C3                                                                                                            ZwSetContextThread
SSDT            900893CD                                                                                                            ZwSetSecurityObject
SSDT            900893D2                                                                                                            ZwSystemDebugControl
SSDT            9008935F                                                                                                            ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text          ntkrnlpa.exe!KeSetEvent + 215                                                                                        822F08D8 4 Bytes  [BE, 93, 08, 90]
.text          ntkrnlpa.exe!KeSetEvent + 539                                                                                        822F0BFC 4 Bytes  [C8, 93, 08, 90] {ENTER 0x893, 0x90}
.text          ntkrnlpa.exe!KeSetEvent + 56D                                                                                        822F0C30 4 Bytes  [C3, 93, 08, 90]
.text          ntkrnlpa.exe!KeSetEvent + 5D1                                                                                        822F0C94 4 Bytes  [CD, 93, 08, 90]
.text          ntkrnlpa.exe!KeSetEvent + 619                                                                                        822F0CDC 4 Bytes  [D2, 93, 08, 90]
.text          ...                                                                                                                 
?              C:\Windows\System32\Drivers\sptd.sys                                                                                Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
.text          C:\Windows\system32\DRIVERS\nvlddmkm.sys                                                                            section is writeable [0x8EE07360, 0x35B8D2, 0xE8000020]
.text          USBPORT.SYS!DllUnload                                                                                                8F86A41B 5 Bytes  JMP 8652F538
.reloc          C:\Windows\system32\drivers\acehlp10.sys                                                                            section is executable [0x8F99CB80, 0x37FC7, 0xE0000060]
.text          a7bjv531.SYS                                                                                                        8A581000 22 Bytes  [82, 83, 21, 82, 6C, 82, 21, ...]
.text          a7bjv531.SYS                                                                                                        8A581017 106 Bytes  [00, 32, 57, 77, 80, 3D, 55, ...]
.text          a7bjv531.SYS                                                                                                        8A581082 74 Bytes  [25, 82, F8, AD, 2E, 82, E6, ...]
.text          a7bjv531.SYS                                                                                                        8A5810CE 73 Bytes  [00, 00, 00, 00, 01, C2, 03, ...]
.text          a7bjv531.SYS                                                                                                        8A581118 185 Bytes  [3F, 48, 3E, 8A, 3C, CC, 3D, ...]
.text          ...                                                                                                                 
.reloc          C:\Windows\system32\drivers\acedrv10.sys                                                                            section is executable [0xA12FF000, 0x459C1, 0xE0000060]
.text          C:\Windows\system32\DRIVERS\atksgt.sys                                                                              section is writeable [0xA1345300, 0x3ACC8, 0xE8000020]
.text          C:\Windows\system32\DRIVERS\lirsgt.sys                                                                              section is writeable [0xA1388300, 0x1B7E, 0xE8000020]
?              C:\Users\WOLFGA~1.000\AppData\Local\Temp\inyafakj.sys                                                                Das System kann die angegebene Datei nicht finden. !

---- User code sections - GMER 1.0.15 ----

.text          C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[3128] ntdll.dll!DbgUiRemoteBreakin                77DBCD44 1 Byte  [C3]
.text          C:\Program Files\Mozilla Firefox\plugin-container.exe[3748] USER32.dll!SetWindowLongA                                7645E7CD 5 Bytes  JMP 616FA2FB C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text          C:\Program Files\Mozilla Firefox\plugin-container.exe[3748] USER32.dll!SetWindowLongW                                764613B4 5 Bytes  JMP 616FA28D C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text          C:\Program Files\Mozilla Firefox\plugin-container.exe[3748] USER32.dll!GetWindowInfo                                7646428E 5 Bytes  JMP 61501BD2 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text          C:\Program Files\Mozilla Firefox\plugin-container.exe[3748] USER32.dll!TrackPopupMenu                                764714F3 5 Bytes  JMP 6150219D C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text          C:\Program Files\Mozilla Firefox\firefox.exe[4024] ntdll.dll!LdrLoadDll                                              77D59378 5 Bytes  JMP 00F91410 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT            \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar]                                            [8068261E] \SystemRoot\System32\Drivers\sptd.sys
IAT            \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar]                                            [80681AD4] \SystemRoot\System32\Drivers\sptd.sys
IAT            \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort]                                    [80682748] \SystemRoot\System32\Drivers\sptd.sys
IAT            \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort]                                            [80681B9C] \SystemRoot\System32\Drivers\sptd.sys
IAT            \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort]                                      [80681C1A] \SystemRoot\System32\Drivers\sptd.sys
IAT            \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR]                                                  [8069729A] \SystemRoot\System32\Drivers\sptd.sys
IAT            \SystemRoot\System32\Drivers\a7bjv531.SYS[ataport.SYS!AtaPortNotification]                                          000000DC
IAT            \SystemRoot\System32\Drivers\a7bjv531.SYS[ataport.SYS!AtaPortWritePortUchar]                                        000000A2
IAT            \SystemRoot\System32\Drivers\a7bjv531.SYS[ataport.SYS!AtaPortWritePortUlong]                                        00000333
IAT            \SystemRoot\System32\Drivers\a7bjv531.SYS[ataport.SYS!AtaPortGetPhysicalAddress]                                    000003D8
IAT            \SystemRoot\System32\Drivers\a7bjv531.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong]                          0000024D
IAT            \SystemRoot\System32\Drivers\a7bjv531.SYS[ataport.SYS!AtaPortGetScatterGatherList]                                  00000201
IAT            \SystemRoot\System32\Drivers\a7bjv531.SYS[ataport.SYS!AtaPortReadPortUchar]                                          000001EF
IAT            \SystemRoot\System32\Drivers\a7bjv531.SYS[ataport.SYS!AtaPortStallExecution]                                        0000031F
IAT            \SystemRoot\System32\Drivers\a7bjv531.SYS[ataport.SYS!AtaPortGetParentBusType]                                      000000A1
IAT            \SystemRoot\System32\Drivers\a7bjv531.SYS[ataport.SYS!AtaPortRequestCallback]                                        0000025C
IAT            \SystemRoot\System32\Drivers\a7bjv531.SYS[ataport.SYS!AtaPortWritePortBufferUshort]                                  000003BE
IAT            \SystemRoot\System32\Drivers\a7bjv531.SYS[ataport.SYS!AtaPortGetUnCachedExtension]                                  00000215
IAT            \SystemRoot\System32\Drivers\a7bjv531.SYS[ataport.SYS!AtaPortCompleteRequest]                                        000000DD
IAT            \SystemRoot\System32\Drivers\a7bjv531.SYS[ataport.SYS!AtaPortMoveMemory]                                            00000190
IAT            \SystemRoot\System32\Drivers\a7bjv531.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests]                              00000182
IAT            \SystemRoot\System32\Drivers\a7bjv531.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb]                                00000363
IAT            \SystemRoot\System32\Drivers\a7bjv531.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb]                                  00000258
IAT            \SystemRoot\System32\Drivers\a7bjv531.SYS[ataport.SYS!AtaPortReadPortUshort]                                        0000030E
IAT            \SystemRoot\System32\Drivers\a7bjv531.SYS[ataport.SYS!AtaPortReadPortBufferUshort]                                  0000017E
IAT            \SystemRoot\System32\Drivers\a7bjv531.SYS[ataport.SYS!AtaPortInitialize]                                            00000254
IAT            \SystemRoot\System32\Drivers\a7bjv531.SYS[ataport.SYS!AtaPortGetDeviceBase]                                          0000019E
IAT            \SystemRoot\System32\Drivers\a7bjv531.SYS[ataport.SYS!AtaPortDeviceStateChange]                                      000000AB

---- Devices - GMER 1.0.15 ----

Device          \FileSystem\Ntfs \Ntfs                                                                                              84B771E8
Device          \FileSystem\fastfat \FatCdrom                                                                                        89997528

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                                              Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)

Device          \Driver\volmgr \Device\VolMgrControl                                                                                84B741E8
Device          \Driver\usbuhci \Device\USBPDO-0                                                                                    8661D530
Device          \Driver\usbuhci \Device\USBPDO-1                                                                                    8661D530
Device          \Driver\PCI_NTPNP5717 \Device\00000052                                                                              sptd.sys
Device          \Driver\usbuhci \Device\USBPDO-2                                                                                    8661D530
Device          \Driver\usbuhci \Device\USBPDO-3                                                                                    8661D530
Device          \Driver\usbehci \Device\USBPDO-4                                                                                    8660F790
Device          \Driver\volmgr \Device\HarddiskVolume1                                                                              84B741E8
Device          \Driver\volmgr \Device\HarddiskVolume2                                                                              84B741E8
Device          \Driver\cdrom \Device\CdRom0                                                                                        8659B1E8
Device          \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0                                                                          84B761E8
Device          \Driver\atapi \Device\Ide\IdePort0                                                                                  84B761E8
Device          \Driver\atapi \Device\Ide\IdePort1                                                                                  84B761E8
Device          \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1                                                                          84B761E8
Device          \Driver\volmgr \Device\HarddiskVolume3                                                                              84B741E8
Device          \Driver\cdrom \Device\CdRom1                                                                                        8659B1E8
Device          \Driver\volmgr \Device\HarddiskVolume4                                                                              84B741E8
Device          \Driver\netbt \Device\NetBt_Wins_Export                                                                              89294790
Device          \Driver\iScsiPrt \Device\RaidPort0                                                                                  866AC1E8
Device          \Driver\usbuhci \Device\USBFDO-0                                                                                    8661D530
Device          \Driver\usbuhci \Device\USBFDO-1                                                                                    8661D530
Device          \Driver\netbt \Device\NetBT_Tcpip_{AA6E897D-42F9-4B33-92E7-8FD5DBE9B426}                                            89294790
Device          \Driver\usbuhci \Device\USBFDO-2                                                                                    8661D530
Device          \Driver\usbuhci \Device\USBFDO-3                                                                                    8661D530
Device          \Driver\usbehci \Device\USBFDO-4                                                                                    8660F790
Device          \Driver\netbt \Device\NetBT_Tcpip_{2FF582BE-CF30-47B1-892B-CFCD9A4900A2}                                            89294790
Device          \Driver\a7bjv531 \Device\Scsi\a7bjv5311Port3Path0Target0Lun0                                                        866CE1E8
Device          \Driver\a7bjv531 \Device\Scsi\a7bjv5311                                                                              866CE1E8
Device          \FileSystem\fastfat \Fat                                                                                            89997528

AttachedDevice  \FileSystem\fastfat \Fat                                                                                            fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg            HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000b0d31c433                                         
Reg            HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00197ee85f30                                         
Reg            HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00197ee85f30@0016b812c00f                            0x05 0x53 0x03 0x2F ...
Reg            HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00197ee85f30@c8979f380a2f                            0xC6 0x2F 0xE1 0xEB ...
Reg            HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00197ee85f30@2c44014b6da1                            0x2B 0xD4 0x21 0xBB ...
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1                                                                  771343423
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2                                                                  285507792
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0                                                                  1
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4                                   
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                  C:\Program Files\DAEMON Tools\
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                  0
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                              0x56 0x4B 0x77 0x8E ...
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001                           
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                        0x20 0x01 0x00 0x00 ...
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                      0x6F 0x47 0x88 0xA4 ...
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40                     
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                0x6D 0x9F 0x1B 0xA1 ...
Reg            HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\000b0d31c433 (not active ControlSet)                     
Reg            HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00197ee85f30 (not active ControlSet)                     
Reg            HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00197ee85f30@0016b812c00f                                0x05 0x53 0x03 0x2F ...
Reg            HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00197ee85f30@c8979f380a2f                                0xC6 0x2F 0xE1 0xEB ...
Reg            HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00197ee85f30@2c44014b6da1                                0x2B 0xD4 0x21 0xBB ...
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)               
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                      C:\Program Files\DAEMON Tools\
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                      0
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                  0x56 0x4B 0x77 0x8E ...
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)       
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                            0x20 0x01 0x00 0x00 ...
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                          0x6F 0x47 0x88 0xA4 ...
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) 
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                    0x6D 0x9F 0x1B 0xA1 ...

---- Files - GMER 1.0.15 ----

File            C:\Users\Standart\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S6R3HI5P\version[1].xml      243 bytes
File            C:\Users\Standart\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S6R3HI5P\version[2].htm      2175 bytes

---- EOF - GMER 1.0.15 ----
nun das OSAM log:
Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 21:08:57 on 07.10.2012

OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit
Default Browser: Microsoft Corporation Internet Explorer 9.00.8112.16421

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"1-Klick-Wartung.job" - "TuneUp Software GmbH" - C:\Program Files\TuneUp Utilities 2009\OneClickStarter.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"DModem.cpl" - ? - C:\Windows\system32\DModem.cpl
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl
"iPROSet.cpl" - "Intel Corporation" - C:\Windows\system32\iPROSet.cpl
"ISUSPM.cpl" - "InstallShield Software Corporation" - C:\Windows\system32\ISUSPM.cpl
"PhysX.cpl" - ? - C:\Windows\system32\PhysX.cpl
"stacgui.cpl" - "SigmaTel, Inc." - C:\Windows\system32\stacgui.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"PROSet Tools" - "Intel Corporation" - C:\Windows\System32\iPROSet.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"a7bjv531" (a7bjv531) - "Microsoft Corporation" - C:\Windows\system32\drivers\a7bjv531.sys  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"acedrv10" (acedrv10) - "Protect Software GmbH" - C:\Windows\system32\drivers\acedrv10.sys
"acehlp10" (acehlp10) - "Protect Software GmbH" - C:\Windows\system32\drivers\acehlp10.sys
"atksgt" (atksgt) - ? - C:\Windows\System32\DRIVERS\atksgt.sys  (File found, but it contains no detailed information)
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"avkmgr" (avkmgr) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avkmgr.sys
"catchme" (catchme) - ? - C:\Users\WOLFGA~1.000\AppData\Local\Temp\catchme.sys  (File not found)
"inyafakj" (inyafakj) - ? - C:\Users\WOLFGA~1.000\AppData\Local\Temp\inyafakj.sys  (Hidden registry entry, rootkit activity | File not found)
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"lirsgt" (lirsgt) - ? - C:\Windows\System32\DRIVERS\lirsgt.sys  (File found, but it contains no detailed information)
"pwldypow" (pwldypow) - ? - C:\Users\WOLFGA~1.000\AppData\Local\Temp\pwldypow.sys  (Hidden registry entry, rootkit activity | File not found)
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\Windows\System32\Drivers\PxHelp20.sys
"SBRE" (SBRE) - ? - C:\Windows\system32\drivers\SBREdrv.sys  (File not found)
"sptd" (sptd) - "Duplex Secure Ltd." - C:\Windows\System32\Drivers\sptd.sys  (File is exclusively opened, access blocked)
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys
"StarOpen" (StarOpen) - ? - C:\Windows\system32\drivers\StarOpen.sys  (File found, but it contains no detailed information)

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807553E5-5146-11D5-A672-00B0D022E945} "text/xml" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
{3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -  (File not found | COM-object registry key not found)
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -  (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -  (File not found | COM-object registry key not found)
{DE902992-61FC-4A01-8091-53E1895C9775} "CDR Icon Handler" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellXP.dll
{7AD101F2-0B93-4D66-A1CA-DF73F3C4377B} "CDR preview provider" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellVista.dll
{7FA63AC0-F5BC-4F3B-A9CF-94328D812B62} "CDR Property Handler" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellVista.dll
{1462EBAA-96E7-4D93-9A66-0E4068DE4FCF} "CDR Thumbnail provider" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellXP.dll
{DE902994-61FC-4A01-8091-53E1895C9775} "CMX Icon Handler" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellXP.dll
{1462EBAC-96E7-4D93-9A66-0E4068DE4FCF} "CMX Thumbnail provider" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellXP.dll
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -  (File not found | COM-object registry key not found)
{DE902993-61FC-4A01-8091-53E1895C9775} "CPT Icon Handler" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellXP.dll
{7FA63AC1-F5BC-4F3B-A9CF-94328D812B62} "CPT Property Handler" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellVista.dll
{1462EBAB-96E7-4D93-9A66-0E4068DE4FCF} "CPT Thumbnail provider" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellXP.dll
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -  (File not found | COM-object registry key not found)
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -  (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\OFFICE11\msohev.dll
{00020d75-0000-0000-c000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\OFFICE11\MLSHEXT.DLL
{7842554E-6BED-11D2-8CDB-B05550C10000} "Monitor Class" - "Broadcom Corporation." - C:\Windows\system32\btncopy.dll
{0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\OFFICE11\OLKFSTUB.DLL
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -  (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -  (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{738D66C6-0149-4D40-84E4-A7BB2D0CE949} "Sony Ericsson Datei-Manager" - ? -  (File not found | COM-object registry key not found)
{4838CD50-7E5D-4811-9B17-C47A85539F28} "TuneUp Disk Space Explorer Shell Extension" - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2009\DseShExt-x86.dll
{4858E7D9-8E12-45a3-B6A3-1CD128C9D403} "TuneUp Shredder Shell Extension" - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2009\SDShelEx-win32.dll
{44440D00-FF19-4AFC-B765-9A0970567D97} "TuneUp Theme Extension" - "TuneUp Software" - C:\Windows\System32\uxtuneup.dll
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -  (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Program Files\WinRAR\rarext.dll  (File found, but it contains no detailed information)

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_26.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
{BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} "Zylom Games Player" - "Zylom Games" - C:\ProgramData\Zylom\ZylomGamesPlayer\zylomgamesplayer.dll / hxxp://game.zylom.com/activex/zylomgamesplayer.cab
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" - ? -  (File not found | COM-object registry key not found) / hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? -  (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"@btrez.dll,-4015" - ? - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Recherchieren" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Wolfgang.Joshua.000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"Password Safe.lnk" - "SourceForge.net" - C:\Program Files\Password Safe\pwsafe.exe  (Shortcut exists | File exists)
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Canon BJ Language Monitor MG5200 series" - "CANON INC." - C:\Windows\system32\CNMLMAE.DLL
"Canon BJNP Port" - "CANON INC." - C:\Windows\system32\CNMNPPM.DLL
"HP Master Monitor" - "Hewlett-Packard" - C:\Windows\system32\HPBMMON.DLL
"Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\Windows\system32\mdimon.dll
"Redirected Port" - ? - C:\Windows\system32\redmonnt.dll  (File found, but it contains no detailed information)

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@%SystemRoot%\System32\uxtuneup.dll,-4096" (UxTuneUp) - "TuneUp Software" - C:\Windows\System32\uxtuneup.dll
"@C:\Program Files\NOS\bin\getPlus_Helper.dll,-101" (getPlusHelper) - ? - C:\Program Files\NOS\bin\getPlus_Helper.dll  (File not found)
"@c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
"Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"Google Update Service (gupdate1c9912216cfd88b)" (gupdate1c9912216cfd88b) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
"Intel(R) PROSet/Wireless Event Log" (EvtEng) - "Intel Corporation" - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
"Intel(R) PROSet/Wireless Registry Service" (RegSrvc) - "Intel Corporation" - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"stllssvr" (stllssvr) - "MicroVision Development, Inc." - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
und das log-file von aswMBR:
Code:
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-07 21:10:21
-----------------------------
21:10:21.692    OS Version: Windows 6.0.6002 Service Pack 2
21:10:21.692    Number of processors: 2 586 0xF06
21:10:21.693    ComputerName: JOSHUA  UserName:
21:10:22.731    Initialize success
21:12:18.223    AVAST engine defs: 12100701
21:12:28.409    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
21:12:28.411    Disk 0 Vendor: SAMSUNG_HM120JI YF100-15 Size: 114473MB BusType: 3
21:12:28.726    Disk 0 MBR read successfully
21:12:28.729    Disk 0 MBR scan
21:12:28.750    Disk 0 Windows VISTA default MBR code
21:12:28.825    Disk 0 Partition 1 00    DE Dell Utility Dell 8.0      86 MB offset 63
21:12:29.002    Disk 0 Partition 2 00    07    HPFS/NTFS NTFS        10240 MB offset 178176
21:12:29.087    Disk 0 Partition 3 80 (A) 07    HPFS/NTFS NTFS      102097 MB offset 21149696
21:12:29.094    Disk 0 Partition - 00    0F Extended LBA              2048 MB offset 230244352
21:12:29.293    Disk 0 Partition 4 00    DD              MSDOS5.0    2047 MB offset 230246400
21:12:29.406    Disk 0 scanning sectors +234438656
21:12:29.993    Disk 0 scanning C:\Windows\system32\drivers
21:13:55.458    Service scanning
21:14:14.986    Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
21:14:21.968    Modules scanning
21:14:43.538    Disk 0 trace - called modules:
21:14:43.575    ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x84b761e8]<<
21:14:43.581    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85d51ac8]
21:14:43.587    3 CLASSPNP.SYS[8a9ab8b3] -> nt!IofCallDriver -> [0x85579898]
21:14:43.592    5 acpi.sys[807a16bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x8557b5e0]
21:14:43.598    \Driver\atapi[0x855b3890] -> IRP_MJ_CREATE -> 0x84b761e8
21:14:44.197    AVAST engine scan C:\Windows
21:14:49.699    AVAST engine scan C:\Windows\system32
21:20:41.870    AVAST engine scan C:\Windows\system32\drivers
21:22:25.659    AVAST engine scan C:\Users\Wolfgang.Joshua.000
21:25:37.896    AVAST engine scan C:\ProgramData
21:27:43.453    Scan finished successfully
21:28:23.983    Disk 0 MBR has been saved successfully to "C:\MBR.dat"
21:28:23.989    The log file has been saved successfully to "C:\aswMBR.txt"

cosinus 07.10.2012 20:50
Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Joshua1966 09.10.2012 17:57
Das ging ein bisschen länger, hier das Malwarebyte log:

Code:
Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.10.08.06

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Wolfgang :: JOSHUA [Administrator]

08.10.2012 18:11:55
mbam-log-2012-10-08 (20-07-13).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 449463
Laufzeit: 1 Stunde(n), 49 Minute(n), 49 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 3
C:\TDSSKiller_Quarantine\07.10.2012_08.22.01\tdlfs0000\tsk0003.dta (Rootkit.Agent) -> Keine Aktion durchgeführt.
C:\TDSSKiller_Quarantine\07.10.2012_08.22.01\tdlfs0000\tsk0007.dta (Rootkit.Agent) -> Keine Aktion durchgeführt.
C:\TDSSKiller_Quarantine\07.10.2012_08.22.01\tdlfs0000\tsk0008.dta (Rootkit.TDSS) -> Keine Aktion durchgeführt.

(Ende)
und das Superantispy log:

Code:
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 10/08/2012 at 11:15 PM

Application Version : 5.6.1008

Core Rules Database Version : 9359
Trace Rules Database Version: 7171

Scan type      : Complete Scan
Total Scan Time : 02:59:37

Operating System Information
Windows Vista Home Premium 32-bit, Service Pack 2 (Build 6.00.6002)
UAC Off - Administrator (Limited User)

Memory items scanned      : 626
Memory threats detected  : 0
Registry items scanned    : 40708
Registry threats detected : 0
File items scanned        : 164317
File threats detected    : 220

Adware.Tracking Cookie
        C:\Users\Standart\AppData\Roaming\Microsoft\Windows\Cookies\SI8YJBBY.txt [ /doubleclick.net ]
        C:\Users\Standart\AppData\Roaming\Microsoft\Windows\Cookies\39QCBKSG.txt [ /fastclick.net ]
        C:\Users\Standart\AppData\Roaming\Microsoft\Windows\Cookies\Y4WEY0GB.txt [ /adfarm1.adition.com ]
        C:\Users\Standart\AppData\Roaming\Microsoft\Windows\Cookies\P0Y82I7E.txt [ /apmebf.com ]
        C:\Users\Standart\AppData\Roaming\Microsoft\Windows\Cookies\WUYBRU67.txt [ /mediaplex.com ]
        C:\Users\Standart\AppData\Roaming\Microsoft\Windows\Cookies\HL28GLI7.txt [ /ad1.adfarm1.adition.com ]
        C:\USERS\STANDART\AppData\Roaming\Microsoft\Windows\Cookies\Low\220Y312T.txt [ Cookie:standart@doubleclick.net/ ]
        C:\USERS\STANDART\AppData\Roaming\Microsoft\Windows\Cookies\Low\Y6T30JT8.txt [ Cookie:standart@tracker.vinsight.de/ ]
        C:\USERS\STANDART\AppData\Roaming\Microsoft\Windows\Cookies\Low\PCSH2ZG7.txt [ Cookie:standart@casalemedia.com/ ]
        C:\USERS\STANDART\AppData\Roaming\Microsoft\Windows\Cookies\Low\22IQ97XP.txt [ Cookie:standart@adx2.chip.de/ ]
        C:\USERS\STANDART\AppData\Roaming\Microsoft\Windows\Cookies\Low\G7X11QCL.txt [ Cookie:standart@track.adform.net/ ]
        C:\USERS\STANDART\AppData\Roaming\Microsoft\Windows\Cookies\Low\I541WWZK.txt [ Cookie:standart@www.etracker.de/ ]
        C:\USERS\STANDART\AppData\Roaming\Microsoft\Windows\Cookies\Low\NRWU9XOR.txt [ Cookie:standart@www.zanox-affiliate.de/ ]
        C:\USERS\STANDART\AppData\Roaming\Microsoft\Windows\Cookies\Low\Y1IW9A35.txt [ Cookie:standart@fl01.ct2.comclick.com/ ]
        C:\USERS\STANDART\AppData\Roaming\Microsoft\Windows\Cookies\Low\GMLZUN3M.txt [ Cookie:standart@e2.emediate.se/ ]
        C:\USERS\STANDART\AppData\Roaming\Microsoft\Windows\Cookies\Low\E9QKL029.txt [ Cookie:standart@yieldmanager.net/ ]
        C:\USERS\STANDART\AppData\Roaming\Microsoft\Windows\Cookies\Low\QVUKI9MS.txt [ Cookie:standart@ad4.adfarm1.adition.com/ ]
        C:\USERS\STANDART\AppData\Roaming\Microsoft\Windows\Cookies\Low\HTFCG733.txt [ Cookie:standart@zanox.com/ ]
        C:\USERS\STANDART\AppData\Roaming\Microsoft\Windows\Cookies\Low\G0S4TXB5.txt [ Cookie:standart@imrworldwide.com/cgi-bin ]
        C:\USERS\STANDART\AppData\Roaming\Microsoft\Windows\Cookies\Low\T86WTET1.txt [ Cookie:standart@ru4.com/ ]
        C:\USERS\STANDART\AppData\Roaming\Microsoft\Windows\Cookies\Low\UGF8U4JG.txt [ Cookie:standart@tribalfusion.com/ ]
        C:\USERS\STANDART\AppData\Roaming\Microsoft\Windows\Cookies\Low\ME0KW673.txt [ Cookie:standart@rambler.ru/ ]
        C:\USERS\STANDART\AppData\Roaming\Microsoft\Windows\Cookies\Low\3OJRSAEK.txt [ Cookie:standart@tradedoubler.com/ ]
        C:\USERS\STANDART\AppData\Roaming\Microsoft\Windows\Cookies\Low\T4711FUY.txt [ Cookie:standart@serving-sys.com/ ]
        C:\USERS\STANDART\AppData\Roaming\Microsoft\Windows\Cookies\Low\5PCZ3UO5.txt [ Cookie:standart@atwola.com/ ]
        C:\USERS\STANDART\AppData\Roaming\Microsoft\Windows\Cookies\Low\01S5BS2U.txt [ Cookie:standart@fastclick.net/ ]
        C:\USERS\STANDART\AppData\Roaming\Microsoft\Windows\Cookies\Low\LJSPDMS9.txt [ Cookie:standart@ad.mlnadvertising.com/ ]
        C:\USERS\STANDART\AppData\Roaming\Microsoft\Windows\Cookies\Low\QWHER5KH.txt [ Cookie:standart@ad.yieldmanager.com/ ]
        C:\USERS\STANDART\AppData\Roaming\Microsoft\Windows\Cookies\Low\0KMGUB71.txt [ Cookie:standart@traffictrack.de/ ]
        C:\USERS\STANDART\AppData\Roaming\Microsoft\Windows\Cookies\Low\K2JJPUS1.txt [ Cookie:standart@im.banner.t-online.de/ ]
        C:\USERS\STANDART\AppData\Roaming\Microsoft\Windows\Cookies\Low\OUJBIWA9.txt [ Cookie:standart@ar.atwola.com/ ]
        C:\USERS\STANDART\AppData\Roaming\Microsoft\Windows\Cookies\Low\UU9P3I5F.txt [ Cookie:standart@bs.serving-sys.com/ ]
        C:\USERS\STANDART\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZSVJSLRA.txt [ Cookie:standart@adfarm1.adition.com/ ]
        C:\USERS\STANDART\AppData\Roaming\Microsoft\Windows\Cookies\Low\VBHK9K6N.txt [ Cookie:standart@atdmt.com/ ]
        C:\USERS\STANDART\AppData\Roaming\Microsoft\Windows\Cookies\Low\E4RNO1M2.txt [ Cookie:standart@adtech.de/ ]
        C:\USERS\STANDART\AppData\Roaming\Microsoft\Windows\Cookies\Low\YUGT752H.txt [ Cookie:standart@ad3.adfarm1.adition.com/ ]
        C:\USERS\STANDART\AppData\Roaming\Microsoft\Windows\Cookies\Low\L68RDC2E.txt [ Cookie:standart@tacoda.at.atwola.com/ ]
        C:\USERS\STANDART\AppData\Roaming\Microsoft\Windows\Cookies\Low\F44PJT4H.txt [ Cookie:standart@adxpose.com/ ]
        C:\USERS\STANDART\AppData\Roaming\Microsoft\Windows\Cookies\Low\88N3TOT9.txt [ Cookie:standart@zanox-affiliate.de/ ]
        C:\USERS\STANDART\AppData\Roaming\Microsoft\Windows\Cookies\Low\5FOMPYWV.txt [ Cookie:standart@eas.apm.emediate.eu/ ]
        C:\USERS\STANDART\AppData\Roaming\Microsoft\Windows\Cookies\Low\XNX0LYTR.txt [ Cookie:standart@collective-media.net/ ]
        C:\USERS\STANDART\AppData\Roaming\Microsoft\Windows\Cookies\Low\93GHYNT6.txt [ Cookie:standart@imedia.cz/ ]
        C:\USERS\STANDART\AppData\Roaming\Microsoft\Windows\Cookies\Low\69PR9NTO.txt [ Cookie:standart@adbrite.com/ ]
        C:\USERS\STANDART\AppData\Roaming\Microsoft\Windows\Cookies\Low\0CSR5V6P.txt [ Cookie:standart@revsci.net/ ]
        C:\USERS\STANDART\AppData\Roaming\Microsoft\Windows\Cookies\Low\KM6V1KSV.txt [ Cookie:standart@adserver.psinternet.de/ ]
        C:\USERS\STANDART\AppData\Roaming\Microsoft\Windows\Cookies\Low\EHK4HE25.txt [ Cookie:standart@ad.adnet.de/ ]
        C:\USERS\STANDART\AppData\Roaming\Microsoft\Windows\Cookies\Low\MJTDQSDI.txt [ Cookie:standart@ww251.smartadserver.com/ ]
        C:\USERS\STANDART\AppData\Roaming\Microsoft\Windows\Cookies\Low\0TGGD3O2.txt [ Cookie:standart@adx.chip.de/ ]
        C:\USERS\STANDART\AppData\Roaming\Microsoft\Windows\Cookies\Low\0G6FIB2P.txt [ Cookie:standart@ad2.adfarm1.adition.com/ ]
        C:\USERS\STANDART\AppData\Roaming\Microsoft\Windows\Cookies\Low\RGH7PLSH.txt [ Cookie:standart@mediaplex.com/ ]
        C:\USERS\STANDART\AppData\Roaming\Microsoft\Windows\Cookies\Low\B9BHKKBC.txt [ Cookie:standart@2o7.net/ ]
        C:\USERS\STANDART\AppData\Roaming\Microsoft\Windows\Cookies\Low\CD0SHKUM.txt [ Cookie:standart@webmasterplan.com/ ]
        C:\USERS\STANDART\AppData\Roaming\Microsoft\Windows\Cookies\Low\TGCLQCOK.txt [ Cookie:standart@ad.dyntracker.de/ ]
        C:\USERS\STANDART\AppData\Roaming\Microsoft\Windows\Cookies\Low\C0YSGXC8.txt [ Cookie:standart@ad.zanox.com/ ]
        C:\USERS\STANDART\AppData\Roaming\Microsoft\Windows\Cookies\Low\GEOQWHE0.txt [ Cookie:standart@teufel-media.de/ ]
        C:\USERS\STANDART\AppData\Roaming\Microsoft\Windows\Cookies\Low\LKBQPTM5.txt [ Cookie:standart@ad1.adfarm1.adition.com/ ]
        C:\USERS\STANDART\AppData\Roaming\Microsoft\Windows\Cookies\Low\PJM86I24.txt [ Cookie:standart@eliteprospects.com/ ]
        C:\USERS\STANDART\Cookies\SI8YJBBY.txt [ Cookie:standart@doubleclick.net/ ]
        C:\USERS\STANDART\Cookies\39QCBKSG.txt [ Cookie:standart@fastclick.net/ ]
        C:\USERS\STANDART\Cookies\Y4WEY0GB.txt [ Cookie:standart@adfarm1.adition.com/ ]
        C:\USERS\STANDART\Cookies\WUYBRU67.txt [ Cookie:standart@mediaplex.com/ ]
        C:\USERS\STANDART\Cookies\HL28GLI7.txt [ Cookie:standart@ad1.adfarm1.adition.com/ ]
        C:\USERS\WOLFGANG\AppData\Roaming\Microsoft\Windows\Cookies\wolfgang@flixbanner.bearshare[1].txt [ Cookie:wolfgang@flixbanner.bearshare.com/ ]
        C:\USERS\WOLFGANG\AppData\Roaming\Microsoft\Windows\Cookies\wolfgang@questionmarket[1].txt [ Cookie:wolfgang@questionmarket.com/ ]
        C:\USERS\WOLFGANG\AppData\Roaming\Microsoft\Windows\Cookies\wolfgang@ad.zanox[1].txt [ Cookie:wolfgang@ad.zanox.com/ ]
        C:\USERS\WOLFGANG\AppData\Roaming\Microsoft\Windows\Cookies\wolfgang@atwola[1].txt [ Cookie:wolfgang@atwola.com/ ]
        C:\USERS\WOLFGANG\AppData\Roaming\Microsoft\Windows\Cookies\wolfgang@adx.chip[1].txt [ Cookie:wolfgang@adx.chip.de/ ]
        C:\USERS\WOLFGANG\AppData\Roaming\Microsoft\Windows\Cookies\wolfgang@guj.122.2o7[1].txt [ Cookie:wolfgang@guj.122.2o7.net/ ]
        C:\USERS\WOLFGANG\AppData\Roaming\Microsoft\Windows\Cookies\wolfgang@as1.falkag[1].txt [ Cookie:wolfgang@as1.falkag.de/ ]
        C:\USERS\WOLFGANG\AppData\Roaming\Microsoft\Windows\Cookies\Low\wolfgang@serving-sys[2].txt [ Cookie:wolfgang@serving-sys.com/ ]
        C:\USERS\WOLFGANG\AppData\Roaming\Microsoft\Windows\Cookies\Low\wolfgang@divx.adbureau[2].txt [ Cookie:wolfgang@divx.adbureau.net/ ]
        C:\USERS\WOLFGANG\AppData\Roaming\Microsoft\Windows\Cookies\Low\wolfgang@statse.webtrendslive[2].txt [ Cookie:wolfgang@statse.webtrendslive.com/ ]
        C:\USERS\WOLFGANG\AppData\Roaming\Microsoft\Windows\Cookies\Low\wolfgang@adopt.euroclick[2].txt [ Cookie:wolfgang@adopt.euroclick.com/ ]
        C:\USERS\WOLFGANG\AppData\Roaming\Microsoft\Windows\Cookies\Low\wolfgang@www.etracker[1].txt [ Cookie:wolfgang@www.etracker.de/ ]
        C:\USERS\WOLFGANG\AppData\Roaming\Microsoft\Windows\Cookies\Low\wolfgang@euros4click[1].txt [ Cookie:wolfgang@euros4click.de/ ]
        C:\USERS\WOLFGANG\AppData\Roaming\Microsoft\Windows\Cookies\Low\wolfgang@ad.zanox[2].txt [ Cookie:wolfgang@ad.zanox.com/ ]
        C:\USERS\WOLFGANG\AppData\Roaming\Microsoft\Windows\Cookies\Low\wolfgang@zanox[1].txt [ Cookie:wolfgang@zanox.com/ ]
        C:\USERS\WOLFGANG\AppData\Roaming\Microsoft\Windows\Cookies\Low\wolfgang@ehg-idg.hitbox[1].txt [ Cookie:wolfgang@ehg-idg.hitbox.com/ ]
        C:\USERS\WOLFGANG\AppData\Roaming\Microsoft\Windows\Cookies\Low\wolfgang@partners.webmasterplan[2].txt [ Cookie:wolfgang@partners.webmasterplan.com/ ]
        C:\USERS\WOLFGANG\AppData\Roaming\Microsoft\Windows\Cookies\Low\wolfgang@tradedoubler[1].txt [ Cookie:wolfgang@tradedoubler.com/ ]
        C:\USERS\WOLFGANG\AppData\Roaming\Microsoft\Windows\Cookies\Low\wolfgang@mediavantage[1].txt [ Cookie:wolfgang@mediavantage.de/ ]
        C:\USERS\WOLFGANG\AppData\Roaming\Microsoft\Windows\Cookies\Low\wolfgang@eas.apm.emediate[2].txt [ Cookie:wolfgang@eas.apm.emediate.eu/ ]
        C:\USERS\WOLFGANG\AppData\Roaming\Microsoft\Windows\Cookies\Low\wolfgang@imrworldwide[2].txt [ Cookie:wolfgang@imrworldwide.com/cgi-bin ]
        C:\USERS\WOLFGANG\AppData\Roaming\Microsoft\Windows\Cookies\Low\wolfgang@ad.yieldmanager[1].txt [ Cookie:wolfgang@ad.yieldmanager.com/ ]
        C:\USERS\WOLFGANG\AppData\Roaming\Microsoft\Windows\Cookies\Low\wolfgang@divx.112.2o7[1].txt [ Cookie:wolfgang@divx.112.2o7.net/ ]
        C:\USERS\WOLFGANG\AppData\Roaming\Microsoft\Windows\Cookies\Low\wolfgang@indextools[1].txt [ Cookie:wolfgang@indextools.com/ ]
        C:\USERS\WOLFGANG\AppData\Roaming\Microsoft\Windows\Cookies\Low\wolfgang@as1.falkag[1].txt [ Cookie:wolfgang@as1.falkag.de/ ]
        C:\USERS\WOLFGANG\AppData\Roaming\Microsoft\Windows\Cookies\Low\wolfgang@komtrack[2].txt [ Cookie:wolfgang@komtrack.com/ ]
        C:\USERS\WOLFGANG\AppData\Roaming\Microsoft\Windows\Cookies\Low\wolfgang@adtech[2].txt [ Cookie:wolfgang@adtech.de/ ]
        C:\USERS\WOLFGANG\AppData\Roaming\Microsoft\Windows\Cookies\Low\wolfgang@pro-market[2].txt [ Cookie:wolfgang@pro-market.net/ ]
        C:\USERS\WOLFGANG\Cookies\wolfgang@flixbanner.bearshare[1].txt [ Cookie:wolfgang@flixbanner.bearshare.com/ ]
        C:\USERS\WOLFGANG\Cookies\wolfgang@questionmarket[1].txt [ Cookie:wolfgang@questionmarket.com/ ]
        C:\USERS\WOLFGANG\Cookies\wolfgang@ad.zanox[1].txt [ Cookie:wolfgang@ad.zanox.com/ ]
        C:\USERS\WOLFGANG\Cookies\wolfgang@atwola[1].txt [ Cookie:wolfgang@atwola.com/ ]
        C:\USERS\WOLFGANG\Cookies\wolfgang@adx.chip[1].txt [ Cookie:wolfgang@adx.chip.de/ ]
        C:\USERS\WOLFGANG\Cookies\wolfgang@guj.122.2o7[1].txt [ Cookie:wolfgang@guj.122.2o7.net/ ]
        C:\USERS\WOLFGANG\Cookies\wolfgang@as1.falkag[1].txt [ Cookie:wolfgang@as1.falkag.de/ ]
        C:\USERS\WOLFGANG.JOSHUA\AppData\Roaming\Microsoft\Windows\Cookies\Low\wolfgang@www.active-tracking[1].txt [ Cookie:wolfgang@www.active-tracking.de/ ]
        C:\USERS\WOLFGANG.JOSHUA\AppData\Roaming\Microsoft\Windows\Cookies\Low\wolfgang@ad.yieldmanager[2].txt [ Cookie:wolfgang@ad.yieldmanager.com/ ]
        C:\USERS\WOLFGANG.JOSHUA.000\AppData\Roaming\Microsoft\Windows\Cookies\7EJ2XW9F.txt [ Cookie:wolfgang@ad2.adfarm1.adition.com/ ]
        C:\USERS\WOLFGANG.JOSHUA.000\AppData\Roaming\Microsoft\Windows\Cookies\HV7UNY31.txt [ Cookie:wolfgang@adfarm1.adition.com/ ]
        C:\USERS\WOLFGANG.JOSHUA.000\AppData\Roaming\Microsoft\Windows\Cookies\Low\I2VYQLD4.txt [ Cookie:wolfgang@ad2.adfarm1.adition.com/ ]
        C:\USERS\WOLFGANG.JOSHUA.000\AppData\Roaming\Microsoft\Windows\Cookies\Low\wolfgang@2o7[1].txt [ Cookie:wolfgang@2o7.net/ ]
        C:\USERS\WOLFGANG.JOSHUA.000\AppData\Roaming\Microsoft\Windows\Cookies\Low\2HS1A2GC.txt [ Cookie:wolfgang@adfarm1.adition.com/ ]
        C:\USERS\WOLFGANG.JOSHUA.000\AppData\Roaming\Microsoft\Windows\Cookies\Low\wolfgang@atdmt[2].txt [ Cookie:wolfgang@atdmt.com/ ]
        C:\USERS\WOLFGANG.JOSHUA.000\AppData\Roaming\Microsoft\Windows\Cookies\Low\wolfgang@ad.adnet[1].txt [ Cookie:wolfgang@ad.adnet.de/ ]
        C:\USERS\WOLFGANG.JOSHUA.000\AppData\Roaming\Microsoft\Windows\Cookies\Low\13FSD5NH.txt [ Cookie:wolfgang@zanox.com/ ]
        C:\USERS\WOLFGANG.JOSHUA.000\AppData\Roaming\Microsoft\Windows\Cookies\Low\wolfgang@smartadserver[2].txt [ Cookie:wolfgang@smartadserver.com/ ]
        C:\USERS\WOLFGANG.JOSHUA.000\AppData\Roaming\Microsoft\Windows\Cookies\Low\wolfgang@tracking.quisma[1].txt [ Cookie:wolfgang@tracking.quisma.com/ ]
        C:\USERS\WOLFGANG.JOSHUA.000\AppData\Roaming\Microsoft\Windows\Cookies\Low\wolfgang@tradedoubler[1].txt [ Cookie:wolfgang@tradedoubler.com/ ]
        C:\USERS\WOLFGANG.JOSHUA.000\AppData\Roaming\Microsoft\Windows\Cookies\Low\wolfgang@ww251.smartadserver[1].txt [ Cookie:wolfgang@ww251.smartadserver.com/ ]
        C:\USERS\WOLFGANG.JOSHUA.000\AppData\Roaming\Microsoft\Windows\Cookies\Low\IYVOKCZ6.txt [ Cookie:wolfgang@tracking.mlsat02.de/tmobile/ ]
        C:\USERS\WOLFGANG.JOSHUA.000\AppData\Roaming\Microsoft\Windows\Cookies\Low\EPT11BSA.txt [ Cookie:wolfgang@webmasterplan.com/ ]
        C:\USERS\WOLFGANG.JOSHUA.000\Cookies\7EJ2XW9F.txt [ Cookie:wolfgang@ad2.adfarm1.adition.com/ ]
        C:\USERS\WOLFGANG.JOSHUA.000\Cookies\HV7UNY31.txt [ Cookie:wolfgang@adfarm1.adition.com/ ]
        cdn1.static.youporn.phncdn.com [ C:\USERS\STANDART\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\TSJ38KNE ]
        core.saymedia.com [ C:\USERS\STANDART\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\TSJ38KNE ]
        s0.2mdn.net [ C:\USERS\STANDART\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\TSJ38KNE ]
        C:\USERS\WOLFGANG\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\WOLFGANG@AD.ANW[2].TXT [ /AD.ANW ]
        C:\USERS\WOLFGANG\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\WOLFGANG@BS.SERVING-SYS[1].TXT [ /BS.SERVING-SYS ]
        C:\USERS\WOLFGANG\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\WOLFGANG@IM.BANNER.T-ONLINE[1].TXT [ /IM.BANNER.T-ONLINE ]
        C:\USERS\WOLFGANG\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\WOLFGANG@HMT.CONNEXPROMOTIONS[2].TXT [ /HMT.CONNEXPROMOTIONS ]
        C:\USERS\WOLFGANG\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\WOLFGANG@DOUBLECLICK[2].TXT [ /DOUBLECLICK ]
        C:\USERS\WOLFGANG\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\WOLFGANG@AD.UK.TANGOZEBRA[1].TXT [ /AD.UK.TANGOZEBRA ]
        C:\USERS\WOLFGANG\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\WOLFGANG@CONTENT.YIELDMANAGER[2].TXT [ /CONTENT.YIELDMANAGER ]
        C:\USERS\WOLFGANG\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\WOLFGANG@CONTENT.YIELDMANAGER[3].TXT [ /CONTENT.YIELDMANAGER ]
        C:\USERS\WOLFGANG\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\WOLFGANG@WWW.ZANOX-AFFILIATE[1].TXT [ /WWW.ZANOX-AFFILIATE ]
        C:\USERS\WOLFGANG\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\WOLFGANG@PERF.OVERTURE[1].TXT [ /PERF.OVERTURE ]
        C:\USERS\WOLFGANG\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\WOLFGANG@ADSERVER.71I[1].TXT [ /ADSERVER.71I ]
        C:\USERS\WOLFGANG\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\WOLFGANG@AD.71I[1].TXT [ /AD.71I ]
        C:\USERS\WOLFGANG\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\WOLFGANG@DOUBLECLICK[2].TXT [ /DOUBLECLICK ]
        C:\USERS\WOLFGANG.JOSHUA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\WOLFGANG@INVITEMEDIA[1].TXT [ /INVITEMEDIA ]
        C:\USERS\WOLFGANG.JOSHUA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\WOLFGANG@DOUBLECLICK[1].TXT [ /DOUBLECLICK ]
        statse.webtrendslive.com [ C:\USERS\WOLFGANG.JOSHUA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5LWW4YSG.DEFAULT\COOKIES.SQLITE ]
        bridge1.admarketplace.net [ C:\USERS\WOLFGANG.JOSHUA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5LWW4YSG.DEFAULT\COOKIES.SQLITE ]
        .admarketplace.net [ C:\USERS\WOLFGANG.JOSHUA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5LWW4YSG.DEFAULT\COOKIES.SQLITE ]
        .doubleclick.net [ C:\USERS\WOLFGANG.JOSHUA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5LWW4YSG.DEFAULT\COOKIES.SQLITE ]
        findmyhood.com [ C:\USERS\WOLFGANG.JOSHUA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5LWW4YSG.DEFAULT\COOKIES.SQLITE ]
        .advertise.com [ C:\USERS\WOLFGANG.JOSHUA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5LWW4YSG.DEFAULT\COOKIES.SQLITE ]
        .ads.quartermedia.de [ C:\USERS\WOLFGANG.JOSHUA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5LWW4YSG.DEFAULT\COOKIES.SQLITE ]
        .ads.quartermedia.de [ C:\USERS\WOLFGANG.JOSHUA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5LWW4YSG.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\WOLFGANG.JOSHUA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5LWW4YSG.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\WOLFGANG.JOSHUA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5LWW4YSG.DEFAULT\COOKIES.SQLITE ]
        .ads.quartermedia.de [ C:\USERS\WOLFGANG.JOSHUA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5LWW4YSG.DEFAULT\COOKIES.SQLITE ]
        www.usenext.de [ C:\USERS\WOLFGANG.JOSHUA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5LWW4YSG.DEFAULT\COOKIES.SQLITE ]
        www.usenext.de [ C:\USERS\WOLFGANG.JOSHUA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5LWW4YSG.DEFAULT\COOKIES.SQLITE ]
        .apmebf.com [ C:\USERS\WOLFGANG.JOSHUA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5LWW4YSG.DEFAULT\COOKIES.SQLITE ]
        .apmebf.com [ C:\USERS\WOLFGANG.JOSHUA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5LWW4YSG.DEFAULT\COOKIES.SQLITE ]
        go.dynamic-tracking.de [ C:\USERS\WOLFGANG.JOSHUA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5LWW4YSG.DEFAULT\COOKIES.SQLITE ]
        .usenext.de [ C:\USERS\WOLFGANG.JOSHUA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5LWW4YSG.DEFAULT\COOKIES.SQLITE ]
        .vinvest.122.2o7.net [ C:\USERS\WOLFGANG.JOSHUA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5LWW4YSG.DEFAULT\COOKIES.SQLITE ]
        ad.zanox.com [ C:\USERS\WOLFGANG.JOSHUA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5LWW4YSG.DEFAULT\COOKIES.SQLITE ]
        .tracking.3gnet.de [ C:\USERS\WOLFGANG.JOSHUA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5LWW4YSG.DEFAULT\COOKIES.SQLITE ]
        .traffictrack.de [ C:\USERS\WOLFGANG.JOSHUA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5LWW4YSG.DEFAULT\COOKIES.SQLITE ]
        .traffictrack.de [ C:\USERS\WOLFGANG.JOSHUA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5LWW4YSG.DEFAULT\COOKIES.SQLITE ]
        .www.traffictrack.de [ C:\USERS\WOLFGANG.JOSHUA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5LWW4YSG.DEFAULT\COOKIES.SQLITE ]
        .kaspersky.122.2o7.net [ C:\USERS\WOLFGANG.JOSHUA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5LWW4YSG.DEFAULT\COOKIES.SQLITE ]
        n-traffic.com [ C:\USERS\WOLFGANG.JOSHUA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5LWW4YSG.DEFAULT\COOKIES.SQLITE ]
        .yadro.ru [ C:\USERS\WOLFGANG.JOSHUA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5LWW4YSG.DEFAULT\COOKIES.SQLITE ]
        adx.chip.de [ C:\USERS\WOLFGANG.JOSHUA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5LWW4YSG.DEFAULT\COOKIES.SQLITE ]
        .mediaplex.com [ C:\USERS\WOLFGANG.JOSHUA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5LWW4YSG.DEFAULT\COOKIES.SQLITE ]
        .bs.serving-sys.com [ C:\USERS\WOLFGANG.JOSHUA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5LWW4YSG.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\WOLFGANG.JOSHUA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5LWW4YSG.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\WOLFGANG.JOSHUA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5LWW4YSG.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\WOLFGANG.JOSHUA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5LWW4YSG.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\WOLFGANG.JOSHUA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5LWW4YSG.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\WOLFGANG.JOSHUA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5LWW4YSG.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\WOLFGANG.JOSHUA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5LWW4YSG.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\WOLFGANG.JOSHUA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5LWW4YSG.DEFAULT\COOKIES.SQLITE ]
        ad.zanox.com [ C:\USERS\WOLFGANG.JOSHUA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5LWW4YSG.DEFAULT\COOKIES.SQLITE ]
        .tradedoubler.com [ C:\USERS\WOLFGANG.JOSHUA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5LWW4YSG.DEFAULT\COOKIES.SQLITE ]
        .tradedoubler.com [ C:\USERS\WOLFGANG.JOSHUA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5LWW4YSG.DEFAULT\COOKIES.SQLITE ]
        .tradedoubler.com [ C:\USERS\WOLFGANG.JOSHUA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5LWW4YSG.DEFAULT\COOKIES.SQLITE ]
        .tracking.quisma.com [ C:\USERS\WOLFGANG.JOSHUA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5LWW4YSG.DEFAULT\COOKIES.SQLITE ]
        .traffictrack.de [ C:\USERS\WOLFGANG.JOSHUA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5LWW4YSG.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\WOLFGANG.JOSHUA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5LWW4YSG.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\WOLFGANG.JOSHUA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5LWW4YSG.DEFAULT\COOKIES.SQLITE ]
        ad4.adfarm1.adition.com [ C:\USERS\WOLFGANG.JOSHUA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5LWW4YSG.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\WOLFGANG.JOSHUA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5LWW4YSG.DEFAULT\COOKIES.SQLITE ]
        ad2.adfarm1.adition.com [ C:\USERS\WOLFGANG.JOSHUA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5LWW4YSG.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\WOLFGANG.JOSHUA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5LWW4YSG.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\WOLFGANG.JOSHUA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5LWW4YSG.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\WOLFGANG.JOSHUA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5LWW4YSG.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\WOLFGANG.JOSHUA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5LWW4YSG.DEFAULT\COOKIES.SQLITE ]
        www.zanox-affiliate.de [ C:\USERS\WOLFGANG.JOSHUA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5LWW4YSG.DEFAULT\COOKIES.SQLITE ]
        .zanox-affiliate.de [ C:\USERS\WOLFGANG.JOSHUA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5LWW4YSG.DEFAULT\COOKIES.SQLITE ]
        de.sitestat.com [ C:\USERS\WOLFGANG.JOSHUA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5LWW4YSG.DEFAULT\COOKIES.SQLITE ]
        de.sitestat.com [ C:\USERS\WOLFGANG.JOSHUA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5LWW4YSG.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\WOLFGANG.JOSHUA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5LWW4YSG.DEFAULT\COOKIES.SQLITE ]
        .zanox.com [ C:\USERS\WOLFGANG.JOSHUA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5LWW4YSG.DEFAULT\COOKIES.SQLITE ]
        .traffictrack.de [ C:\USERS\WOLFGANG.JOSHUA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5LWW4YSG.DEFAULT\COOKIES.SQLITE ]
        .ads.quartermedia.de [ C:\USERS\WOLFGANG.JOSHUA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5LWW4YSG.DEFAULT\COOKIES.SQLITE ]
        .ad.adnet.de [ C:\USERS\WOLFGANG.JOSHUA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5LWW4YSG.DEFAULT\COOKIES.SQLITE ]
        .ad.adnet.de [ C:\USERS\WOLFGANG.JOSHUA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5LWW4YSG.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\WOLFGANG.JOSHUA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5LWW4YSG.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\WOLFGANG.JOSHUA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5LWW4YSG.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\WOLFGANG.JOSHUA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5LWW4YSG.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\WOLFGANG.JOSHUA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5LWW4YSG.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\WOLFGANG.JOSHUA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5LWW4YSG.DEFAULT\COOKIES.SQLITE ]
        www.etracker.de [ C:\USERS\WOLFGANG.JOSHUA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5LWW4YSG.DEFAULT\COOKIES.SQLITE ]
        www.etracker.de [ C:\USERS\WOLFGANG.JOSHUA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5LWW4YSG.DEFAULT\COOKIES.SQLITE ]
        .bizzclick.com [ C:\USERS\WOLFGANG.JOSHUA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5LWW4YSG.DEFAULT\COOKIES.SQLITE ]
        .rambler.ru [ C:\USERS\WOLFGANG.JOSHUA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5LWW4YSG.DEFAULT\COOKIES.SQLITE ]
        C:\USERS\WOLFGANG.JOSHUA.000\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\WOLFGANG@AD4.ADFARM1.ADITION[1].TXT [ /AD4.ADFARM1.ADITION ]
        C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SYSTEM@APMEBF[1].TXT [ /APMEBF ]
        C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SYSTEM@DOUBLECLICK[2].TXT [ /DOUBLECLICK ]
        C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SYSTEM@ATDMT[1].TXT [ /ATDMT ]
        C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SYSTEM@ADTECH[1].TXT [ /ADTECH ]
        C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SYSTEM@APMEBF[2].TXT [ /APMEBF ]
        C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SYSTEM@VIDEOEGG.ADBUREAU[2].TXT [ /VIDEOEGG.ADBUREAU ]
        C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SYSTEM@MEDIA6DEGREES[2].TXT [ /MEDIA6DEGREES ]
        C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SYSTEM@AD.ZANOX[1].TXT [ /AD.ZANOX ]
        C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SYSTEM@AD.YIELDMANAGER[2].TXT [ /AD.YIELDMANAGER ]
        C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SYSTEM@AD.YIELDMANAGER[1].TXT [ /AD.YIELDMANAGER ]
        C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SYSTEM@CONTENT.YIELDMANAGER[1].TXT [ /CONTENT.YIELDMANAGER ]
        C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SYSTEM@CONTENT.YIELDMANAGER[2].TXT [ /CONTENT.YIELDMANAGER ]
        C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SYSTEM@FASTCLICK[2].TXT [ /FASTCLICK ]
        C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SYSTEM@ZANOX[1].TXT [ /ZANOX ]
        C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SYSTEM@BIZZCLICK[1].TXT [ /BIZZCLICK ]

Trojan.Agent/Gen-RogueAV
        C:\PROGRAM FILES\AGEIA TECHNOLOGIES\V2.4.1\NXCOOKING.DLL
Leider hab ich beim superantispy versehentlich auf löschen gedrückt, aber ich hoffe da ist nix schief gegangen. :aufsmaul:
Kann es denn sein das mein I-Explorer zerschossen ist und ich den neu installieren muss ? Der tut immer noch nicht so wie er soll.

LG

Wolfgang

cosinus 09.10.2012 19:06
Nur Cookies, wahrscheinlich ein Fehlalarm und isolierte Elemente in der Q vom TDSS-Killer wurden gefunden

Zitat:
Kann es denn sein das mein I-Explorer zerschossen ist und ich den neu installieren muss ? Der tut immer noch nicht so wie er soll.
Was genau passiert da nicht? Startet er nicht, lädt er nicht?

Joshua1966 09.10.2012 19:58
Hat sich erledigt, ich hab auf die Version 7 downgegradet und jetzt klappt alles. Nun muss ich nur noch wieder updaten und dann sollte alles laufen. Vermute die Version 9 hat einen Schuss bekommen...

Mein System ist nun wohl sauber ?

:dankeschoen:

Tolle Arbeit !

LG
Wolfgang

cosinus 09.10.2012 20:19
IE7 ist keine Option! Das Teil ist zu alt! Installiere den IE9 wieder und schau ob sich dadurch der IE wieder glattgezogen hat

Joshua1966 10.10.2012 06:37
Ist schon klar, bin auch - voerst übergangsweise- umgestiegen auf Chrome bzw. Firefox.

cosinus 10.10.2012 12:38
Auch wenn du einen anderen Browser verwendest muss der IE so aktuell wie möglich sein!
Der IE ist einfach zu tief im Betriebssystem drin, daher ist ein uralter IE7 keine Option!

Joshua1966 10.10.2012 19:05
Alles erledigt ! Internet Explorer 9 erfolgreich installiert...

cosinus 11.10.2012 11:42
Und der funzt jetzt auch? :D


Alle Zeitangaben in WEZ +1. Es ist jetzt 07:22 Uhr.
Seite 2 von 3 1 2 3
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58