Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Privacy Protection mit rkill und tdsskiller behandelt. Alles sauber?

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 07.11.2011, 17:49   #1
hi-5
 
Privacy Protection mit rkill und tdsskiller behandelt. Alles sauber? - Pfeil

Privacy Protection mit rkill und tdsskiller behandelt. Alles sauber?



Liebe Leute

Ich habe mir gestern den Privacy Protection Virus eingefangen.
Ich habe dann gegoogelt wie ich den wegkriege und bin auf eure Anleitung gestossen. Habe also folgende Schritte unternommen:
1. Windows im abgesicherten Modus mit Netzwerktreibern gestartet.
2. rkill laufen lassen
3. mit Malwarebytes 4 infizierte Dateien entfernt
4. Root Kit Scan mit tdssrkiller durchgeführt (nichts gefunden)
5. OTL downgeloadet und Logfile erstellt

Nun, da ich wenig Ahnung von Computern habe, wäre ich unheimlich dankbar, wenn mir jemand die angehängten Logfiles auswerten könnte?

Herzlichen Dank schon im Voraus.


OTL Log File (war zu gross für Anhang):

OTL logfile created on: 07.11.2011 10:28:46 - Run 1
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy

1.93 Gb Total Physical Memory | 1.27 Gb Available Physical Memory | 65.74% Memory free
4.10 Gb Paging File | 3.63 Gb Available in Paging File | 88.55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 69.64 Gb Free Space | 29.90% Space Free | Partition Type: NTFS
Drive D: | 538.34 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive I: | 7.47 Gb Total Space | 4.94 Gb Free Space | 66.06% Space Free | Partition Type: FAT32

Computer Name: ***** | User Name: ******* | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Raffaele\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Programme\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
PRC - C:\Programme\Lavasoft\Ad-Aware\AAWWSC.exe ()
PRC - C:\Windows\explorer.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\Programme\Lavasoft\Ad-Aware\ShellExt.dll ()
MOD - C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()


========== Win32 Services (SafeList) ==========

SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SmcService) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (Symantec Corporation)
SRV - (SNAC) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE (Symantec Corporation)
SRV - (ccSetMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (Symantec AntiVirus) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (PMBDeviceInfoProvider) -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)
SRV - (LiveUpdate) -- C:\Programme\Symantec\LiveUpdate\LuComServer_3_3.EXE (Symantec Corporation)
SRV - (avg9emc) -- C:\Program Files\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)
SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
SRV - (CVPND) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (Lotus Notes Diagnostics) -- C:\Program Files\IBM\Lotus\Notes\nsd.exe (IBM Corp)
SRV - (CrossLoopService) -- C:\Users\Raffaele\AppData\Local\CrossLoop\CrossLoopService.exe (CrossLoop Inc)
SRV - (uvnc_service) -- C:\Users\Raffaele\AppData\Local\CrossLoop\winvnc.exe (UltraVNC)
SRV - (Multi-user Cleanup Service) -- C:\Program Files\IBM\Lotus\Notes\ntmulti.exe (IBM Corp)
SRV - (UNS) Intel(R) -- C:\Programme\Common Files\Intel\Privacy Icon\UNS\UNS.EXE (Intel Corporation)
SRV - (LMS) Intel(R) -- C:\Programme\Intel\AMT\LMS.EXE (Intel Corporation)
SRV - (AEADIFilters) -- C:\Windows\System32\AEADISRV.EXE (Andrea Electronics Corporation)
SRV - (RoxMediaDB10) -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe (Sonic Solutions)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)


========== Driver Services (SafeList) ==========

DRV - (AvgMfx86) -- C:\Windows\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (NAVEX15) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20111105.009\NAVEX15.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Programme\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20111105.009\NAVENG.SYS (Symantec Corporation)
DRV - (Netaapl) -- C:\Windows\System32\drivers\netaapl.sys (Apple Inc.)
DRV - (AvgTdiX) -- C:\Windows\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (SRTSPL) -- C:\Windows\System32\drivers\srtspl.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\System32\drivers\srtsp.sys (Symantec Corporation)
DRV - (SRTSPX) -- C:\Windows\System32\drivers\srtspx.sys (Symantec Corporation)
DRV - (SPBBCDrv) -- C:\Programme\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (SYMTDI) -- C:\Windows\System32\Drivers\SYMTDI.SYS (Symantec Corporation)
DRV - (SYMREDRV) -- C:\Windows\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)
DRV - (Uim_IM) -- C:\Windows\System32\drivers\Uim_IM.sys (Paragon)
DRV - (hotcore3) -- C:\Windows\system32\DRIVERS\hotcore3.sys (Paragon Software Group)
DRV - (UimBus) -- C:\Windows\System32\drivers\UimBus.sys (Windows (R) 2000 DDK provider)
DRV - (AvgLdx86) -- C:\Windows\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (NPF) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies, Inc.)
DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (ATSwpWDF) -- C:\Windows\System32\drivers\ATSwpWDF.sys (AuthenTec, Inc.)
DRV - (Lbd) -- C:\Windows\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys ()
DRV - (hpdskflt) -- C:\Windows\system32\DRIVERS\hpdskflt.sys (Hewlett-Packard Corporation)
DRV - (Accelerometer) -- C:\Windows\System32\drivers\Accelerometer.sys (Hewlett-Packard Corporation)
DRV - (e1yexpress) Intel(R) -- C:\Windows\System32\drivers\e1y6032.sys (Intel Corporation)
DRV - (HECI) Intel(R) -- C:\Windows\System32\drivers\HECI.sys (Intel Corporation)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation)
DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.)
DRV - (rismc32) -- C:\Windows\System32\drivers\rismc32.sys (RICOH Company, Ltd.)
DRV - (HBtnKey) -- C:\Windows\System32\drivers\CPQBttn.sys (Hewlett-Packard Development Company, L.P.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://hotmail.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://ch.msn.com/default.aspx?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-ch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C0 33 64 73 F2 B0 CB 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = plimus.com;www.plimus.com;regnow.com;www.regnow.com;*.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = socks=127.0.0.1:7070

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "hxxp://www.facebook.com/home.php | hxxp://twitter.com/"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.872
FF - prefs.js..extensions.enabledItems: dvscontextmenuy@dvdvideosoft.com:1.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: firesheep@codebutler.com:0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {1544D611-955F-4ceb-95D3-82C720C29EAE}:1.1.0
FF - prefs.js..extensions.enabledItems: {81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}:7.1.1.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2011.09.13 08:20:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.09.30 08:55:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.09.25 12:54:40 | 000,000,000 | ---D | M]

[2009.09.02 11:37:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Raffaele\AppData\Roaming\mozilla\Extensions
[2011.10.11 23:41:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Raffaele\AppData\Roaming\mozilla\Firefox\Profiles\7nkp4doo.default\extensions
[2010.04.28 01:34:11 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Raffaele\AppData\Roaming\mozilla\Firefox\Profiles\7nkp4doo.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.04.16 06:11:09 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Raffaele\AppData\Roaming\mozilla\Firefox\Profiles\7nkp4doo.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.10.27 10:00:06 | 000,000,000 | ---D | M] (Firesheep) -- C:\Users\Raffaele\AppData\Roaming\mozilla\Firefox\Profiles\7nkp4doo.default\extensions\firesheep@codebutler.com
[2009.09.22 12:29:54 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\Raffaele\AppData\Roaming\mozilla\Firefox\Profiles\7nkp4doo.default\extensions\moveplayer@movenetworks.com
[2011.06.12 02:06:13 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2009.10.30 06:23:40 | 000,000,000 | ---D | M] ("Citavi Picker") -- C:\Programme\Mozilla Firefox\extensions\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}
[2010.04.06 14:11:52 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010.08.09 07:43:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.11.14 12:45:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.02.21 00:13:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.06.12 02:06:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\RAFFAELE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7NKP4DOO.DEFAULT\EXTENSIONS\{1544D611-955F-4CEB-95D3-82C720C29EAE}.XPI
() (No name found) -- C:\USERS\RAFFAELE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7NKP4DOO.DEFAULT\EXTENSIONS\{C0C9A2C7-2E5C-4447-BC53-97718BC91E1B}.XPI
[2011.09.30 08:55:57 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.05.03 20:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010.04.07 09:57:56 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2010.01.01 02:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 02:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010.01.01 02:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.01 02:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.01 02:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.01 02:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2006.09.18 15:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Programme\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [picon] C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe (Intel Corporation)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Programme\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [snuvcdsm] C:\Windows\snuvcdsm.exe ()
O4 - HKLM..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\soundmax.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe" File not found
O4 - HKLM..\RunOnce: [GrpConv] C:\Windows\System32\grpconv.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\Raffaele\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Raffaele\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O8 - Extra context menu item: &Citavi Picker... - C:\Program Files\Internet Explorer\PLUGINS\Citavi Picker\ShowContextMenu.html ()
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube Download - C:\Users\Raffaele\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Raffaele\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Save YouTube Video as MP3 - C:\Program Files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll (DVSTeam)
O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} https://studmaillz.unisg.ch/dwa7W.cab (Domino Web Access 7 Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.76.76 75.75.75.75
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A7E235FE-B7B3-45F4-9F31-3561CE9FEAE7}: DhcpNameServer = 75.75.76.76 75.75.75.75
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E7282A2D-7A8F-4F62-8C50-AA2F3681C9FF}: DhcpNameServer = 128.101.101.101 134.84.84.84
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EA483D52-F491-434A-BE95-3D3EC76EFB4D}: DhcpNameServer = 138.188.101.186 138.188.101.189
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (avgrsstx.dll) -C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found
O22 - SharedTaskScheduler: {1984D045-52CF-49cd-DB77-08F378FEA4DB} - ObjectDockShellExt - C:\Programme\Stardock\ObjectDockFree\ODMenu.dll (Stardock)
O24 - Desktop WallPaper: C:\Users\Raffaele\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Raffaele\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 15:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005.09.14 08:14:39 | 000,000,235 | R--- | M] () - D:\Autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2007.09.27 06:35:00 | 001,049,616 | R--- | M] (Microsoft Corporation) - D:\autorun.exe -- [ CDFS ]
O33 - MountPoints2\{0e79b82f-ebd0-11de-8ca7-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{0e79b82f-ebd0-11de-8ca7-806e6f6e6963}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{d61e6c61-97c8-11de-b7d8-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{d61e6c61-97c8-11de-b7d8-806e6f6e6963}\Shell\AutoRun\command - "" = D:\autorun.exe -- [2007.09.27 06:35:00 | 001,049,616 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{d61e6c61-97c8-11de-b7d8-806e6f6e6963}\Shell\directx\command - "" = D:\directx9\DXSETUP.exe -- [2005.05.26 16:34:41 | 000,482,000 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{d61e6c61-97c8-11de-b7d8-806e6f6e6963}\Shell\setup\command - "" = D:\setup.exe -- [2007.10.02 06:24:20 | 000,304,136 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011.11.07 10:23:42 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Raffaele\Desktop\OTL.exe
[2011.11.06 21:15:09 | 001,563,952 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Raffaele\Desktop\tdsskiller.exe
[2011.11.06 21:02:37 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Roaming\Malwarebytes
[2011.11.06 21:02:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.11.06 21:02:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.11.06 21:02:28 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.11.06 21:02:28 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.11.06 21:01:50 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Raffaele\Desktop\Hans.exe.exe
[2011.11.06 14:58:24 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{26B5C0C7-4BD7-467B-B328-DE3D02EBDA25}
[2011.11.06 14:58:12 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{4E4D2722-38EE-4BCF-A37F-0BD15DB6929C}
[2011.11.06 02:57:53 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{7327BC2D-6053-4780-908D-1DE6BD05D13C}
[2011.11.06 02:57:42 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{83B3D684-4A9D-4F92-AB8F-3963CFD71631}
[2011.11.05 02:57:09 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{EBB143E4-1A97-47A2-8DCC-8DA5E60C6E29}
[2011.11.04 08:36:10 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{4B028F71-A6C3-4E8E-89AC-96842A25E746}
[2011.11.04 08:35:56 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{3BF88727-6D3C-4849-9354-A96DE140C62F}
[2011.11.03 20:36:07 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{B439A323-A130-4986-A1ED-F8157946A6D9}
[2011.11.03 02:07:20 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011.11.03 02:01:24 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{6B0C6AF8-DB09-4EA9-8C86-A934AFAD057B}
[2011.11.03 02:00:38 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{06AA1B0E-6158-4017-AD6B-EF55E5419DA2}
[2011.11.02 09:46:55 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{AD210BF2-E87B-4715-ABD3-D3B6197931DB}
[2011.11.02 09:46:10 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{FCD30B8D-0E19-47B0-A881-2FE24C97A7C8}
[2011.11.01 19:59:20 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{3894B049-30DA-47B2-841B-49F5F68D3803}
[2011.11.01 19:58:50 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{458BDFEB-3A2C-426F-AE43-382F34837B06}
[2011.11.01 07:57:57 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{5B61877E-DBC5-4E06-8BF8-0237D4ABFFDA}
[2011.11.01 07:57:30 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{008BF5EE-B2EA-4006-9392-763ED1133CBF}
[2011.10.31 10:48:57 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{83AA8064-79D1-42F5-AFDE-1822F4922EDE}
[2011.10.31 10:48:43 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{DB353AEE-A68C-490A-B9BA-477E7EC27593}
[2011.10.30 22:48:28 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{C0E7F88C-AC27-4A13-98E7-EC22CF825A3E}
[2011.10.30 22:48:17 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{625F02CA-9D8D-4135-B49A-5C29E7870EB7}
[2011.10.30 10:49:40 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{ECCA9F45-E921-4C47-91BF-241F5307D1A1}
[2011.10.29 22:49:27 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{CF3536FA-A917-4656-9641-0CAB2219195E}
[2011.10.29 22:49:14 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{0964B96A-870B-4920-9A72-5BE9953332CF}
[2011.10.29 10:48:42 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{B424F377-6982-40C1-9031-AC7C3BF74538}
[2011.10.29 10:48:29 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{03035DA4-D1DE-49D8-81C2-B2F9B07C6DDA}
[2011.10.28 22:19:29 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{FAFCD6EA-834C-4F9A-8CB5-7E080816E48C}
[2011.10.28 22:19:14 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{A52FC619-BB41-4A5C-B32B-E3E2BF118268}
[2011.10.28 10:18:59 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{381533A8-8850-46AD-9D69-F7674555A1EE}
[2011.10.28 10:18:46 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{F25247DC-57F5-49B7-8766-B58746708418}
[2011.10.27 22:18:31 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{438F01CB-F644-435C-B307-796829096656}
[2011.10.27 22:18:15 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{DED81BEA-F419-43B5-ACDB-19F569E53E3D}
[2011.10.27 10:18:02 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{0A373735-7382-4991-B9F4-75BFDB864619}
[2011.10.27 10:17:13 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{DBDB684A-D210-474B-B1F1-9721F8D365BC}
[2011.10.26 21:04:43 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{EDFA0428-226B-4354-93D8-C863CD31A399}
[2011.10.26 21:04:31 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{90604628-ABA4-41A6-AEEB-B6AA31A8AE92}
[2011.10.26 09:04:03 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{89ACE10C-8759-4912-917E-7962DAAE7714}
[2011.10.26 09:03:26 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{73D73D5C-A405-4C2A-A4FA-AE4E41DD18D1}
[2011.10.25 12:13:55 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{6AD83093-21E0-4EA7-9CD9-D134E11F47BE}
[2011.10.25 12:13:43 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{EB83324F-EC13-4526-B530-8598ED2ED18F}
[2011.10.25 00:13:06 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{35716CD5-BCD5-48E8-9FEB-A11DE429E510}
[2011.10.25 00:12:04 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{D29C8410-21BC-462F-8BA8-BA17AB1CF5E7}
[2011.10.24 12:11:47 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{41D21AC2-A492-43C6-A15B-C2E96EADE130}
[2011.10.24 12:11:35 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{D59FDB2E-F69A-403B-9530-CF9CF01DA9E3}
[2011.10.24 00:11:16 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{2F82264B-34A7-4A74-BC43-3E15FBA9576A}
[2011.10.24 00:11:03 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{4EFBAFDB-0CE0-4DED-AB89-7760656D475C}
[2011.10.23 12:10:44 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{668414E5-D578-4071-BE8D-0AF3FFBF2455}
[2011.10.23 12:10:32 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{1F84FC02-8FAC-47DC-9FD9-95F2230A7918}
[2011.10.22 10:23:01 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{406BD85E-5C55-48CF-B0AB-885C2D7429C7}
[2011.10.22 10:21:35 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{17455312-311D-4F38-8F5A-29E20C29C0C1}
[2011.10.21 17:28:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011.10.21 17:26:06 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011.10.21 17:26:02 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011.10.21 17:19:21 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011.10.21 12:04:02 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{87BF6C94-0604-434B-BD7E-C3F26B65AB79}
[2011.10.21 12:03:51 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{83DCD0F4-583C-4F99-BB30-C80F68C435A9}
[2011.10.21 00:03:36 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{CD8F3B65-9588-40BE-84CB-AA4F44ED7CE8}
[2011.10.21 00:03:25 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{2C6E21A9-ED54-4058-A038-EEDF48AADEF0}
[2011.10.20 12:03:13 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{ACBE0963-95C4-4ECC-AC18-59900250C66C}
[2011.10.20 12:03:02 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{1DBCD825-EDDE-4B7C-A440-CD98CC00192F}
[2011.10.20 00:02:48 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{723ACABA-4780-46AB-8820-7714CD8E88B3}
[2011.10.20 00:02:37 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{E1330B23-038E-4A30-93D2-30D47B67C68E}
[2011.10.19 11:04:08 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{AD8A83A3-FBAF-492A-8047-76CA9DFB8884}
[2011.10.19 11:03:56 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{2ADEBA1F-AB4C-46AF-AA55-D63B27073DF4}
[2011.10.18 23:03:41 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{CAE9AF4A-E001-41E0-B45C-F2D83E0AB164}
[2011.10.18 23:03:29 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{705B5066-C1DF-4711-8B04-F36554211B60}
[2011.10.18 19:47:07 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Graphmatica
[2011.10.18 19:47:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Graphmatica
[2011.10.18 19:47:01 | 000,000,000 | ---D | C] -- C:\Program Files\Graphmatica
[2011.10.18 11:03:10 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{17AA7C2E-F5EA-4A6D-968B-9131416D315C}
[2011.10.18 11:02:54 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{5E571E49-404D-44EC-A7EE-5C2728739708}
[2011.10.17 23:02:23 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{BAA0A2C1-79A0-486B-A531-B3C94B5AD9A1}
[2011.10.17 23:02:12 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{BFDD8CE4-2AFD-4477-BBD7-BDFC3ED18597}
[2011.10.17 10:07:56 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{4E5EC80F-B5FA-44C3-9EB8-95A022173939}
[2011.10.17 10:07:44 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{30936177-7460-4E02-83BF-9EECCC397F34}
[2011.10.16 22:07:26 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{0A4E58AC-CA64-4622-ABD0-9DAE476FF6BA}
[2011.10.16 22:07:08 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{02AA634E-7FB5-430F-ACC9-892E4D0D95FB}
[2011.10.16 10:05:59 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{D8D952D2-A09C-4659-8DEB-16C747893CAE}
[2011.10.16 10:05:41 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{6D528E32-4627-4DF4-87C4-32E5062A8E1E}
[2011.10.15 21:13:19 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{0F0D8C4C-DC8C-444D-82A1-F2F51F363826}
[2011.10.15 21:13:07 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{C0869174-DB09-4DD1-931A-529D4268CCEA}
[2011.10.15 09:12:43 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{5598C90A-49C5-4CB8-B364-85EC61BE2753}
[2011.10.15 09:12:02 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{B807C331-761C-41D0-8EB3-FF8C8CAE29D1}
[2011.10.14 11:46:36 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{23CD549B-24BD-4028-ABB7-591EA8CF537E}
[2011.10.14 11:46:21 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{E0A88589-5E96-40CD-8520-FE03954D684B}
[2011.10.13 10:36:59 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{8492A732-B79D-4158-8F6D-173041B4BC85}
[2011.10.13 10:36:46 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{D7F29A3B-23AE-4F4B-9DCA-07726323D48F}
[2011.10.13 02:15:10 | 000,000,000 | ---D | C] -- C:\f6d82a019516acde63b06e0cee9565
[2011.10.13 02:13:15 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.10.13 02:13:12 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011.10.13 02:13:10 | 001,798,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011.10.13 02:13:10 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.10.13 02:13:07 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011.10.12 22:36:16 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{4B6A3637-CA20-4BBF-A91C-111DEAA279ED}
[2011.10.12 22:36:04 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{87A4809B-BD73-46CF-A55E-71F8BF140378}
[2011.10.12 17:07:11 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2011.10.12 17:07:11 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2011.10.12 17:07:11 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mpeg2Data.ax
[2011.10.12 17:07:11 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSDvbNP.ax
[2011.10.12 17:07:07 | 002,043,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011.10.12 17:06:23 | 000,555,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAutomationCore.dll
[2011.10.12 17:06:22 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleaccrc.dll
[2011.10.12 10:35:46 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{5E6A044D-DBD2-4E89-A46F-D54172C93BB1}
[2011.10.12 10:35:33 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{2F3672E5-5634-4F31-AFEB-C0291C00C221}
[2011.10.11 22:35:01 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{90A428E9-92FA-480E-ABB9-6933F9169286}
[2011.10.11 22:34:44 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{AD9DE143-9FF8-43D2-9DC0-D6F273B353E0}
[2011.10.11 10:07:00 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{0152E413-02CD-4551-8680-37537BE64F55}
[2011.10.10 20:35:25 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{22643CD0-F7F1-46EC-9B31-288B2E7D66A4}
[2011.10.10 20:35:09 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{5B9D70F5-6561-49E7-84A8-B41536EC1FCD}
[2011.10.10 08:34:29 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{5ED54632-26DA-40AB-A54C-5FB1A3A5CE21}
[2011.10.10 08:33:51 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{2C4D5444-916E-47BA-AB4A-ED730865A031}
[2011.10.09 10:07:46 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{1859A62E-B8C3-46FD-AA13-02C15741DF46}
[2011.10.09 10:07:34 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{7C39B51C-51D8-4B59-96D5-781CC5D52210}
[2011.10.08 22:07:16 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{7479C5E8-4CA2-4885-A9BC-128AAFAD3D2B}
[2011.10.08 22:07:03 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{12008424-2183-47EE-ADF4-5E2D635CB1EE}
[2009.09.02 08:30:45 | 000,180,224 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll
[2009.09.02 08:30:43 | 000,176,128 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Raffaele\Desktop\*.tmp files -> C:\Users\Raffaele\Desktop\*.tmp -> ]
[1 C:\Users\Raffaele\*.tmp files -> C:\Users\Raffaele\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011.11.07 10:23:58 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Raffaele\Desktop\OTL.exe
[2011.11.07 00:33:58 | 000,909,150 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.11.07 00:33:58 | 000,636,916 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.11.07 00:33:58 | 000,222,608 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.11.07 00:33:58 | 000,004,062 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.11.07 00:28:46 | 000,000,054 | ---- | M] () -- C:\Windows\System32\rp_stats.dat
[2011.11.07 00:28:46 | 000,000,039 | ---- | M] () -- C:\Windows\System32\rp_rules.dat
[2011.11.07 00:26:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.11.06 21:26:28 | 001,563,952 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Raffaele\Desktop\tdsskiller.exe
[2011.11.06 21:02:31 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.11.06 21:01:59 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Raffaele\Desktop\Hans.exe.exe
[2011.11.06 20:47:55 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.11.06 20:47:55 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.11.06 20:47:51 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011.11.06 20:30:20 | 000,246,304 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011.11.06 20:28:43 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.11.06 18:43:30 | 088,678,227 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2011.11.06 18:10:05 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.11.06 17:18:05 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Daily 4).job
[2011.11.06 13:49:01 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Daily 3).job
[2011.11.06 04:55:21 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Daily 1).job
[2011.11.06 04:31:05 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Daily 2).job
[2011.11.06 02:49:28 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2011.10.29 01:51:55 | 343,668,827 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011.10.21 21:34:44 | 000,188,416 | ---- | M] () -- C:\Users\Raffaele\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.10.17 16:52:17 | 000,317,931 | ---- | M] () -- C:\Users\Raffaele\Desktop\296849_300976639916184_100000115510359_1357400_765453084_n.jpg
[2011.10.14 13:01:16 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011.10.13 02:45:38 | 000,438,464 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Raffaele\Desktop\*.tmp files -> C:\Users\Raffaele\Desktop\*.tmp -> ]
[1 C:\Users\Raffaele\*.tmp files -> C:\Users\Raffaele\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011.11.06 21:02:31 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.10.17 16:48:00 | 000,317,931 | ---- | C] () -- C:\Users\Raffaele\Desktop\296849_300976639916184_100000115510359_1357400_765453084_n.jpg
[2011.07.17 15:57:23 | 000,000,680 | ---- | C] () -- C:\Users\Raffaele\AppData\Local\d3d9caps.dat
[2011.06.17 03:20:29 | 000,188,416 | ---- | C] () -- C:\Users\Raffaele\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.06.11 02:45:31 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2011.04.10 08:50:14 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2011.04.08 06:00:03 | 000,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.dll
[2011.04.08 06:00:03 | 000,000,205 | ---- | C] () -- C:\Windows\System32\lsprst7.dll
[2010.06.25 11:03:12 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2010.04.20 05:14:22 | 000,000,162 | ---- | C] () -- C:\Windows\ODBC.INI
[2010.04.06 14:16:28 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.04.04 15:37:04 | 000,202,048 | ---- | C] () -- C:\Windows\System32\AVLibrary.dll
[2010.03.23 05:26:48 | 000,201,512 | ---- | C] () -- C:\Windows\System32\vpnapi.dll
[2010.01.20 01:55:22 | 000,000,054 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2010.01.20 01:55:22 | 000,000,039 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2009.10.25 04:52:18 | 000,000,474 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2009.10.25 04:52:18 | 000,000,034 | ---- | C] () -- C:\Windows\System32\bd9045cd.dat
[2009.10.25 04:52:18 | 000,000,026 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2009.09.02 17:57:49 | 000,909,150 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.09.02 17:57:49 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.09.02 17:57:49 | 000,222,608 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.09.02 17:57:49 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.09.02 12:52:39 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.09.02 12:52:38 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.09.02 12:51:09 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009.09.02 11:05:02 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009.09.02 09:43:47 | 000,246,304 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009.09.02 09:43:45 | 000,246,304 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009.09.02 09:11:26 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI
[2009.09.02 08:30:43 | 001,804,160 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2009.09.02 08:30:43 | 000,028,160 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys
[2009.09.02 08:30:43 | 000,020,480 | ---- | C] () -- C:\Windows\snuvcdsm.exe
[2009.09.02 08:30:43 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[2009.09.02 08:22:42 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2009.09.02 08:03:53 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2009.08.03 07:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009.08.03 07:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2006.11.02 06:56:48 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 06:47:43 | 000,438,464 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 04:33:01 | 000,636,916 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 04:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 04:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 04:33:01 | 000,004,062 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 04:25:26 | 000,557,568 | ---- | C] () -- C:\Windows\System32\hpotscl1.dll
[2006.11.02 04:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 02:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 02:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 01:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 01:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.03.18 07:16:04 | 000,540,178 | ---- | C] () -- C:\Windows\System32\x264vfw.dll
[2005.01.17 09:10:16 | 000,045,056 | ---- | C] () -- C:\Windows\System32\BRTCPCON.DLL
[2004.08.09 09:00:42 | 000,000,114 | ---- | C] () -- C:\Windows\System32\BRLMW03A.INI
[1999.10.26 18:00:00 | 000,000,050 | ---- | C] () -- C:\Windows\System32\BAOCH06A.DAT

========== LOP Check ==========

[2009.10.30 07:48:51 | 000,000,000 | ---D | M] -- C:\Users\Raffaele\AppData\Roaming\Academic Software Zurich
[2011.10.08 15:06:02 | 000,000,000 | ---D | M] -- C:\Users\Raffaele\AppData\Roaming\benibela
[2011.06.16 11:22:49 | 000,000,000 | ---D | M] -- C:\Users\Raffaele\AppData\Roaming\Bump Technologies, Inc
[2011.03.22 11:06:31 | 000,000,000 | ---D | M] -- C:\Users\Raffaele\AppData\Roaming\com.prezi.PreziDesktop
[2011.11.05 13:36:14 | 000,000,000 | ---D | M] -- C:\Users\Raffaele\AppData\Roaming\Dropbox
[2011.08.10 00:53:30 | 000,000,000 | ---D | M] -- C:\Users\Raffaele\AppData\Roaming\DVDVideoSoft
[2011.04.21 00:00:18 | 000,000,000 | ---D | M] -- C:\Users\Raffaele\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.04.08 05:11:32 | 000,000,000 | ---D | M] -- C:\Users\Raffaele\AppData\Roaming\FFSJ
[2010.04.07 09:58:21 | 000,000,000 | ---D | M] -- C:\Users\Raffaele\AppData\Roaming\Foxit
[2011.03.28 06:43:14 | 000,000,000 | ---D | M] -- C:\Users\Raffaele\AppData\Roaming\Foxit Software
[2009.09.02 08:16:29 | 000,000,000 | ---D | M] -- C:\Users\Raffaele\AppData\Roaming\Hewlett Packard
[2010.05.06 23:50:31 | 000,000,000 | ---D | M] -- C:\Users\Raffaele\AppData\Roaming\Hide IP NG
[2011.04.25 08:14:53 | 000,000,000 | ---D | M] -- C:\Users\Raffaele\AppData\Roaming\ImTOO
[2010.07.23 06:09:48 | 000,000,000 | ---D | M] -- C:\Users\Raffaele\AppData\Roaming\Information Factory
[2010.05.06 16:54:07 | 000,000,000 | ---D | M] -- C:\Users\Raffaele\AppData\Roaming\Mpm
[2010.04.14 08:00:14 | 000,000,000 | ---D | M] -- C:\Users\Raffaele\AppData\Roaming\NCH Swift Sound
[2009.10.06 15:37:40 | 000,000,000 | ---D | M] -- C:\Users\Raffaele\AppData\Roaming\OpenOffice.org
[2010.04.14 08:00:20 | 000,000,000 | ---D | M] -- C:\Users\Raffaele\AppData\Roaming\Recordpad
[2010.04.06 10:10:48 | 000,000,000 | ---D | M] -- C:\Users\Raffaele\AppData\Roaming\Softland
[2011.06.21 01:40:44 | 000,000,000 | ---D | M] -- C:\Users\Raffaele\AppData\Roaming\Stardock
[2011.02.02 13:16:31 | 000,000,000 | ---D | M] -- C:\Users\Raffaele\AppData\Roaming\Windows Live Writer
[2011.11.06 04:55:21 | 000,000,370 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Daily 1).job
[2011.11.06 04:31:05 | 000,000,370 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Daily 2).job
[2011.11.06 13:49:01 | 000,000,370 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Daily 3).job
[2011.11.06 17:18:05 | 000,000,370 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Daily 4).job
[2011.11.06 02:49:28 | 000,000,370 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2011.11.06 20:47:51 | 000,032,558 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
Angehängte Dateien
Dateityp: txt Extras.Txt (76,9 KB, 197x aufgerufen)

Alt 07.11.2011, 19:15   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Privacy Protection mit rkill und tdsskiller behandelt. Alles sauber? - Standard

Privacy Protection mit rkill und tdsskiller behandelt. Alles sauber?



Zitat:
3. mit Malwarebytes 4 infizierte Dateien entfernt
Bitte alle Logs auch davon posten
__________________

__________________

Alt 07.11.2011, 19:25   #3
hi-5
 
Privacy Protection mit rkill und tdsskiller behandelt. Alles sauber? - Standard

Privacy Protection mit rkill und tdsskiller behandelt. Alles sauber?



Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 8104

Windows 6.0.6002 Service Pack 2 (Safe Mode)
Internet Explorer 9.0.8112.16421

07.11.2011 00:25:08
mbam-log-2011-11-07 (00-25-08).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|I:\|)
Durchsuchte Objekte: 387824
Laufzeit: 1 Stunde(n), 37 Minute(n), 2 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 4

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Privacy Protection (Exploit.Drop.Gen) -> Value: Privacy Protection -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\Raffaele\AppData\Roaming\privacy.exe (Exploit.Drop.Gen) -> Quarantined and deleted successfully.
c:\Users\Raffaele\AppData\Local\Temp\11AE.tmp (Exploit.Drop.Gen) -> Quarantined and deleted successfully.
c:\Users\Raffaele\AppData\Local\Temp\20CC.tmp (Exploit.Drop.Gen) -> Quarantined and deleted successfully.
c:\Users\Raffaele\Desktop\uSeRiNiT.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.


Danke
__________________

Alt 07.11.2011, 19:25   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Privacy Protection mit rkill und tdsskiller behandelt. Alles sauber? - Standard

Privacy Protection mit rkill und tdsskiller behandelt. Alles sauber?



Führ bitte auch ESET aus, danach sehen wir weiter:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 08.11.2011, 00:05   #5
hi-5
 
Privacy Protection mit rkill und tdsskiller behandelt. Alles sauber? - Standard

Privacy Protection mit rkill und tdsskiller behandelt. Alles sauber?



Sorry, hat ein Weilchen gedauert... 3 Threats gefunden und nicht entfernt (wie gewünscht)...

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=a0cd3fdd7404344bb35afc07636d69cc
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-11-07 07:26:09
# local_time=2011-11-07 01:26:09 (-0600, Central Normalzeit)
# country="Switzerland"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1024 16777215 100 0 62527524 62527524 0 0
# compatibility_mode=5892 16776638 100 100 62530885 157298844 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=80118
# found=0
# cleaned=0
# scan_time=2627
esets_scanner_update returned -1 esets_gle=53251
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=a0cd3fdd7404344bb35afc07636d69cc
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-11-07 10:05:41
# local_time=2011-11-07 04:05:41 (-0600, Central Normalzeit)
# country="Switzerland"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1024 16777215 100 0 62530924 62530924 0 0
# compatibility_mode=5892 16776638 100 100 62534285 157302244 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=234325
# found=3
# cleaned=0
# scan_time=8798
C:\Users\Raffaele\AppData\Local\Temp\jar_cache5399023740393011693.tmp multiple threats (unable to clean) 00000000000000000000000000000000 I
C:\Users\Raffaele\AppData\Local\Temp\ICReinstall\cnet_Graphmatica20g_setup_exe.exe a variant of Win32/InstallCore.D application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Raffaele\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11\13bc228b-40b60e1b a variant of Java/TrojanDownloader.OpenStream.NBG trojan (unable to clean) 00000000000000000000000000000000 I


Alt 08.11.2011, 09:16   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Privacy Protection mit rkill und tdsskiller behandelt. Alles sauber? - Standard

Privacy Protection mit rkill und tdsskiller behandelt. Alles sauber?



CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
--> Privacy Protection mit rkill und tdsskiller behandelt. Alles sauber?

Alt 08.11.2011, 17:45   #7
hi-5
 
Privacy Protection mit rkill und tdsskiller behandelt. Alles sauber? - Standard

Privacy Protection mit rkill und tdsskiller behandelt. Alles sauber?



Danke! Voilà:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 08.11.2011 10:27:33 - Run 2
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Raffaele\Desktop
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
 
1.93 Gb Total Physical Memory | 1.28 Gb Available Physical Memory | 66.14% Memory free
4.10 Gb Paging File | 3.65 Gb Available in Paging File | 88.96% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 69.49 Gb Free Space | 29.84% Space Free | Partition Type: NTFS
Drive D: | 538.34 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive I: | 7.47 Gb Total Space | 4.94 Gb Free Space | 66.06% Space Free | Partition Type: FAT32
 
Computer Name: **** | User Name: ****** | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Raffaele\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Programme\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
PRC - C:\Programme\Lavasoft\Ad-Aware\AAWWSC.exe ()
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\Lavasoft\Ad-Aware\ShellExt.dll ()
MOD - C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SmcService) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (Symantec Corporation)
SRV - (SNAC) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE (Symantec Corporation)
SRV - (ccSetMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (Symantec AntiVirus) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (PMBDeviceInfoProvider) -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)
SRV - (LiveUpdate) -- C:\Programme\Symantec\LiveUpdate\LuComServer_3_3.EXE (Symantec Corporation)
SRV - (avg9emc) -- C:\Program Files\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)
SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
SRV - (CVPND) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (Lotus Notes Diagnostics) -- C:\Program Files\IBM\Lotus\Notes\nsd.exe (IBM Corp)
SRV - (CrossLoopService) -- C:\Users\Raffaele\AppData\Local\CrossLoop\CrossLoopService.exe (CrossLoop Inc)
SRV - (uvnc_service) -- C:\Users\Raffaele\AppData\Local\CrossLoop\winvnc.exe (UltraVNC)
SRV - (Multi-user Cleanup Service) -- C:\Program Files\IBM\Lotus\Notes\ntmulti.exe (IBM Corp)
SRV - (UNS) Intel(R) -- C:\Programme\Common Files\Intel\Privacy Icon\UNS\UNS.EXE (Intel Corporation)
SRV - (LMS) Intel(R) -- C:\Programme\Intel\AMT\LMS.EXE (Intel Corporation)
SRV - (AEADIFilters) -- C:\Windows\System32\AEADISRV.EXE (Andrea Electronics Corporation)
SRV - (RoxMediaDB10) -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe (Sonic Solutions)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (AvgMfx86) -- C:\Windows\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (NAVEX15) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20111105.009\NAVEX15.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Programme\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20111105.009\NAVENG.SYS (Symantec Corporation)
DRV - (Netaapl) -- C:\Windows\System32\drivers\netaapl.sys (Apple Inc.)
DRV - (AvgTdiX) -- C:\Windows\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (SRTSPL) -- C:\Windows\System32\drivers\srtspl.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\System32\drivers\srtsp.sys (Symantec Corporation)
DRV - (SRTSPX) -- C:\Windows\System32\drivers\srtspx.sys (Symantec Corporation)
DRV - (SPBBCDrv) -- C:\Programme\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (SYMTDI) -- C:\Windows\System32\Drivers\SYMTDI.SYS (Symantec Corporation)
DRV - (SYMREDRV) -- C:\Windows\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)
DRV - (Uim_IM) -- C:\Windows\System32\drivers\Uim_IM.sys (Paragon)
DRV - (hotcore3) -- C:\Windows\system32\DRIVERS\hotcore3.sys (Paragon Software Group)
DRV - (UimBus) -- C:\Windows\System32\drivers\UimBus.sys (Windows (R) 2000 DDK provider)
DRV - (AvgLdx86) -- C:\Windows\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (NPF) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies, Inc.)
DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (ATSwpWDF) -- C:\Windows\System32\drivers\ATSwpWDF.sys (AuthenTec, Inc.)
DRV - (Lbd) -- C:\Windows\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys ()
DRV - (hpdskflt) -- C:\Windows\system32\DRIVERS\hpdskflt.sys (Hewlett-Packard Corporation)
DRV - (Accelerometer) -- C:\Windows\System32\drivers\Accelerometer.sys (Hewlett-Packard Corporation)
DRV - (e1yexpress) Intel(R) -- C:\Windows\System32\drivers\e1y6032.sys (Intel Corporation)
DRV - (HECI) Intel(R) -- C:\Windows\System32\drivers\HECI.sys (Intel Corporation)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation)
DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.)
DRV - (rismc32) -- C:\Windows\System32\drivers\rismc32.sys (RICOH Company, Ltd.)
DRV - (HBtnKey) -- C:\Windows\System32\drivers\CPQBttn.sys (Hewlett-Packard Development Company, L.P.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Sign In
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = Hotmail, Messenger, Lifestyle, Unterhaltung, Reisen, News, Sport und vieles mehr auf msn.ch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-ch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C0 33 64 73 F2 B0 CB 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = plimus.com;www.plimus.com;regnow.com;www.regnow.com;*.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = socks=127.0.0.1:7070
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.facebook.com/home.php | hxxp://twitter.com/"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.872
FF - prefs.js..extensions.enabledItems: dvscontextmenuy@dvdvideosoft.com:1.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: firesheep@codebutler.com:0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {1544D611-955F-4ceb-95D3-82C720C29EAE}:1.1.0
FF - prefs.js..extensions.enabledItems: {81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}:7.1.1.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player:  File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2011.09.13 08:20:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.09.30 08:55:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.09.25 12:54:40 | 000,000,000 | ---D | M]
 
[2009.09.02 11:37:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Raffaele\AppData\Roaming\mozilla\Extensions
[2011.10.11 23:41:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Raffaele\AppData\Roaming\mozilla\Firefox\Profiles\7nkp4doo.default\extensions
[2010.04.28 01:34:11 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Raffaele\AppData\Roaming\mozilla\Firefox\Profiles\7nkp4doo.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.04.16 06:11:09 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Raffaele\AppData\Roaming\mozilla\Firefox\Profiles\7nkp4doo.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.10.27 10:00:06 | 000,000,000 | ---D | M] (Firesheep) -- C:\Users\Raffaele\AppData\Roaming\mozilla\Firefox\Profiles\7nkp4doo.default\extensions\firesheep@codebutler.com
[2009.09.22 12:29:54 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\Raffaele\AppData\Roaming\mozilla\Firefox\Profiles\7nkp4doo.default\extensions\moveplayer@movenetworks.com
[2011.06.12 02:06:13 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2009.10.30 06:23:40 | 000,000,000 | ---D | M] ("Citavi Picker") -- C:\Programme\Mozilla Firefox\extensions\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}
[2010.04.06 14:11:52 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010.08.09 07:43:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.11.14 12:45:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.02.21 00:13:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.06.12 02:06:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\RAFFAELE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7NKP4DOO.DEFAULT\EXTENSIONS\{1544D611-955F-4CEB-95D3-82C720C29EAE}.XPI
() (No name found) -- C:\USERS\RAFFAELE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7NKP4DOO.DEFAULT\EXTENSIONS\{C0C9A2C7-2E5C-4447-BC53-97718BC91E1B}.XPI
[2011.09.30 08:55:57 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.05.03 20:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010.04.07 09:57:56 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2010.01.01 02:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 02:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010.01.01 02:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.01 02:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.01 02:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.01 02:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 15:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Programme\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [picon] C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe (Intel Corporation)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Programme\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [snuvcdsm] C:\Windows\snuvcdsm.exe ()
O4 - HKLM..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\soundmax.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe" File not found
O4 - HKLM..\RunOnce: [GrpConv] C:\Windows\System32\grpconv.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\Raffaele\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Raffaele\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O8 - Extra context menu item: &Citavi Picker... - C:\Program Files\Internet Explorer\PLUGINS\Citavi Picker\ShowContextMenu.html ()
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube Download - C:\Users\Raffaele\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Raffaele\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Save YouTube Video as MP3 - C:\Program Files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll (DVSTeam)
O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} https://studmaillz.unisg.ch/dwa7W.cab (Domino Web Access 7 Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 128.101.101.101 134.84.84.84
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A7E235FE-B7B3-45F4-9F31-3561CE9FEAE7}: DhcpNameServer = 128.101.101.101 134.84.84.84
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E7282A2D-7A8F-4F62-8C50-AA2F3681C9FF}: DhcpNameServer = 128.101.101.101 134.84.84.84
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EA483D52-F491-434A-BE95-3D3EC76EFB4D}: DhcpNameServer = 138.188.101.186 138.188.101.189
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (avgrsstx.dll) -C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) -  File not found
O22 - SharedTaskScheduler: {1984D045-52CF-49cd-DB77-08F378FEA4DB} - ObjectDockShellExt - C:\Programme\Stardock\ObjectDockFree\ODMenu.dll (Stardock)
O24 - Desktop WallPaper: C:\Users\Raffaele\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Raffaele\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 15:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005.09.14 08:14:39 | 000,000,235 | R--- | M] () - D:\Autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2007.09.27 06:35:00 | 001,049,616 | R--- | M] (Microsoft Corporation) - D:\autorun.exe -- [ CDFS ]
O33 - MountPoints2\{0e79b82f-ebd0-11de-8ca7-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{0e79b82f-ebd0-11de-8ca7-806e6f6e6963}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{d61e6c61-97c8-11de-b7d8-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{d61e6c61-97c8-11de-b7d8-806e6f6e6963}\Shell\AutoRun\command - "" = D:\autorun.exe -- [2007.09.27 06:35:00 | 001,049,616 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{d61e6c61-97c8-11de-b7d8-806e6f6e6963}\Shell\directx\command - "" = D:\directx9\DXSETUP.exe -- [2005.05.26 16:34:41 | 000,482,000 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{d61e6c61-97c8-11de-b7d8-806e6f6e6963}\Shell\setup\command - "" = D:\setup.exe -- [2007.10.02 06:24:20 | 000,304,136 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: ccEvtMgr - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SafeBootMin: ccSetMgr - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: Symantec Antivirus - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
SafeBootMin: Symantec Antvirus - Service
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: ccEvtMgr - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SafeBootNet: ccSetMgr - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: SmcService - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (Symantec Corporation)
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: Symantec Antivirus - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
SafeBootNet: Symantec Antvirus - Service
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EFCE7BE0-510E-4932-9475-F44CD90DE16A} - Microsoft .NET Framework 1.1 Security Update (KB2572067)
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.i420 - C:\Windows\System32\i420vfw.dll (www.helixcommunity.org)
Drivers32: vidc.yv12 - C:\Windows\System32\yv12vfw.dll (www.helixcommunity.org)
 
CREATERESTOREPOINT
Error creating restore point.
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.11.07 12:38:29 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011.11.07 12:24:32 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.11.07 10:23:42 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Raffaele\Desktop\OTL.exe
[2011.11.06 21:15:09 | 001,563,952 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Raffaele\Desktop\tdsskiller.exe
[2011.11.06 21:02:37 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Roaming\Malwarebytes
[2011.11.06 21:02:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.11.06 21:02:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.11.06 21:02:28 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.11.06 21:02:28 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.11.06 21:01:50 | 009,852,544 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Raffaele\Desktop\Hans.exe.exe
[2011.11.06 14:58:24 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{26B5C0C7-4BD7-467B-B328-DE3D02EBDA25}
[2011.11.06 14:58:12 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{4E4D2722-38EE-4BCF-A37F-0BD15DB6929C}
[2011.11.06 02:57:53 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{7327BC2D-6053-4780-908D-1DE6BD05D13C}
[2011.11.06 02:57:42 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{83B3D684-4A9D-4F92-AB8F-3963CFD71631}
[2011.11.05 02:57:09 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{EBB143E4-1A97-47A2-8DCC-8DA5E60C6E29}
[2011.11.04 08:36:10 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{4B028F71-A6C3-4E8E-89AC-96842A25E746}
[2011.11.04 08:35:56 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{3BF88727-6D3C-4849-9354-A96DE140C62F}
[2011.11.03 20:36:07 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{B439A323-A130-4986-A1ED-F8157946A6D9}
[2011.11.03 02:07:20 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011.11.03 02:01:24 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{6B0C6AF8-DB09-4EA9-8C86-A934AFAD057B}
[2011.11.03 02:00:38 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{06AA1B0E-6158-4017-AD6B-EF55E5419DA2}
[2011.11.02 09:46:55 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{AD210BF2-E87B-4715-ABD3-D3B6197931DB}
[2011.11.02 09:46:10 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{FCD30B8D-0E19-47B0-A881-2FE24C97A7C8}
[2011.11.01 19:59:20 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{3894B049-30DA-47B2-841B-49F5F68D3803}
[2011.11.01 19:58:50 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{458BDFEB-3A2C-426F-AE43-382F34837B06}
[2011.11.01 07:57:57 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{5B61877E-DBC5-4E06-8BF8-0237D4ABFFDA}
[2011.11.01 07:57:30 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{008BF5EE-B2EA-4006-9392-763ED1133CBF}
[2011.10.31 10:48:57 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{83AA8064-79D1-42F5-AFDE-1822F4922EDE}
[2011.10.31 10:48:43 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{DB353AEE-A68C-490A-B9BA-477E7EC27593}
[2011.10.30 22:48:28 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{C0E7F88C-AC27-4A13-98E7-EC22CF825A3E}
[2011.10.30 22:48:17 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{625F02CA-9D8D-4135-B49A-5C29E7870EB7}
[2011.10.30 10:49:40 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{ECCA9F45-E921-4C47-91BF-241F5307D1A1}
[2011.10.29 22:49:27 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{CF3536FA-A917-4656-9641-0CAB2219195E}
[2011.10.29 22:49:14 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{0964B96A-870B-4920-9A72-5BE9953332CF}
[2011.10.29 10:48:42 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{B424F377-6982-40C1-9031-AC7C3BF74538}
[2011.10.29 10:48:29 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{03035DA4-D1DE-49D8-81C2-B2F9B07C6DDA}
[2011.10.28 22:19:29 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{FAFCD6EA-834C-4F9A-8CB5-7E080816E48C}
[2011.10.28 22:19:14 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{A52FC619-BB41-4A5C-B32B-E3E2BF118268}
[2011.10.28 10:18:59 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{381533A8-8850-46AD-9D69-F7674555A1EE}
[2011.10.28 10:18:46 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{F25247DC-57F5-49B7-8766-B58746708418}
[2011.10.27 22:18:31 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{438F01CB-F644-435C-B307-796829096656}
[2011.10.27 22:18:15 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{DED81BEA-F419-43B5-ACDB-19F569E53E3D}
[2011.10.27 10:18:02 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{0A373735-7382-4991-B9F4-75BFDB864619}
[2011.10.27 10:17:13 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{DBDB684A-D210-474B-B1F1-9721F8D365BC}
[2011.10.26 21:04:43 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{EDFA0428-226B-4354-93D8-C863CD31A399}
[2011.10.26 21:04:31 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{90604628-ABA4-41A6-AEEB-B6AA31A8AE92}
[2011.10.26 09:04:03 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{89ACE10C-8759-4912-917E-7962DAAE7714}
[2011.10.26 09:03:26 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{73D73D5C-A405-4C2A-A4FA-AE4E41DD18D1}
[2011.10.25 12:13:55 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{6AD83093-21E0-4EA7-9CD9-D134E11F47BE}
[2011.10.25 12:13:43 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{EB83324F-EC13-4526-B530-8598ED2ED18F}
[2011.10.25 00:13:06 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{35716CD5-BCD5-48E8-9FEB-A11DE429E510}
[2011.10.25 00:12:04 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{D29C8410-21BC-462F-8BA8-BA17AB1CF5E7}
[2011.10.24 12:11:47 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{41D21AC2-A492-43C6-A15B-C2E96EADE130}
[2011.10.24 12:11:35 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{D59FDB2E-F69A-403B-9530-CF9CF01DA9E3}
[2011.10.24 00:11:16 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{2F82264B-34A7-4A74-BC43-3E15FBA9576A}
[2011.10.24 00:11:03 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{4EFBAFDB-0CE0-4DED-AB89-7760656D475C}
[2011.10.23 12:10:44 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{668414E5-D578-4071-BE8D-0AF3FFBF2455}
[2011.10.23 12:10:32 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{1F84FC02-8FAC-47DC-9FD9-95F2230A7918}
[2011.10.22 10:23:01 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{406BD85E-5C55-48CF-B0AB-885C2D7429C7}
[2011.10.22 10:21:35 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{17455312-311D-4F38-8F5A-29E20C29C0C1}
[2011.10.21 17:28:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011.10.21 17:26:06 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011.10.21 17:26:02 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011.10.21 17:19:21 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011.10.21 12:04:02 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{87BF6C94-0604-434B-BD7E-C3F26B65AB79}
[2011.10.21 12:03:51 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{83DCD0F4-583C-4F99-BB30-C80F68C435A9}
[2011.10.21 00:03:36 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{CD8F3B65-9588-40BE-84CB-AA4F44ED7CE8}
[2011.10.21 00:03:25 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{2C6E21A9-ED54-4058-A038-EEDF48AADEF0}
[2011.10.20 12:03:13 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{ACBE0963-95C4-4ECC-AC18-59900250C66C}
[2011.10.20 12:03:02 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{1DBCD825-EDDE-4B7C-A440-CD98CC00192F}
[2011.10.20 00:02:48 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{723ACABA-4780-46AB-8820-7714CD8E88B3}
[2011.10.20 00:02:37 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{E1330B23-038E-4A30-93D2-30D47B67C68E}
[2011.10.19 11:04:08 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{AD8A83A3-FBAF-492A-8047-76CA9DFB8884}
[2011.10.19 11:03:56 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{2ADEBA1F-AB4C-46AF-AA55-D63B27073DF4}
[2011.10.18 23:03:41 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{CAE9AF4A-E001-41E0-B45C-F2D83E0AB164}
[2011.10.18 23:03:29 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{705B5066-C1DF-4711-8B04-F36554211B60}
[2011.10.18 19:47:07 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Graphmatica
[2011.10.18 19:47:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Graphmatica
[2011.10.18 19:47:01 | 000,000,000 | ---D | C] -- C:\Program Files\Graphmatica
[2011.10.18 11:03:10 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{17AA7C2E-F5EA-4A6D-968B-9131416D315C}
[2011.10.18 11:02:54 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{5E571E49-404D-44EC-A7EE-5C2728739708}
[2011.10.17 23:02:23 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{BAA0A2C1-79A0-486B-A531-B3C94B5AD9A1}
[2011.10.17 23:02:12 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{BFDD8CE4-2AFD-4477-BBD7-BDFC3ED18597}
[2011.10.17 10:07:56 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{4E5EC80F-B5FA-44C3-9EB8-95A022173939}
[2011.10.17 10:07:44 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{30936177-7460-4E02-83BF-9EECCC397F34}
[2011.10.16 22:07:26 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{0A4E58AC-CA64-4622-ABD0-9DAE476FF6BA}
[2011.10.16 22:07:08 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{02AA634E-7FB5-430F-ACC9-892E4D0D95FB}
[2011.10.16 10:05:59 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{D8D952D2-A09C-4659-8DEB-16C747893CAE}
[2011.10.16 10:05:41 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{6D528E32-4627-4DF4-87C4-32E5062A8E1E}
[2011.10.15 21:13:19 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{0F0D8C4C-DC8C-444D-82A1-F2F51F363826}
[2011.10.15 21:13:07 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{C0869174-DB09-4DD1-931A-529D4268CCEA}
[2011.10.15 09:12:43 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{5598C90A-49C5-4CB8-B364-85EC61BE2753}
[2011.10.15 09:12:02 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{B807C331-761C-41D0-8EB3-FF8C8CAE29D1}
[2011.10.14 11:46:36 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{23CD549B-24BD-4028-ABB7-591EA8CF537E}
[2011.10.14 11:46:21 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{E0A88589-5E96-40CD-8520-FE03954D684B}
[2011.10.13 10:36:59 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{8492A732-B79D-4158-8F6D-173041B4BC85}
[2011.10.13 10:36:46 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{D7F29A3B-23AE-4F4B-9DCA-07726323D48F}
[2011.10.13 02:15:10 | 000,000,000 | ---D | C] -- C:\f6d82a019516acde63b06e0cee9565
[2011.10.12 22:36:16 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{4B6A3637-CA20-4BBF-A91C-111DEAA279ED}
[2011.10.12 22:36:04 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{87A4809B-BD73-46CF-A55E-71F8BF140378}
[2011.10.12 10:35:46 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{5E6A044D-DBD2-4E89-A46F-D54172C93BB1}
[2011.10.12 10:35:33 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{2F3672E5-5634-4F31-AFEB-C0291C00C221}
[2011.10.11 22:35:01 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{90A428E9-92FA-480E-ABB9-6933F9169286}
[2011.10.11 22:34:44 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{AD9DE143-9FF8-43D2-9DC0-D6F273B353E0}
[2011.10.11 10:07:00 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{0152E413-02CD-4551-8680-37537BE64F55}
[2011.10.10 20:35:25 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{22643CD0-F7F1-46EC-9B31-288B2E7D66A4}
[2011.10.10 20:35:09 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{5B9D70F5-6561-49E7-84A8-B41536EC1FCD}
[2011.10.10 08:34:29 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{5ED54632-26DA-40AB-A54C-5FB1A3A5CE21}
[2011.10.10 08:33:51 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{2C4D5444-916E-47BA-AB4A-ED730865A031}
[2009.09.02 08:30:45 | 000,180,224 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll
[2009.09.02 08:30:43 | 000,176,128 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Raffaele\Desktop\*.tmp files -> C:\Users\Raffaele\Desktop\*.tmp -> ]
[1 C:\Users\Raffaele\*.tmp files -> C:\Users\Raffaele\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.11.07 12:24:32 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.11.07 10:23:58 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Raffaele\Desktop\OTL.exe
[2011.11.07 00:33:58 | 000,909,150 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.11.07 00:33:58 | 000,636,916 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.11.07 00:33:58 | 000,222,608 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.11.07 00:33:58 | 000,004,062 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.11.07 00:28:46 | 000,000,054 | ---- | M] () -- C:\Windows\System32\rp_stats.dat
[2011.11.07 00:28:46 | 000,000,039 | ---- | M] () -- C:\Windows\System32\rp_rules.dat
[2011.11.07 00:26:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.11.06 21:26:28 | 001,563,952 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Raffaele\Desktop\tdsskiller.exe
[2011.11.06 21:02:31 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.11.06 21:01:59 | 009,852,544 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Raffaele\Desktop\Hans.exe.exe
[2011.11.06 20:47:55 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.11.06 20:47:55 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.11.06 20:47:51 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011.11.06 20:30:20 | 000,246,304 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011.11.06 20:28:43 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.11.06 18:43:30 | 088,678,227 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2011.11.06 18:10:05 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.11.06 17:18:05 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Daily 4).job
[2011.11.06 13:49:01 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Daily 3).job
[2011.11.06 04:55:21 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Daily 1).job
[2011.11.06 04:31:05 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Daily 2).job
[2011.11.06 02:49:28 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2011.10.29 01:51:55 | 343,668,827 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011.10.21 21:34:44 | 000,188,416 | ---- | M] () -- C:\Users\Raffaele\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.10.17 16:52:17 | 000,317,931 | ---- | M] () -- C:\Users\Raffaele\Desktop\296849_300976639916184_100000115510359_1357400_765453084_n.jpg
[2011.10.13 02:45:38 | 000,438,464 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Raffaele\Desktop\*.tmp files -> C:\Users\Raffaele\Desktop\*.tmp -> ]
[1 C:\Users\Raffaele\*.tmp files -> C:\Users\Raffaele\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.11.06 21:02:31 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.10.17 16:48:00 | 000,317,931 | ---- | C] () -- C:\Users\Raffaele\Desktop\296849_300976639916184_100000115510359_1357400_765453084_n.jpg
[2011.07.17 15:57:23 | 000,000,680 | ---- | C] () -- C:\Users\Raffaele\AppData\Local\d3d9caps.dat
[2011.06.17 03:20:29 | 000,188,416 | ---- | C] () -- C:\Users\Raffaele\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.06.11 02:45:31 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2011.04.10 08:50:14 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2011.04.08 06:00:03 | 000,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.dll
[2011.04.08 06:00:03 | 000,000,205 | ---- | C] () -- C:\Windows\System32\lsprst7.dll
[2010.06.25 11:03:12 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2010.04.20 05:14:22 | 000,000,162 | ---- | C] () -- C:\Windows\ODBC.INI
[2010.04.06 14:16:28 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.04.04 15:37:04 | 000,202,048 | ---- | C] () -- C:\Windows\System32\AVLibrary.dll
[2010.03.23 05:26:48 | 000,201,512 | ---- | C] () -- C:\Windows\System32\vpnapi.dll
[2010.01.20 01:55:22 | 000,000,054 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2010.01.20 01:55:22 | 000,000,039 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2009.10.25 04:52:18 | 000,000,474 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2009.10.25 04:52:18 | 000,000,034 | ---- | C] () -- C:\Windows\System32\bd9045cd.dat
[2009.10.25 04:52:18 | 000,000,026 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2009.09.02 17:57:49 | 000,909,150 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.09.02 17:57:49 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.09.02 17:57:49 | 000,222,608 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.09.02 17:57:49 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.09.02 12:52:39 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.09.02 12:52:38 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.09.02 12:51:09 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009.09.02 11:05:02 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009.09.02 09:43:47 | 000,246,304 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009.09.02 09:43:45 | 000,246,304 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009.09.02 09:11:26 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI
[2009.09.02 08:30:43 | 001,804,160 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2009.09.02 08:30:43 | 000,028,160 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys
[2009.09.02 08:30:43 | 000,020,480 | ---- | C] () -- C:\Windows\snuvcdsm.exe
[2009.09.02 08:30:43 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[2009.09.02 08:22:42 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2009.09.02 08:03:53 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2009.08.03 07:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009.08.03 07:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2006.11.02 06:56:48 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 06:47:43 | 000,438,464 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 04:33:01 | 000,636,916 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 04:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 04:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 04:33:01 | 000,004,062 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 04:25:26 | 000,557,568 | ---- | C] () -- C:\Windows\System32\hpotscl1.dll
[2006.11.02 04:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 02:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 02:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 01:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 01:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.03.18 07:16:04 | 000,540,178 | ---- | C] () -- C:\Windows\System32\x264vfw.dll
[2005.01.17 09:10:16 | 000,045,056 | ---- | C] () -- C:\Windows\System32\BRTCPCON.DLL
[2004.08.09 09:00:42 | 000,000,114 | ---- | C] () -- C:\Windows\System32\BRLMW03A.INI
[1999.10.26 18:00:00 | 000,000,050 | ---- | C] () -- C:\Windows\System32\BAOCH06A.DAT
 
========== LOP Check ==========
 
[2009.10.30 07:48:51 | 000,000,000 | ---D | M] -- C:\Users\Raffaele\AppData\Roaming\Academic Software Zurich
[2011.10.08 15:06:02 | 000,000,000 | ---D | M] -- C:\Users\Raffaele\AppData\Roaming\benibela
[2011.06.16 11:22:49 | 000,000,000 | ---D | M] -- C:\Users\Raffaele\AppData\Roaming\Bump Technologies, Inc
[2011.03.22 11:06:31 | 000,000,000 | ---D | M] -- C:\Users\Raffaele\AppData\Roaming\com.prezi.PreziDesktop
[2011.11.05 13:36:14 | 000,000,000 | ---D | M] -- C:\Users\Raffaele\AppData\Roaming\Dropbox
[2011.08.10 00:53:30 | 000,000,000 | ---D | M] -- C:\Users\Raffaele\AppData\Roaming\DVDVideoSoft
[2011.04.21 00:00:18 | 000,000,000 | ---D | M] -- C:\Users\Raffaele\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.04.08 05:11:32 | 000,000,000 | ---D | M] -- C:\Users\Raffaele\AppData\Roaming\FFSJ
[2010.04.07 09:58:21 | 000,000,000 | ---D | M] -- C:\Users\Raffaele\AppData\Roaming\Foxit
[2011.03.28 06:43:14 | 000,000,000 | ---D | M] -- C:\Users\Raffaele\AppData\Roaming\Foxit Software
[2009.09.02 08:16:29 | 000,000,000 | ---D | M] -- C:\Users\Raffaele\AppData\Roaming\Hewlett Packard
[2010.05.06 23:50:31 | 000,000,000 | ---D | M] -- C:\Users\Raffaele\AppData\Roaming\Hide IP NG
[2011.04.25 08:14:53 | 000,000,000 | ---D | M] -- C:\Users\Raffaele\AppData\Roaming\ImTOO
[2010.07.23 06:09:48 | 000,000,000 | ---D | M] -- C:\Users\Raffaele\AppData\Roaming\Information Factory
[2010.05.06 16:54:07 | 000,000,000 | ---D | M] -- C:\Users\Raffaele\AppData\Roaming\Mpm
[2010.04.14 08:00:14 | 000,000,000 | ---D | M] -- C:\Users\Raffaele\AppData\Roaming\NCH Swift Sound
[2009.10.06 15:37:40 | 000,000,000 | ---D | M] -- C:\Users\Raffaele\AppData\Roaming\OpenOffice.org
[2010.04.14 08:00:20 | 000,000,000 | ---D | M] -- C:\Users\Raffaele\AppData\Roaming\Recordpad
[2010.04.06 10:10:48 | 000,000,000 | ---D | M] -- C:\Users\Raffaele\AppData\Roaming\Softland
[2011.06.21 01:40:44 | 000,000,000 | ---D | M] -- C:\Users\Raffaele\AppData\Roaming\Stardock
[2011.02.02 13:16:31 | 000,000,000 | ---D | M] -- C:\Users\Raffaele\AppData\Roaming\Windows Live Writer
[2011.11.06 04:55:21 | 000,000,370 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Daily 1).job
[2011.11.06 04:31:05 | 000,000,370 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Daily 2).job
[2011.11.06 13:49:01 | 000,000,370 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Daily 3).job
[2011.11.06 17:18:05 | 000,000,370 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Daily 4).job
[2011.11.06 02:49:28 | 000,000,370 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2011.11.06 20:47:51 | 000,032,558 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2009.10.30 07:48:51 | 000,000,000 | ---D | M] -- C:\Users\Raffaele\AppData\Roaming\Academic Software Zurich
[2011.06.22 02:31:22 | 000,000,000 | ---D | M] -- C:\Users\Raffaele\AppData\Roaming\Adobe
[2009.09.13 14:57:21 | 000,000,000 | ---D | M] -- C:\Users\Raffaele\AppData\Roaming\Apple Computer
[2011.10.08 15:06:02 | 000,000,000 | ---D | M] -- C:\Users\Raffaele\AppData\Roaming\benibela
[2009.10.26 10:59:41 | 000,000,000 | R--D | M] -- C:\Users\Raffaele\AppData\Roaming\Brother
[2011.06.16 11:22:49 | 000,000,000 | ---D | M] -- C:\Users\Raffaele\AppData\Roaming\Bump Technologies, Inc
[2011.03.22 11:06:31 | 000,000,000 | ---D | M] -- C:\Users\Raffaele\AppData\Roaming\com.prezi.PreziDesktop
[2010.08.12 08:23:12 | 000,000,000 | ---D | M] -- C:\Users\Raffaele\AppData\Roaming\DivX
[2011.11.05 13:36:14 | 000,000,000 | ---D | M] -- C:\Users\Raffaele\AppData\Roaming\Dropbox
[2011.08.15 06:40:23 | 000,000,000 | ---D | M] -- C:\Users\Raffaele\AppData\Roaming\dvdcss
[2011.08.10 00:53:30 | 000,000,000 | ---D | M] -- C:\Users\Raffaele\AppData\Roaming\DVDVideoSoft
[2011.04.21 00:00:18 | 000,000,000 | ---D | M] -- C:\Users\Raffaele\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.04.08 05:11:32 | 000,000,000 | ---D | M] -- C:\Users\Raffaele\AppData\Roaming\FFSJ
[2010.04.07 09:58:21 | 000,000,000 | ---D | M] -- C:\Users\Raffaele\AppData\Roaming\Foxit
[2011.03.28 06:43:14 | 000,000,000 | ---D | M] -- C:\Users\Raffaele\AppData\Roaming\Foxit Software
[2009.09.02 08:16:29 | 000,000,000 | ---D | M] -- C:\Users\Raffaele\AppData\Roaming\Hewlett Packard
[2010.05.06 23:50:31 | 000,000,000 | ---D | M] -- C:\Users\Raffaele\AppData\Roaming\Hide IP NG
[2011.04.01 09:24:05 | 000,000,000 | ---D | M] -- C:\Users\Raffaele\AppData\Roaming\HpUpdate
[2009.09.02 08:11:42 | 000,000,000 | ---D | M] -- C:\Users\Raffaele\AppData\Roaming\Identities
[2011.04.25 08:14:53 | 000,000,000 | ---D | M] -- C:\Users\Raffaele\AppData\Roaming\ImTOO
[2010.07.23 06:09:48 | 000,000,000 | ---D | M] -- C:\Users\Raffaele\AppData\Roaming\Information Factory
[2009.09.02 08:24:16 | 000,000,000 | ---D | M] -- C:\Users\Raffaele\AppData\Roaming\InstallShield
[2009.09.02 13:17:01 | 000,000,000 | ---D | M] -- C:\Users\Raffaele\AppData\Roaming\Macromedia
[2011.11.06 21:02:37 | 000,000,000 | ---D | M] -- C:\Users\Raffaele\AppData\Roaming\Malwarebytes
[2011.06.22 02:31:22 | 000,000,000 | --SD | M] -- C:\Users\Raffaele\AppData\Roaming\Microsoft
[2011.10.05 13:03:29 | 000,000,000 | ---D | M] -- C:\Users\Raffaele\AppData\Roaming\MiKTeX
[2009.09.02 11:37:25 | 000,000,000 | ---D | M] -- C:\Users\Raffaele\AppData\Roaming\Mozilla
[2010.05.06 16:54:07 | 000,000,000 | ---D | M] -- C:\Users\Raffaele\AppData\Roaming\Mpm
[2011.09.04 15:16:14 | 000,000,000 | ---D | M] -- C:\Users\Raffaele\AppData\Roaming\NCH Software
[2010.04.14 08:00:14 | 000,000,000 | ---D | M] -- C:\Users\Raffaele\AppData\Roaming\NCH Swift Sound
[2009.10.06 15:37:40 | 000,000,000 | ---D | M] -- C:\Users\Raffaele\AppData\Roaming\OpenOffice.org
[2011.04.09 13:12:48 | 000,000,000 | ---D | M] -- C:\Users\Raffaele\AppData\Roaming\Real
[2010.04.14 08:00:20 | 000,000,000 | ---D | M] -- C:\Users\Raffaele\AppData\Roaming\Recordpad
[2009.11.11 12:53:54 | 000,000,000 | ---D | M] -- C:\Users\Raffaele\AppData\Roaming\Roxio
[2011.11.06 20:23:42 | 000,000,000 | ---D | M] -- C:\Users\Raffaele\AppData\Roaming\Skype
[2010.04.07 16:02:23 | 000,000,000 | ---D | M] -- C:\Users\Raffaele\AppData\Roaming\skypePM
[2010.04.06 10:10:48 | 000,000,000 | ---D | M] -- C:\Users\Raffaele\AppData\Roaming\Softland
[2011.08.18 02:11:56 | 000,000,000 | ---D | M] -- C:\Users\Raffaele\AppData\Roaming\Sony Corporation
[2011.06.21 01:40:44 | 000,000,000 | ---D | M] -- C:\Users\Raffaele\AppData\Roaming\Stardock
[2010.06.15 12:32:42 | 000,000,000 | ---D | M] -- C:\Users\Raffaele\AppData\Roaming\UltraVNC
[2011.11.06 15:47:38 | 000,000,000 | ---D | M] -- C:\Users\Raffaele\AppData\Roaming\vlc
[2011.02.02 13:16:31 | 000,000,000 | ---D | M] -- C:\Users\Raffaele\AppData\Roaming\Windows Live Writer
[2009.09.03 11:39:58 | 000,000,000 | ---D | M] -- C:\Users\Raffaele\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2011.05.25 14:07:14 | 024,176,560 | ---- | M] (Dropbox, Inc.) -- C:\Users\Raffaele\AppData\Roaming\Dropbox\bin\Dropbox.exe
[2011.05.25 14:07:42 | 000,174,784 | ---- | M] (Dropbox, Inc.) -- C:\Users\Raffaele\AppData\Roaming\Dropbox\bin\Uninstall.exe
[2011.03.22 11:05:17 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Raffaele\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2009.09.02 09:28:34 | 000,049,152 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Raffaele\AppData\Roaming\Microsoft\Installer\{082702D5-5DD8-4600-BCE5-48B15174687F}\ARPPRODUCTICON.exe
[2010.10.21 12:12:40 | 003,920,702 | ---- | M] () -- C:\Users\Raffaele\AppData\Roaming\Mozilla\Firefox\Profiles\7nkp4doo.default\extensions\firesheep@codebutler.com\platform\WINNT_x86-msvc\firesheep-backend.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2008.01.20 20:23:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008.01.20 20:23:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.20 20:23:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.20 20:23:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.20 20:23:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 03:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2008.03.12 00:38:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_4c9c5a00\atapi.sys
[2008.03.12 00:38:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_dd1bb97e219e87cb\atapi.sys
[2009.04.11 00:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 00:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 00:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.20 20:23:26 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.20 20:23:26 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 03:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008.03.12 00:24:20 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=96DC4E1A9F90CCD489950A8935425C59 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_dda556493abc2795\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 03:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 03:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2008.01.20 20:23:47 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008.01.20 20:23:47 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.20 20:23:47 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 03:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.04.11 00:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 00:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.20 20:24:31 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 03:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.20 20:23:45 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008.01.20 20:23:45 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.20 20:23:45 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.20 20:25:18 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009.04.11 00:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 00:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.04.11 00:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\System32\user32.dll
[2009.04.11 00:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
[2008.01.20 20:24:47 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.20 20:25:16 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.20 20:25:16 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.20 20:24:09 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.20 20:24:09 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 00:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 00:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.20 20:25:17 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.20 20:25:11 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.20 20:25:11 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2008.01.20 21:20:25 | 017,223,680 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.20 21:20:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.20 21:20:25 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 04:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 04:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
<           >

< End of report >
         
--- --- ---

Alt 08.11.2011, 19:55   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Privacy Protection mit rkill und tdsskiller behandelt. Alles sauber? - Standard

Privacy Protection mit rkill und tdsskiller behandelt. Alles sauber?



Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)


Code:
ATTFilter
:OTL
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Sign In
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = Hotmail, Messenger, Lifestyle, Unterhaltung, Reisen, News, Sport und vieles mehr auf msn.ch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-ch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C0 33 64 73 F2 B0 CB 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = plimus.com;www.plimus.com;regnow.com;www.regnow.com;*.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = socks=127.0.0.1:7070
[2011.04.16 06:11:09 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Raffaele\AppData\Roaming\mozilla\Firefox\Profiles\7nkp4doo.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [snuvcdsm] C:\Windows\snuvcdsm.exe ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 15:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005.09.14 08:14:39 | 000,000,235 | R--- | M] () - D:\Autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2007.09.27 06:35:00 | 001,049,616 | R--- | M] (Microsoft Corporation) - D:\autorun.exe -- [ CDFS ]
O33 - MountPoints2\{0e79b82f-ebd0-11de-8ca7-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{0e79b82f-ebd0-11de-8ca7-806e6f6e6963}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{d61e6c61-97c8-11de-b7d8-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{d61e6c61-97c8-11de-b7d8-806e6f6e6963}\Shell\AutoRun\command - "" = D:\autorun.exe -- [2007.09.27 06:35:00 | 001,049,616 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{d61e6c61-97c8-11de-b7d8-806e6f6e6963}\Shell\directx\command - "" = D:\directx9\DXSETUP.exe -- [2005.05.26 16:34:41 | 000,482,000 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{d61e6c61-97c8-11de-b7d8-806e6f6e6963}\Shell\setup\command - "" = D:\setup.exe -- [2007.10.02 06:24:20 | 000,304,136 | R--- | M] ()
:Commands
[emptytemp]
[resethosts]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 09.11.2011, 01:03   #9
hi-5
 
Privacy Protection mit rkill und tdsskiller behandelt. Alles sauber? - Standard

Privacy Protection mit rkill und tdsskiller behandelt. Alles sauber?



So, hoffe ich hab das richtig gemacht. Nach dem Reboot direkt wieder in den abgesicherten Modus und OLT geöffnet. Dann ist folgendes txt.-file erschienen:

All processes killed
========== OTL ==========
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache AcceptLangs| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\StartPageCache| /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
C:\Users\Raffaele\AppData\Roaming\mozilla\Firefox\Profiles\7nkp4doo.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}\chrome folder moved successfully.
C:\Users\Raffaele\AppData\Roaming\mozilla\Firefox\Profiles\7nkp4doo.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} folder moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\snuvcdsm deleted successfully.
C:\Windows\snuvcdsm.exe moved successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
File move failed. D:\Autorun.inf scheduled to be moved on reboot.
File move failed. D:\autorun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0e79b82f-ebd0-11de-8ca7-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0e79b82f-ebd0-11de-8ca7-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0e79b82f-ebd0-11de-8ca7-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0e79b82f-ebd0-11de-8ca7-806e6f6e6963}\ not found.
File E:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d61e6c61-97c8-11de-b7d8-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d61e6c61-97c8-11de-b7d8-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d61e6c61-97c8-11de-b7d8-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d61e6c61-97c8-11de-b7d8-806e6f6e6963}\ not found.
File move failed. D:\autorun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d61e6c61-97c8-11de-b7d8-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d61e6c61-97c8-11de-b7d8-806e6f6e6963}\ not found.
File move failed. D:\directx9\DXSETUP.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d61e6c61-97c8-11de-b7d8-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d61e6c61-97c8-11de-b7d8-806e6f6e6963}\ not found.
File move failed. D:\setup.exe scheduled to be moved on reboot.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56466 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: Raffaele
->Temp folder emptied: 3122486272 bytes
->Temporary Internet Files folder emptied: 277430572 bytes
->Java cache emptied: 11714467 bytes
->FireFox cache emptied: 113139296 bytes
->Flash cache emptied: 301288 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 202657992 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33239 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 25494342 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 3'579.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.31.0 log created on 11082011_174709

Files\Folders moved on Reboot...
File move failed. D:\Autorun.inf scheduled to be moved on reboot.
File move failed. D:\autorun.exe scheduled to be moved on reboot.
File move failed. D:\directx9\DXSETUP.exe scheduled to be moved on reboot.
File move failed. D:\setup.exe scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Alt 09.11.2011, 10:03   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Privacy Protection mit rkill und tdsskiller behandelt. Alles sauber? - Standard

Privacy Protection mit rkill und tdsskiller behandelt. Alles sauber?



Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!




Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 09.11.2011, 17:04   #11
hi-5
 
Privacy Protection mit rkill und tdsskiller behandelt. Alles sauber? - Standard

Privacy Protection mit rkill und tdsskiller behandelt. Alles sauber?



Okey, tdsskill hat ein Threat gefunden. Habe es geskipt, wie beschrieben. Hier das Log-File DANKE...

09:59:29.0559 1168 TDSS rootkit removing tool 2.6.16.0 Nov 7 2011 16:26:51
09:59:29.0658 1168 ============================================================
09:59:29.0658 1168 Current date / time: 2011/11/09 09:59:29.0658
09:59:29.0658 1168 SystemInfo:
09:59:29.0658 1168
09:59:29.0658 1168 OS Version: 6.0.6002 ServicePack: 2.0
09:59:29.0658 1168 Product type: Workstation
09:59:29.0658 1168 ComputerName: RTSPC
09:59:29.0658 1168 UserName: Raffaele
09:59:29.0658 1168 Windows directory: C:\Windows
09:59:29.0658 1168 System windows directory: C:\Windows
09:59:29.0658 1168 Processor architecture: Intel x86
09:59:29.0658 1168 Number of processors: 2
09:59:29.0658 1168 Page size: 0x1000
09:59:29.0658 1168 Boot type: Safe boot with network
09:59:29.0658 1168 ============================================================
09:59:30.0853 1168 Initialize success
10:00:35.0408 1260 ============================================================
10:00:35.0408 1260 Scan started
10:00:35.0408 1260 Mode: Manual; SigCheck; TDLFS;
10:00:35.0408 1260 ============================================================
10:00:36.0097 1260 Accelerometer (a9b917777841b76f299e2ea946e03adf) C:\Windows\system32\DRIVERS\Accelerometer.sys
10:00:36.0199 1260 Accelerometer - ok
10:00:36.0232 1260 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
10:00:36.0248 1260 ACPI - ok
10:00:36.0291 1260 ADIHdAudAddService (3d691c6bf2b258e738057b42f9f57cce) C:\Windows\system32\drivers\ADIHdAud.sys
10:00:36.0393 1260 ADIHdAudAddService - ok
10:00:36.0473 1260 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
10:00:36.0493 1260 adp94xx - ok
10:00:36.0537 1260 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
10:00:36.0552 1260 adpahci - ok
10:00:36.0575 1260 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
10:00:36.0585 1260 adpu160m - ok
10:00:36.0606 1260 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
10:00:36.0626 1260 adpu320 - ok
10:00:36.0715 1260 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
10:00:36.0754 1260 AFD - ok
10:00:36.0821 1260 AgereSoftModem (38325c6aa8eae011897d61ce48ec6435) C:\Windows\system32\DRIVERS\AGRSM.sys
10:00:36.0963 1260 AgereSoftModem - ok
10:00:37.0009 1260 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
10:00:37.0018 1260 agp440 - ok
10:00:37.0084 1260 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
10:00:37.0094 1260 aic78xx - ok
10:00:37.0144 1260 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
10:00:37.0152 1260 aliide - ok
10:00:37.0176 1260 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
10:00:37.0185 1260 amdagp - ok
10:00:37.0207 1260 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
10:00:37.0215 1260 amdide - ok
10:00:37.0252 1260 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
10:00:37.0384 1260 AmdK7 - ok
10:00:37.0405 1260 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
10:00:37.0448 1260 AmdK8 - ok
10:00:37.0506 1260 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
10:00:37.0516 1260 arc - ok
10:00:37.0549 1260 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
10:00:37.0572 1260 arcsas - ok
10:00:37.0626 1260 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
10:00:37.0659 1260 AsyncMac - ok
10:00:37.0696 1260 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
10:00:37.0703 1260 atapi - ok
10:00:37.0757 1260 ATSwpWDF (1ec637725aebe586508626ba50af3324) C:\Windows\system32\Drivers\ATSwpWDF.sys
10:00:37.0826 1260 ATSwpWDF - ok
10:00:37.0920 1260 AvgLdx86 (b8c187439d27aba430dd69fdcf1fa657) C:\Windows\System32\Drivers\avgldx86.sys
10:00:37.0932 1260 AvgLdx86 - ok
10:00:37.0954 1260 AvgMfx86 (80ff2b1b7eeda966394f0baa895bbf4b) C:\Windows\System32\Drivers\avgmfx86.sys
10:00:37.0960 1260 AvgMfx86 - ok
10:00:37.0991 1260 AvgTdiX (9a7a93388f503a34e7339ae7f9997449) C:\Windows\System32\Drivers\avgtdix.sys
10:00:38.0002 1260 AvgTdiX - ok
10:00:38.0059 1260 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
10:00:38.0093 1260 Beep - ok
10:00:38.0146 1260 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
10:00:38.0188 1260 blbdrive - ok
10:00:38.0263 1260 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
10:00:38.0284 1260 bowser - ok
10:00:38.0329 1260 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
10:00:38.0451 1260 BrFiltLo - ok
10:00:38.0479 1260 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
10:00:38.0529 1260 BrFiltUp - ok
10:00:38.0573 1260 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
10:00:38.0714 1260 Brserid - ok
10:00:38.0747 1260 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
10:00:38.0802 1260 BrSerWdm - ok
10:00:38.0827 1260 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
10:00:38.0882 1260 BrUsbMdm - ok
10:00:38.0913 1260 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
10:00:38.0957 1260 BrUsbSer - ok
10:00:38.0999 1260 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
10:00:39.0018 1260 BthEnum - ok
10:00:39.0060 1260 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
10:00:39.0109 1260 BTHMODEM - ok
10:00:39.0147 1260 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
10:00:39.0189 1260 BthPan - ok
10:00:39.0228 1260 BTHPORT (611ff3f2f095c8d4a6d4cfd9dcc09793) C:\Windows\system32\Drivers\BTHport.sys
10:00:39.0293 1260 BTHPORT - ok
10:00:39.0333 1260 BTHUSB (d330803eab2a15caec7f011f1d4cb30e) C:\Windows\system32\Drivers\BTHUSB.sys
10:00:39.0352 1260 BTHUSB - ok
10:00:39.0404 1260 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
10:00:39.0433 1260 cdfs - ok
10:00:39.0495 1260 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
10:00:39.0532 1260 cdrom - ok
10:00:39.0569 1260 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
10:00:39.0609 1260 circlass - ok
10:00:39.0666 1260 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
10:00:39.0681 1260 CLFS - ok
10:00:39.0759 1260 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
10:00:39.0779 1260 CmBatt - ok
10:00:39.0809 1260 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
10:00:39.0818 1260 cmdide - ok
10:00:39.0828 1260 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
10:00:39.0836 1260 Compbatt - ok
10:00:39.0889 1260 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
10:00:39.0898 1260 crcdisk - ok
10:00:39.0964 1260 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
10:00:40.0004 1260 Crusoe - ok
10:00:40.0042 1260 CSC (9bdb2e89be8d0ef37b1f25c3d3fc192c) C:\Windows\system32\drivers\csc.sys
10:00:40.0089 1260 CSC - ok
10:00:40.0130 1260 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\Windows\system32\DRIVERS\CVirtA.sys
10:00:40.0171 1260 CVirtA - ok
10:00:40.0227 1260 CVPNDRVA (18994842386fd3039279d7865740abbd) C:\Windows\system32\Drivers\CVPNDRVA.sys
10:00:40.0247 1260 CVPNDRVA ( UnsignedFile.Multi.Generic ) - warning
10:00:40.0247 1260 CVPNDRVA - detected UnsignedFile.Multi.Generic (1)
10:00:40.0289 1260 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
10:00:40.0323 1260 DfsC - ok
10:00:40.0389 1260 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
10:00:40.0398 1260 disk - ok
10:00:40.0436 1260 DNE (b5aa5aa5ac327bd7c1aec0c58f0c1144) C:\Windows\system32\DRIVERS\dne2000.sys
10:00:40.0444 1260 DNE - ok
10:00:40.0492 1260 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
10:00:40.0515 1260 drmkaud - ok
10:00:40.0549 1260 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
10:00:40.0597 1260 DXGKrnl - ok
10:00:40.0678 1260 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
10:00:40.0720 1260 E1G60 - ok
10:00:40.0756 1260 e1yexpress (76a02bc4e8008a8cbaf5cc7efb9df839) C:\Windows\system32\DRIVERS\e1y6032.sys
10:00:40.0767 1260 e1yexpress - ok
10:00:40.0835 1260 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
10:00:40.0872 1260 Ecache - ok
10:00:41.0021 1260 eeCtrl (8f7dbc4be48f5388a6fe1f285e7948ef) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
10:00:41.0032 1260 eeCtrl - ok
10:00:41.0083 1260 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
10:00:41.0100 1260 elxstor - ok
10:00:41.0157 1260 EraserUtilRebootDrv (3ee14d400e0fdd0d214275a4a20b7022) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
10:00:41.0165 1260 EraserUtilRebootDrv - ok
10:00:41.0206 1260 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
10:00:41.0242 1260 ErrDev - ok
10:00:41.0282 1260 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
10:00:41.0337 1260 exfat - ok
10:00:41.0376 1260 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
10:00:41.0403 1260 fastfat - ok
10:00:41.0450 1260 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
10:00:41.0486 1260 fdc - ok
10:00:41.0529 1260 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
10:00:41.0537 1260 FileInfo - ok
10:00:41.0564 1260 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
10:00:41.0584 1260 Filetrace - ok
10:00:41.0633 1260 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
10:00:41.0690 1260 flpydisk - ok
10:00:41.0735 1260 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
10:00:41.0747 1260 FltMgr - ok
10:00:41.0784 1260 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
10:00:41.0800 1260 Fs_Rec - ok
10:00:41.0820 1260 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
10:00:41.0828 1260 gagp30kx - ok
10:00:41.0871 1260 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
10:00:41.0877 1260 GEARAspiWDM - ok
10:00:41.0937 1260 HBtnKey (de15777902a5d9121857d155873a1d1b) C:\Windows\system32\DRIVERS\cpqbttn.sys
10:00:41.0973 1260 HBtnKey - ok
10:00:42.0029 1260 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
10:00:42.0083 1260 HdAudAddService - ok
10:00:42.0127 1260 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
10:00:42.0162 1260 HDAudBus - ok
10:00:42.0239 1260 HECI (2df64415a28ce036ac6acec7645a996f) C:\Windows\system32\DRIVERS\HECI.sys
10:00:42.0277 1260 HECI - ok
10:00:42.0308 1260 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
10:00:42.0361 1260 HidBth - ok
10:00:42.0398 1260 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
10:00:42.0447 1260 HidIr - ok
10:00:42.0508 1260 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
10:00:42.0548 1260 HidUsb - ok
10:00:42.0591 1260 hotcore3 (8be9369d385dc0fdf86a59f70d90ae79) C:\Windows\system32\DRIVERS\hotcore3.sys
10:00:42.0599 1260 hotcore3 - ok
10:00:42.0639 1260 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
10:00:42.0647 1260 HpCISSs - ok
10:00:42.0684 1260 hpdskflt (3520a74fca88a5aefbbe7b937bea75f7) C:\Windows\system32\DRIVERS\hpdskflt.sys
10:00:42.0690 1260 hpdskflt - ok
10:00:42.0764 1260 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
10:00:42.0799 1260 HTTP - ok
10:00:42.0864 1260 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
10:00:42.0872 1260 i2omp - ok
10:00:42.0918 1260 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
10:00:42.0951 1260 i8042prt - ok
10:00:42.0983 1260 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
10:00:42.0997 1260 iaStorV - ok
10:00:43.0034 1260 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
10:00:43.0042 1260 iirsp - ok
10:00:43.0101 1260 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
10:00:43.0109 1260 intelide - ok
10:00:43.0139 1260 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
10:00:43.0164 1260 intelppm - ok
10:00:43.0199 1260 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:00:43.0227 1260 IpFilterDriver - ok
10:00:43.0238 1260 IpInIp - ok
10:00:43.0269 1260 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
10:00:43.0303 1260 IPMIDRV - ok
10:00:43.0326 1260 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
10:00:43.0359 1260 IPNAT - ok
10:00:43.0399 1260 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
10:00:43.0432 1260 IRENUM - ok
10:00:43.0462 1260 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
10:00:43.0471 1260 isapnp - ok
10:00:43.0504 1260 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
10:00:43.0516 1260 iScsiPrt - ok
10:00:43.0542 1260 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
10:00:43.0550 1260 iteatapi - ok
10:00:43.0564 1260 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
10:00:43.0571 1260 iteraid - ok
10:00:43.0596 1260 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
10:00:43.0605 1260 kbdclass - ok
10:00:43.0633 1260 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
10:00:43.0648 1260 kbdhid - ok
10:00:43.0681 1260 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
10:00:43.0702 1260 KSecDD - ok
10:00:43.0778 1260 Lbd (713cd5267abfb86fe90a72e384e82a38) C:\Windows\system32\DRIVERS\Lbd.sys
10:00:43.0786 1260 Lbd - ok
10:00:43.0828 1260 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
10:00:43.0848 1260 lltdio - ok
10:00:43.0892 1260 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
10:00:43.0902 1260 LSI_FC - ok
10:00:43.0931 1260 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
10:00:43.0941 1260 LSI_SAS - ok
10:00:43.0993 1260 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
10:00:44.0003 1260 LSI_SCSI - ok
10:00:44.0014 1260 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
10:00:44.0053 1260 luafv - ok
10:00:44.0107 1260 MBAMSwissArmy (0905dc0814d738cff53577a59ccd81e0) C:\Windows\system32\drivers\mbamswissarmy.sys
10:00:44.0115 1260 MBAMSwissArmy - ok
10:00:44.0140 1260 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
10:00:44.0148 1260 megasas - ok
10:00:44.0183 1260 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
10:00:44.0202 1260 MegaSR - ok
10:00:44.0238 1260 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
10:00:44.0266 1260 Modem - ok
10:00:44.0297 1260 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
10:00:44.0328 1260 monitor - ok
10:00:44.0354 1260 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
10:00:44.0361 1260 mouclass - ok
10:00:44.0399 1260 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
10:00:44.0430 1260 mouhid - ok
10:00:44.0450 1260 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
10:00:44.0459 1260 MountMgr - ok
10:00:44.0502 1260 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
10:00:44.0511 1260 mpio - ok
10:00:44.0543 1260 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
10:00:44.0571 1260 mpsdrv - ok
10:00:44.0603 1260 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
10:00:44.0659 1260 Mraid35x - ok
10:00:44.0694 1260 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
10:00:44.0737 1260 MRxDAV - ok
10:00:44.0784 1260 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
10:00:44.0811 1260 mrxsmb - ok
10:00:44.0855 1260 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:00:44.0871 1260 mrxsmb10 - ok
10:00:44.0920 1260 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:00:44.0945 1260 mrxsmb20 - ok
10:00:44.0989 1260 msahci (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys
10:00:44.0998 1260 msahci - ok
10:00:45.0027 1260 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
10:00:45.0036 1260 msdsm - ok
10:00:45.0074 1260 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
10:00:45.0103 1260 Msfs - ok
10:00:45.0134 1260 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
10:00:45.0142 1260 msisadrv - ok
10:00:45.0182 1260 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
10:00:45.0202 1260 MSKSSRV - ok
10:00:45.0220 1260 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
10:00:45.0253 1260 MSPCLOCK - ok
10:00:45.0275 1260 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
10:00:45.0294 1260 MSPQM - ok
10:00:45.0322 1260 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
10:00:45.0335 1260 MsRPC - ok
10:00:45.0363 1260 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
10:00:45.0370 1260 mssmbios - ok
10:00:45.0408 1260 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
10:00:45.0427 1260 MSTEE - ok
10:00:45.0461 1260 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
10:00:45.0471 1260 Mup - ok
10:00:45.0515 1260 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
10:00:45.0529 1260 NativeWifiP - ok
10:00:45.0680 1260 NAVENG (862f55824ac81295837b0ab63f91071f) C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20111105.009\NAVENG.SYS
10:00:45.0685 1260 NAVENG - ok
10:00:45.0740 1260 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20111105.009\NAVEX15.SYS
10:00:45.0775 1260 NAVEX15 - ok
10:00:45.0853 1260 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
10:00:45.0874 1260 NDIS - ok
10:00:45.0919 1260 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
10:00:45.0950 1260 NdisTapi - ok
10:00:45.0965 1260 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
10:00:45.0993 1260 Ndisuio - ok
10:00:46.0039 1260 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
10:00:46.0069 1260 NdisWan - ok
10:00:46.0097 1260 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
10:00:46.0119 1260 NDProxy - ok
10:00:46.0181 1260 Netaapl (1352e1648213551923a0a822e441553c) C:\Windows\system32\DRIVERS\netaapl.sys
10:00:46.0214 1260 Netaapl - ok
10:00:46.0250 1260 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
10:00:46.0277 1260 NetBIOS - ok
10:00:46.0322 1260 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
10:00:46.0341 1260 netbt - ok
10:00:46.0470 1260 NETw5v32 (e559ea9138c77b5d1fda8c558764a25f) C:\Windows\system32\DRIVERS\NETw5v32.sys
10:00:46.0623 1260 NETw5v32 - ok
10:00:46.0658 1260 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
10:00:46.0723 1260 nfrd960 - ok
10:00:46.0782 1260 NPF (b48dc6abcd3aeff8618350ccbdc6b09a) C:\Windows\system32\drivers\npf.sys
10:00:46.0789 1260 NPF - ok
10:00:46.0809 1260 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
10:00:46.0838 1260 Npfs - ok
10:00:46.0868 1260 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
10:00:46.0887 1260 nsiproxy - ok
10:00:46.0946 1260 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
10:00:46.0992 1260 Ntfs - ok
10:00:47.0025 1260 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
10:00:47.0081 1260 ntrigdigi - ok
10:00:47.0106 1260 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
10:00:47.0137 1260 Null - ok
10:00:47.0300 1260 nvlddmkm (c8deeb8b743a1697edb5e2cfd0b6aec6) C:\Windows\system32\DRIVERS\nvlddmkm.sys
10:00:47.0640 1260 nvlddmkm - ok
10:00:47.0672 1260 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
10:00:47.0681 1260 nvraid - ok
10:00:47.0700 1260 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
10:00:47.0708 1260 nvstor - ok
10:00:47.0741 1260 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
10:00:47.0751 1260 nv_agp - ok
10:00:47.0761 1260 NwlnkFlt - ok
10:00:47.0771 1260 NwlnkFwd - ok
10:00:47.0803 1260 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
10:00:47.0818 1260 ohci1394 - ok
10:00:47.0891 1260 Parport (8a79fdf04a73428597e2caf9d0d67850) C:\Windows\system32\DRIVERS\parport.sys
10:00:47.0936 1260 Parport - ok
10:00:47.0962 1260 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
10:00:47.0972 1260 partmgr - ok
10:00:47.0997 1260 Parvdm (6c580025c81caf3ae9e3617c22cad00e) C:\Windows\system32\DRIVERS\parvdm.sys
10:00:48.0024 1260 Parvdm - ok
10:00:48.0059 1260 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
10:00:48.0070 1260 pci - ok
10:00:48.0111 1260 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
10:00:48.0120 1260 pciide - ok
10:00:48.0140 1260 pcmcia (3bb2244f343b610c29c98035504c9b75) C:\Windows\system32\DRIVERS\pcmcia.sys
10:00:48.0152 1260 pcmcia - ok
10:00:48.0213 1260 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
10:00:48.0284 1260 PEAUTH - ok
10:00:48.0360 1260 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
10:00:48.0389 1260 PptpMiniport - ok
10:00:48.0426 1260 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
10:00:48.0460 1260 Processor - ok
10:00:48.0504 1260 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
10:00:48.0537 1260 PSched - ok
10:00:48.0575 1260 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\Windows\system32\Drivers\PxHelp20.sys
10:00:48.0582 1260 PxHelp20 - ok
10:00:48.0649 1260 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
10:00:48.0697 1260 ql2300 - ok
10:00:48.0731 1260 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
10:00:48.0752 1260 ql40xx - ok
10:00:48.0786 1260 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
10:00:48.0813 1260 QWAVEdrv - ok
10:00:48.0829 1260 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
10:00:48.0861 1260 RasAcd - ok
10:00:48.0889 1260 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
10:00:48.0924 1260 Rasl2tp - ok
10:00:48.0964 1260 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
10:00:48.0981 1260 RasPppoe - ok
10:00:49.0045 1260 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
10:00:49.0057 1260 RasSstp - ok
10:00:49.0097 1260 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
10:00:49.0128 1260 rdbss - ok
10:00:49.0148 1260 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
10:00:49.0179 1260 RDPCDD - ok
10:00:49.0203 1260 rdpdr (943b18305eae3935598a9b4a3d560b4c) C:\Windows\system32\DRIVERS\rdpdr.sys
10:00:49.0230 1260 rdpdr - ok
10:00:49.0241 1260 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
10:00:49.0260 1260 RDPENCDD - ok
10:00:49.0298 1260 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
10:00:49.0353 1260 RDPWD - ok
10:00:49.0381 1260 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
10:00:49.0408 1260 RFCOMM - ok
10:00:49.0443 1260 rimmptsk (ded01a389926a89540b82373e4c550ee) C:\Windows\system32\DRIVERS\rimmptsk.sys
10:00:49.0473 1260 rimmptsk - ok
10:00:49.0523 1260 rimsptsk (c398bca91216755b098679a8da8a2300) C:\Windows\system32\DRIVERS\rimsptsk.sys
10:00:49.0581 1260 rimsptsk - ok
10:00:49.0614 1260 rismc32 (7c21554942bef51cbd84fd7d4e62cb9a) C:\Windows\system32\DRIVERS\rismc32.sys
10:00:49.0634 1260 rismc32 - ok
10:00:49.0686 1260 rismxdp (2a2554cb24506e0a0508fc395c4a1b42) C:\Windows\system32\DRIVERS\rixdptsk.sys
10:00:49.0701 1260 rismxdp - ok
10:00:49.0758 1260 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
10:00:49.0785 1260 rspndr - ok
10:00:49.0826 1260 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
10:00:49.0834 1260 sbp2port - ok
10:00:49.0916 1260 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
10:00:49.0949 1260 sdbus - ok
10:00:49.0973 1260 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
10:00:50.0018 1260 secdrv - ok
10:00:50.0078 1260 Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
10:00:50.0097 1260 Serenum - ok
10:00:50.0149 1260 Serial (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
10:00:50.0170 1260 Serial - ok
10:00:50.0194 1260 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
10:00:50.0213 1260 sermouse - ok
10:00:50.0249 1260 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
10:00:50.0279 1260 sffdisk - ok
10:00:50.0313 1260 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
10:00:50.0341 1260 sffp_mmc - ok
10:00:50.0364 1260 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
10:00:50.0383 1260 sffp_sd - ok
10:00:50.0407 1260 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
10:00:50.0460 1260 sfloppy - ok
10:00:50.0519 1260 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
10:00:50.0528 1260 sisagp - ok
10:00:50.0558 1260 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
10:00:50.0566 1260 SiSRaid2 - ok
10:00:50.0610 1260 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
10:00:50.0630 1260 SiSRaid4 - ok
10:00:50.0661 1260 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
10:00:50.0696 1260 Smb - ok
10:00:50.0767 1260 SNP2UVC (cf9cde12fbc19dba8de528b7511a2f4f) C:\Windows\system32\DRIVERS\snp2uvc.sys
10:00:50.0879 1260 SNP2UVC - ok
10:00:51.0083 1260 SPBBCDrv (e87cf104f12c92401c4d33c50a3d5dc8) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
10:00:51.0100 1260 SPBBCDrv - ok
10:00:51.0120 1260 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
10:00:51.0128 1260 spldr - ok
10:00:51.0152 1260 SRTSP (14389e87d0d2e25b12bf2cc74cfaee07) C:\Windows\system32\Drivers\SRTSP.SYS
10:00:51.0165 1260 SRTSP - ok
10:00:51.0200 1260 SRTSPL (aed0f68c185fe698a21cefcd76f0b8a4) C:\Windows\system32\Drivers\SRTSPL.SYS
10:00:51.0213 1260 SRTSPL - ok
10:00:51.0251 1260 SRTSPX (0e2ca6326726477fe29863808bbad413) C:\Windows\system32\Drivers\SRTSPX.SYS
10:00:51.0258 1260 SRTSPX - ok
10:00:51.0298 1260 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
10:00:51.0357 1260 srv - ok
10:00:51.0392 1260 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
10:00:51.0431 1260 srv2 - ok
10:00:51.0480 1260 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
10:00:51.0492 1260 srvnet - ok
10:00:51.0517 1260 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
10:00:51.0525 1260 swenum - ok
10:00:51.0557 1260 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
10:00:51.0564 1260 Symc8xx - ok
10:00:51.0644 1260 SymEvent (e42a34e6f5ca71a84d4c2de620aad13d) C:\Windows\system32\Drivers\SYMEVENT.SYS
10:00:51.0652 1260 SymEvent - ok
10:00:51.0717 1260 SYMREDRV (394b2368212114d538316812af60fddd) C:\Windows\System32\Drivers\SYMREDRV.SYS
10:00:51.0726 1260 SYMREDRV - ok
10:00:51.0752 1260 SYMTDI (d46676bb414c7531bdffe637a33f5033) C:\Windows\System32\Drivers\SYMTDI.SYS
10:00:51.0762 1260 SYMTDI - ok
10:00:51.0797 1260 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
10:00:51.0805 1260 Sym_hi - ok
10:00:51.0833 1260 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
10:00:51.0841 1260 Sym_u3 - ok
10:00:51.0911 1260 SynTP (f5d926807bd9bc0af68f9376144de425) C:\Windows\system32\DRIVERS\SynTP.sys
10:00:51.0922 1260 SynTP - ok
10:00:51.0983 1260 Tcpip (2756186e287139310997090797e0182b) C:\Windows\system32\drivers\tcpip.sys
10:00:52.0028 1260 Tcpip - ok
10:00:52.0075 1260 Tcpip6 (2756186e287139310997090797e0182b) C:\Windows\system32\DRIVERS\tcpip.sys
10:00:52.0098 1260 Tcpip6 - ok
10:00:52.0171 1260 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
10:00:52.0207 1260 tcpipreg - ok
10:00:52.0228 1260 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
10:00:52.0258 1260 TDPIPE - ok
10:00:52.0286 1260 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
10:00:52.0320 1260 TDTCP - ok
10:00:52.0352 1260 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
10:00:52.0378 1260 tdx - ok
10:00:52.0415 1260 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
10:00:52.0424 1260 TermDD - ok
10:00:52.0492 1260 TPM (cb258c2f726f1be73c507022be33ebb3) C:\Windows\system32\drivers\tpm.sys
10:00:52.0500 1260 TPM - ok
10:00:52.0549 1260 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
10:00:52.0583 1260 tssecsrv - ok
10:00:52.0606 1260 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
10:00:52.0634 1260 tunmp - ok
10:00:52.0674 1260 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
10:00:52.0694 1260 tunnel - ok
10:00:52.0713 1260 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
10:00:52.0722 1260 uagp35 - ok
10:00:52.0775 1260 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
10:00:52.0795 1260 udfs - ok
10:00:52.0853 1260 UimBus (16264d4a7f052a7cc516b23e00b14213) C:\Windows\system32\DRIVERS\UimBus.sys
10:00:52.0859 1260 UimBus - ok
10:00:52.0895 1260 Uim_IM (811e4296913821ce402b9e6629740350) C:\Windows\system32\Drivers\Uim_IM.sys
10:00:52.0910 1260 Uim_IM - ok
10:00:52.0920 1260 UIUSys - ok
10:00:52.0969 1260 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
10:00:52.0978 1260 uliagpkx - ok
10:00:53.0003 1260 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
10:00:53.0016 1260 uliahci - ok
10:00:53.0040 1260 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
10:00:53.0049 1260 UlSata - ok
10:00:53.0084 1260 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
10:00:53.0094 1260 ulsata2 - ok
10:00:53.0131 1260 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
10:00:53.0161 1260 umbus - ok
10:00:53.0217 1260 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
10:00:53.0263 1260 USBAAPL - ok
10:00:53.0305 1260 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
10:00:53.0332 1260 usbccgp - ok
10:00:53.0376 1260 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
10:00:53.0423 1260 usbcir - ok
10:00:53.0477 1260 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
10:00:53.0493 1260 usbehci - ok
10:00:53.0534 1260 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
10:00:53.0553 1260 usbhub - ok
10:00:53.0584 1260 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
10:00:53.0633 1260 usbohci - ok
10:00:53.0682 1260 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
10:00:53.0703 1260 usbprint - ok
10:00:53.0778 1260 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
10:00:53.0816 1260 usbscan - ok
10:00:53.0838 1260 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:00:53.0859 1260 USBSTOR - ok
10:00:53.0881 1260 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
10:00:53.0904 1260 usbuhci - ok
10:00:53.0962 1260 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
10:00:53.0998 1260 usbvideo - ok
10:00:54.0049 1260 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
10:00:54.0085 1260 vga - ok
10:00:54.0107 1260 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
10:00:54.0127 1260 VgaSave - ok
10:00:54.0148 1260 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
10:00:54.0156 1260 viaagp - ok
10:00:54.0195 1260 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
10:00:54.0234 1260 ViaC7 - ok
10:00:54.0268 1260 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
10:00:54.0276 1260 viaide - ok
10:00:54.0306 1260 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
10:00:54.0314 1260 volmgr - ok
10:00:54.0343 1260 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
10:00:54.0359 1260 volmgrx - ok
10:00:54.0406 1260 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
10:00:54.0420 1260 volsnap - ok
10:00:54.0451 1260 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
10:00:54.0461 1260 vsmraid - ok
10:00:54.0496 1260 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
10:00:54.0531 1260 WacomPen - ok
10:00:54.0574 1260 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
10:00:54.0590 1260 Wanarp - ok
10:00:54.0593 1260 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
10:00:54.0618 1260 Wanarpv6 - ok
10:00:54.0655 1260 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
10:00:54.0663 1260 Wd - ok
10:00:54.0702 1260 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
10:00:54.0760 1260 Wdf01000 - ok
10:00:54.0819 1260 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
10:00:54.0834 1260 WmiAcpi - ok
10:00:54.0884 1260 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
10:00:54.0911 1260 WpdUsb - ok
10:00:54.0929 1260 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
10:00:54.0948 1260 ws2ifsl - ok
10:00:55.0008 1260 WSDPrintDevice (4422ac5ed8d4c2f0db63e71d4c069dd7) C:\Windows\system32\DRIVERS\WSDPrint.sys
10:00:55.0027 1260 WSDPrintDevice - ok
10:00:55.0063 1260 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
10:00:55.0095 1260 WUDFRd - ok
10:00:55.0138 1260 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
10:00:55.0282 1260 \Device\Harddisk0\DR0 - ok
10:00:55.0302 1260 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
10:00:55.0406 1260 \Device\Harddisk1\DR1 - ok
10:00:55.0413 1260 Boot (0x1200) (8f54955bbe752075e34f616b91888902) \Device\Harddisk0\DR0\Partition0
10:00:55.0414 1260 \Device\Harddisk0\DR0\Partition0 - ok
10:00:55.0418 1260 Boot (0x1200) (dbeecd0976230721f2e198e10bab7ef6) \Device\Harddisk1\DR1\Partition0
10:00:55.0419 1260 \Device\Harddisk1\DR1\Partition0 - ok
10:00:55.0419 1260 ============================================================
10:00:55.0419 1260 Scan finished
10:00:55.0419 1260 ============================================================
10:00:55.0425 0832 Detected object count: 1
10:00:55.0425 0832 Actual detected object count: 1
10:01:23.0820 0832 CVPNDRVA ( UnsignedFile.Multi.Generic ) - skipped by user
10:01:23.0820 0832 CVPNDRVA ( UnsignedFile.Multi.Generic ) - User select action: Skip

(Sorry dass es immer so lange dauert, bin in den Staaten und bin 7h hinter Deutscher Zeit)

Alt 09.11.2011, 17:29   #12
hi-5
 
Privacy Protection mit rkill und tdsskiller behandelt. Alles sauber? - Standard

Privacy Protection mit rkill und tdsskiller behandelt. Alles sauber?



TDSSKILL ausgeführt. 1 Threat gefunden. Geskipped, wie gewünscht. Hier das Log File. DANKE!

09:59:29.0559 1168 TDSS rootkit removing tool 2.6.16.0 Nov 7 2011 16:26:51
09:59:29.0658 1168 ============================================================
09:59:29.0658 1168 Current date / time: 2011/11/09 09:59:29.0658
09:59:29.0658 1168 SystemInfo:
09:59:29.0658 1168
09:59:29.0658 1168 OS Version: 6.0.6002 ServicePack: 2.0
09:59:29.0658 1168 Product type: Workstation
09:59:29.0658 1168 ComputerName: RTSPC
09:59:29.0658 1168 UserName: Raffaele
09:59:29.0658 1168 Windows directory: C:\Windows
09:59:29.0658 1168 System windows directory: C:\Windows
09:59:29.0658 1168 Processor architecture: Intel x86
09:59:29.0658 1168 Number of processors: 2
09:59:29.0658 1168 Page size: 0x1000
09:59:29.0658 1168 Boot type: Safe boot with network
09:59:29.0658 1168 ============================================================
09:59:30.0853 1168 Initialize success
10:00:35.0408 1260 ============================================================
10:00:35.0408 1260 Scan started
10:00:35.0408 1260 Mode: Manual; SigCheck; TDLFS;
10:00:35.0408 1260 ============================================================
10:00:36.0097 1260 Accelerometer (a9b917777841b76f299e2ea946e03adf) C:\Windows\system32\DRIVERS\Accelerometer.sys
10:00:36.0199 1260 Accelerometer - ok
10:00:36.0232 1260 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
10:00:36.0248 1260 ACPI - ok
10:00:36.0291 1260 ADIHdAudAddService (3d691c6bf2b258e738057b42f9f57cce) C:\Windows\system32\drivers\ADIHdAud.sys
10:00:36.0393 1260 ADIHdAudAddService - ok
10:00:36.0473 1260 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
10:00:36.0493 1260 adp94xx - ok
10:00:36.0537 1260 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
10:00:36.0552 1260 adpahci - ok
10:00:36.0575 1260 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
10:00:36.0585 1260 adpu160m - ok
10:00:36.0606 1260 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
10:00:36.0626 1260 adpu320 - ok
10:00:36.0715 1260 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
10:00:36.0754 1260 AFD - ok
10:00:36.0821 1260 AgereSoftModem (38325c6aa8eae011897d61ce48ec6435) C:\Windows\system32\DRIVERS\AGRSM.sys
10:00:36.0963 1260 AgereSoftModem - ok
10:00:37.0009 1260 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
10:00:37.0018 1260 agp440 - ok
10:00:37.0084 1260 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
10:00:37.0094 1260 aic78xx - ok
10:00:37.0144 1260 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
10:00:37.0152 1260 aliide - ok
10:00:37.0176 1260 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
10:00:37.0185 1260 amdagp - ok
10:00:37.0207 1260 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
10:00:37.0215 1260 amdide - ok
10:00:37.0252 1260 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
10:00:37.0384 1260 AmdK7 - ok
10:00:37.0405 1260 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
10:00:37.0448 1260 AmdK8 - ok
10:00:37.0506 1260 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
10:00:37.0516 1260 arc - ok
10:00:37.0549 1260 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
10:00:37.0572 1260 arcsas - ok
10:00:37.0626 1260 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
10:00:37.0659 1260 AsyncMac - ok
10:00:37.0696 1260 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
10:00:37.0703 1260 atapi - ok
10:00:37.0757 1260 ATSwpWDF (1ec637725aebe586508626ba50af3324) C:\Windows\system32\Drivers\ATSwpWDF.sys
10:00:37.0826 1260 ATSwpWDF - ok
10:00:37.0920 1260 AvgLdx86 (b8c187439d27aba430dd69fdcf1fa657) C:\Windows\System32\Drivers\avgldx86.sys
10:00:37.0932 1260 AvgLdx86 - ok
10:00:37.0954 1260 AvgMfx86 (80ff2b1b7eeda966394f0baa895bbf4b) C:\Windows\System32\Drivers\avgmfx86.sys
10:00:37.0960 1260 AvgMfx86 - ok
10:00:37.0991 1260 AvgTdiX (9a7a93388f503a34e7339ae7f9997449) C:\Windows\System32\Drivers\avgtdix.sys
10:00:38.0002 1260 AvgTdiX - ok
10:00:38.0059 1260 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
10:00:38.0093 1260 Beep - ok
10:00:38.0146 1260 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
10:00:38.0188 1260 blbdrive - ok
10:00:38.0263 1260 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
10:00:38.0284 1260 bowser - ok
10:00:38.0329 1260 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
10:00:38.0451 1260 BrFiltLo - ok
10:00:38.0479 1260 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
10:00:38.0529 1260 BrFiltUp - ok
10:00:38.0573 1260 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
10:00:38.0714 1260 Brserid - ok
10:00:38.0747 1260 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
10:00:38.0802 1260 BrSerWdm - ok
10:00:38.0827 1260 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
10:00:38.0882 1260 BrUsbMdm - ok
10:00:38.0913 1260 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
10:00:38.0957 1260 BrUsbSer - ok
10:00:38.0999 1260 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
10:00:39.0018 1260 BthEnum - ok
10:00:39.0060 1260 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
10:00:39.0109 1260 BTHMODEM - ok
10:00:39.0147 1260 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
10:00:39.0189 1260 BthPan - ok
10:00:39.0228 1260 BTHPORT (611ff3f2f095c8d4a6d4cfd9dcc09793) C:\Windows\system32\Drivers\BTHport.sys
10:00:39.0293 1260 BTHPORT - ok
10:00:39.0333 1260 BTHUSB (d330803eab2a15caec7f011f1d4cb30e) C:\Windows\system32\Drivers\BTHUSB.sys
10:00:39.0352 1260 BTHUSB - ok
10:00:39.0404 1260 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
10:00:39.0433 1260 cdfs - ok
10:00:39.0495 1260 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
10:00:39.0532 1260 cdrom - ok
10:00:39.0569 1260 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
10:00:39.0609 1260 circlass - ok
10:00:39.0666 1260 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
10:00:39.0681 1260 CLFS - ok
10:00:39.0759 1260 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
10:00:39.0779 1260 CmBatt - ok
10:00:39.0809 1260 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
10:00:39.0818 1260 cmdide - ok
10:00:39.0828 1260 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
10:00:39.0836 1260 Compbatt - ok
10:00:39.0889 1260 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
10:00:39.0898 1260 crcdisk - ok
10:00:39.0964 1260 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
10:00:40.0004 1260 Crusoe - ok
10:00:40.0042 1260 CSC (9bdb2e89be8d0ef37b1f25c3d3fc192c) C:\Windows\system32\drivers\csc.sys
10:00:40.0089 1260 CSC - ok
10:00:40.0130 1260 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\Windows\system32\DRIVERS\CVirtA.sys
10:00:40.0171 1260 CVirtA - ok
10:00:40.0227 1260 CVPNDRVA (18994842386fd3039279d7865740abbd) C:\Windows\system32\Drivers\CVPNDRVA.sys
10:00:40.0247 1260 CVPNDRVA ( UnsignedFile.Multi.Generic ) - warning
10:00:40.0247 1260 CVPNDRVA - detected UnsignedFile.Multi.Generic (1)
10:00:40.0289 1260 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
10:00:40.0323 1260 DfsC - ok
10:00:40.0389 1260 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
10:00:40.0398 1260 disk - ok
10:00:40.0436 1260 DNE (b5aa5aa5ac327bd7c1aec0c58f0c1144) C:\Windows\system32\DRIVERS\dne2000.sys
10:00:40.0444 1260 DNE - ok
10:00:40.0492 1260 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
10:00:40.0515 1260 drmkaud - ok
10:00:40.0549 1260 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
10:00:40.0597 1260 DXGKrnl - ok
10:00:40.0678 1260 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
10:00:40.0720 1260 E1G60 - ok
10:00:40.0756 1260 e1yexpress (76a02bc4e8008a8cbaf5cc7efb9df839) C:\Windows\system32\DRIVERS\e1y6032.sys
10:00:40.0767 1260 e1yexpress - ok
10:00:40.0835 1260 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
10:00:40.0872 1260 Ecache - ok
10:00:41.0021 1260 eeCtrl (8f7dbc4be48f5388a6fe1f285e7948ef) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
10:00:41.0032 1260 eeCtrl - ok
10:00:41.0083 1260 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
10:00:41.0100 1260 elxstor - ok
10:00:41.0157 1260 EraserUtilRebootDrv (3ee14d400e0fdd0d214275a4a20b7022) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
10:00:41.0165 1260 EraserUtilRebootDrv - ok
10:00:41.0206 1260 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
10:00:41.0242 1260 ErrDev - ok
10:00:41.0282 1260 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
10:00:41.0337 1260 exfat - ok
10:00:41.0376 1260 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
10:00:41.0403 1260 fastfat - ok
10:00:41.0450 1260 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
10:00:41.0486 1260 fdc - ok
10:00:41.0529 1260 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
10:00:41.0537 1260 FileInfo - ok
10:00:41.0564 1260 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
10:00:41.0584 1260 Filetrace - ok
10:00:41.0633 1260 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
10:00:41.0690 1260 flpydisk - ok
10:00:41.0735 1260 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
10:00:41.0747 1260 FltMgr - ok
10:00:41.0784 1260 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
10:00:41.0800 1260 Fs_Rec - ok
10:00:41.0820 1260 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
10:00:41.0828 1260 gagp30kx - ok
10:00:41.0871 1260 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
10:00:41.0877 1260 GEARAspiWDM - ok
10:00:41.0937 1260 HBtnKey (de15777902a5d9121857d155873a1d1b) C:\Windows\system32\DRIVERS\cpqbttn.sys
10:00:41.0973 1260 HBtnKey - ok
10:00:42.0029 1260 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
10:00:42.0083 1260 HdAudAddService - ok
10:00:42.0127 1260 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
10:00:42.0162 1260 HDAudBus - ok
10:00:42.0239 1260 HECI (2df64415a28ce036ac6acec7645a996f) C:\Windows\system32\DRIVERS\HECI.sys
10:00:42.0277 1260 HECI - ok
10:00:42.0308 1260 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
10:00:42.0361 1260 HidBth - ok
10:00:42.0398 1260 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
10:00:42.0447 1260 HidIr - ok
10:00:42.0508 1260 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
10:00:42.0548 1260 HidUsb - ok
10:00:42.0591 1260 hotcore3 (8be9369d385dc0fdf86a59f70d90ae79) C:\Windows\system32\DRIVERS\hotcore3.sys
10:00:42.0599 1260 hotcore3 - ok
10:00:42.0639 1260 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
10:00:42.0647 1260 HpCISSs - ok
10:00:42.0684 1260 hpdskflt (3520a74fca88a5aefbbe7b937bea75f7) C:\Windows\system32\DRIVERS\hpdskflt.sys
10:00:42.0690 1260 hpdskflt - ok
10:00:42.0764 1260 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
10:00:42.0799 1260 HTTP - ok
10:00:42.0864 1260 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
10:00:42.0872 1260 i2omp - ok
10:00:42.0918 1260 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
10:00:42.0951 1260 i8042prt - ok
10:00:42.0983 1260 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
10:00:42.0997 1260 iaStorV - ok
10:00:43.0034 1260 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
10:00:43.0042 1260 iirsp - ok
10:00:43.0101 1260 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
10:00:43.0109 1260 intelide - ok
10:00:43.0139 1260 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
10:00:43.0164 1260 intelppm - ok
10:00:43.0199 1260 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:00:43.0227 1260 IpFilterDriver - ok
10:00:43.0238 1260 IpInIp - ok
10:00:43.0269 1260 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
10:00:43.0303 1260 IPMIDRV - ok
10:00:43.0326 1260 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
10:00:43.0359 1260 IPNAT - ok
10:00:43.0399 1260 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
10:00:43.0432 1260 IRENUM - ok
10:00:43.0462 1260 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
10:00:43.0471 1260 isapnp - ok
10:00:43.0504 1260 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
10:00:43.0516 1260 iScsiPrt - ok
10:00:43.0542 1260 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
10:00:43.0550 1260 iteatapi - ok
10:00:43.0564 1260 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
10:00:43.0571 1260 iteraid - ok
10:00:43.0596 1260 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
10:00:43.0605 1260 kbdclass - ok
10:00:43.0633 1260 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
10:00:43.0648 1260 kbdhid - ok
10:00:43.0681 1260 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
10:00:43.0702 1260 KSecDD - ok
10:00:43.0778 1260 Lbd (713cd5267abfb86fe90a72e384e82a38) C:\Windows\system32\DRIVERS\Lbd.sys
10:00:43.0786 1260 Lbd - ok
10:00:43.0828 1260 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
10:00:43.0848 1260 lltdio - ok
10:00:43.0892 1260 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
10:00:43.0902 1260 LSI_FC - ok
10:00:43.0931 1260 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
10:00:43.0941 1260 LSI_SAS - ok
10:00:43.0993 1260 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
10:00:44.0003 1260 LSI_SCSI - ok
10:00:44.0014 1260 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
10:00:44.0053 1260 luafv - ok
10:00:44.0107 1260 MBAMSwissArmy (0905dc0814d738cff53577a59ccd81e0) C:\Windows\system32\drivers\mbamswissarmy.sys
10:00:44.0115 1260 MBAMSwissArmy - ok
10:00:44.0140 1260 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
10:00:44.0148 1260 megasas - ok
10:00:44.0183 1260 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
10:00:44.0202 1260 MegaSR - ok
10:00:44.0238 1260 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
10:00:44.0266 1260 Modem - ok
10:00:44.0297 1260 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
10:00:44.0328 1260 monitor - ok
10:00:44.0354 1260 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
10:00:44.0361 1260 mouclass - ok
10:00:44.0399 1260 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
10:00:44.0430 1260 mouhid - ok
10:00:44.0450 1260 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
10:00:44.0459 1260 MountMgr - ok
10:00:44.0502 1260 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
10:00:44.0511 1260 mpio - ok
10:00:44.0543 1260 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
10:00:44.0571 1260 mpsdrv - ok
10:00:44.0603 1260 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
10:00:44.0659 1260 Mraid35x - ok
10:00:44.0694 1260 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
10:00:44.0737 1260 MRxDAV - ok
10:00:44.0784 1260 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
10:00:44.0811 1260 mrxsmb - ok
10:00:44.0855 1260 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:00:44.0871 1260 mrxsmb10 - ok
10:00:44.0920 1260 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:00:44.0945 1260 mrxsmb20 - ok
10:00:44.0989 1260 msahci (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys
10:00:44.0998 1260 msahci - ok
10:00:45.0027 1260 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
10:00:45.0036 1260 msdsm - ok
10:00:45.0074 1260 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
10:00:45.0103 1260 Msfs - ok
10:00:45.0134 1260 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
10:00:45.0142 1260 msisadrv - ok
10:00:45.0182 1260 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
10:00:45.0202 1260 MSKSSRV - ok
10:00:45.0220 1260 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
10:00:45.0253 1260 MSPCLOCK - ok
10:00:45.0275 1260 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
10:00:45.0294 1260 MSPQM - ok
10:00:45.0322 1260 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
10:00:45.0335 1260 MsRPC - ok
10:00:45.0363 1260 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
10:00:45.0370 1260 mssmbios - ok
10:00:45.0408 1260 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
10:00:45.0427 1260 MSTEE - ok
10:00:45.0461 1260 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
10:00:45.0471 1260 Mup - ok
10:00:45.0515 1260 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
10:00:45.0529 1260 NativeWifiP - ok
10:00:45.0680 1260 NAVENG (862f55824ac81295837b0ab63f91071f) C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20111105.009\NAVENG.SYS
10:00:45.0685 1260 NAVENG - ok
10:00:45.0740 1260 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20111105.009\NAVEX15.SYS
10:00:45.0775 1260 NAVEX15 - ok
10:00:45.0853 1260 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
10:00:45.0874 1260 NDIS - ok
10:00:45.0919 1260 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
10:00:45.0950 1260 NdisTapi - ok
10:00:45.0965 1260 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
10:00:45.0993 1260 Ndisuio - ok
10:00:46.0039 1260 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
10:00:46.0069 1260 NdisWan - ok
10:00:46.0097 1260 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
10:00:46.0119 1260 NDProxy - ok
10:00:46.0181 1260 Netaapl (1352e1648213551923a0a822e441553c) C:\Windows\system32\DRIVERS\netaapl.sys
10:00:46.0214 1260 Netaapl - ok
10:00:46.0250 1260 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
10:00:46.0277 1260 NetBIOS - ok
10:00:46.0322 1260 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
10:00:46.0341 1260 netbt - ok
10:00:46.0470 1260 NETw5v32 (e559ea9138c77b5d1fda8c558764a25f) C:\Windows\system32\DRIVERS\NETw5v32.sys
10:00:46.0623 1260 NETw5v32 - ok
10:00:46.0658 1260 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
10:00:46.0723 1260 nfrd960 - ok
10:00:46.0782 1260 NPF (b48dc6abcd3aeff8618350ccbdc6b09a) C:\Windows\system32\drivers\npf.sys
10:00:46.0789 1260 NPF - ok
10:00:46.0809 1260 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
10:00:46.0838 1260 Npfs - ok
10:00:46.0868 1260 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
10:00:46.0887 1260 nsiproxy - ok
10:00:46.0946 1260 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
10:00:46.0992 1260 Ntfs - ok
10:00:47.0025 1260 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
10:00:47.0081 1260 ntrigdigi - ok
10:00:47.0106 1260 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
10:00:47.0137 1260 Null - ok
10:00:47.0300 1260 nvlddmkm (c8deeb8b743a1697edb5e2cfd0b6aec6) C:\Windows\system32\DRIVERS\nvlddmkm.sys
10:00:47.0640 1260 nvlddmkm - ok
10:00:47.0672 1260 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
10:00:47.0681 1260 nvraid - ok
10:00:47.0700 1260 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
10:00:47.0708 1260 nvstor - ok
10:00:47.0741 1260 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
10:00:47.0751 1260 nv_agp - ok
10:00:47.0761 1260 NwlnkFlt - ok
10:00:47.0771 1260 NwlnkFwd - ok
10:00:47.0803 1260 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
10:00:47.0818 1260 ohci1394 - ok
10:00:47.0891 1260 Parport (8a79fdf04a73428597e2caf9d0d67850) C:\Windows\system32\DRIVERS\parport.sys
10:00:47.0936 1260 Parport - ok
10:00:47.0962 1260 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
10:00:47.0972 1260 partmgr - ok
10:00:47.0997 1260 Parvdm (6c580025c81caf3ae9e3617c22cad00e) C:\Windows\system32\DRIVERS\parvdm.sys
10:00:48.0024 1260 Parvdm - ok
10:00:48.0059 1260 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
10:00:48.0070 1260 pci - ok
10:00:48.0111 1260 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
10:00:48.0120 1260 pciide - ok
10:00:48.0140 1260 pcmcia (3bb2244f343b610c29c98035504c9b75) C:\Windows\system32\DRIVERS\pcmcia.sys
10:00:48.0152 1260 pcmcia - ok
10:00:48.0213 1260 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
10:00:48.0284 1260 PEAUTH - ok
10:00:48.0360 1260 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
10:00:48.0389 1260 PptpMiniport - ok
10:00:48.0426 1260 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
10:00:48.0460 1260 Processor - ok
10:00:48.0504 1260 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
10:00:48.0537 1260 PSched - ok
10:00:48.0575 1260 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\Windows\system32\Drivers\PxHelp20.sys
10:00:48.0582 1260 PxHelp20 - ok
10:00:48.0649 1260 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
10:00:48.0697 1260 ql2300 - ok
10:00:48.0731 1260 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
10:00:48.0752 1260 ql40xx - ok
10:00:48.0786 1260 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
10:00:48.0813 1260 QWAVEdrv - ok
10:00:48.0829 1260 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
10:00:48.0861 1260 RasAcd - ok
10:00:48.0889 1260 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
10:00:48.0924 1260 Rasl2tp - ok
10:00:48.0964 1260 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
10:00:48.0981 1260 RasPppoe - ok
10:00:49.0045 1260 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
10:00:49.0057 1260 RasSstp - ok
10:00:49.0097 1260 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
10:00:49.0128 1260 rdbss - ok
10:00:49.0148 1260 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
10:00:49.0179 1260 RDPCDD - ok
10:00:49.0203 1260 rdpdr (943b18305eae3935598a9b4a3d560b4c) C:\Windows\system32\DRIVERS\rdpdr.sys
10:00:49.0230 1260 rdpdr - ok
10:00:49.0241 1260 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
10:00:49.0260 1260 RDPENCDD - ok
10:00:49.0298 1260 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
10:00:49.0353 1260 RDPWD - ok
10:00:49.0381 1260 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
10:00:49.0408 1260 RFCOMM - ok
10:00:49.0443 1260 rimmptsk (ded01a389926a89540b82373e4c550ee) C:\Windows\system32\DRIVERS\rimmptsk.sys
10:00:49.0473 1260 rimmptsk - ok
10:00:49.0523 1260 rimsptsk (c398bca91216755b098679a8da8a2300) C:\Windows\system32\DRIVERS\rimsptsk.sys
10:00:49.0581 1260 rimsptsk - ok
10:00:49.0614 1260 rismc32 (7c21554942bef51cbd84fd7d4e62cb9a) C:\Windows\system32\DRIVERS\rismc32.sys
10:00:49.0634 1260 rismc32 - ok
10:00:49.0686 1260 rismxdp (2a2554cb24506e0a0508fc395c4a1b42) C:\Windows\system32\DRIVERS\rixdptsk.sys
10:00:49.0701 1260 rismxdp - ok
10:00:49.0758 1260 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
10:00:49.0785 1260 rspndr - ok
10:00:49.0826 1260 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
10:00:49.0834 1260 sbp2port - ok
10:00:49.0916 1260 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
10:00:49.0949 1260 sdbus - ok
10:00:49.0973 1260 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
10:00:50.0018 1260 secdrv - ok
10:00:50.0078 1260 Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
10:00:50.0097 1260 Serenum - ok
10:00:50.0149 1260 Serial (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
10:00:50.0170 1260 Serial - ok
10:00:50.0194 1260 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
10:00:50.0213 1260 sermouse - ok
10:00:50.0249 1260 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
10:00:50.0279 1260 sffdisk - ok
10:00:50.0313 1260 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
10:00:50.0341 1260 sffp_mmc - ok
10:00:50.0364 1260 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
10:00:50.0383 1260 sffp_sd - ok
10:00:50.0407 1260 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
10:00:50.0460 1260 sfloppy - ok
10:00:50.0519 1260 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
10:00:50.0528 1260 sisagp - ok
10:00:50.0558 1260 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
10:00:50.0566 1260 SiSRaid2 - ok
10:00:50.0610 1260 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
10:00:50.0630 1260 SiSRaid4 - ok
10:00:50.0661 1260 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
10:00:50.0696 1260 Smb - ok
10:00:50.0767 1260 SNP2UVC (cf9cde12fbc19dba8de528b7511a2f4f) C:\Windows\system32\DRIVERS\snp2uvc.sys
10:00:50.0879 1260 SNP2UVC - ok
10:00:51.0083 1260 SPBBCDrv (e87cf104f12c92401c4d33c50a3d5dc8) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
10:00:51.0100 1260 SPBBCDrv - ok
10:00:51.0120 1260 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
10:00:51.0128 1260 spldr - ok
10:00:51.0152 1260 SRTSP (14389e87d0d2e25b12bf2cc74cfaee07) C:\Windows\system32\Drivers\SRTSP.SYS
10:00:51.0165 1260 SRTSP - ok
10:00:51.0200 1260 SRTSPL (aed0f68c185fe698a21cefcd76f0b8a4) C:\Windows\system32\Drivers\SRTSPL.SYS
10:00:51.0213 1260 SRTSPL - ok
10:00:51.0251 1260 SRTSPX (0e2ca6326726477fe29863808bbad413) C:\Windows\system32\Drivers\SRTSPX.SYS
10:00:51.0258 1260 SRTSPX - ok
10:00:51.0298 1260 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
10:00:51.0357 1260 srv - ok
10:00:51.0392 1260 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
10:00:51.0431 1260 srv2 - ok
10:00:51.0480 1260 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
10:00:51.0492 1260 srvnet - ok
10:00:51.0517 1260 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
10:00:51.0525 1260 swenum - ok
10:00:51.0557 1260 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
10:00:51.0564 1260 Symc8xx - ok
10:00:51.0644 1260 SymEvent (e42a34e6f5ca71a84d4c2de620aad13d) C:\Windows\system32\Drivers\SYMEVENT.SYS
10:00:51.0652 1260 SymEvent - ok
10:00:51.0717 1260 SYMREDRV (394b2368212114d538316812af60fddd) C:\Windows\System32\Drivers\SYMREDRV.SYS
10:00:51.0726 1260 SYMREDRV - ok
10:00:51.0752 1260 SYMTDI (d46676bb414c7531bdffe637a33f5033) C:\Windows\System32\Drivers\SYMTDI.SYS
10:00:51.0762 1260 SYMTDI - ok
10:00:51.0797 1260 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
10:00:51.0805 1260 Sym_hi - ok
10:00:51.0833 1260 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
10:00:51.0841 1260 Sym_u3 - ok
10:00:51.0911 1260 SynTP (f5d926807bd9bc0af68f9376144de425) C:\Windows\system32\DRIVERS\SynTP.sys
10:00:51.0922 1260 SynTP - ok
10:00:51.0983 1260 Tcpip (2756186e287139310997090797e0182b) C:\Windows\system32\drivers\tcpip.sys
10:00:52.0028 1260 Tcpip - ok
10:00:52.0075 1260 Tcpip6 (2756186e287139310997090797e0182b) C:\Windows\system32\DRIVERS\tcpip.sys
10:00:52.0098 1260 Tcpip6 - ok
10:00:52.0171 1260 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
10:00:52.0207 1260 tcpipreg - ok
10:00:52.0228 1260 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
10:00:52.0258 1260 TDPIPE - ok
10:00:52.0286 1260 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
10:00:52.0320 1260 TDTCP - ok
10:00:52.0352 1260 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
10:00:52.0378 1260 tdx - ok
10:00:52.0415 1260 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
10:00:52.0424 1260 TermDD - ok
10:00:52.0492 1260 TPM (cb258c2f726f1be73c507022be33ebb3) C:\Windows\system32\drivers\tpm.sys
10:00:52.0500 1260 TPM - ok
10:00:52.0549 1260 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
10:00:52.0583 1260 tssecsrv - ok
10:00:52.0606 1260 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
10:00:52.0634 1260 tunmp - ok
10:00:52.0674 1260 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
10:00:52.0694 1260 tunnel - ok
10:00:52.0713 1260 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
10:00:52.0722 1260 uagp35 - ok
10:00:52.0775 1260 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
10:00:52.0795 1260 udfs - ok
10:00:52.0853 1260 UimBus (16264d4a7f052a7cc516b23e00b14213) C:\Windows\system32\DRIVERS\UimBus.sys
10:00:52.0859 1260 UimBus - ok
10:00:52.0895 1260 Uim_IM (811e4296913821ce402b9e6629740350) C:\Windows\system32\Drivers\Uim_IM.sys
10:00:52.0910 1260 Uim_IM - ok
10:00:52.0920 1260 UIUSys - ok
10:00:52.0969 1260 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
10:00:52.0978 1260 uliagpkx - ok
10:00:53.0003 1260 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
10:00:53.0016 1260 uliahci - ok
10:00:53.0040 1260 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
10:00:53.0049 1260 UlSata - ok
10:00:53.0084 1260 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
10:00:53.0094 1260 ulsata2 - ok
10:00:53.0131 1260 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
10:00:53.0161 1260 umbus - ok
10:00:53.0217 1260 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
10:00:53.0263 1260 USBAAPL - ok
10:00:53.0305 1260 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
10:00:53.0332 1260 usbccgp - ok
10:00:53.0376 1260 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
10:00:53.0423 1260 usbcir - ok
10:00:53.0477 1260 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
10:00:53.0493 1260 usbehci - ok
10:00:53.0534 1260 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
10:00:53.0553 1260 usbhub - ok
10:00:53.0584 1260 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
10:00:53.0633 1260 usbohci - ok
10:00:53.0682 1260 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
10:00:53.0703 1260 usbprint - ok
10:00:53.0778 1260 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
10:00:53.0816 1260 usbscan - ok
10:00:53.0838 1260 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:00:53.0859 1260 USBSTOR - ok
10:00:53.0881 1260 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
10:00:53.0904 1260 usbuhci - ok
10:00:53.0962 1260 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
10:00:53.0998 1260 usbvideo - ok
10:00:54.0049 1260 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
10:00:54.0085 1260 vga - ok
10:00:54.0107 1260 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
10:00:54.0127 1260 VgaSave - ok
10:00:54.0148 1260 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
10:00:54.0156 1260 viaagp - ok
10:00:54.0195 1260 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
10:00:54.0234 1260 ViaC7 - ok
10:00:54.0268 1260 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
10:00:54.0276 1260 viaide - ok
10:00:54.0306 1260 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
10:00:54.0314 1260 volmgr - ok
10:00:54.0343 1260 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
10:00:54.0359 1260 volmgrx - ok
10:00:54.0406 1260 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
10:00:54.0420 1260 volsnap - ok
10:00:54.0451 1260 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
10:00:54.0461 1260 vsmraid - ok
10:00:54.0496 1260 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
10:00:54.0531 1260 WacomPen - ok
10:00:54.0574 1260 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
10:00:54.0590 1260 Wanarp - ok
10:00:54.0593 1260 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
10:00:54.0618 1260 Wanarpv6 - ok
10:00:54.0655 1260 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
10:00:54.0663 1260 Wd - ok
10:00:54.0702 1260 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
10:00:54.0760 1260 Wdf01000 - ok
10:00:54.0819 1260 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
10:00:54.0834 1260 WmiAcpi - ok
10:00:54.0884 1260 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
10:00:54.0911 1260 WpdUsb - ok
10:00:54.0929 1260 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
10:00:54.0948 1260 ws2ifsl - ok
10:00:55.0008 1260 WSDPrintDevice (4422ac5ed8d4c2f0db63e71d4c069dd7) C:\Windows\system32\DRIVERS\WSDPrint.sys
10:00:55.0027 1260 WSDPrintDevice - ok
10:00:55.0063 1260 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
10:00:55.0095 1260 WUDFRd - ok
10:00:55.0138 1260 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
10:00:55.0282 1260 \Device\Harddisk0\DR0 - ok
10:00:55.0302 1260 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
10:00:55.0406 1260 \Device\Harddisk1\DR1 - ok
10:00:55.0413 1260 Boot (0x1200) (8f54955bbe752075e34f616b91888902) \Device\Harddisk0\DR0\Partition0
10:00:55.0414 1260 \Device\Harddisk0\DR0\Partition0 - ok
10:00:55.0418 1260 Boot (0x1200) (dbeecd0976230721f2e198e10bab7ef6) \Device\Harddisk1\DR1\Partition0
10:00:55.0419 1260 \Device\Harddisk1\DR1\Partition0 - ok
10:00:55.0419 1260 ============================================================
10:00:55.0419 1260 Scan finished
10:00:55.0419 1260 ============================================================
10:00:55.0425 0832 Detected object count: 1
10:00:55.0425 0832 Actual detected object count: 1
10:01:23.0820 0832 CVPNDRVA ( UnsignedFile.Multi.Generic ) - skipped by user
10:01:23.0820 0832 CVPNDRVA ( UnsignedFile.Multi.Generic ) - User select action: Skip


(Sorry dass es immer so lange dauert, bin in den Staaten und bin 7h hinter Deutscher Zeit)

Alt 10.11.2011, 10:21   #13
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Privacy Protection mit rkill und tdsskiller behandelt. Alles sauber? - Standard

Privacy Protection mit rkill und tdsskiller behandelt. Alles sauber?



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 10.11.2011, 17:03   #14
hi-5
 
Privacy Protection mit rkill und tdsskiller behandelt. Alles sauber? - Standard

Privacy Protection mit rkill und tdsskiller behandelt. Alles sauber?



Hi Arne,

Ich hab ein kleines Problem. Es poppt auf, dass Symantec immer noch läuft. Es hat aber kein entsprechendes Icon in der Taskleiste und wenn ich den Task Manager öffne ist da auch kein Symantec Prozess zu sehen. Ich komme mir zwar ein bisschen blöd vor das zu fragen, aber wie kann ich das denn ausschalten ohne zu deinstallieren?

Alt 10.11.2011, 21:34   #15
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Privacy Protection mit rkill und tdsskiller behandelt. Alles sauber? - Standard

Privacy Protection mit rkill und tdsskiller behandelt. Alles sauber?



Notfalls Symtaec deinstallieren, später kanns wieder rauf (oder ein anderer Virenscanner)
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu Privacy Protection mit rkill und tdsskiller behandelt. Alles sauber?
ad-aware, antivirus, application/pdf, application/pdf:, auswerten, bho, bonjour, computer, computern, converter, desktop, diagnostics, document, excel.exe, firefox, google earth, helper, infizierte dateien, kaspersky, langs, log file, logfile, mozilla, mp3, nvlddmkm.sys, object, registry, root kit, scan, senden, software, symantec, usb, version=1.0, virus, vista, wenig ahnung, windows



Ähnliche Themen: Privacy Protection mit rkill und tdsskiller behandelt. Alles sauber?


  1. Privacy Easy Privacy: Enigmail und p?p wollen Verschlüsselung voranbringen
    Nachrichten - 07.09.2015 (0)
  2. Ist alles sauber?
    Log-Analyse und Auswertung - 28.03.2014 (7)
  3. system progressive protection Ist jetz alles sauber?
    Log-Analyse und Auswertung - 17.01.2013 (7)
  4. Privacy Protection - Keine Programme mehr ausführbar
    Plagegeister aller Art und deren Bekämpfung - 18.12.2011 (7)
  5. Privacy Protection lässt mich gar nichts machen
    Log-Analyse und Auswertung - 03.12.2011 (29)
  6. Privacy Protection Trojaner unter Windows 7 geht nicht weg
    Log-Analyse und Auswertung - 28.11.2011 (23)
  7. Privacy Protection Virus
    Plagegeister aller Art und deren Bekämpfung - 16.11.2011 (65)
  8. "privacy protection und andere Viren"
    Plagegeister aller Art und deren Bekämpfung - 12.11.2011 (1)
  9. Privacy Protection entfernen
    Anleitungen, FAQs & Links - 05.11.2011 (2)
  10. Malware Protection Virus - Alles sauber?
    Log-Analyse und Auswertung - 25.08.2011 (15)
  11. Alles sauber?
    Log-Analyse und Auswertung - 23.04.2009 (1)
  12. "Your Privacy is in Danger" Virusbefall -Alles (anscheinend) clean, bis auf Rootkit-
    Plagegeister aller Art und deren Bekämpfung - 26.09.2008 (4)
  13. Hilfe bei error cleaner, privacy protector und malware&spyware protection!
    Plagegeister aller Art und deren Bekämpfung - 13.07.2008 (5)
  14. Brauch hilfe bei : Error Cleaner, Privacy Protector, Malware&Spyware Protection!
    Mülltonne - 06.07.2008 (0)
  15. HILFE! TR/DROPPER.gen und error cleaner privacy protector spyware malware protection
    Plagegeister aller Art und deren Bekämpfung - 24.03.2008 (13)
  16. Alles sauber? ...
    Plagegeister aller Art und deren Bekämpfung - 09.07.2007 (3)
  17. alles sauber bei mir??
    Log-Analyse und Auswertung - 20.05.2005 (1)

Zum Thema Privacy Protection mit rkill und tdsskiller behandelt. Alles sauber? - Liebe Leute Ich habe mir gestern den Privacy Protection Virus eingefangen. Ich habe dann gegoogelt wie ich den wegkriege und bin auf eure Anleitung gestossen. Habe also folgende Schritte unternommen: - Privacy Protection mit rkill und tdsskiller behandelt. Alles sauber?...
Archiv
Du betrachtest: Privacy Protection mit rkill und tdsskiller behandelt. Alles sauber? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.