Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Internetaktivitäten langsam/werden unterbrochen (https://www.trojaner-board.de/110011-internetaktivitaeten-langsam-unterbrochen.html)

PropJoe 15.02.2012 22:03
Internetaktivitäten langsam/werden unterbrochen
 
Guten Abend, lieber Helfer/innen!

Seit einiger Zeit habe ich Probleme, wenn ich im Internet surfe. Der Aufbau von Seiten ist phasenweise sehr langsam und wird hin und wieder unterbrochen ("Internet Explorer cannot display the webpage"). Downloads werden vom Browser regelmäßig unterbrochen ("downdload was interrupted"). Die Probleme treten unabhängig vom Browser (IE, Chrome, Firefox) und der Internetverbindung (heimische Verbindung, Verbindung der Eltern, Verbindung der Uni Bib) auf. Deswegen vermute ich Schädlingsbefall.

Ich habe Windows 7 6-Bit mit Norton 360. Der Virenscanner hat einiges beseitigt, aber das Problem nicht gelöst.

Ich bin für jede Hilfe dankbar :)

cosinus 16.02.2012 23:15
Zitat:
Ich habe Windows 7 6-Bit mit Norton 360. Der Virenscanner hat einiges beseitigt, aber das Problem nicht gelöst.
Da niemand weiß was beseitigt wurde müssen wir das hier machen => :glaskugel: bis du die Logs vom Norton gepostet hast

PropJoe 19.02.2012 16:57
Meine Version vom Norton war zwischenzeitlich abgelaufen und ich hatte eine neue Version gekauft. Deswegen habe ich keine Logs mehr. Ich habe Norton kürzlich noch mal laufen lassen und da wurden wieder 15 Dinge entfernt:

Scan Statistics:
Scan Time: 1.798 seconds
Scan Targets: Entire computer
Counts:
Total items scanned: 361.733
- Files & Directories: 354.427
- Registry Entries: 579
- Processes & Start-up Items: 5.305
- Network & Browser Items: 1.414
- Other: 4
- Trusted Files: 12.977
- Skipped Files: 88.810

Total security risks detected: 15
Total items resolved: 15
Total items that require attention: 0

Resolved Threats:
15 Tracking Cookies
Type: Anomaly
Risk: Low (Low Stealth, Low Removal, Low Performance, Low Privacy)
Categories: Tracking Cookies
Status: Fully Resolved
-----------
15 Tracking Cookies
Cookie:****@ad1.adfarm1.adition.com/ - Deleted
Cookie:****@serving-sys.com/ - Deleted
Cookie:****@adfarm1.adition.com/ - Deleted
Cookie:****@smartadserver.com/ - Deleted
Cookie:****@quantserve.com/ - Deleted
Cookie:****@atdmt.com/ - Deleted
Cookie:****@ad2.adfarm1.adition.com/ - Deleted
Cookie:****@ww251.smartadserver.com/ - Deleted
Cookie:****@ad.zanox.com/ - Deleted
Cookie:****@doubleclick.net/ - Deleted
Cookie:****@ad4.adfarm1.adition.com/ - Deleted
Cookie:****@ivwbox.de/ - Deleted
Cookie:****@apmebf.com/ - Deleted
Cookie:****@fastclick.net/ - Deleted

cosinus 19.02.2012 19:27
Das sind doch nur Cookies :balla:

Bitte nun routinemäßig einen Vollscan mit malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset





Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log

PropJoe 26.02.2012 00:15
Hi!

Danke für die Hilfe! Ich muss im Moment viel arbeiten, deswegen kann ich mich nicht immer sofort darum kümmern.

Ich habe beide Anweisungen befolgt. Es wurde jeweils nichts gefunden.


Code:
Malwarebytes Anti-Malware (Test) 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.02.19.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Nizar :: NPC [Administrator]

Schutz: Aktiviert

26.02.2012 21:49:02
mbam-log-2012-02-19 (21-49-02).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 355224
Laufzeit: 1 Stunde(n), 5 Minute(n), 46 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
Code:
ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
Dennoch hatte ich heute wieder Probleme, z.B. mit vielen Pop-Ups und phasenweise Internetseiten, die nicht richtig laden.

cosinus 26.02.2012 15:37
Ich glaube du hast ESET falsch ausgeführt.
Besonders das hier musst du beachten => Anmerkung für Vista und Win7 User: Bitte den Browser unbedingt so öffnen: per Rechtsklick => als Administrator ausführen

PropJoe 27.02.2012 00:04
Okay,

habe es noch mal gemacht. Gleiches Ergebnis.

Code:
ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-02-26 11:02:50
# local_time=2012-02-27 12:02:50 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=3589 16777213 100 80 1386454 80950934 0 0
# compatibility_mode=5893 16776574 100 94 1561415 81921888 0 0
# compatibility_mode=8192 67108863 100 0 439441 439441 0 0
# scanned=186764
# found=0
# cleaned=0
# scan_time=4945

cosinus 27.02.2012 10:18
Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

PropJoe 28.02.2012 21:56
Code:
OTL logfile created on: 27.02.2012 22:16:10 - Run 2
OTL by OldTimer - Version 3.2.33.2    Folder = C:\Users\*****\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,62 Gb Available Physical Memory | 65,51% Memory free
7,99 Gb Paging File | 6,61 Gb Available in Paging File | 82,78% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 81,57 Gb Total Space | 41,40 Gb Free Space | 50,75% Space Free | Partition Type: NTFS
Drive E: | 371,09 Gb Total Space | 271,21 Gb Free Space | 73,08% Space Free | Partition Type: NTFS
 
Computer Name: NPC | User Name: ***** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.02.27 21:35:54 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\****\Desktop\OTL.exe
PRC - [2012.01.16 19:50:55 | 000,247,968 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe
PRC - [2011.07.29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2011.04.17 01:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360\Engine\5.2.0.13\ccSvcHst.exe
PRC - [2010.08.10 10:06:16 | 000,975,952 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2010.08.10 10:06:16 | 000,321,104 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2010.08.10 10:06:16 | 000,305,744 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe
PRC - [2010.06.28 23:23:24 | 000,263,936 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe
PRC - [2010.06.28 23:23:06 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe
PRC - [2010.06.17 21:56:44 | 000,370,176 | ---- | M] (shbox.de) -- C:\Program Files (x86)\FreePDF_XP\fpassist.exe
PRC - [2010.06.09 17:54:22 | 000,206,208 | ---- | M] () -- C:\Windows\PLFSetI.exe
PRC - [2010.01.29 00:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe
PRC - [2010.01.08 14:59:24 | 000,540,672 | ---- | M] () -- C:\Program Files (x86)\Mobile Partner\Mobile Partner.exe
PRC - [2010.01.08 14:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.07.29 00:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011.07.29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2010.06.28 23:20:54 | 000,465,576 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\sqlite3.dll
MOD - [2010.06.09 17:54:22 | 000,206,208 | ---- | M] () -- C:\Windows\PLFSetI.exe
MOD - [2010.03.04 10:27:44 | 000,139,264 | ---- | M] () -- C:\Program Files (x86)\Mobile Partner\LocaleMgrPlugin.dll
MOD - [2010.03.04 10:27:08 | 000,163,840 | ---- | M] () -- C:\Program Files (x86)\Mobile Partner\SMSPlugin.dll
MOD - [2010.03.04 10:26:24 | 000,032,768 | ---- | M] () -- C:\Program Files (x86)\Mobile Partner\NotifyServicePlugin.dll
MOD - [2010.03.04 10:24:40 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\Mobile Partner\ConfigFilePlugin.dll
MOD - [2010.03.04 10:23:36 | 000,114,688 | ---- | M] () -- C:\Program Files (x86)\Mobile Partner\DeviceMgrPlugin.dll
MOD - [2010.03.04 10:21:30 | 000,147,456 | ---- | M] () -- C:\Program Files (x86)\Mobile Partner\NetInfoPlugin.dll
MOD - [2010.03.04 10:19:18 | 000,090,112 | ---- | M] () -- C:\Program Files (x86)\Mobile Partner\DialUpPlugin.dll
MOD - [2010.03.04 10:18:20 | 000,245,760 | ---- | M] () -- C:\Program Files (x86)\Mobile Partner\DeviceMgrUIPlugin.dll
MOD - [2010.03.04 10:00:52 | 000,991,232 | ---- | M] () -- C:\Program Files (x86)\Mobile Partner\NDISAPI.dll
MOD - [2010.01.15 13:53:34 | 000,598,016 | ---- | M] () -- C:\Program Files (x86)\Mobile Partner\atcomm.dll
MOD - [2010.01.15 13:53:34 | 000,167,936 | ---- | M] () -- C:\Program Files (x86)\Mobile Partner\DetectDev.dll
MOD - [2010.01.15 13:53:34 | 000,090,112 | ---- | M] () -- C:\Program Files (x86)\Mobile Partner\FileManager.dll
MOD - [2010.01.15 13:53:34 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Mobile Partner\XCodec.dll
MOD - [2010.01.15 13:53:34 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Mobile Partner\DeviceOperate.dll
MOD - [2010.01.15 13:53:34 | 000,014,848 | ---- | M] () -- C:\Program Files (x86)\Mobile Partner\isaputrace.dll
MOD - [2010.01.08 14:59:24 | 000,540,672 | ---- | M] () -- C:\Program Files (x86)\Mobile Partner\Mobile Partner.exe
MOD - [2009.05.20 07:02:04 | 000,072,200 | ---- | M] () -- C:\Program Files (x86)\Launch Manager\CdDirIo.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2010.04.21 00:34:40 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2011.04.17 01:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton 360\Engine\5.2.0.13\ccSvcHst.exe -- (N360)
SRV - [2010.10.25 15:36:07 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010.08.10 10:06:16 | 000,321,104 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2010.06.28 23:23:06 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2010.06.11 13:27:26 | 000,868,896 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Packard Bell\Packard Bell Power Management\ePowerSvc.exe -- (ePowerSvc)
SRV - [2010.06.01 23:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010.04.04 00:01:24 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Packard Bell Games\Packard Bell Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.29 00:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe -- (Updater Service)
SRV - [2010.01.15 22:08:38 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2010.01.08 14:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009.10.09 04:45:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor8.0)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.02.08 22:20:40 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2011.11.29 03:28:28 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2011.04.21 02:37:49 | 000,386,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0502000.00D\symnets.sys -- (SymNetS)
DRV:64bit: - [2011.03.31 04:00:09 | 000,744,568 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\0502000.00D\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2011.03.31 04:00:09 | 000,040,568 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0502000.00D\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2011.03.15 03:31:23 | 000,912,504 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0502000.00D\symefa64.sys -- (SymEFA)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.01.27 07:47:10 | 000,450,680 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0502000.00D\symds64.sys -- (SymDS)
DRV:64bit: - [2011.01.27 06:07:06 | 000,171,128 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0502000.00D\ironx64.sys -- (SymIRON)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.08.21 04:59:12 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2010.06.17 10:18:28 | 000,246,376 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010.05.15 13:48:28 | 000,384,040 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink (TM)
DRV:64bit: - [2010.05.11 11:11:38 | 002,229,608 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010.04.21 02:15:04 | 006,406,144 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010.04.20 23:39:36 | 000,188,928 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010.01.27 04:05:00 | 000,231,328 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2009.12.10 12:25:10 | 000,301,104 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009.12.07 18:53:26 | 000,117,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2009.12.07 18:36:48 | 000,246,224 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbnet.sys -- (ewusbnet)
DRV:64bit: - [2009.10.12 14:23:22 | 000,114,304 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbdev.sys -- (hwusbdev)
DRV:64bit: - [2009.08.23 10:55:32 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.06 00:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009.05.06 00:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV - [2012.02.08 22:32:21 | 002,048,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120227.002\EX64.SYS -- (NAVEX15)
DRV - [2012.02.08 22:32:21 | 000,482,936 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012.02.08 22:32:21 | 000,138,360 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012.02.08 22:32:21 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120227.002\ENG64.SYS -- (NAVENG)
DRV - [2012.02.07 17:29:38 | 000,488,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20120224.002\IDSviA64.sys -- (IDSVia64)
DRV - [2012.01.21 02:27:16 | 001,157,240 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20120215.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://packardbell.msn.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://packardbell.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://packardbell.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://packardbell.msn.com
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1164433500-2484290119-350120935-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://packardbell.msn.com
IE - HKU\S-1-5-21-1164433500-2484290119-350120935-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1164433500-2484290119-350120935-1000\..\URLSearchHook: {b9d63c58-90cc-428b-8d3b-cbb88eb07e7e} - No CLSID value found
IE - HKU\S-1-5-21-1164433500-2484290119-350120935-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Program Files (x86)\TVUPlayer\npTVUAx.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.19: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\*****\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\*****\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.02.05 22:58:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\IPSFFPlgn\ [2012.02.09 22:37:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\coFFPlgn_2011_7_5_2 [2012.02.27 21:24:04 | 000,000,000 | ---D | M]
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\*****\AppData\Local\Google\Chrome\Application\17.0.963.56\gcswf32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\*****\AppData\Local\Google\Chrome\Application\17.0.963.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\*****\AppData\Local\Google\Chrome\Application\17.0.963.56\pdf.dll
CHR - plugin: Bandoo (Enabled) = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\dloejdefkancmfajekobpfoacecnhpgp\1.0.0.0_0\ChromePlugin.dll
CHR - plugin: TVU Web Player for FireFox (Enabled) = C:\Program Files (x86)\TVUPlayer\npTVUAx.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files (x86)\Veetle\Player\npvlc.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\*****\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\
CHR - Extension: Google-Suche = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
CHR - Extension: AutocompletePro plugin for chrome = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\defdhglnppeioeflggkmglipcecffkhk\1.0_0\
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Google Mail = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (AC-Pro) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Program Files (x86)\AutocompletePro\AutocompletePro.dll (SimplyGen)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\5.2.0.13\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\5.2.0.13\IPS\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\5.2.0.13\coIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1164433500-2484290119-350120935-1000\..\Toolbar\WebBrowser: (no name) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - No CLSID value found.
O3 - HKU\S-1-5-21-1164433500-2484290119-350120935-1000\..\Toolbar\WebBrowser: (no name) - {B9D63C58-90CC-428B-8D3B-CBB88EB07E7E} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Packard Bell\Packard Bell Power Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [VideoWebCamera] C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe (Suyin)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\*****\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\*****\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1164433500-2484290119-350120935-1000\..Trusted Domains: youtube.com ([www] https in Trusted sites)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{31656834-DE9A-4E04-8AF6-810737781926}: NameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5916A778-4817-4349-9E29-3ED8CD9AA22E}: DhcpNameServer = 10.57.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A2ADB960-4BFA-4FE1-B603-F841875CC7A7}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B49A345D-43BE-4FAB-A924-F0E2C4A265EB}: NameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C783F711-25D9-43D6-8BE9-8A4FAC52DB9D}: NameServer = 193.189.244.225 193.189.244.206
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{3ca6860b-2a3e-11e0-a875-1c659d69f821}\Shell - "" = AutoRun
O33 - MountPoints2\{3ca6860b-2a3e-11e0-a875-1c659d69f821}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{3cfab6ed-d6e6-11e0-a090-1c75080a8c0d}\Shell - "" = AutoRun
O33 - MountPoints2\{3cfab6ed-d6e6-11e0-a090-1c75080a8c0d}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{4d7b2951-4c91-11e0-a2fc-1c75080a8c0d}\Shell - "" = AutoRun
O33 - MountPoints2\{4d7b2951-4c91-11e0-a2fc-1c75080a8c0d}\Shell\AutoRun\command - "" = F:\autoplay.exe
O33 - MountPoints2\{7fec9004-992a-11e0-aac3-1c75080a8c0d}\Shell - "" = AutoRun
O33 - MountPoints2\{7fec9004-992a-11e0-aac3-1c75080a8c0d}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{7fec9019-992a-11e0-aac3-1c75080a8c0d}\Shell - "" = AutoRun
O33 - MountPoints2\{7fec9019-992a-11e0-aac3-1c75080a8c0d}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{a5480f03-a71c-11e0-9b43-1c75080a8c0d}\Shell - "" = AutoRun
O33 - MountPoints2\{a5480f03-a71c-11e0-9b43-1c75080a8c0d}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{cf2bd473-fc0b-11df-8d3c-1c659d69f821}\Shell - "" = AutoRun
O33 - MountPoints2\{cf2bd473-fc0b-11df-8d3c-1c659d69f821}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{cf2bd477-fc0b-11df-8d3c-1c659d69f821}\Shell - "" = AutoRun
O33 - MountPoints2\{cf2bd477-fc0b-11df-8d3c-1c659d69f821}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{cf2bd95f-fc0b-11df-8d3c-1c75080a8c0d}\Shell - "" = AutoRun
O33 - MountPoints2\{cf2bd95f-fc0b-11df-8d3c-1c75080a8c0d}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{cf2bd97a-fc0b-11df-8d3c-1c75080a8c0d}\Shell - "" = AutoRun
O33 - MountPoints2\{cf2bd97a-fc0b-11df-8d3c-1c75080a8c0d}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{f642bbc4-ae1c-11e0-9b5c-001e101f1ed9}\Shell - "" = AutoRun
O33 - MountPoints2\{f642bbc4-ae1c-11e0-9b5c-001e101f1ed9}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{f7048e90-1e81-11e0-8d36-1c75080a8c0d}\Shell - "" = AutoRun
O33 - MountPoints2\{f7048e90-1e81-11e0-8d36-1c75080a8c0d}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.02.27 21:35:15 | 000,583,680 | ---- | C] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL.exe
[2012.02.26 22:08:38 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.02.26 20:43:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Veetle
[2012.02.21 21:29:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.02.19 21:44:38 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Malwarebytes
[2012.02.19 21:44:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.02.19 21:41:55 | 009,502,424 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\*****\Desktop\mbam-setup-1.60.1.1000.exe
[2012.02.18 23:53:38 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\NPE
[2012.02.18 23:53:20 | 002,804,712 | ---- | C] (Symantec Corporation) -- C:\Users\*****\Desktop\NPE.exe
[2012.02.08 22:32:37 | 000,912,504 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0502000.00D\symefa64.sys
[2012.02.08 22:32:37 | 000,744,568 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0502000.00D\srtsp64.sys
[2012.02.08 22:32:37 | 000,450,680 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0502000.00D\symds64.sys
[2012.02.08 22:32:37 | 000,386,168 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0502000.00D\symnets.sys
[2012.02.08 22:32:37 | 000,171,128 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0502000.00D\ironx64.sys
[2012.02.08 22:32:37 | 000,040,568 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0502000.00D\srtspx64.sys
[2012.02.08 22:32:30 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360x64\0502000.00D
[2012.02.08 22:20:44 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2012.02.08 22:20:40 | 000,174,200 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2012.02.08 22:20:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2012.02.08 22:20:40 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2012.02.08 22:19:38 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360x64
[2012.02.08 22:19:34 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
[2012.02.08 22:19:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton 360
[2012.02.08 22:16:06 | 000,000,000 | ---D | C] -- C:\ProgramData\PCSettings
[2012.02.05 23:01:01 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\DDMSettings
[2012.02.05 22:58:14 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\DivX
[2012.02.05 22:57:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus
[2012.02.05 22:57:21 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2012.02.05 22:57:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DivX Shared
[2012.02.05 22:55:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DivX
[2012.02.05 22:54:17 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2012.02.05 15:19:56 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\SimpleTV V03
 
========== Files - Modified Within 30 Days ==========
 
[2012.02.27 22:16:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.02.27 21:39:03 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1164433500-2484290119-350120935-1000UA.job
[2012.02.27 21:35:54 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL.exe
[2012.02.27 21:35:03 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.02.27 21:30:55 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.02.27 21:30:55 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.02.27 21:30:37 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.02.27 21:30:37 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.02.27 21:30:37 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.02.27 21:30:37 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.02.27 21:30:37 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.02.27 21:23:53 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.02.27 21:23:41 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2012.02.27 21:23:30 | 3217,211,392 | -HS- | M] () -- C:\hiberfil.sys
[2012.02.26 23:39:09 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1164433500-2484290119-350120935-1000Core.job
[2012.02.26 22:11:46 | 001,942,886 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\0502000.00D\Cat.DB
[2012.02.19 21:42:06 | 009,502,424 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\*****\Desktop\mbam-setup-1.60.1.1000.exe
[2012.02.18 23:53:34 | 002,804,712 | ---- | M] (Symantec Corporation) -- C:\Users\*****\Desktop\NPE.exe
[2012.02.18 11:42:34 | 000,002,371 | ---- | M] () -- C:\Users\*****\Desktop\Google Chrome.lnk
[2012.02.15 21:59:54 | 000,005,542 | ---- | M] () -- C:\Users\*****\Desktop\DDS.rar
[2012.02.15 21:33:47 | 000,000,168 | ---- | M] () -- C:\Users\*****\defogger_reenable
[2012.02.15 21:04:23 | 000,417,472 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.02.08 22:35:51 | 000,002,400 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2012.02.08 22:20:40 | 000,174,200 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2012.02.08 22:20:40 | 000,007,488 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2012.02.08 22:20:40 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2012.02.05 15:21:33 | 000,000,258 | ---- | M] () -- C:\Users\*****\.swfinfo
 
========== Files Created - No Company Name ==========
 
[2012.02.15 21:59:54 | 000,005,542 | ---- | C] () -- C:\Users\*****\Desktop\DDS.rar
[2012.02.15 21:33:46 | 000,000,168 | ---- | C] () -- C:\Users\*****\defogger_reenable
[2012.02.08 22:35:00 | 001,942,886 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0502000.00D\Cat.DB
[2012.02.08 22:32:37 | 000,007,492 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0502000.00D\iron.cat
[2012.02.08 22:32:37 | 000,007,462 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0502000.00D\srtspx64.cat
[2012.02.08 22:32:37 | 000,007,460 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0502000.00D\symefa64.cat
[2012.02.08 22:32:37 | 000,007,458 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0502000.00D\srtsp64.cat
[2012.02.08 22:32:37 | 000,007,458 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0502000.00D\symnet64.cat
[2012.02.08 22:32:37 | 000,003,373 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0502000.00D\symefa.inf
[2012.02.08 22:32:37 | 000,002,792 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0502000.00D\symds.inf
[2012.02.08 22:32:37 | 000,001,445 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0502000.00D\symnet.inf
[2012.02.08 22:32:37 | 000,001,438 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0502000.00D\srtsp64.inf
[2012.02.08 22:32:37 | 000,001,422 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0502000.00D\srtspx64.inf
[2012.02.08 22:32:37 | 000,000,772 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0502000.00D\iron.inf
[2012.02.08 22:32:32 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0502000.00D\symds64.cat
[2012.02.08 22:32:30 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0502000.00D\isolate.ini
[2012.02.08 22:20:40 | 000,007,488 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2012.02.08 22:20:40 | 000,000,855 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2012.02.08 22:20:27 | 000,002,400 | ---- | C] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2012.02.05 15:21:33 | 000,000,258 | ---- | C] () -- C:\Users\*****\.swfinfo
[2011.07.09 12:52:32 | 003,815,424 | ---- | C] () -- C:\Windows\SysWow64\ffmpeg.dll
[2011.06.24 12:48:28 | 000,074,752 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011.06.24 12:47:42 | 000,259,584 | ---- | C] () -- C:\Windows\SysWow64\TomsMoComp_ff.dll
[2011.06.24 12:47:16 | 000,096,768 | ---- | C] () -- C:\Windows\SysWow64\ff_wmv9.dll
[2011.06.24 12:47:14 | 000,145,920 | ---- | C] () -- C:\Windows\SysWow64\ff_libmad.dll
[2011.06.24 12:47:12 | 000,158,208 | ---- | C] () -- C:\Windows\SysWow64\ff_unrar.dll
[2011.06.24 12:47:10 | 001,524,224 | ---- | C] () -- C:\Windows\SysWow64\ff_samplerate.dll
[2011.06.24 12:47:10 | 000,211,456 | ---- | C] () -- C:\Windows\SysWow64\ff_libdts.dll
[2011.06.24 12:47:10 | 000,113,664 | ---- | C] () -- C:\Windows\SysWow64\ff_liba52.dll
[2011.06.24 12:47:06 | 000,327,680 | ---- | C] () -- C:\Windows\SysWow64\ff_libfaad2.dll
[2011.06.24 12:47:04 | 000,136,704 | ---- | C] () -- C:\Windows\SysWow64\libmpeg2_ff.dll
[2011.03.03 12:40:08 | 000,150,528 | ---- | C] () -- C:\Windows\SysWow64\mkx.dll
[2011.03.03 12:39:56 | 000,109,568 | ---- | C] () -- C:\Windows\SysWow64\avi.dll
[2011.03.03 12:39:46 | 000,141,824 | ---- | C] () -- C:\Windows\SysWow64\mp4.dll
[2011.03.03 12:39:34 | 000,123,392 | ---- | C] () -- C:\Windows\SysWow64\ogm.dll
[2011.03.03 12:39:02 | 000,113,152 | ---- | C] () -- C:\Windows\SysWow64\dsmux.exe
[2011.03.03 12:38:54 | 000,154,112 | ---- | C] () -- C:\Windows\SysWow64\ts.dll
[2011.03.03 12:38:40 | 000,249,856 | ---- | C] () -- C:\Windows\SysWow64\dxr.dll
[2011.03.03 12:38:10 | 000,097,792 | ---- | C] () -- C:\Windows\SysWow64\avs.dll
[2011.03.03 12:38:04 | 000,137,728 | ---- | C] () -- C:\Windows\SysWow64\mkv2vfr.exe
[2011.03.03 12:37:50 | 000,093,184 | ---- | C] () -- C:\Windows\SysWow64\avss.dll
[2011.03.03 12:37:40 | 000,358,400 | ---- | C] () -- C:\Windows\SysWow64\gdsmux.exe
[2011.03.03 12:35:32 | 000,080,384 | ---- | C] () -- C:\Windows\SysWow64\mkzlib.dll
[2011.03.03 12:35:26 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\mkunicode.dll
[2011.02.22 20:39:04 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011.02.22 20:37:30 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010.11.30 21:14:47 | 001,526,948 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.10.25 15:30:21 | 000,206,208 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2010.10.25 15:30:21 | 000,051,712 | ---- | C] ( ) -- C:\Windows\AutosetFrequency.exe
[2010.10.25 15:30:21 | 000,000,637 | ---- | C] () -- C:\Windows\AutoSetFrequency.ini
[2010.10.25 15:30:21 | 000,000,378 | ---- | C] () -- C:\Windows\PidList.ini
[2010.10.25 15:25:28 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010.09.16 11:55:57 | 000,002,093 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010.08.18 20:56:38 | 000,000,151 | ---- | C] () -- C:\Windows\SysWow64\Registration.ini
 
========== LOP Check ==========
 
[2011.06.13 03:13:23 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Babylon
[2011.09.18 15:49:46 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Bandoo
[2011.10.16 12:16:07 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\DAEMON Tools Lite
[2011.02.16 19:22:06 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.07.04 12:49:30 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\MediaProSoft Free YouTube to FLV Converter
[2012.02.05 15:56:03 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\SimpleTV V03
[2011.02.04 17:19:29 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\SNS
[2011.02.07 18:50:38 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\SoftGrid Client
[2010.12.01 19:01:11 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\think-cell
[2011.03.14 20:59:47 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\To-Do DeskList
[2011.02.02 16:21:59 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\TP
[2010.12.24 20:38:10 | 000,000,000 | ---D | M] -- C:\Users\*****F\AppData\Roaming\WildTangent
[2009.07.14 06:08:49 | 000,030,102 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:D1B5B4F1

< End of report >

cosinus 28.02.2012 22:41
Das war kein CustomScan - hast du bei der Hälfte der Anleitung aufgehört zu lesen?

PropJoe 07.03.2012 15:03
Ach Mist, ich musste den Scan zweimal machen und beim zweiten Mal habe ich vergessen, den Text einzufügen. Hier der Code vom dritten Mal:

Code:
OTL logfile created on: 04.03.2012 21:28:42 - Run 3
OTL by OldTimer - Version 3.2.33.2    Folder = C:\Users\*****\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,83 Gb Available Physical Memory | 70,90% Memory free
7,99 Gb Paging File | 6,68 Gb Available in Paging File | 83,68% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 81,57 Gb Total Space | 39,98 Gb Free Space | 49,02% Space Free | Partition Type: NTFS
Drive E: | 371,09 Gb Total Space | 271,21 Gb Free Space | 73,08% Space Free | Partition Type: NTFS
 
Computer Name: NPC | User Name: ***** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.02.27 21:35:54 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL.exe
PRC - [2011.07.29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2011.04.17 01:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360\Engine\5.2.0.13\ccSvcHst.exe
PRC - [2010.08.10 10:06:16 | 000,975,952 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2010.08.10 10:06:16 | 000,321,104 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2010.08.10 10:06:16 | 000,305,744 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe
PRC - [2010.06.28 23:23:24 | 000,263,936 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe
PRC - [2010.06.28 23:23:06 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe
PRC - [2010.06.17 21:56:44 | 000,370,176 | ---- | M] (shbox.de) -- C:\Program Files (x86)\FreePDF_XP\fpassist.exe
PRC - [2010.06.09 17:54:22 | 000,206,208 | ---- | M] () -- C:\Windows\PLFSetI.exe
PRC - [2010.01.29 00:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe
PRC - [2010.01.08 14:59:24 | 000,540,672 | ---- | M] () -- C:\Program Files (x86)\Mobile Partner\Mobile Partner.exe
PRC - [2010.01.08 14:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.07.29 00:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011.07.29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2010.06.28 23:20:54 | 000,465,576 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\sqlite3.dll
MOD - [2010.06.09 17:54:22 | 000,206,208 | ---- | M] () -- C:\Windows\PLFSetI.exe
MOD - [2010.03.04 10:27:44 | 000,139,264 | ---- | M] () -- C:\Program Files (x86)\Mobile Partner\LocaleMgrPlugin.dll
MOD - [2010.03.04 10:27:08 | 000,163,840 | ---- | M] () -- C:\Program Files (x86)\Mobile Partner\SMSPlugin.dll
MOD - [2010.03.04 10:26:24 | 000,032,768 | ---- | M] () -- C:\Program Files (x86)\Mobile Partner\NotifyServicePlugin.dll
MOD - [2010.03.04 10:24:40 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\Mobile Partner\ConfigFilePlugin.dll
MOD - [2010.03.04 10:23:36 | 000,114,688 | ---- | M] () -- C:\Program Files (x86)\Mobile Partner\DeviceMgrPlugin.dll
MOD - [2010.03.04 10:21:30 | 000,147,456 | ---- | M] () -- C:\Program Files (x86)\Mobile Partner\NetInfoPlugin.dll
MOD - [2010.03.04 10:19:18 | 000,090,112 | ---- | M] () -- C:\Program Files (x86)\Mobile Partner\DialUpPlugin.dll
MOD - [2010.03.04 10:18:20 | 000,245,760 | ---- | M] () -- C:\Program Files (x86)\Mobile Partner\DeviceMgrUIPlugin.dll
MOD - [2010.03.04 10:00:52 | 000,991,232 | ---- | M] () -- C:\Program Files (x86)\Mobile Partner\NDISAPI.dll
MOD - [2010.01.15 13:53:34 | 000,598,016 | ---- | M] () -- C:\Program Files (x86)\Mobile Partner\atcomm.dll
MOD - [2010.01.15 13:53:34 | 000,167,936 | ---- | M] () -- C:\Program Files (x86)\Mobile Partner\DetectDev.dll
MOD - [2010.01.15 13:53:34 | 000,090,112 | ---- | M] () -- C:\Program Files (x86)\Mobile Partner\FileManager.dll
MOD - [2010.01.15 13:53:34 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Mobile Partner\XCodec.dll
MOD - [2010.01.15 13:53:34 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Mobile Partner\DeviceOperate.dll
MOD - [2010.01.15 13:53:34 | 000,014,848 | ---- | M] () -- C:\Program Files (x86)\Mobile Partner\isaputrace.dll
MOD - [2010.01.08 14:59:24 | 000,540,672 | ---- | M] () -- C:\Program Files (x86)\Mobile Partner\Mobile Partner.exe
MOD - [2009.05.20 07:02:04 | 000,072,200 | ---- | M] () -- C:\Program Files (x86)\Launch Manager\CdDirIo.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2010.04.21 00:34:40 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2011.04.17 01:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton 360\Engine\5.2.0.13\ccSvcHst.exe -- (N360)
SRV - [2010.10.25 15:36:07 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010.08.10 10:06:16 | 000,321,104 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2010.06.28 23:23:06 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2010.06.11 13:27:26 | 000,868,896 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Packard Bell\Packard Bell Power Management\ePowerSvc.exe -- (ePowerSvc)
SRV - [2010.06.01 23:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010.04.04 00:01:24 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Packard Bell Games\Packard Bell Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.29 00:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe -- (Updater Service)
SRV - [2010.01.15 22:08:38 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2010.01.08 14:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009.10.09 04:45:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor8.0)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.02.08 22:20:40 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2011.11.29 03:28:28 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2011.04.21 02:37:49 | 000,386,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0502000.00D\symnets.sys -- (SymNetS)
DRV:64bit: - [2011.03.31 04:00:09 | 000,744,568 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\0502000.00D\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2011.03.31 04:00:09 | 000,040,568 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0502000.00D\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2011.03.15 03:31:23 | 000,912,504 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0502000.00D\symefa64.sys -- (SymEFA)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.01.27 07:47:10 | 000,450,680 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0502000.00D\symds64.sys -- (SymDS)
DRV:64bit: - [2011.01.27 06:07:06 | 000,171,128 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0502000.00D\ironx64.sys -- (SymIRON)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.08.21 04:59:12 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2010.06.17 10:18:28 | 000,246,376 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010.05.15 13:48:28 | 000,384,040 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink (TM)
DRV:64bit: - [2010.05.11 11:11:38 | 002,229,608 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010.04.21 02:15:04 | 006,406,144 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010.04.20 23:39:36 | 000,188,928 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010.01.27 04:05:00 | 000,231,328 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2009.12.10 12:25:10 | 000,301,104 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009.12.07 18:53:26 | 000,117,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2009.12.07 18:36:48 | 000,246,224 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbnet.sys -- (ewusbnet)
DRV:64bit: - [2009.10.12 14:23:22 | 000,114,304 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ewusbdev.sys -- (hwusbdev)
DRV:64bit: - [2009.08.23 10:55:32 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.06 00:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009.05.06 00:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV - [2012.02.08 22:32:21 | 002,048,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120303.009\EX64.SYS -- (NAVEX15)
DRV - [2012.02.08 22:32:21 | 000,482,936 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012.02.08 22:32:21 | 000,138,360 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012.02.08 22:32:21 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120303.009\ENG64.SYS -- (NAVENG)
DRV - [2012.02.07 17:29:38 | 000,488,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20120303.003\IDSviA64.sys -- (IDSVia64)
DRV - [2012.01.21 02:27:16 | 001,157,240 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20120215.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://packardbell.msn.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://packardbell.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://packardbell.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://packardbell.msn.com
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1164433500-2484290119-350120935-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://packardbell.msn.com
IE - HKU\S-1-5-21-1164433500-2484290119-350120935-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1164433500-2484290119-350120935-1000\..\URLSearchHook: {b9d63c58-90cc-428b-8d3b-cbb88eb07e7e} - No CLSID value found
IE - HKU\S-1-5-21-1164433500-2484290119-350120935-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Program Files (x86)\TVUPlayer\npTVUAx.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.19: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\*****\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\*****\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.02.05 22:58:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\IPSFFPlgn\ [2012.02.09 22:37:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\coFFPlgn_2011_7_5_2 [2012.03.02 21:04:42 | 000,000,000 | ---D | M]
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\*****\AppData\Local\Google\Chrome\Application\17.0.963.56\gcswf32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\*****\AppData\Local\Google\Chrome\Application\17.0.963.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\*****\AppData\Local\Google\Chrome\Application\17.0.963.56\pdf.dll
CHR - plugin: Bandoo (Enabled) = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\dloejdefkancmfajekobpfoacecnhpgp\1.0.0.0_0\ChromePlugin.dll
CHR - plugin: TVU Web Player for FireFox (Enabled) = C:\Program Files (x86)\TVUPlayer\npTVUAx.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files (x86)\Veetle\Player\npvlc.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\*****\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\
CHR - Extension: Google-Suche = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
CHR - Extension: AutocompletePro plugin for chrome = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\defdhglnppeioeflggkmglipcecffkhk\1.0_0\
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Google Mail = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (AC-Pro) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Program Files (x86)\AutocompletePro\AutocompletePro.dll (SimplyGen)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\5.2.0.13\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\5.2.0.13\IPS\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\5.2.0.13\coIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1164433500-2484290119-350120935-1000\..\Toolbar\WebBrowser: (no name) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - No CLSID value found.
O3 - HKU\S-1-5-21-1164433500-2484290119-350120935-1000\..\Toolbar\WebBrowser: (no name) - {B9D63C58-90CC-428B-8D3B-CBB88EB07E7E} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Packard Bell\Packard Bell Power Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [VideoWebCamera] C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe (Suyin)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-1164433500-2484290119-350120935-1000..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\*****\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\*****\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1164433500-2484290119-350120935-1000\..Trusted Domains: youtube.com ([www] https in Trusted sites)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{14ADC41C-645A-43E0-A144-CECB988ABD68}: NameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{31656834-DE9A-4E04-8AF6-810737781926}: NameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5916A778-4817-4349-9E29-3ED8CD9AA22E}: DhcpNameServer = 10.57.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A2ADB960-4BFA-4FE1-B603-F841875CC7A7}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B49A345D-43BE-4FAB-A924-F0E2C4A265EB}: NameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C783F711-25D9-43D6-8BE9-8A4FAC52DB9D}: NameServer = 193.189.244.225 193.189.244.206
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{3ca6860b-2a3e-11e0-a875-1c659d69f821}\Shell - "" = AutoRun
O33 - MountPoints2\{3ca6860b-2a3e-11e0-a875-1c659d69f821}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{3cfab6ed-d6e6-11e0-a090-1c75080a8c0d}\Shell - "" = AutoRun
O33 - MountPoints2\{3cfab6ed-d6e6-11e0-a090-1c75080a8c0d}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{4d7b2951-4c91-11e0-a2fc-1c75080a8c0d}\Shell - "" = AutoRun
O33 - MountPoints2\{4d7b2951-4c91-11e0-a2fc-1c75080a8c0d}\Shell\AutoRun\command - "" = F:\autoplay.exe
O33 - MountPoints2\{7fec9004-992a-11e0-aac3-1c75080a8c0d}\Shell - "" = AutoRun
O33 - MountPoints2\{7fec9004-992a-11e0-aac3-1c75080a8c0d}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{7fec9019-992a-11e0-aac3-1c75080a8c0d}\Shell - "" = AutoRun
O33 - MountPoints2\{7fec9019-992a-11e0-aac3-1c75080a8c0d}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{a5480f03-a71c-11e0-9b43-1c75080a8c0d}\Shell - "" = AutoRun
O33 - MountPoints2\{a5480f03-a71c-11e0-9b43-1c75080a8c0d}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{cf2bd473-fc0b-11df-8d3c-1c659d69f821}\Shell - "" = AutoRun
O33 - MountPoints2\{cf2bd473-fc0b-11df-8d3c-1c659d69f821}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{cf2bd477-fc0b-11df-8d3c-1c659d69f821}\Shell - "" = AutoRun
O33 - MountPoints2\{cf2bd477-fc0b-11df-8d3c-1c659d69f821}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{cf2bd95f-fc0b-11df-8d3c-1c75080a8c0d}\Shell - "" = AutoRun
O33 - MountPoints2\{cf2bd95f-fc0b-11df-8d3c-1c75080a8c0d}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{cf2bd97a-fc0b-11df-8d3c-1c75080a8c0d}\Shell - "" = AutoRun
O33 - MountPoints2\{cf2bd97a-fc0b-11df-8d3c-1c75080a8c0d}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{f642bbc4-ae1c-11e0-9b5c-001e101f1ed9}\Shell - "" = AutoRun
O33 - MountPoints2\{f642bbc4-ae1c-11e0-9b5c-001e101f1ed9}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{f7048e90-1e81-11e0-8d36-1c75080a8c0d}\Shell - "" = AutoRun
O33 - MountPoints2\{f7048e90-1e81-11e0-8d36-1c75080a8c0d}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
 
 
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.ac3filter - C:\Windows\SysWow64\ac3filter.acm ()
Drivers32: msacm.divxa32 - C:\Windows\SysWow64\DivXa32.acm (Packed With Joy !)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\Windows\SysWow64\lameACM.acm (hxxp://www.mp3dev.org/)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: vidc.ffds - C:\Windows\SysWow64\ff_vfw.dll ()
Drivers32: vidc.xvid - C:\Windows\SysWow64\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.02.27 21:35:15 | 000,583,680 | ---- | C] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL.exe
[2012.02.26 22:08:38 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.02.26 20:43:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Veetle
[2012.02.21 21:29:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.02.19 21:44:38 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Malwarebytes
[2012.02.19 21:44:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.02.19 21:41:55 | 009,502,424 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\*****\Desktop\mbam-setup-1.60.1.1000.exe
[2012.02.18 23:53:38 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\NPE
[2012.02.18 23:53:20 | 002,804,712 | ---- | C] (Symantec Corporation) -- C:\Users\*****\Desktop\NPE.exe
[2012.02.08 22:32:37 | 000,912,504 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0502000.00D\symefa64.sys
[2012.02.08 22:32:37 | 000,744,568 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0502000.00D\srtsp64.sys
[2012.02.08 22:32:37 | 000,450,680 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0502000.00D\symds64.sys
[2012.02.08 22:32:37 | 000,386,168 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0502000.00D\symnets.sys
[2012.02.08 22:32:37 | 000,171,128 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0502000.00D\ironx64.sys
[2012.02.08 22:32:37 | 000,040,568 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0502000.00D\srtspx64.sys
[2012.02.08 22:32:30 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360x64\0502000.00D
[2012.02.08 22:20:44 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2012.02.08 22:20:40 | 000,174,200 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2012.02.08 22:20:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2012.02.08 22:20:40 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2012.02.08 22:19:38 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360x64
[2012.02.08 22:19:34 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
[2012.02.08 22:19:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton 360
[2012.02.08 22:16:06 | 000,000,000 | ---D | C] -- C:\ProgramData\PCSettings
[2012.02.05 23:01:01 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\DDMSettings
[2012.02.05 22:58:14 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\DivX
[2012.02.05 22:57:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus
[2012.02.05 22:57:21 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2012.02.05 22:57:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DivX Shared
[2012.02.05 22:55:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DivX
[2012.02.05 22:54:17 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2012.02.05 15:19:56 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\SimpleTV V03
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.04 20:39:05 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1164433500-2484290119-350120935-1000UA.job
[2012.03.04 20:35:05 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.03.04 20:04:35 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.03.04 20:04:07 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1164433500-2484290119-350120935-1000Core.job
[2012.03.04 19:49:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.02 21:20:59 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.02 21:20:59 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.02 21:14:24 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.03.02 21:14:24 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.03.02 21:14:24 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.03.02 21:14:24 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.03.02 21:14:24 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.03.02 21:04:29 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2012.03.02 21:04:12 | 3217,211,392 | -HS- | M] () -- C:\hiberfil.sys
[2012.02.27 21:35:54 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL.exe
[2012.02.26 22:11:46 | 001,942,886 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\0502000.00D\Cat.DB
[2012.02.19 21:42:06 | 009,502,424 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\*****\Desktop\mbam-setup-1.60.1.1000.exe
[2012.02.18 23:53:34 | 002,804,712 | ---- | M] (Symantec Corporation) -- C:\Users\*****\Desktop\NPE.exe
[2012.02.18 11:42:34 | 000,002,371 | ---- | M] () -- C:\Users\*****\Desktop\Google Chrome.lnk
[2012.02.15 21:59:54 | 000,005,542 | ---- | M] () -- C:\Users\*****\Desktop\DDS.rar
[2012.02.15 21:33:47 | 000,000,168 | ---- | M] () -- C:\Users\*****\defogger_reenable
[2012.02.15 21:04:23 | 000,417,472 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.02.08 22:35:51 | 000,002,400 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2012.02.08 22:20:40 | 000,174,200 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2012.02.08 22:20:40 | 000,007,488 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2012.02.08 22:20:40 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2012.02.05 15:21:33 | 000,000,258 | ---- | M] () -- C:\Users\*****\.swfinfo
 
========== Files Created - No Company Name ==========
 
[2012.02.15 21:59:54 | 000,005,542 | ---- | C] () -- C:\Users\*****\Desktop\DDS.rar
[2012.02.15 21:33:46 | 000,000,168 | ---- | C] () -- C:\Users\*****\defogger_reenable
[2012.02.08 22:35:00 | 001,942,886 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0502000.00D\Cat.DB
[2012.02.08 22:32:37 | 000,007,492 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0502000.00D\iron.cat
[2012.02.08 22:32:37 | 000,007,462 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0502000.00D\srtspx64.cat
[2012.02.08 22:32:37 | 000,007,460 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0502000.00D\symefa64.cat
[2012.02.08 22:32:37 | 000,007,458 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0502000.00D\srtsp64.cat
[2012.02.08 22:32:37 | 000,007,458 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0502000.00D\symnet64.cat
[2012.02.08 22:32:37 | 000,003,373 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0502000.00D\symefa.inf
[2012.02.08 22:32:37 | 000,002,792 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0502000.00D\symds.inf
[2012.02.08 22:32:37 | 000,001,445 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0502000.00D\symnet.inf
[2012.02.08 22:32:37 | 000,001,438 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0502000.00D\srtsp64.inf
[2012.02.08 22:32:37 | 000,001,422 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0502000.00D\srtspx64.inf
[2012.02.08 22:32:37 | 000,000,772 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0502000.00D\iron.inf
[2012.02.08 22:32:32 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0502000.00D\symds64.cat
[2012.02.08 22:32:30 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0502000.00D\isolate.ini
[2012.02.08 22:20:40 | 000,007,488 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2012.02.08 22:20:40 | 000,000,855 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2012.02.08 22:20:27 | 000,002,400 | ---- | C] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2012.02.05 15:21:33 | 000,000,258 | ---- | C] () -- C:\Users\*****\.swfinfo
[2011.07.09 12:52:32 | 003,815,424 | ---- | C] () -- C:\Windows\SysWow64\ffmpeg.dll
[2011.06.24 12:48:28 | 000,074,752 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011.06.24 12:47:42 | 000,259,584 | ---- | C] () -- C:\Windows\SysWow64\TomsMoComp_ff.dll
[2011.06.24 12:47:16 | 000,096,768 | ---- | C] () -- C:\Windows\SysWow64\ff_wmv9.dll
[2011.06.24 12:47:14 | 000,145,920 | ---- | C] () -- C:\Windows\SysWow64\ff_libmad.dll
[2011.06.24 12:47:12 | 000,158,208 | ---- | C] () -- C:\Windows\SysWow64\ff_unrar.dll
[2011.06.24 12:47:10 | 001,524,224 | ---- | C] () -- C:\Windows\SysWow64\ff_samplerate.dll
[2011.06.24 12:47:10 | 000,211,456 | ---- | C] () -- C:\Windows\SysWow64\ff_libdts.dll
[2011.06.24 12:47:10 | 000,113,664 | ---- | C] () -- C:\Windows\SysWow64\ff_liba52.dll
[2011.06.24 12:47:06 | 000,327,680 | ---- | C] () -- C:\Windows\SysWow64\ff_libfaad2.dll
[2011.06.24 12:47:04 | 000,136,704 | ---- | C] () -- C:\Windows\SysWow64\libmpeg2_ff.dll
[2011.03.03 12:40:08 | 000,150,528 | ---- | C] () -- C:\Windows\SysWow64\mkx.dll
[2011.03.03 12:39:56 | 000,109,568 | ---- | C] () -- C:\Windows\SysWow64\avi.dll
[2011.03.03 12:39:46 | 000,141,824 | ---- | C] () -- C:\Windows\SysWow64\mp4.dll
[2011.03.03 12:39:34 | 000,123,392 | ---- | C] () -- C:\Windows\SysWow64\ogm.dll
[2011.03.03 12:39:02 | 000,113,152 | ---- | C] () -- C:\Windows\SysWow64\dsmux.exe
[2011.03.03 12:38:54 | 000,154,112 | ---- | C] () -- C:\Windows\SysWow64\ts.dll
[2011.03.03 12:38:40 | 000,249,856 | ---- | C] () -- C:\Windows\SysWow64\dxr.dll
[2011.03.03 12:38:10 | 000,097,792 | ---- | C] () -- C:\Windows\SysWow64\avs.dll
[2011.03.03 12:38:04 | 000,137,728 | ---- | C] () -- C:\Windows\SysWow64\mkv2vfr.exe
[2011.03.03 12:37:50 | 000,093,184 | ---- | C] () -- C:\Windows\SysWow64\avss.dll
[2011.03.03 12:37:40 | 000,358,400 | ---- | C] () -- C:\Windows\SysWow64\gdsmux.exe
[2011.03.03 12:35:32 | 000,080,384 | ---- | C] () -- C:\Windows\SysWow64\mkzlib.dll
[2011.03.03 12:35:26 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\mkunicode.dll
[2011.02.22 20:39:04 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011.02.22 20:37:30 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010.11.30 21:14:47 | 001,526,948 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.10.25 15:30:21 | 000,206,208 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2010.10.25 15:30:21 | 000,051,712 | ---- | C] ( ) -- C:\Windows\AutosetFrequency.exe
[2010.10.25 15:30:21 | 000,000,637 | ---- | C] () -- C:\Windows\AutoSetFrequency.ini
[2010.10.25 15:30:21 | 000,000,378 | ---- | C] () -- C:\Windows\PidList.ini
[2010.10.25 15:25:28 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010.09.16 11:55:57 | 000,002,093 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010.08.18 20:56:38 | 000,000,151 | ---- | C] () -- C:\Windows\SysWow64\Registration.ini
 
========== LOP Check ==========
 
[2011.06.13 03:13:23 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Babylon
[2011.09.18 15:49:46 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Bandoo
[2011.02.16 19:22:06 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.07.04 12:49:30 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\MediaProSoft Free YouTube to FLV Converter
[2012.02.05 15:56:03 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\SimpleTV V03
[2011.02.04 17:19:29 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\SNS
[2011.02.07 18:50:38 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\SoftGrid Client
[2010.12.01 19:01:11 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\think-cell
[2011.03.14 20:59:47 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\To-Do DeskList
[2011.02.02 16:21:59 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\TP
[2010.12.24 20:38:10 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\WildTangent
[2009.07.14 06:08:49 | 000,030,606 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.09.14 15:35:09 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Adobe
[2010.11.29 18:14:35 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\ATI
[2011.06.13 03:13:23 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Babylon
[2011.09.18 15:49:46 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Bandoo
[2012.02.05 22:58:14 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\DivX
[2011.02.16 19:22:06 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.11.29 18:12:41 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Identities
[2010.11.29 18:13:23 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Macromedia
[2012.02.19 21:44:38 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Malwarebytes
[2009.07.14 08:44:38 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Media Center Programs
[2011.07.04 12:49:30 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\MediaProSoft Free YouTube to FLV Converter
[2011.09.18 15:49:50 | 000,000,000 | --SD | M] -- C:\Users\*****\AppData\Roaming\Microsoft
[2011.02.07 20:11:21 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Nero
[2012.02.05 15:56:03 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\SimpleTV V03
[2012.02.05 20:19:21 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Skype
[2011.02.04 17:19:29 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\SNS
[2011.02.07 18:50:38 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\SoftGrid Client
[2010.12.01 19:01:11 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\think-cell
[2011.03.14 20:59:47 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\To-Do DeskList
[2011.02.02 16:21:59 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\TP
[2011.07.02 10:38:50 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\vlc
[2010.12.24 20:38:10 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\WildTangent
[2010.11.30 21:42:11 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2011.03.15 01:49:17 | 000,386,560 | ---- | M] (Octoshape ApS) -- C:\Users\*****\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 07:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 07:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2010.07.17 20:26:04 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2010.07.17 20:26:04 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:D1B5B4F1

< End of report >
Sorry für die Umstände. Ich hoffe, dieses Mal passt es.

Edit: Hm, so richtig anders sieht es nicht aus. Ich habe dieses Mal auf jeden Fall, die Sachen da reinkopiert.

cosinus 07.03.2012 15:23
Zitat:
O2 - BHO: (DivX Plus Web Player HTML5 <video>)
Gehörst du auch zur der Fraktion, die sich Serien und Kinofilme über dubiose Portale anschaut?
Wenn ja: in Zukunft Finger weg, diese illegalen Portale verbreiten Malware und wenn du in Zukunft malwarefrei sein wilst, musst du auf legale Alternativen ausweichen und auf solche riskanten Streamingseiten verzichten!

PropJoe 07.03.2012 19:25
Schuldig. Und das Portal war auch noch Mist.

Wie kriege ich den Kram da runter (abgsehen von Neuaufsetzen des Systems)?

cosinus 07.03.2012 23:19
Ok, lass einfach diese Müllseiten sein in Zukunft.

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!!

Code:
:OTL
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://packardbell.msn.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://packardbell.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://packardbell.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://packardbell.msn.com
IE - HKU\S-1-5-21-1164433500-2484290119-350120935-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://packardbell.msn.com
IE - HKU\S-1-5-21-1164433500-2484290119-350120935-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1164433500-2484290119-350120935-1000\..\URLSearchHook: {b9d63c58-90cc-428b-8d3b-cbb88eb07e7e} - No CLSID value found
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (AC-Pro) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Program Files (x86)\AutocompletePro\AutocompletePro.dll (SimplyGen)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1164433500-2484290119-350120935-1000\..\Toolbar\WebBrowser: (no name) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - No CLSID value found.
O3 - HKU\S-1-5-21-1164433500-2484290119-350120935-1000\..\Toolbar\WebBrowser: (no name) - {B9D63C58-90CC-428B-8D3B-CBB88EB07E7E} - No CLSID value found.
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{3ca6860b-2a3e-11e0-a875-1c659d69f821}\Shell - "" = AutoRun
O33 - MountPoints2\{3ca6860b-2a3e-11e0-a875-1c659d69f821}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{3cfab6ed-d6e6-11e0-a090-1c75080a8c0d}\Shell - "" = AutoRun
O33 - MountPoints2\{3cfab6ed-d6e6-11e0-a090-1c75080a8c0d}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{4d7b2951-4c91-11e0-a2fc-1c75080a8c0d}\Shell - "" = AutoRun
O33 - MountPoints2\{4d7b2951-4c91-11e0-a2fc-1c75080a8c0d}\Shell\AutoRun\command - "" = F:\autoplay.exe
O33 - MountPoints2\{7fec9004-992a-11e0-aac3-1c75080a8c0d}\Shell - "" = AutoRun
O33 - MountPoints2\{7fec9004-992a-11e0-aac3-1c75080a8c0d}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{7fec9019-992a-11e0-aac3-1c75080a8c0d}\Shell - "" = AutoRun
O33 - MountPoints2\{7fec9019-992a-11e0-aac3-1c75080a8c0d}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{a5480f03-a71c-11e0-9b43-1c75080a8c0d}\Shell - "" = AutoRun
O33 - MountPoints2\{a5480f03-a71c-11e0-9b43-1c75080a8c0d}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{cf2bd473-fc0b-11df-8d3c-1c659d69f821}\Shell - "" = AutoRun
O33 - MountPoints2\{cf2bd473-fc0b-11df-8d3c-1c659d69f821}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{cf2bd477-fc0b-11df-8d3c-1c659d69f821}\Shell - "" = AutoRun
O33 - MountPoints2\{cf2bd477-fc0b-11df-8d3c-1c659d69f821}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{cf2bd95f-fc0b-11df-8d3c-1c75080a8c0d}\Shell - "" = AutoRun
O33 - MountPoints2\{cf2bd95f-fc0b-11df-8d3c-1c75080a8c0d}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{cf2bd97a-fc0b-11df-8d3c-1c75080a8c0d}\Shell - "" = AutoRun
O33 - MountPoints2\{cf2bd97a-fc0b-11df-8d3c-1c75080a8c0d}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{f642bbc4-ae1c-11e0-9b5c-001e101f1ed9}\Shell - "" = AutoRun
O33 - MountPoints2\{f642bbc4-ae1c-11e0-9b5c-001e101f1ed9}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{f7048e90-1e81-11e0-8d36-1c75080a8c0d}\Shell - "" = AutoRun
O33 - MountPoints2\{f7048e90-1e81-11e0-8d36-1c75080a8c0d}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\AutoRun.exe
[2011.06.13 03:13:23 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Babylon
[2011.09.18 15:49:46 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Bandoo
@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:D1B5B4F1
:Commands
[emptytemp]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

PropJoe 11.03.2012 22:24
Code:
All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-21-1164433500-2484290119-350120935-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKU\S-1-5-21-1164433500-2484290119-350120935-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-1164433500-2484290119-350120935-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{b9d63c58-90cc-428b-8d3b-cbb88eb07e7e} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b9d63c58-90cc-428b-8d3b-cbb88eb07e7e}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ deleted successfully.
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0FB6A909-6086-458F-BD92-1F8EE10042A0}\ deleted successfully.
C:\Program Files (x86)\AutocompletePro\AutocompletePro.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1164433500-2484290119-350120935-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{043C5167-00BB-4324-AF7E-62013FAEDACF} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{043C5167-00BB-4324-AF7E-62013FAEDACF}\ not found.
Registry value HKEY_USERS\S-1-5-21-1164433500-2484290119-350120935-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{B9D63C58-90CC-428B-8D3B-CBB88EB07E7E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B9D63C58-90CC-428B-8D3B-CBB88EB07E7E}\ not found.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3ca6860b-2a3e-11e0-a875-1c659d69f821}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3ca6860b-2a3e-11e0-a875-1c659d69f821}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3ca6860b-2a3e-11e0-a875-1c659d69f821}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3ca6860b-2a3e-11e0-a875-1c659d69f821}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3cfab6ed-d6e6-11e0-a090-1c75080a8c0d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3cfab6ed-d6e6-11e0-a090-1c75080a8c0d}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3cfab6ed-d6e6-11e0-a090-1c75080a8c0d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3cfab6ed-d6e6-11e0-a090-1c75080a8c0d}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4d7b2951-4c91-11e0-a2fc-1c75080a8c0d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4d7b2951-4c91-11e0-a2fc-1c75080a8c0d}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4d7b2951-4c91-11e0-a2fc-1c75080a8c0d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4d7b2951-4c91-11e0-a2fc-1c75080a8c0d}\ not found.
File F:\autoplay.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7fec9004-992a-11e0-aac3-1c75080a8c0d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7fec9004-992a-11e0-aac3-1c75080a8c0d}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7fec9004-992a-11e0-aac3-1c75080a8c0d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7fec9004-992a-11e0-aac3-1c75080a8c0d}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7fec9019-992a-11e0-aac3-1c75080a8c0d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7fec9019-992a-11e0-aac3-1c75080a8c0d}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7fec9019-992a-11e0-aac3-1c75080a8c0d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7fec9019-992a-11e0-aac3-1c75080a8c0d}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a5480f03-a71c-11e0-9b43-1c75080a8c0d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a5480f03-a71c-11e0-9b43-1c75080a8c0d}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a5480f03-a71c-11e0-9b43-1c75080a8c0d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a5480f03-a71c-11e0-9b43-1c75080a8c0d}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cf2bd473-fc0b-11df-8d3c-1c659d69f821}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cf2bd473-fc0b-11df-8d3c-1c659d69f821}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cf2bd473-fc0b-11df-8d3c-1c659d69f821}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cf2bd473-fc0b-11df-8d3c-1c659d69f821}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cf2bd477-fc0b-11df-8d3c-1c659d69f821}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cf2bd477-fc0b-11df-8d3c-1c659d69f821}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cf2bd477-fc0b-11df-8d3c-1c659d69f821}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cf2bd477-fc0b-11df-8d3c-1c659d69f821}\ not found.
File H:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cf2bd95f-fc0b-11df-8d3c-1c75080a8c0d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cf2bd95f-fc0b-11df-8d3c-1c75080a8c0d}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cf2bd95f-fc0b-11df-8d3c-1c75080a8c0d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cf2bd95f-fc0b-11df-8d3c-1c75080a8c0d}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cf2bd97a-fc0b-11df-8d3c-1c75080a8c0d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cf2bd97a-fc0b-11df-8d3c-1c75080a8c0d}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cf2bd97a-fc0b-11df-8d3c-1c75080a8c0d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cf2bd97a-fc0b-11df-8d3c-1c75080a8c0d}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f642bbc4-ae1c-11e0-9b5c-001e101f1ed9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f642bbc4-ae1c-11e0-9b5c-001e101f1ed9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f642bbc4-ae1c-11e0-9b5c-001e101f1ed9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f642bbc4-ae1c-11e0-9b5c-001e101f1ed9}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f7048e90-1e81-11e0-8d36-1c75080a8c0d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f7048e90-1e81-11e0-8d36-1c75080a8c0d}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f7048e90-1e81-11e0-8d36-1c75080a8c0d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f7048e90-1e81-11e0-8d36-1c75080a8c0d}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ not found.
File H:\AutoRun.exe not found.
C:\Users\****\AppData\Roaming\Babylon folder moved successfully.
C:\Users\****\AppData\Roaming\Bandoo folder moved successfully.
ADS C:\ProgramData\Temp:D1B5B4F1 deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: *****
->Temp folder emptied: 41918018 bytes
->Temporary Internet Files folder emptied: 300987494 bytes
->Java cache emptied: 184157 bytes
->Google Chrome cache emptied: 7053412 bytes
->Flash cache emptied: 1118342 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 18594842 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67832 bytes
RecycleBin emptied: 926392 bytes
 
Total Files Cleaned = 354,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.33.2 log created on 03102012_140148

Files\Folders moved on Reboot...
C:\Users\****\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

cosinus 12.03.2012 15:16
Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

PropJoe 14.03.2012 21:28
Code:
21:22:18.0421 3572        TDSS rootkit removing tool 2.7.20.0 Mar  9 2012 17:10:43
21:22:20.0433 3572        ============================================================
21:22:20.0433 3572        Current date / time: 2012/03/14 21:22:20.0433
21:22:20.0433 3572        SystemInfo:
21:22:20.0433 3572       
21:22:20.0433 3572        OS Version: 6.1.7601 ServicePack: 1.0
21:22:20.0433 3572        Product type: Workstation
21:22:20.0433 3572        ComputerName: NPC
21:22:20.0433 3572        UserName: *****
21:22:20.0433 3572        Windows directory: C:\Windows
21:22:20.0433 3572        System windows directory: C:\Windows
21:22:20.0433 3572        Running under WOW64
21:22:20.0433 3572        Processor architecture: Intel x64
21:22:20.0433 3572        Number of processors: 2
21:22:20.0433 3572        Page size: 0x1000
21:22:20.0433 3572        Boot type: Normal boot
21:22:20.0433 3572        ============================================================
21:22:23.0444 3572        Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:22:23.0460 3572        Drive \Device\Harddisk2\DR2 - Size: 0xFB900000 (3.93 Gb), SectorSize: 0x200, Cylinders: 0x201, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
21:22:23.0475 3572        \Device\Harddisk0\DR0:
21:22:23.0507 3572        MBR used
21:22:23.0507 3572        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1A00800, BlocksNum 0x32000
21:22:23.0507 3572        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1A32800, BlocksNum 0xA323000
21:22:23.0522 3572        \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xBD56000, BlocksNum 0x2E62F800
21:22:23.0522 3572        \Device\Harddisk2\DR2:
21:22:23.0522 3572        MBR used
21:22:23.0522 3572        \Device\Harddisk2\DR2\Partition0: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0x7DC7C1
21:22:23.0600 3572        Initialize success
21:22:23.0600 3572        ============================================================
21:23:06.0500 4148        ============================================================
21:23:06.0500 4148        Scan started
21:23:06.0500 4148        Mode: Manual; SigCheck; TDLFS;
21:23:06.0500 4148        ============================================================
21:23:07.0280 4148        1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
21:23:07.0405 4148        1394ohci - ok
21:23:07.0467 4148        ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
21:23:07.0499 4148        ACPI - ok
21:23:07.0545 4148        AcpiPmi        (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
21:23:07.0592 4148        AcpiPmi - ok
21:23:07.0733 4148        adp94xx        (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
21:23:07.0779 4148        adp94xx - ok
21:23:07.0826 4148        adpahci        (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
21:23:07.0857 4148        adpahci - ok
21:23:07.0920 4148        adpu320        (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
21:23:07.0951 4148        adpu320 - ok
21:23:08.0045 4148        AFD            (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
21:23:08.0123 4148        AFD - ok
21:23:08.0247 4148        agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
21:23:08.0263 4148        agp440 - ok
21:23:08.0310 4148        aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
21:23:08.0325 4148        aliide - ok
21:23:08.0419 4148        amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
21:23:08.0435 4148        amdide - ok
21:23:08.0481 4148        AmdK8          (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
21:23:08.0528 4148        AmdK8 - ok
21:23:08.0793 4148        amdkmdag        (d3e6b2e1394d93fe9db0ba24814b0d8f) C:\Windows\system32\DRIVERS\atipmdag.sys
21:23:09.0059 4148        amdkmdag - ok
21:23:09.0152 4148        amdkmdap        (cc4d915d786d3da973b2ea9b95d59a29) C:\Windows\system32\DRIVERS\atikmpag.sys
21:23:09.0215 4148        amdkmdap - ok
21:23:09.0324 4148        AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
21:23:09.0386 4148        AmdPPM - ok
21:23:09.0480 4148        amdsata        (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
21:23:09.0511 4148        amdsata - ok
21:23:09.0558 4148        amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
21:23:09.0589 4148        amdsbs - ok
21:23:09.0620 4148        amdxata        (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
21:23:09.0636 4148        amdxata - ok
21:23:09.0698 4148        AppID          (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
21:23:09.0792 4148        AppID - ok
21:23:09.0901 4148        arc            (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
21:23:09.0932 4148        arc - ok
21:23:09.0963 4148        arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
21:23:09.0979 4148        arcsas - ok
21:23:10.0026 4148        AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
21:23:10.0104 4148        AsyncMac - ok
21:23:10.0151 4148        atapi          (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
21:23:10.0166 4148        atapi - ok
21:23:10.0307 4148        athr            (e642491f64e58cd5bc8fb8b347dcf65f) C:\Windows\system32\DRIVERS\athrx.sys
21:23:10.0353 4148        athr - ok
21:23:10.0494 4148        AtiPcie        (c07a040d6b5a42dd41ee386cf90974c8) C:\Windows\system32\DRIVERS\AtiPcie.sys
21:23:10.0556 4148        AtiPcie - ok
21:23:10.0697 4148        b06bdrv        (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
21:23:10.0790 4148        b06bdrv - ok
21:23:10.0899 4148        b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
21:23:10.0962 4148        b57nd60a - ok
21:23:11.0071 4148        Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
21:23:11.0180 4148        Beep - ok
21:23:11.0352 4148        BHDrvx64        (6c64fa457c200874faa87d74152e0d84) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20120302.001\BHDrvx64.sys
21:23:11.0399 4148        BHDrvx64 - ok
21:23:11.0477 4148        blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
21:23:11.0539 4148        blbdrive - ok
21:23:11.0586 4148        bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
21:23:11.0633 4148        bowser - ok
21:23:11.0742 4148        BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:23:11.0804 4148        BrFiltLo - ok
21:23:11.0913 4148        BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:23:11.0945 4148        BrFiltUp - ok
21:23:11.0976 4148        Brserid        (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
21:23:12.0038 4148        Brserid - ok
21:23:12.0069 4148        BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
21:23:12.0085 4148        BrSerWdm - ok
21:23:12.0194 4148        BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
21:23:12.0241 4148        BrUsbMdm - ok
21:23:12.0350 4148        BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
21:23:12.0381 4148        BrUsbSer - ok
21:23:12.0413 4148        BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
21:23:12.0475 4148        BTHMODEM - ok
21:23:12.0553 4148        cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
21:23:12.0631 4148        cdfs - ok
21:23:12.0709 4148        cdrom          (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
21:23:12.0771 4148        cdrom - ok
21:23:12.0896 4148        circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
21:23:12.0943 4148        circlass - ok
21:23:12.0990 4148        CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
21:23:13.0005 4148        CLFS - ok
21:23:13.0130 4148        CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
21:23:13.0177 4148        CmBatt - ok
21:23:13.0224 4148        cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
21:23:13.0239 4148        cmdide - ok
21:23:13.0286 4148        CNG            (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
21:23:13.0333 4148        CNG - ok
21:23:13.0427 4148        Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
21:23:13.0458 4148        Compbatt - ok
21:23:13.0505 4148        CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
21:23:13.0551 4148        CompositeBus - ok
21:23:13.0645 4148        crcdisk        (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
21:23:13.0676 4148        crcdisk - ok
21:23:13.0739 4148        DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
21:23:13.0817 4148        DfsC - ok
21:23:13.0926 4148        discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
21:23:13.0973 4148        discache - ok
21:23:14.0019 4148        Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
21:23:14.0051 4148        Disk - ok
21:23:14.0175 4148        drmkaud        (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
21:23:14.0222 4148        drmkaud - ok
21:23:14.0300 4148        DXGKrnl        (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
21:23:14.0331 4148        DXGKrnl - ok
21:23:14.0456 4148        ebdrv          (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
21:23:14.0597 4148        ebdrv - ok
21:23:14.0706 4148        eeCtrl          (0c3f9eff8ddd9f9eb56d754b4620155f) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
21:23:14.0753 4148        eeCtrl - ok
21:23:14.0893 4148        elxstor        (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
21:23:14.0940 4148        elxstor - ok
21:23:15.0049 4148        EraserUtilRebootDrv (8c0f9b877bc0b7ffd327ef55f9efb642) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
21:23:15.0080 4148        EraserUtilRebootDrv - ok
21:23:15.0174 4148        ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
21:23:15.0236 4148        ErrDev - ok
21:23:15.0423 4148        ewusbnet        (8adacffad67394c711698ea074ce3bab) C:\Windows\system32\DRIVERS\ewusbnet.sys
21:23:15.0455 4148        ewusbnet - ok
21:23:15.0548 4148        exfat          (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
21:23:15.0642 4148        exfat - ok
21:23:15.0689 4148        fastfat        (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
21:23:15.0767 4148        fastfat - ok
21:23:15.0860 4148        fdc            (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
21:23:15.0907 4148        fdc - ok
21:23:15.0938 4148        FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
21:23:15.0954 4148        FileInfo - ok
21:23:15.0969 4148        Filetrace      (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
21:23:16.0063 4148        Filetrace - ok
21:23:16.0094 4148        flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
21:23:16.0125 4148        flpydisk - ok
21:23:16.0235 4148        FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
21:23:16.0266 4148        FltMgr - ok
21:23:16.0313 4148        FsDepends      (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
21:23:16.0328 4148        FsDepends - ok
21:23:16.0359 4148        Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
21:23:16.0359 4148        Fs_Rec - ok
21:23:16.0422 4148        fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
21:23:16.0437 4148        fvevol - ok
21:23:16.0484 4148        gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
21:23:16.0515 4148        gagp30kx - ok
21:23:16.0703 4148        GEARAspiWDM    (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:23:16.0703 4148        GEARAspiWDM - ok
21:23:16.0843 4148        hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
21:23:16.0890 4148        hcw85cir - ok
21:23:17.0061 4148        HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
21:23:17.0108 4148        HdAudAddService - ok
21:23:17.0233 4148        HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
21:23:17.0280 4148        HDAudBus - ok
21:23:17.0342 4148        HidBatt        (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
21:23:17.0389 4148        HidBatt - ok
21:23:17.0561 4148        HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
21:23:17.0623 4148        HidBth - ok
21:23:17.0763 4148        HidIr          (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
21:23:17.0810 4148        HidIr - ok
21:23:17.0935 4148        HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
21:23:17.0966 4148        HidUsb - ok
21:23:18.0450 4148        HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
21:23:18.0481 4148        HpSAMD - ok
21:23:18.0606 4148        HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
21:23:18.0731 4148        HTTP - ok
21:23:18.0840 4148        hwdatacard      (d969d0e26c5b1e813b17066a8318d5d4) C:\Windows\system32\DRIVERS\ewusbmdm.sys
21:23:18.0871 4148        hwdatacard - ok
21:23:18.0980 4148        hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
21:23:19.0011 4148        hwpolicy - ok
21:23:19.0121 4148        hwusbdev        (b45b3647ba32749b94fa689175ec8c26) C:\Windows\system32\DRIVERS\ewusbdev.sys
21:23:19.0183 4148        hwusbdev - ok
21:23:19.0479 4148        i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
21:23:19.0526 4148        i8042prt - ok
21:23:19.0573 4148        iaStorV        (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
21:23:19.0604 4148        iaStorV - ok
21:23:19.0760 4148        IDSVia64        (18c40c3f368323b203ace403cb430db1) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20120310.001\IDSvia64.sys
21:23:19.0791 4148        IDSVia64 - ok
21:23:19.0901 4148        iirsp          (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
21:23:19.0916 4148        iirsp - ok
21:23:20.0057 4148        IntcAzAudAddService (235362d403d9d677514649d88db31914) C:\Windows\system32\drivers\RTKVHD64.sys
21:23:20.0119 4148        IntcAzAudAddService - ok
21:23:20.0166 4148        intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
21:23:20.0197 4148        intelide - ok
21:23:20.0244 4148        intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
21:23:20.0291 4148        intelppm - ok
21:23:20.0337 4148        IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:23:20.0400 4148        IpFilterDriver - ok
21:23:20.0447 4148        IPMIDRV        (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
21:23:20.0493 4148        IPMIDRV - ok
21:23:20.0540 4148        IPNAT          (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
21:23:20.0618 4148        IPNAT - ok
21:23:20.0712 4148        IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
21:23:20.0774 4148        IRENUM - ok
21:23:20.0821 4148        isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
21:23:20.0837 4148        isapnp - ok
21:23:20.0883 4148        iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
21:23:20.0930 4148        iScsiPrt - ok
21:23:21.0055 4148        k57nd60a        (37e053a2cf8f0082b689ed74106e0cec) C:\Windows\system32\DRIVERS\k57nd60a.sys
21:23:21.0086 4148        k57nd60a - ok
21:23:21.0133 4148        kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
21:23:21.0149 4148        kbdclass - ok
21:23:21.0195 4148        kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
21:23:21.0242 4148        kbdhid - ok
21:23:21.0351 4148        KSecDD          (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
21:23:21.0383 4148        KSecDD - ok
21:23:21.0398 4148        KSecPkg        (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
21:23:21.0429 4148        KSecPkg - ok
21:23:21.0476 4148        ksthunk        (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
21:23:21.0554 4148        ksthunk - ok
21:23:21.0663 4148        lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
21:23:21.0757 4148        lltdio - ok
21:23:21.0788 4148        LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
21:23:21.0804 4148        LSI_FC - ok
21:23:21.0835 4148        LSI_SAS        (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
21:23:21.0851 4148        LSI_SAS - ok
21:23:21.0866 4148        LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:23:21.0882 4148        LSI_SAS2 - ok
21:23:21.0897 4148        LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:23:21.0913 4148        LSI_SCSI - ok
21:23:21.0944 4148        luafv          (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
21:23:22.0053 4148        luafv - ok
21:23:22.0085 4148        megasas        (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
21:23:22.0085 4148        megasas - ok
21:23:22.0131 4148        MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
21:23:22.0163 4148        MegaSR - ok
21:23:22.0287 4148        Modem          (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
21:23:22.0334 4148        Modem - ok
21:23:22.0397 4148        monitor        (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
21:23:22.0444 4148        monitor - ok
21:23:22.0568 4148        mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
21:23:22.0584 4148        mouclass - ok
21:23:22.0662 4148        mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
21:23:22.0709 4148        mouhid - ok
21:23:22.0787 4148        mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
21:23:22.0802 4148        mountmgr - ok
21:23:22.0865 4148        mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
21:23:22.0880 4148        mpio - ok
21:23:22.0943 4148        mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
21:23:23.0005 4148        mpsdrv - ok
21:23:23.0052 4148        MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
21:23:23.0099 4148        MRxDAV - ok
21:23:23.0146 4148        mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:23:23.0177 4148        mrxsmb - ok
21:23:23.0286 4148        mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:23:23.0333 4148        mrxsmb10 - ok
21:23:23.0380 4148        mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:23:23.0411 4148        mrxsmb20 - ok
21:23:23.0770 4148        msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
21:23:23.0785 4148        msahci - ok
21:23:23.0816 4148        msdsm          (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
21:23:23.0848 4148        msdsm - ok
21:23:23.0910 4148        Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
21:23:23.0957 4148        Msfs - ok
21:23:23.0972 4148        mshidkmdf      (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
21:23:24.0035 4148        mshidkmdf - ok
21:23:24.0082 4148        msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
21:23:24.0097 4148        msisadrv - ok
21:23:24.0206 4148        MSKSSRV        (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
21:23:24.0284 4148        MSKSSRV - ok
21:23:24.0331 4148        MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
21:23:24.0409 4148        MSPCLOCK - ok
21:23:24.0518 4148        MSPQM          (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
21:23:24.0628 4148        MSPQM - ok
21:23:24.0737 4148        MsRPC          (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
21:23:24.0784 4148        MsRPC - ok
21:23:24.0830 4148        mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
21:23:24.0846 4148        mssmbios - ok
21:23:24.0940 4148        MSTEE          (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
21:23:25.0033 4148        MSTEE - ok
21:23:25.0064 4148        MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
21:23:25.0080 4148        MTConfig - ok
21:23:25.0127 4148        Mup            (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
21:23:25.0127 4148        Mup - ok
21:23:25.0252 4148        NativeWifiP    (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
21:23:25.0298 4148        NativeWifiP - ok
21:23:25.0486 4148        NAVENG          (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120313.002\ENG64.SYS
21:23:25.0517 4148        NAVENG - ok
21:23:25.0751 4148        NAVEX15        (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120313.002\EX64.SYS
21:23:25.0844 4148        NAVEX15 - ok
21:23:25.0985 4148        NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
21:23:26.0032 4148        NDIS - ok
21:23:26.0094 4148        NdisCap        (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
21:23:26.0172 4148        NdisCap - ok
21:23:26.0250 4148        NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
21:23:26.0328 4148        NdisTapi - ok
21:23:26.0437 4148        Ndisuio        (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
21:23:26.0500 4148        Ndisuio - ok
21:23:26.0546 4148        NdisWan        (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
21:23:26.0624 4148        NdisWan - ok
21:23:26.0718 4148        NDProxy        (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
21:23:26.0780 4148        NDProxy - ok
21:23:26.0905 4148        NetBIOS        (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
21:23:26.0983 4148        NetBIOS - ok
21:23:27.0030 4148        NetBT          (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
21:23:27.0108 4148        NetBT - ok
21:23:27.0217 4148        nfrd960        (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
21:23:27.0248 4148        nfrd960 - ok
21:23:27.0295 4148        Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
21:23:27.0342 4148        Npfs - ok
21:23:27.0436 4148        nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
21:23:27.0498 4148        nsiproxy - ok
21:23:27.0576 4148        Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
21:23:27.0654 4148        Ntfs - ok
21:23:27.0748 4148        NTIDrvr        (64ddd0dee976302f4bd93e5efcc2f013) C:\Windows\system32\drivers\NTIDrvr.sys
21:23:27.0763 4148        NTIDrvr - ok
21:23:27.0779 4148        Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
21:23:27.0841 4148        Null - ok
21:23:27.0950 4148        nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
21:23:27.0982 4148        nvraid - ok
21:23:28.0013 4148        nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
21:23:28.0028 4148        nvstor - ok
21:23:28.0060 4148        nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
21:23:28.0091 4148        nv_agp - ok
21:23:28.0138 4148        ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
21:23:28.0169 4148        ohci1394 - ok
21:23:28.0325 4148        Parport        (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
21:23:28.0372 4148        Parport - ok
21:23:28.0418 4148        partmgr        (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
21:23:28.0450 4148        partmgr - ok
21:23:28.0574 4148        PCDSRVC{EDD8E36B-5B151F0E-06020101}_0 - ok
21:23:28.0684 4148        pci            (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
21:23:28.0715 4148        pci - ok
21:23:28.0855 4148        pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
21:23:28.0871 4148        pciide - ok
21:23:28.0902 4148        pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
21:23:28.0933 4148        pcmcia - ok
21:23:28.0964 4148        pcw            (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
21:23:28.0980 4148        pcw - ok
21:23:29.0011 4148        PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
21:23:29.0074 4148        PEAUTH - ok
21:23:29.0214 4148        PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
21:23:29.0292 4148        PptpMiniport - ok
21:23:29.0323 4148        Processor      (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
21:23:29.0354 4148        Processor - ok
21:23:29.0479 4148        Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
21:23:29.0542 4148        Psched - ok
21:23:29.0573 4148        PxHlpa64        (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
21:23:29.0588 4148        PxHlpa64 - ok
21:23:29.0682 4148        ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
21:23:29.0776 4148        ql2300 - ok
21:23:29.0822 4148        ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
21:23:29.0854 4148        ql40xx - ok
21:23:29.0885 4148        QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
21:23:29.0916 4148        QWAVEdrv - ok
21:23:29.0947 4148        RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
21:23:29.0978 4148        RasAcd - ok
21:23:30.0025 4148        RasAgileVpn    (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
21:23:30.0072 4148        RasAgileVpn - ok
21:23:30.0119 4148        Rasl2tp        (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:23:30.0181 4148        Rasl2tp - ok
21:23:30.0212 4148        RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
21:23:30.0290 4148        RasPppoe - ok
21:23:30.0400 4148        RasSstp        (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
21:23:30.0462 4148        RasSstp - ok
21:23:30.0524 4148        rdbss          (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
21:23:30.0618 4148        rdbss - ok
21:23:30.0665 4148        rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
21:23:30.0696 4148        rdpbus - ok
21:23:30.0727 4148        RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:23:30.0774 4148        RDPCDD - ok
21:23:30.0852 4148        RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
21:23:30.0930 4148        RDPENCDD - ok
21:23:30.0961 4148        RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
21:23:30.0992 4148        RDPREFMP - ok
21:23:31.0039 4148        RDPWD          (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
21:23:31.0070 4148        RDPWD - ok
21:23:31.0195 4148        rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
21:23:31.0226 4148        rdyboost - ok
21:23:31.0367 4148        rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
21:23:31.0460 4148        rspndr - ok
21:23:31.0585 4148        RSUSBSTOR      (763ae0c6d9df4c24b7e2c26036a8188a) C:\Windows\System32\Drivers\RtsUStor.sys
21:23:31.0616 4148        RSUSBSTOR - ok
21:23:31.0663 4148        RTHDMIAzAudService (d6d381b76056c668679723938f06f16c) C:\Windows\system32\drivers\RtHDMIVX.sys
21:23:31.0694 4148        RTHDMIAzAudService - ok
21:23:31.0741 4148        sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
21:23:31.0757 4148        sbp2port - ok
21:23:31.0804 4148        scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
21:23:31.0850 4148        scfilter - ok
21:23:31.0960 4148        secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
21:23:32.0053 4148        secdrv - ok
21:23:32.0116 4148        Serenum        (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
21:23:32.0162 4148        Serenum - ok
21:23:32.0178 4148        Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
21:23:32.0225 4148        Serial - ok
21:23:32.0272 4148        sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
21:23:32.0287 4148        sermouse - ok
21:23:32.0350 4148        sffdisk        (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
21:23:32.0381 4148        sffdisk - ok
21:23:32.0428 4148        sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
21:23:32.0443 4148        sffp_mmc - ok
21:23:32.0474 4148        sffp_sd        (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
21:23:32.0506 4148        sffp_sd - ok
21:23:32.0552 4148        sfloppy        (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
21:23:32.0584 4148        sfloppy - ok
21:23:32.0646 4148        SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:23:32.0662 4148        SiSRaid2 - ok
21:23:32.0708 4148        SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
21:23:32.0724 4148        SiSRaid4 - ok
21:23:32.0771 4148        Smb            (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
21:23:32.0818 4148        Smb - ok
21:23:32.0880 4148        spldr          (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
21:23:32.0896 4148        spldr - ok
21:23:33.0036 4148        SRTSP          (90ef30c3867bcde4579c01a6d6e75a7a) C:\Windows\System32\Drivers\N360x64\0502000.00D\SRTSP64.SYS
21:23:33.0067 4148        SRTSP - ok
21:23:33.0208 4148        SRTSPX          (c513e8a5e7978da49077f5484344ee1b) C:\Windows\system32\drivers\N360x64\0502000.00D\SRTSPX64.SYS
21:23:33.0223 4148        SRTSPX - ok
21:23:33.0348 4148        srv            (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
21:23:33.0410 4148        srv - ok
21:23:33.0457 4148        srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
21:23:33.0504 4148        srv2 - ok
21:23:33.0613 4148        srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
21:23:33.0660 4148        srvnet - ok
21:23:33.0785 4148        stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
21:23:33.0800 4148        stexstor - ok
21:23:33.0863 4148        swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
21:23:33.0878 4148        swenum - ok
21:23:34.0050 4148        SymDS          (6160145c7a87fc7672e8e3b886888176) C:\Windows\system32\drivers\N360x64\0502000.00D\SYMDS64.SYS
21:23:34.0097 4148        SymDS - ok
21:23:34.0253 4148        SymEFA          (96aeed40d4d3521568b42027687e69e0) C:\Windows\system32\drivers\N360x64\0502000.00D\SYMEFA64.SYS
21:23:34.0315 4148        SymEFA - ok
21:23:34.0440 4148        SymEvent        (21a1c2d694c3cf962d31f5e873ab3d6f) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
21:23:34.0456 4148        SymEvent - ok
21:23:34.0565 4148        SymIRON        (bd0d711d8cbfcaa19ca123306eaf53a5) C:\Windows\system32\drivers\N360x64\0502000.00D\Ironx64.SYS
21:23:34.0580 4148        SymIRON - ok
21:23:34.0721 4148        SymNetS        (a6adb3d83023f8daa0f7b6fda785d83b) C:\Windows\System32\Drivers\N360x64\0502000.00D\SYMNETS.SYS
21:23:34.0752 4148        SymNetS - ok
21:23:34.0861 4148        SynTP          (064a2530a4a7c7cec1be6a1945645be4) C:\Windows\system32\DRIVERS\SynTP.sys
21:23:34.0892 4148        SynTP - ok
21:23:35.0002 4148        Tcpip          (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
21:23:35.0111 4148        Tcpip - ok
21:23:35.0204 4148        TCPIP6          (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
21:23:35.0267 4148        TCPIP6 - ok
21:23:35.0392 4148        tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
21:23:35.0454 4148        tcpipreg - ok
21:23:35.0548 4148        TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
21:23:35.0579 4148        TDPIPE - ok
21:23:35.0610 4148        TDTCP          (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
21:23:35.0657 4148        TDTCP - ok
21:23:35.0782 4148        tdx            (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
21:23:35.0875 4148        tdx - ok
21:23:35.0922 4148        TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
21:23:35.0938 4148        TermDD - ok
21:23:35.0984 4148        tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:23:36.0078 4148        tssecsrv - ok
21:23:36.0187 4148        TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
21:23:36.0234 4148        TsUsbFlt - ok
21:23:36.0359 4148        tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
21:23:36.0437 4148        tunnel - ok
21:23:36.0530 4148        uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
21:23:36.0562 4148        uagp35 - ok
21:23:36.0593 4148        UBHelper        (2e22c1fd397a5a9ffef55e9d1fc96c00) C:\Windows\system32\drivers\UBHelper.sys
21:23:36.0608 4148        UBHelper - ok
21:23:36.0640 4148        udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
21:23:36.0733 4148        udfs - ok
21:23:36.0842 4148        uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
21:23:36.0874 4148        uliagpkx - ok
21:23:36.0905 4148        umbus          (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
21:23:36.0936 4148        umbus - ok
21:23:37.0030 4148        UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
21:23:37.0076 4148        UmPass - ok
21:23:37.0139 4148        usbccgp        (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
21:23:37.0201 4148        usbccgp - ok
21:23:37.0310 4148        usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
21:23:37.0342 4148        usbcir - ok
21:23:37.0404 4148        usbehci        (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
21:23:37.0435 4148        usbehci - ok
21:23:37.0544 4148        usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
21:23:37.0591 4148        usbhub - ok
21:23:37.0700 4148        usbohci        (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
21:23:37.0763 4148        usbohci - ok
21:23:37.0810 4148        usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
21:23:37.0841 4148        usbprint - ok
21:23:37.0919 4148        USBSTOR        (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:23:37.0966 4148        USBSTOR - ok
21:23:38.0044 4148        usbuhci        (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
21:23:38.0075 4148        usbuhci - ok
21:23:38.0200 4148        usbvideo        (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
21:23:38.0262 4148        usbvideo - ok
21:23:38.0387 4148        vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
21:23:38.0402 4148        vdrvroot - ok
21:23:38.0465 4148        vga            (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
21:23:38.0496 4148        vga - ok
21:23:38.0512 4148        VgaSave        (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
21:23:38.0574 4148        VgaSave - ok
21:23:38.0621 4148        vhdmp          (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
21:23:38.0652 4148        vhdmp - ok
21:23:38.0699 4148        viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
21:23:38.0730 4148        viaide - ok
21:23:38.0777 4148        volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
21:23:38.0792 4148        volmgr - ok
21:23:38.0839 4148        volmgrx        (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
21:23:38.0855 4148        volmgrx - ok
21:23:38.0902 4148        volsnap        (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
21:23:38.0933 4148        volsnap - ok
21:23:38.0980 4148        vsmraid        (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
21:23:38.0995 4148        vsmraid - ok
21:23:39.0042 4148        vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
21:23:39.0058 4148        vwifibus - ok
21:23:39.0089 4148        vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
21:23:39.0136 4148        vwififlt - ok
21:23:39.0260 4148        vwifimp        (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
21:23:39.0292 4148        vwifimp - ok
21:23:39.0323 4148        WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
21:23:39.0370 4148        WacomPen - ok
21:23:39.0494 4148        WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
21:23:39.0588 4148        WANARP - ok
21:23:39.0604 4148        Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
21:23:39.0650 4148        Wanarpv6 - ok
21:23:39.0728 4148        Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
21:23:39.0760 4148        Wd - ok
21:23:39.0806 4148        Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
21:23:39.0838 4148        Wdf01000 - ok
21:23:39.0978 4148        WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
21:23:40.0056 4148        WfpLwf - ok
21:23:40.0072 4148        WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
21:23:40.0087 4148        WIMMount - ok
21:23:40.0196 4148        WmiAcpi        (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
21:23:40.0306 4148        WmiAcpi - ok
21:23:40.0415 4148        ws2ifsl        (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
21:23:40.0493 4148        ws2ifsl - ok
21:23:40.0540 4148        WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
21:23:40.0586 4148        WudfPf - ok
21:23:40.0602 4148        WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:23:40.0664 4148        WUDFRd - ok
21:23:40.0758 4148        MBR (0x1B8)    (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
21:23:40.0992 4148        \Device\Harddisk0\DR0 - ok
21:23:41.0008 4148        MBR (0x1B8)    (e5fa06aca0d60ba9c870d0ef3d9898c9) \Device\Harddisk2\DR2
21:23:47.0731 4148        \Device\Harddisk2\DR2 - ok
21:23:47.0731 4148        Boot (0x1200)  (eae31c0f8cb36874a952a243be97fb8b) \Device\Harddisk0\DR0\Partition0
21:23:47.0731 4148        \Device\Harddisk0\DR0\Partition0 - ok
21:23:47.0747 4148        Boot (0x1200)  (dbf621bcc68ae68050b2804c36e45f8a) \Device\Harddisk0\DR0\Partition1
21:23:47.0747 4148        \Device\Harddisk0\DR0\Partition1 - ok
21:23:47.0778 4148        Boot (0x1200)  (e1569c0ac76db41e1f16365263e8188e) \Device\Harddisk0\DR0\Partition2
21:23:47.0778 4148        \Device\Harddisk0\DR0\Partition2 - ok
21:23:47.0778 4148        Boot (0x1200)  (62029afef553a5a2f49f76b8fe530acf) \Device\Harddisk2\DR2\Partition0
21:23:47.0778 4148        \Device\Harddisk2\DR2\Partition0 - ok
21:23:47.0778 4148        ============================================================
21:23:47.0778 4148        Scan finished
21:23:47.0778 4148        ============================================================
21:23:47.0794 2300        Detected object count: 0
21:23:47.0794 2300        Actual detected object count: 0

cosinus 14.03.2012 22:01
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

PropJoe 23.03.2012 23:59
Code:
ComboFix 12-03-17.01 - ***** 18.03.2012  23:22:27.2.2 - x64
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.4091.2527 [GMT 1:00]
ausgeführt von:: c:\users\*****\Desktop\ComboFix.exe
AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\AutocompletePro
c:\program files (x86)\AutocompletePro\chrome\autocompleteprochrome.crx
c:\program files (x86)\AutocompletePro\FireFoxExtension.exe
c:\program files (x86)\AutocompletePro\InstTracker.exe
c:\program files (x86)\AutocompletePro\support@predictad.com\chrome.manifest
c:\program files (x86)\AutocompletePro\support@predictad.com\chrome\content\browserOverlay.xul
c:\program files (x86)\AutocompletePro\support@predictad.com\chrome\content\options.js
c:\program files (x86)\AutocompletePro\support@predictad.com\chrome\content\options.xul
c:\program files (x86)\AutocompletePro\support@predictad.com\chrome\content\utils.js
c:\program files (x86)\AutocompletePro\support@predictad.com\defaults\preferences\predictad.js
c:\program files (x86)\AutocompletePro\support@predictad.com\install.rdf
c:\program files (x86)\AutocompletePro\unins000.dat
c:\program files (x86)\AutocompletePro\unins000.exe
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-02-18 bis 2012-03-18  ))))))))))))))))))))))))))))))
.
.
2012-03-18 23:03 . 2012-03-18 23:03        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-03-14 21:57 . 2011-11-19 15:20        5559152        ----a-w-        c:\windows\system32\ntoskrnl.exe
2012-03-14 21:57 . 2011-11-19 14:50        3968368        ----a-w-        c:\windows\SysWow64\ntkrnlpa.exe
2012-03-14 21:57 . 2011-11-19 14:50        3913584        ----a-w-        c:\windows\SysWow64\ntoskrnl.exe
2012-03-14 20:43 . 2012-02-03 04:34        3145728        ----a-w-        c:\windows\system32\win32k.sys
2012-03-14 20:43 . 2012-02-10 06:36        1544192        ----a-w-        c:\windows\system32\DWrite.dll
2012-03-14 20:43 . 2012-02-10 05:38        1077248        ----a-w-        c:\windows\SysWow64\DWrite.dll
2012-03-13 21:03 . 2012-02-17 06:38        1031680        ----a-w-        c:\windows\system32\rdpcore.dll
2012-03-13 21:03 . 2012-02-17 05:34        826880        ----a-w-        c:\windows\SysWow64\rdpcore.dll
2012-03-13 21:03 . 2012-02-17 04:58        210944        ----a-w-        c:\windows\system32\drivers\rdpwd.sys
2012-03-13 21:03 . 2012-02-17 04:57        23552        ----a-w-        c:\windows\system32\drivers\tdtcp.sys
2012-03-13 21:02 . 2012-01-25 06:38        77312        ----a-w-        c:\windows\system32\rdpwsx.dll
2012-03-13 21:02 . 2012-01-25 06:38        149504        ----a-w-        c:\windows\system32\rdpcorekmts.dll
2012-03-13 21:02 . 2012-01-25 06:33        9216        ----a-w-        c:\windows\system32\rdrmemptylst.exe
2012-03-10 13:01 . 2012-03-10 13:01        --------        d-----w-        C:\_OTL
2012-02-26 19:43 . 2012-02-26 19:43        --------        d-----w-        c:\program files (x86)\Veetle
2012-02-21 20:29 . 2012-02-21 20:29        --------        d-----w-        c:\program files (x86)\ESET
2012-02-19 20:44 . 2012-02-19 20:44        --------        d-----w-        c:\users\****\AppData\Roaming\Malwarebytes
2012-02-19 20:44 . 2012-02-19 20:44        --------        d-----w-        c:\programdata\Malwarebytes
2012-02-18 22:53 . 2012-02-19 20:47        --------        d-----w-        c:\users\*****\AppData\Local\NPE
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-10 10:12 . 2011-09-25 12:06        414368        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-08 21:20 . 2012-02-08 21:20        174200        ----a-w-        c:\windows\system32\drivers\SYMEVENT64x86.SYS
2012-01-26 23:52 . 2011-01-29 17:13        279656        ------w-        c:\windows\system32\MpSigStub.exe
2012-01-17 03:39 . 2012-02-08 20:40        8602168        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{5E157E2B-89A1-4939-B6D2-8D14AC8E4446}\mpengine.dll
2012-01-04 10:44 . 2012-02-14 20:54        509952        ----a-w-        c:\windows\system32\ntshrui.dll
2012-01-04 08:58 . 2012-02-14 20:54        442880        ----a-w-        c:\windows\SysWow64\ntshrui.dll
2012-01-04 00:48 . 2012-01-04 00:48        354176        ----a-w-        c:\windows\SysWow64\DivXControlPanelApplet.cpl
2011-12-30 06:26 . 2012-02-14 20:54        515584        ----a-w-        c:\windows\system32\timedate.cpl
2011-12-30 05:27 . 2012-02-14 20:54        478720        ----a-w-        c:\windows\SysWow64\timedate.cpl
2011-12-28 03:59 . 2012-02-14 20:54        498688        ----a-w-        c:\windows\system32\drivers\afd.sys
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe" [2010-06-28 263936]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-04-21 98304]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-08-10 975952]
"VideoWebCamera"="c:\program files (x86)\VideoWebCamera\VideoWebCamera.exe" [2010-05-26 1545568]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"FreePDF Assistant"="c:\program files (x86)\FreePDF_XP\fpassist.exe" [2010-06-17 370176]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-02 136176]
R3 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-10-09 169312]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-02 136176]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [x]
R3 PCDSRVC{EDD8E36B-5B151F0E-06020101}_0;PCDSRVC{EDD8E36B-5B151F0E-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\users\*****\appdata\local\temp\xesc82lluhdr\pcdrdiag\bin\pcdsrvc_x64.pkms [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0502000.00D\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0502000.00D\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20120302.001\BHDrvx64.sys [2012-03-02 1157240]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20120316.005\IDSvia64.sys [2012-02-07 488568]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0502000.00D\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\0502000.00D\SYMNETS.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-08-10 321104]
S2 ePowerSvc;Acer ePower Service;c:\program files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [2010-06-11 868896]
S2 GREGService;GREGService;c:\program files (x86)\Packard Bell\Registration\GREGsvc.exe [2010-01-08 23584]
S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\5.2.0.13\ccSvcHst.exe [2011-04-17 130008]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe [2010-06-28 255744]
S2 Updater Service;Updater Service;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe [2010-01-28 243232]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-02-08 138360]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2012-03-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-02 23:09]
.
2012-03-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-02 23:09]
.
2012-03-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1164433500-2484290119-350120935-1000Core.job
- c:\users\*****\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-25 12:24]
.
2012-03-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1164433500-2484290119-350120935-1000UA.job
- c:\users\*****\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-25 12:24]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-06-22 10920552]
"PLFSetI"="c:\windows\PLFSetI.exe" [2010-06-09 206208]
"Acer ePower Management"="c:\program files\Packard Bell\Packard Bell Power Management\ePowerTray.exe" [2010-06-11 861216]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uStart Page =
uLocal Page = c:\windows\system32\blank.htm
mStart Page =
mLocal Page =
IE: Free YouTube to MP3 Converter - c:\users\*****\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: youtube.com\www
TCP: Interfaces\{31656834-DE9A-4E04-8AF6-810737781926}: NameServer = 193.189.244.206 193.189.244.225
TCP: Interfaces\{B49A345D-43BE-4FAB-A924-F0E2C4A265EB}: NameServer = 193.189.244.225 193.189.244.206
TCP: Interfaces\{C783F711-25D9-43D6-8BE9-8A4FAC52DB9D}: NameServer = 193.189.244.225 193.189.244.206
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-AutocompletePro3_is1 - c:\program files (x86)\AutocompletePro\unins000.exe
AddRemove-ESET Online Scanner - c:\program files (x86)\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe
AddRemove-Octoshape add-in for Adobe Flash Player - c:\users\*****\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\5.2.0.13\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\5.2.0.13\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{EDD8E36B-5B151F0E-06020101}_0]
"ImagePath"="\??\c:\users\*****\appdata\local\temp\xesc82lluhdr\pcdrdiag\bin\pcdsrvc_x64.pkms"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-03-19  00:10:41 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-03-18 23:10
.
Vor Suchlauf: 8 Verzeichnis(se), 44.030.808.064 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 43.517.771.776 Bytes frei
.
- - End Of File - - 3BE1BEBF4589CEB00778B3009C94CC9F

cosinus 24.03.2012 18:18
Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm!
  • Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

PropJoe 24.03.2012 23:37
Code:
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-03-24 21:21:48
-----------------------------
21:21:48.467    OS Version: Windows x64 6.1.7601 Service Pack 1
21:21:48.467    Number of processors: 2 586 0x603
21:21:48.467    ComputerName: NPC  UserName:
21:21:50.667    Initialize success
21:25:46.539    AVAST engine defs: 12032400
21:36:22.245    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
21:36:22.245    Disk 0 Vendor: ST9500325AS 0001SDM1 Size: 476940MB BusType: 11
21:36:22.261    Disk 0 MBR read successfully
21:36:22.277    Disk 0 MBR scan
21:36:22.308    Disk 0 Windows 7 default MBR code
21:36:22.323    Disk 0 Partition 1 00    27 Hidden NTFS WinRE NTFS        13312 MB offset 2048
21:36:22.339    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 27265024
21:36:22.355    Disk 0 Partition 3 00    07    HPFS/NTFS NTFS        83526 MB offset 27469824
21:36:22.370    Disk 0 Partition - 00    0F Extended LBA            380000 MB offset 198531072
21:36:22.401    Disk 0 Partition 4 00    07    HPFS/NTFS NTFS      379999 MB offset 198533120
21:36:22.448    Disk 0 scanning C:\Windows\system32\drivers
21:36:38.938    Service scanning
21:37:08.858    Modules scanning
21:37:08.874    Disk 0 trace - called modules:
21:37:08.890    ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
21:37:08.905    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800460e060]
21:37:08.905    3 CLASSPNP.SYS[fffff88001b7443f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004598060]
21:37:09.872    AVAST engine scan C:\Windows
21:37:13.024    AVAST engine scan C:\Windows\system32
21:41:13.420    AVAST engine scan C:\Windows\system32\drivers
21:41:32.499    AVAST engine scan C:\Users\F
21:50:10.607    AVAST engine scan C:\ProgramData
21:53:16.590    Scan finished successfully
21:57:01.792    Disk 0 MBR has been saved successfully to "C:\Users\*****\Desktop\MBR.dat"
21:57:01.808    The log file has been saved successfully to "C:\Users\*****\Desktop\aswMBR.txt"

cosinus 25.03.2012 14:49
Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!


Alle Zeitangaben in WEZ +1. Es ist jetzt 16:27 Uhr.

Copyright ©2000-2024, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130