Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Desktop schwarz, Dateien nicht sichtbar und kein Zugriff auf Programme z.B. MS Office (https://www.trojaner-board.de/98795-desktop-schwarz-dateien-sichtbar-kein-zugriff-programme-z-b-ms-office.html)

squama 07.05.2011 18:34
Desktop schwarz, Dateien nicht sichtbar und kein Zugriff auf Programme z.B. MS Office
 
Hallo,

ich habe folgendes Problem und ich hoffe Ihr koennt mir helfen:
Ganz ploetzlich hab ich eine Nachricht bekommen, die besagte, dass ich einen Festplattenfehler habe. Der genaue Wortlaut faellt mir nicht mehr ein. Die Nachricht kam andauernd und ich habe dann meinen Laptop neu gestartet. Nach dem Neustart war dann mein Desktop schwarz und alle Dateien waren verschwunden, obwohl mir angezeigt wurde, dass der Speicherplatz auf der Festplatte sich nicht veraendert hat. Die Dateien muessen also noch da sein. Programme wie MS Office kann ich nicht benutzen. Internet funktioniert jedoch, da ich es an meiner Startleiste "angepint" hab.

Ich habe gelesen, dass viele schon dieses Problem gehabt haben in den letzten Tagen. Ich habe von dem Trojaner TR/Kazy.merml.1 gelesen und vermute nun diesen auch bei mir.

Ich wollte jetzt nichts "auf eigene Faust" machen, weil ich mich damit einfach nicht auskenne. Deshalb bitte ich Euch um Hilfe. Ich hoffe Ihr koennt mir dabei helfen; auf dem Laptop sind noch einige wichtige Bilder und Dateien, die ich noch nicht anderweitig abgespeichert habe...

Vielen Dank schon mal im Vorraus!!!

cosinus 07.05.2011 21:49
Hallo und :hallo:

Bitte routinemäßig einen Vollscan mit malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!


Danach OTL-Custom:


CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

squama 08.05.2011 09:28
Guten morgen und danke fuer die schnelle Antwort!


Hier ist die Logdatei:


Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6529

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

08.05.2011 10:26:15
mbam-log-2011-05-08 (10-25-47).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|F:\|G:\|)
Durchsuchte Objekte: 295219
Laufzeit: 54 Minute(n), 43 Sekunde(n)

Infizierte Speicherprozesse: 1
Infizierte Speichermodule: 1
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 2
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 1
Infizierte Dateien: 7

Infizierte Speicherprozesse:
c:\Users\Mila\AppData\Local\Temp\mmc93.exe (Heuristics.Shuriken) -> 2252 -> No action taken.

Infizierte Speichermodule:
c:\Users\Mila\AppData\Local\ezayekitenimiq.dll (Trojan.Hiloti) -> No action taken.

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Uqunelehefonuloh (Trojan.Hiloti) -> Value: Uqunelehefonuloh -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\PID (Heuristics.Shuriken) -> Value: PID -> No action taken.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
c:\Users\Mila\AppData\Roaming\microsoft\Windows\start menu\Programs\windows recovery (Trojan.FakeAV) -> No action taken.

Infizierte Dateien:
c:\Users\Mila\AppData\Local\ezayekitenimiq.dll (Trojan.Hiloti) -> No action taken.
c:\Users\Mila\AppData\Local\Temp\mmc93.exe (Heuristics.Shuriken) -> No action taken.
c:\Users\Mila\Desktop\windows recovery.lnk (Trojan.FakeAV) -> No action taken.
c:\Users\Mila\AppData\Roaming\microsoft\Windows\start menu\Programs\windows recovery\uninstall windows recovery.lnk (Trojan.FakeAV) -> No action taken.
c:\Users\Mila\AppData\Roaming\microsoft\Windows\start menu\Programs\windows recovery\windows recovery.lnk (Trojan.FakeAV) -> No action taken.
c:\Users\Mila\AppData\Roaming\Adobe\plugs\mmc44.exe (Trojan.Agent) -> No action taken.
c:\Users\Mila\AppData\Roaming\Adobe\plugs\mmc93.exe (Trojan.Agent) -> No action taken.

squama 08.05.2011 09:59
Ich hab die mit Malwarebytes gefundenen Trojaner nicht entfernt, weil ich nicht wusste ob ich da was machen soll. Ich habe das Programm einfach geschlossen und die Logdatei gespeichert und sie dann hier reinkopiert. War das richtig so?


Hier ist der OTL-Scan:OTL Logfile:
Code:
OTL logfile created on: 08/05/2011 10:37:00 AM - Run 1
OTL by OldTimer - Version 3.2.22.3    Folder = C:\Users\Mila\Downloads
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00001009 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
 
4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 56.00% Memory free
8.00 Gb Paging File | 5.00 Gb Available in Paging File | 70.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 457.34 Gb Total Space | 332.92 Gb Free Space | 72.79% Space Free | Partition Type: NTFS
 
Computer Name: MILA-VAIO | User Name: Mila | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011/05/08 10:30:40 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Mila\Downloads\OTL.exe
PRC - [2011/05/04 02:34:15 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/04/29 14:18:52 | 000,094,208 | -H-- | M] (goefxtjowji) -- C:\Users\Mila\AppData\Local\Temp\mmc93.exe
PRC - [2011/04/18 19:25:12 | 003,460,784 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/04/18 19:25:10 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/03/28 16:15:04 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011/03/28 16:14:56 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011/03/28 16:14:56 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/12/09 21:28:24 | 001,226,608 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/12/08 23:15:44 | 000,063,360 | ---- | M] (DivX, LLC) -- C:\Program Files (x86)\DivX\DivX Plus Web Player\DDMService.exe
PRC - [2010/10/27 20:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/06/30 06:12:16 | 003,365,176 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2010/02/26 02:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\ccsvchst.exe
PRC - [2009/12/01 02:20:00 | 000,204,648 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
PRC - [2009/12/01 02:20:00 | 000,112,488 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
PRC - [2009/11/09 05:17:50 | 000,180,224 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
PRC - [2009/10/24 10:18:54 | 000,360,224 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
PRC - [2009/10/24 10:18:52 | 000,597,792 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
PRC - [2009/10/13 21:25:54 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/10/13 21:25:30 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/10/05 20:57:46 | 000,016,384 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\CCP.exe
PRC - [2009/10/05 20:42:48 | 000,161,080 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWi.exe
PRC - [2009/10/05 20:42:48 | 000,033,792 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\PowerManager.exe
PRC - [2009/10/05 20:42:46 | 000,017,920 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\ThirdPartyAppMgr.exe
PRC - [2009/09/15 02:24:08 | 000,206,336 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
PRC - [2009/09/15 01:53:48 | 000,642,416 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
PRC - [2009/08/27 02:24:00 | 000,320,880 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
PRC - [2009/07/23 22:41:46 | 000,401,408 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\Magic-i Visual Effects.exe
PRC - [2005/08/31 23:32:38 | 000,106,496 | ---- | M] (ABBYY (BIT Software)) -- C:\Program Files (x86)\ABBYY Lingvo 11 Six Languages\LvAgent.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011/05/08 10:30:40 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Mila\Downloads\OTL.exe
MOD - [2011/04/18 19:25:09 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\snxhk.dll
MOD - [2010/08/21 07:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011/04/18 19:25:10 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2010/05/25 08:45:38 | 000,119,632 | ---- | M] (Devguru Co., Ltd.) [Auto | Running] -- C:\Windows\SysNative\dgdersvc.exe -- (dgdersvc)
SRV:64bit: - [2009/12/01 02:51:18 | 000,571,248 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management)
SRV:64bit: - [2009/10/30 16:50:40 | 001,165,680 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Update 5\VUAgent.exe -- (VUAgent)
SRV:64bit: - [2009/09/17 06:28:42 | 000,167,424 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Care\collsvc.exe -- (SampleCollector)
SRV:64bit: - [2009/09/16 20:27:12 | 000,480,624 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV:64bit: - [2009/09/09 01:09:20 | 000,110,960 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe -- (VcmXmlIfHelper)
SRV:64bit: - [2009/09/04 23:35:12 | 000,873,248 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2009/09/02 04:42:00 | 000,361,840 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe -- (VcmINSMgr)
SRV:64bit: - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/03/28 16:15:04 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/03/28 16:14:56 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/05/25 08:44:30 | 000,095,568 | ---- | M] (Devguru Co., Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\dgdersvc.exe -- (dgdersvc)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/02/26 02:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe -- (NIS)
SRV - [2009/12/04 21:26:00 | 000,427,304 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe -- (SOHDms)
SRV - [2009/12/04 21:26:00 | 000,091,432 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe -- (SOHPlMgr)
SRV - [2009/12/04 21:26:00 | 000,075,048 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe -- (SOHDs)
SRV - [2009/12/04 21:26:00 | 000,070,952 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe -- (SOHDBSvr)
SRV - [2009/12/04 21:25:58 | 000,120,104 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe -- (SOHCImp)
SRV - [2009/12/01 02:20:00 | 000,204,648 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2009/10/24 10:18:54 | 000,360,224 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2009/10/13 21:25:30 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2009/09/15 02:24:08 | 000,206,336 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2009/09/15 02:24:08 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2009/09/15 01:53:48 | 000,642,416 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)
SRV - [2009/08/31 08:59:30 | 000,362,992 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe -- (Roxio Upnp Server 10)
SRV - [2009/08/31 08:59:18 | 000,313,840 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe -- (Roxio UPnP Renderer 10)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/09/18 17:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)
SRV - [2003/04/18 19:06:26 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\srvany.exe -- (KMService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011/04/18 19:13:13 | 000,064,344 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2011/04/01 17:07:25 | 000,116,568 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011/04/01 17:07:25 | 000,083,120 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011/03/11 08:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 08:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/18 17:36:58 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/09/12 11:42:31 | 000,173,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2010/07/12 20:36:10 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/05/25 08:45:52 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TFsExDisk.sys -- (TFsExDisk)
DRV:64bit: - [2010/05/25 08:45:38 | 000,020,568 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dgderdrv.sys -- (dgderdrv)
DRV:64bit: - [2010/05/06 06:01:59 | 000,451,120 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1108000.005\symtdiv.sys -- (SYMTDIv)
DRV:64bit: - [2010/04/29 07:03:51 | 000,150,064 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1108000.005\ironx64.sys -- (SymIRON)
DRV:64bit: - [2010/04/27 04:25:22 | 000,161,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscemdm.sys -- (sscemdm)
DRV:64bit: - [2010/04/27 04:25:22 | 000,127,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscebus.sys -- (sscebus) SAMSUNG USB Composite Device V2 driver (WDM)
DRV:64bit: - [2010/04/27 04:25:22 | 000,018,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscemdfl.sys -- (sscemdfl)
DRV:64bit: - [2010/04/22 05:02:20 | 000,221,232 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1108000.005\symefa64.sys -- (SymEFA)
DRV:64bit: - [2010/04/22 04:29:51 | 000,505,392 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1108000.005\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2010/04/22 04:29:51 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1108000.005\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2010/02/26 02:22:52 | 000,615,040 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1108000.005\cchpx64.sys -- (ccHP)
DRV:64bit: - [2009/11/18 22:07:14 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009/11/18 22:07:13 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009/11/18 22:07:13 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009/11/18 22:07:12 | 000,052,264 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)
DRV:64bit: - [2009/11/18 22:06:44 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2009/11/12 22:16:19 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/11/12 22:06:44 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/11/12 22:05:01 | 000,084,512 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2009/11/11 22:05:13 | 000,292,400 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/11/06 22:27:30 | 000,093,696 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimssne64.sys -- (rimspci)
DRV:64bit: - [2009/10/27 22:06:59 | 000,151,040 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/10/13 21:16:40 | 000,409,624 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/09/15 22:09:08 | 000,075,776 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdsne64.sys -- (risdsnpe)
DRV:64bit: - [2009/08/30 02:17:18 | 000,433,200 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1108000.005\symds64.sys -- (SymDS)
DRV:64bit: - [2009/08/19 22:09:21 | 000,011,392 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 01:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/06/10 22:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/26 21:32:04 | 000,019,968 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2010/09/29 20:26:36 | 001,804,336 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20101013.002\EX64.SYS -- (NAVEX15)
DRV - [2010/09/29 20:26:36 | 000,117,808 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20101013.002\ENG64.SYS -- (NAVENG)
DRV - [2010/09/16 21:15:52 | 000,475,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2010/09/16 21:15:52 | 000,132,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/09/15 20:02:19 | 000,476,720 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20101012.001\IDSviA64.sys -- (IDSVia64)
DRV - [2010/09/01 21:39:20 | 000,954,928 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20101001.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2010/05/25 08:45:52 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk)
DRV - [2010/05/25 08:44:30 | 000,018,136 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\dgderdrv.sys -- (dgderdrv)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
IE - HKLM\..\URLSearchHook: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Program Files (x86)\uTorrentBar_DE\tbuTor.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.sonystyle.ca/vaio [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.sonystyle.ca/vaio [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
IE - HKCU\..\URLSearchHook: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Program Files (x86)\uTorrentBar_DE\tbuTor.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
FF - prefs.js..extensions.enabledItems: {c840e246-6b95-475e-9bd7-caa1c7eca9f2}:3.2.5.2
FF - prefs.js..extensions.enabledItems: {35B5AB1F-1397-41A8-9987-7EDA02F90AD8}:1.9.1
FF - prefs.js..extensions.enabledItems: wrc@avast.com:20110101
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\ [2010/09/17 11:11:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\ [2010/09/17 03:29:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2010/12/25 01:58:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2010/12/25 01:58:49 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/05/01 14:53:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/05/04 02:34:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/05/04 02:34:16 | 000,000,000 | ---D | M]
 
[2010/09/16 11:11:31 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Mila\AppData\Roaming\Mozilla\Extensions
[2011/05/08 09:30:23 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Mila\AppData\Roaming\Mozilla\Firefox\Profiles\0xxsjm2o.default\extensions
[2011/01/05 05:52:52 | 000,000,000 | -H-D | M] (uTorrentBar_DE Community Toolbar) -- C:\Users\Mila\AppData\Roaming\Mozilla\Firefox\Profiles\0xxsjm2o.default\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}
[2011/01/05 05:52:52 | 000,000,000 | -H-D | M] (Conduit Engine) -- C:\Users\Mila\AppData\Roaming\Mozilla\Firefox\Profiles\0xxsjm2o.default\extensions\engine@conduit.com
[2010/09/16 21:13:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/09/16 21:13:15 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/12/25 01:58:48 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\HTML5VIDEO
[2010/12/25 01:58:49 | 000,000,000 | ---D | M] (DivX HiQ) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\WPA
[2011/05/01 14:53:36 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2010/09/17 03:29:01 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\COFFPLGN
[2010/09/17 11:11:36 | 000,000,000 | ---D | M] (Norton IPS) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPLGN
[2011/04/11 01:47:27 | 000,000,000 | -H-D | M] (XULRunner) -- C:\USERS\MILA\APPDATA\LOCAL\{35B5AB1F-1397-41A8-9987-7EDA02F90AD8}
[2011/03/21 18:19:48 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2011/03/21 18:19:48 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-de.xml
[2011/03/21 18:19:48 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2011/03/21 18:19:48 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2011/03/21 18:19:48 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg64.dll (Google Inc.)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\ipsbho.dll (Symantec Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O2 - BHO: (uTorrentBar_DE Toolbar) - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Program Files (x86)\uTorrentBar_DE\tbuTor.dll (Conduit Ltd.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (uTorrentBar_DE Toolbar) - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Program Files (x86)\uTorrentBar_DE\tbuTor.dll (Conduit Ltd.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (uTorrentBar_DE Toolbar) - {C840E246-6B95-475E-9BD7-CAA1C7ECA9F2} - C:\Program Files (x86)\uTorrentBar_DE\tbuTor.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DivX Download Manager] C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [Lingvo Launcher] C:\Program Files (x86)\ABBYY Lingvo 11 Six Languages\Lvagent.exe (ABBYY (BIT Software))
O4 - HKLM..\Run: [LingvoTraining] C:\Program Files (x86)\ABBYY Lingvo 11 Six Languages\Tutor.exe (ABBYY (BIT Software))
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [SmartWiHelper] C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe (Sony Electronics Corporation)
O4 - HKCU..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKCU..\Run: [PID] C:\Users\Mila\AppData\Local\Temp\mmc93.exe (goefxtjowji)
O4 - HKCU..\Run: [scrss]  File not found
O4 - HKCU..\Run: [Uqunelehefonuloh] C:\Users\Mila\AppData\Local\ezayekitenimiq.dll (Alps Electric Co., Ltd.)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O8:64bit: - Extra context menu item: Translate with ABBYY &Lingvo - C:\Program Files (x86)\ABBYY Lingvo 11 Six Languages\Lingvo.exe (ABBYY (BIT Software))
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O8 - Extra context menu item: Translate with ABBYY &Lingvo - C:\Program Files (x86)\ABBYY Lingvo 11 Six Languages\Lingvo.exe (ABBYY (BIT Software))
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O9 - Extra 'Tools' menuitem : Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\Windows\SysWow64\VESWinlogon.dll (Sony Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{29dd1e33-52da-11e0-a30e-544249126ee4}\Shell - "" = AutoRun
O33 - MountPoints2\{29dd1e33-52da-11e0-a30e-544249126ee4}\Shell\AutoRun\command - "" = D:\VTP_Manager.exe
O33 - MountPoints2\{4d9cf080-be83-11df-a594-544249126ee4}\Shell - "" = AutoRun
O33 - MountPoints2\{4d9cf080-be83-11df-a594-544249126ee4}\Shell\AutoRun\command - "" = "D:\WD SmartWare.exe" autoplay=true
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
 
 
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011/05/08 09:24:24 | 000,000,000 | ---D | C] -- C:\Users\Mila\AppData\Roaming\Malwarebytes
[2011/05/08 09:24:17 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/05/08 09:24:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/05/08 09:24:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/05/08 09:24:12 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/05/08 09:24:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/05/01 14:54:17 | 000,287,064 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2011/05/01 14:54:17 | 000,022,360 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2011/05/01 14:54:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2011/05/01 14:54:11 | 000,031,064 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2011/05/01 14:54:08 | 000,053,592 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2011/05/01 14:54:07 | 000,600,920 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2011/05/01 14:54:01 | 000,253,888 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2011/05/01 14:54:01 | 000,064,344 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2011/05/01 14:53:26 | 000,040,112 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/05/01 14:53:24 | 000,199,304 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2011/05/01 14:53:17 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2011/05/01 14:53:17 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/05/01 14:36:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011/05/01 14:36:31 | 000,116,568 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2011/05/01 14:36:31 | 000,083,120 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2011/05/01 14:36:31 | 000,000,000 | -H-D | C] -- C:\ProgramData\Avira
[2011/05/01 14:36:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2011/05/01 05:19:00 | 000,000,000 | -H-D | C] -- C:\Users\Mila\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Recovery
[2011/04/11 01:47:27 | 000,000,000 | -H-D | C] -- C:\Users\Mila\AppData\Local\{35B5AB1F-1397-41A8-9987-7EDA02F90AD8}
[2009/07/14 01:24:58 | 000,274,432 | -H-- | C] (Alps Electric Co., Ltd.) -- C:\Users\Mila\AppData\Local\ezayekitenimiq.dll
[1 C:\Users\Mila\Desktop\*.tmp files -> C:\Users\Mila\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011/05/08 09:47:02 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/08 09:24:17 | 000,001,133 | ---- | M] () -- C:\Users\Mila\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/05/08 09:24:17 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/08 08:54:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/07 18:47:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/07 15:41:00 | 000,000,496 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Mila.job
[2011/05/06 16:29:03 | 000,000,120 | -H-- | M] () -- C:\Users\Mila\AppData\Local\Msahihikilugoqor.dat
[2011/05/06 16:29:03 | 000,000,000 | -H-- | M] () -- C:\Users\Mila\AppData\Local\Exakabivebax.bin
[2011/05/06 01:13:09 | 000,019,808 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/06 01:13:09 | 000,019,808 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/02 10:00:00 | 3156,807,680 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/01 14:54:17 | 000,001,841 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/05/01 14:54:01 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2011/05/01 05:19:01 | 000,000,631 | -H-- | M] () -- C:\Users\Mila\Desktop\Windows Recovery.lnk
[2011/05/01 05:19:01 | 000,000,160 | -H-- | M] () -- C:\ProgramData\~47767304r
[2011/05/01 05:19:01 | 000,000,136 | -H-- | M] () -- C:\ProgramData\~47767304
[2011/05/01 05:18:57 | 000,000,344 | -H-- | M] () -- C:\ProgramData\47767304
[2011/04/27 20:17:25 | 000,009,498 | -H-- | M] () -- C:\Users\Mila\Desktop\2011-04-27_20.16_1898019_Kontoauszug_Nr._3.pdf
[2011/04/26 20:51:29 | 000,227,609 | -H-- | M] () -- C:\Users\Mila\Desktop\Tina.jpg
[2011/04/18 19:25:12 | 000,040,112 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/04/18 19:25:10 | 000,199,304 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2011/04/18 19:25:00 | 000,253,888 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2011/04/18 19:18:01 | 000,287,064 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2011/04/18 19:17:59 | 000,600,920 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2011/04/18 19:16:23 | 000,053,592 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2011/04/18 19:13:24 | 000,031,064 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2011/04/18 19:13:13 | 000,064,344 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2011/04/18 19:13:01 | 000,022,360 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2011/04/17 21:07:29 | 000,445,114 | -H-- | M] () -- C:\Users\Mila\Desktop\plasch.bmp
[2011/04/17 04:23:45 | 000,068,637 | ---- | M] () -- C:\test.xml
[2011/04/16 09:19:03 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/04/16 09:19:03 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/04/16 09:19:03 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/04/16 09:14:33 | 000,452,888 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[1 C:\Users\Mila\Desktop\*.tmp files -> C:\Users\Mila\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011/05/08 09:24:17 | 000,001,133 | ---- | C] () -- C:\Users\Mila\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/05/08 09:24:17 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/01 14:54:17 | 000,001,841 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/05/01 14:54:01 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2011/05/01 05:19:01 | 000,000,160 | -H-- | C] () -- C:\ProgramData\~47767304r
[2011/05/01 05:19:01 | 000,000,136 | -H-- | C] () -- C:\ProgramData\~47767304
[2011/05/01 05:19:00 | 000,000,631 | -H-- | C] () -- C:\Users\Mila\Desktop\Windows Recovery.lnk
[2011/05/01 05:18:57 | 000,000,344 | -H-- | C] () -- C:\ProgramData\47767304
[2011/04/27 20:17:25 | 000,009,498 | -H-- | C] () -- C:\Users\Mila\Desktop\2011-04-27_20.16_1898019_Kontoauszug_Nr._3.pdf
[2011/04/26 20:51:29 | 000,227,609 | -H-- | C] () -- C:\Users\Mila\Desktop\Tina.jpg
[2011/04/26 18:42:13 | 001,728,063 | -H-- | C] () -- C:\Users\Mila\Desktop\CIMG0870.JPG
[2011/04/26 13:48:11 | 001,729,095 | -H-- | C] () -- C:\Users\Mila\Desktop\CIMG0212.JPG
[2011/04/17 21:07:29 | 000,445,114 | -H-- | C] () -- C:\Users\Mila\Desktop\plasch.bmp
[2011/04/11 01:47:28 | 000,000,120 | -H-- | C] () -- C:\Users\Mila\AppData\Local\Msahihikilugoqor.dat
[2011/04/11 01:47:28 | 000,000,000 | -H-- | C] () -- C:\Users\Mila\AppData\Local\Exakabivebax.bin
[2011/01/29 18:00:22 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2011/01/29 18:00:22 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2011/01/29 18:00:22 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2011/01/29 18:00:22 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2010/10/05 18:14:05 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/09/13 13:54:34 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe
[2009/07/14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
 
========== LOP Check ==========
 
[2010/10/14 10:12:29 | 000,000,000 | -H-D | M] -- C:\Users\Mila\AppData\Roaming\Auslogics
[2011/02/27 20:49:58 | 000,000,000 | -H-D | M] -- C:\Users\Mila\AppData\Roaming\Canneverbe Limited
[2010/12/25 01:58:50 | 000,000,000 | -H-D | M] -- C:\Users\Mila\AppData\Roaming\Local
[2011/03/27 16:39:48 | 000,000,000 | -H-D | M] -- C:\Users\Mila\AppData\Roaming\Samsung
[2010/09/29 13:55:13 | 000,000,000 | -H-D | M] -- C:\Users\Mila\AppData\Roaming\Tific
[2011/05/03 14:47:05 | 000,000,000 | -H-D | M] -- C:\Users\Mila\AppData\Roaming\uTorrent
[2011/03/22 23:53:52 | 000,032,646 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2010/09/29 20:16:29 | 000,000,000 | -H-D | M] -- C:\Users\Mila\AppData\Roaming\ABBYY
[2011/04/27 20:32:19 | 000,000,000 | -H-D | M] -- C:\Users\Mila\AppData\Roaming\Adobe
[2011/03/14 03:28:54 | 000,000,000 | -H-D | M] -- C:\Users\Mila\AppData\Roaming\Apple Computer
[2010/10/06 14:56:10 | 000,000,000 | -H-D | M] -- C:\Users\Mila\AppData\Roaming\ArcSoft
[2010/10/14 10:12:29 | 000,000,000 | -H-D | M] -- C:\Users\Mila\AppData\Roaming\Auslogics
[2011/02/27 20:49:58 | 000,000,000 | -H-D | M] -- C:\Users\Mila\AppData\Roaming\Canneverbe Limited
[2010/12/25 14:39:55 | 000,000,000 | -H-D | M] -- C:\Users\Mila\AppData\Roaming\DivX
[2010/09/16 11:09:36 | 000,000,000 | -H-D | M] -- C:\Users\Mila\AppData\Roaming\Google
[2010/09/12 11:42:00 | 000,000,000 | -H-D | M] -- C:\Users\Mila\AppData\Roaming\Identities
[2010/12/25 01:58:50 | 000,000,000 | -H-D | M] -- C:\Users\Mila\AppData\Roaming\Local
[2010/09/16 11:09:50 | 000,000,000 | -H-D | M] -- C:\Users\Mila\AppData\Roaming\Macromedia
[2011/05/08 09:24:24 | 000,000,000 | ---D | M] -- C:\Users\Mila\AppData\Roaming\Malwarebytes
[2009/11/20 02:27:16 | 000,000,000 | -H-D | M] -- C:\Users\Mila\AppData\Roaming\Media Center Programs
[2011/04/27 20:32:19 | 000,000,000 | --SD | M] -- C:\Users\Mila\AppData\Roaming\Microsoft
[2010/09/16 11:11:31 | 000,000,000 | -H-D | M] -- C:\Users\Mila\AppData\Roaming\Mozilla
[2010/09/12 16:37:08 | 000,000,000 | -H-D | M] -- C:\Users\Mila\AppData\Roaming\Roxio
[2011/03/27 16:39:48 | 000,000,000 | -H-D | M] -- C:\Users\Mila\AppData\Roaming\Samsung
[2011/05/08 09:22:21 | 000,000,000 | -H-D | M] -- C:\Users\Mila\AppData\Roaming\Skype
[2011/05/08 08:54:21 | 000,000,000 | -H-D | M] -- C:\Users\Mila\AppData\Roaming\skypePM
[2010/09/12 11:41:06 | 000,000,000 | -H-D | M] -- C:\Users\Mila\AppData\Roaming\Sony Corporation
[2010/09/29 13:55:13 | 000,000,000 | -H-D | M] -- C:\Users\Mila\AppData\Roaming\Tific
[2011/05/03 14:47:05 | 000,000,000 | -H-D | M] -- C:\Users\Mila\AppData\Roaming\uTorrent
[2011/03/11 02:11:49 | 000,000,000 | -H-D | M] -- C:\Users\Mila\AppData\Roaming\vlc
[2010/12/29 04:47:08 | 000,000,000 | -H-D | M] -- C:\Users\Mila\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2011/04/11 16:35:49 | 000,000,523 | -H-- | M] () -- C:\Users\Mila\AppData\Roaming\Adobe\plugs\mmc44.exe
[2011/04/11 01:46:13 | 000,000,000 | -H-- | M] () -- C:\Users\Mila\AppData\Roaming\Adobe\plugs\mmc93.exe
[2011/01/31 03:01:42 | 087,340,080 | -H-- | M] (Samsung Electronics Co., Ltd.                                ) -- C:\Users\Mila\AppData\Roaming\Microsoft\Windows\Templates\SamsungKiesSetup.exe
[2011/01/27 15:43:34 | 000,266,552 | -H-- | M] (ml) -- C:\Users\Mila\AppData\Roaming\Samsung\Kies\UpdateTemp\MCS.Thunder.Update.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009/07/14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2009/10/13 21:09:36 | 000,331,288 | ---- | M] (Intel Corporation) MD5=0BAA4115DFFFD6A6D809A89D65E1281A -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2009/10/13 21:16:40 | 000,409,624 | ---- | M] (Intel Corporation) MD5=BE7D72FCF442C26975942007E0831241 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2009/10/13 21:16:40 | 000,409,624 | ---- | M] (Intel Corporation) MD5=BE7D72FCF442C26975942007E0831241 -- C:\Windows\SysNative\drivers\iaStor.sys
[2009/10/13 21:16:40 | 000,409,624 | ---- | M] (Intel Corporation) MD5=BE7D72FCF442C26975942007E0831241 -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_6fca727099cdabf1\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2011/03/11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011/03/11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011/03/11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011/03/11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0033117673c16921\iaStorV.sys
[2011/03/11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011/03/11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009/07/14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009/07/14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\SysNative\netlogon.dll
[2009/07/14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009/07/14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011/03/11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\drivers\nvstor.sys
[2011/03/11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_38e464dbe521cc7f\nvstor.sys
[2011/03/11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011/03/11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011/03/11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011/03/11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\SysNative\scecli.dll
[2009/07/14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009/07/14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\SysNative\user32.dll
[2009/07/14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009/07/14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll
[2009/07/14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009/07/14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009/07/14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009/07/14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009/07/14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2009/10/28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009/07/14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009/07/14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
<          >
 
========== Files - Unicode (All) ==========
[2011/04/06 13:33:40 | 000,034,661 | -H-- | M] ()(C:\Users\Mila\Desktop\???????.docx) -- C:\Users\Mila\Desktop\покупки.docx
[2010/10/12 21:32:18 | 000,034,661 | -H-- | C] ()(C:\Users\Mila\Desktop\???????.docx) -- C:\Users\Mila\Desktop\покупки.docx

< End of report >
--- --- ---

cosinus 08.05.2011 13:55
Zitat:
-> No action taken.
Wieso hast du die Funde nicht entfernt?

squama 08.05.2011 17:56
Sorry! Ich hab jetzt nochmal einen Vollscan gemacht und die Funde entfernt.

Hier ist die Logdatei:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6532

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

08.05.2011 18:54:20
mbam-log-2011-05-08 (18-54-20).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|F:\|G:\|)
Durchsuchte Objekte: 293018
Laufzeit: 48 Minute(n), 5 Sekunde(n)

Infizierte Speicherprozesse: 1
Infizierte Speichermodule: 1
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 2
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 1
Infizierte Dateien: 7

Infizierte Speicherprozesse:
c:\Users\Mila\AppData\Local\Temp\mmc93.exe (Heuristics.Shuriken) -> 2252 -> Unloaded process successfully.

Infizierte Speichermodule:
c:\Users\Mila\AppData\Local\ezayekitenimiq.dll (Trojan.Hiloti) -> Delete on reboot.

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Uqunelehefonuloh (Trojan.Hiloti) -> Value: Uqunelehefonuloh -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\PID (Heuristics.Shuriken) -> Value: PID -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
c:\Users\Mila\AppData\Roaming\microsoft\Windows\start menu\Programs\windows recovery (Trojan.FakeAV) -> Quarantined and deleted successfully.

Infizierte Dateien:
c:\Users\Mila\AppData\Local\ezayekitenimiq.dll (Trojan.Hiloti) -> Quarantined and deleted successfully.
c:\Users\Mila\AppData\Local\Temp\mmc93.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
c:\Users\Mila\Desktop\windows recovery.lnk (Trojan.FakeAV) -> Quarantined and deleted successfully.
c:\Users\Mila\AppData\Roaming\microsoft\Windows\start menu\Programs\windows recovery\uninstall windows recovery.lnk (Trojan.FakeAV) -> Quarantined and deleted successfully.
c:\Users\Mila\AppData\Roaming\microsoft\Windows\start menu\Programs\windows recovery\windows recovery.lnk (Trojan.FakeAV) -> Quarantined and deleted successfully.
c:\Users\Mila\AppData\Roaming\Adobe\plugs\mmc44.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Mila\AppData\Roaming\Adobe\plugs\mmc93.exe (Trojan.Agent) -> Quarantined and deleted successfully.

squama 08.05.2011 18:35
Und hier ist der neue OTL-Scan:OTL Logfile:
Code:
OTL logfile created on: 08/05/2011 7:11:05 PM - Run 2
OTL by OldTimer - Version 3.2.22.3    Folder = C:\Users\Mila\Downloads
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00001009 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
 
4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 66.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 457.34 Gb Total Space | 332.89 Gb Free Space | 72.79% Space Free | Partition Type: NTFS
 
Computer Name: MILA-VAIO | User Name: Mila | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011/05/08 19:07:39 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Mila\Downloads\OTL(3).exe
PRC - [2011/04/18 19:25:12 | 003,460,784 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/04/18 19:25:10 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/03/28 16:15:04 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011/03/28 16:14:56 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011/03/28 16:14:56 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/12/09 21:28:24 | 001,226,608 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/12/08 23:15:44 | 000,063,360 | ---- | M] (DivX, LLC) -- C:\Program Files (x86)\DivX\DivX Plus Web Player\DDMService.exe
PRC - [2010/06/30 06:12:16 | 003,365,176 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
PRC - [2010/02/26 02:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\ccsvchst.exe
PRC - [2009/12/01 02:20:00 | 000,204,648 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
PRC - [2009/12/01 02:20:00 | 000,112,488 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
PRC - [2009/11/09 05:17:50 | 000,180,224 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
PRC - [2009/10/24 10:18:54 | 000,360,224 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
PRC - [2009/10/24 10:18:52 | 000,597,792 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
PRC - [2009/10/13 21:25:54 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/10/13 21:25:30 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/10/05 20:57:46 | 000,016,384 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\CCP.exe
PRC - [2009/10/05 20:42:48 | 000,161,080 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWi.exe
PRC - [2009/10/05 20:42:48 | 000,033,792 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\PowerManager.exe
PRC - [2009/10/05 20:42:46 | 000,017,920 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\ThirdPartyAppMgr.exe
PRC - [2009/09/15 02:24:08 | 000,206,336 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
PRC - [2009/09/15 01:53:48 | 000,642,416 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
PRC - [2009/08/27 02:24:00 | 000,320,880 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
PRC - [2008/09/18 17:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
PRC - [2005/08/31 23:32:38 | 000,106,496 | ---- | M] (ABBYY (BIT Software)) -- C:\Program Files (x86)\ABBYY Lingvo 11 Six Languages\LvAgent.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011/05/08 19:07:39 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Mila\Downloads\OTL(3).exe
MOD - [2011/04/18 19:25:09 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\snxhk.dll
MOD - [2010/08/21 07:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011/04/18 19:25:10 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2010/05/25 08:45:38 | 000,119,632 | ---- | M] (Devguru Co., Ltd.) [Auto | Running] -- C:\Windows\SysNative\dgdersvc.exe -- (dgdersvc)
SRV:64bit: - [2009/12/01 02:51:18 | 000,571,248 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management)
SRV:64bit: - [2009/10/30 16:50:40 | 001,165,680 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Update 5\VUAgent.exe -- (VUAgent)
SRV:64bit: - [2009/09/17 06:28:42 | 000,167,424 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Care\collsvc.exe -- (SampleCollector)
SRV:64bit: - [2009/09/16 20:27:12 | 000,480,624 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV:64bit: - [2009/09/09 01:09:20 | 000,110,960 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe -- (VcmXmlIfHelper)
SRV:64bit: - [2009/09/04 23:35:12 | 000,873,248 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2009/09/02 04:42:00 | 000,361,840 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe -- (VcmINSMgr)
SRV:64bit: - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/03/28 16:15:04 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/03/28 16:14:56 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/05/25 08:44:30 | 000,095,568 | ---- | M] (Devguru Co., Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\dgdersvc.exe -- (dgdersvc)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/02/26 02:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe -- (NIS)
SRV - [2009/12/04 21:26:00 | 000,427,304 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe -- (SOHDms)
SRV - [2009/12/04 21:26:00 | 000,091,432 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe -- (SOHPlMgr)
SRV - [2009/12/04 21:26:00 | 000,075,048 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe -- (SOHDs)
SRV - [2009/12/04 21:26:00 | 000,070,952 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe -- (SOHDBSvr)
SRV - [2009/12/04 21:25:58 | 000,120,104 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe -- (SOHCImp)
SRV - [2009/12/01 02:20:00 | 000,204,648 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2009/10/24 10:18:54 | 000,360,224 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2009/10/13 21:25:30 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2009/09/15 02:24:08 | 000,206,336 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2009/09/15 02:24:08 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2009/09/15 01:53:48 | 000,642,416 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)
SRV - [2009/08/31 08:59:30 | 000,362,992 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe -- (Roxio Upnp Server 10)
SRV - [2009/08/31 08:59:18 | 000,313,840 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe -- (Roxio UPnP Renderer 10)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/09/18 17:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)
SRV - [2003/04/18 19:06:26 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\srvany.exe -- (KMService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011/04/18 19:13:13 | 000,064,344 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2011/04/01 17:07:25 | 000,116,568 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011/04/01 17:07:25 | 000,083,120 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011/03/11 08:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 08:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/18 17:36:58 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/09/12 11:42:31 | 000,173,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2010/07/12 20:36:10 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/05/25 08:45:52 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TFsExDisk.sys -- (TFsExDisk)
DRV:64bit: - [2010/05/25 08:45:38 | 000,020,568 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dgderdrv.sys -- (dgderdrv)
DRV:64bit: - [2010/05/06 06:01:59 | 000,451,120 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1108000.005\symtdiv.sys -- (SYMTDIv)
DRV:64bit: - [2010/04/29 07:03:51 | 000,150,064 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1108000.005\ironx64.sys -- (SymIRON)
DRV:64bit: - [2010/04/27 04:25:22 | 000,161,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscemdm.sys -- (sscemdm)
DRV:64bit: - [2010/04/27 04:25:22 | 000,127,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscebus.sys -- (sscebus) SAMSUNG USB Composite Device V2 driver (WDM)
DRV:64bit: - [2010/04/27 04:25:22 | 000,018,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscemdfl.sys -- (sscemdfl)
DRV:64bit: - [2010/04/22 05:02:20 | 000,221,232 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1108000.005\symefa64.sys -- (SymEFA)
DRV:64bit: - [2010/04/22 04:29:51 | 000,505,392 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1108000.005\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2010/04/22 04:29:51 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1108000.005\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2010/02/26 02:22:52 | 000,615,040 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1108000.005\cchpx64.sys -- (ccHP)
DRV:64bit: - [2009/11/18 22:07:14 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009/11/18 22:07:13 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009/11/18 22:07:13 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009/11/18 22:07:12 | 000,052,264 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)
DRV:64bit: - [2009/11/18 22:06:44 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2009/11/12 22:16:19 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/11/12 22:06:44 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/11/12 22:05:01 | 000,084,512 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2009/11/11 22:05:13 | 000,292,400 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/11/06 22:27:30 | 000,093,696 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimssne64.sys -- (rimspci)
DRV:64bit: - [2009/10/27 22:06:59 | 000,151,040 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/10/13 21:16:40 | 000,409,624 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/09/15 22:09:08 | 000,075,776 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdsne64.sys -- (risdsnpe)
DRV:64bit: - [2009/08/30 02:17:18 | 000,433,200 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1108000.005\symds64.sys -- (SymDS)
DRV:64bit: - [2009/08/19 22:09:21 | 000,011,392 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 01:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/06/10 22:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/26 21:32:04 | 000,019,968 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2010/09/29 20:26:36 | 001,804,336 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20101013.002\EX64.SYS -- (NAVEX15)
DRV - [2010/09/29 20:26:36 | 000,117,808 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20101013.002\ENG64.SYS -- (NAVENG)
DRV - [2010/09/16 21:15:52 | 000,475,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2010/09/16 21:15:52 | 000,132,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/09/15 20:02:19 | 000,476,720 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20101012.001\IDSviA64.sys -- (IDSVia64)
DRV - [2010/09/01 21:39:20 | 000,954,928 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20101001.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2010/05/25 08:45:52 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk)
DRV - [2010/05/25 08:44:30 | 000,018,136 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\dgderdrv.sys -- (dgderdrv)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
IE - HKLM\..\URLSearchHook: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Program Files (x86)\uTorrentBar_DE\tbuTor.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.sonystyle.ca/vaio [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.sonystyle.ca/vaio [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
IE - HKCU\..\URLSearchHook: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Program Files (x86)\uTorrentBar_DE\tbuTor.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
FF - prefs.js..extensions.enabledItems: {c840e246-6b95-475e-9bd7-caa1c7eca9f2}:3.2.5.2
FF - prefs.js..extensions.enabledItems: {35B5AB1F-1397-41A8-9987-7EDA02F90AD8}:1.9.1
FF - prefs.js..extensions.enabledItems: wrc@avast.com:20110101
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\ [2010/09/17 11:11:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\ [2010/09/17 03:29:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2010/12/25 01:58:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2010/12/25 01:58:49 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/05/01 14:53:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/05/04 02:34:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/05/04 02:34:16 | 000,000,000 | ---D | M]
 
[2010/09/16 11:11:31 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Mila\AppData\Roaming\Mozilla\Extensions
[2011/05/08 09:30:23 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Mila\AppData\Roaming\Mozilla\Firefox\Profiles\0xxsjm2o.default\extensions
[2011/01/05 05:52:52 | 000,000,000 | -H-D | M] (uTorrentBar_DE Community Toolbar) -- C:\Users\Mila\AppData\Roaming\Mozilla\Firefox\Profiles\0xxsjm2o.default\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}
[2011/01/05 05:52:52 | 000,000,000 | -H-D | M] (Conduit Engine) -- C:\Users\Mila\AppData\Roaming\Mozilla\Firefox\Profiles\0xxsjm2o.default\extensions\engine@conduit.com
[2010/09/16 21:13:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/09/16 21:13:15 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/12/25 01:58:48 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\HTML5VIDEO
[2010/12/25 01:58:49 | 000,000,000 | ---D | M] (DivX HiQ) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\WPA
[2011/05/01 14:53:36 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2010/09/17 03:29:01 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\COFFPLGN
[2010/09/17 11:11:36 | 000,000,000 | ---D | M] (Norton IPS) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPLGN
[2011/04/11 01:47:27 | 000,000,000 | -H-D | M] (XULRunner) -- C:\USERS\MILA\APPDATA\LOCAL\{35B5AB1F-1397-41A8-9987-7EDA02F90AD8}
[2011/03/21 18:19:48 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2011/03/21 18:19:48 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-de.xml
[2011/03/21 18:19:48 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2011/03/21 18:19:48 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2011/03/21 18:19:48 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg64.dll (Google Inc.)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\ipsbho.dll (Symantec Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O2 - BHO: (uTorrentBar_DE Toolbar) - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Program Files (x86)\uTorrentBar_DE\tbuTor.dll (Conduit Ltd.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (uTorrentBar_DE Toolbar) - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Program Files (x86)\uTorrentBar_DE\tbuTor.dll (Conduit Ltd.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (uTorrentBar_DE Toolbar) - {C840E246-6B95-475E-9BD7-CAA1C7ECA9F2} - C:\Program Files (x86)\uTorrentBar_DE\tbuTor.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DivX Download Manager] C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [Lingvo Launcher] C:\Program Files (x86)\ABBYY Lingvo 11 Six Languages\Lvagent.exe (ABBYY (BIT Software))
O4 - HKLM..\Run: [LingvoTraining] C:\Program Files (x86)\ABBYY Lingvo 11 Six Languages\Tutor.exe (ABBYY (BIT Software))
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [SmartWiHelper] C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe (Sony Electronics Corporation)
O4 - HKCU..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKCU..\Run: [scrss]  File not found
O4 - HKCU..\Run: [Uqunelehefonuloh]  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O8:64bit: - Extra context menu item: Translate with ABBYY &Lingvo - C:\Program Files (x86)\ABBYY Lingvo 11 Six Languages\Lingvo.exe (ABBYY (BIT Software))
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O8 - Extra context menu item: Translate with ABBYY &Lingvo - C:\Program Files (x86)\ABBYY Lingvo 11 Six Languages\Lingvo.exe (ABBYY (BIT Software))
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O9 - Extra 'Tools' menuitem : Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\Windows\SysWow64\VESWinlogon.dll (Sony Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{29dd1e33-52da-11e0-a30e-544249126ee4}\Shell - "" = AutoRun
O33 - MountPoints2\{29dd1e33-52da-11e0-a30e-544249126ee4}\Shell\AutoRun\command - "" = D:\VTP_Manager.exe
O33 - MountPoints2\{4d9cf080-be83-11df-a594-544249126ee4}\Shell - "" = AutoRun
O33 - MountPoints2\{4d9cf080-be83-11df-a594-544249126ee4}\Shell\AutoRun\command - "" = "D:\WD SmartWare.exe" autoplay=true
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
 
 
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011/05/08 09:24:24 | 000,000,000 | ---D | C] -- C:\Users\Mila\AppData\Roaming\Malwarebytes
[2011/05/08 09:24:17 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/05/08 09:24:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/05/08 09:24:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/05/08 09:24:12 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/05/08 09:24:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/05/01 14:54:17 | 000,287,064 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2011/05/01 14:54:17 | 000,022,360 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2011/05/01 14:54:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2011/05/01 14:54:11 | 000,031,064 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2011/05/01 14:54:08 | 000,053,592 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2011/05/01 14:54:07 | 000,600,920 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2011/05/01 14:54:01 | 000,253,888 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2011/05/01 14:54:01 | 000,064,344 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2011/05/01 14:53:26 | 000,040,112 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/05/01 14:53:24 | 000,199,304 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2011/05/01 14:53:17 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2011/05/01 14:53:17 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/05/01 14:36:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011/05/01 14:36:31 | 000,116,568 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2011/05/01 14:36:31 | 000,083,120 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2011/05/01 14:36:31 | 000,000,000 | -H-D | C] -- C:\ProgramData\Avira
[2011/05/01 14:36:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2011/04/11 01:47:27 | 000,000,000 | -H-D | C] -- C:\Users\Mila\AppData\Local\{35B5AB1F-1397-41A8-9987-7EDA02F90AD8}
[1 C:\Users\Mila\Desktop\*.tmp files -> C:\Users\Mila\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011/05/08 19:09:59 | 000,019,808 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/08 19:09:59 | 000,019,808 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/08 19:02:55 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/08 19:02:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/08 19:02:22 | 3156,807,680 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/08 18:47:01 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/08 18:20:10 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/05/08 18:20:10 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/05/08 18:20:10 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/05/08 16:56:38 | 000,000,496 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Mila.job
[2011/05/08 09:24:17 | 000,001,133 | ---- | M] () -- C:\Users\Mila\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/05/08 09:24:17 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/06 16:29:03 | 000,000,120 | -H-- | M] () -- C:\Users\Mila\AppData\Local\Msahihikilugoqor.dat
[2011/05/06 16:29:03 | 000,000,000 | -H-- | M] () -- C:\Users\Mila\AppData\Local\Exakabivebax.bin
[2011/05/01 14:54:17 | 000,001,841 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/05/01 14:54:01 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2011/05/01 05:19:01 | 000,000,160 | -H-- | M] () -- C:\ProgramData\~47767304r
[2011/05/01 05:19:01 | 000,000,136 | -H-- | M] () -- C:\ProgramData\~47767304
[2011/05/01 05:18:57 | 000,000,344 | -H-- | M] () -- C:\ProgramData\47767304
[2011/04/27 20:17:25 | 000,009,498 | -H-- | M] () -- C:\Users\Mila\Desktop\2011-04-27_20.16_1898019_Kontoauszug_Nr._3.pdf
[2011/04/26 20:51:29 | 000,227,609 | -H-- | M] () -- C:\Users\Mila\Desktop\Tina.jpg
[2011/04/18 19:25:12 | 000,040,112 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/04/18 19:25:10 | 000,199,304 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2011/04/18 19:25:00 | 000,253,888 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2011/04/18 19:18:01 | 000,287,064 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2011/04/18 19:17:59 | 000,600,920 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2011/04/18 19:16:23 | 000,053,592 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2011/04/18 19:13:24 | 000,031,064 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2011/04/18 19:13:13 | 000,064,344 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2011/04/18 19:13:01 | 000,022,360 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2011/04/17 21:07:29 | 000,445,114 | -H-- | M] () -- C:\Users\Mila\Desktop\plasch.bmp
[2011/04/17 04:23:45 | 000,068,637 | ---- | M] () -- C:\test.xml
[2011/04/16 09:14:33 | 000,452,888 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[1 C:\Users\Mila\Desktop\*.tmp files -> C:\Users\Mila\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011/05/08 09:24:17 | 000,001,133 | ---- | C] () -- C:\Users\Mila\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/05/08 09:24:17 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/01 14:54:17 | 000,001,841 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/05/01 14:54:01 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2011/05/01 05:19:01 | 000,000,160 | -H-- | C] () -- C:\ProgramData\~47767304r
[2011/05/01 05:19:01 | 000,000,136 | -H-- | C] () -- C:\ProgramData\~47767304
[2011/05/01 05:18:57 | 000,000,344 | -H-- | C] () -- C:\ProgramData\47767304
[2011/04/27 20:17:25 | 000,009,498 | -H-- | C] () -- C:\Users\Mila\Desktop\2011-04-27_20.16_1898019_Kontoauszug_Nr._3.pdf
[2011/04/26 20:51:29 | 000,227,609 | -H-- | C] () -- C:\Users\Mila\Desktop\Tina.jpg
[2011/04/26 18:42:13 | 001,728,063 | -H-- | C] () -- C:\Users\Mila\Desktop\CIMG0870.JPG
[2011/04/26 13:48:11 | 001,729,095 | -H-- | C] () -- C:\Users\Mila\Desktop\CIMG0212.JPG
[2011/04/17 21:07:29 | 000,445,114 | -H-- | C] () -- C:\Users\Mila\Desktop\plasch.bmp
[2011/04/11 01:47:28 | 000,000,120 | -H-- | C] () -- C:\Users\Mila\AppData\Local\Msahihikilugoqor.dat
[2011/04/11 01:47:28 | 000,000,000 | -H-- | C] () -- C:\Users\Mila\AppData\Local\Exakabivebax.bin
[2011/01/29 18:00:22 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2011/01/29 18:00:22 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2011/01/29 18:00:22 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2011/01/29 18:00:22 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2010/10/05 18:14:05 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/09/13 13:54:34 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe
[2009/07/14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
 
========== LOP Check ==========
 
[2010/10/14 10:12:29 | 000,000,000 | -H-D | M] -- C:\Users\Mila\AppData\Roaming\Auslogics
[2011/02/27 20:49:58 | 000,000,000 | -H-D | M] -- C:\Users\Mila\AppData\Roaming\Canneverbe Limited
[2010/12/25 01:58:50 | 000,000,000 | -H-D | M] -- C:\Users\Mila\AppData\Roaming\Local
[2011/03/27 16:39:48 | 000,000,000 | -H-D | M] -- C:\Users\Mila\AppData\Roaming\Samsung
[2010/09/29 13:55:13 | 000,000,000 | -H-D | M] -- C:\Users\Mila\AppData\Roaming\Tific
[2011/05/03 14:47:05 | 000,000,000 | -H-D | M] -- C:\Users\Mila\AppData\Roaming\uTorrent
[2011/03/22 23:53:52 | 000,032,646 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2010/09/29 20:16:29 | 000,000,000 | -H-D | M] -- C:\Users\Mila\AppData\Roaming\ABBYY
[2011/04/27 20:32:19 | 000,000,000 | -H-D | M] -- C:\Users\Mila\AppData\Roaming\Adobe
[2011/03/14 03:28:54 | 000,000,000 | -H-D | M] -- C:\Users\Mila\AppData\Roaming\Apple Computer
[2010/10/06 14:56:10 | 000,000,000 | -H-D | M] -- C:\Users\Mila\AppData\Roaming\ArcSoft
[2010/10/14 10:12:29 | 000,000,000 | -H-D | M] -- C:\Users\Mila\AppData\Roaming\Auslogics
[2011/02/27 20:49:58 | 000,000,000 | -H-D | M] -- C:\Users\Mila\AppData\Roaming\Canneverbe Limited
[2010/12/25 14:39:55 | 000,000,000 | -H-D | M] -- C:\Users\Mila\AppData\Roaming\DivX
[2010/09/16 11:09:36 | 000,000,000 | -H-D | M] -- C:\Users\Mila\AppData\Roaming\Google
[2010/09/12 11:42:00 | 000,000,000 | -H-D | M] -- C:\Users\Mila\AppData\Roaming\Identities
[2010/12/25 01:58:50 | 000,000,000 | -H-D | M] -- C:\Users\Mila\AppData\Roaming\Local
[2010/09/16 11:09:50 | 000,000,000 | -H-D | M] -- C:\Users\Mila\AppData\Roaming\Macromedia
[2011/05/08 09:24:24 | 000,000,000 | ---D | M] -- C:\Users\Mila\AppData\Roaming\Malwarebytes
[2009/11/20 02:27:16 | 000,000,000 | -H-D | M] -- C:\Users\Mila\AppData\Roaming\Media Center Programs
[2011/04/27 20:32:19 | 000,000,000 | --SD | M] -- C:\Users\Mila\AppData\Roaming\Microsoft
[2010/09/16 11:11:31 | 000,000,000 | -H-D | M] -- C:\Users\Mila\AppData\Roaming\Mozilla
[2010/09/12 16:37:08 | 000,000,000 | -H-D | M] -- C:\Users\Mila\AppData\Roaming\Roxio
[2011/03/27 16:39:48 | 000,000,000 | -H-D | M] -- C:\Users\Mila\AppData\Roaming\Samsung
[2011/05/08 19:06:10 | 000,000,000 | -H-D | M] -- C:\Users\Mila\AppData\Roaming\Skype
[2011/05/08 19:03:24 | 000,000,000 | -H-D | M] -- C:\Users\Mila\AppData\Roaming\skypePM
[2010/09/12 11:41:06 | 000,000,000 | -H-D | M] -- C:\Users\Mila\AppData\Roaming\Sony Corporation
[2010/09/29 13:55:13 | 000,000,000 | -H-D | M] -- C:\Users\Mila\AppData\Roaming\Tific
[2011/05/03 14:47:05 | 000,000,000 | -H-D | M] -- C:\Users\Mila\AppData\Roaming\uTorrent
[2011/03/11 02:11:49 | 000,000,000 | -H-D | M] -- C:\Users\Mila\AppData\Roaming\vlc
[2010/12/29 04:47:08 | 000,000,000 | -H-D | M] -- C:\Users\Mila\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2011/01/31 03:01:42 | 087,340,080 | -H-- | M] (Samsung Electronics Co., Ltd.                                ) -- C:\Users\Mila\AppData\Roaming\Microsoft\Windows\Templates\SamsungKiesSetup.exe
[2011/01/27 15:43:34 | 000,266,552 | -H-- | M] (ml) -- C:\Users\Mila\AppData\Roaming\Samsung\Kies\UpdateTemp\MCS.Thunder.Update.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009/07/14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2009/10/13 21:09:36 | 000,331,288 | ---- | M] (Intel Corporation) MD5=0BAA4115DFFFD6A6D809A89D65E1281A -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2009/10/13 21:16:40 | 000,409,624 | ---- | M] (Intel Corporation) MD5=BE7D72FCF442C26975942007E0831241 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2009/10/13 21:16:40 | 000,409,624 | ---- | M] (Intel Corporation) MD5=BE7D72FCF442C26975942007E0831241 -- C:\Windows\SysNative\drivers\iaStor.sys
[2009/10/13 21:16:40 | 000,409,624 | ---- | M] (Intel Corporation) MD5=BE7D72FCF442C26975942007E0831241 -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_6fca727099cdabf1\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2011/03/11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011/03/11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011/03/11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011/03/11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0033117673c16921\iaStorV.sys
[2011/03/11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011/03/11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009/07/14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009/07/14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\SysNative\netlogon.dll
[2009/07/14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009/07/14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011/03/11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\drivers\nvstor.sys
[2011/03/11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_38e464dbe521cc7f\nvstor.sys
[2011/03/11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011/03/11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011/03/11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011/03/11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\SysNative\scecli.dll
[2009/07/14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009/07/14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\SysNative\user32.dll
[2009/07/14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009/07/14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll
[2009/07/14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009/07/14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009/07/14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009/07/14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009/07/14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2009/10/28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009/07/14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009/07/14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
========== Files - Unicode (All) ==========
[2011/04/06 13:33:40 | 000,034,661 | -H-- | M] ()(C:\Users\Mila\Desktop\???????.docx) -- C:\Users\Mila\Desktop\покупки.docx
[2010/10/12 21:32:18 | 000,034,661 | -H-- | C] ()(C:\Users\Mila\Desktop\???????.docx) -- C:\Users\Mila\Desktop\покупки.docx

< End of report >
--- --- ---

cosinus 09.05.2011 11:12
Zitat:
PRC - [2011/04/18 19:25:10 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/03/28 16:15:04 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
Was soll das werden? Avast und Avira niemals parallel betreiben! Deinstalliere einen der beiden Scanner, poste danach ein frisches OTL-Log!

squama 09.05.2011 15:52
Hi,

hab jetzt Avast deinstalliert und nochmal einen OTL-Scan durchgefuehrt.

Hier ist die neue Log-Datei:OTL Logfile:
Code:
OTL logfile created on: 09/05/2011 4:36:51 PM - Run 3
OTL by OldTimer - Version 3.2.22.3    Folder = C:\Users\Mila\Downloads
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00001009 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
 
4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 67.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 457.34 Gb Total Space | 331.74 Gb Free Space | 72.54% Space Free | Partition Type: NTFS
 
Computer Name: MILA-VAIO | User Name: Mila | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011/05/09 16:35:13 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Mila\Downloads\OTL(4).exe
PRC - [2011/03/28 16:15:04 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011/03/28 16:14:56 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011/03/28 16:14:56 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/12/09 21:28:24 | 001,226,608 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/12/08 23:15:44 | 000,063,360 | ---- | M] (DivX, LLC) -- C:\Program Files (x86)\DivX\DivX Plus Web Player\DDMService.exe
PRC - [2010/06/30 06:12:16 | 003,365,176 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
PRC - [2010/02/26 02:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\ccsvchst.exe
PRC - [2009/12/01 02:20:00 | 000,204,648 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
PRC - [2009/12/01 02:20:00 | 000,112,488 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
PRC - [2009/11/09 05:17:50 | 000,180,224 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
PRC - [2009/10/24 10:18:54 | 000,360,224 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
PRC - [2009/10/24 10:18:52 | 000,597,792 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
PRC - [2009/10/13 21:25:54 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/10/13 21:25:30 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/10/05 20:57:46 | 000,016,384 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\CCP.exe
PRC - [2009/10/05 20:42:48 | 000,161,080 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWi.exe
PRC - [2009/10/05 20:42:48 | 000,033,792 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\PowerManager.exe
PRC - [2009/10/05 20:42:46 | 000,017,920 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\ThirdPartyAppMgr.exe
PRC - [2009/09/15 02:24:08 | 000,206,336 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
PRC - [2009/09/15 01:53:48 | 000,642,416 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
PRC - [2009/08/27 02:24:00 | 000,320,880 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
PRC - [2008/09/18 17:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
PRC - [2005/08/31 23:32:38 | 000,106,496 | ---- | M] (ABBYY (BIT Software)) -- C:\Program Files (x86)\ABBYY Lingvo 11 Six Languages\LvAgent.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011/05/09 16:35:13 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Mila\Downloads\OTL(4).exe
MOD - [2010/08/21 07:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2010/05/25 08:45:38 | 000,119,632 | ---- | M] (Devguru Co., Ltd.) [Auto | Running] -- C:\Windows\SysNative\dgdersvc.exe -- (dgdersvc)
SRV:64bit: - [2009/12/01 02:51:18 | 000,571,248 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management)
SRV:64bit: - [2009/10/30 16:50:40 | 001,165,680 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Update 5\VUAgent.exe -- (VUAgent)
SRV:64bit: - [2009/09/17 06:28:42 | 000,167,424 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Care\collsvc.exe -- (SampleCollector)
SRV:64bit: - [2009/09/16 20:27:12 | 000,480,624 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV:64bit: - [2009/09/09 01:09:20 | 000,110,960 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe -- (VcmXmlIfHelper)
SRV:64bit: - [2009/09/04 23:35:12 | 000,873,248 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2009/09/02 04:42:00 | 000,361,840 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe -- (VcmINSMgr)
SRV:64bit: - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/03/28 16:15:04 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/03/28 16:14:56 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/05/25 08:44:30 | 000,095,568 | ---- | M] (Devguru Co., Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\dgdersvc.exe -- (dgdersvc)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/02/26 02:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe -- (NIS)
SRV - [2009/12/04 21:26:00 | 000,427,304 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe -- (SOHDms)
SRV - [2009/12/04 21:26:00 | 000,091,432 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe -- (SOHPlMgr)
SRV - [2009/12/04 21:26:00 | 000,075,048 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe -- (SOHDs)
SRV - [2009/12/04 21:26:00 | 000,070,952 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe -- (SOHDBSvr)
SRV - [2009/12/04 21:25:58 | 000,120,104 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe -- (SOHCImp)
SRV - [2009/12/01 02:20:00 | 000,204,648 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2009/10/24 10:18:54 | 000,360,224 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2009/10/13 21:25:30 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2009/09/15 02:24:08 | 000,206,336 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2009/09/15 02:24:08 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2009/09/15 01:53:48 | 000,642,416 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)
SRV - [2009/08/31 08:59:30 | 000,362,992 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe -- (Roxio Upnp Server 10)
SRV - [2009/08/31 08:59:18 | 000,313,840 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe -- (Roxio UPnP Renderer 10)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/09/18 17:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)
SRV - [2003/04/18 19:06:26 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\srvany.exe -- (KMService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011/04/01 17:07:25 | 000,116,568 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011/04/01 17:07:25 | 000,083,120 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011/03/11 08:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 08:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/18 17:36:58 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/09/12 11:42:31 | 000,173,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2010/07/12 20:36:10 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/05/25 08:45:52 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TFsExDisk.sys -- (TFsExDisk)
DRV:64bit: - [2010/05/25 08:45:38 | 000,020,568 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dgderdrv.sys -- (dgderdrv)
DRV:64bit: - [2010/05/06 06:01:59 | 000,451,120 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1108000.005\symtdiv.sys -- (SYMTDIv)
DRV:64bit: - [2010/04/29 07:03:51 | 000,150,064 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1108000.005\ironx64.sys -- (SymIRON)
DRV:64bit: - [2010/04/27 04:25:22 | 000,161,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscemdm.sys -- (sscemdm)
DRV:64bit: - [2010/04/27 04:25:22 | 000,127,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscebus.sys -- (sscebus) SAMSUNG USB Composite Device V2 driver (WDM)
DRV:64bit: - [2010/04/27 04:25:22 | 000,018,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscemdfl.sys -- (sscemdfl)
DRV:64bit: - [2010/04/22 05:02:20 | 000,221,232 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1108000.005\symefa64.sys -- (SymEFA)
DRV:64bit: - [2010/04/22 04:29:51 | 000,505,392 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1108000.005\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2010/04/22 04:29:51 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1108000.005\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2010/02/26 02:22:52 | 000,615,040 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1108000.005\cchpx64.sys -- (ccHP)
DRV:64bit: - [2009/11/18 22:07:14 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009/11/18 22:07:13 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009/11/18 22:07:13 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009/11/18 22:07:12 | 000,052,264 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)
DRV:64bit: - [2009/11/18 22:06:44 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2009/11/12 22:16:19 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/11/12 22:06:44 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/11/12 22:05:01 | 000,084,512 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2009/11/11 22:05:13 | 000,292,400 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/11/06 22:27:30 | 000,093,696 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimssne64.sys -- (rimspci)
DRV:64bit: - [2009/10/27 22:06:59 | 000,151,040 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/10/13 21:16:40 | 000,409,624 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/09/15 22:09:08 | 000,075,776 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdsne64.sys -- (risdsnpe)
DRV:64bit: - [2009/08/30 02:17:18 | 000,433,200 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1108000.005\symds64.sys -- (SymDS)
DRV:64bit: - [2009/08/19 22:09:21 | 000,011,392 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 01:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/06/10 22:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/26 21:32:04 | 000,019,968 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2010/09/29 20:26:36 | 001,804,336 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20101013.002\EX64.SYS -- (NAVEX15)
DRV - [2010/09/29 20:26:36 | 000,117,808 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20101013.002\ENG64.SYS -- (NAVENG)
DRV - [2010/09/16 21:15:52 | 000,475,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2010/09/16 21:15:52 | 000,132,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/09/15 20:02:19 | 000,476,720 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20101012.001\IDSviA64.sys -- (IDSVia64)
DRV - [2010/09/01 21:39:20 | 000,954,928 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20101001.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2010/05/25 08:45:52 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk)
DRV - [2010/05/25 08:44:30 | 000,018,136 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\dgderdrv.sys -- (dgderdrv)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
IE - HKLM\..\URLSearchHook: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Program Files (x86)\uTorrentBar_DE\tbuTor.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.sonystyle.ca/vaio [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.sonystyle.ca/vaio [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
IE - HKCU\..\URLSearchHook: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Program Files (x86)\uTorrentBar_DE\tbuTor.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
FF - prefs.js..extensions.enabledItems: {c840e246-6b95-475e-9bd7-caa1c7eca9f2}:3.2.5.2
FF - prefs.js..extensions.enabledItems: {35B5AB1F-1397-41A8-9987-7EDA02F90AD8}:1.9.1
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\ [2010/09/17 11:11:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\ [2010/09/17 03:29:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2010/12/25 01:58:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2010/12/25 01:58:49 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/05/04 02:34:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/05/04 02:34:16 | 000,000,000 | ---D | M]
 
[2010/09/16 11:11:31 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Mila\AppData\Roaming\Mozilla\Extensions
[2011/05/08 09:30:23 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Mila\AppData\Roaming\Mozilla\Firefox\Profiles\0xxsjm2o.default\extensions
[2011/01/05 05:52:52 | 000,000,000 | -H-D | M] (uTorrentBar_DE Community Toolbar) -- C:\Users\Mila\AppData\Roaming\Mozilla\Firefox\Profiles\0xxsjm2o.default\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}
[2011/01/05 05:52:52 | 000,000,000 | -H-D | M] (Conduit Engine) -- C:\Users\Mila\AppData\Roaming\Mozilla\Firefox\Profiles\0xxsjm2o.default\extensions\engine@conduit.com
[2010/09/16 21:13:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/09/16 21:13:15 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/12/25 01:58:48 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\HTML5VIDEO
[2010/12/25 01:58:49 | 000,000,000 | ---D | M] (DivX HiQ) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\WPA
[2010/09/17 03:29:01 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\COFFPLGN
[2010/09/17 11:11:36 | 000,000,000 | ---D | M] (Norton IPS) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPLGN
[2011/04/11 01:47:27 | 000,000,000 | -H-D | M] (XULRunner) -- C:\USERS\MILA\APPDATA\LOCAL\{35B5AB1F-1397-41A8-9987-7EDA02F90AD8}
[2011/03/21 18:19:48 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2011/03/21 18:19:48 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-de.xml
[2011/03/21 18:19:48 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2011/03/21 18:19:48 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2011/03/21 18:19:48 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg64.dll (Google Inc.)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O2 - BHO: (uTorrentBar_DE Toolbar) - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Program Files (x86)\uTorrentBar_DE\tbuTor.dll (Conduit Ltd.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (uTorrentBar_DE Toolbar) - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Program Files (x86)\uTorrentBar_DE\tbuTor.dll (Conduit Ltd.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (uTorrentBar_DE Toolbar) - {C840E246-6B95-475E-9BD7-CAA1C7ECA9F2} - C:\Program Files (x86)\uTorrentBar_DE\tbuTor.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DivX Download Manager] C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [Lingvo Launcher] C:\Program Files (x86)\ABBYY Lingvo 11 Six Languages\Lvagent.exe (ABBYY (BIT Software))
O4 - HKLM..\Run: [LingvoTraining] C:\Program Files (x86)\ABBYY Lingvo 11 Six Languages\Tutor.exe (ABBYY (BIT Software))
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [SmartWiHelper] C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe (Sony Electronics Corporation)
O4 - HKCU..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKCU..\Run: [scrss]  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O8:64bit: - Extra context menu item: Translate with ABBYY &Lingvo - C:\Program Files (x86)\ABBYY Lingvo 11 Six Languages\Lingvo.exe (ABBYY (BIT Software))
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O8 - Extra context menu item: Translate with ABBYY &Lingvo - C:\Program Files (x86)\ABBYY Lingvo 11 Six Languages\Lingvo.exe (ABBYY (BIT Software))
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O9 - Extra 'Tools' menuitem : Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\Windows\SysWow64\VESWinlogon.dll (Sony Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{29dd1e33-52da-11e0-a30e-544249126ee4}\Shell - "" = AutoRun
O33 - MountPoints2\{29dd1e33-52da-11e0-a30e-544249126ee4}\Shell\AutoRun\command - "" = D:\VTP_Manager.exe
O33 - MountPoints2\{4d9cf080-be83-11df-a594-544249126ee4}\Shell - "" = AutoRun
O33 - MountPoints2\{4d9cf080-be83-11df-a594-544249126ee4}\Shell\AutoRun\command - "" = "D:\WD SmartWare.exe" autoplay=true
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
 
 
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011/05/08 09:24:24 | 000,000,000 | ---D | C] -- C:\Users\Mila\AppData\Roaming\Malwarebytes
[2011/05/08 09:24:17 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/05/08 09:24:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/05/08 09:24:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/05/08 09:24:12 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/05/08 09:24:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/05/01 14:54:01 | 000,253,888 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2011/05/01 14:53:17 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2011/05/01 14:53:17 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/05/01 14:36:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011/05/01 14:36:31 | 000,116,568 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2011/05/01 14:36:31 | 000,083,120 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2011/05/01 14:36:31 | 000,000,000 | -H-D | C] -- C:\ProgramData\Avira
[2011/05/01 14:36:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2011/04/11 01:47:27 | 000,000,000 | -H-D | C] -- C:\Users\Mila\AppData\Local\{35B5AB1F-1397-41A8-9987-7EDA02F90AD8}
[1 C:\Users\Mila\Desktop\*.tmp files -> C:\Users\Mila\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011/05/09 16:37:23 | 000,019,808 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/09 16:37:23 | 000,019,808 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/09 16:29:58 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/09 16:29:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/09 16:29:37 | 3156,807,680 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/09 15:47:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/09 06:48:01 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/05/09 06:48:01 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/05/09 06:48:01 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/05/08 09:24:17 | 000,001,133 | ---- | M] () -- C:\Users\Mila\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/05/08 09:24:17 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/06 16:29:03 | 000,000,120 | -H-- | M] () -- C:\Users\Mila\AppData\Local\Msahihikilugoqor.dat
[2011/05/06 16:29:03 | 000,000,000 | -H-- | M] () -- C:\Users\Mila\AppData\Local\Exakabivebax.bin
[2011/05/01 14:54:01 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2011/05/01 05:19:01 | 000,000,160 | -H-- | M] () -- C:\ProgramData\~47767304r
[2011/05/01 05:19:01 | 000,000,136 | -H-- | M] () -- C:\ProgramData\~47767304
[2011/05/01 05:18:57 | 000,000,344 | -H-- | M] () -- C:\ProgramData\47767304
[2011/04/27 20:17:25 | 000,009,498 | -H-- | M] () -- C:\Users\Mila\Desktop\2011-04-27_20.16_1898019_Kontoauszug_Nr._3.pdf
[2011/04/26 20:51:29 | 000,227,609 | -H-- | M] () -- C:\Users\Mila\Desktop\Tina.jpg
[2011/04/18 19:25:00 | 000,253,888 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2011/04/17 21:07:29 | 000,445,114 | -H-- | M] () -- C:\Users\Mila\Desktop\plasch.bmp
[2011/04/17 04:23:45 | 000,068,637 | ---- | M] () -- C:\test.xml
[2011/04/16 09:14:33 | 000,452,888 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[1 C:\Users\Mila\Desktop\*.tmp files -> C:\Users\Mila\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011/05/08 09:24:17 | 000,001,133 | ---- | C] () -- C:\Users\Mila\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/05/08 09:24:17 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/01 14:54:01 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2011/05/01 05:19:01 | 000,000,160 | -H-- | C] () -- C:\ProgramData\~47767304r
[2011/05/01 05:19:01 | 000,000,136 | -H-- | C] () -- C:\ProgramData\~47767304
[2011/05/01 05:18:57 | 000,000,344 | -H-- | C] () -- C:\ProgramData\47767304
[2011/04/27 20:17:25 | 000,009,498 | -H-- | C] () -- C:\Users\Mila\Desktop\2011-04-27_20.16_1898019_Kontoauszug_Nr._3.pdf
[2011/04/26 20:51:29 | 000,227,609 | -H-- | C] () -- C:\Users\Mila\Desktop\Tina.jpg
[2011/04/26 18:42:13 | 001,728,063 | -H-- | C] () -- C:\Users\Mila\Desktop\CIMG0870.JPG
[2011/04/26 13:48:11 | 001,729,095 | -H-- | C] () -- C:\Users\Mila\Desktop\CIMG0212.JPG
[2011/04/17 21:07:29 | 000,445,114 | -H-- | C] () -- C:\Users\Mila\Desktop\plasch.bmp
[2011/04/11 01:47:28 | 000,000,120 | -H-- | C] () -- C:\Users\Mila\AppData\Local\Msahihikilugoqor.dat
[2011/04/11 01:47:28 | 000,000,000 | -H-- | C] () -- C:\Users\Mila\AppData\Local\Exakabivebax.bin
[2011/01/29 18:00:22 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2011/01/29 18:00:22 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2011/01/29 18:00:22 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2011/01/29 18:00:22 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2010/10/05 18:14:05 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/09/13 13:54:34 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe
[2009/07/14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
 
========== LOP Check ==========
 
[2010/10/14 10:12:29 | 000,000,000 | -H-D | M] -- C:\Users\Mila\AppData\Roaming\Auslogics
[2011/02/27 20:49:58 | 000,000,000 | -H-D | M] -- C:\Users\Mila\AppData\Roaming\Canneverbe Limited
[2010/12/25 01:58:50 | 000,000,000 | -H-D | M] -- C:\Users\Mila\AppData\Roaming\Local
[2011/03/27 16:39:48 | 000,000,000 | -H-D | M] -- C:\Users\Mila\AppData\Roaming\Samsung
[2010/09/29 13:55:13 | 000,000,000 | -H-D | M] -- C:\Users\Mila\AppData\Roaming\Tific
[2011/05/03 14:47:05 | 000,000,000 | -H-D | M] -- C:\Users\Mila\AppData\Roaming\uTorrent
[2011/03/22 23:53:52 | 000,032,646 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2010/09/29 20:16:29 | 000,000,000 | -H-D | M] -- C:\Users\Mila\AppData\Roaming\ABBYY
[2011/04/27 20:32:19 | 000,000,000 | -H-D | M] -- C:\Users\Mila\AppData\Roaming\Adobe
[2011/03/14 03:28:54 | 000,000,000 | -H-D | M] -- C:\Users\Mila\AppData\Roaming\Apple Computer
[2010/10/06 14:56:10 | 000,000,000 | -H-D | M] -- C:\Users\Mila\AppData\Roaming\ArcSoft
[2010/10/14 10:12:29 | 000,000,000 | -H-D | M] -- C:\Users\Mila\AppData\Roaming\Auslogics
[2011/02/27 20:49:58 | 000,000,000 | -H-D | M] -- C:\Users\Mila\AppData\Roaming\Canneverbe Limited
[2010/12/25 14:39:55 | 000,000,000 | -H-D | M] -- C:\Users\Mila\AppData\Roaming\DivX
[2010/09/16 11:09:36 | 000,000,000 | -H-D | M] -- C:\Users\Mila\AppData\Roaming\Google
[2010/09/12 11:42:00 | 000,000,000 | -H-D | M] -- C:\Users\Mila\AppData\Roaming\Identities
[2010/12/25 01:58:50 | 000,000,000 | -H-D | M] -- C:\Users\Mila\AppData\Roaming\Local
[2010/09/16 11:09:50 | 000,000,000 | -H-D | M] -- C:\Users\Mila\AppData\Roaming\Macromedia
[2011/05/08 09:24:24 | 000,000,000 | ---D | M] -- C:\Users\Mila\AppData\Roaming\Malwarebytes
[2009/11/20 02:27:16 | 000,000,000 | -H-D | M] -- C:\Users\Mila\AppData\Roaming\Media Center Programs
[2011/04/27 20:32:19 | 000,000,000 | --SD | M] -- C:\Users\Mila\AppData\Roaming\Microsoft
[2010/09/16 11:11:31 | 000,000,000 | -H-D | M] -- C:\Users\Mila\AppData\Roaming\Mozilla
[2010/09/12 16:37:08 | 000,000,000 | -H-D | M] -- C:\Users\Mila\AppData\Roaming\Roxio
[2011/03/27 16:39:48 | 000,000,000 | -H-D | M] -- C:\Users\Mila\AppData\Roaming\Samsung
[2011/05/09 16:31:10 | 000,000,000 | -H-D | M] -- C:\Users\Mila\AppData\Roaming\Skype
[2011/05/09 16:30:36 | 000,000,000 | -H-D | M] -- C:\Users\Mila\AppData\Roaming\skypePM
[2010/09/12 11:41:06 | 000,000,000 | -H-D | M] -- C:\Users\Mila\AppData\Roaming\Sony Corporation
[2010/09/29 13:55:13 | 000,000,000 | -H-D | M] -- C:\Users\Mila\AppData\Roaming\Tific
[2011/05/03 14:47:05 | 000,000,000 | -H-D | M] -- C:\Users\Mila\AppData\Roaming\uTorrent
[2011/03/11 02:11:49 | 000,000,000 | -H-D | M] -- C:\Users\Mila\AppData\Roaming\vlc
[2010/12/29 04:47:08 | 000,000,000 | -H-D | M] -- C:\Users\Mila\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2011/01/31 03:01:42 | 087,340,080 | -H-- | M] (Samsung Electronics Co., Ltd.                                ) -- C:\Users\Mila\AppData\Roaming\Microsoft\Windows\Templates\SamsungKiesSetup.exe
[2011/01/27 15:43:34 | 000,266,552 | -H-- | M] (ml) -- C:\Users\Mila\AppData\Roaming\Samsung\Kies\UpdateTemp\MCS.Thunder.Update.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009/07/14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2009/10/13 21:09:36 | 000,331,288 | ---- | M] (Intel Corporation) MD5=0BAA4115DFFFD6A6D809A89D65E1281A -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2009/10/13 21:16:40 | 000,409,624 | ---- | M] (Intel Corporation) MD5=BE7D72FCF442C26975942007E0831241 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2009/10/13 21:16:40 | 000,409,624 | ---- | M] (Intel Corporation) MD5=BE7D72FCF442C26975942007E0831241 -- C:\Windows\SysNative\drivers\iaStor.sys
[2009/10/13 21:16:40 | 000,409,624 | ---- | M] (Intel Corporation) MD5=BE7D72FCF442C26975942007E0831241 -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_6fca727099cdabf1\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2011/03/11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011/03/11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011/03/11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011/03/11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0033117673c16921\iaStorV.sys
[2011/03/11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011/03/11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009/07/14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009/07/14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\SysNative\netlogon.dll
[2009/07/14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009/07/14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011/03/11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\drivers\nvstor.sys
[2011/03/11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_38e464dbe521cc7f\nvstor.sys
[2011/03/11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011/03/11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011/03/11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011/03/11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\SysNative\scecli.dll
[2009/07/14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009/07/14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\SysNative\user32.dll
[2009/07/14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009/07/14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll
[2009/07/14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009/07/14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009/07/14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009/07/14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009/07/14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2009/10/28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009/07/14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009/07/14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
========== Files - Unicode (All) ==========
[2011/04/06 13:33:40 | 000,034,661 | -H-- | M] ()(C:\Users\Mila\Desktop\???????.docx) -- C:\Users\Mila\Desktop\покупки.docx
[2010/10/12 21:32:18 | 000,034,661 | -H-- | C] ()(C:\Users\Mila\Desktop\???????.docx) -- C:\Users\Mila\Desktop\покупки.docx

< End of report >
--- --- ---

cosinus 09.05.2011 16:09
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)


Code:
:OTL
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg64.dll (Google Inc.)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\ipsbho.dll (Symantec Corporation)
[2010/09/17 03:29:01 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\COFFPLGN
[2010/09/17 11:11:36 | 000,000,000 | ---D | M] (Norton IPS) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPLGN
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O2 - BHO: (uTorrentBar_DE Toolbar) - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Program Files (x86)\uTorrentBar_DE\tbuTor.dll (Conduit Ltd.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (uTorrentBar_DE Toolbar) - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Program Files (x86)\uTorrentBar_DE\tbuTor.dll (Conduit Ltd.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (uTorrentBar_DE Toolbar) - {C840E246-6B95-475E-9BD7-CAA1C7ECA9F2} - C:\Program Files (x86)\uTorrentBar_DE\tbuTor.dll (Conduit Ltd.)
O4 - HKLM..\Run: []  File not found
O4 - HKCU..\Run: [scrss]  File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{29dd1e33-52da-11e0-a30e-544249126ee4}\Shell - "" = AutoRun
O33 - MountPoints2\{29dd1e33-52da-11e0-a30e-544249126ee4}\Shell\AutoRun\command - "" = D:\VTP_Manager.exe
O33 - MountPoints2\{4d9cf080-be83-11df-a594-544249126ee4}\Shell - "" = AutoRun
O33 - MountPoints2\{4d9cf080-be83-11df-a594-544249126ee4}\Shell\AutoRun\command - "" = "D:\WD SmartWare.exe" autoplay=true
[2011/05/06 16:29:03 | 000,000,120 | -H-- | M] () -- C:\Users\Mila\AppData\Local\Msahihikilugoqor.dat
[2011/05/06 16:29:03 | 000,000,000 | -H-- | M] () -- C:\Users\Mila\AppData\Local\Exakabivebax.bin
[2011/05/01 05:19:01 | 000,000,160 | -H-- | M] () -- C:\ProgramData\~47767304r
[2011/05/01 05:19:01 | 000,000,136 | -H-- | M] () -- C:\ProgramData\~47767304
[2011/05/01 05:18:57 | 000,000,344 | -H-- | M] () -- C:\ProgramData\47767304
:Commands
[purity]
[resethosts]
[emptytemp]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

squama 09.05.2011 17:02
Hi, hier ist der OTL-Fix:


All processes killed
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ deleted successfully.
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll moved successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ deleted successfully.
C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg64.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.
C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{326E768D-4182-46FD-9C16-1449A49795F4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{326E768D-4182-46FD-9C16-1449A49795F4}\ deleted successfully.
C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{593DDEC6-7468-4cdd-90E1-42DADAA222E9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{593DDEC6-7468-4cdd-90E1-42DADAA222E9}\ deleted successfully.
File C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry delete failed. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\ scheduled to be deleted on reboot.
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\ .
File move failed. C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\coieplg.dll scheduled to be moved on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}\ scheduled to be deleted on reboot.
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}\ .
File move failed. C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\ipsbho.dll scheduled to be moved on reboot.
Folder move failed. C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\COFFPLGN\content scheduled to be moved on reboot.
Folder move failed. C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\COFFPLGN\components scheduled to be moved on reboot.
Folder move failed. C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\COFFPLGN\chrome\skin scheduled to be moved on reboot.
Folder move failed. C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\COFFPLGN\chrome scheduled to be moved on reboot.
Folder move failed. C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\COFFPLGN scheduled to be moved on reboot.
Folder move failed. C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPLGN\components scheduled to be moved on reboot.
Folder move failed. C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPLGN\chrome\skin scheduled to be moved on reboot.
Folder move failed. C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPLGN\chrome scheduled to be moved on reboot.
Folder move failed. C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPLGN scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ deleted successfully.
C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\ deleted successfully.
C:\Program Files (x86)\uTorrentBar_DE\tbuTor.dll moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}\ deleted successfully.
File C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
File C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ .
File move failed. C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\coieplg.dll scheduled to be moved on reboot.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{c840e246-6b95-475e-9bd7-caa1c7eca9f2} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\ not found.
File C:\Program Files (x86)\uTorrentBar_DE\tbuTor.dll not found.
64bit-Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
File C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ .
File move failed. C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\coieplg.dll scheduled to be moved on reboot.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2}\ not found.
File C:\Program Files (x86)\uTorrentBar_DE\tbuTor.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\scrss deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{29dd1e33-52da-11e0-a30e-544249126ee4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{29dd1e33-52da-11e0-a30e-544249126ee4}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{29dd1e33-52da-11e0-a30e-544249126ee4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{29dd1e33-52da-11e0-a30e-544249126ee4}\ not found.
File D:\VTP_Manager.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4d9cf080-be83-11df-a594-544249126ee4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4d9cf080-be83-11df-a594-544249126ee4}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4d9cf080-be83-11df-a594-544249126ee4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4d9cf080-be83-11df-a594-544249126ee4}\ not found.
File "D:\WD SmartWare.exe" autoplay=true not found.
C:\Users\Mila\AppData\Local\Msahihikilugoqor.dat moved successfully.
C:\Users\Mila\AppData\Local\Exakabivebax.bin moved successfully.
C:\ProgramData\~47767304r moved successfully.
C:\ProgramData\~47767304 moved successfully.
C:\ProgramData\47767304 moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Mila
->Temp folder emptied: 382998387 bytes
->Temporary Internet Files folder emptied: 2142182326 bytes
->Java cache emptied: 1118275 bytes
->FireFox cache emptied: 131944585 bytes
->Google Chrome cache emptied: 434944866 bytes
->Flash cache emptied: 42648 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 80925153 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 101755 bytes
RecycleBin emptied: 868714282 bytes

Total Files Cleaned = 3,856.00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 05092011_174626

Files\Folders moved on Reboot...
File move failed. C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\coieplg.dll scheduled to be moved on reboot.
File move failed. C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\ipsbho.dll scheduled to be moved on reboot.
Folder move failed. C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\COFFPLGN\content scheduled to be moved on reboot.
Folder move failed. C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\COFFPLGN\components scheduled to be moved on reboot.
Folder move failed. C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\COFFPLGN\chrome\skin scheduled to be moved on reboot.
Folder move failed. C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\COFFPLGN\chrome\skin scheduled to be moved on reboot.
Folder move failed. C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\COFFPLGN\chrome scheduled to be moved on reboot.
Folder move failed. C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\COFFPLGN\content scheduled to be moved on reboot.
Folder move failed. C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\COFFPLGN\components scheduled to be moved on reboot.
Folder move failed. C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\COFFPLGN\chrome\skin scheduled to be moved on reboot.
Folder move failed. C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\COFFPLGN\chrome scheduled to be moved on reboot.
Folder move failed. C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\COFFPLGN scheduled to be moved on reboot.
Folder move failed. C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPLGN\components scheduled to be moved on reboot.
Folder move failed. C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPLGN\chrome\skin scheduled to be moved on reboot.
Folder move failed. C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPLGN\chrome\skin scheduled to be moved on reboot.
Folder move failed. C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPLGN\chrome scheduled to be moved on reboot.
Folder move failed. C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPLGN\components scheduled to be moved on reboot.
Folder move failed. C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPLGN\chrome\skin scheduled to be moved on reboot.
Folder move failed. C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPLGN\chrome scheduled to be moved on reboot.
Folder move failed. C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPLGN scheduled to be moved on reboot.
C:\Users\Mila\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...
Registry delete failed. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\ scheduled to be deleted on reboot.
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\ .
Registry delete failed. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}\ scheduled to be deleted on reboot.
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}\ .

cosinus 09.05.2011 19:00
Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

squama 10.05.2011 11:49
Hi,

hab jetzt das Tool von Kaspersky ausgefuehrt und er hat mir angezeigt, dass nichts gefunden wurde.

Hab danach unhide.exe ausgefuehrt und meine dateien sind wieder sichtbar. VIELEN VIELEN DANK schon mal dafuer!!!

Wenn ich eine Word-Datei anklicke, dann oeffnet Word sie auch und ich kann mit Word arbeiten. Ich kann aber immer noch nicht auf Office/Word und andere Programme zugreifen, wenn ich das Windows-Button auf der Taskleiste klicke und auf Programme gehe und von dort aus das Programm starten will. Es steht bei allen Ordner "empty" drauf. Die Programme, wie z.B. Firefox, die ich dort als schnellstart-button habe, kann ich oeffnen, obwohl sie unter Programme auch nicht sichtbar sind.

Und bei den Symbolen, die auf der Taskleiste angepint sind, erscheint folgendes, wenn ich versuche sie zu starten:

Cant open this Item

It might have been moved, renamed, or deleted. Do you want to remove this item?









Hier ist die Log-Datei vom Kaspersky-Tool:

2011/05/10 12:09:56.0426 4288 TDSS rootkit removing tool 2.5.0.0 May 1 2011 14:20:16
2011/05/10 12:09:56.0769 4288 ================================================================================
2011/05/10 12:09:56.0769 4288 SystemInfo:
2011/05/10 12:09:56.0769 4288
2011/05/10 12:09:56.0769 4288 OS Version: 6.1.7600 ServicePack: 0.0
2011/05/10 12:09:56.0769 4288 Product type: Workstation
2011/05/10 12:09:56.0769 4288 ComputerName: MILA-VAIO
2011/05/10 12:09:56.0769 4288 UserName: Mila
2011/05/10 12:09:56.0769 4288 Windows directory: C:\Windows
2011/05/10 12:09:56.0769 4288 System windows directory: C:\Windows
2011/05/10 12:09:56.0769 4288 Running under WOW64
2011/05/10 12:09:56.0769 4288 Processor architecture: Intel x64
2011/05/10 12:09:56.0769 4288 Number of processors: 4
2011/05/10 12:09:56.0769 4288 Page size: 0x1000
2011/05/10 12:09:56.0769 4288 Boot type: Normal boot
2011/05/10 12:09:56.0769 4288 ================================================================================
2011/05/10 12:09:57.0237 4288 Initialize success
2011/05/10 12:10:03.0041 5348 ================================================================================
2011/05/10 12:10:03.0041 5348 Scan started
2011/05/10 12:10:03.0041 5348 Mode: Manual;
2011/05/10 12:10:03.0041 5348 ================================================================================
2011/05/10 12:10:03.0524 5348 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\drivers\1394ohci.sys
2011/05/10 12:10:03.0618 5348 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\drivers\ACPI.sys
2011/05/10 12:10:03.0680 5348 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\drivers\acpipmi.sys
2011/05/10 12:10:03.0758 5348 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
2011/05/10 12:10:03.0852 5348 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
2011/05/10 12:10:03.0914 5348 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
2011/05/10 12:10:03.0992 5348 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
2011/05/10 12:10:04.0102 5348 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
2011/05/10 12:10:04.0211 5348 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
2011/05/10 12:10:04.0273 5348 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
2011/05/10 12:10:04.0320 5348 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
2011/05/10 12:10:04.0367 5348 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
2011/05/10 12:10:04.0445 5348 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
2011/05/10 12:10:04.0523 5348 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
2011/05/10 12:10:04.0585 5348 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
2011/05/10 12:10:04.0679 5348 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
2011/05/10 12:10:04.0788 5348 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
2011/05/10 12:10:04.0850 5348 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
2011/05/10 12:10:04.0913 5348 ArcSoftKsUFilter (c130bc4a51b1382b2be8e44579ec4c0a) C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys
2011/05/10 12:10:04.0960 5348 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/05/10 12:10:05.0022 5348 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
2011/05/10 12:10:05.0116 5348 athr (0acc06fcf46f64ed4f11e57ee461c1f4) C:\Windows\system32\DRIVERS\athrx.sys
2011/05/10 12:10:05.0303 5348 avgntflt (39c2e2870fc0c2ae0595b883cbe716b4) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/05/10 12:10:05.0365 5348 avipbb (c98fa6e5ad0e857d22716bd2b8b1f399) C:\Windows\system32\DRIVERS\avipbb.sys
2011/05/10 12:10:05.0428 5348 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
2011/05/10 12:10:05.0506 5348 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/05/10 12:10:05.0615 5348 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/05/10 12:10:05.0849 5348 BHDrvx64 (ddae7b27bdbb3da1276784753138b9c2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20101001.001\BHDrvx64.sys
2011/05/10 12:10:05.0989 5348 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
2011/05/10 12:10:06.0083 5348 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
2011/05/10 12:10:06.0145 5348 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
2011/05/10 12:10:06.0176 5348 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
2011/05/10 12:10:06.0239 5348 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/05/10 12:10:06.0286 5348 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/05/10 12:10:06.0348 5348 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/05/10 12:10:06.0395 5348 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/05/10 12:10:06.0442 5348 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\DRIVERS\BthEnum.sys
2011/05/10 12:10:06.0488 5348 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
2011/05/10 12:10:06.0520 5348 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
2011/05/10 12:10:06.0598 5348 BTHPORT (a51fa9d0e85d5adabef72e67f386309c) C:\Windows\system32\Drivers\BTHport.sys
2011/05/10 12:10:06.0660 5348 BTHUSB (f740b9a16b2c06700f2130e19986bf3b) C:\Windows\system32\Drivers\BTHUSB.sys
2011/05/10 12:10:06.0707 5348 btusbflt (6e04458e98daf28826482e41a7a62df5) C:\Windows\system32\drivers\btusbflt.sys
2011/05/10 12:10:06.0769 5348 btwaudio (4bdbdb86abba924e029fb2683be7c505) C:\Windows\system32\drivers\btwaudio.sys
2011/05/10 12:10:06.0832 5348 btwavdt (5c849bd7c78791c5cee9f4651d7fe38d) C:\Windows\system32\DRIVERS\btwavdt.sys
2011/05/10 12:10:06.0972 5348 btwl2cap (6149301dc3f81d6f9667a3fbac410975) C:\Windows\system32\DRIVERS\btwl2cap.sys
2011/05/10 12:10:07.0034 5348 btwrchid (3e1991afa851a36dc978b0a1b0535c8b) C:\Windows\system32\DRIVERS\btwrchid.sys
2011/05/10 12:10:07.0175 5348 ccHP (da66e851e76766d2c84502fe682ab175) C:\Windows\system32\drivers\NISx64\1108000.005\ccHPx64.sys
2011/05/10 12:10:07.0253 5348 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/05/10 12:10:07.0331 5348 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
2011/05/10 12:10:07.0471 5348 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
2011/05/10 12:10:07.0534 5348 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/05/10 12:10:07.0690 5348 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
2011/05/10 12:10:07.0752 5348 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
2011/05/10 12:10:07.0830 5348 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
2011/05/10 12:10:07.0955 5348 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
2011/05/10 12:10:08.0033 5348 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\drivers\CompositeBus.sys
2011/05/10 12:10:08.0158 5348 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
2011/05/10 12:10:08.0298 5348 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
2011/05/10 12:10:08.0376 5348 dgderdrv (867fa8b9e9e3078f68c4089904bbf4b0) C:\Windows\system32\drivers\dgderdrv.sys
2011/05/10 12:10:08.0516 5348 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/05/10 12:10:08.0579 5348 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
2011/05/10 12:10:08.0704 5348 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/05/10 12:10:08.0797 5348 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
2011/05/10 12:10:09.0000 5348 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
2011/05/10 12:10:09.0187 5348 eeCtrl (066108ae4c35835081598827a1a7d08d) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
2011/05/10 12:10:09.0328 5348 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
2011/05/10 12:10:09.0437 5348 EraserUtilRebootDrv (12866876e3851f1e5d462b2a83e25578) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2011/05/10 12:10:09.0530 5348 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
2011/05/10 12:10:09.0608 5348 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/05/10 12:10:09.0686 5348 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/05/10 12:10:09.0749 5348 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
2011/05/10 12:10:09.0827 5348 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/05/10 12:10:09.0874 5348 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/05/10 12:10:09.0998 5348 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
2011/05/10 12:10:10.0061 5348 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
2011/05/10 12:10:10.0108 5348 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/05/10 12:10:10.0139 5348 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/05/10 12:10:10.0248 5348 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
2011/05/10 12:10:10.0310 5348 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
2011/05/10 12:10:10.0388 5348 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/05/10 12:10:10.0498 5348 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/05/10 12:10:10.0576 5348 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
2011/05/10 12:10:10.0654 5348 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\drivers\HDAudBus.sys
2011/05/10 12:10:10.0732 5348 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
2011/05/10 12:10:10.0763 5348 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
2011/05/10 12:10:10.0810 5348 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
2011/05/10 12:10:10.0903 5348 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
2011/05/10 12:10:11.0044 5348 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\drivers\HpSAMD.sys
2011/05/10 12:10:11.0122 5348 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
2011/05/10 12:10:11.0184 5348 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
2011/05/10 12:10:11.0262 5348 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
2011/05/10 12:10:11.0371 5348 iaStor (be7d72fcf442c26975942007e0831241) C:\Windows\system32\drivers\iaStor.sys
2011/05/10 12:10:11.0527 5348 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
2011/05/10 12:10:11.0714 5348 IDSVia64 (5b6fde76d72c2a1f0f99cbe5277e82ec) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20101012.001\IDSvia64.sys
2011/05/10 12:10:11.0808 5348 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
2011/05/10 12:10:11.0886 5348 Impcd (4ff8a2082d78255d2eb169f986bcc981) C:\Windows\system32\DRIVERS\Impcd.sys
2011/05/10 12:10:12.0042 5348 IntcAzAudAddService (59b0bba422f04467e8c89b7ce6ae95e1) C:\Windows\system32\drivers\RTKVHD64.sys
2011/05/10 12:10:12.0151 5348 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
2011/05/10 12:10:12.0214 5348 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\drivers\intelppm.sys
2011/05/10 12:10:12.0260 5348 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/05/10 12:10:12.0307 5348 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\drivers\IPMIDrv.sys
2011/05/10 12:10:12.0416 5348 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/05/10 12:10:12.0479 5348 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/05/10 12:10:12.0541 5348 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
2011/05/10 12:10:12.0588 5348 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\drivers\msiscsi.sys
2011/05/10 12:10:12.0666 5348 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
2011/05/10 12:10:12.0713 5348 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\drivers\kbdhid.sys
2011/05/10 12:10:12.0853 5348 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
2011/05/10 12:10:12.0931 5348 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
2011/05/10 12:10:12.0978 5348 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/05/10 12:10:13.0103 5348 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/05/10 12:10:13.0181 5348 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
2011/05/10 12:10:13.0228 5348 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
2011/05/10 12:10:13.0274 5348 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
2011/05/10 12:10:13.0321 5348 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
2011/05/10 12:10:13.0384 5348 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/05/10 12:10:13.0462 5348 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
2011/05/10 12:10:13.0508 5348 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
2011/05/10 12:10:13.0633 5348 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/05/10 12:10:13.0680 5348 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/05/10 12:10:13.0758 5348 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2011/05/10 12:10:13.0820 5348 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/05/10 12:10:13.0867 5348 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
2011/05/10 12:10:13.0914 5348 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\drivers\mpio.sys
2011/05/10 12:10:13.0945 5348 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/05/10 12:10:13.0992 5348 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
2011/05/10 12:10:14.0054 5348 mrxsmb (b7f3d2c40bdf8ffb73ebfb19c77734e2) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/05/10 12:10:14.0086 5348 mrxsmb10 (86c6f88b5168ce21cf8d69d0b3ff5d19) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/05/10 12:10:14.0117 5348 mrxsmb20 (b081069251c8e9f42cb8769d07148f9c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/05/10 12:10:14.0179 5348 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\drivers\msahci.sys
2011/05/10 12:10:14.0226 5348 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\drivers\msdsm.sys
2011/05/10 12:10:14.0320 5348 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/05/10 12:10:14.0351 5348 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/05/10 12:10:14.0366 5348 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
2011/05/10 12:10:14.0444 5348 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/05/10 12:10:14.0507 5348 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/05/10 12:10:14.0569 5348 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/05/10 12:10:14.0616 5348 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
2011/05/10 12:10:14.0678 5348 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
2011/05/10 12:10:14.0741 5348 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/05/10 12:10:14.0772 5348 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
2011/05/10 12:10:14.0819 5348 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/05/10 12:10:14.0897 5348 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/05/10 12:10:15.0068 5348 NAVENG (956f589c6a7dde71dc6b03be633ebf23) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20101013.002\ENG64.SYS
2011/05/10 12:10:15.0162 5348 NAVEX15 (ee7a0e2478e7cd1a199d1b82e3a69b3e) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20101013.002\EX64.SYS
2011/05/10 12:10:15.0302 5348 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
2011/05/10 12:10:15.0365 5348 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/05/10 12:10:15.0427 5348 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/05/10 12:10:15.0505 5348 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/05/10 12:10:15.0568 5348 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/05/10 12:10:15.0614 5348 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
2011/05/10 12:10:15.0677 5348 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/05/10 12:10:15.0724 5348 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
2011/05/10 12:10:15.0848 5348 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
2011/05/10 12:10:15.0958 5348 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/05/10 12:10:16.0020 5348 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/05/10 12:10:16.0098 5348 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
2011/05/10 12:10:16.0254 5348 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/05/10 12:10:16.0301 5348 NVHDA (ad37248bd442d41c9a896e53eb8a85ee) C:\Windows\system32\drivers\nvhda64v.sys
2011/05/10 12:10:16.0566 5348 nvlddmkm (9d1b69708732b57d1dbc0f648692a04b) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/05/10 12:10:16.0894 5348 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
2011/05/10 12:10:16.0956 5348 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
2011/05/10 12:10:17.0065 5348 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
2011/05/10 12:10:17.0128 5348 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
2011/05/10 12:10:17.0206 5348 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
2011/05/10 12:10:17.0252 5348 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
2011/05/10 12:10:17.0299 5348 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\drivers\pci.sys
2011/05/10 12:10:17.0330 5348 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
2011/05/10 12:10:17.0377 5348 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
2011/05/10 12:10:17.0424 5348 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/05/10 12:10:17.0471 5348 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/05/10 12:10:17.0658 5348 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
2011/05/10 12:10:17.0705 5348 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
2011/05/10 12:10:17.0767 5348 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
2011/05/10 12:10:17.0814 5348 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
2011/05/10 12:10:17.0908 5348 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
2011/05/10 12:10:18.0001 5348 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
2011/05/10 12:10:18.0064 5348 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/05/10 12:10:18.0110 5348 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/05/10 12:10:18.0188 5348 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/05/10 12:10:18.0266 5348 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/05/10 12:10:18.0313 5348 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/05/10 12:10:18.0344 5348 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/05/10 12:10:18.0391 5348 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
2011/05/10 12:10:18.0438 5348 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
2011/05/10 12:10:18.0500 5348 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/05/10 12:10:18.0532 5348 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/05/10 12:10:18.0641 5348 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/05/10 12:10:18.0688 5348 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
2011/05/10 12:10:18.0734 5348 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
2011/05/10 12:10:18.0828 5348 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
2011/05/10 12:10:18.0890 5348 rimspci (5ca4abd888b602551b59baa26941c167) C:\Windows\system32\drivers\rimssne64.sys
2011/05/10 12:10:18.0937 5348 risdsnpe (bb6e138aeb351728959da5e2731d8140) C:\Windows\system32\drivers\risdsne64.sys
2011/05/10 12:10:19.0062 5348 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/05/10 12:10:19.0124 5348 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\drivers\sbp2port.sys
2011/05/10 12:10:19.0187 5348 SCDEmu (07237c66e05da6778e9f3cb67fa00736) C:\Windows\system32\drivers\SCDEmu.sys
2011/05/10 12:10:19.0249 5348 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
2011/05/10 12:10:19.0280 5348 sdbus (54e47ad086782d3ae9417c155cdceb9b) C:\Windows\system32\DRIVERS\sdbus.sys
2011/05/10 12:10:19.0343 5348 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/05/10 12:10:19.0452 5348 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
2011/05/10 12:10:19.0499 5348 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
2011/05/10 12:10:19.0546 5348 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
2011/05/10 12:10:19.0655 5348 SFEP (70f9c476b62de4f2823e918a6c181ade) C:\Windows\system32\drivers\SFEP.sys
2011/05/10 12:10:19.0702 5348 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
2011/05/10 12:10:19.0748 5348 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
2011/05/10 12:10:19.0780 5348 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\drivers\sffp_sd.sys
2011/05/10 12:10:19.0826 5348 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
2011/05/10 12:10:19.0951 5348 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
2011/05/10 12:10:19.0998 5348 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
2011/05/10 12:10:20.0060 5348 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/05/10 12:10:20.0154 5348 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/05/10 12:10:20.0279 5348 SRTSP (96babc4906ecdb1c69d1176f8647ad8e) C:\Windows\System32\Drivers\NISx64\1108000.005\SRTSP64.SYS
2011/05/10 12:10:20.0435 5348 SRTSPX (c7f491a290e0e4222f5cdcd50eeb8167) C:\Windows\system32\drivers\NISx64\1108000.005\SRTSPX64.SYS
2011/05/10 12:10:20.0513 5348 srv (148d50904d2a0df29a19778715eb35bb) C:\Windows\system32\DRIVERS\srv.sys
2011/05/10 12:10:20.0606 5348 srv2 (ce2189fe31d36678ac9eb7ddee08ec96) C:\Windows\system32\DRIVERS\srv2.sys
2011/05/10 12:10:20.0684 5348 srvnet (cb69edeb069a49577592835659cd0e46) C:\Windows\system32\DRIVERS\srvnet.sys
2011/05/10 12:10:20.0762 5348 sscebus (f74634f46692c8315e7f37f698af3225) C:\Windows\system32\DRIVERS\sscebus.sys
2011/05/10 12:10:20.0840 5348 sscemdfl (82732b391efd69b0548044be9cb37bfc) C:\Windows\system32\DRIVERS\sscemdfl.sys
2011/05/10 12:10:20.0903 5348 sscemdm (43d56ace4469d90f9790e8352d87d9b5) C:\Windows\system32\DRIVERS\sscemdm.sys
2011/05/10 12:10:20.0981 5348 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
2011/05/10 12:10:21.0043 5348 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
2011/05/10 12:10:21.0199 5348 SymDS (659b227a72b76115975a6a9491b2fe1f) C:\Windows\system32\drivers\NISx64\1108000.005\SYMDS64.SYS
2011/05/10 12:10:21.0340 5348 SymEFA (42c952d131eff724a9959bb6d78c1b63) C:\Windows\system32\drivers\NISx64\1108000.005\SYMEFA64.SYS
2011/05/10 12:10:21.0449 5348 SymEvent (3f9d5fe52585e2653e59fdbfdf09a94c) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2011/05/10 12:10:21.0574 5348 SymIRON (f57588546e738db1583981d8f44e9bc2) C:\Windows\system32\drivers\NISx64\1108000.005\Ironx64.SYS
2011/05/10 12:10:21.0636 5348 SYMTDIv (8abb6e5b7d75cd3f0a988695d0d9186a) C:\Windows\System32\Drivers\NISx64\1108000.005\SYMTDIV.SYS
2011/05/10 12:10:21.0776 5348 SynTP (8f63178d1db81bb79270ae55ecdd8321) C:\Windows\system32\drivers\SynTP.sys
2011/05/10 12:10:21.0901 5348 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys
2011/05/10 12:10:22.0057 5348 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys
2011/05/10 12:10:22.0135 5348 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
2011/05/10 12:10:22.0182 5348 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/05/10 12:10:22.0244 5348 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/05/10 12:10:22.0307 5348 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
2011/05/10 12:10:22.0369 5348 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\drivers\termdd.sys
2011/05/10 12:10:22.0432 5348 TFsExDisk (ce4b6956e4e12492715a53076e58761f) C:\Windows\System32\Drivers\TFsExDisk.sys
2011/05/10 12:10:22.0510 5348 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/05/10 12:10:22.0556 5348 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
2011/05/10 12:10:22.0603 5348 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
2011/05/10 12:10:22.0650 5348 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
2011/05/10 12:10:22.0712 5348 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
2011/05/10 12:10:22.0822 5348 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
2011/05/10 12:10:22.0868 5348 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
2011/05/10 12:10:22.0946 5348 USBAAPL64 (54d4b48d443e7228bf64cf7cdc3118ac) C:\Windows\system32\Drivers\usbaapl64.sys
2011/05/10 12:10:23.0009 5348 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/05/10 12:10:23.0056 5348 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
2011/05/10 12:10:23.0102 5348 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\drivers\usbehci.sys
2011/05/10 12:10:23.0149 5348 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\drivers\usbhub.sys
2011/05/10 12:10:23.0180 5348 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\drivers\usbohci.sys
2011/05/10 12:10:23.0227 5348 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
2011/05/10 12:10:23.0274 5348 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/05/10 12:10:23.0321 5348 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\drivers\usbuhci.sys
2011/05/10 12:10:23.0368 5348 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
2011/05/10 12:10:23.0524 5348 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
2011/05/10 12:10:23.0586 5348 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/05/10 12:10:23.0617 5348 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/05/10 12:10:23.0664 5348 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\drivers\vhdmp.sys
2011/05/10 12:10:23.0726 5348 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
2011/05/10 12:10:23.0773 5348 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\drivers\volmgr.sys
2011/05/10 12:10:23.0836 5348 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
2011/05/10 12:10:23.0898 5348 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\drivers\volsnap.sys
2011/05/10 12:10:23.0945 5348 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
2011/05/10 12:10:24.0007 5348 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/05/10 12:10:24.0085 5348 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/05/10 12:10:24.0148 5348 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
2011/05/10 12:10:24.0194 5348 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/10 12:10:24.0241 5348 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/10 12:10:24.0335 5348 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
2011/05/10 12:10:24.0397 5348 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/05/10 12:10:24.0522 5348 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/05/10 12:10:24.0584 5348 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/05/10 12:10:24.0678 5348 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/05/10 12:10:24.0756 5348 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
2011/05/10 12:10:24.0818 5348 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/05/10 12:10:24.0865 5348 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
2011/05/10 12:10:24.0912 5348 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/05/10 12:10:24.0974 5348 yukonw7 (64f88af327aa74e03658ae32b48ccb8b) C:\Windows\system32\DRIVERS\yk62x64.sys
2011/05/10 12:10:25.0037 5348 ================================================================================
2011/05/10 12:10:25.0037 5348 Scan finished
2011/05/10 12:10:25.0037 5348 ================================================================================
2011/05/10 12:12:24.0744 5216 ================================================================================
2011/05/10 12:12:24.0744 5216 Scan started
2011/05/10 12:12:24.0744 5216 Mode: Manual;
2011/05/10 12:12:24.0744 5216 ================================================================================
2011/05/10 12:12:25.0040 5216 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\drivers\1394ohci.sys
2011/05/10 12:12:25.0118 5216 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\drivers\ACPI.sys
2011/05/10 12:12:25.0165 5216 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\drivers\acpipmi.sys
2011/05/10 12:12:25.0212 5216 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
2011/05/10 12:12:25.0274 5216 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
2011/05/10 12:12:25.0321 5216 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
2011/05/10 12:12:25.0368 5216 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
2011/05/10 12:12:25.0415 5216 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
2011/05/10 12:12:25.0461 5216 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
2011/05/10 12:12:25.0477 5216 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
2011/05/10 12:12:25.0524 5216 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
2011/05/10 12:12:25.0555 5216 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
2011/05/10 12:12:25.0602 5216 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
2011/05/10 12:12:25.0649 5216 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
2011/05/10 12:12:25.0680 5216 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
2011/05/10 12:12:25.0727 5216 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
2011/05/10 12:12:25.0789 5216 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
2011/05/10 12:12:25.0836 5216 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
2011/05/10 12:12:25.0867 5216 ArcSoftKsUFilter (c130bc4a51b1382b2be8e44579ec4c0a) C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys
2011/05/10 12:12:25.0914 5216 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/05/10 12:12:25.0945 5216 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
2011/05/10 12:12:26.0007 5216 athr (0acc06fcf46f64ed4f11e57ee461c1f4) C:\Windows\system32\DRIVERS\athrx.sys
2011/05/10 12:12:26.0085 5216 avgntflt (39c2e2870fc0c2ae0595b883cbe716b4) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/05/10 12:12:26.0117 5216 avipbb (c98fa6e5ad0e857d22716bd2b8b1f399) C:\Windows\system32\DRIVERS\avipbb.sys
2011/05/10 12:12:26.0163 5216 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
2011/05/10 12:12:26.0210 5216 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/05/10 12:12:26.0241 5216 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/05/10 12:12:26.0413 5216 BHDrvx64 (ddae7b27bdbb3da1276784753138b9c2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20101001.001\BHDrvx64.sys
2011/05/10 12:12:26.0538 5216 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
2011/05/10 12:12:26.0616 5216 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
2011/05/10 12:12:26.0647 5216 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
2011/05/10 12:12:26.0678 5216 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
2011/05/10 12:12:26.0741 5216 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/05/10 12:12:26.0772 5216 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/05/10 12:12:26.0819 5216 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/05/10 12:12:26.0865 5216 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/05/10 12:12:26.0897 5216 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\DRIVERS\BthEnum.sys
2011/05/10 12:12:26.0928 5216 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
2011/05/10 12:12:26.0959 5216 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
2011/05/10 12:12:27.0006 5216 BTHPORT (a51fa9d0e85d5adabef72e67f386309c) C:\Windows\system32\Drivers\BTHport.sys
2011/05/10 12:12:27.0037 5216 BTHUSB (f740b9a16b2c06700f2130e19986bf3b) C:\Windows\system32\Drivers\BTHUSB.sys
2011/05/10 12:12:27.0084 5216 btusbflt (6e04458e98daf28826482e41a7a62df5) C:\Windows\system32\drivers\btusbflt.sys
2011/05/10 12:12:27.0131 5216 btwaudio (4bdbdb86abba924e029fb2683be7c505) C:\Windows\system32\drivers\btwaudio.sys
2011/05/10 12:12:27.0162 5216 btwavdt (5c849bd7c78791c5cee9f4651d7fe38d) C:\Windows\system32\DRIVERS\btwavdt.sys
2011/05/10 12:12:27.0193 5216 btwl2cap (6149301dc3f81d6f9667a3fbac410975) C:\Windows\system32\DRIVERS\btwl2cap.sys
2011/05/10 12:12:27.0240 5216 btwrchid (3e1991afa851a36dc978b0a1b0535c8b) C:\Windows\system32\DRIVERS\btwrchid.sys
2011/05/10 12:12:27.0349 5216 ccHP (da66e851e76766d2c84502fe682ab175) C:\Windows\system32\drivers\NISx64\1108000.005\ccHPx64.sys
2011/05/10 12:12:27.0396 5216 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/05/10 12:12:27.0458 5216 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
2011/05/10 12:12:27.0505 5216 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
2011/05/10 12:12:27.0552 5216 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/05/10 12:12:27.0645 5216 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
2011/05/10 12:12:27.0708 5216 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
2011/05/10 12:12:27.0755 5216 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
2011/05/10 12:12:27.0801 5216 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
2011/05/10 12:12:27.0833 5216 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\drivers\CompositeBus.sys
2011/05/10 12:12:27.0879 5216 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
2011/05/10 12:12:27.0942 5216 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
2011/05/10 12:12:27.0989 5216 dgderdrv (867fa8b9e9e3078f68c4089904bbf4b0) C:\Windows\system32\drivers\dgderdrv.sys
2011/05/10 12:12:28.0035 5216 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/05/10 12:12:28.0067 5216 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
2011/05/10 12:12:28.0129 5216 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/05/10 12:12:28.0207 5216 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
2011/05/10 12:12:28.0316 5216 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
2011/05/10 12:12:28.0394 5216 eeCtrl (066108ae4c35835081598827a1a7d08d) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
2011/05/10 12:12:28.0519 5216 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
2011/05/10 12:12:28.0581 5216 EraserUtilRebootDrv (12866876e3851f1e5d462b2a83e25578) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2011/05/10 12:12:28.0659 5216 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
2011/05/10 12:12:28.0722 5216 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/05/10 12:12:28.0769 5216 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/05/10 12:12:28.0815 5216 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
2011/05/10 12:12:28.0847 5216 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/05/10 12:12:28.0893 5216 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/05/10 12:12:28.0909 5216 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
2011/05/10 12:12:28.0956 5216 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
2011/05/10 12:12:28.0987 5216 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/05/10 12:12:29.0018 5216 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/05/10 12:12:29.0081 5216 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
2011/05/10 12:12:29.0127 5216 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
2011/05/10 12:12:29.0205 5216 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/05/10 12:12:29.0283 5216 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/05/10 12:12:29.0315 5216 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
2011/05/10 12:12:29.0346 5216 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\drivers\HDAudBus.sys
2011/05/10 12:12:29.0393 5216 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
2011/05/10 12:12:29.0439 5216 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
2011/05/10 12:12:29.0471 5216 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
2011/05/10 12:12:29.0517 5216 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
2011/05/10 12:12:29.0580 5216 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\drivers\HpSAMD.sys
2011/05/10 12:12:29.0642 5216 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
2011/05/10 12:12:29.0673 5216 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
2011/05/10 12:12:29.0705 5216 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
2011/05/10 12:12:29.0767 5216 iaStor (be7d72fcf442c26975942007e0831241) C:\Windows\system32\drivers\iaStor.sys
2011/05/10 12:12:29.0829 5216 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
2011/05/10 12:12:29.0985 5216 IDSVia64 (5b6fde76d72c2a1f0f99cbe5277e82ec) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20101012.001\IDSvia64.sys
2011/05/10 12:12:30.0063 5216 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
2011/05/10 12:12:30.0110 5216 Impcd (4ff8a2082d78255d2eb169f986bcc981) C:\Windows\system32\DRIVERS\Impcd.sys
2011/05/10 12:12:30.0219 5216 IntcAzAudAddService (59b0bba422f04467e8c89b7ce6ae95e1) C:\Windows\system32\drivers\RTKVHD64.sys
2011/05/10 12:12:30.0266 5216 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
2011/05/10 12:12:30.0297 5216 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\drivers\intelppm.sys
2011/05/10 12:12:30.0344 5216 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/05/10 12:12:30.0391 5216 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\drivers\IPMIDrv.sys
2011/05/10 12:12:30.0422 5216 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/05/10 12:12:30.0500 5216 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/05/10 12:12:30.0531 5216 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
2011/05/10 12:12:30.0578 5216 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\drivers\msiscsi.sys
2011/05/10 12:12:30.0625 5216 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
2011/05/10 12:12:30.0656 5216 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\drivers\kbdhid.sys
2011/05/10 12:12:30.0703 5216 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
2011/05/10 12:12:30.0765 5216 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
2011/05/10 12:12:30.0797 5216 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/05/10 12:12:30.0843 5216 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/05/10 12:12:30.0890 5216 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
2011/05/10 12:12:30.0921 5216 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
2011/05/10 12:12:30.0968 5216 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
2011/05/10 12:12:31.0015 5216 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
2011/05/10 12:12:31.0062 5216 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/05/10 12:12:31.0093 5216 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
2011/05/10 12:12:31.0140 5216 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
2011/05/10 12:12:31.0187 5216 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/05/10 12:12:31.0218 5216 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/05/10 12:12:31.0249 5216 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2011/05/10 12:12:31.0296 5216 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/05/10 12:12:31.0327 5216 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
2011/05/10 12:12:31.0358 5216 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\drivers\mpio.sys
2011/05/10 12:12:31.0389 5216 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/05/10 12:12:31.0421 5216 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
2011/05/10 12:12:31.0483 5216 mrxsmb (b7f3d2c40bdf8ffb73ebfb19c77734e2) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/05/10 12:12:31.0530 5216 mrxsmb10 (86c6f88b5168ce21cf8d69d0b3ff5d19) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/05/10 12:12:31.0561 5216 mrxsmb20 (b081069251c8e9f42cb8769d07148f9c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/05/10 12:12:31.0592 5216 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\drivers\msahci.sys
2011/05/10 12:12:31.0639 5216 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\drivers\msdsm.sys
2011/05/10 12:12:31.0686 5216 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/05/10 12:12:31.0717 5216 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/05/10 12:12:31.0748 5216 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
2011/05/10 12:12:31.0795 5216 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/05/10 12:12:31.0826 5216 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/05/10 12:12:31.0857 5216 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/05/10 12:12:31.0889 5216 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
2011/05/10 12:12:31.0935 5216 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
2011/05/10 12:12:31.0982 5216 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/05/10 12:12:32.0013 5216 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
2011/05/10 12:12:32.0045 5216 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/05/10 12:12:32.0107 5216 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/05/10 12:12:32.0232 5216 NAVENG (956f589c6a7dde71dc6b03be633ebf23) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20101013.002\ENG64.SYS
2011/05/10 12:12:32.0341 5216 NAVEX15 (ee7a0e2478e7cd1a199d1b82e3a69b3e) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20101013.002\EX64.SYS
2011/05/10 12:12:32.0450 5216 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
2011/05/10 12:12:32.0497 5216 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/05/10 12:12:32.0528 5216 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/05/10 12:12:32.0544 5216 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/05/10 12:12:32.0575 5216 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/05/10 12:12:32.0606 5216 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
2011/05/10 12:12:32.0637 5216 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/05/10 12:12:32.0684 5216 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
2011/05/10 12:12:32.0747 5216 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
2011/05/10 12:12:32.0793 5216 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/05/10 12:12:32.0825 5216 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/05/10 12:12:32.0918 5216 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
2011/05/10 12:12:32.0965 5216 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/05/10 12:12:33.0012 5216 NVHDA (ad37248bd442d41c9a896e53eb8a85ee) C:\Windows\system32\drivers\nvhda64v.sys
2011/05/10 12:12:33.0261 5216 nvlddmkm (9d1b69708732b57d1dbc0f648692a04b) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/05/10 12:12:33.0371 5216 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
2011/05/10 12:12:33.0402 5216 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
2011/05/10 12:12:33.0449 5216 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
2011/05/10 12:12:33.0480 5216 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
2011/05/10 12:12:33.0542 5216 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
2011/05/10 12:12:33.0573 5216 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
2011/05/10 12:12:33.0667 5216 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\drivers\pci.sys
2011/05/10 12:12:33.0714 5216 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
2011/05/10 12:12:33.0745 5216 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
2011/05/10 12:12:33.0792 5216 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/05/10 12:12:33.0839 5216 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/05/10 12:12:33.0917 5216 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
2011/05/10 12:12:33.0948 5216 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
2011/05/10 12:12:33.0995 5216 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
2011/05/10 12:12:34.0026 5216 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
2011/05/10 12:12:34.0104 5216 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
2011/05/10 12:12:34.0151 5216 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
2011/05/10 12:12:34.0197 5216 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/05/10 12:12:34.0244 5216 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/05/10 12:12:34.0275 5216 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/05/10 12:12:34.0385 5216 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/05/10 12:12:34.0431 5216 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/05/10 12:12:34.0447 5216 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/05/10 12:12:34.0478 5216 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
2011/05/10 12:12:34.0525 5216 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
2011/05/10 12:12:34.0572 5216 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/05/10 12:12:34.0603 5216 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/05/10 12:12:34.0634 5216 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/05/10 12:12:34.0665 5216 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
2011/05/10 12:12:34.0697 5216 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
2011/05/10 12:12:34.0743 5216 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
2011/05/10 12:12:34.0775 5216 rimspci (5ca4abd888b602551b59baa26941c167) C:\Windows\system32\drivers\rimssne64.sys
2011/05/10 12:12:34.0821 5216 risdsnpe (bb6e138aeb351728959da5e2731d8140) C:\Windows\system32\drivers\risdsne64.sys
2011/05/10 12:12:34.0884 5216 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/05/10 12:12:34.0931 5216 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\drivers\sbp2port.sys
2011/05/10 12:12:34.0993 5216 SCDEmu (07237c66e05da6778e9f3cb67fa00736) C:\Windows\system32\drivers\SCDEmu.sys
2011/05/10 12:12:35.0040 5216 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
2011/05/10 12:12:35.0071 5216 sdbus (54e47ad086782d3ae9417c155cdceb9b) C:\Windows\system32\DRIVERS\sdbus.sys
2011/05/10 12:12:35.0118 5216 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/05/10 12:12:35.0149 5216 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
2011/05/10 12:12:35.0180 5216 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
2011/05/10 12:12:35.0274 5216 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
2011/05/10 12:12:35.0352 5216 SFEP (70f9c476b62de4f2823e918a6c181ade) C:\Windows\system32\drivers\SFEP.sys
2011/05/10 12:12:35.0399 5216 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
2011/05/10 12:12:35.0430 5216 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
2011/05/10 12:12:35.0477 5216 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\drivers\sffp_sd.sys
2011/05/10 12:12:35.0508 5216 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
2011/05/10 12:12:35.0586 5216 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
2011/05/10 12:12:35.0664 5216 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
2011/05/10 12:12:35.0711 5216 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/05/10 12:12:35.0773 5216 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/05/10 12:12:35.0882 5216 SRTSP (96babc4906ecdb1c69d1176f8647ad8e) C:\Windows\System32\Drivers\NISx64\1108000.005\SRTSP64.SYS
2011/05/10 12:12:35.0945 5216 SRTSPX (c7f491a290e0e4222f5cdcd50eeb8167) C:\Windows\system32\drivers\NISx64\1108000.005\SRTSPX64.SYS
2011/05/10 12:12:36.0007 5216 srv (148d50904d2a0df29a19778715eb35bb) C:\Windows\system32\DRIVERS\srv.sys
2011/05/10 12:12:36.0069 5216 srv2 (ce2189fe31d36678ac9eb7ddee08ec96) C:\Windows\system32\DRIVERS\srv2.sys
2011/05/10 12:12:36.0116 5216 srvnet (cb69edeb069a49577592835659cd0e46) C:\Windows\system32\DRIVERS\srvnet.sys
2011/05/10 12:12:36.0179 5216 sscebus (f74634f46692c8315e7f37f698af3225) C:\Windows\system32\DRIVERS\sscebus.sys
2011/05/10 12:12:36.0210 5216 sscemdfl (82732b391efd69b0548044be9cb37bfc) C:\Windows\system32\DRIVERS\sscemdfl.sys
2011/05/10 12:12:36.0241 5216 sscemdm (43d56ace4469d90f9790e8352d87d9b5) C:\Windows\system32\DRIVERS\sscemdm.sys
2011/05/10 12:12:36.0303 5216 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
2011/05/10 12:12:36.0335 5216 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
2011/05/10 12:12:36.0444 5216 SymDS (659b227a72b76115975a6a9491b2fe1f) C:\Windows\system32\drivers\NISx64\1108000.005\SYMDS64.SYS
2011/05/10 12:12:36.0522 5216 SymEFA (42c952d131eff724a9959bb6d78c1b63) C:\Windows\system32\drivers\NISx64\1108000.005\SYMEFA64.SYS
2011/05/10 12:12:36.0569 5216 SymEvent (3f9d5fe52585e2653e59fdbfdf09a94c) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2011/05/10 12:12:36.0678 5216 SymIRON (f57588546e738db1583981d8f44e9bc2) C:\Windows\system32\drivers\NISx64\1108000.005\Ironx64.SYS
2011/05/10 12:12:36.0756 5216 SYMTDIv (8abb6e5b7d75cd3f0a988695d0d9186a) C:\Windows\System32\Drivers\NISx64\1108000.005\SYMTDIV.SYS
2011/05/10 12:12:36.0818 5216 SynTP (8f63178d1db81bb79270ae55ecdd8321) C:\Windows\system32\drivers\SynTP.sys
2011/05/10 12:12:36.0943 5216 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys
2011/05/10 12:12:37.0021 5216 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys
2011/05/10 12:12:37.0068 5216 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
2011/05/10 12:12:37.0099 5216 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/05/10 12:12:37.0115 5216 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/05/10 12:12:37.0177 5216 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
2011/05/10 12:12:37.0208 5216 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\drivers\termdd.sys
2011/05/10 12:12:37.0255 5216 TFsExDisk (ce4b6956e4e12492715a53076e58761f) C:\Windows\System32\Drivers\TFsExDisk.sys
2011/05/10 12:12:37.0317 5216 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/05/10 12:12:37.0349 5216 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
2011/05/10 12:12:37.0395 5216 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
2011/05/10 12:12:37.0505 5216 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
2011/05/10 12:12:37.0551 5216 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
2011/05/10 12:12:37.0583 5216 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
2011/05/10 12:12:37.0629 5216 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
2011/05/10 12:12:37.0676 5216 USBAAPL64 (54d4b48d443e7228bf64cf7cdc3118ac) C:\Windows\system32\Drivers\usbaapl64.sys
2011/05/10 12:12:37.0723 5216 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/05/10 12:12:37.0801 5216 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
2011/05/10 12:12:37.0895 5216 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\drivers\usbehci.sys
2011/05/10 12:12:37.0957 5216 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\drivers\usbhub.sys
2011/05/10 12:12:37.0988 5216 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\drivers\usbohci.sys
2011/05/10 12:12:38.0019 5216 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
2011/05/10 12:12:38.0082 5216 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/05/10 12:12:38.0113 5216 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\drivers\usbuhci.sys
2011/05/10 12:12:38.0160 5216 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
2011/05/10 12:12:38.0238 5216 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
2011/05/10 12:12:38.0285 5216 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/05/10 12:12:38.0316 5216 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/05/10 12:12:38.0347 5216 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\drivers\vhdmp.sys
2011/05/10 12:12:38.0378 5216 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
2011/05/10 12:12:38.0409 5216 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\drivers\volmgr.sys
2011/05/10 12:12:38.0441 5216 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
2011/05/10 12:12:38.0487 5216 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\drivers\volsnap.sys
2011/05/10 12:12:38.0581 5216 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
2011/05/10 12:12:38.0643 5216 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/05/10 12:12:38.0675 5216 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/05/10 12:12:38.0721 5216 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
2011/05/10 12:12:38.0753 5216 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/10 12:12:38.0768 5216 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/10 12:12:38.0815 5216 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
2011/05/10 12:12:38.0862 5216 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/05/10 12:12:38.0924 5216 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/05/10 12:12:38.0955 5216 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/05/10 12:12:39.0033 5216 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/05/10 12:12:39.0080 5216 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
2011/05/10 12:12:39.0143 5216 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/05/10 12:12:39.0189 5216 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
2011/05/10 12:12:39.0221 5216 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/05/10 12:12:39.0267 5216 yukonw7 (64f88af327aa74e03658ae32b48ccb8b) C:\Windows\system32\DRIVERS\yk62x64.sys
2011/05/10 12:12:39.0314 5216 ================================================================================
2011/05/10 12:12:39.0314 5216 Scan finished
2011/05/10 12:12:39.0314 5216 ================================================================================
2011/05/10 12:13:17.0296 5460 Deinitialize success

cosinus 10.05.2011 12:07
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
http://saved.im/mtm0nzyzmzd5/cofi.jpg
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

squama 10.05.2011 17:40
Hallo Arne,

hab jetzt alles gemacht, hier ist der ComboFix-Log:


Combofix Logfile:
Code:
ComboFix 11-05-09.03 - Mila 10.05.2011  17:58:28.1.4 - x64
Microsoft Windows 7 Home Premium  6.1.7600.0.1252.49.1033.18.4014.2445 [GMT 2:00]
ausgeführt von:: c:\users\Mila\Desktop\cofi.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
AV: Norton Internet Security *Disabled/Outdated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Norton Internet Security *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Norton Internet Security *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Mila\AppData\Local\{35B5AB1F-1397-41A8-9987-7EDA02F90AD8}
c:\users\Mila\AppData\Local\{35B5AB1F-1397-41A8-9987-7EDA02F90AD8}\chrome.manifest
c:\users\Mila\AppData\Local\{35B5AB1F-1397-41A8-9987-7EDA02F90AD8}\chrome\content\_cfg.js
c:\users\Mila\AppData\Local\{35B5AB1F-1397-41A8-9987-7EDA02F90AD8}\chrome\content\overlay.xul
c:\users\Mila\AppData\Local\{35B5AB1F-1397-41A8-9987-7EDA02F90AD8}\install.rdf
c:\users\Mila\AppData\Roaming\Adobe\plugs
c:\users\Mila\AppData\Roaming\Adobe\plugs\mmc24797201.txt
c:\users\Mila\AppData\Roaming\Adobe\shed
c:\users\Mila\AppData\Roaming\Adobe\shed\thr1.chm
c:\users\Mila\AppData\Roaming\Local
c:\users\Mila\AppData\Roaming\Local\Temp\DDM\Settings\0.ddi
c:\users\Mila\AppData\Roaming\Local\Temp\DDM\Settings\1.ddi
c:\users\Mila\AppData\Roaming\Local\Temp\DDM\Settings\2.ddi
c:\users\Mila\AppData\Roaming\Local\Temp\DDM\Settings\3.ddi
c:\users\Mila\AppData\Roaming\Local\Temp\DDM\Settings\4.ddi
c:\users\Mila\AppData\Roaming\Local\Temp\DDM\Settings\5.ddi
c:\users\Mila\AppData\Roaming\Local\Temp\DDM\Settings\6.ddi
c:\users\Mila\AppData\Roaming\Local\Temp\DDM\Settings\7.ddi
c:\users\Mila\AppData\Roaming\Local\Temp\DDM\Settings\7f059e057f00f616288d70597afd6b57.avi.ddr
c:\users\Mila\AppData\Roaming\Local\Temp\DDM\Settings\8.ddi
c:\users\Mila\AppData\Roaming\Local\Temp\DDM\Settings\b9d574e9e8627aecc557fb6d4b0e6dad.avi.ddr
c:\users\Mila\AppData\Roaming\Local\Temp\DDM\Settings\FILE4B78B582DD941.ddr
c:\users\Mila\AppData\Roaming\Local\Temp\DDM\Settings\Inception_Trailer_592.divx.ddr
c:\users\Mila\AppData\Roaming\Local\Temp\DDM\Settings\Max.Payne.R5.Line.Dubbed.German.PROPER.intro.divx(2).ddr
c:\users\Mila\AppData\Roaming\Local\Temp\DDM\Settings\Max.Payne.R5.Line.Dubbed.German.PROPER.intro.divx.ddr
c:\users\Mila\AppData\Roaming\Local\Temp\DDM\Settings\Max.Payne.UNRATED.DVDRiP.LD.German.XViD.avi(2).ddr
c:\users\Mila\AppData\Roaming\Local\Temp\DDM\Settings\Max.Payne.UNRATED.DVDRiP.LD.German.XViD.avi(3).ddr
c:\users\Mila\AppData\Roaming\Local\Temp\DDM\Settings\Max.Payne.UNRATED.DVDRiP.LD.German.XViD.avi.ddr
c:\users\Mila\AppData\Roaming\Local\Temp\DDM\Settings\settings.ddi
c:\users\Mila\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\7f059e057f00f616288d70597afd6b57.avi.ddp
c:\users\Mila\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\b9d574e9e8627aecc557fb6d4b0e6dad.avi.ddp
c:\users\Mila\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\FILE4B78B582DD941.ddp
c:\users\Mila\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\Inception_Trailer_592.divx.ddp
c:\users\Mila\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\Max.Payne.R5.Line.Dubbed.German.PROPER.intro.divx(2).ddp
c:\users\Mila\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\Max.Payne.R5.Line.Dubbed.German.PROPER.intro.divx.ddp
c:\users\Mila\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\Max.Payne.UNRATED.DVDRiP.LD.German.XViD.avi
c:\users\Mila\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\Max.Payne.UNRATED.DVDRiP.LD.German.XViD.avi(2).ddp
c:\users\Mila\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\Max.Payne.UNRATED.DVDRiP.LD.German.XViD.avi.ddp
c:\windows\SysWow64\muzapp.exe
.
.
(((((((((((((((((((((((  Dateien erstellt von 2011-04-10 bis 2011-05-10  ))))))))))))))))))))))))))))))
.
.
2011-05-10 16:28 . 2011-05-10 16:28        --------        d-----w-        c:\users\Default\AppData\Local\temp
2011-05-10 15:42 . 2011-05-10 15:42        --------        d-----w-        c:\program files\CCleaner
2011-05-09 15:46 . 2011-05-09 15:46        --------        d-----w-        C:\_OTL
2011-05-09 15:39 . 2011-05-09 15:39        --------        d-----w-        c:\users\Mila\AppData\Roaming\Avira
2011-05-08 07:24 . 2011-05-08 07:24        --------        d-----w-        c:\users\Mila\AppData\Roaming\Malwarebytes
2011-05-08 07:24 . 2010-12-20 16:09        38224        ----a-w-        c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-05-08 07:24 . 2011-05-08 07:24        --------        d-----w-        c:\programdata\Malwarebytes
2011-05-08 07:24 . 2010-12-20 16:08        24152        ----a-w-        c:\windows\system32\drivers\mbam.sys
2011-05-08 07:24 . 2011-05-08 07:24        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware
2011-05-01 12:54 . 2011-04-18 17:25        253888        ----a-w-        c:\windows\system32\aswBoot.exe
2011-05-01 12:53 . 2011-05-09 14:27        --------        d-----w-        c:\programdata\AVAST Software
2011-05-01 12:53 . 2011-05-01 12:53        --------        d-----w-        c:\program files\AVAST Software
2011-05-01 12:36 . 2011-05-01 12:36        --------        d-----w-        c:\programdata\Avira
2011-05-01 12:36 . 2011-05-01 12:36        --------        d-----w-        c:\program files (x86)\Avira
2011-05-01 12:36 . 2011-04-01 15:07        83120        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2011-05-01 12:36 . 2011-04-01 15:07        116568        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2011-04-15 09:56 . 2011-02-24 06:30        476160        ----a-w-        c:\windows\system32\XpsGdiConverter.dll
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-04 06:17 . 2011-04-27 11:05        135168        ----a-w-        c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2011-03-04 06:17 . 2011-04-27 11:05        347648        ----a-w-        c:\windows\apppatch\AppPatch64\AcLayers.dll
2011-02-19 06:37 . 2011-03-09 09:16        1135104        ----a-w-        c:\windows\system32\FntCache.dll
2011-02-19 06:37 . 2011-03-09 09:16        1540608        ----a-w-        c:\windows\system32\DWrite.dll
2011-02-19 06:36 . 2011-03-09 09:16        902656        ----a-w-        c:\windows\system32\d2d1.dll
2011-02-19 05:32 . 2011-03-09 09:16        1074176        ----a-w-        c:\windows\SysWow64\DWrite.dll
2011-02-19 05:32 . 2011-03-09 09:16        739840        ----a-w-        c:\windows\SysWow64\d2d1.dll
2011-02-18 15:36 . 2011-02-18 15:36        51712        ----a-w-        c:\windows\system32\drivers\usbaapl64.sys
2011-02-18 15:36 . 2011-02-18 15:36        4184352        ----a-w-        c:\windows\system32\usbaaplrc.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-01-18 39408]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2010-09-02 13351304]
"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2010-06-30 3365176]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SmartWiHelper"="c:\program files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" [2009-10-05 80384]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2009-08-27 320880]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2009-10-24 597792]
"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2009-11-09 180224]
"Lingvo Launcher"="c:\program files (x86)\ABBYY Lingvo 11 Six Languages\Lvagent.exe" [2005-08-31 106496]
"LingvoTraining"="c:\program files (x86)\ABBYY Lingvo 11 Six Languages\Tutor.exe" [2005-08-31 1282048]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2010-12-09 1226608]
"DivX Download Manager"="c:\program files (x86)\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 63360]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-03-07 421160]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-03-28 281768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2009-12-01 00:20        98304        ----a-w-        c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-18 135664]
R2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-08-31 362992]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-18 135664]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 51456888]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-08-31 313840]
R3 SampleCollector;Intel(R) Sample Collector;c:\program files\Sony\VAIO Care\collsvc.exe [2009-09-17 167424]
R3 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2009-12-04 120104]
R3 SOHDBSvr;VAIO Media plus Database Manager;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [2009-12-04 70952]
R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2009-12-04 427304]
R3 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2009-12-04 75048]
R3 SOHPlMgr;VAIO Media plus Playlist Manager;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [2009-12-04 91432]
R3 sscebus;SAMSUNG USB Composite Device V2 driver (WDM);c:\windows\system32\DRIVERS\sscebus.sys [x]
R3 sscemdfl;SAMSUNG Mobile Modem V2 Filter;c:\windows\system32\DRIVERS\sscemdfl.sys [x]
R3 sscemdm;SAMSUNG Mobile Modem V2 Drivers;c:\windows\system32\DRIVERS\sscemdm.sys [x]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2010-05-25 16392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2009-09-16 480624]
R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2009-09-02 361840]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2009-09-08 110960]
R3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update 5\VUAgent.exe [2009-10-30 1165680]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1108000.005\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1108000.005\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20101001.001\BHDrvx64.sys [2010-09-01 954928]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NISx64\1108000.005\ccHPx64.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20101012.001\IDSvia64.sys [2010-09-15 476720]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1108000.005\Ironx64.SYS [x]
S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\NISx64\1108000.005\SYMTDIV.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-03-28 136360]
S2 dgdersvc;Device Error Recovery Service;c:\windows\system32\dgdersvc.exe [2010-05-25 119632]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe [2010-02-26 126392]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2009-10-24 360224]
S2 rimspci;rimspci;c:\windows\system32\drivers\rimssne64.sys [x]
S2 risdsnpe;risdsnpe;c:\windows\system32\drivers\risdsne64.sys [x]
S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960]
S2 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2009-09-14 642416]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [x]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [2010-05-25 20568]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-09-16 132656]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [x]
S3 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2009-12-01 571248]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2011-05-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-18 22:11]
.
2011-05-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-18 22:11]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-10-13 186904]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-11-02 16395880]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-12-03 8306208]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Translate with ABBYY &Lingvo - c:\program files (x86)\ABBYY Lingvo 11 Six Languages\Lingvo.exe/3000
TCP: {27560A3C-9583-49DB-A343-DD86CD43FD0C} = 213.191.92.86 62.109.123.7
FF - ProfilePath - c:\users\Mila\AppData\Roaming\Mozilla\Firefox\Profiles\0xxsjm2o.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Norton IPS: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn
FF - Ext: Norton Toolbar: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62} - c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn
FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files (x86)\DivX\DivX Plus Web Player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files (x86)\DivX\DivX Plus Web Player\firefox\wpa
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: uTorrentBar_DE Community Toolbar: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - %profile%\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{c840e246-6b95-475e-9bd7-caa1c7eca9f2} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\17.8.0.5\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\collsvc.exe\" \"/service\" \"/counter=\Processor(_Total)\% Processor Time:5\" \"/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:5\" \"/counter=\Network Interface(*)\Bytes Total/sec:5\" \"/directory=inteldata\""
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Sony\VAIO Event Service\VESMgr.exe
c:\program files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\windows\SysWOW64\DllHost.exe
c:\program files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
c:\program files (x86)\Sony\SmartWi Connection Utility\CCP.exe
c:\program files (x86)\Sony\SmartWi Connection Utility\ThirdPartyAppMgr.exe
c:\program files (x86)\Sony\SmartWi Connection Utility\PowerManager.exe
c:\program files (x86)\Sony\SmartWi Connection Utility\SmartWi.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-05-10  18:35:10 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2011-05-10 16:35
.
Vor Suchlauf: 359.640.285.184 bytes free
Nach Suchlauf: 359.332.810.752 bytes free
.
- - End Of File - - B5106158B5565BEB1EFFB747957D3485
--- --- ---

cosinus 10.05.2011 18:52
Zitat:
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Norton Internet Security *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
Hast du tatsächlich diese Scanner installiert? Zumidnest Norton IS muss weg!

squama 10.05.2011 20:44
Also den Windows Defender hab ich nicht installiert, aber Norton Internet Security und AntiVir. Hab jetzt Norton Internet Security entfernt. Was kommt als naechstes?

Gruss Mila

cosinus 10.05.2011 21:03
Bitte nun Logs mit GMER und mbrcheck erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg

Anleitung zu mbrcheck:
Downloade Dir MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur wenige Sekunden.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes

squama 10.05.2011 22:52
Hier ist erstmal der GMER-Log:



GMER Logfile:
Code:
GMER 1.0.15.15627 - hxxp://www.gmer.net
Rootkit scan 2011-05-10 23:39:21
Windows 6.1.7600 
Running: htrbvcxj.exe


---- Registry - GMER 1.0.15 ----

Reg  HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0c6076a2770e                     
Reg  HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0c6076ff58f7                     
Reg  HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\f07bcbbe5367                     
Reg  HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0c6076a2770e (not active ControlSet) 
Reg  HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0c6076ff58f7 (not active ControlSet) 
Reg  HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\f07bcbbe5367 (not active ControlSet) 

---- EOF - GMER 1.0.15 ----
--- --- ---

squama 10.05.2011 23:06
Und hier von MBRcheck:



MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: Sony Corporation
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: Sony Corporation
System Product Name: VPCCW21FD
Logical Drives Mask: 0x00000074

Kernel Drivers (total 193):
0x03009000 \SystemRoot\system32\ntoskrnl.exe
0x035E6000 \SystemRoot\system32\hal.dll
0x00BCD000 \SystemRoot\system32\kdcom.dll
0x00CD9000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00D1D000 \SystemRoot\system32\PSHED.dll
0x00D31000 \SystemRoot\system32\CLFS.SYS
0x00C00000 \SystemRoot\system32\CI.dll
0x00EF0000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00F94000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00FA3000 \SystemRoot\system32\drivers\ACPI.sys
0x00E00000 \SystemRoot\system32\drivers\WMILIB.SYS
0x00E09000 \SystemRoot\system32\drivers\msisadrv.sys
0x00E13000 \SystemRoot\system32\drivers\pci.sys
0x00E46000 \SystemRoot\system32\drivers\vdrvroot.sys
0x00E53000 \SystemRoot\System32\drivers\partmgr.sys
0x00E68000 \SystemRoot\system32\drivers\compbatt.sys
0x00E71000 \SystemRoot\system32\drivers\BATTC.SYS
0x00E7D000 \SystemRoot\system32\drivers\volmgr.sys
0x00E92000 \SystemRoot\System32\drivers\volmgrx.sys
0x00D8F000 \SystemRoot\System32\drivers\mountmgr.sys
0x010C5000 \SystemRoot\system32\drivers\iaStor.sys
0x011E1000 \SystemRoot\system32\drivers\amdxata.sys
0x01000000 \SystemRoot\system32\drivers\fltmgr.sys
0x0104C000 \SystemRoot\system32\drivers\fileinfo.sys
0x01060000 \SystemRoot\System32\Drivers\PxHlpa64.sys
0x0120C000 \SystemRoot\System32\Drivers\Ntfs.sys
0x0144E000 \SystemRoot\System32\Drivers\msrpc.sys
0x014AC000 \SystemRoot\System32\Drivers\ksecdd.sys
0x014C6000 \SystemRoot\System32\Drivers\cng.sys
0x01539000 \SystemRoot\System32\drivers\pcw.sys
0x0154A000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x016F4000 \SystemRoot\system32\drivers\ndis.sys
0x01600000 \SystemRoot\system32\drivers\NETIO.SYS
0x01660000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01802000 \SystemRoot\System32\drivers\tcpip.sys
0x0168B000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01554000 \SystemRoot\system32\drivers\volsnap.sys
0x016D5000 \SystemRoot\System32\Drivers\spldr.sys
0x015A0000 \SystemRoot\System32\drivers\rdyboost.sys
0x016DD000 \SystemRoot\System32\Drivers\mup.sys
0x017E6000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01400000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x015DA000 \SystemRoot\system32\drivers\disk.sys
0x013AE000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x02DC7000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x02DF1000 \SystemRoot\System32\Drivers\Null.SYS
0x02C00000 \SystemRoot\System32\Drivers\Beep.SYS
0x02C07000 \SystemRoot\System32\drivers\vga.sys
0x02C15000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x02C3A000 \SystemRoot\System32\drivers\watchdog.sys
0x02C4A000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x02C53000 \SystemRoot\system32\drivers\rdpencdd.sys
0x02C5C000 \SystemRoot\system32\drivers\rdprefmp.sys
0x02C65000 \SystemRoot\System32\Drivers\Msfs.SYS
0x02C70000 \SystemRoot\System32\Drivers\Npfs.SYS
0x013DE000 \SystemRoot\system32\DRIVERS\tdx.sys
0x02C81000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x03A31000 \SystemRoot\system32\drivers\afd.sys
0x03ABB000 \SystemRoot\System32\DRIVERS\netbt.sys
0x03B00000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x03B09000 \SystemRoot\system32\DRIVERS\pacer.sys
0x03B2F000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x03B45000 \SystemRoot\system32\DRIVERS\netbios.sys
0x03B54000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x03B6F000 \SystemRoot\system32\drivers\termdd.sys
0x03B83000 \SystemRoot\System32\Drivers\SCDEmu.SYS
0x03B9D000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x03BEE000 \SystemRoot\system32\drivers\nsiproxy.sys
0x03A00000 \SystemRoot\system32\drivers\mssmbios.sys
0x03A0B000 \SystemRoot\System32\drivers\discache.sys
0x0106D000 \SystemRoot\System32\Drivers\dfsc.sys
0x03A1A000 \SystemRoot\system32\drivers\blbdrive.sys
0x0108B000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x00DA9000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x0484C000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x05370000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x040AC000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x041A0000 \SystemRoot\System32\drivers\dxgmms1.sys
0x04000000 \SystemRoot\system32\drivers\HDAudBus.sys
0x04024000 \SystemRoot\system32\drivers\usbehci.sys
0x04035000 \SystemRoot\system32\drivers\USBPORT.SYS
0x04205000 \SystemRoot\system32\DRIVERS\athrx.sys
0x04382000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x0438F000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x043AF000 \SystemRoot\system32\drivers\rimssne64.sys
0x05372000 \SystemRoot\system32\drivers\1394ohci.sys
0x043CF000 \SystemRoot\system32\drivers\risdsne64.sys
0x0560A000 \SystemRoot\system32\DRIVERS\yk62x64.sys
0x0566F000 \SystemRoot\system32\drivers\i8042prt.sys
0x0568D000 \SystemRoot\system32\drivers\kbdclass.sys
0x0569C000 \SystemRoot\system32\drivers\SynTP.sys
0x056E9000 \SystemRoot\system32\drivers\USBD.SYS
0x056EB000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x056FA000 \SystemRoot\system32\drivers\SFEP.sys
0x056FD000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x0570A000 \SystemRoot\system32\drivers\wmiacpi.sys
0x05713000 \SystemRoot\system32\drivers\intelppm.sys
0x05729000 \SystemRoot\system32\drivers\CmBatt.sys
0x0572E000 \SystemRoot\system32\drivers\CompositeBus.sys
0x0573E000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x05754000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x05778000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x05784000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x057B3000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x057CE000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x0408B000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x057EF000 \SystemRoot\system32\drivers\swenum.sys
0x053B0000 \SystemRoot\system32\drivers\ks.sys
0x043E7000 \SystemRoot\system32\DRIVERS\umbus.sys
0x05C93000 \SystemRoot\system32\drivers\usbhub.sys
0x05CED000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x05D02000 \SystemRoot\system32\drivers\nvhda64v.sys
0x05D1A000 \SystemRoot\system32\drivers\portcls.sys
0x05D57000 \SystemRoot\system32\drivers\drmk.sys
0x05D79000 \SystemRoot\system32\drivers\ksthunk.sys
0x06402000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x05D7F000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x05D9C000 \SystemRoot\System32\Drivers\usbvideo.sys
0x065ED000 \SystemRoot\system32\DRIVERS\ArcSoftKsUFilter.sys
0x05DCA000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x05DD8000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x065F7000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x000D0000 \SystemRoot\System32\win32k.sys
0x05DF1000 \SystemRoot\System32\drivers\Dxapi.sys
0x05C00000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x05C0D000 \SystemRoot\System32\Drivers\crashdmp.sys
0x02C8E000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x05C1B000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x05C2E000 \SystemRoot\system32\DRIVERS\monitor.sys
0x005E0000 \SystemRoot\System32\TSDDD.dll
0x00620000 \SystemRoot\System32\cdd.dll
0x05C3C000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x05C59000 \SystemRoot\system32\drivers\luafv.sys
0x04800000 \SystemRoot\system32\drivers\WudfPf.sys
0x05C7C000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x03832000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x03885000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x03898000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x038B0000 \SystemRoot\system32\drivers\HTTP.sys
0x03978000 \SystemRoot\system32\DRIVERS\bowser.sys
0x03996000 \SystemRoot\System32\drivers\mpsdrv.sys
0x039AE000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x0626C000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x062BA000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x062DD000 \SystemRoot\system32\drivers\peauth.sys
0x06383000 \SystemRoot\System32\Drivers\secdrv.SYS
0x0638E000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x063BB000 \SystemRoot\System32\drivers\tcpipreg.sys
0x06200000 \SystemRoot\System32\DRIVERS\srv2.sys
0x06E0C000 \SystemRoot\System32\DRIVERS\srv.sys
0x06EA1000 \SystemRoot\System32\drivers\dgderdrv.sys
0x06EAB000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x06EDC000 \SystemRoot\system32\drivers\spsys.sys
0x77980000 \Windows\System32\ntdll.dll
0x48510000 \Windows\System32\smss.exe
0xFFCA0000 \Windows\System32\apisetschema.dll
0xFFAD0000 \Windows\System32\autochk.exe
0xFFB60000 \Windows\System32\wininet.dll
0x77B50000 \Windows\System32\normaliz.dll
0xFFAC0000 \Windows\System32\clbcatq.dll
0xFFA70000 \Windows\System32\Wldap32.dll
0xFFA60000 \Windows\System32\nsi.dll
0xFF850000 \Windows\System32\ole32.dll
0xFF770000 \Windows\System32\advapi32.dll
0xFF510000 \Windows\System32\iertutil.dll
0xFF490000 \Windows\System32\difxapi.dll
0xFF440000 \Windows\System32\ws2_32.dll
0xFF2C0000 \Windows\System32\urlmon.dll
0xFF190000 \Windows\System32\rpcrt4.dll
0xFEFB0000 \Windows\System32\setupapi.dll
0xFEED0000 \Windows\System32\oleaut32.dll
0xFEE50000 \Windows\System32\shlwapi.dll
0x77880000 \Windows\System32\user32.dll
0xFEE40000 \Windows\System32\lpk.dll
0xFEE20000 \Windows\System32\imagehlp.dll
0x77B40000 \Windows\System32\psapi.dll
0xFE090000 \Windows\System32\shell32.dll
0xFE060000 \Windows\System32\imm32.dll
0xFDFC0000 \Windows\System32\msvcrt.dll
0x77760000 \Windows\System32\kernel32.dll
0xFDF20000 \Windows\System32\comdlg32.dll
0xFDE10000 \Windows\System32\msctf.dll
0xFDD40000 \Windows\System32\usp10.dll
0xFDD20000 \Windows\System32\sechost.dll
0xFDCB0000 \Windows\System32\gdi32.dll
0xFDC90000 \Windows\System32\devobj.dll
0xFDC50000 \Windows\System32\cfgmgr32.dll
0xFDBB0000 \Windows\System32\comctl32.dll
0xFDB70000 \Windows\System32\wintrust.dll
0xFDB00000 \Windows\System32\KernelBase.dll
0xFD990000 \Windows\System32\crypt32.dll
0xFD980000 \Windows\System32\msasn1.dll
0x77B30000 \Windows\SysWOW64\normaliz.dll

Processes (total 80):
0 System Idle Process
4 System
404 C:\Windows\System32\smss.exe
596 csrss.exe
656 C:\Windows\System32\wininit.exe
676 csrss.exe
720 C:\Windows\System32\services.exe
740 C:\Windows\System32\lsass.exe
748 C:\Windows\System32\lsm.exe
844 C:\Windows\System32\svchost.exe
904 C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
936 C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
944 C:\Windows\System32\conhost.exe
116 C:\Windows\System32\winlogon.exe
744 C:\Windows\System32\nvvsvc.exe
664 C:\Windows\System32\svchost.exe
1128 C:\Windows\System32\svchost.exe
1160 C:\Windows\System32\svchost.exe
1192 C:\Windows\System32\svchost.exe
1268 C:\Windows\System32\audiodg.exe
1320 C:\Windows\System32\svchost.exe
1404 C:\Windows\System32\nvvsvc.exe
1456 C:\Windows\System32\svchost.exe
1640 C:\Windows\System32\spoolsv.exe
1716 C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
1740 C:\Windows\System32\svchost.exe
1780 C:\Windows\System32\taskhost.exe
1936 C:\Windows\System32\dwm.exe
1984 C:\Windows\explorer.exe
1992 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1808 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
2012 C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
2044 C:\Windows\System32\taskeng.exe
1544 C:\Windows\System32\dgdersvc.exe
2132 C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
2208 C:\Windows\System32\taskeng.exe
2276 C:\Windows\System32\svchost.exe
2324 C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
2400 C:\Windows\System32\taskeng.exe
2408 C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
2468 C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
2576 C:\Program Files\Sony\VAIO Care\VAIOCareService.exe
2588 C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
2604 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
2772 dllhost.exe
3032 C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
2304 C:\Program Files\Sony\VAIO Power Management\SPMService.exe
2652 C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe
1552 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
3152 WUDFHost.exe
3292 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
3304 WmiPrvSE.exe
3384 C:\Windows\System32\svchost.exe
3832 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
4008 C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
4048 C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
4072 C:\Program Files (x86)\Sony\SmartWi Connection Utility\CCP.exe
2536 C:\Windows\System32\SearchIndexer.exe
3584 C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
3436 C:\Program Files (x86)\DivX\DivX Plus Web Player\DDMService.exe
2460 C:\Program Files (x86)\iTunes\iTunesHelper.exe
2396 C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
4116 C:\Program Files\iPod\bin\iPodService.exe
4336 C:\Program Files (x86)\Sony\SmartWi Connection Utility\ThirdPartyAppMgr.exe
4356 C:\Program Files (x86)\Sony\SmartWi Connection Utility\PowerManager.exe
4984 C:\Program Files\Sony\VAIO Care\VCsystray.exe
4992 C:\Program Files\Java\jre6\bin\jusched.exe
1656 C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
4032 C:\Windows\System32\sppsvc.exe
4200 C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
952 C:\Windows\System32\svchost.exe
4496 C:\Program Files\Windows Media Player\wmpnetwk.exe
5056 WmiPrvSE.exe
4976 C:\Windows\System32\SearchProtocolHost.exe
4720 C:\Windows\System32\SearchFilterHost.exe
2556 C:\Windows\System32\wuauclt.exe
2180 dllhost.exe
3052 dllhost.exe
3672 C:\Users\Mila\Desktop\MBRCheck.exe
3332 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`1af00000 (NTFS)

PhysicalDrive0 Model Number: ST9500325AS, Rev: 0006SDM2

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


Done!

cosinus 11.05.2011 08:55
Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

squama 11.05.2011 16:23
Ok. Hab jetzt Malwarebytes ausgefuehrt und der Log ist unten. Bei meiner Startleiste habe ich aber immer noch dasselbe Problem und jetzt sind die Symbole der Programme nur noch als "weisse Blaetter" abgebildet.


Aber hier erstmal der Log von Malwarebytes, den von SuperAntispyware schick ich gleich nach dem Scan:


Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6554

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

11.05.2011 11:47:15
mbam-log-2011-05-11 (11-47-15).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|F:\|G:\|)
Durchsuchte Objekte: 266375
Laufzeit: 25 Minute(n), 10 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

squama 11.05.2011 17:51
Hier ist der SuperAntispyware-Log:


SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 05/11/2011 at 06:48 PM

Application Version : 4.52.1000

Core Rules Database Version : 7031
Trace Rules Database Version: 4843

Scan type : Complete Scan
Total Scan Time : 01:12:51

Memory items scanned : 671
Memory threats detected : 0
Registry items scanned : 15788
Registry threats detected : 0
File items scanned : 115085
File threats detected : 26

Adware.Tracking Cookie
C:\Users\Mila\AppData\Roaming\Microsoft\Windows\Cookies\mila@ad.adc-serv[1].txt
C:\Users\Mila\AppData\Roaming\Microsoft\Windows\Cookies\mila@content.yieldmanager[1].txt
C:\Users\Mila\AppData\Roaming\Microsoft\Windows\Cookies\mila@zanox[2].txt
C:\Users\Mila\AppData\Roaming\Microsoft\Windows\Cookies\mila@imrworldwide[2].txt
C:\Users\Mila\AppData\Roaming\Microsoft\Windows\Cookies\mila@adfarm1.adition[2].txt
C:\Users\Mila\AppData\Roaming\Microsoft\Windows\Cookies\mila@www.zanox-affiliate[2].txt
C:\Users\Mila\AppData\Roaming\Microsoft\Windows\Cookies\mila@serving-sys[2].txt
C:\Users\Mila\AppData\Roaming\Microsoft\Windows\Cookies\mila@zanox-affiliate[2].txt
C:\Users\Mila\AppData\Roaming\Microsoft\Windows\Cookies\mila@ad4.adfarm1.adition[2].txt
C:\Users\Mila\AppData\Roaming\Microsoft\Windows\Cookies\mila@track.effiliation[2].txt
C:\Users\Mila\AppData\Roaming\Microsoft\Windows\Cookies\mila@delivery.atkmedia[2].txt
C:\Users\Mila\AppData\Roaming\Microsoft\Windows\Cookies\mila@ad.ad-srv[2].txt
C:\Users\Mila\AppData\Roaming\Microsoft\Windows\Cookies\mila@ad.zanox[1].txt
C:\Users\Mila\AppData\Roaming\Microsoft\Windows\Cookies\mila@track.effiliation[1].txt
C:\Users\Mila\AppData\Roaming\Microsoft\Windows\Cookies\mila@traffictrack[1].txt
C:\Users\Mila\AppData\Roaming\Microsoft\Windows\Cookies\mila@atdmt[1].txt
C:\Users\Mila\AppData\Roaming\Microsoft\Windows\Cookies\mila@tradedoubler[1].txt
C:\Users\Mila\AppData\Roaming\Microsoft\Windows\Cookies\mila@fastclick[1].txt
C:\Users\Mila\AppData\Roaming\Microsoft\Windows\Cookies\mila@content.yieldmanager[2].txt
C:\Users\Mila\AppData\Roaming\Microsoft\Windows\Cookies\mila@doubleclick[1].txt
C:\Users\Mila\AppData\Roaming\Microsoft\Windows\Cookies\mila@apmebf[1].txt
C:\Users\Mila\AppData\Roaming\Microsoft\Windows\Cookies\mila@ad2.adfarm1.adition[1].txt
C:\Users\Mila\AppData\Roaming\Microsoft\Windows\Cookies\mila@ad.yieldmanager[2].txt
C:\Users\Mila\AppData\Roaming\Microsoft\Windows\Cookies\mila@webmasterplan[1].txt
C:\Users\Mila\AppData\Roaming\Microsoft\Windows\Cookies\mila@www.usenext[1].txt
C:\Users\Mila\AppData\Roaming\Microsoft\Windows\Cookies\mila@mediaplex[2].txt

cosinus 11.05.2011 21:00
Sieht ok aus, da wurden nur Cookies gefunden.
Noch Probleme oder weitere Funde in der Zwischenzeit?

squama 12.05.2011 01:27
Also ich hab halt noch die Probleme, die ich paar Posts vorher beschrieben habe.

Wenn ich bei der Taskleiste auf Start->Programme gehe und dann ein Programm anwaehlen will steht immer nur "empty" drunter und da ist nichts ausser der Programmname und wenn ich drauf druecke passiert dann natuerlich auch nichts.

Ansonsten ist alles bisher ok, ich kann halt nur nichts ueber die Taskleiste oeffnen. Wenn ich Dateien, wie z.B. Word-Dokumente, anklicke, dann oeffnen sie sich aber ohne Probleme. Also hat es irgendwas mit der Taskleiste zu tun.

Und der Desktop ist halt noch schwarz, aber das kann ich doch einfach aendern und ein Hintergrundbild nun dafuer einsetzen, oder?

Was soll ich als naechstes tun oder sind wir fertig? Muss ich Passwoerter aendern? Welches Tool kann eine erneute Infektion verhindern?





Ich wollte mich schon mal an dieser Stelle ganz herzlich bei Dir bedanken. Vielen Dank wirklich! Es sind noch sehr viele wichtige Fotos und Dokumente auf meinen Laptop, die ich jetzt natuerlich erstmal auf andere Speichermedien abspeichern werde. VIELEN DANK!

cosinus 12.05.2011 09:22
Larusso hat da einen Lösungsansatz zum leeren Startmenü:


Drücke bitte die http://larusso.trojaner-board.de/Images/windows.jpg + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument
Code:
@echo off
attrib -h "%programdata%\Microsoft\Windows\Start Menu\*.*" /s /d
attrib -h "%appdata%\Microsoft\Windows\Start Menu\*.*" /s /d
del %0
Vista und Win7 User: Mit Rechtsklick "als Administrator starten"

Berichte bitte ob dein Start Menü nun wieder OK ist :)

squama 12.05.2011 16:29
Hat leider nicht geklappt. Gibt es noch eine andere Moeglichkeit?

cosinus 12.05.2011 18:18
Wie gesagt sind andere Lösungansätze noch nicht bekannt.

squama 12.05.2011 18:26
Hmm, okay und wie geht es jetzt weiter? Muss ich sonst noch etwas machen? Passwoerter aendern?

Was fuer ein Tool koennte die erneute Infektion verhindern?

Gruss Mila

cosinus 12.05.2011 18:55
Kannst du abgesehen vom Starmenü den Rechner soweit wieder einwandfrei bedienen?

squama 12.05.2011 19:16
Ich hab noch ein Problem mit Word, ansonsten ist alles einwandfrei.

Wenn ich Word oeffne erscheint im Hintergrund ein grosses Word-Fenster und im Vordergrund ein kleines Fenster mit folgendem Text:

File conversion


Select the encoding that makes your document readable.

Text encoding:

Windows (default) MS-DOS Other Encoding: "Liste"

Preview:


Und danach was unlesbares.

Wenn ich dann ok druecke ganz unten, kommt dann noch ein kleineres Fenster mit folgendem Text:

The add-in template is not valid.
(C:\Users\Mila\AppData\...\~$ngvo11.dot)


Wenn ich dann ok druecke, kommt aber das Document und es wird alles dargestellt.


Diese Fenster erscheinen jedes Mal wenn ich ein Word-Document oeffne.

cosinus 12.05.2011 19:25
Office-Reparaturinstallation ausführen, das hilft meistens

squama 12.05.2011 19:44
Das Problem ist immer noch da trotz Reperaturinstallation.

cosinus 13.05.2011 12:35
Office deinstallieren, neu installieren?

squama 13.05.2011 12:59
Hab die CD leider nicht mehr. Muss ich dann wohl nochmal neu kaufen und halt Openoffice erstmal benutzen.

Bis auf Startleiste und Word funktioniert alles einwandfrei. Was muss ich als naechstes machen?

cosinus 13.05.2011 17:31
Larusso hat wohl eine Lösung zum Startmenü gefunden :)

Zitat:
Zitat von Larusso (Beitrag 657216)
Hm, 2 Fälle hier und beide scheinen unlösbar :headbang:

Gehe bitte nochmal in den Reiter Start Menü, klicke Anpassen

Ganz unten unter Startmenügröße klicke auf Standardeinstellungen

Versuche bitte erneut irgend ein Program zu öffnen und sieh nach ob sich dieses nach dem schließen in der Liste befindet

squama 13.05.2011 17:56
Ich hab es probiert, aber es hat nur bei Microsoft Office geklappt (das kann ich jetzt im Startmenue sehen), alle anderen Programme tauchen beim Oeffnen und wieder schliessen nicht wieder auf.

Neuinstallierte Programme tauchen aber auf.

cosinus 13.05.2011 18:35
Hier nochmal ausführlich:

Mach bitte einmal einen Rechtsklick auf der Taskleiste, Eigenschaften
StartMenü und gehe sicher das unter Datenschutz beide Haken gesetzt sind.

Danach im Reiter Startmenü auf Anpassen klicken

Ganz unten unter Startmenügröße klicke auf Standardeinstellungen

Versuche bitte erneut irgend ein Program zu öffnen und sieh nach ob sich dieses nach dem schließen in der Liste befindet

squama 13.05.2011 18:49
Hab es genauso gemacht. Habs aber nochmal probiert und es ist wieder nichts passiert.


Alle Zeitangaben in WEZ +1. Es ist jetzt 21:33 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131