Trojaner-Board - Link über Facebook geöffnet, Virus?

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - Link über Facebook geöffnet, Virus? (https://www.trojaner-board.de/104376-link-facebook-geoeffnet-virus.html)

Link über Facebook geöffnet, Virus?

Hallo, ich habe folgendes Problem. Ich habe folgenden Link über Facebook geöffnet: [link entfernt von cosinus]

Seit dem zeigt mir mein Microsoft Security Essentials dauernd Würmer/Trojaner Meldungen an, was vorher gar nicht der Fall ist. Ich lasse gerade nochmal einen vollständingen Scan laufen. Was macht dieses DING jetzt mit meinem Computer? Habe jetzt immer Angst mich irgendwo eizuloggen, da ich befürchte das die Daten ausgespäht werden (Onlinebanking, Email, Ebay usw.).

Wäre sehr froh über Hilfe. Nur muss ich dazu sagen, das ich sehr wenig Ahnung von Computern habe, z.B. sagen mir die viel gelesenen LogFiles nichts. Falls sich jemand erbarmen sollte mir zu helfen, bitte ich Geduld mitzubringen.
Danke

Da mir keiner antwortet habe ich wohl etwas falsch gemacht bei meinen Beiträgen. Da ich wenig Ahnung von Computern habe, zeige ich euch einfach mal den Screenshot der Würmer die gefunden wurden.

Mein Rechner hat Windows 7. Wenn weitere Daten benötigt werden bitte Bescheid sagen.

Da auf nachfolgende Themen/Problematik geantwortet wurde nehme ich an, das bei mir immer noch Daten benötigt werden, da ich nicht weiß welche diese sind bitte ich einen Moderator mir kurz auf die Sprünge zu helfen. :dankeschoen:

Bitte nun routinemäßig einen Vollscan mit malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Hallo, hier die hoffentlich richtige Logfile von Malwarebytes.

Beim zweiten Schritt bleibe ich immer hängen. Da zeigt er mir beim ESET Online Scanner folgendes an: Can not get update. Is proxy configured?

Zitat:

Can not get update. Is proxy configured?

1.) Beachten => http://www.trojaner-board.de/94344-p...n-pruefen.html
2.) Anmerkung für Vista und Win7 User: Bitte den Browser unbedingt so öffnen: per Rechtsklick => als Administrator ausführen

Das spuckt er mir jetzt aus.

Ach und da ist noch die Frage wegen Onlinebanking, Ebay, Email usw. Kann ich das gefahrlos nutzen? DANKE :-)

Zitat:

Ach und da ist noch die Frage wegen Onlinebanking, Ebay, Email usw. Kann ich das gefahrlos nutzen? DANKE :-)

Erstmal bitte nicht mit diesem Rechner, ich weiß noch nicht wie genau es um den bestellt ist.

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die http://billy-oneal.com/Canned%20Spee.../customFix.png Textbox von OTL - wenn OTL auf deutsch ist wird sie mit http://larusso.trojaner-board.de/Images/otlfix.jpg beschriftet

Code:

netsvcs

msconfig

safebootminimal

safebootnetwork

activex

drivers32

%ALLUSERSPROFILE%\Application Data\*.

%ALLUSERSPROFILE%\Application Data\*.exe /s

%APPDATA%\*.

%APPDATA%\*.exe /s

%SYSTEMDRIVE%\*.exe

/md5start

wininit.exe

userinit.exe

eventlog.dll

scecli.dll

netlogon.dll

cngaudit.dll

ws2ifsl.sys

sceclt.dll

ntelogon.dll

winlogon.exe

logevent.dll

user32.DLL

iaStor.sys

nvstor.sys

atapi.sys

IdeChnDr.sys

viasraid.sys

AGP440.sys

vaxscsi.sys

nvatabus.sys

viamraid.sys

nvata.sys

nvgts.sys

iastorv.sys

ViPrt.sys

eNetHook.dll

ahcix86.sys

KR10N.sys

nvstor32.sys

ahcix86s.sys

/md5stop

%systemroot%\system32\drivers\*.sys /lockedfiles

%systemroot%\System32\config\*.sav

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf http://billy-oneal.com/Canned%20Spee.../OTL/btnOK.png.
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Hallo, hier das Ergebnis von OTL und danke Cosinus für die Mühe und Arbeit die du dir machst. Hilfst mir wirklich sehr damit. Danke
OTL Logfile:

Code:

OTL logfile created on: 10/25/2011 7:02:37 PM - Run 1

OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Toni\Downloads

64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3.85 Gb Total Physical Memory | 2.61 Gb Available Physical Memory | 67.78% Memory free

7.71 Gb Paging File | 6.27 Gb Available in Paging File | 81.41% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 231.00 Gb Total Space | 14.23 Gb Free Space | 6.16% Space Free | Partition Type: NTFS

Drive D: | 345.07 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: NTFS

Drive E: | 6.91 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

 

Computer Name: SGD1953 | User Name: Toni | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2011/10/25 18:52:14 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Toni\Downloads\OTL.exe

PRC - [2011/04/17 02:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe

PRC - [2011/01/17 18:50:34 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe

PRC - [2011/01/17 18:50:34 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin

PRC - [2010/09/14 05:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

PRC - [2010/09/14 05:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

PRC - [2010/08/05 10:08:56 | 003,241,840 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe

PRC - [2010/07/30 10:20:18 | 001,752,680 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe

PRC - [2010/02/10 16:29:52 | 000,719,360 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe

PRC - [2010/01/19 04:34:48 | 002,201,192 | ---- | M] (SEC) -- C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe

PRC - [2010/01/15 14:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe

PRC - [2009/06/03 13:59:02 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe

PRC - [2009/04/15 16:52:06 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2011/10/13 20:02:13 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll

MOD - [2009/06/03 13:59:14 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll

MOD - [2009/06/03 13:59:02 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll

MOD - [2006/08/12 05:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\Samsung\Easy Display Manager\HookDllPS2.dll

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV:64bit: - [2011/04/27 17:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)

SRV:64bit: - [2011/04/27 17:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)

SRV:64bit: - [2010/07/07 20:50:56 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)

SRV:64bit: - [2010/04/16 16:07:42 | 000,134,928 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)

SRV:64bit: - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)

SRV - [2011/04/17 02:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe -- (NIS)

SRV - [2010/12/21 07:38:22 | 000,350,720 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- winhttp.dll -- (WinHttpAutoProxySvc)

SRV - [2010/09/14 05:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)

SRV - [2010/09/14 05:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)

SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010/01/15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)

SRV - [2009/09/23 22:59:36 | 001,037,824 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)

SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV:64bit: - [2011/07/08 17:45:12 | 000,386,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\symnets.sys -- (SymNetS)

DRV:64bit: - [2011/05/11 22:00:16 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)

DRV:64bit: - [2011/04/27 15:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)

DRV:64bit: - [2011/03/31 05:00:09 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\srtsp64.sys -- (SRTSP)

DRV:64bit: - [2011/03/31 05:00:09 | 000,040,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)

DRV:64bit: - [2011/03/15 04:31:23 | 000,912,504 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\symefa64.sys -- (SymEFA)

DRV:64bit: - [2011/03/11 08:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/11 08:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2011/01/27 08:47:10 | 000,450,680 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\symds64.sys -- (SymDS)

DRV:64bit: - [2011/01/27 07:07:06 | 000,171,128 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\ironx64.sys -- (SymIRON)

DRV:64bit: - [2010/09/14 05:45:52 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)

DRV:64bit: - [2010/09/14 05:45:50 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)

DRV:64bit: - [2010/09/14 05:45:48 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)

DRV:64bit: - [2010/09/14 05:45:44 | 000,760,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)

DRV:64bit: - [2010/07/07 21:30:10 | 007,195,648 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)

DRV:64bit: - [2010/07/07 20:15:44 | 000,265,728 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)

DRV:64bit: - [2010/06/17 06:34:44 | 000,116,240 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)

DRV:64bit: - [2010/06/10 21:45:38 | 001,605,632 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)

DRV:64bit: - [2010/05/21 06:02:40 | 001,377,840 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)

DRV:64bit: - [2010/04/28 08:57:50 | 000,061,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)

DRV:64bit: - [2010/04/27 09:57:04 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)

DRV:64bit: - [2010/04/22 04:51:46 | 003,062,336 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)

DRV:64bit: - [2010/04/16 16:07:28 | 000,013,832 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)

DRV:64bit: - [2010/02/26 09:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)

DRV:64bit: - [2009/09/28 11:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)

DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/06/10 22:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2009/06/10 22:35:42 | 000,187,392 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/05/28 08:38:04 | 000,013,824 | ---- | M] (SAMSUNG ELECTRONICS) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SABI.sys -- (SABI)

DRV - [2010/12/16 23:50:04 | 001,791,096 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\VirusDefs\20101220.002\EX64.SYS -- (NAVEX15)

DRV - [2010/12/16 23:50:04 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\VirusDefs\20101220.002\ENG64.SYS -- (NAVENG)

DRV - [2010/11/23 04:20:07 | 000,953,904 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\BASHDefs\20101123.003\BHDrvx64.sys -- (BHDrvx64)

DRV - [2010/11/09 02:50:27 | 000,476,792 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\IPSDefs\20101217.001\IDSviA64.sys -- (IDSVia64)

DRV - [2010/10/21 22:54:45 | 000,475,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)

DRV - [2010/10/21 22:54:45 | 000,132,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)

DRV - [2010/09/23 23:31:32 | 000,015,144 | ---- | M] (Windows (R) 2003 DDK 3790 provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\rtport.sys -- (rtport)

DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://samsung.msn.com

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung.msn.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/

IE - HKCU\..\URLSearchHook:  - No CLSID value found

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:49919

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"

FF - prefs.js..browser.search.selectedEngine: "ICQ Search"

FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/"

FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:3.2

FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1

FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.51

FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.7

FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.8

FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:2011.7.2.3

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q="

FF - prefs.js..network.proxy.type: 0

 

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)

FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)

FF - HKCU\Software\MozillaPlugins\@www.flatcast.com/FlatViewer 5.2: C:\Users\Toni\AppData\Roaming\Mozilla\Plugins\NpFv530.dll (1 mal 1 Software GmbH)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\IPSFFPlgn\ [2011/09/27 20:24:56 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\coFFPlgn_2011_7_2_3 [2011/10/25 18:37:40 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/11/05 14:22:21 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/10/24 19:16:02 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/10/24 19:16:02 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/11/05 14:22:21 | 000,000,000 | ---D | M]

 

[2010/10/22 10:25:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Toni\AppData\Roaming\mozilla\Extensions

[2011/10/25 19:02:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Toni\AppData\Roaming\mozilla\Firefox\Profiles\6foxmvb8.default\extensions

[2010/11/10 17:37:34 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Toni\AppData\Roaming\mozilla\Firefox\Profiles\6foxmvb8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}

[2010/10/30 00:44:20 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Toni\AppData\Roaming\mozilla\Firefox\Profiles\6foxmvb8.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}

[2011/08/08 11:48:58 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Toni\AppData\Roaming\mozilla\Firefox\Profiles\6foxmvb8.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}

[2011/10/14 21:16:16 | 000,000,950 | ---- | M] () -- C:\Users\Toni\AppData\Roaming\Mozilla\Firefox\Profiles\6foxmvb8.default\searchplugins\icqplugin-1.xml

[2011/08/29 23:05:45 | 000,000,950 | ---- | M] () -- C:\Users\Toni\AppData\Roaming\Mozilla\Firefox\Profiles\6foxmvb8.default\searchplugins\icqplugin-2.xml

[2011/09/15 23:06:40 | 000,000,950 | ---- | M] () -- C:\Users\Toni\AppData\Roaming\Mozilla\Firefox\Profiles\6foxmvb8.default\searchplugins\icqplugin-3.xml

[2011/09/27 20:45:56 | 000,000,950 | ---- | M] () -- C:\Users\Toni\AppData\Roaming\Mozilla\Firefox\Profiles\6foxmvb8.default\searchplugins\icqplugin-4.xml

[2011/10/24 19:16:53 | 000,000,950 | ---- | M] () -- C:\Users\Toni\AppData\Roaming\Mozilla\Firefox\Profiles\6foxmvb8.default\searchplugins\icqplugin-5.xml

[2010/11/10 17:37:34 | 000,000,168 | ---- | M] () -- C:\Users\Toni\AppData\Roaming\Mozilla\Firefox\Profiles\6foxmvb8.default\searchplugins\icqplugin.gif

[2010/11/10 17:37:34 | 000,000,618 | ---- | M] () -- C:\Users\Toni\AppData\Roaming\Mozilla\Firefox\Profiles\6foxmvb8.default\searchplugins\icqplugin.src

[2011/07/28 06:37:43 | 000,001,056 | ---- | M] () -- C:\Users\Toni\AppData\Roaming\Mozilla\Firefox\Profiles\6foxmvb8.default\searchplugins\icqplugin.xml

[2011/10/24 21:28:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions

[2011/10/13 20:00:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

[2010/11/05 14:22:21 | 000,000,000 | ---D | M] (HP Smart Web Printing) -- C:\PROGRAM FILES (X86)\HP\DIGITAL IMAGING\SMART WEB PRINTING\MOZILLAADDON3

[2011/10/25 18:37:40 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\COFFPLGN_2011_7_2_3

[2011/09/27 20:24:56 | 000,000,000 | ---D | M] (Symantec IPS) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\IPSFFPLGN

[2011/10/13 19:59:59 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

[2011/04/29 13:41:02 | 001,480,192 | ---- | M] (1 mal 1 Software GmbH) -- C:\Program Files (x86)\mozilla firefox\plugins\NpFv530.dll

[2011/08/03 22:01:11 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml

[2011/08/03 22:01:11 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml

[2011/08/03 22:01:11 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml

[2011/08/03 22:01:11 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml

[2011/08/03 22:01:11 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll (Symantec Corporation)

O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\IPS\IPSBHO.DLL (Symantec Corporation)

O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll (Symantec Corporation)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll (Symantec Corporation)

O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4 - HKCU..\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent File not found

O4 - HKCU..\Run: [EADM] C:\Program Files (x86)\Origin\Origin.exe (Electronic Arts)

O4 - Startup: C:\Users\Toni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Toni\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()

O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Toni\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()

O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found

O8 - Extra context menu item: Free YouTube Download - C:\Users\Toni\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()

O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Toni\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()

O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found

O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C0342942-4453-4215-9D4F-880EB5D5B723}: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F27C0B94-38B3-412C-87B5-05FAB074023D}: DhcpNameServer = 192.168.2.1

O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)

O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)

O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)

O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)

O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) -explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) -userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKCU Winlogon: Shell - (explorer.exe) -explorer.exe (Microsoft Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O22 - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\SysWOW64\DreamScene.dll (Microsoft Corporation)

O29:64bit: - HKLM SecurityProviders - (credssp.dll) -credssp.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (credssp.dll) -credssp.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2011/08/24 07:53:21 | 008,958,304 | R--- | M] (Electronic Arts) - E:\AutoRun.exe -- [ UDF ]

O32 - AutoRun File - [2011/09/07 03:00:07 | 000,000,000 | R--D | M] - E:\Autorun -- [ UDF ]

O32 - AutoRun File - [2011/09/07 02:08:12 | 000,032,783 | R--- | M] () - E:\Autorun.ico -- [ UDF ]

O32 - AutoRun File - [2011/09/07 03:00:07 | 000,000,132 | R--- | M] () - E:\autorun.inf -- [ UDF ]

O33 - MountPoints2\{8f203e9f-c759-11df-9c03-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{8f203e9f-c759-11df-9c03-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2011/08/24 07:53:21 | 008,958,304 | R--- | M] (Electronic Arts)

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

 

 

SafeBootMin:64bit: AppMgmt - Service

SafeBootMin:64bit: Base - Driver Group

SafeBootMin:64bit: Boot Bus Extender - Driver Group

SafeBootMin:64bit: Boot file system - Driver Group

SafeBootMin:64bit: File system - Driver Group

SafeBootMin:64bit: Filter - Driver Group

SafeBootMin:64bit: HelpSvc - Service

SafeBootMin:64bit: MsMpSvc - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)

SafeBootMin:64bit: PCI Configuration - Driver Group

SafeBootMin:64bit: PNP Filter - Driver Group

SafeBootMin:64bit: Primary disk - Driver Group

SafeBootMin:64bit: sacsvr - Service

SafeBootMin:64bit: SCSI Class - Driver Group

SafeBootMin:64bit: System Bus Extender - Driver Group

SafeBootMin:64bit: vmms - Service

SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)

SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootMin: AppMgmt - Service

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: HelpSvc - Service

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: sacsvr - Service

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vmms - Service

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

SafeBootNet:64bit: AppMgmt - Service

SafeBootNet:64bit: Base - Driver Group

SafeBootNet:64bit: Boot Bus Extender - Driver Group

SafeBootNet:64bit: Boot file system - Driver Group

SafeBootNet:64bit: File system - Driver Group

SafeBootNet:64bit: Filter - Driver Group

SafeBootNet:64bit: HelpSvc - Service

SafeBootNet:64bit: Messenger - Service

SafeBootNet:64bit: MsMpSvc - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)

SafeBootNet:64bit: NDIS Wrapper - Driver Group

SafeBootNet:64bit: NetBIOSGroup - Driver Group

SafeBootNet:64bit: NetDDEGroup - Driver Group

SafeBootNet:64bit: Network - Driver Group

SafeBootNet:64bit: NetworkProvider - Driver Group

SafeBootNet:64bit: PCI Configuration - Driver Group

SafeBootNet:64bit: PNP Filter - Driver Group

SafeBootNet:64bit: PNP_TDI - Driver Group

SafeBootNet:64bit: Primary disk - Driver Group

SafeBootNet:64bit: rdsessmgr - Service

SafeBootNet:64bit: sacsvr - Service

SafeBootNet:64bit: SCSI Class - Driver Group

SafeBootNet:64bit: Streams Drivers - Driver Group

SafeBootNet:64bit: System Bus Extender - Driver Group

SafeBootNet:64bit: TDI - Driver Group

SafeBootNet:64bit: vmms - Service

SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)

SafeBootNet:64bit: WudfUsbccidDriver - Driver

SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - Service

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: HelpSvc - Service

SafeBootNet: Messenger - Service

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: rdsessmgr - Service

SafeBootNet: sacsvr - Service

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vmms - Service

SafeBootNet: WudfUsbccidDriver - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings

ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework

ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework

ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig

ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

 

Drivers32:64bit: aux - wdmaud.drv (Microsoft Corporation)

Drivers32:64bit: aux1 - wdmaud.drv (Microsoft Corporation)

Drivers32:64bit: midi - wdmaud.drv (Microsoft Corporation)

Drivers32:64bit: midi1 - wdmaud.drv (Microsoft Corporation)

Drivers32:64bit: midimapper - midimap.dll (Microsoft Corporation)

Drivers32:64bit: mixer - wdmaud.drv (Microsoft Corporation)

Drivers32:64bit: mixer1 - wdmaud.drv (Microsoft Corporation)

Drivers32:64bit: msacm.imaadpcm - imaadp32.acm (Microsoft Corporation)

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32:64bit: msacm.msadpcm - msadp32.acm (Microsoft Corporation)

Drivers32:64bit: msacm.msg711 - msg711.acm (Microsoft Corporation)

Drivers32:64bit: msacm.msgsm610 - msgsm32.acm (Microsoft Corporation)

Drivers32:64bit: MSVideo8 - VfWWDM32.dll (Microsoft Corporation)

Drivers32:64bit: vidc.i420 - iyuv_32.dll (Microsoft Corporation)

Drivers32:64bit: VIDC.IYUV - iyuv_32.dll (Microsoft Corporation)

Drivers32:64bit: vidc.mrle - msrle32.dll (Microsoft Corporation)

Drivers32:64bit: vidc.msvc - msvidc32.dll (Microsoft Corporation)

Drivers32:64bit: VIDC.UYVY - msyuv.dll (Microsoft Corporation)

Drivers32:64bit: VIDC.YUY2 - msyuv.dll (Microsoft Corporation)

Drivers32:64bit: VIDC.YVU9 - tsbyuv.dll (Microsoft Corporation)

Drivers32:64bit: VIDC.YVYU - msyuv.dll (Microsoft Corporation)

Drivers32:64bit: wave - wdmaud.drv (Microsoft Corporation)

Drivers32:64bit: wave1 - wdmaud.drv (Microsoft Corporation)

Drivers32:64bit: wavemapper - msacm32.drv (Microsoft Corporation)

Drivers32: aux - wdmaud.drv (Microsoft Corporation)

Drivers32: aux1 - wdmaud.drv (Microsoft Corporation)

Drivers32: midi - wdmaud.drv (Microsoft Corporation)

Drivers32: midi1 - wdmaud.drv (Microsoft Corporation)

Drivers32: midimapper - midimap.dll (Microsoft Corporation)

Drivers32: mixer - wdmaud.drv (Microsoft Corporation)

Drivers32: mixer1 - wdmaud.drv (Microsoft Corporation)

Drivers32: msacm.imaadpcm - imaadp32.acm (Microsoft Corporation)

Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.msadpcm - msadp32.acm (Microsoft Corporation)

Drivers32: msacm.msg711 - msg711.acm (Microsoft Corporation)

Drivers32: msacm.msgsm610 - msgsm32.acm (Microsoft Corporation)

Drivers32: msacm.siren - sirenacm.dll (Microsoft Corporation)

Drivers32: vidc.cvid - iccvid.dll (Radius Inc.)

Drivers32: vidc.i420 - iyuv_32.dll (Microsoft Corporation)

Drivers32: vidc.iyuv - iyuv_32.dll (Microsoft Corporation)

Drivers32: vidc.mrle - msrle32.dll (Microsoft Corporation)

Drivers32: vidc.msvc - msvidc32.dll (Microsoft Corporation)

Drivers32: vidc.uyvy - msyuv.dll (Microsoft Corporation)

Drivers32: vidc.yuy2 - msyuv.dll (Microsoft Corporation)

Drivers32: vidc.yvu9 - tsbyuv.dll (Microsoft Corporation)

Drivers32: vidc.yvyu - msyuv.dll (Microsoft Corporation)

Drivers32: wave - wdmaud.drv (Microsoft Corporation)

Drivers32: wave1 - wdmaud.drv (Microsoft Corporation)

Drivers32: wavemapper - msacm32.drv (Microsoft Corporation)

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2011/10/24 23:57:42 | 000,000,000 | ---D | C] -- C:\Users\Toni\AppData\Local\Zattoo

[2011/10/24 23:56:25 | 000,000,000 | ---D | C] -- C:\Users\Toni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zattoo4

[2011/10/24 23:56:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zattoo4

[2011/10/24 23:56:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Zattoo4

[2011/10/24 20:01:52 | 000,000,000 | ---D | C] -- C:\Users\Toni\AppData\Local\ElevatedDiagnostics

[2011/10/24 19:18:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET

[2011/10/23 11:49:23 | 000,000,000 | ---D | C] -- C:\Users\Toni\AppData\Roaming\Malwarebytes

[2011/10/23 11:49:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2011/10/23 11:49:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2011/10/23 11:49:12 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys

[2011/10/23 11:49:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2011/10/16 00:33:21 | 000,000,000 | ---D | C] -- C:\Users\Toni\AppData\Roaming\8FD92

[2011/10/16 00:32:57 | 000,000,000 | ---D | C] -- C:\Users\Toni\AppData\Roaming\DA98F

[2011/10/15 16:25:57 | 000,000,000 | RHSD | C] -- C:\Users\Toni\M-1-52-5782-8752-5245

[2011/10/14 21:55:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office

[2011/10/14 21:54:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Works

[2011/10/14 21:53:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio

[2011/10/14 21:43:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8

[2011/10/14 21:43:04 | 000,000,000 | ---D | C] -- C:\Users\Toni\AppData\Local\Microsoft Help

[2011/10/14 21:42:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help

[2011/10/13 20:36:23 | 000,000,000 | ---D | C] -- C:\Users\Toni\AppData\Roaming\OpenOffice.org

[2011/10/13 20:01:52 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.3

[2011/10/13 20:01:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenOffice.org 3

[2011/10/13 20:00:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun

[2011/10/13 20:00:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java

[2011/10/13 19:59:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java

[2011/10/13 19:57:50 | 000,000,000 | ---D | C] -- C:\Users\Toni\Desktop\OpenOffice.org 3.3 (de) Installation Files

[2011/09/27 19:36:09 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core

[2011/09/27 19:34:45 | 000,000,000 | ---D | C] -- C:\Users\Toni\Documents\FIFA 12

[2011/09/27 19:25:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FIFA 12

[2011/09/27 19:25:24 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Common Files\EAInstaller

[2011/09/27 18:34:31 | 000,000,000 | ---D | C] -- C:\Users\Toni\AppData\Roaming\Origin

[2011/09/27 18:34:30 | 000,000,000 | ---D | C] -- C:\Users\Toni\AppData\Local\Origin

[2011/09/27 18:32:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin

[2011/09/27 18:32:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin Games

[2011/09/27 18:31:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin

 
 ========== Files - Modified Within 30 Days ==========

 

[2011/10/25 18:43:28 | 000,013,936 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2011/10/25 18:43:28 | 000,013,936 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2011/10/25 18:34:50 | 000,001,102 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job

[2011/10/25 18:34:26 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat

[2011/10/25 18:34:21 | 4137,861,120 | -HS- | M] () -- C:\hiberfil.sys

[2011/10/25 00:21:00 | 000,001,106 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job

[2011/10/24 23:59:13 | 000,017,408 | ---- | M] () -- C:\Users\Toni\AppData\Local\WebpageIcons.db

[2011/10/24 23:56:26 | 000,001,868 | ---- | M] () -- C:\Users\Toni\Desktop\Zattoo.lnk

[2011/10/23 11:49:17 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/10/22 23:04:30 | 000,000,000 | ---- | M] () -- C:\Users\Toni\defogger_reenable

[2011/10/22 13:51:00 | 000,203,650 | ---- | M] () -- C:\Users\Toni\Desktop\wurm.jpg

[2011/10/19 23:32:42 | 001,506,782 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI

[2011/10/19 23:32:42 | 000,656,944 | ---- | M] () -- C:\windows\SysNative\perfh007.dat

[2011/10/19 23:32:42 | 000,618,786 | ---- | M] () -- C:\windows\SysNative\perfh009.dat

[2011/10/19 23:32:42 | 000,131,426 | ---- | M] () -- C:\windows\SysNative\perfc007.dat

[2011/10/19 23:32:42 | 000,107,808 | ---- | M] () -- C:\windows\SysNative\perfc009.dat

[2011/10/19 17:13:36 | 000,448,512 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT

[2011/10/17 23:32:53 | 000,610,304 | ---- | M] () -- C:\Users\Toni\Desktop\eichmüller#.pub

[2011/10/13 20:37:14 | 000,001,235 | ---- | M] () -- C:\Users\Toni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk

[2011/10/13 20:01:55 | 000,001,124 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.3.lnk

[2011/09/27 19:25:28 | 000,001,255 | ---- | M] () -- C:\Users\Public\Desktop\FIFA 12.lnk

[2011/09/27 18:37:57 | 000,000,979 | ---- | M] () -- C:\Users\Public\Desktop\Origin.lnk

 
 ========== Files Created - No Company Name ==========

 

[2011/10/24 23:57:42 | 000,017,408 | ---- | C] () -- C:\Users\Toni\AppData\Local\WebpageIcons.db

[2011/10/24 23:56:26 | 000,001,868 | ---- | C] () -- C:\Users\Toni\Desktop\Zattoo.lnk

[2011/10/23 11:49:17 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/10/22 23:04:30 | 000,000,000 | ---- | C] () -- C:\Users\Toni\defogger_reenable

[2011/10/22 13:50:59 | 000,203,650 | ---- | C] () -- C:\Users\Toni\Desktop\wurm.jpg

[2011/10/17 23:32:52 | 000,610,304 | ---- | C] () -- C:\Users\Toni\Desktop\eichmüller#.pub

[2011/10/13 20:37:14 | 000,001,235 | ---- | C] () -- C:\Users\Toni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk

[2011/10/13 20:01:54 | 000,001,124 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.3.lnk

[2011/09/27 19:25:27 | 000,001,255 | ---- | C] () -- C:\Users\Public\Desktop\FIFA 12.lnk

[2011/09/27 18:32:31 | 000,000,979 | ---- | C] () -- C:\Users\Public\Desktop\Origin.lnk

[2011/05/14 12:50:44 | 000,695,578 | ---- | C] () -- C:\windows\unins000.exe

[2011/05/14 12:50:44 | 000,005,944 | ---- | C] () -- C:\windows\unins000.dat

[2010/11/05 14:07:01 | 000,266,118 | ---- | C] () -- C:\windows\hpwins23.dat

[2010/10/27 11:57:29 | 001,533,476 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI

[2010/10/21 20:57:57 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe

[2010/08/17 20:53:19 | 000,002,857 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat

[2010/08/17 06:09:26 | 000,307,200 | ---- | C] () -- C:\windows\SetDisplayResolution.exe

[2010/08/17 06:02:02 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin

[2010/08/17 05:12:01 | 000,002,076 | ---- | C] () -- C:\windows\HotFixList.ini

[2009/11/06 11:17:18 | 000,001,843 | ---- | C] () -- C:\windows\hpwmdl23.dat

[2009/07/14 07:38:36 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat

[2009/07/14 04:35:51 | 000,000,741 | ---- | C] () -- C:\windows\SysWow64\NOISE.DAT

[2009/07/14 04:34:42 | 000,215,943 | ---- | C] () -- C:\windows\SysWow64\dssec.dat

[2009/07/14 02:10:29 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin

[2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll

[2009/07/13 23:59:36 | 000,982,196 | ---- | C] () -- C:\windows\SysWow64\igkrng500.bin

[2009/07/13 23:59:36 | 000,139,824 | ---- | C] () -- C:\windows\SysWow64\igfcg500.bin

[2009/07/13 23:59:36 | 000,097,448 | ---- | C] () -- C:\windows\SysWow64\igfcg500m.bin

[2009/07/13 23:59:35 | 000,417,344 | ---- | C] () -- C:\windows\SysWow64\igcompkrng500.bin

[2009/07/13 23:03:59 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll

[2009/06/10 23:26:10 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat

 
 ========== LOP Check ==========

 

[2011/10/17 17:35:31 | 000,000,000 | ---D | M] -- C:\Users\Toni\AppData\Roaming\8FD92

[2011/07/27 20:52:43 | 000,000,000 | ---D | M] -- C:\Users\Toni\AppData\Roaming\BOM

[2011/10/17 17:35:27 | 000,000,000 | ---D | M] -- C:\Users\Toni\AppData\Roaming\DA98F

[2011/07/28 22:56:55 | 000,000,000 | ---D | M] -- C:\Users\Toni\AppData\Roaming\DVDVideoSoft

[2011/07/27 21:58:15 | 000,000,000 | ---D | M] -- C:\Users\Toni\AppData\Roaming\DVDVideoSoftIEHelpers

[2011/04/27 18:07:49 | 000,000,000 | ---D | M] -- C:\Users\Toni\AppData\Roaming\Leadertech

[2011/10/13 20:36:23 | 000,000,000 | ---D | M] -- C:\Users\Toni\AppData\Roaming\OpenOffice.org

[2011/09/27 18:34:31 | 000,000,000 | ---D | M] -- C:\Users\Toni\AppData\Roaming\Origin

[2011/08/09 17:14:39 | 000,000,000 | ---D | M] -- C:\Users\Toni\AppData\Roaming\SoftGrid Client

[2010/10/21 22:01:00 | 000,000,000 | ---D | M] -- C:\Users\Toni\AppData\Roaming\Tific

[2010/10/27 11:58:35 | 000,000,000 | ---D | M] -- C:\Users\Toni\AppData\Roaming\TP

[2009/07/14 07:08:49 | 000,027,552 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 

 
 < %ALLUSERSPROFILE%\Application Data\*. >

 
 < %ALLUSERSPROFILE%\Application Data\*.exe /s >

 
 < %APPDATA%\*. >

[2011/10/17 17:35:31 | 000,000,000 | ---D | M] -- C:\Users\Toni\AppData\Roaming\8FD92

[2010/10/22 13:29:51 | 000,000,000 | ---D | M] -- C:\Users\Toni\AppData\Roaming\Adobe

[2010/10/21 21:09:01 | 000,000,000 | ---D | M] -- C:\Users\Toni\AppData\Roaming\ATI

[2011/07/27 20:52:43 | 000,000,000 | ---D | M] -- C:\Users\Toni\AppData\Roaming\BOM

[2010/11/06 00:55:10 | 000,000,000 | ---D | M] -- C:\Users\Toni\AppData\Roaming\CyberLink

[2011/10/17 17:35:27 | 000,000,000 | ---D | M] -- C:\Users\Toni\AppData\Roaming\DA98F

[2011/07/28 22:56:55 | 000,000,000 | ---D | M] -- C:\Users\Toni\AppData\Roaming\DVDVideoSoft

[2011/07/27 21:58:15 | 000,000,000 | ---D | M] -- C:\Users\Toni\AppData\Roaming\DVDVideoSoftIEHelpers

[2010/11/05 15:18:56 | 000,000,000 | ---D | M] -- C:\Users\Toni\AppData\Roaming\HP

[2010/10/21 21:08:28 | 000,000,000 | ---D | M] -- C:\Users\Toni\AppData\Roaming\Identities

[2010/10/22 23:03:09 | 000,000,000 | ---D | M] -- C:\Users\Toni\AppData\Roaming\InstallShield

[2011/04/27 18:07:49 | 000,000,000 | ---D | M] -- C:\Users\Toni\AppData\Roaming\Leadertech

[2010/10/21 22:02:21 | 000,000,000 | ---D | M] -- C:\Users\Toni\AppData\Roaming\Macromedia

[2011/10/23 11:49:23 | 000,000,000 | ---D | M] -- C:\Users\Toni\AppData\Roaming\Malwarebytes

[2010/08/17 21:06:06 | 000,000,000 | ---D | M] -- C:\Users\Toni\AppData\Roaming\Media Center Programs

[2011/10/16 00:32:56 | 000,000,000 | --SD | M] -- C:\Users\Toni\AppData\Roaming\Microsoft

[2011/05/14 12:50:44 | 000,000,000 | ---D | M] -- C:\Users\Toni\AppData\Roaming\Mozilla

[2011/10/13 20:36:23 | 000,000,000 | ---D | M] -- C:\Users\Toni\AppData\Roaming\OpenOffice.org

[2011/09/27 18:34:31 | 000,000,000 | ---D | M] -- C:\Users\Toni\AppData\Roaming\Origin

[2010/10/21 22:29:49 | 000,000,000 | RH-D | M] -- C:\Users\Toni\AppData\Roaming\SecuROM

[2011/08/09 17:14:39 | 000,000,000 | ---D | M] -- C:\Users\Toni\AppData\Roaming\SoftGrid Client

[2010/10/21 22:01:00 | 000,000,000 | ---D | M] -- C:\Users\Toni\AppData\Roaming\Tific

[2010/10/27 11:58:35 | 000,000,000 | ---D | M] -- C:\Users\Toni\AppData\Roaming\TP

[2010/11/08 01:23:50 | 000,000,000 | ---D | M] -- C:\Users\Toni\AppData\Roaming\vlc

[2011/04/28 13:46:19 | 000,000,000 | ---D | M] -- C:\Users\Toni\AppData\Roaming\WinRAR

 
 < %APPDATA%\*.exe /s >

 
 < %SYSTEMDRIVE%\*.exe >

 

 
 < MD5 for: AGP440.SYS  >

[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\windows\SysNative\drivers\AGP440.sys

[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys

[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys

[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys

 
 < MD5 for: ATAPI.SYS  >

[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\drivers\atapi.sys

[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys

[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys

[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

 
 < MD5 for: CNGAUDIT.DLL  >

[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll

[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

[2009/07/14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\windows\SysNative\cngaudit.dll

[2009/07/14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

 
 < MD5 for: EVENTLOG.DLL  >

[2007/05/17 14:34:04 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files (x86)\CyberLink\PowerDirector\EventLog.dll

 
 < MD5 for: IASTOR.SYS  >

[2010/04/27 09:57:04 | 000,540,696 | ---- | M] (Intel Corporation) MD5=A5F72BB0D024E7E463344105BE613AE4 -- C:\windows\SysNative\drivers\iaStor.sys

[2010/04/27 09:57:04 | 000,540,696 | ---- | M] (Intel Corporation) MD5=A5F72BB0D024E7E463344105BE613AE4 -- C:\windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_c62e28b241ae90ea\iaStor.sys

 
 < MD5 for: IASTORV.SYS  >

[2010/11/20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys

[2011/03/11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys

[2011/03/11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys

[2011/03/11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\windows\SysNative\drivers\iaStorV.sys

[2011/03/11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0033117673c16921\iaStorV.sys

[2011/03/11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys

[2011/03/11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys

[2009/07/14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys

[2009/07/14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys

 
 < MD5 for: NETLOGON.DLL  >

[2009/07/14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\windows\SysNative\netlogon.dll

[2009/07/14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll

[2010/11/20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll

[2010/11/20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll

[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll

[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll

 
 < MD5 for: NVSTOR.SYS  >

[2009/07/14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys

[2009/07/14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys

[2011/03/11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\windows\SysNative\drivers\nvstor.sys

[2011/03/11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_38e464dbe521cc7f\nvstor.sys

[2011/03/11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys

[2011/03/11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys

[2011/03/11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys

[2011/03/11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys

[2010/11/20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys

 
 < MD5 for: SCECLI.DLL  >

[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll

[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll

[2009/07/14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\windows\SysNative\scecli.dll

[2009/07/14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll

[2010/11/20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll

[2010/11/20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll

 
 < MD5 for: USER32.DLL  >

[2010/11/20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll

[2009/07/14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\windows\SysNative\user32.dll

[2009/07/14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll

[2009/07/14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll

[2009/07/14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll

[2010/11/20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll

 
 < MD5 for: USERINIT.EXE  >

[2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe

[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe

[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

[2009/07/14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\windows\SysNative\userinit.exe

[2009/07/14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe

[2010/11/20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

 
 < MD5 for: WININIT.EXE  >

[2009/07/14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\windows\SysNative\wininit.exe

[2009/07/14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe

[2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe

[2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2010/11/20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe

[2009/07/14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe

[2009/10/28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe

[2009/10/28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\windows\SysNative\winlogon.exe

[2009/10/28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

 
 < MD5 for: WS2IFSL.SYS  >

[2009/07/14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\windows\SysNative\drivers\ws2ifsl.sys

[2009/07/14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys

 
 < %systemroot%\system32\drivers\*.sys /lockedfiles >

 
 < %systemroot%\System32\config\*.sav >

 
 < %systemroot%\*. /mp /s >

 
 < %systemroot%\system32\*.dll /lockedfiles >

 
 <           >

 
 ========== Alternate Data Streams ==========

 

@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:8530A643
 

< End of report >

--- --- ---

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

:OTL

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://samsung.msn.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung.msn.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/

IE - HKCU\..\URLSearchHook:  - No CLSID value found

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:49919

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"

FF - prefs.js..browser.search.selectedEngine: "ICQ Search"

FF - prefs.js..browser.startup.homepage: "http://start.icq.com/"

FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q="

FF - prefs.js..network.proxy.type: 0

[2010/11/10 17:37:34 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Toni\AppData\Roaming\mozilla\Firefox\Profiles\6foxmvb8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}

[2010/10/30 00:44:20 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Toni\AppData\Roaming\mozilla\Firefox\Profiles\6foxmvb8.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}

[2011/08/08 11:48:58 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Toni\AppData\Roaming\mozilla\Firefox\Profiles\6foxmvb8.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}

[2011/10/14 21:16:16 | 000,000,950 | ---- | M] () -- C:\Users\Toni\AppData\Roaming\Mozilla\Firefox\Profiles\6foxmvb8.default\searchplugins\icqplugin-1.xml

[2011/08/29 23:05:45 | 000,000,950 | ---- | M] () -- C:\Users\Toni\AppData\Roaming\Mozilla\Firefox\Profiles\6foxmvb8.default\searchplugins\icqplugin-2.xml

[2011/09/15 23:06:40 | 000,000,950 | ---- | M] () -- C:\Users\Toni\AppData\Roaming\Mozilla\Firefox\Profiles\6foxmvb8.default\searchplugins\icqplugin-3.xml

[2011/09/27 20:45:56 | 000,000,950 | ---- | M] () -- C:\Users\Toni\AppData\Roaming\Mozilla\Firefox\Profiles\6foxmvb8.default\searchplugins\icqplugin-4.xml

[2011/10/24 19:16:53 | 000,000,950 | ---- | M] () -- C:\Users\Toni\AppData\Roaming\Mozilla\Firefox\Profiles\6foxmvb8.default\searchplugins\icqplugin-5.xml

[2010/11/10 17:37:34 | 000,000,168 | ---- | M] () -- C:\Users\Toni\AppData\Roaming\Mozilla\Firefox\Profiles\6foxmvb8.default\searchplugins\icqplugin.gif

[2010/11/10 17:37:34 | 000,000,618 | ---- | M] () -- C:\Users\Toni\AppData\Roaming\Mozilla\Firefox\Profiles\6foxmvb8.default\searchplugins\icqplugin.src

[2011/07/28 06:37:43 | 000,001,056 | ---- | M] () -- C:\Users\Toni\AppData\Roaming\Mozilla\Firefox\Profiles\6foxmvb8.default\searchplugins\icqplugin.xml

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O4 - HKCU..\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent File not found

O4 - HKCU..\Run: [EADM] C:\Program Files (x86)\Origin\Origin.exe (Electronic Arts)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2011/08/24 07:53:21 | 008,958,304 | R--- | M] (Electronic Arts) - E:\AutoRun.exe -- [ UDF ]

O32 - AutoRun File - [2011/09/07 03:00:07 | 000,000,000 | R--D | M] - E:\Autorun -- [ UDF ]

O32 - AutoRun File - [2011/09/07 02:08:12 | 000,032,783 | R--- | M] () - E:\Autorun.ico -- [ UDF ]

O32 - AutoRun File - [2011/09/07 03:00:07 | 000,000,132 | R--- | M] () - E:\autorun.inf -- [ UDF ]

O33 - MountPoints2\{8f203e9f-c759-11df-9c03-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{8f203e9f-c759-11df-9c03-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2011/08/24 07:53:21 | 008,958,304 | R--- | M] (Electronic Arts)

[2011/10/16 00:33:21 | 000,000,000 | ---D | C] -- C:\Users\Toni\AppData\Roaming\8FD92

[2011/10/16 00:32:57 | 000,000,000 | ---D | C] -- C:\Users\Toni\AppData\Roaming\DA98F

[2011/10/15 16:25:57 | 000,000,000 | RHSD | C] -- C:\Users\Toni\M-1-52-5782-8752-5245

[2011/07/27 20:52:43 | 000,000,000 | ---D | M] -- C:\Users\Toni\AppData\Roaming\BOM

@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:8530A643

:Commands

[emptytemp]

[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Nach dem Neustart hat er mir folgendes ausgespuckt:

Code:

All processes killed

========== OTL ==========

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!

Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!

Prefs.js: "ICQ Search" removed from browser.search.defaultenginename

Prefs.js: "ICQ Search" removed from browser.search.selectedEngine

Prefs.js: "hxxp://start.icq.com/" removed from browser.startup.homepage

Prefs.js: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q=" removed from keyword.URL

Prefs.js: 0 removed from network.proxy.type

C:\Users\Toni\AppData\Roaming\mozilla\Firefox\Profiles\6foxmvb8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine folder moved successfully.

C:\Users\Toni\AppData\Roaming\mozilla\Firefox\Profiles\6foxmvb8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF folder moved successfully.

C:\Users\Toni\AppData\Roaming\mozilla\Firefox\Profiles\6foxmvb8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences folder moved successfully.

C:\Users\Toni\AppData\Roaming\mozilla\Firefox\Profiles\6foxmvb8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults folder moved successfully.

C:\Users\Toni\AppData\Roaming\mozilla\Firefox\Profiles\6foxmvb8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\components folder moved successfully.

C:\Users\Toni\AppData\Roaming\mozilla\Firefox\Profiles\6foxmvb8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin folder moved successfully.

C:\Users\Toni\AppData\Roaming\mozilla\Firefox\Profiles\6foxmvb8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\tr folder moved successfully.

C:\Users\Toni\AppData\Roaming\mozilla\Firefox\Profiles\6foxmvb8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\sk folder moved successfully.

C:\Users\Toni\AppData\Roaming\mozilla\Firefox\Profiles\6foxmvb8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\ru folder moved successfully.

C:\Users\Toni\AppData\Roaming\mozilla\Firefox\Profiles\6foxmvb8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\it folder moved successfully.

C:\Users\Toni\AppData\Roaming\mozilla\Firefox\Profiles\6foxmvb8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\he folder moved successfully.

C:\Users\Toni\AppData\Roaming\mozilla\Firefox\Profiles\6foxmvb8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\fr folder moved successfully.

C:\Users\Toni\AppData\Roaming\mozilla\Firefox\Profiles\6foxmvb8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\es folder moved successfully.

C:\Users\Toni\AppData\Roaming\mozilla\Firefox\Profiles\6foxmvb8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\en-US folder moved successfully.

C:\Users\Toni\AppData\Roaming\mozilla\Firefox\Profiles\6foxmvb8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\de folder moved successfully.

C:\Users\Toni\AppData\Roaming\mozilla\Firefox\Profiles\6foxmvb8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\cs folder moved successfully.

C:\Users\Toni\AppData\Roaming\mozilla\Firefox\Profiles\6foxmvb8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\bg folder moved successfully.

C:\Users\Toni\AppData\Roaming\mozilla\Firefox\Profiles\6foxmvb8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale folder moved successfully.

C:\Users\Toni\AppData\Roaming\mozilla\Firefox\Profiles\6foxmvb8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\img folder moved successfully.

C:\Users\Toni\AppData\Roaming\mozilla\Firefox\Profiles\6foxmvb8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content folder moved successfully.

Folder move failed. C:\Users\Toni\AppData\Roaming\mozilla\Firefox\Profiles\6foxmvb8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome scheduled to be moved on reboot.

Folder move failed. C:\Users\Toni\AppData\Roaming\mozilla\Firefox\Profiles\6foxmvb8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} scheduled to be moved on reboot.

C:\Users\Toni\AppData\Roaming\mozilla\Firefox\Profiles\6foxmvb8.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}\chrome folder moved successfully.

C:\Users\Toni\AppData\Roaming\mozilla\Firefox\Profiles\6foxmvb8.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} folder moved successfully.

C:\Users\Toni\AppData\Roaming\mozilla\Firefox\Profiles\6foxmvb8.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}\modules\third-party folder moved successfully.

C:\Users\Toni\AppData\Roaming\mozilla\Firefox\Profiles\6foxmvb8.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}\modules folder moved successfully.

C:\Users\Toni\AppData\Roaming\mozilla\Firefox\Profiles\6foxmvb8.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}\defaults\preferences folder moved successfully.

C:\Users\Toni\AppData\Roaming\mozilla\Firefox\Profiles\6foxmvb8.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}\defaults folder moved successfully.

C:\Users\Toni\AppData\Roaming\mozilla\Firefox\Profiles\6foxmvb8.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}\components folder moved successfully.

C:\Users\Toni\AppData\Roaming\mozilla\Firefox\Profiles\6foxmvb8.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}\chrome folder moved successfully.

Folder move failed. C:\Users\Toni\AppData\Roaming\mozilla\Firefox\Profiles\6foxmvb8.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} scheduled to be moved on reboot.

C:\Users\Toni\AppData\Roaming\Mozilla\Firefox\Profiles\6foxmvb8.default\searchplugins\icqplugin-1.xml moved successfully.

C:\Users\Toni\AppData\Roaming\Mozilla\Firefox\Profiles\6foxmvb8.default\searchplugins\icqplugin-2.xml moved successfully.

C:\Users\Toni\AppData\Roaming\Mozilla\Firefox\Profiles\6foxmvb8.default\searchplugins\icqplugin-3.xml moved successfully.

C:\Users\Toni\AppData\Roaming\Mozilla\Firefox\Profiles\6foxmvb8.default\searchplugins\icqplugin-4.xml moved successfully.

C:\Users\Toni\AppData\Roaming\Mozilla\Firefox\Profiles\6foxmvb8.default\searchplugins\icqplugin-5.xml moved successfully.

C:\Users\Toni\AppData\Roaming\Mozilla\Firefox\Profiles\6foxmvb8.default\searchplugins\icqplugin.gif moved successfully.

C:\Users\Toni\AppData\Roaming\Mozilla\Firefox\Profiles\6foxmvb8.default\searchplugins\icqplugin.src moved successfully.

C:\Users\Toni\AppData\Roaming\Mozilla\Firefox\Profiles\6foxmvb8.default\searchplugins\icqplugin.xml moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.

64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\EA Core deleted successfully.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\EADM deleted successfully.

C:\Program Files (x86)\Origin\Origin.exe moved successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!

File move failed. E:\AutoRun.exe scheduled to be moved on reboot.

File  not found.

File move failed. E:\Autorun.ico scheduled to be moved on reboot.

File move failed. E:\autorun.inf scheduled to be moved on reboot.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8f203e9f-c759-11df-9c03-806e6f6e6963}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8f203e9f-c759-11df-9c03-806e6f6e6963}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8f203e9f-c759-11df-9c03-806e6f6e6963}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8f203e9f-c759-11df-9c03-806e6f6e6963}\ not found.

File move failed. E:\AutoRun.exe scheduled to be moved on reboot.

C:\Users\Toni\AppData\Roaming\8FD92 folder moved successfully.

C:\Users\Toni\AppData\Roaming\DA98F folder moved successfully.

C:\Users\Toni\M-1-52-5782-8752-5245 folder moved successfully.

C:\Users\Toni\AppData\Roaming\BOM folder moved successfully.

ADS C:\ProgramData\Temp:8530A643 deleted successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Public

 

User: Toni

->Temp folder emptied: 906894369 bytes

->Temporary Internet Files folder emptied: 41489392 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 58192043 bytes

->Flash cache emptied: 114274 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 152948836 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67899 bytes

RecycleBin emptied: 3840910473 bytes

 

Total Files Cleaned = 4,769.00 mb

 

C:\windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

OTL by OldTimer - Version 3.2.31.0 log created on 10252011_195139
 

Files\Folders moved on Reboot...

C:\Users\Toni\AppData\Roaming\mozilla\Firefox\Profiles\6foxmvb8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome folder moved successfully.

C:\Users\Toni\AppData\Roaming\mozilla\Firefox\Profiles\6foxmvb8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} folder moved successfully.

C:\Users\Toni\AppData\Roaming\mozilla\Firefox\Profiles\6foxmvb8.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} folder moved successfully.

File move failed. E:\AutoRun.exe scheduled to be moved on reboot.

File move failed. E:\Autorun.ico scheduled to be moved on reboot.

File move failed. E:\autorun.inf scheduled to be moved on reboot.

C:\Users\Toni\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
 

Registry entries deleted on Reboot...

Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

Code:

20:40:01.0533 1140        TDSS rootkit removing tool 2.6.13.0 Oct 25 2011 13:56:21

20:40:01.0780 1140        ============================================================

20:40:01.0780 1140        Current date / time: 2011/10/25 20:40:01.0780

20:40:01.0780 1140        SystemInfo:

20:40:01.0781 1140        

20:40:01.0781 1140        OS Version: 6.1.7600 ServicePack: 0.0

20:40:01.0781 1140        Product type: Workstation

20:40:01.0781 1140        ComputerName: SGD1953

20:40:01.0781 1140        UserName: Toni

20:40:01.0781 1140        Windows directory: C:\windows

20:40:01.0781 1140        System windows directory: C:\windows

20:40:01.0781 1140        Running under WOW64

20:40:01.0782 1140        Processor architecture: Intel x64

20:40:01.0782 1140        Number of processors: 4

20:40:01.0782 1140        Page size: 0x1000

20:40:01.0782 1140        Boot type: Normal boot

20:40:01.0782 1140        ============================================================

20:40:02.0336 1140        Initialize success

20:41:05.0885 4952        ============================================================

20:41:05.0885 4952        Scan started

20:41:05.0885 4952        Mode: Manual; SigCheck; TDLFS; 

20:41:05.0885 4952        ============================================================

20:41:06.0092 4952        1394ohci        (1b00662092f9f9568b995902f0cc40d5) C:\windows\system32\DRIVERS\1394ohci.sys

20:41:06.0191 4952        1394ohci - ok

20:41:06.0242 4952        ACPI            (6f11e88748cdefd2f76aa215f97ddfe5) C:\windows\system32\DRIVERS\ACPI.sys

20:41:06.0271 4952        ACPI - ok

20:41:06.0295 4952        AcpiPmi         (63b05a0420ce4bf0e4af6dcc7cada254) C:\windows\system32\DRIVERS\acpipmi.sys

20:41:06.0336 4952        AcpiPmi - ok

20:41:06.0374 4952        adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\DRIVERS\adp94xx.sys

20:41:06.0402 4952        adp94xx - ok

20:41:06.0449 4952        adpahci         (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\DRIVERS\adpahci.sys

20:41:06.0476 4952        adpahci - ok

20:41:06.0509 4952        adpu320         (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\DRIVERS\adpu320.sys

20:41:06.0530 4952        adpu320 - ok

20:41:06.0590 4952        AFD             (6ef20ddf3172e97d69f596fb90602f29) C:\windows\system32\drivers\afd.sys

20:41:06.0655 4952        AFD - ok

20:41:06.0689 4952        agp440          (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\DRIVERS\agp440.sys

20:41:06.0708 4952        agp440 - ok

20:41:06.0742 4952        aliide          (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\DRIVERS\aliide.sys

20:41:06.0759 4952        aliide - ok

20:41:06.0792 4952        amdide          (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\DRIVERS\amdide.sys

20:41:06.0809 4952        amdide - ok

20:41:06.0851 4952        AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\DRIVERS\amdk8.sys

20:41:06.0944 4952        AmdK8 - ok

20:41:07.0183 4952        amdkmdag        (3d07f9c090c7a1d76d624972a5384471) C:\windows\system32\DRIVERS\atikmdag.sys

20:41:07.0402 4952        amdkmdag - ok

20:41:07.0506 4952        amdkmdap        (99ab7e4b24c80155dc4296f657faf3c7) C:\windows\system32\DRIVERS\atikmpag.sys

20:41:07.0567 4952        amdkmdap - ok

20:41:07.0585 4952        AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys

20:41:07.0680 4952        AmdPPM - ok

20:41:07.0730 4952        amdsata         (ec7ebab00a4d8448bab68d1e49b4beb9) C:\windows\system32\drivers\amdsata.sys

20:41:07.0753 4952        amdsata - ok

20:41:07.0777 4952        amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\DRIVERS\amdsbs.sys

20:41:07.0804 4952        amdsbs - ok

20:41:07.0842 4952        amdxata         (db27766102c7bf7e95140a2aa81d042e) C:\windows\system32\drivers\amdxata.sys

20:41:07.0876 4952        amdxata - ok

20:41:07.0914 4952        AppID           (42fd751b27fa0e9c69bb39f39e409594) C:\windows\system32\drivers\appid.sys

20:41:08.0067 4952        AppID - ok

20:41:08.0190 4952        arc             (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\DRIVERS\arc.sys

20:41:08.0222 4952        arc - ok

20:41:08.0239 4952        arcsas          (019af6924aefe7839f61c830227fe79c) C:\windows\system32\DRIVERS\arcsas.sys

20:41:08.0257 4952        arcsas - ok

20:41:08.0303 4952        AsyncMac        (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys

20:41:08.0379 4952        AsyncMac - ok

20:41:08.0407 4952        atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\DRIVERS\atapi.sys

20:41:08.0424 4952        atapi - ok

20:41:08.0562 4952        athr            (2c0bb386e86670bb1b1a57caaef3e50d) C:\windows\system32\DRIVERS\athrx.sys

20:41:08.0652 4952        athr - ok

20:41:08.0799 4952        AtiHDAudioService (d048e78b8b6416a0a5a18843867c9973) C:\windows\system32\drivers\AtihdW76.sys

20:41:08.0842 4952        AtiHDAudioService - ok

20:41:08.0913 4952        b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\windows\system32\DRIVERS\bxvbda.sys

20:41:09.0011 4952        b06bdrv - ok

20:41:09.0043 4952        b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys

20:41:09.0134 4952        b57nd60a - ok

20:41:09.0252 4952        BCM43XX         (96cc359d243b3c947db036e941ea213d) C:\windows\system32\DRIVERS\bcmwl664.sys

20:41:09.0340 4952        BCM43XX - ok

20:41:09.0457 4952        Beep            (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys

20:41:09.0537 4952        Beep - ok

20:41:09.0765 4952        BHDrvx64        (446b2c459a7d11cd71350235d6977e2a) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\BASHDefs\20101123.003\BHDrvx64.sys

20:41:09.0809 4952        BHDrvx64 - ok

20:41:09.0902 4952        blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys

20:41:09.0945 4952        blbdrive - ok

20:41:09.0993 4952        bowser          (19d20159708e152267e53b66677a4995) C:\windows\system32\DRIVERS\bowser.sys

20:41:10.0035 4952        bowser - ok

20:41:10.0059 4952        BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\DRIVERS\BrFiltLo.sys

20:41:10.0140 4952        BrFiltLo - ok

20:41:10.0170 4952        BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\DRIVERS\BrFiltUp.sys

20:41:10.0193 4952        BrFiltUp - ok

20:41:10.0220 4952        Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys

20:41:10.0319 4952        Brserid - ok

20:41:10.0342 4952        BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys

20:41:10.0399 4952        BrSerWdm - ok

20:41:10.0426 4952        BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys

20:41:10.0489 4952        BrUsbMdm - ok

20:41:10.0530 4952        BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys

20:41:10.0576 4952        BrUsbSer - ok

20:41:10.0654 4952        BthEnum         (cf98190a94f62e405c8cb255018b2315) C:\windows\system32\drivers\BthEnum.sys

20:41:10.0696 4952        BthEnum - ok

20:41:10.0722 4952        BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\DRIVERS\bthmodem.sys

20:41:10.0767 4952        BTHMODEM - ok

20:41:10.0804 4952        BthPan          (02dd601b708dd0667e1331fa8518e9ff) C:\windows\system32\DRIVERS\bthpan.sys

20:41:10.0845 4952        BthPan - ok

20:41:10.0915 4952        BTHPORT         (21084ceb85280468c9aca3c805c0f8cf) C:\windows\System32\Drivers\BTHport.sys

20:41:10.0973 4952        BTHPORT - ok

20:41:11.0040 4952        BTHUSB          (8504842634dd144c075b6b0c982ccec4) C:\windows\System32\Drivers\BTHUSB.sys

20:41:11.0092 4952        BTHUSB - ok

20:41:11.0125 4952        cdfs            (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys

20:41:11.0195 4952        cdfs - ok

20:41:11.0224 4952        cdrom           (83d2d75e1efb81b3450c18131443f7db) C:\windows\system32\DRIVERS\cdrom.sys

20:41:11.0265 4952        cdrom - ok

20:41:11.0297 4952        circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\DRIVERS\circlass.sys

20:41:11.0381 4952        circlass - ok

20:41:11.0429 4952        CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys

20:41:11.0459 4952        CLFS - ok

20:41:11.0513 4952        CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys

20:41:11.0550 4952        CmBatt - ok

20:41:11.0565 4952        cmdide          (e19d3f095812725d88f9001985b94edd) C:\windows\system32\DRIVERS\cmdide.sys

20:41:11.0588 4952        cmdide - ok

20:41:11.0625 4952        CNG             (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\windows\system32\Drivers\cng.sys

20:41:11.0664 4952        CNG - ok

20:41:11.0686 4952        Compbatt        (102de219c3f61415f964c88e9085ad14) C:\windows\system32\DRIVERS\compbatt.sys

20:41:11.0703 4952        Compbatt - ok

20:41:11.0752 4952        CompositeBus    (f26b3a86f6fa87ca360b879581ab4123) C:\windows\system32\DRIVERS\CompositeBus.sys

20:41:11.0827 4952        CompositeBus - ok

20:41:11.0858 4952        crcdisk         (1c827878a998c18847245fe1f34ee597) C:\windows\system32\DRIVERS\crcdisk.sys

20:41:11.0877 4952        crcdisk - ok

20:41:11.0970 4952        DfsC            (9c253ce7311ca60fc11c774692a13208) C:\windows\system32\Drivers\dfsc.sys

20:41:12.0010 4952        DfsC - ok

20:41:12.0035 4952        discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys

20:41:12.0125 4952        discache - ok

20:41:12.0161 4952        Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\DRIVERS\disk.sys

20:41:12.0196 4952        Disk - ok

20:41:12.0330 4952        Dot4            (b42ed0320c6e41102fde0005154849bb) C:\windows\system32\DRIVERS\Dot4.sys

20:41:12.0388 4952        Dot4 - ok

20:41:12.0412 4952        Dot4Print       (85135ad27e79b689335c08167d917cde) C:\windows\system32\DRIVERS\Dot4Prt.sys

20:41:12.0439 4952        Dot4Print - ok

20:41:12.0465 4952        dot4usb         (fd05a02b0370bc3000f402e543ca5814) C:\windows\system32\DRIVERS\dot4usb.sys

20:41:12.0510 4952        dot4usb - ok

20:41:12.0541 4952        drmkaud         (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys

20:41:12.0593 4952        drmkaud - ok

20:41:12.0637 4952        DXGKrnl         (1633b9abf52784a1331476397a48cbef) C:\windows\System32\drivers\dxgkrnl.sys

20:41:12.0686 4952        DXGKrnl - ok

20:41:12.0792 4952        ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\DRIVERS\evbda.sys

20:41:12.0878 4952        ebdrv - ok

20:41:12.0986 4952        eeCtrl          (066108ae4c35835081598827a1a7d08d) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys

20:41:13.0028 4952        eeCtrl - ok

20:41:13.0144 4952        elxstor         (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\DRIVERS\elxstor.sys

20:41:13.0185 4952        elxstor - ok

20:41:13.0239 4952        EraserUtilRebootDrv (12866876e3851f1e5d462b2a83e25578) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

20:41:13.0261 4952        EraserUtilRebootDrv - ok

20:41:13.0286 4952        ErrDev          (34a3c54752046e79a126e15c51db409b) C:\windows\system32\DRIVERS\errdev.sys

20:41:13.0339 4952        ErrDev - ok

20:41:13.0386 4952        exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys

20:41:13.0456 4952        exfat - ok

20:41:13.0485 4952        fastfat         (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys

20:41:13.0542 4952        fastfat - ok

20:41:13.0572 4952        fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\DRIVERS\fdc.sys

20:41:13.0609 4952        fdc - ok

20:41:13.0712 4952        FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys

20:41:13.0744 4952        FileInfo - ok

20:41:13.0842 4952        Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys

20:41:13.0904 4952        Filetrace - ok

20:41:13.0926 4952        flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\DRIVERS\flpydisk.sys

20:41:13.0952 4952        flpydisk - ok

20:41:13.0977 4952        FltMgr          (f7866af72abbaf84b1fa5aa195378c59) C:\windows\system32\drivers\fltmgr.sys

20:41:14.0002 4952        FltMgr - ok

20:41:14.0023 4952        FsDepends       (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys

20:41:14.0042 4952        FsDepends - ok

20:41:14.0087 4952        fssfltr         (2bf3b36b96d015af666b6aa63ae2e38f) C:\windows\system32\DRIVERS\fssfltr.sys

20:41:14.0119 4952        fssfltr - ok

20:41:14.0148 4952        Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\windows\system32\drivers\Fs_Rec.sys

20:41:14.0168 4952        Fs_Rec - ok

20:41:14.0212 4952        fvevol          (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\windows\system32\DRIVERS\fvevol.sys

20:41:14.0260 4952        fvevol - ok

20:41:14.0324 4952        gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\DRIVERS\gagp30kx.sys

20:41:14.0356 4952        gagp30kx - ok

20:41:14.0421 4952        hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys

20:41:14.0498 4952        hcw85cir - ok

20:41:14.0541 4952        HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\windows\system32\drivers\HdAudio.sys

20:41:14.0599 4952        HdAudAddService - ok

20:41:14.0635 4952        HDAudBus        (0a49913402747a0b67de940fb42cbdbb) C:\windows\system32\DRIVERS\HDAudBus.sys

20:41:14.0679 4952        HDAudBus - ok

20:41:14.0703 4952        HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\DRIVERS\HidBatt.sys

20:41:14.0723 4952        HidBatt - ok

20:41:14.0753 4952        HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\DRIVERS\hidbth.sys

20:41:14.0807 4952        HidBth - ok

20:41:14.0843 4952        HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\DRIVERS\hidir.sys

20:41:14.0884 4952        HidIr - ok

20:41:14.0921 4952        HidUsb          (b3bf6b5b50006def50b66306d99fcf6f) C:\windows\system32\DRIVERS\hidusb.sys

20:41:14.0991 4952        HidUsb - ok

20:41:15.0053 4952        HpSAMD          (0886d440058f203eba0e1825e4355914) C:\windows\system32\DRIVERS\HpSAMD.sys

20:41:15.0075 4952        HpSAMD - ok

20:41:15.0166 4952        HTTP            (cee049cac4efa7f4e1e4ad014414a5d4) C:\windows\system32\drivers\HTTP.sys

20:41:15.0236 4952        HTTP - ok

20:41:15.0256 4952        hwpolicy        (f17766a19145f111856378df337a5d79) C:\windows\system32\drivers\hwpolicy.sys

20:41:15.0273 4952        hwpolicy - ok

20:41:15.0423 4952        i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys

20:41:15.0466 4952        i8042prt - ok

20:41:15.0543 4952        iaStor          (a5f72bb0d024e7e463344105be613ae4) C:\windows\system32\DRIVERS\iaStor.sys

20:41:15.0573 4952        iaStor - ok

20:41:15.0716 4952        iaStorV         (b75e45c564e944a2657167d197ab29da) C:\windows\system32\drivers\iaStorV.sys

20:41:15.0773 4952        iaStorV - ok

20:41:16.0000 4952        IDSVia64        (6f9b281bc4afff5fe784d7da699d347f) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\IPSDefs\20101217.001\IDSvia64.sys

20:41:16.0039 4952        IDSVia64 - ok

20:41:16.0309 4952        igfx            (a87261ef1546325b559374f5689cf5bc) C:\windows\system32\DRIVERS\igdkmd64.sys

20:41:16.0580 4952        igfx - ok

20:41:16.0680 4952        iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\DRIVERS\iirsp.sys

20:41:16.0707 4952        iirsp - ok

20:41:16.0806 4952        Impcd           (dd587a55390ed2295bce6d36ad567da9) C:\windows\system32\DRIVERS\Impcd.sys

20:41:16.0879 4952        Impcd - ok

20:41:16.0989 4952        IntcAzAudAddService (cb5fd9b681ad43b560490b5283ddc1c1) C:\windows\system32\drivers\RTKVHD64.sys

20:41:17.0056 4952        IntcAzAudAddService - ok

20:41:17.0177 4952        intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\DRIVERS\intelide.sys

20:41:17.0208 4952        intelide - ok

20:41:17.0234 4952        intelppm        (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys

20:41:17.0266 4952        intelppm - ok

20:41:17.0317 4952        IpFilterDriver  (722dd294df62483cecaae6e094b4d695) C:\windows\system32\DRIVERS\ipfltdrv.sys

20:41:17.0390 4952        IpFilterDriver - ok

20:41:17.0417 4952        IPMIDRV         (e2b4a4494db7cb9b89b55ca268c337c5) C:\windows\system32\DRIVERS\IPMIDrv.sys

20:41:17.0447 4952        IPMIDRV - ok

20:41:17.0464 4952        IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys

20:41:17.0509 4952        IPNAT - ok

20:41:17.0550 4952        IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys

20:41:17.0575 4952        IRENUM - ok

20:41:17.0598 4952        isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\DRIVERS\isapnp.sys

20:41:17.0618 4952        isapnp - ok

20:41:17.0634 4952        iScsiPrt        (fa4d2557de56d45b0a346f93564be6e1) C:\windows\system32\DRIVERS\msiscsi.sys

20:41:17.0660 4952        iScsiPrt - ok

20:41:17.0676 4952        kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys

20:41:17.0694 4952        kbdclass - ok

20:41:17.0716 4952        kbdhid          (6def98f8541e1b5dceb2c822a11f7323) C:\windows\system32\DRIVERS\kbdhid.sys

20:41:17.0750 4952        kbdhid - ok

20:41:17.0777 4952        KSecDD          (e8b6fcc9c83535c67f835d407620bd27) C:\windows\system32\Drivers\ksecdd.sys

20:41:17.0798 4952        KSecDD - ok

20:41:17.0831 4952        KSecPkg         (a8c63880ef6f4d3fec7b616b9c060215) C:\windows\system32\Drivers\ksecpkg.sys

20:41:17.0868 4952        KSecPkg - ok

20:41:17.0901 4952        ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys

20:41:17.0985 4952        ksthunk - ok

20:41:18.0038 4952        lltdio          (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys

20:41:18.0122 4952        lltdio - ok

20:41:18.0171 4952        LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\DRIVERS\lsi_fc.sys

20:41:18.0208 4952        LSI_FC - ok

20:41:18.0227 4952        LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\DRIVERS\lsi_sas.sys

20:41:18.0246 4952        LSI_SAS - ok

20:41:18.0265 4952        LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\DRIVERS\lsi_sas2.sys

20:41:18.0284 4952        LSI_SAS2 - ok

20:41:18.0308 4952        LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\DRIVERS\lsi_scsi.sys

20:41:18.0327 4952        LSI_SCSI - ok

20:41:18.0376 4952        luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys

20:41:18.0477 4952        luafv - ok

20:41:18.0532 4952        megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\DRIVERS\megasas.sys

20:41:18.0552 4952        megasas - ok

20:41:18.0574 4952        MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\DRIVERS\MegaSR.sys

20:41:18.0603 4952        MegaSR - ok

20:41:18.0645 4952        Modem           (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys

20:41:18.0745 4952        Modem - ok

20:41:18.0811 4952        monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys

20:41:18.0871 4952        monitor - ok

20:41:18.0946 4952        mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys

20:41:18.0978 4952        mouclass - ok

20:41:19.0027 4952        mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys

20:41:19.0097 4952        mouhid - ok

20:41:19.0125 4952        mountmgr        (791af66c4d0e7c90a3646066386fb571) C:\windows\system32\drivers\mountmgr.sys

20:41:19.0149 4952        mountmgr - ok

20:41:19.0219 4952        MpFilter        (c177a7ebf5e8a0b596f618870516cab8) C:\windows\system32\DRIVERS\MpFilter.sys

20:41:19.0252 4952        MpFilter - ok

20:41:19.0274 4952        mpio            (609d1d87649ecc19796f4d76d4c15cea) C:\windows\system32\DRIVERS\mpio.sys

20:41:19.0294 4952        mpio - ok

20:41:19.0314 4952        MpNWMon         (8fbf6b31fe8af1833d93c5913d5b4d55) C:\windows\system32\DRIVERS\MpNWMon.sys

20:41:19.0331 4952        MpNWMon - ok

20:41:19.0347 4952        mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys

20:41:19.0407 4952        mpsdrv - ok

20:41:19.0430 4952        MRxDAV          (30524261bb51d96d6fcbac20c810183c) C:\windows\system32\drivers\mrxdav.sys

20:41:19.0468 4952        MRxDAV - ok

20:41:19.0505 4952        mrxsmb          (040d62a9d8ad28922632137acdd984f2) C:\windows\system32\DRIVERS\mrxsmb.sys

20:41:19.0558 4952        mrxsmb - ok

20:41:19.0596 4952        mrxsmb10        (f0067552f8f9b33d7c59403ab808a3cb) C:\windows\system32\DRIVERS\mrxsmb10.sys

20:41:19.0651 4952        mrxsmb10 - ok

20:41:19.0670 4952        mrxsmb20        (3c142d31de9f2f193218a53fe2632051) C:\windows\system32\DRIVERS\mrxsmb20.sys

20:41:19.0694 4952        mrxsmb20 - ok

20:41:19.0720 4952        msahci          (5c37497276e3b3a5488b23a326a754b7) C:\windows\system32\DRIVERS\msahci.sys

20:41:19.0738 4952        msahci - ok

20:41:19.0760 4952        msdsm           (8d27b597229aed79430fb9db3bcbfbd0) C:\windows\system32\DRIVERS\msdsm.sys

20:41:19.0781 4952        msdsm - ok

20:41:19.0802 4952        Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys

20:41:19.0861 4952        Msfs - ok

20:41:19.0890 4952        mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys

20:41:19.0968 4952        mshidkmdf - ok

20:41:19.0990 4952        msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\DRIVERS\msisadrv.sys

20:41:20.0006 4952        msisadrv - ok

20:41:20.0044 4952        MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys

20:41:20.0088 4952        MSKSSRV - ok

20:41:20.0130 4952        MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys

20:41:20.0178 4952        MSPCLOCK - ok

20:41:20.0198 4952        MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys

20:41:20.0255 4952        MSPQM - ok

20:41:20.0282 4952        MsRPC           (89cb141aa8616d8c6a4610fa26c60964) C:\windows\system32\drivers\MsRPC.sys

20:41:20.0305 4952        MsRPC - ok

20:41:20.0326 4952        mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys

20:41:20.0344 4952        mssmbios - ok

20:41:20.0379 4952        MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys

20:41:20.0439 4952        MSTEE - ok

20:41:20.0460 4952        MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\DRIVERS\MTConfig.sys

20:41:20.0479 4952        MTConfig - ok

20:41:20.0500 4952        Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys

20:41:20.0518 4952        Mup - ok

20:41:20.0604 4952        NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys

20:41:20.0677 4952        NativeWifiP - ok

20:41:20.0824 4952        NAVENG          (7be93dbb02b66e72872ff76d8a92e662) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\VirusDefs\20101220.002\ENG64.SYS

20:41:20.0850 4952        NAVENG - ok

20:41:20.0984 4952        NAVEX15         (be99edbba322ca59b3f2fe17b9bf987a) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\VirusDefs\20101220.002\EX64.SYS

20:41:21.0034 4952        NAVEX15 - ok

20:41:21.0191 4952        NDIS            (cad515dbd07d082bb317d9928ce8962c) C:\windows\system32\drivers\ndis.sys

20:41:21.0244 4952        NDIS - ok

20:41:21.0357 4952        NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys

20:41:21.0455 4952        NdisCap - ok

20:41:21.0477 4952        NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys

20:41:21.0532 4952        NdisTapi - ok

20:41:21.0556 4952        Ndisuio         (f105ba1e22bf1f2ee8f005d4305e4bec) C:\windows\system32\DRIVERS\ndisuio.sys

20:41:21.0609 4952        Ndisuio - ok

20:41:21.0624 4952        NdisWan         (557dfab9ca1fcb036ac77564c010dad3) C:\windows\system32\DRIVERS\ndiswan.sys

20:41:21.0723 4952        NdisWan - ok

20:41:21.0746 4952        NDProxy         (659b74fb74b86228d6338d643cd3e3cf) C:\windows\system32\drivers\NDProxy.sys

20:41:21.0791 4952        NDProxy - ok

20:41:21.0831 4952        NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys

20:41:21.0884 4952        NetBIOS - ok

20:41:21.0904 4952        NetBT           (9162b273a44ab9dce5b44362731d062a) C:\windows\system32\DRIVERS\netbt.sys

20:41:21.0989 4952        NetBT - ok

20:41:22.0021 4952        nfrd960         (77889813be4d166cdab78ddba990da92) C:\windows\system32\DRIVERS\nfrd960.sys

20:41:22.0041 4952        nfrd960 - ok

20:41:22.0108 4952        NisDrv          (5f7d72cbcdd025af1f38fdeee5646968) C:\windows\system32\DRIVERS\NisDrvWFP.sys

20:41:22.0141 4952        NisDrv - ok

20:41:22.0219 4952        Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys

20:41:22.0287 4952        Npfs - ok

20:41:22.0302 4952        nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys

20:41:22.0345 4952        nsiproxy - ok

20:41:22.0409 4952        Ntfs            (378e0e0dfea67d98ae6ea53adbbd76bc) C:\windows\system32\drivers\Ntfs.sys

20:41:22.0464 4952        Ntfs - ok

20:41:22.0500 4952        Null            (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys

20:41:22.0557 4952        Null - ok

20:41:22.0594 4952        nvraid          (a4d9c9a608a97f59307c2f2600edc6a4) C:\windows\system32\drivers\nvraid.sys

20:41:22.0626 4952        nvraid - ok

20:41:22.0659 4952        nvstor          (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\windows\system32\drivers\nvstor.sys

20:41:22.0695 4952        nvstor - ok

20:41:22.0708 4952        nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\DRIVERS\nv_agp.sys

20:41:22.0730 4952        nv_agp - ok

20:41:22.0779 4952        ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\DRIVERS\ohci1394.sys

20:41:22.0814 4952        ohci1394 - ok

20:41:22.0886 4952        Parport         (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\DRIVERS\parport.sys

20:41:22.0924 4952        Parport - ok

20:41:22.0943 4952        partmgr         (7daa117143316c4a1537e074a5a9eaf0) C:\windows\system32\drivers\partmgr.sys

20:41:22.0962 4952        partmgr - ok

20:41:22.0987 4952        pci             (f36f6504009f2fb0dfd1b17a116ad74b) C:\windows\system32\DRIVERS\pci.sys

20:41:23.0008 4952        pci - ok

20:41:23.0026 4952        pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\DRIVERS\pciide.sys

20:41:23.0043 4952        pciide - ok

20:41:23.0076 4952        pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\DRIVERS\pcmcia.sys

20:41:23.0116 4952        pcmcia - ok

20:41:23.0141 4952        pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys

20:41:23.0162 4952        pcw - ok

20:41:23.0203 4952        PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys

20:41:23.0266 4952        PEAUTH - ok

20:41:23.0335 4952        PptpMiniport    (27cc19e81ba5e3403c48302127bda717) C:\windows\system32\DRIVERS\raspptp.sys

20:41:23.0407 4952        PptpMiniport - ok

20:41:23.0425 4952        Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\DRIVERS\processr.sys

20:41:23.0456 4952        Processor - ok

20:41:23.0511 4952        Psched          (ee992183bd8eaefd9973f352e587a299) C:\windows\system32\DRIVERS\pacer.sys

20:41:23.0588 4952        Psched - ok

20:41:23.0644 4952        ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\DRIVERS\ql2300.sys

20:41:23.0703 4952        ql2300 - ok

20:41:23.0724 4952        ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\DRIVERS\ql40xx.sys

20:41:23.0745 4952        ql40xx - ok

20:41:23.0768 4952        QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys

20:41:23.0791 4952        QWAVEdrv - ok

20:41:23.0814 4952        RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys

20:41:23.0857 4952        RasAcd - ok

20:41:23.0899 4952        RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys

20:41:23.0976 4952        RasAgileVpn - ok

20:41:24.0003 4952        Rasl2tp         (87a6e852a22991580d6d39adc4790463) C:\windows\system32\DRIVERS\rasl2tp.sys

20:41:24.0117 4952        Rasl2tp - ok

20:41:24.0149 4952        RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys

20:41:24.0206 4952        RasPppoe - ok

20:41:24.0227 4952        RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys

20:41:24.0292 4952        RasSstp - ok

20:41:24.0312 4952        rdbss           (3bac8142102c15d59a87757c1d41dce5) C:\windows\system32\DRIVERS\rdbss.sys

20:41:24.0371 4952        rdbss - ok

20:41:24.0393 4952        rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\DRIVERS\rdpbus.sys

20:41:24.0486 4952        rdpbus - ok

20:41:24.0527 4952        RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys

20:41:24.0627 4952        RDPCDD - ok

20:41:24.0649 4952        RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys

20:41:24.0690 4952        RDPENCDD - ok

20:41:24.0707 4952        RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys

20:41:24.0761 4952        RDPREFMP - ok

20:41:24.0778 4952        RDPWD           (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\windows\system32\drivers\RDPWD.sys

20:41:24.0832 4952        RDPWD - ok

20:41:24.0870 4952        rdyboost        (634b9a2181d98f15941236886164ec8b) C:\windows\system32\drivers\rdyboost.sys

20:41:24.0892 4952        rdyboost - ok

20:41:24.0943 4952        RFCOMM          (3dd798846e2c28102b922c56e71b7932) C:\windows\system32\DRIVERS\rfcomm.sys

20:41:24.0984 4952        RFCOMM - ok

20:41:25.0029 4952        rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys

20:41:25.0112 4952        rspndr - ok

20:41:25.0153 4952        RTL8167         (baefee35d27a5440d35092ce10267bec) C:\windows\system32\DRIVERS\Rt64win7.sys

20:41:25.0207 4952        RTL8167 - ok

20:41:25.0322 4952        rtport          (4ca0dba9e224473d664c25e411f5a3bd) C:\windows\SysWOW64\drivers\rtport.sys

20:41:25.0375 4952        rtport - ok

20:41:25.0503 4952        SABI            (62db6cc4b0818f1b5f3441241b098f12) C:\windows\system32\Drivers\SABI.sys

20:41:25.0546 4952        SABI - ok

20:41:25.0583 4952        sbp2port        (e3bbb89983daf5622c1d50cf49f28227) C:\windows\system32\DRIVERS\sbp2port.sys

20:41:25.0614 4952        sbp2port - ok

20:41:25.0642 4952        scfilter        (c94da20c7e3ba1dca269bc8460d98387) C:\windows\system32\DRIVERS\scfilter.sys

20:41:25.0749 4952        scfilter - ok

20:41:25.0780 4952        secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys

20:41:25.0835 4952        secdrv - ok

20:41:25.0873 4952        Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\DRIVERS\serenum.sys

20:41:25.0944 4952        Serenum - ok

20:41:25.0972 4952        Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\DRIVERS\serial.sys

20:41:26.0019 4952        Serial - ok

20:41:26.0043 4952        sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\DRIVERS\sermouse.sys

20:41:26.0077 4952        sermouse - ok

20:41:26.0110 4952        sffdisk         (a554811bcd09279536440c964ae35bbf) C:\windows\system32\DRIVERS\sffdisk.sys

20:41:26.0183 4952        sffdisk - ok

20:41:26.0193 4952        sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\DRIVERS\sffp_mmc.sys

20:41:26.0223 4952        sffp_mmc - ok

20:41:26.0232 4952        sffp_sd         (178298f767fe638c9fedcbdef58bb5e4) C:\windows\system32\DRIVERS\sffp_sd.sys

20:41:26.0258 4952        sffp_sd - ok

20:41:26.0285 4952        sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\DRIVERS\sfloppy.sys

20:41:26.0325 4952        sfloppy - ok

20:41:26.0427 4952        Sftfs           (a40abfdcb75f835fdf3ce0cc64e4250d) C:\windows\system32\DRIVERS\Sftfslh.sys

20:41:26.0476 4952        Sftfs - ok

20:41:26.0505 4952        Sftplay         (411769ed1cb12d2b44217734347bdb7a) C:\windows\system32\DRIVERS\Sftplaylh.sys

20:41:26.0526 4952        Sftplay - ok

20:41:26.0549 4952        Sftredir        (a14d0df34bbb00ea94da16193d0c7957) C:\windows\system32\DRIVERS\Sftredirlh.sys

20:41:26.0564 4952        Sftredir - ok

20:41:26.0581 4952        Sftvol          (393b22addd89979eb1c60898f51c3648) C:\windows\system32\DRIVERS\Sftvollh.sys

20:41:26.0596 4952        Sftvol - ok

20:41:26.0635 4952        SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\DRIVERS\SiSRaid2.sys

20:41:26.0652 4952        SiSRaid2 - ok

20:41:26.0704 4952        SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\DRIVERS\sisraid4.sys

20:41:26.0724 4952        SiSRaid4 - ok

20:41:26.0758 4952        Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys

20:41:26.0825 4952        Smb - ok

20:41:26.0858 4952        spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys

20:41:26.0878 4952        spldr - ok

20:41:26.0992 4952        SRTSP           (90ef30c3867bcde4579c01a6d6e75a7a) C:\windows\System32\Drivers\NISx64\1206000.01D\SRTSP64.SYS

20:41:27.0042 4952        SRTSP - ok

20:41:27.0066 4952        SRTSPX          (c513e8a5e7978da49077f5484344ee1b) C:\windows\system32\drivers\NISx64\1206000.01D\SRTSPX64.SYS

20:41:27.0082 4952        SRTSPX - ok

20:41:27.0121 4952        srv             (2408c0366d96bcdf63e8f1c78e4a29c5) C:\windows\system32\DRIVERS\srv.sys

20:41:27.0159 4952        srv - ok

20:41:27.0191 4952        srv2            (76548f7b818881b47d8d1ae1be9c11f8) C:\windows\system32\DRIVERS\srv2.sys

20:41:27.0252 4952        srv2 - ok

20:41:27.0315 4952        srvnet          (0af6e19d39c70844c5caa8fb0183c36e) C:\windows\system32\DRIVERS\srvnet.sys

20:41:27.0365 4952        srvnet - ok

20:41:27.0409 4952        stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\DRIVERS\stexstor.sys

20:41:27.0428 4952        stexstor - ok

20:41:27.0471 4952        swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys

20:41:27.0490 4952        swenum - ok

20:41:27.0548 4952        SymDS           (6160145c7a87fc7672e8e3b886888176) C:\windows\system32\drivers\NISx64\1206000.01D\SYMDS64.SYS

20:41:27.0586 4952        SymDS - ok

20:41:27.0648 4952        SymEFA          (96aeed40d4d3521568b42027687e69e0) C:\windows\system32\drivers\NISx64\1206000.01D\SYMEFA64.SYS

20:41:27.0695 4952        SymEFA - ok

20:41:27.0737 4952        SymEvent        (21a1c2d694c3cf962d31f5e873ab3d6f) C:\windows\system32\Drivers\SYMEVENT64x86.SYS

20:41:27.0774 4952        SymEvent - ok

20:41:27.0807 4952        SymIRON         (bd0d711d8cbfcaa19ca123306eaf53a5) C:\windows\system32\drivers\NISx64\1206000.01D\Ironx64.SYS

20:41:27.0824 4952        SymIRON - ok

20:41:27.0854 4952        SymNetS         (a6adb3d83023f8daa0f7b6fda785d83b) C:\windows\System32\Drivers\NISx64\1206000.01D\SYMNETS.SYS

20:41:27.0879 4952        SymNetS - ok

20:41:27.0947 4952        SynTP           (14feb5052837d9277520088dce549036) C:\windows\system32\DRIVERS\SynTP.sys

20:41:27.0995 4952        SynTP - ok

20:41:28.0133 4952        Tcpip           (b9d87c7707f058ac652a398cd28de14b) C:\windows\system32\drivers\tcpip.sys

20:41:28.0197 4952        Tcpip - ok

20:41:28.0320 4952        TCPIP6          (b9d87c7707f058ac652a398cd28de14b) C:\windows\system32\DRIVERS\tcpip.sys

20:41:28.0372 4952        TCPIP6 - ok

20:41:28.0461 4952        tcpipreg        (76d078af6f587b162d50210f761eb9ed) C:\windows\system32\drivers\tcpipreg.sys

20:41:28.0519 4952        tcpipreg - ok

20:41:28.0534 4952        TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys

20:41:28.0583 4952        TDPIPE - ok

20:41:28.0603 4952        TDTCP           (e4245bda3190a582d55ed09e137401a9) C:\windows\system32\drivers\tdtcp.sys

20:41:28.0662 4952        TDTCP - ok

20:41:28.0679 4952        tdx             (079125c4b17b01fcaeebce0bcb290c0f) C:\windows\system32\DRIVERS\tdx.sys

20:41:28.0735 4952        tdx - ok

20:41:28.0751 4952        TermDD          (c448651339196c0e869a355171875522) C:\windows\system32\DRIVERS\termdd.sys

20:41:28.0769 4952        TermDD - ok

20:41:28.0803 4952        tssecsrv        (61b96c26131e37b24e93327a0bd1fb95) C:\windows\system32\DRIVERS\tssecsrv.sys

20:41:28.0864 4952        tssecsrv - ok

20:41:28.0902 4952        tunnel          (3836171a2cdf3af8ef10856db9835a70) C:\windows\system32\DRIVERS\tunnel.sys

20:41:28.0974 4952        tunnel - ok

20:41:29.0012 4952        TurboB          (b355581a9da34c92e2dbafa410d2f829) C:\windows\system32\DRIVERS\TurboB.sys

20:41:29.0032 4952        TurboB - ok

20:41:29.0084 4952        uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\DRIVERS\uagp35.sys

20:41:29.0123 4952        uagp35 - ok

20:41:29.0165 4952        udfs            (31ba4a33afab6a69ea092b18017f737f) C:\windows\system32\DRIVERS\udfs.sys

20:41:29.0208 4952        udfs - ok

20:41:29.0295 4952        uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\DRIVERS\uliagpkx.sys

20:41:29.0331 4952        uliagpkx - ok

20:41:29.0373 4952        umbus           (eab6c35e62b1b0db0d1b48b671d3a117) C:\windows\system32\DRIVERS\umbus.sys

20:41:29.0422 4952        umbus - ok

20:41:29.0442 4952        UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\DRIVERS\umpass.sys

20:41:29.0488 4952        UmPass - ok

20:41:29.0518 4952        usbccgp         (537a4e03d7103c12d42dfd8ffdb5bdc9) C:\windows\system32\DRIVERS\usbccgp.sys

20:41:29.0566 4952        usbccgp - ok

20:41:29.0599 4952        usbcir          (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\DRIVERS\usbcir.sys

20:41:29.0642 4952        usbcir - ok

20:41:29.0666 4952        usbehci         (fbb21ebe49f6d560db37ac25fbc68e66) C:\windows\system32\drivers\usbehci.sys

20:41:29.0702 4952        usbehci - ok

20:41:29.0728 4952        usbhub          (6b7a8a99c4a459e73c286a6763ea24cc) C:\windows\system32\DRIVERS\usbhub.sys

20:41:29.0768 4952        usbhub - ok

20:41:29.0795 4952        usbohci         (8c88aa7617b4cbc2e4bed61d26b33a27) C:\windows\system32\drivers\usbohci.sys

20:41:29.0837 4952        usbohci - ok

20:41:29.0868 4952        usbprint        (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys

20:41:29.0897 4952        usbprint - ok

20:41:29.0920 4952        usbscan         (aaa2513c8aed8b54b189fd0c6b1634c0) C:\windows\system32\DRIVERS\usbscan.sys

20:41:29.0950 4952        usbscan - ok

20:41:29.0989 4952        USBSTOR         (f39983647bc1f3e6100778ddfe9dce29) C:\windows\system32\drivers\USBSTOR.SYS

20:41:30.0044 4952        USBSTOR - ok

20:41:30.0078 4952        usbuhci         (0b5b3b2df3fd1709618acfa50b8392b0) C:\windows\system32\drivers\usbuhci.sys

20:41:30.0098 4952        usbuhci - ok

20:41:30.0161 4952        usbvideo        (7cb8c573c6e4a2714402cc0a36eab4fe) C:\windows\System32\Drivers\usbvideo.sys

20:41:30.0215 4952        usbvideo - ok

20:41:30.0266 4952        vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\DRIVERS\vdrvroot.sys

20:41:30.0288 4952        vdrvroot - ok

20:41:30.0308 4952        vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys

20:41:30.0336 4952        vga - ok

20:41:30.0354 4952        VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys

20:41:30.0409 4952        VgaSave - ok

20:41:30.0429 4952        vhdmp           (c82e748660f62a242b2dfac1442f22a4) C:\windows\system32\DRIVERS\vhdmp.sys

20:41:30.0451 4952        vhdmp - ok

20:41:30.0473 4952        viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\DRIVERS\viaide.sys

20:41:30.0490 4952        viaide - ok

20:41:30.0508 4952        volmgr          (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\windows\system32\DRIVERS\volmgr.sys

20:41:30.0526 4952        volmgr - ok

20:41:30.0546 4952        volmgrx         (99b0cbb569ca79acaed8c91461d765fb) C:\windows\system32\drivers\volmgrx.sys

20:41:30.0571 4952        volmgrx - ok

20:41:30.0588 4952        volsnap         (58f82eed8ca24b461441f9c3e4f0bf5c) C:\windows\system32\DRIVERS\volsnap.sys

20:41:30.0611 4952        volsnap - ok

20:41:30.0641 4952        vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\DRIVERS\vsmraid.sys

20:41:30.0664 4952        vsmraid - ok

20:41:30.0679 4952        vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys

20:41:30.0703 4952        vwifibus - ok

20:41:30.0737 4952        vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys

20:41:30.0779 4952        vwififlt - ok

20:41:30.0808 4952        WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\DRIVERS\wacompen.sys

20:41:30.0838 4952        WacomPen - ok

20:41:30.0870 4952        WANARP          (47ca49400643effd3f1c9a27e1d69324) C:\windows\system32\DRIVERS\wanarp.sys

20:41:30.0926 4952        WANARP - ok

20:41:30.0930 4952        Wanarpv6        (47ca49400643effd3f1c9a27e1d69324) C:\windows\system32\DRIVERS\wanarp.sys

20:41:30.0975 4952        Wanarpv6 - ok

20:41:30.0996 4952        Wd              (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\DRIVERS\wd.sys

20:41:31.0014 4952        Wd - ok

20:41:31.0043 4952        Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys

20:41:31.0074 4952        Wdf01000 - ok

20:41:31.0118 4952        WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys

20:41:31.0165 4952        WfpLwf - ok

20:41:31.0183 4952        WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys

20:41:31.0202 4952        WIMMount - ok

20:41:31.0259 4952        WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\DRIVERS\wmiacpi.sys

20:41:31.0278 4952        WmiAcpi - ok

20:41:31.0313 4952        ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys

20:41:31.0367 4952        ws2ifsl - ok

20:41:31.0398 4952        WudfPf          (7cadc74271dd6461c452c271b30bd378) C:\windows\system32\drivers\WudfPf.sys

20:41:31.0450 4952        WudfPf - ok

20:41:31.0474 4952        WUDFRd          (3b197af0fff08aa66b6b2241ca538d64) C:\windows\system32\DRIVERS\WUDFRd.sys

20:41:31.0525 4952        WUDFRd - ok

20:41:31.0582 4952        yukonw7         (64f88af327aa74e03658ae32b48ccb8b) C:\windows\system32\DRIVERS\yk62x64.sys

20:41:31.0646 4952        yukonw7 - ok

20:41:31.0695 4952        MBR (0x1B8)     (2e5debb2116b3417023e0d6562d7ed07) \Device\Harddisk0\DR0

20:41:31.0949 4952        \Device\Harddisk0\DR0 - ok

20:41:31.0954 4952        Boot (0x1200)   (ffaedfde4178abf2da5e4945d4a562ad) \Device\Harddisk0\DR0\Partition0

20:41:31.0955 4952        \Device\Harddisk0\DR0\Partition0 - ok

20:41:31.0981 4952        Boot (0x1200)   (74f258e78f0f15d828b38adfff7417de) \Device\Harddisk0\DR0\Partition1

20:41:31.0983 4952        \Device\Harddisk0\DR0\Partition1 - ok

20:41:32.0003 4952        Boot (0x1200)   (a084a3037a0a4f3bd56b310adf974e64) \Device\Harddisk0\DR0\Partition2

20:41:32.0004 4952        \Device\Harddisk0\DR0\Partition2 - ok

20:41:32.0005 4952        ============================================================

20:41:32.0005 4952        Scan finished

20:41:32.0005 4952        ============================================================

20:41:32.0018 4092        Detected object count: 0

20:41:32.0018 4092        Actual detected object count: 0

Poste die Logs bitte in CODE-Tags! Keine PHP- oder TABLE- oder sonstwas Tags!

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Sorry wegen der Tabelle.

Code:

ComboFix 11-10-25.04 - Toni 25.10.2011  20:52:30.1.4 - x64

Microsoft Windows 7 Home Premium   6.1.7600.0.1252.49.1031.18.3946.2716 [GMT 2:00]

ausgeführt von:: c:\users\Toni\Downloads\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\FullRemove.exe

.

.

(((((((((((((((((((((((   Dateien erstellt von 2011-09-25 bis 2011-10-25  ))))))))))))))))))))))))))))))

.

.

2011-10-25 18:57 . 2011-10-25 18:57        --------        d-----w-        c:\users\Default\AppData\Local\temp

2011-10-25 18:05 . 2011-10-25 18:05        69000        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9429F92D-DD90-4101-B45A-EBB7F09C9132}\offreg.dll

2011-10-25 18:05 . 2011-10-07 04:16        8570192        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9429F92D-DD90-4101-B45A-EBB7F09C9132}\mpengine.dll

2011-10-25 17:51 . 2011-10-25 17:51        --------        d-----w-        C:\_OTL

2011-10-24 21:57 . 2011-10-24 21:57        --------        d-----w-        c:\users\Toni\AppData\Local\Zattoo

2011-10-24 21:56 . 2011-10-24 21:57        --------        d-----w-        c:\program files (x86)\Zattoo4

2011-10-24 18:01 . 2011-10-24 18:01        --------        d-----w-        c:\users\Toni\AppData\Local\ElevatedDiagnostics

2011-10-24 17:18 . 2011-10-24 17:18        --------        d-----w-        c:\program files (x86)\ESET

2011-10-23 09:49 . 2011-10-23 09:49        --------        d-----w-        c:\users\Toni\AppData\Roaming\Malwarebytes

2011-10-23 09:49 . 2011-10-23 09:49        --------        d-----w-        c:\programdata\Malwarebytes

2011-10-23 09:49 . 2011-10-23 09:49        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware

2011-10-23 09:49 . 2011-08-31 15:00        25416        ----a-w-        c:\windows\system32\drivers\mbam.sys

2011-10-19 14:47 . 2011-10-19 14:47        --------        d-----w-        c:\users\Default\AppData\Local\Microsoft Help

2011-10-14 19:54 . 2011-10-19 14:49        --------        d-----w-        c:\program files (x86)\Microsoft Works

2011-10-14 19:43 . 2011-10-14 19:43        --------        d-----w-        c:\program files (x86)\Microsoft Visual Studio 8

2011-10-14 19:43 . 2011-10-14 19:43        --------        d-----w-        c:\users\Toni\AppData\Local\Microsoft Help

2011-10-14 19:42 . 2011-10-19 15:10        --------        d-----w-        c:\programdata\Microsoft Help

2011-10-13 18:36 . 2011-10-13 18:36        --------        d-----w-        c:\users\Toni\AppData\Roaming\OpenOffice.org

2011-10-13 18:01 . 2011-10-13 18:01        --------        d-----w-        c:\program files (x86)\OpenOffice.org 3

2011-10-13 18:00 . 2011-10-13 18:00        --------        d-----w-        c:\program files (x86)\Common Files\Java

2011-10-13 18:00 . 2011-10-13 17:59        472808        ----a-w-        c:\program files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

2011-10-13 18:00 . 2011-10-13 17:59        472808        ----a-w-        c:\windows\SysWow64\deployJava1.dll

2011-10-13 17:59 . 2011-10-13 17:59        --------        d-----w-        c:\program files (x86)\Java

2011-10-12 15:19 . 2011-08-17 05:32        613888        ----a-w-        c:\windows\system32\psisdecd.dll

2011-10-11 16:20 . 2011-10-11 16:20        917840        ------w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8AE80953-C2B3-49B1-80D4-874E53EEC9D1}\gapaengine.dll

2011-09-27 17:36 . 2011-09-27 17:36        --------        d-----w-        c:\programdata\EA Core

2011-09-27 17:24 . 2008-07-31 08:41        72200        ----a-w-        c:\windows\system32\XAPOFX1_1.dll

2011-09-27 17:24 . 2008-07-31 08:41        68616        ----a-w-        c:\windows\SysWow64\XAPOFX1_1.dll

2011-09-27 17:24 . 2008-07-31 08:40        513544        ----a-w-        c:\windows\system32\XAudio2_2.dll

2011-09-27 17:24 . 2008-07-31 08:40        509448        ----a-w-        c:\windows\SysWow64\XAudio2_2.dll

2011-09-27 17:24 . 2008-07-31 08:41        238088        ----a-w-        c:\windows\SysWow64\xactengine3_2.dll

2011-09-27 17:24 . 2008-07-31 08:41        177672        ----a-w-        c:\windows\system32\xactengine3_2.dll

2011-09-27 16:34 . 2011-09-27 16:34        --------        d-----w-        c:\users\Toni\AppData\Roaming\Origin

2011-09-27 16:34 . 2011-09-27 16:34        --------        d-----w-        c:\users\Toni\AppData\Local\Origin

2011-09-27 16:32 . 2011-09-27 16:32        --------        d-----w-        c:\program files (x86)\Origin Games

2011-09-27 16:31 . 2011-10-25 17:51        --------        d-----w-        c:\program files (x86)\Origin

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-10-24 21:57 . 2011-08-29 21:05        414368        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-10-07 04:16 . 2011-07-01 07:48        8570192        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

.

c:\users\Toni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-23 270336]

McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

SRS Premium Sound.lnk - c:\windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut11_C03C290FA6F54A2B8A2DFE2786A1E275.exe [2010-8-17 156952]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages        REG_MULTI_SZ           kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update-Dienst (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-15 136176]

R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-15 136176]

R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]

R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1206000.01D\SYMDS64.SYS [x]

S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1206000.01D\SYMEFA64.SYS [x]

S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\BASHDefs\20101123.003\BHDrvx64.sys [2010-11-23 953904]

S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\IPSDefs\20101217.001\IDSvia64.sys [2010-11-09 476792]

S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [x]

S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1206000.01D\Ironx64.SYS [x]

S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1206000.01D\SYMNETS.SYS [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]

S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe [2011-04-17 130008]

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-09-14 508264]

S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]

S2 TurboBoost;Intel(R) Turbo Boost Technology Monitor;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-04-16 134928]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]

S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-10-21 132656]

S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]

S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-09-14 219496]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]

.

.

--- Andere Dienste/Treiber im Speicher ---

.

*NewlyCreated* - 20322504

*Deregistered* - 20322504

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

hpdevmgmt        REG_MULTI_SZ           hpqcxs08 hpqddsvc

.

Inhalt des "geplante Tasks" Ordners

.

2011-10-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-15 17:58]

.

2011-10-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-15 17:58]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-14 11046504]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Zusätzlicher Suchlauf -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = 

mStart Page = 

mLocal Page = 

IE: Free YouTube Download - c:\users\Toni\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm

IE: Free YouTube to Mp3 Converter - c:\users\Toni\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.2.1

FF - ProfilePath - c:\users\Toni\AppData\Roaming\Mozilla\Firefox\Profiles\6foxmvb8.default\

FF - prefs.js: browser.search.selectedEngine - 

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF - Ext: Symantec IPS: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\IPSFFPlgn

FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

FF - Ext: Norton Toolbar: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62} - c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\coFFPlgn_2011_7_2_3

FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

FF - user.js: general.useragent.extra.brc - 

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]

"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\18.6.0.29\diMaster.dll\" /prefetch:1"

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_USERS\S-1-5-21-76830181-1066914796-2057996457-1000\Software\SecuROM\License information*]

"datasecu"=hex:b2,dd,33,b2,a2,bc,64,af,ef,6b,31,39,1b,4f,02,f0,98,c5,27,4e,9b,

   38,13,46,42,41,07,f6,e4,35,c7,8f,cc,6c,f1,83,0e,91,50,a8,1a,b9,9c,ba,66,bf,\

"rkeysecu"=hex:cb,f8,01,a7,23,53,09,88,d4,85,e8,cf,9a,a6,65,f2

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Zeit der Fertigstellung: 2011-10-25  20:59:16

ComboFix-quarantined-files.txt  2011-10-25 18:59

.

Vor Suchlauf: 10 Verzeichnis(se), 18.668.535.808 Bytes frei

Nach Suchlauf: 14 Verzeichnis(se), 18.304.630.784 Bytes frei

.

- - End Of File - - 43EF09D6A7B5C721B8538682118DAC1A

Zitat:

FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

Ähem das seh ich ja jetzt erst. Sowas wie MS Security Essential sollte nie zusammen mit Norton IS benutzt werden! Wenn dann nur eins von beiden installiert haben. Ich rate dir zu MSE, als Norton deinstallieren.

Guten Abend habe Norton deinstalliert. Dachte doppelt hält besser. :daumenhoc

Wie siehts wegen den Schädlingen aus?