| |
| |||||||
Log-Analyse und Auswertung: Privacy Protection mit rkill und tdsskiller behandelt. Alles sauber?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
07.11.2011, 17:49
| #1 |
 |  Privacy Protection mit rkill und tdsskiller behandelt. Alles sauber? Liebe Leute Ich habe mir gestern den Privacy Protection Virus eingefangen. Ich habe dann gegoogelt wie ich den wegkriege und bin auf eure Anleitung gestossen. Habe also folgende Schritte unternommen: 1. Windows im abgesicherten Modus mit Netzwerktreibern gestartet. 2. rkill laufen lassen 3. mit Malwarebytes 4 infizierte Dateien entfernt 4. Root Kit Scan mit tdssrkiller durchgeführt (nichts gefunden) 5. OTL downgeloadet und Logfile erstellt Nun, da ich wenig Ahnung von Computern habe, wäre ich unheimlich dankbar, wenn mir jemand die angehängten Logfiles auswerten könnte? Herzlichen Dank schon im Voraus. OTL Log File (war zu gross für Anhang): OTL logfile created on: 07.11.2011 10:28:46 - Run 1 Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy 1.93 Gb Total Physical Memory | 1.27 Gb Available Physical Memory | 65.74% Memory free 4.10 Gb Paging File | 3.63 Gb Available in Paging File | 88.55% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 232.88 Gb Total Space | 69.64 Gb Free Space | 29.90% Space Free | Partition Type: NTFS Drive D: | 538.34 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Drive I: | 7.47 Gb Total Space | 4.94 Gb Free Space | 66.06% Space Free | Partition Type: FAT32 Computer Name: ***** | User Name: ******* | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Raffaele\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation) PRC - C:\Programme\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation) PRC - C:\Programme\Lavasoft\Ad-Aware\AAWWSC.exe () PRC - C:\Windows\explorer.exe (Microsoft Corporation) ========== Modules (No Company Name) ========== MOD - C:\Windows\System32\Macromed\Flash\NPSWF32.dll () MOD - C:\Programme\Mozilla Firefox\mozjs.dll () MOD - C:\Programme\Lavasoft\Ad-Aware\ShellExt.dll () MOD - C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF () ========== Win32 Services (SafeList) ========== SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation) SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (SmcService) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (Symantec Corporation) SRV - (SNAC) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE (Symantec Corporation) SRV - (ccSetMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation) SRV - (ccEvtMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation) SRV - (Symantec AntiVirus) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation) SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft) SRV - (PMBDeviceInfoProvider) -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation) SRV - (LiveUpdate) -- C:\Programme\Symantec\LiveUpdate\LuComServer_3_3.EXE (Symantec Corporation) SRV - (avg9emc) -- C:\Program Files\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.) SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies, Inc.) SRV - (CVPND) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) SRV - (Lotus Notes Diagnostics) -- C:\Program Files\IBM\Lotus\Notes\nsd.exe (IBM Corp) SRV - (CrossLoopService) -- C:\Users\Raffaele\AppData\Local\CrossLoop\CrossLoopService.exe (CrossLoop Inc) SRV - (uvnc_service) -- C:\Users\Raffaele\AppData\Local\CrossLoop\winvnc.exe (UltraVNC) SRV - (Multi-user Cleanup Service) -- C:\Program Files\IBM\Lotus\Notes\ntmulti.exe (IBM Corp) SRV - (UNS) Intel(R) -- C:\Programme\Common Files\Intel\Privacy Icon\UNS\UNS.EXE (Intel Corporation) SRV - (LMS) Intel(R) -- C:\Programme\Intel\AMT\LMS.EXE (Intel Corporation) SRV - (AEADIFilters) -- C:\Windows\System32\AEADISRV.EXE (Andrea Electronics Corporation) SRV - (RoxMediaDB10) -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe (Sonic Solutions) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems) ========== Driver Services (SafeList) ========== DRV - (AvgMfx86) -- C:\Windows\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.) DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation) DRV - (NAVEX15) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20111105.009\NAVEX15.SYS (Symantec Corporation) DRV - (eeCtrl) -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation) DRV - (EraserUtilRebootDrv) -- C:\Programme\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation) DRV - (NAVENG) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20111105.009\NAVENG.SYS (Symantec Corporation) DRV - (Netaapl) -- C:\Windows\System32\drivers\netaapl.sys (Apple Inc.) DRV - (AvgTdiX) -- C:\Windows\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.) DRV - (SRTSPL) -- C:\Windows\System32\drivers\srtspl.sys (Symantec Corporation) DRV - (SRTSP) -- C:\Windows\System32\drivers\srtsp.sys (Symantec Corporation) DRV - (SRTSPX) -- C:\Windows\System32\drivers\srtspx.sys (Symantec Corporation) DRV - (SPBBCDrv) -- C:\Programme\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation) DRV - (SYMTDI) -- C:\Windows\System32\Drivers\SYMTDI.SYS (Symantec Corporation) DRV - (SYMREDRV) -- C:\Windows\System32\Drivers\SYMREDRV.SYS (Symantec Corporation) DRV - (Uim_IM) -- C:\Windows\System32\drivers\Uim_IM.sys (Paragon) DRV - (hotcore3) -- C:\Windows\system32\DRIVERS\hotcore3.sys (Paragon Software Group) DRV - (UimBus) -- C:\Windows\System32\drivers\UimBus.sys (Windows (R) 2000 DDK provider) DRV - (AvgLdx86) -- C:\Windows\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.) DRV - (NPF) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies, Inc.) DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.) DRV - (ATSwpWDF) -- C:\Windows\System32\drivers\ATSwpWDF.sys (AuthenTec, Inc.) DRV - (Lbd) -- C:\Windows\system32\DRIVERS\Lbd.sys (Lavasoft AB) DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC) DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation) DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys () DRV - (hpdskflt) -- C:\Windows\system32\DRIVERS\hpdskflt.sys (Hewlett-Packard Corporation) DRV - (Accelerometer) -- C:\Windows\System32\drivers\Accelerometer.sys (Hewlett-Packard Corporation) DRV - (e1yexpress) Intel(R) -- C:\Windows\System32\drivers\e1y6032.sys (Intel Corporation) DRV - (HECI) Intel(R) -- C:\Windows\System32\drivers\HECI.sys (Intel Corporation) DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems) DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation) DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation) DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC) DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC) DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.) DRV - (rismc32) -- C:\Windows\System32\drivers\rismc32.sys (RICOH Company, Ltd.) DRV - (HBtnKey) -- C:\Windows\System32\drivers\CPQBttn.sys (Hewlett-Packard Development Company, L.P.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://hotmail.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://ch.msn.com/default.aspx?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-ch IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C0 33 64 73 F2 B0 CB 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = plimus.com;www.plimus.com;regnow.com;www.regnow.com;*.local IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = socks=127.0.0.1:7070 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.facebook.com/home.php | hxxp://twitter.com/" FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.872 FF - prefs.js..extensions.enabledItems: dvscontextmenuy@dvdvideosoft.com:1.0 FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: firesheep@codebutler.com:0.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {1544D611-955F-4ceb-95D3-82C720C29EAE}:1.1.0 FF - prefs.js..extensions.enabledItems: {81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}:7.1.1.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2011.09.13 08:20:17 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.09.30 08:55:57 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.09.25 12:54:40 | 000,000,000 | ---D | M] [2009.09.02 11:37:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Raffaele\AppData\Roaming\mozilla\Extensions [2011.10.11 23:41:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Raffaele\AppData\Roaming\mozilla\Firefox\Profiles\7nkp4doo.default\extensions [2010.04.28 01:34:11 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Raffaele\AppData\Roaming\mozilla\Firefox\Profiles\7nkp4doo.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.04.16 06:11:09 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Raffaele\AppData\Roaming\mozilla\Firefox\Profiles\7nkp4doo.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2010.10.27 10:00:06 | 000,000,000 | ---D | M] (Firesheep) -- C:\Users\Raffaele\AppData\Roaming\mozilla\Firefox\Profiles\7nkp4doo.default\extensions\firesheep@codebutler.com [2009.09.22 12:29:54 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\Raffaele\AppData\Roaming\mozilla\Firefox\Profiles\7nkp4doo.default\extensions\moveplayer@movenetworks.com [2011.06.12 02:06:13 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2009.10.30 06:23:40 | 000,000,000 | ---D | M] ("Citavi Picker") -- C:\Programme\Mozilla Firefox\extensions\{8AA36F4F-6DC7-4c06-77AF-5035170634FE} [2010.04.06 14:11:52 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2010.08.09 07:43:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.11.14 12:45:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.02.21 00:13:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011.06.12 02:06:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} () (No name found) -- C:\USERS\RAFFAELE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7NKP4DOO.DEFAULT\EXTENSIONS\{1544D611-955F-4CEB-95D3-82C720C29EAE}.XPI () (No name found) -- C:\USERS\RAFFAELE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7NKP4DOO.DEFAULT\EXTENSIONS\{C0C9A2C7-2E5C-4447-BC53-97718BC91E1B}.XPI [2011.09.30 08:55:57 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.05.03 20:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2010.04.07 09:57:56 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll [2010.01.01 02:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.01.01 02:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2010.01.01 02:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2010.01.01 02:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2010.01.01 02:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2010.01.01 02:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 15:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [AVG9_TRAY] C:\Programme\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation) O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [picon] C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe (Intel Corporation) O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Programme\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation) O4 - HKLM..\Run: [snuvcdsm] C:\Windows\snuvcdsm.exe () O4 - HKLM..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\soundmax.exe (Analog Devices, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe" File not found O4 - HKLM..\RunOnce: [GrpConv] C:\Windows\System32\grpconv.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - Startup: C:\Users\Raffaele\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Raffaele\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O8 - Extra context menu item: &Citavi Picker... - C:\Program Files\Internet Explorer\PLUGINS\Citavi Picker\ShowContextMenu.html () O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Free YouTube Download - C:\Users\Raffaele\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Raffaele\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Save YouTube Video as MP3 - C:\Program Files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll (DVSTeam) O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} https://studmaillz.unisg.ch/dwa7W.cab (Domino Web Access 7 Control) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.76.76 75.75.75.75 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A7E235FE-B7B3-45F4-9F31-3561CE9FEAE7}: DhcpNameServer = 75.75.76.76 75.75.75.75 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E7282A2D-7A8F-4F62-8C50-AA2F3681C9FF}: DhcpNameServer = 128.101.101.101 134.84.84.84 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EA483D52-F491-434A-BE95-3D3EC76EFB4D}: DhcpNameServer = 138.188.101.186 138.188.101.189 O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (avgrsstx.dll) -C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.) O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found O22 - SharedTaskScheduler: {1984D045-52CF-49cd-DB77-08F378FEA4DB} - ObjectDockShellExt - C:\Programme\Stardock\ObjectDockFree\ODMenu.dll (Stardock) O24 - Desktop WallPaper: C:\Users\Raffaele\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Raffaele\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 15:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2005.09.14 08:14:39 | 000,000,235 | R--- | M] () - D:\Autorun.inf -- [ CDFS ] O32 - AutoRun File - [2007.09.27 06:35:00 | 001,049,616 | R--- | M] (Microsoft Corporation) - D:\autorun.exe -- [ CDFS ] O33 - MountPoints2\{0e79b82f-ebd0-11de-8ca7-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{0e79b82f-ebd0-11de-8ca7-806e6f6e6963}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a O33 - MountPoints2\{d61e6c61-97c8-11de-b7d8-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{d61e6c61-97c8-11de-b7d8-806e6f6e6963}\Shell\AutoRun\command - "" = D:\autorun.exe -- [2007.09.27 06:35:00 | 001,049,616 | R--- | M] (Microsoft Corporation) O33 - MountPoints2\{d61e6c61-97c8-11de-b7d8-806e6f6e6963}\Shell\directx\command - "" = D:\directx9\DXSETUP.exe -- [2005.05.26 16:34:41 | 000,482,000 | R--- | M] (Microsoft Corporation) O33 - MountPoints2\{d61e6c61-97c8-11de-b7d8-806e6f6e6963}\Shell\setup\command - "" = D:\setup.exe -- [2007.10.02 06:24:20 | 000,304,136 | R--- | M] () O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.11.07 10:23:42 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Raffaele\Desktop\OTL.exe [2011.11.06 21:15:09 | 001,563,952 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Raffaele\Desktop\tdsskiller.exe [2011.11.06 21:02:37 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Roaming\Malwarebytes [2011.11.06 21:02:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.11.06 21:02:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.11.06 21:02:28 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.11.06 21:02:28 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2011.11.06 21:01:50 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Raffaele\Desktop\Hans.exe.exe [2011.11.06 14:58:24 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{26B5C0C7-4BD7-467B-B328-DE3D02EBDA25} [2011.11.06 14:58:12 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{4E4D2722-38EE-4BCF-A37F-0BD15DB6929C} [2011.11.06 02:57:53 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{7327BC2D-6053-4780-908D-1DE6BD05D13C} [2011.11.06 02:57:42 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{83B3D684-4A9D-4F92-AB8F-3963CFD71631} [2011.11.05 02:57:09 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{EBB143E4-1A97-47A2-8DCC-8DA5E60C6E29} [2011.11.04 08:36:10 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{4B028F71-A6C3-4E8E-89AC-96842A25E746} [2011.11.04 08:35:56 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{3BF88727-6D3C-4849-9354-A96DE140C62F} [2011.11.03 20:36:07 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{B439A323-A130-4986-A1ED-F8157946A6D9} [2011.11.03 02:07:20 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2011.11.03 02:01:24 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{6B0C6AF8-DB09-4EA9-8C86-A934AFAD057B} [2011.11.03 02:00:38 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{06AA1B0E-6158-4017-AD6B-EF55E5419DA2} [2011.11.02 09:46:55 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{AD210BF2-E87B-4715-ABD3-D3B6197931DB} [2011.11.02 09:46:10 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{FCD30B8D-0E19-47B0-A881-2FE24C97A7C8} [2011.11.01 19:59:20 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{3894B049-30DA-47B2-841B-49F5F68D3803} [2011.11.01 19:58:50 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{458BDFEB-3A2C-426F-AE43-382F34837B06} [2011.11.01 07:57:57 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{5B61877E-DBC5-4E06-8BF8-0237D4ABFFDA} [2011.11.01 07:57:30 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{008BF5EE-B2EA-4006-9392-763ED1133CBF} [2011.10.31 10:48:57 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{83AA8064-79D1-42F5-AFDE-1822F4922EDE} [2011.10.31 10:48:43 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{DB353AEE-A68C-490A-B9BA-477E7EC27593} [2011.10.30 22:48:28 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{C0E7F88C-AC27-4A13-98E7-EC22CF825A3E} [2011.10.30 22:48:17 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{625F02CA-9D8D-4135-B49A-5C29E7870EB7} [2011.10.30 10:49:40 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{ECCA9F45-E921-4C47-91BF-241F5307D1A1} [2011.10.29 22:49:27 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{CF3536FA-A917-4656-9641-0CAB2219195E} [2011.10.29 22:49:14 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{0964B96A-870B-4920-9A72-5BE9953332CF} [2011.10.29 10:48:42 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{B424F377-6982-40C1-9031-AC7C3BF74538} [2011.10.29 10:48:29 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{03035DA4-D1DE-49D8-81C2-B2F9B07C6DDA} [2011.10.28 22:19:29 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{FAFCD6EA-834C-4F9A-8CB5-7E080816E48C} [2011.10.28 22:19:14 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{A52FC619-BB41-4A5C-B32B-E3E2BF118268} [2011.10.28 10:18:59 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{381533A8-8850-46AD-9D69-F7674555A1EE} [2011.10.28 10:18:46 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{F25247DC-57F5-49B7-8766-B58746708418} [2011.10.27 22:18:31 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{438F01CB-F644-435C-B307-796829096656} [2011.10.27 22:18:15 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{DED81BEA-F419-43B5-ACDB-19F569E53E3D} [2011.10.27 10:18:02 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{0A373735-7382-4991-B9F4-75BFDB864619} [2011.10.27 10:17:13 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{DBDB684A-D210-474B-B1F1-9721F8D365BC} [2011.10.26 21:04:43 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{EDFA0428-226B-4354-93D8-C863CD31A399} [2011.10.26 21:04:31 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{90604628-ABA4-41A6-AEEB-B6AA31A8AE92} [2011.10.26 09:04:03 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{89ACE10C-8759-4912-917E-7962DAAE7714} [2011.10.26 09:03:26 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{73D73D5C-A405-4C2A-A4FA-AE4E41DD18D1} [2011.10.25 12:13:55 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{6AD83093-21E0-4EA7-9CD9-D134E11F47BE} [2011.10.25 12:13:43 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{EB83324F-EC13-4526-B530-8598ED2ED18F} [2011.10.25 00:13:06 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{35716CD5-BCD5-48E8-9FEB-A11DE429E510} [2011.10.25 00:12:04 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{D29C8410-21BC-462F-8BA8-BA17AB1CF5E7} [2011.10.24 12:11:47 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{41D21AC2-A492-43C6-A15B-C2E96EADE130} [2011.10.24 12:11:35 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{D59FDB2E-F69A-403B-9530-CF9CF01DA9E3} [2011.10.24 00:11:16 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{2F82264B-34A7-4A74-BC43-3E15FBA9576A} [2011.10.24 00:11:03 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{4EFBAFDB-0CE0-4DED-AB89-7760656D475C} [2011.10.23 12:10:44 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{668414E5-D578-4071-BE8D-0AF3FFBF2455} [2011.10.23 12:10:32 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{1F84FC02-8FAC-47DC-9FD9-95F2230A7918} [2011.10.22 10:23:01 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{406BD85E-5C55-48CF-B0AB-885C2D7429C7} [2011.10.22 10:21:35 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{17455312-311D-4F38-8F5A-29E20C29C0C1} [2011.10.21 17:28:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2011.10.21 17:26:06 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2011.10.21 17:26:02 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2011.10.21 17:19:21 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour [2011.10.21 12:04:02 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{87BF6C94-0604-434B-BD7E-C3F26B65AB79} [2011.10.21 12:03:51 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{83DCD0F4-583C-4F99-BB30-C80F68C435A9} [2011.10.21 00:03:36 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{CD8F3B65-9588-40BE-84CB-AA4F44ED7CE8} [2011.10.21 00:03:25 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{2C6E21A9-ED54-4058-A038-EEDF48AADEF0} [2011.10.20 12:03:13 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{ACBE0963-95C4-4ECC-AC18-59900250C66C} [2011.10.20 12:03:02 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{1DBCD825-EDDE-4B7C-A440-CD98CC00192F} [2011.10.20 00:02:48 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{723ACABA-4780-46AB-8820-7714CD8E88B3} [2011.10.20 00:02:37 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{E1330B23-038E-4A30-93D2-30D47B67C68E} [2011.10.19 11:04:08 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{AD8A83A3-FBAF-492A-8047-76CA9DFB8884} [2011.10.19 11:03:56 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{2ADEBA1F-AB4C-46AF-AA55-D63B27073DF4} [2011.10.18 23:03:41 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{CAE9AF4A-E001-41E0-B45C-F2D83E0AB164} [2011.10.18 23:03:29 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{705B5066-C1DF-4711-8B04-F36554211B60} [2011.10.18 19:47:07 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Graphmatica [2011.10.18 19:47:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Graphmatica [2011.10.18 19:47:01 | 000,000,000 | ---D | C] -- C:\Program Files\Graphmatica [2011.10.18 11:03:10 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{17AA7C2E-F5EA-4A6D-968B-9131416D315C} [2011.10.18 11:02:54 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{5E571E49-404D-44EC-A7EE-5C2728739708} [2011.10.17 23:02:23 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{BAA0A2C1-79A0-486B-A531-B3C94B5AD9A1} [2011.10.17 23:02:12 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{BFDD8CE4-2AFD-4477-BBD7-BDFC3ED18597} [2011.10.17 10:07:56 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{4E5EC80F-B5FA-44C3-9EB8-95A022173939} [2011.10.17 10:07:44 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{30936177-7460-4E02-83BF-9EECCC397F34} [2011.10.16 22:07:26 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{0A4E58AC-CA64-4622-ABD0-9DAE476FF6BA} [2011.10.16 22:07:08 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{02AA634E-7FB5-430F-ACC9-892E4D0D95FB} [2011.10.16 10:05:59 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{D8D952D2-A09C-4659-8DEB-16C747893CAE} [2011.10.16 10:05:41 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{6D528E32-4627-4DF4-87C4-32E5062A8E1E} [2011.10.15 21:13:19 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{0F0D8C4C-DC8C-444D-82A1-F2F51F363826} [2011.10.15 21:13:07 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{C0869174-DB09-4DD1-931A-529D4268CCEA} [2011.10.15 09:12:43 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{5598C90A-49C5-4CB8-B364-85EC61BE2753} [2011.10.15 09:12:02 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{B807C331-761C-41D0-8EB3-FF8C8CAE29D1} [2011.10.14 11:46:36 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{23CD549B-24BD-4028-ABB7-591EA8CF537E} [2011.10.14 11:46:21 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{E0A88589-5E96-40CD-8520-FE03954D684B} [2011.10.13 10:36:59 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{8492A732-B79D-4158-8F6D-173041B4BC85} [2011.10.13 10:36:46 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{D7F29A3B-23AE-4F4B-9DCA-07726323D48F} [2011.10.13 02:15:10 | 000,000,000 | ---D | C] -- C:\f6d82a019516acde63b06e0cee9565 [2011.10.13 02:13:15 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2011.10.13 02:13:12 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2011.10.13 02:13:10 | 001,798,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2011.10.13 02:13:10 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2011.10.13 02:13:07 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2011.10.12 22:36:16 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{4B6A3637-CA20-4BBF-A91C-111DEAA279ED} [2011.10.12 22:36:04 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{87A4809B-BD73-46CF-A55E-71F8BF140378} [2011.10.12 17:07:11 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll [2011.10.12 17:07:11 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax [2011.10.12 17:07:11 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mpeg2Data.ax [2011.10.12 17:07:11 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSDvbNP.ax [2011.10.12 17:07:07 | 002,043,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2011.10.12 17:06:23 | 000,555,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAutomationCore.dll [2011.10.12 17:06:22 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleaccrc.dll [2011.10.12 10:35:46 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{5E6A044D-DBD2-4E89-A46F-D54172C93BB1} [2011.10.12 10:35:33 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{2F3672E5-5634-4F31-AFEB-C0291C00C221} [2011.10.11 22:35:01 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{90A428E9-92FA-480E-ABB9-6933F9169286} [2011.10.11 22:34:44 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{AD9DE143-9FF8-43D2-9DC0-D6F273B353E0} [2011.10.11 10:07:00 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{0152E413-02CD-4551-8680-37537BE64F55} [2011.10.10 20:35:25 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{22643CD0-F7F1-46EC-9B31-288B2E7D66A4} [2011.10.10 20:35:09 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{5B9D70F5-6561-49E7-84A8-B41536EC1FCD} [2011.10.10 08:34:29 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{5ED54632-26DA-40AB-A54C-5FB1A3A5CE21} [2011.10.10 08:33:51 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{2C4D5444-916E-47BA-AB4A-ED730865A031} [2011.10.09 10:07:46 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{1859A62E-B8C3-46FD-AA13-02C15741DF46} [2011.10.09 10:07:34 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{7C39B51C-51D8-4B59-96D5-781CC5D52210} [2011.10.08 22:07:16 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{7479C5E8-4CA2-4885-A9BC-128AAFAD3D2B} [2011.10.08 22:07:03 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{12008424-2183-47EE-ADF4-5E2D635CB1EE} [2009.09.02 08:30:45 | 000,180,224 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll [2009.09.02 08:30:43 | 000,176,128 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\Raffaele\Desktop\*.tmp files -> C:\Users\Raffaele\Desktop\*.tmp -> ] [1 C:\Users\Raffaele\*.tmp files -> C:\Users\Raffaele\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.11.07 10:23:58 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Raffaele\Desktop\OTL.exe [2011.11.07 00:33:58 | 000,909,150 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.11.07 00:33:58 | 000,636,916 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.11.07 00:33:58 | 000,222,608 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.11.07 00:33:58 | 000,004,062 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.11.07 00:28:46 | 000,000,054 | ---- | M] () -- C:\Windows\System32\rp_stats.dat [2011.11.07 00:28:46 | 000,000,039 | ---- | M] () -- C:\Windows\System32\rp_rules.dat [2011.11.07 00:26:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.11.06 21:26:28 | 001,563,952 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Raffaele\Desktop\tdsskiller.exe [2011.11.06 21:02:31 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.11.06 21:01:59 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Raffaele\Desktop\Hans.exe.exe [2011.11.06 20:47:55 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.11.06 20:47:55 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.11.06 20:47:51 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2011.11.06 20:30:20 | 000,246,304 | ---- | M] () -- C:\ProgramData\nvModes.001 [2011.11.06 20:28:43 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.11.06 18:43:30 | 088,678,227 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm [2011.11.06 18:10:05 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.11.06 17:18:05 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Daily 4).job [2011.11.06 13:49:01 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Daily 3).job [2011.11.06 04:55:21 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Daily 1).job [2011.11.06 04:31:05 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Daily 2).job [2011.11.06 02:49:28 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job [2011.10.29 01:51:55 | 343,668,827 | ---- | M] () -- C:\Windows\MEMORY.DMP [2011.10.21 21:34:44 | 000,188,416 | ---- | M] () -- C:\Users\Raffaele\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.10.17 16:52:17 | 000,317,931 | ---- | M] () -- C:\Users\Raffaele\Desktop\296849_300976639916184_100000115510359_1357400_765453084_n.jpg [2011.10.14 13:01:16 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2011.10.13 02:45:38 | 000,438,464 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\Raffaele\Desktop\*.tmp files -> C:\Users\Raffaele\Desktop\*.tmp -> ] [1 C:\Users\Raffaele\*.tmp files -> C:\Users\Raffaele\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.11.06 21:02:31 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.10.17 16:48:00 | 000,317,931 | ---- | C] () -- C:\Users\Raffaele\Desktop\296849_300976639916184_100000115510359_1357400_765453084_n.jpg [2011.07.17 15:57:23 | 000,000,680 | ---- | C] () -- C:\Users\Raffaele\AppData\Local\d3d9caps.dat [2011.06.17 03:20:29 | 000,188,416 | ---- | C] () -- C:\Users\Raffaele\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.06.11 02:45:31 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll [2011.04.10 08:50:14 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll [2011.04.08 06:00:03 | 000,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.dll [2011.04.08 06:00:03 | 000,000,205 | ---- | C] () -- C:\Windows\System32\lsprst7.dll [2010.06.25 11:03:12 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll [2010.04.20 05:14:22 | 000,000,162 | ---- | C] () -- C:\Windows\ODBC.INI [2010.04.06 14:16:28 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.04.04 15:37:04 | 000,202,048 | ---- | C] () -- C:\Windows\System32\AVLibrary.dll [2010.03.23 05:26:48 | 000,201,512 | ---- | C] () -- C:\Windows\System32\vpnapi.dll [2010.01.20 01:55:22 | 000,000,054 | ---- | C] () -- C:\Windows\System32\rp_stats.dat [2010.01.20 01:55:22 | 000,000,039 | ---- | C] () -- C:\Windows\System32\rp_rules.dat [2009.10.25 04:52:18 | 000,000,474 | ---- | C] () -- C:\Windows\BRWMARK.INI [2009.10.25 04:52:18 | 000,000,034 | ---- | C] () -- C:\Windows\System32\bd9045cd.dat [2009.10.25 04:52:18 | 000,000,026 | ---- | C] () -- C:\Windows\BRPP2KA.INI [2009.09.02 17:57:49 | 000,909,150 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2009.09.02 17:57:49 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2009.09.02 17:57:49 | 000,222,608 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2009.09.02 17:57:49 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2009.09.02 12:52:39 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.09.02 12:52:38 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.09.02 12:51:09 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2009.09.02 11:05:02 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2009.09.02 09:43:47 | 000,246,304 | ---- | C] () -- C:\ProgramData\nvModes.001 [2009.09.02 09:43:45 | 000,246,304 | ---- | C] () -- C:\ProgramData\nvModes.dat [2009.09.02 09:11:26 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI [2009.09.02 08:30:43 | 001,804,160 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys [2009.09.02 08:30:43 | 000,028,160 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys [2009.09.02 08:30:43 | 000,020,480 | ---- | C] () -- C:\Windows\snuvcdsm.exe [2009.09.02 08:30:43 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini [2009.09.02 08:22:42 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2009.09.02 08:03:53 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat [2009.08.03 07:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll [2009.08.03 07:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe [2006.11.02 06:56:48 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 06:47:43 | 000,438,464 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 04:33:01 | 000,636,916 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 04:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 04:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 04:33:01 | 000,004,062 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 04:25:26 | 000,557,568 | ---- | C] () -- C:\Windows\System32\hpotscl1.dll [2006.11.02 04:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 02:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 02:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 01:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 01:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2006.03.18 07:16:04 | 000,540,178 | ---- | C] () -- C:\Windows\System32\x264vfw.dll [2005.01.17 09:10:16 | 000,045,056 | ---- | C] () -- C:\Windows\System32\BRTCPCON.DLL [2004.08.09 09:00:42 | 000,000,114 | ---- | C] () -- C:\Windows\System32\BRLMW03A.INI [1999.10.26 18:00:00 | 000,000,050 | ---- | C] () -- C:\Windows\System32\BAOCH06A.DAT ========== LOP Check ========== [2009.10.30 07:48:51 | 000,000,000 | ---D | M] -- C:\Users\Raffaele\AppData\Roaming\Academic Software Zurich [2011.10.08 15:06:02 | 000,000,000 | ---D | M] -- C:\Users\Raffaele\AppData\Roaming\benibela [2011.06.16 11:22:49 | 000,000,000 | ---D | M] -- C:\Users\Raffaele\AppData\Roaming\Bump Technologies, Inc [2011.03.22 11:06:31 | 000,000,000 | ---D | M] -- C:\Users\Raffaele\AppData\Roaming\com.prezi.PreziDesktop [2011.11.05 13:36:14 | 000,000,000 | ---D | M] -- C:\Users\Raffaele\AppData\Roaming\Dropbox [2011.08.10 00:53:30 | 000,000,000 | ---D | M] -- C:\Users\Raffaele\AppData\Roaming\DVDVideoSoft [2011.04.21 00:00:18 | 000,000,000 | ---D | M] -- C:\Users\Raffaele\AppData\Roaming\DVDVideoSoftIEHelpers [2011.04.08 05:11:32 | 000,000,000 | ---D | M] -- C:\Users\Raffaele\AppData\Roaming\FFSJ [2010.04.07 09:58:21 | 000,000,000 | ---D | M] -- C:\Users\Raffaele\AppData\Roaming\Foxit [2011.03.28 06:43:14 | 000,000,000 | ---D | M] -- C:\Users\Raffaele\AppData\Roaming\Foxit Software [2009.09.02 08:16:29 | 000,000,000 | ---D | M] -- C:\Users\Raffaele\AppData\Roaming\Hewlett Packard [2010.05.06 23:50:31 | 000,000,000 | ---D | M] -- C:\Users\Raffaele\AppData\Roaming\Hide IP NG [2011.04.25 08:14:53 | 000,000,000 | ---D | M] -- C:\Users\Raffaele\AppData\Roaming\ImTOO [2010.07.23 06:09:48 | 000,000,000 | ---D | M] -- C:\Users\Raffaele\AppData\Roaming\Information Factory [2010.05.06 16:54:07 | 000,000,000 | ---D | M] -- C:\Users\Raffaele\AppData\Roaming\Mpm [2010.04.14 08:00:14 | 000,000,000 | ---D | M] -- C:\Users\Raffaele\AppData\Roaming\NCH Swift Sound [2009.10.06 15:37:40 | 000,000,000 | ---D | M] -- C:\Users\Raffaele\AppData\Roaming\OpenOffice.org [2010.04.14 08:00:20 | 000,000,000 | ---D | M] -- C:\Users\Raffaele\AppData\Roaming\Recordpad [2010.04.06 10:10:48 | 000,000,000 | ---D | M] -- C:\Users\Raffaele\AppData\Roaming\Softland [2011.06.21 01:40:44 | 000,000,000 | ---D | M] -- C:\Users\Raffaele\AppData\Roaming\Stardock [2011.02.02 13:16:31 | 000,000,000 | ---D | M] -- C:\Users\Raffaele\AppData\Roaming\Windows Live Writer [2011.11.06 04:55:21 | 000,000,370 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Daily 1).job [2011.11.06 04:31:05 | 000,000,370 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Daily 2).job [2011.11.06 13:49:01 | 000,000,370 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Daily 3).job [2011.11.06 17:18:05 | 000,000,370 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Daily 4).job [2011.11.06 02:49:28 | 000,000,370 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job [2011.11.06 20:47:51 | 000,032,558 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > |
|
07.11.2011, 19:15
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Privacy Protection mit rkill und tdsskiller behandelt. Alles sauber?Zitat:
__________________ |
|
07.11.2011, 19:25
| #3 |
| | Privacy Protection mit rkill und tdsskiller behandelt. Alles sauber? Malwarebytes' Anti-Malware 1.51.2.1300
__________________www.malwarebytes.org Datenbank Version: 8104 Windows 6.0.6002 Service Pack 2 (Safe Mode) Internet Explorer 9.0.8112.16421 07.11.2011 00:25:08 mbam-log-2011-11-07 (00-25-08).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|I:\|) Durchsuchte Objekte: 387824 Laufzeit: 1 Stunde(n), 37 Minute(n), 2 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 1 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 4 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Privacy Protection (Exploit.Drop.Gen) -> Value: Privacy Protection -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: c:\Users\Raffaele\AppData\Roaming\privacy.exe (Exploit.Drop.Gen) -> Quarantined and deleted successfully. c:\Users\Raffaele\AppData\Local\Temp\11AE.tmp (Exploit.Drop.Gen) -> Quarantined and deleted successfully. c:\Users\Raffaele\AppData\Local\Temp\20CC.tmp (Exploit.Drop.Gen) -> Quarantined and deleted successfully. c:\Users\Raffaele\Desktop\uSeRiNiT.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully. Danke  |
|
07.11.2011, 19:25
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Privacy Protection mit rkill und tdsskiller behandelt. Alles sauber? Führ bitte auch ESET aus, danach sehen wir weiter: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
08.11.2011, 00:05
| #5 |
| | Privacy Protection mit rkill und tdsskiller behandelt. Alles sauber? Sorry, hat ein Weilchen gedauert... 3 Threats gefunden und nicht entfernt (wie gewünscht)... ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330) # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=a0cd3fdd7404344bb35afc07636d69cc # end=stopped # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-11-07 07:26:09 # local_time=2011-11-07 01:26:09 (-0600, Central Normalzeit) # country="Switzerland" # lang=1033 # osver=6.0.6002 NT Service Pack 2 # compatibility_mode=1024 16777215 100 0 62527524 62527524 0 0 # compatibility_mode=5892 16776638 100 100 62530885 157298844 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=80118 # found=0 # cleaned=0 # scan_time=2627 esets_scanner_update returned -1 esets_gle=53251 # version=7 # iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330) # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=a0cd3fdd7404344bb35afc07636d69cc # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-11-07 10:05:41 # local_time=2011-11-07 04:05:41 (-0600, Central Normalzeit) # country="Switzerland" # lang=1033 # osver=6.0.6002 NT Service Pack 2 # compatibility_mode=1024 16777215 100 0 62530924 62530924 0 0 # compatibility_mode=5892 16776638 100 100 62534285 157302244 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=234325 # found=3 # cleaned=0 # scan_time=8798 C:\Users\Raffaele\AppData\Local\Temp\jar_cache5399023740393011693.tmp multiple threats (unable to clean) 00000000000000000000000000000000 I C:\Users\Raffaele\AppData\Local\Temp\ICReinstall\cnet_Graphmatica20g_setup_exe.exe a variant of Win32/InstallCore.D application (unable to clean) 00000000000000000000000000000000 I C:\Users\Raffaele\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11\13bc228b-40b60e1b a variant of Java/TrojanDownloader.OpenStream.NBG trojan (unable to clean) 00000000000000000000000000000000 I |
|
08.11.2011, 09:16
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Privacy Protection mit rkill und tdsskiller behandelt. Alles sauber? CustomScan mit OTL Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ --> Privacy Protection mit rkill und tdsskiller behandelt. Alles sauber? |
|
08.11.2011, 17:45
| #7 |
| | Privacy Protection mit rkill und tdsskiller behandelt. Alles sauber? Danke! Voilà:OTL Logfile:Code:
ATTFilter OTL logfile created on: 08.11.2011 10:27:33 - Run 2 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Raffaele\Desktop Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy 1.93 Gb Total Physical Memory | 1.28 Gb Available Physical Memory | 66.14% Memory free 4.10 Gb Paging File | 3.65 Gb Available in Paging File | 88.96% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 232.88 Gb Total Space | 69.49 Gb Free Space | 29.84% Space Free | Partition Type: NTFS Drive D: | 538.34 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Drive I: | 7.47 Gb Total Space | 4.94 Gb Free Space | 66.06% Space Free | Partition Type: FAT32 Computer Name: **** | User Name: ****** | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Raffaele\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation) PRC - C:\Programme\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation) PRC - C:\Programme\Lavasoft\Ad-Aware\AAWWSC.exe () PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) ========== Modules (No Company Name) ========== MOD - C:\Programme\Lavasoft\Ad-Aware\ShellExt.dll () MOD - C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF () ========== Win32 Services (SafeList) ========== SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation) SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (SmcService) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (Symantec Corporation) SRV - (SNAC) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE (Symantec Corporation) SRV - (ccSetMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation) SRV - (ccEvtMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation) SRV - (Symantec AntiVirus) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation) SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft) SRV - (PMBDeviceInfoProvider) -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation) SRV - (LiveUpdate) -- C:\Programme\Symantec\LiveUpdate\LuComServer_3_3.EXE (Symantec Corporation) SRV - (avg9emc) -- C:\Program Files\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.) SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies, Inc.) SRV - (CVPND) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) SRV - (Lotus Notes Diagnostics) -- C:\Program Files\IBM\Lotus\Notes\nsd.exe (IBM Corp) SRV - (CrossLoopService) -- C:\Users\Raffaele\AppData\Local\CrossLoop\CrossLoopService.exe (CrossLoop Inc) SRV - (uvnc_service) -- C:\Users\Raffaele\AppData\Local\CrossLoop\winvnc.exe (UltraVNC) SRV - (Multi-user Cleanup Service) -- C:\Program Files\IBM\Lotus\Notes\ntmulti.exe (IBM Corp) SRV - (UNS) Intel(R) -- C:\Programme\Common Files\Intel\Privacy Icon\UNS\UNS.EXE (Intel Corporation) SRV - (LMS) Intel(R) -- C:\Programme\Intel\AMT\LMS.EXE (Intel Corporation) SRV - (AEADIFilters) -- C:\Windows\System32\AEADISRV.EXE (Andrea Electronics Corporation) SRV - (RoxMediaDB10) -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe (Sonic Solutions) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems) ========== Driver Services (SafeList) ========== DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation) DRV - (AvgMfx86) -- C:\Windows\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.) DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation) DRV - (NAVEX15) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20111105.009\NAVEX15.SYS (Symantec Corporation) DRV - (eeCtrl) -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation) DRV - (EraserUtilRebootDrv) -- C:\Programme\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation) DRV - (NAVENG) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20111105.009\NAVENG.SYS (Symantec Corporation) DRV - (Netaapl) -- C:\Windows\System32\drivers\netaapl.sys (Apple Inc.) DRV - (AvgTdiX) -- C:\Windows\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.) DRV - (SRTSPL) -- C:\Windows\System32\drivers\srtspl.sys (Symantec Corporation) DRV - (SRTSP) -- C:\Windows\System32\drivers\srtsp.sys (Symantec Corporation) DRV - (SRTSPX) -- C:\Windows\System32\drivers\srtspx.sys (Symantec Corporation) DRV - (SPBBCDrv) -- C:\Programme\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation) DRV - (SYMTDI) -- C:\Windows\System32\Drivers\SYMTDI.SYS (Symantec Corporation) DRV - (SYMREDRV) -- C:\Windows\System32\Drivers\SYMREDRV.SYS (Symantec Corporation) DRV - (Uim_IM) -- C:\Windows\System32\drivers\Uim_IM.sys (Paragon) DRV - (hotcore3) -- C:\Windows\system32\DRIVERS\hotcore3.sys (Paragon Software Group) DRV - (UimBus) -- C:\Windows\System32\drivers\UimBus.sys (Windows (R) 2000 DDK provider) DRV - (AvgLdx86) -- C:\Windows\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.) DRV - (NPF) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies, Inc.) DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.) DRV - (ATSwpWDF) -- C:\Windows\System32\drivers\ATSwpWDF.sys (AuthenTec, Inc.) DRV - (Lbd) -- C:\Windows\system32\DRIVERS\Lbd.sys (Lavasoft AB) DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC) DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation) DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys () DRV - (hpdskflt) -- C:\Windows\system32\DRIVERS\hpdskflt.sys (Hewlett-Packard Corporation) DRV - (Accelerometer) -- C:\Windows\System32\drivers\Accelerometer.sys (Hewlett-Packard Corporation) DRV - (e1yexpress) Intel(R) -- C:\Windows\System32\drivers\e1y6032.sys (Intel Corporation) DRV - (HECI) Intel(R) -- C:\Windows\System32\drivers\HECI.sys (Intel Corporation) DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems) DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation) DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation) DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC) DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC) DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.) DRV - (rismc32) -- C:\Windows\System32\drivers\rismc32.sys (RICOH Company, Ltd.) DRV - (HBtnKey) -- C:\Windows\System32\drivers\CPQBttn.sys (Hewlett-Packard Development Company, L.P.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Sign In IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = Hotmail, Messenger, Lifestyle, Unterhaltung, Reisen, News, Sport und vieles mehr auf msn.ch IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-ch IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C0 33 64 73 F2 B0 CB 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = plimus.com;www.plimus.com;regnow.com;www.regnow.com;*.local IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = socks=127.0.0.1:7070 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.facebook.com/home.php | hxxp://twitter.com/" FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.872 FF - prefs.js..extensions.enabledItems: dvscontextmenuy@dvdvideosoft.com:1.0 FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: firesheep@codebutler.com:0.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {1544D611-955F-4ceb-95D3-82C720C29EAE}:1.1.0 FF - prefs.js..extensions.enabledItems: {81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}:7.1.1.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2011.09.13 08:20:17 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.09.30 08:55:57 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.09.25 12:54:40 | 000,000,000 | ---D | M] [2009.09.02 11:37:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Raffaele\AppData\Roaming\mozilla\Extensions [2011.10.11 23:41:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Raffaele\AppData\Roaming\mozilla\Firefox\Profiles\7nkp4doo.default\extensions [2010.04.28 01:34:11 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Raffaele\AppData\Roaming\mozilla\Firefox\Profiles\7nkp4doo.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.04.16 06:11:09 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Raffaele\AppData\Roaming\mozilla\Firefox\Profiles\7nkp4doo.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2010.10.27 10:00:06 | 000,000,000 | ---D | M] (Firesheep) -- C:\Users\Raffaele\AppData\Roaming\mozilla\Firefox\Profiles\7nkp4doo.default\extensions\firesheep@codebutler.com [2009.09.22 12:29:54 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\Raffaele\AppData\Roaming\mozilla\Firefox\Profiles\7nkp4doo.default\extensions\moveplayer@movenetworks.com [2011.06.12 02:06:13 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2009.10.30 06:23:40 | 000,000,000 | ---D | M] ("Citavi Picker") -- C:\Programme\Mozilla Firefox\extensions\{8AA36F4F-6DC7-4c06-77AF-5035170634FE} [2010.04.06 14:11:52 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2010.08.09 07:43:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.11.14 12:45:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.02.21 00:13:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011.06.12 02:06:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} () (No name found) -- C:\USERS\RAFFAELE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7NKP4DOO.DEFAULT\EXTENSIONS\{1544D611-955F-4CEB-95D3-82C720C29EAE}.XPI () (No name found) -- C:\USERS\RAFFAELE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7NKP4DOO.DEFAULT\EXTENSIONS\{C0C9A2C7-2E5C-4447-BC53-97718BC91E1B}.XPI [2011.09.30 08:55:57 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.05.03 20:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2010.04.07 09:57:56 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll [2010.01.01 02:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.01.01 02:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2010.01.01 02:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2010.01.01 02:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2010.01.01 02:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2010.01.01 02:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 15:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [AVG9_TRAY] C:\Programme\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation) O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [picon] C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe (Intel Corporation) O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Programme\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation) O4 - HKLM..\Run: [snuvcdsm] C:\Windows\snuvcdsm.exe () O4 - HKLM..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\soundmax.exe (Analog Devices, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe" File not found O4 - HKLM..\RunOnce: [GrpConv] C:\Windows\System32\grpconv.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - Startup: C:\Users\Raffaele\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Raffaele\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O8 - Extra context menu item: &Citavi Picker... - C:\Program Files\Internet Explorer\PLUGINS\Citavi Picker\ShowContextMenu.html () O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Free YouTube Download - C:\Users\Raffaele\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Raffaele\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Save YouTube Video as MP3 - C:\Program Files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll (DVSTeam) O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} https://studmaillz.unisg.ch/dwa7W.cab (Domino Web Access 7 Control) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 128.101.101.101 134.84.84.84 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A7E235FE-B7B3-45F4-9F31-3561CE9FEAE7}: DhcpNameServer = 128.101.101.101 134.84.84.84 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E7282A2D-7A8F-4F62-8C50-AA2F3681C9FF}: DhcpNameServer = 128.101.101.101 134.84.84.84 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EA483D52-F491-434A-BE95-3D3EC76EFB4D}: DhcpNameServer = 138.188.101.186 138.188.101.189 O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (avgrsstx.dll) -C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.) O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found O22 - SharedTaskScheduler: {1984D045-52CF-49cd-DB77-08F378FEA4DB} - ObjectDockShellExt - C:\Programme\Stardock\ObjectDockFree\ODMenu.dll (Stardock) O24 - Desktop WallPaper: C:\Users\Raffaele\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Raffaele\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 15:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2005.09.14 08:14:39 | 000,000,235 | R--- | M] () - D:\Autorun.inf -- [ CDFS ] O32 - AutoRun File - [2007.09.27 06:35:00 | 001,049,616 | R--- | M] (Microsoft Corporation) - D:\autorun.exe -- [ CDFS ] O33 - MountPoints2\{0e79b82f-ebd0-11de-8ca7-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{0e79b82f-ebd0-11de-8ca7-806e6f6e6963}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a O33 - MountPoints2\{d61e6c61-97c8-11de-b7d8-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{d61e6c61-97c8-11de-b7d8-806e6f6e6963}\Shell\AutoRun\command - "" = D:\autorun.exe -- [2007.09.27 06:35:00 | 001,049,616 | R--- | M] (Microsoft Corporation) O33 - MountPoints2\{d61e6c61-97c8-11de-b7d8-806e6f6e6963}\Shell\directx\command - "" = D:\directx9\DXSETUP.exe -- [2005.05.26 16:34:41 | 000,482,000 | R--- | M] (Microsoft Corporation) O33 - MountPoints2\{d61e6c61-97c8-11de-b7d8-806e6f6e6963}\Shell\setup\command - "" = D:\setup.exe -- [2007.10.02 06:24:20 | 000,304,136 | R--- | M] () O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: ccEvtMgr - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation) SafeBootMin: ccSetMgr - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation) SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft) SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: Symantec Antivirus - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation) SafeBootMin: Symantec Antvirus - Service SafeBootMin: System Bus Extender - Driver Group SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: ccEvtMgr - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation) SafeBootNet: ccSetMgr - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation) SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft) SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: SmcService - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (Symantec Corporation) SafeBootNet: Streams Drivers - Driver Group SafeBootNet: Symantec Antivirus - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation) SafeBootNet: Symantec Antvirus - Service SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: WudfPf - Driver SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906) ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {EFCE7BE0-510E-4932-9475-F44CD90DE16A} - Microsoft .NET Framework 1.1 Security Update (KB2572067) ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.) Drivers32: vidc.i420 - C:\Windows\System32\i420vfw.dll (www.helixcommunity.org) Drivers32: vidc.yv12 - C:\Windows\System32\yv12vfw.dll (www.helixcommunity.org) CREATERESTOREPOINT Error creating restore point. ========== Files/Folders - Created Within 30 Days ========== [2011.11.07 12:38:29 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2011.11.07 12:24:32 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.11.07 10:23:42 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Raffaele\Desktop\OTL.exe [2011.11.06 21:15:09 | 001,563,952 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Raffaele\Desktop\tdsskiller.exe [2011.11.06 21:02:37 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Roaming\Malwarebytes [2011.11.06 21:02:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.11.06 21:02:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.11.06 21:02:28 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.11.06 21:02:28 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2011.11.06 21:01:50 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Raffaele\Desktop\Hans.exe.exe [2011.11.06 14:58:24 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{26B5C0C7-4BD7-467B-B328-DE3D02EBDA25} [2011.11.06 14:58:12 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{4E4D2722-38EE-4BCF-A37F-0BD15DB6929C} [2011.11.06 02:57:53 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{7327BC2D-6053-4780-908D-1DE6BD05D13C} [2011.11.06 02:57:42 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{83B3D684-4A9D-4F92-AB8F-3963CFD71631} [2011.11.05 02:57:09 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{EBB143E4-1A97-47A2-8DCC-8DA5E60C6E29} [2011.11.04 08:36:10 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{4B028F71-A6C3-4E8E-89AC-96842A25E746} [2011.11.04 08:35:56 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{3BF88727-6D3C-4849-9354-A96DE140C62F} [2011.11.03 20:36:07 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{B439A323-A130-4986-A1ED-F8157946A6D9} [2011.11.03 02:07:20 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2011.11.03 02:01:24 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{6B0C6AF8-DB09-4EA9-8C86-A934AFAD057B} [2011.11.03 02:00:38 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{06AA1B0E-6158-4017-AD6B-EF55E5419DA2} [2011.11.02 09:46:55 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{AD210BF2-E87B-4715-ABD3-D3B6197931DB} [2011.11.02 09:46:10 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{FCD30B8D-0E19-47B0-A881-2FE24C97A7C8} [2011.11.01 19:59:20 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{3894B049-30DA-47B2-841B-49F5F68D3803} [2011.11.01 19:58:50 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{458BDFEB-3A2C-426F-AE43-382F34837B06} [2011.11.01 07:57:57 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{5B61877E-DBC5-4E06-8BF8-0237D4ABFFDA} [2011.11.01 07:57:30 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{008BF5EE-B2EA-4006-9392-763ED1133CBF} [2011.10.31 10:48:57 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{83AA8064-79D1-42F5-AFDE-1822F4922EDE} [2011.10.31 10:48:43 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{DB353AEE-A68C-490A-B9BA-477E7EC27593} [2011.10.30 22:48:28 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{C0E7F88C-AC27-4A13-98E7-EC22CF825A3E} [2011.10.30 22:48:17 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{625F02CA-9D8D-4135-B49A-5C29E7870EB7} [2011.10.30 10:49:40 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{ECCA9F45-E921-4C47-91BF-241F5307D1A1} [2011.10.29 22:49:27 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{CF3536FA-A917-4656-9641-0CAB2219195E} [2011.10.29 22:49:14 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{0964B96A-870B-4920-9A72-5BE9953332CF} [2011.10.29 10:48:42 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{B424F377-6982-40C1-9031-AC7C3BF74538} [2011.10.29 10:48:29 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{03035DA4-D1DE-49D8-81C2-B2F9B07C6DDA} [2011.10.28 22:19:29 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{FAFCD6EA-834C-4F9A-8CB5-7E080816E48C} [2011.10.28 22:19:14 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{A52FC619-BB41-4A5C-B32B-E3E2BF118268} [2011.10.28 10:18:59 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{381533A8-8850-46AD-9D69-F7674555A1EE} [2011.10.28 10:18:46 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{F25247DC-57F5-49B7-8766-B58746708418} [2011.10.27 22:18:31 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{438F01CB-F644-435C-B307-796829096656} [2011.10.27 22:18:15 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{DED81BEA-F419-43B5-ACDB-19F569E53E3D} [2011.10.27 10:18:02 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{0A373735-7382-4991-B9F4-75BFDB864619} [2011.10.27 10:17:13 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{DBDB684A-D210-474B-B1F1-9721F8D365BC} [2011.10.26 21:04:43 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{EDFA0428-226B-4354-93D8-C863CD31A399} [2011.10.26 21:04:31 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{90604628-ABA4-41A6-AEEB-B6AA31A8AE92} [2011.10.26 09:04:03 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{89ACE10C-8759-4912-917E-7962DAAE7714} [2011.10.26 09:03:26 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{73D73D5C-A405-4C2A-A4FA-AE4E41DD18D1} [2011.10.25 12:13:55 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{6AD83093-21E0-4EA7-9CD9-D134E11F47BE} [2011.10.25 12:13:43 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{EB83324F-EC13-4526-B530-8598ED2ED18F} [2011.10.25 00:13:06 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{35716CD5-BCD5-48E8-9FEB-A11DE429E510} [2011.10.25 00:12:04 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{D29C8410-21BC-462F-8BA8-BA17AB1CF5E7} [2011.10.24 12:11:47 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{41D21AC2-A492-43C6-A15B-C2E96EADE130} [2011.10.24 12:11:35 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{D59FDB2E-F69A-403B-9530-CF9CF01DA9E3} [2011.10.24 00:11:16 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{2F82264B-34A7-4A74-BC43-3E15FBA9576A} [2011.10.24 00:11:03 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{4EFBAFDB-0CE0-4DED-AB89-7760656D475C} [2011.10.23 12:10:44 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{668414E5-D578-4071-BE8D-0AF3FFBF2455} [2011.10.23 12:10:32 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{1F84FC02-8FAC-47DC-9FD9-95F2230A7918} [2011.10.22 10:23:01 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{406BD85E-5C55-48CF-B0AB-885C2D7429C7} [2011.10.22 10:21:35 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{17455312-311D-4F38-8F5A-29E20C29C0C1} [2011.10.21 17:28:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2011.10.21 17:26:06 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2011.10.21 17:26:02 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2011.10.21 17:19:21 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour [2011.10.21 12:04:02 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{87BF6C94-0604-434B-BD7E-C3F26B65AB79} [2011.10.21 12:03:51 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{83DCD0F4-583C-4F99-BB30-C80F68C435A9} [2011.10.21 00:03:36 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{CD8F3B65-9588-40BE-84CB-AA4F44ED7CE8} [2011.10.21 00:03:25 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{2C6E21A9-ED54-4058-A038-EEDF48AADEF0} [2011.10.20 12:03:13 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{ACBE0963-95C4-4ECC-AC18-59900250C66C} [2011.10.20 12:03:02 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{1DBCD825-EDDE-4B7C-A440-CD98CC00192F} [2011.10.20 00:02:48 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{723ACABA-4780-46AB-8820-7714CD8E88B3} [2011.10.20 00:02:37 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{E1330B23-038E-4A30-93D2-30D47B67C68E} [2011.10.19 11:04:08 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{AD8A83A3-FBAF-492A-8047-76CA9DFB8884} [2011.10.19 11:03:56 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{2ADEBA1F-AB4C-46AF-AA55-D63B27073DF4} [2011.10.18 23:03:41 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{CAE9AF4A-E001-41E0-B45C-F2D83E0AB164} [2011.10.18 23:03:29 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{705B5066-C1DF-4711-8B04-F36554211B60} [2011.10.18 19:47:07 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Graphmatica [2011.10.18 19:47:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Graphmatica [2011.10.18 19:47:01 | 000,000,000 | ---D | C] -- C:\Program Files\Graphmatica [2011.10.18 11:03:10 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{17AA7C2E-F5EA-4A6D-968B-9131416D315C} [2011.10.18 11:02:54 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{5E571E49-404D-44EC-A7EE-5C2728739708} [2011.10.17 23:02:23 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{BAA0A2C1-79A0-486B-A531-B3C94B5AD9A1} [2011.10.17 23:02:12 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{BFDD8CE4-2AFD-4477-BBD7-BDFC3ED18597} [2011.10.17 10:07:56 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{4E5EC80F-B5FA-44C3-9EB8-95A022173939} [2011.10.17 10:07:44 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{30936177-7460-4E02-83BF-9EECCC397F34} [2011.10.16 22:07:26 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{0A4E58AC-CA64-4622-ABD0-9DAE476FF6BA} [2011.10.16 22:07:08 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{02AA634E-7FB5-430F-ACC9-892E4D0D95FB} [2011.10.16 10:05:59 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{D8D952D2-A09C-4659-8DEB-16C747893CAE} [2011.10.16 10:05:41 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{6D528E32-4627-4DF4-87C4-32E5062A8E1E} [2011.10.15 21:13:19 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{0F0D8C4C-DC8C-444D-82A1-F2F51F363826} [2011.10.15 21:13:07 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{C0869174-DB09-4DD1-931A-529D4268CCEA} [2011.10.15 09:12:43 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{5598C90A-49C5-4CB8-B364-85EC61BE2753} [2011.10.15 09:12:02 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{B807C331-761C-41D0-8EB3-FF8C8CAE29D1} [2011.10.14 11:46:36 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{23CD549B-24BD-4028-ABB7-591EA8CF537E} [2011.10.14 11:46:21 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{E0A88589-5E96-40CD-8520-FE03954D684B} [2011.10.13 10:36:59 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{8492A732-B79D-4158-8F6D-173041B4BC85} [2011.10.13 10:36:46 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{D7F29A3B-23AE-4F4B-9DCA-07726323D48F} [2011.10.13 02:15:10 | 000,000,000 | ---D | C] -- C:\f6d82a019516acde63b06e0cee9565 [2011.10.12 22:36:16 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{4B6A3637-CA20-4BBF-A91C-111DEAA279ED} [2011.10.12 22:36:04 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{87A4809B-BD73-46CF-A55E-71F8BF140378} [2011.10.12 10:35:46 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{5E6A044D-DBD2-4E89-A46F-D54172C93BB1} [2011.10.12 10:35:33 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{2F3672E5-5634-4F31-AFEB-C0291C00C221} [2011.10.11 22:35:01 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{90A428E9-92FA-480E-ABB9-6933F9169286} [2011.10.11 22:34:44 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{AD9DE143-9FF8-43D2-9DC0-D6F273B353E0} [2011.10.11 10:07:00 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{0152E413-02CD-4551-8680-37537BE64F55} [2011.10.10 20:35:25 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{22643CD0-F7F1-46EC-9B31-288B2E7D66A4} [2011.10.10 20:35:09 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{5B9D70F5-6561-49E7-84A8-B41536EC1FCD} [2011.10.10 08:34:29 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{5ED54632-26DA-40AB-A54C-5FB1A3A5CE21} [2011.10.10 08:33:51 | 000,000,000 | ---D | C] -- C:\Users\Raffaele\AppData\Local\{2C4D5444-916E-47BA-AB4A-ED730865A031} [2009.09.02 08:30:45 | 000,180,224 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll [2009.09.02 08:30:43 | 000,176,128 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\Raffaele\Desktop\*.tmp files -> C:\Users\Raffaele\Desktop\*.tmp -> ] [1 C:\Users\Raffaele\*.tmp files -> C:\Users\Raffaele\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.11.07 12:24:32 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.11.07 10:23:58 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Raffaele\Desktop\OTL.exe [2011.11.07 00:33:58 | 000,909,150 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.11.07 00:33:58 | 000,636,916 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.11.07 00:33:58 | 000,222,608 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.11.07 00:33:58 | 000,004,062 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.11.07 00:28:46 | 000,000,054 | ---- | M] () -- C:\Windows\System32\rp_stats.dat [2011.11.07 00:28:46 | 000,000,039 | ---- | M] () -- C:\Windows\System32\rp_rules.dat [2011.11.07 00:26:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.11.06 21:26:28 | 001,563,952 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Raffaele\Desktop\tdsskiller.exe [2011.11.06 21:02:31 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.11.06 21:01:59 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Raffaele\Desktop\Hans.exe.exe [2011.11.06 20:47:55 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.11.06 20:47:55 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.11.06 20:47:51 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2011.11.06 20:30:20 | 000,246,304 | ---- | M] () -- C:\ProgramData\nvModes.001 [2011.11.06 20:28:43 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.11.06 18:43:30 | 088,678,227 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm [2011.11.06 18:10:05 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.11.06 17:18:05 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Daily 4).job [2011.11.06 13:49:01 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Daily 3).job [2011.11.06 04:55:21 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Daily 1).job [2011.11.06 04:31:05 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Daily 2).job [2011.11.06 02:49:28 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job [2011.10.29 01:51:55 | 343,668,827 | ---- | M] () -- C:\Windows\MEMORY.DMP [2011.10.21 21:34:44 | 000,188,416 | ---- | M] () -- C:\Users\Raffaele\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.10.17 16:52:17 | 000,317,931 | ---- | M] () -- C:\Users\Raffaele\Desktop\296849_300976639916184_100000115510359_1357400_765453084_n.jpg [2011.10.13 02:45:38 | 000,438,464 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\Raffaele\Desktop\*.tmp files -> C:\Users\Raffaele\Desktop\*.tmp -> ] [1 C:\Users\Raffaele\*.tmp files -> C:\Users\Raffaele\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.11.06 21:02:31 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.10.17 16:48:00 | 000,317,931 | ---- | C] () -- C:\Users\Raffaele\Desktop\296849_300976639916184_100000115510359_1357400_765453084_n.jpg [2011.07.17 15:57:23 | 000,000,680 | ---- | C] () -- C:\Users\Raffaele\AppData\Local\d3d9caps.dat [2011.06.17 03:20:29 | 000,188,416 | ---- | C] () -- C:\Users\Raffaele\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.06.11 02:45:31 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll [2011.04.10 08:50:14 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll [2011.04.08 06:00:03 | 000,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.dll [2011.04.08 06:00:03 | 000,000,205 | ---- | C] () -- C:\Windows\System32\lsprst7.dll [2010.06.25 11:03:12 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll [2010.04.20 05:14:22 | 000,000,162 | ---- | C] () -- C:\Windows\ODBC.INI [2010.04.06 14:16:28 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.04.04 15:37:04 | 000,202,048 | ---- | C] () -- C:\Windows\System32\AVLibrary.dll [2010.03.23 05:26:48 | 000,201,512 | ---- | C] () -- C:\Windows\System32\vpnapi.dll [2010.01.20 01:55:22 | 000,000,054 | ---- | C] () -- C:\Windows\System32\rp_stats.dat [2010.01.20 01:55:22 | 000,000,039 | ---- | C] () -- C:\Windows\System32\rp_rules.dat [2009.10.25 04:52:18 | 000,000,474 | ---- | C] () -- C:\Windows\BRWMARK.INI [2009.10.25 04:52:18 | 000,000,034 | ---- | C] () -- C:\Windows\System32\bd9045cd.dat [2009.10.25 04:52:18 | 000,000,026 | ---- | C] () -- C:\Windows\BRPP2KA.INI [2009.09.02 17:57:49 | 000,909,150 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2009.09.02 17:57:49 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2009.09.02 17:57:49 | 000,222,608 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2009.09.02 17:57:49 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2009.09.02 12:52:39 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.09.02 12:52:38 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.09.02 12:51:09 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2009.09.02 11:05:02 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2009.09.02 09:43:47 | 000,246,304 | ---- | C] () -- C:\ProgramData\nvModes.001 [2009.09.02 09:43:45 | 000,246,304 | ---- | C] () -- C:\ProgramData\nvModes.dat [2009.09.02 09:11:26 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI [2009.09.02 08:30:43 | 001,804,160 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys [2009.09.02 08:30:43 | 000,028,160 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys [2009.09.02 08:30:43 | 000,020,480 | ---- | C] () -- C:\Windows\snuvcdsm.exe [2009.09.02 08:30:43 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini [2009.09.02 08:22:42 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2009.09.02 08:03:53 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat [2009.08.03 07:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll [2009.08.03 07:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe [2006.11.02 06:56:48 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 06:47:43 | 000,438,464 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 04:33:01 | 000,636,916 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 04:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 04:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 04:33:01 | 000,004,062 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 04:25:26 | 000,557,568 | ---- | C] () -- C:\Windows\System32\hpotscl1.dll [2006.11.02 04:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 02:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 02:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 01:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 01:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2006.03.18 07:16:04 | 000,540,178 | ---- | C] () -- C:\Windows\System32\x264vfw.dll [2005.01.17 09:10:16 | 000,045,056 | ---- | C] () -- C:\Windows\System32\BRTCPCON.DLL [2004.08.09 09:00:42 | 000,000,114 | ---- | C] () -- C:\Windows\System32\BRLMW03A.INI [1999.10.26 18:00:00 | 000,000,050 | ---- | C] () -- C:\Windows\System32\BAOCH06A.DAT ========== LOP Check ========== [2009.10.30 07:48:51 | 000,000,000 | ---D | M] -- C:\Users\Raffaele\AppData\Roaming\Academic Software Zurich [2011.10.08 15:06:02 | 000,000,000 | ---D | M] -- C:\Users\Raffaele\AppData\Roaming\benibela [2011.06.16 11:22:49 | 000,000,000 | ---D | M] -- C:\Users\Raffaele\AppData\Roaming\Bump Technologies, Inc [2011.03.22 11:06:31 | 000,000,000 | ---D | M] -- C:\Users\Raffaele\AppData\Roaming\com.prezi.PreziDesktop [2011.11.05 13:36:14 | 000,000,000 | ---D | M] -- C:\Users\Raffaele\AppData\Roaming\Dropbox [2011.08.10 00:53:30 | 000,000,000 | ---D | M] -- C:\Users\Raffaele\AppData\Roaming\DVDVideoSoft [2011.04.21 00:00:18 | 000,000,000 | ---D | M] -- C:\Users\Raffaele\AppData\Roaming\DVDVideoSoftIEHelpers [2011.04.08 05:11:32 | 000,000,000 | ---D | M] -- C:\Users\Raffaele\AppData\Roaming\FFSJ [2010.04.07 09:58:21 | 000,000,000 | ---D | M] -- C:\Users\Raffaele\AppData\Roaming\Foxit [2011.03.28 06:43:14 | 000,000,000 | ---D | M] -- C:\Users\Raffaele\AppData\Roaming\Foxit Software [2009.09.02 08:16:29 | 000,000,000 | ---D | M] -- C:\Users\Raffaele\AppData\Roaming\Hewlett Packard [2010.05.06 23:50:31 | 000,000,000 | ---D | M] -- C:\Users\Raffaele\AppData\Roaming\Hide IP NG [2011.04.25 08:14:53 | 000,000,000 | ---D | M] -- C:\Users\Raffaele\AppData\Roaming\ImTOO [2010.07.23 06:09:48 | 000,000,000 | ---D | M] -- C:\Users\Raffaele\AppData\Roaming\Information Factory [2010.05.06 16:54:07 | 000,000,000 | ---D | M] -- C:\Users\Raffaele\AppData\Roaming\Mpm [2010.04.14 08:00:14 | 000,000,000 | ---D | M] -- C:\Users\Raffaele\AppData\Roaming\NCH Swift Sound [2009.10.06 15:37:40 | 000,000,000 | ---D | M] -- C:\Users\Raffaele\AppData\Roaming\OpenOffice.org [2010.04.14 08:00:20 | 000,000,000 | ---D | M] -- C:\Users\Raffaele\AppData\Roaming\Recordpad [2010.04.06 10:10:48 | 000,000,000 | ---D | M] -- C:\Users\Raffaele\AppData\Roaming\Softland [2011.06.21 01:40:44 | 000,000,000 | ---D | M] -- C:\Users\Raffaele\AppData\Roaming\Stardock [2011.02.02 13:16:31 | 000,000,000 | ---D | M] -- C:\Users\Raffaele\AppData\Roaming\Windows Live Writer [2011.11.06 04:55:21 | 000,000,370 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Daily 1).job [2011.11.06 04:31:05 | 000,000,370 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Daily 2).job [2011.11.06 13:49:01 | 000,000,370 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Daily 3).job [2011.11.06 17:18:05 | 000,000,370 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Daily 4).job [2011.11.06 02:49:28 | 000,000,370 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job [2011.11.06 20:47:51 | 000,032,558 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2009.10.30 07:48:51 | 000,000,000 | ---D | M] -- C:\Users\Raffaele\AppData\Roaming\Academic Software Zurich [2011.06.22 02:31:22 | 000,000,000 | ---D | M] -- C:\Users\Raffaele\AppData\Roaming\Adobe [2009.09.13 14:57:21 | 000,000,000 | ---D | M] -- C:\Users\Raffaele\AppData\Roaming\Apple Computer [2011.10.08 15:06:02 | 000,000,000 | ---D | M] -- C:\Users\Raffaele\AppData\Roaming\benibela [2009.10.26 10:59:41 | 000,000,000 | R--D | M] -- C:\Users\Raffaele\AppData\Roaming\Brother [2011.06.16 11:22:49 | 000,000,000 | ---D | M] -- C:\Users\Raffaele\AppData\Roaming\Bump Technologies, Inc [2011.03.22 11:06:31 | 000,000,000 | ---D | M] -- C:\Users\Raffaele\AppData\Roaming\com.prezi.PreziDesktop [2010.08.12 08:23:12 | 000,000,000 | ---D | M] -- C:\Users\Raffaele\AppData\Roaming\DivX [2011.11.05 13:36:14 | 000,000,000 | ---D | M] -- C:\Users\Raffaele\AppData\Roaming\Dropbox [2011.08.15 06:40:23 | 000,000,000 | ---D | M] -- C:\Users\Raffaele\AppData\Roaming\dvdcss [2011.08.10 00:53:30 | 000,000,000 | ---D | M] -- C:\Users\Raffaele\AppData\Roaming\DVDVideoSoft [2011.04.21 00:00:18 | 000,000,000 | ---D | M] -- C:\Users\Raffaele\AppData\Roaming\DVDVideoSoftIEHelpers [2011.04.08 05:11:32 | 000,000,000 | ---D | M] -- C:\Users\Raffaele\AppData\Roaming\FFSJ [2010.04.07 09:58:21 | 000,000,000 | ---D | M] -- C:\Users\Raffaele\AppData\Roaming\Foxit [2011.03.28 06:43:14 | 000,000,000 | ---D | M] -- C:\Users\Raffaele\AppData\Roaming\Foxit Software [2009.09.02 08:16:29 | 000,000,000 | ---D | M] -- C:\Users\Raffaele\AppData\Roaming\Hewlett Packard [2010.05.06 23:50:31 | 000,000,000 | ---D | M] -- C:\Users\Raffaele\AppData\Roaming\Hide IP NG [2011.04.01 09:24:05 | 000,000,000 | ---D | M] -- C:\Users\Raffaele\AppData\Roaming\HpUpdate [2009.09.02 08:11:42 | 000,000,000 | ---D | M] -- C:\Users\Raffaele\AppData\Roaming\Identities [2011.04.25 08:14:53 | 000,000,000 | ---D | M] -- C:\Users\Raffaele\AppData\Roaming\ImTOO [2010.07.23 06:09:48 | 000,000,000 | ---D | M] -- C:\Users\Raffaele\AppData\Roaming\Information Factory [2009.09.02 08:24:16 | 000,000,000 | ---D | M] -- C:\Users\Raffaele\AppData\Roaming\InstallShield [2009.09.02 13:17:01 | 000,000,000 | ---D | M] -- C:\Users\Raffaele\AppData\Roaming\Macromedia [2011.11.06 21:02:37 | 000,000,000 | ---D | M] -- C:\Users\Raffaele\AppData\Roaming\Malwarebytes [2011.06.22 02:31:22 | 000,000,000 | --SD | M] -- C:\Users\Raffaele\AppData\Roaming\Microsoft [2011.10.05 13:03:29 | 000,000,000 | ---D | M] -- C:\Users\Raffaele\AppData\Roaming\MiKTeX [2009.09.02 11:37:25 | 000,000,000 | ---D | M] -- C:\Users\Raffaele\AppData\Roaming\Mozilla [2010.05.06 16:54:07 | 000,000,000 | ---D | M] -- C:\Users\Raffaele\AppData\Roaming\Mpm [2011.09.04 15:16:14 | 000,000,000 | ---D | M] -- C:\Users\Raffaele\AppData\Roaming\NCH Software [2010.04.14 08:00:14 | 000,000,000 | ---D | M] -- C:\Users\Raffaele\AppData\Roaming\NCH Swift Sound [2009.10.06 15:37:40 | 000,000,000 | ---D | M] -- C:\Users\Raffaele\AppData\Roaming\OpenOffice.org [2011.04.09 13:12:48 | 000,000,000 | ---D | M] -- C:\Users\Raffaele\AppData\Roaming\Real [2010.04.14 08:00:20 | 000,000,000 | ---D | M] -- C:\Users\Raffaele\AppData\Roaming\Recordpad [2009.11.11 12:53:54 | 000,000,000 | ---D | M] -- C:\Users\Raffaele\AppData\Roaming\Roxio [2011.11.06 20:23:42 | 000,000,000 | ---D | M] -- C:\Users\Raffaele\AppData\Roaming\Skype [2010.04.07 16:02:23 | 000,000,000 | ---D | M] -- C:\Users\Raffaele\AppData\Roaming\skypePM [2010.04.06 10:10:48 | 000,000,000 | ---D | M] -- C:\Users\Raffaele\AppData\Roaming\Softland [2011.08.18 02:11:56 | 000,000,000 | ---D | M] -- C:\Users\Raffaele\AppData\Roaming\Sony Corporation [2011.06.21 01:40:44 | 000,000,000 | ---D | M] -- C:\Users\Raffaele\AppData\Roaming\Stardock [2010.06.15 12:32:42 | 000,000,000 | ---D | M] -- C:\Users\Raffaele\AppData\Roaming\UltraVNC [2011.11.06 15:47:38 | 000,000,000 | ---D | M] -- C:\Users\Raffaele\AppData\Roaming\vlc [2011.02.02 13:16:31 | 000,000,000 | ---D | M] -- C:\Users\Raffaele\AppData\Roaming\Windows Live Writer [2009.09.03 11:39:58 | 000,000,000 | ---D | M] -- C:\Users\Raffaele\AppData\Roaming\WinRAR < %APPDATA%\*.exe /s > [2011.05.25 14:07:14 | 024,176,560 | ---- | M] (Dropbox, Inc.) -- C:\Users\Raffaele\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011.05.25 14:07:42 | 000,174,784 | ---- | M] (Dropbox, Inc.) -- C:\Users\Raffaele\AppData\Roaming\Dropbox\bin\Uninstall.exe [2011.03.22 11:05:17 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Raffaele\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe [2009.09.02 09:28:34 | 000,049,152 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Raffaele\AppData\Roaming\Microsoft\Installer\{082702D5-5DD8-4600-BCE5-48B15174687F}\ARPPRODUCTICON.exe [2010.10.21 12:12:40 | 003,920,702 | ---- | M] () -- C:\Users\Raffaele\AppData\Roaming\Mozilla\Firefox\Profiles\7nkp4doo.default\extensions\firesheep@codebutler.com\platform\WINNT_x86-msvc\firesheep-backend.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2008.01.20 20:23:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys [2008.01.20 20:23:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys [2008.01.20 20:23:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008.01.20 20:23:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008.01.20 20:23:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2006.11.02 03:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: ATAPI.SYS > [2008.03.12 00:38:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_4c9c5a00\atapi.sys [2008.03.12 00:38:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_dd1bb97e219e87cb\atapi.sys [2009.04.11 00:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys [2009.04.11 00:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys [2009.04.11 00:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008.01.20 20:23:26 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008.01.20 20:23:26 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006.11.02 03:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys [2008.03.12 00:24:20 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=96DC4E1A9F90CCD489950A8935425C59 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_dda556493abc2795\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 03:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006.11.02 03:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: IASTORV.SYS > [2008.01.20 20:23:47 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys [2008.01.20 20:23:47 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008.01.20 20:23:47 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006.11.02 03:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.04.11 00:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll [2009.04.11 00:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2008.01.20 20:24:31 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2006.11.02 03:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008.01.20 20:23:45 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys [2008.01.20 20:23:45 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008.01.20 20:23:45 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: SCECLI.DLL > [2008.01.20 20:25:18 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2009.04.11 00:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll [2009.04.11 00:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll < MD5 for: USER32.DLL > [2009.04.11 00:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\System32\user32.dll [2009.04.11 00:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll [2008.01.20 20:24:47 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll < MD5 for: USERINIT.EXE > [2008.01.20 20:25:16 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.20 20:25:16 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe < MD5 for: WININIT.EXE > [2008.01.20 20:24:09 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe [2008.01.20 20:24:09 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe < MD5 for: WINLOGON.EXE > [2009.04.11 00:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009.04.11 00:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2008.01.20 20:25:17 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < MD5 for: WS2IFSL.SYS > [2008.01.20 20:25:11 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys [2008.01.20 20:25:11 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2008.01.20 21:20:25 | 017,223,680 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2008.01.20 21:20:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2008.01.20 21:20:25 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006.11.02 04:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006.11.02 04:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < > < End of report > |
|
08.11.2011, 19:55
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Privacy Protection mit rkill und tdsskiller behandelt. Alles sauber? Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Sign In
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = Hotmail, Messenger, Lifestyle, Unterhaltung, Reisen, News, Sport und vieles mehr auf msn.ch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-ch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C0 33 64 73 F2 B0 CB 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = plimus.com;www.plimus.com;regnow.com;www.regnow.com;*.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = socks=127.0.0.1:7070
[2011.04.16 06:11:09 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Raffaele\AppData\Roaming\mozilla\Firefox\Profiles\7nkp4doo.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [snuvcdsm] C:\Windows\snuvcdsm.exe ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 15:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005.09.14 08:14:39 | 000,000,235 | R--- | M] () - D:\Autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2007.09.27 06:35:00 | 001,049,616 | R--- | M] (Microsoft Corporation) - D:\autorun.exe -- [ CDFS ]
O33 - MountPoints2\{0e79b82f-ebd0-11de-8ca7-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{0e79b82f-ebd0-11de-8ca7-806e6f6e6963}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{d61e6c61-97c8-11de-b7d8-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{d61e6c61-97c8-11de-b7d8-806e6f6e6963}\Shell\AutoRun\command - "" = D:\autorun.exe -- [2007.09.27 06:35:00 | 001,049,616 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{d61e6c61-97c8-11de-b7d8-806e6f6e6963}\Shell\directx\command - "" = D:\directx9\DXSETUP.exe -- [2005.05.26 16:34:41 | 000,482,000 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{d61e6c61-97c8-11de-b7d8-806e6f6e6963}\Shell\setup\command - "" = D:\setup.exe -- [2007.10.02 06:24:20 | 000,304,136 | R--- | M] ()
:Commands
[emptytemp]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
09.11.2011, 01:03
| #9 |
| | Privacy Protection mit rkill und tdsskiller behandelt. Alles sauber? So, hoffe ich hab das richtig gemacht. Nach dem Reboot direkt wieder in den abgesicherten Modus und OLT geöffnet. Dann ist folgendes txt.-file erschienen: All processes killed ========== OTL ========== HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully! HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully! HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache AcceptLangs| /E : value set successfully! HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP| /E : value set successfully! HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\StartPageCache| /E : value set successfully! HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully! HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully! HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully! C:\Users\Raffaele\AppData\Roaming\mozilla\Firefox\Profiles\7nkp4doo.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}\chrome folder moved successfully. C:\Users\Raffaele\AppData\Roaming\mozilla\Firefox\Profiles\7nkp4doo.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} folder moved successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\snuvcdsm deleted successfully. C:\Windows\snuvcdsm.exe moved successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully! C:\autoexec.bat moved successfully. File move failed. D:\Autorun.inf scheduled to be moved on reboot. File move failed. D:\autorun.exe scheduled to be moved on reboot. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0e79b82f-ebd0-11de-8ca7-806e6f6e6963}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0e79b82f-ebd0-11de-8ca7-806e6f6e6963}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0e79b82f-ebd0-11de-8ca7-806e6f6e6963}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0e79b82f-ebd0-11de-8ca7-806e6f6e6963}\ not found. File E:\LaunchU3.exe -a not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d61e6c61-97c8-11de-b7d8-806e6f6e6963}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d61e6c61-97c8-11de-b7d8-806e6f6e6963}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d61e6c61-97c8-11de-b7d8-806e6f6e6963}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d61e6c61-97c8-11de-b7d8-806e6f6e6963}\ not found. File move failed. D:\autorun.exe scheduled to be moved on reboot. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d61e6c61-97c8-11de-b7d8-806e6f6e6963}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d61e6c61-97c8-11de-b7d8-806e6f6e6963}\ not found. File move failed. D:\directx9\DXSETUP.exe scheduled to be moved on reboot. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d61e6c61-97c8-11de-b7d8-806e6f6e6963}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d61e6c61-97c8-11de-b7d8-806e6f6e6963}\ not found. File move failed. D:\setup.exe scheduled to be moved on reboot. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 56466 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public User: Raffaele ->Temp folder emptied: 3122486272 bytes ->Temporary Internet Files folder emptied: 277430572 bytes ->Java cache emptied: 11714467 bytes ->FireFox cache emptied: 113139296 bytes ->Flash cache emptied: 301288 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 202657992 bytes %systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33239 bytes %systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 25494342 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 3'579.00 mb C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTL by OldTimer - Version 3.2.31.0 log created on 11082011_174709 Files\Folders moved on Reboot... File move failed. D:\Autorun.inf scheduled to be moved on reboot. File move failed. D:\autorun.exe scheduled to be moved on reboot. File move failed. D:\directx9\DXSETUP.exe scheduled to be moved on reboot. File move failed. D:\setup.exe scheduled to be moved on reboot. Registry entries deleted on Reboot... |
|
09.11.2011, 10:03
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Privacy Protection mit rkill und tdsskiller behandelt. Alles sauber? Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!  Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )  Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
09.11.2011, 17:04
| #11 |
| | Privacy Protection mit rkill und tdsskiller behandelt. Alles sauber? Okey, tdsskill hat ein Threat gefunden. Habe es geskipt, wie beschrieben. Hier das Log-File DANKE... 09:59:29.0559 1168 TDSS rootkit removing tool 2.6.16.0 Nov 7 2011 16:26:51 09:59:29.0658 1168 ============================================================ 09:59:29.0658 1168 Current date / time: 2011/11/09 09:59:29.0658 09:59:29.0658 1168 SystemInfo: 09:59:29.0658 1168 09:59:29.0658 1168 OS Version: 6.0.6002 ServicePack: 2.0 09:59:29.0658 1168 Product type: Workstation 09:59:29.0658 1168 ComputerName: RTSPC 09:59:29.0658 1168 UserName: Raffaele 09:59:29.0658 1168 Windows directory: C:\Windows 09:59:29.0658 1168 System windows directory: C:\Windows 09:59:29.0658 1168 Processor architecture: Intel x86 09:59:29.0658 1168 Number of processors: 2 09:59:29.0658 1168 Page size: 0x1000 09:59:29.0658 1168 Boot type: Safe boot with network 09:59:29.0658 1168 ============================================================ 09:59:30.0853 1168 Initialize success 10:00:35.0408 1260 ============================================================ 10:00:35.0408 1260 Scan started 10:00:35.0408 1260 Mode: Manual; SigCheck; TDLFS; 10:00:35.0408 1260 ============================================================ 10:00:36.0097 1260 Accelerometer (a9b917777841b76f299e2ea946e03adf) C:\Windows\system32\DRIVERS\Accelerometer.sys 10:00:36.0199 1260 Accelerometer - ok 10:00:36.0232 1260 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys 10:00:36.0248 1260 ACPI - ok 10:00:36.0291 1260 ADIHdAudAddService (3d691c6bf2b258e738057b42f9f57cce) C:\Windows\system32\drivers\ADIHdAud.sys 10:00:36.0393 1260 ADIHdAudAddService - ok 10:00:36.0473 1260 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys 10:00:36.0493 1260 adp94xx - ok 10:00:36.0537 1260 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys 10:00:36.0552 1260 adpahci - ok 10:00:36.0575 1260 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys 10:00:36.0585 1260 adpu160m - ok 10:00:36.0606 1260 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys 10:00:36.0626 1260 adpu320 - ok 10:00:36.0715 1260 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys 10:00:36.0754 1260 AFD - ok 10:00:36.0821 1260 AgereSoftModem (38325c6aa8eae011897d61ce48ec6435) C:\Windows\system32\DRIVERS\AGRSM.sys 10:00:36.0963 1260 AgereSoftModem - ok 10:00:37.0009 1260 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys 10:00:37.0018 1260 agp440 - ok 10:00:37.0084 1260 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys 10:00:37.0094 1260 aic78xx - ok 10:00:37.0144 1260 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys 10:00:37.0152 1260 aliide - ok 10:00:37.0176 1260 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys 10:00:37.0185 1260 amdagp - ok 10:00:37.0207 1260 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys 10:00:37.0215 1260 amdide - ok 10:00:37.0252 1260 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys 10:00:37.0384 1260 AmdK7 - ok 10:00:37.0405 1260 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys 10:00:37.0448 1260 AmdK8 - ok 10:00:37.0506 1260 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys 10:00:37.0516 1260 arc - ok 10:00:37.0549 1260 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys 10:00:37.0572 1260 arcsas - ok 10:00:37.0626 1260 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys 10:00:37.0659 1260 AsyncMac - ok 10:00:37.0696 1260 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys 10:00:37.0703 1260 atapi - ok 10:00:37.0757 1260 ATSwpWDF (1ec637725aebe586508626ba50af3324) C:\Windows\system32\Drivers\ATSwpWDF.sys 10:00:37.0826 1260 ATSwpWDF - ok 10:00:37.0920 1260 AvgLdx86 (b8c187439d27aba430dd69fdcf1fa657) C:\Windows\System32\Drivers\avgldx86.sys 10:00:37.0932 1260 AvgLdx86 - ok 10:00:37.0954 1260 AvgMfx86 (80ff2b1b7eeda966394f0baa895bbf4b) C:\Windows\System32\Drivers\avgmfx86.sys 10:00:37.0960 1260 AvgMfx86 - ok 10:00:37.0991 1260 AvgTdiX (9a7a93388f503a34e7339ae7f9997449) C:\Windows\System32\Drivers\avgtdix.sys 10:00:38.0002 1260 AvgTdiX - ok 10:00:38.0059 1260 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys 10:00:38.0093 1260 Beep - ok 10:00:38.0146 1260 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys 10:00:38.0188 1260 blbdrive - ok 10:00:38.0263 1260 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys 10:00:38.0284 1260 bowser - ok 10:00:38.0329 1260 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys 10:00:38.0451 1260 BrFiltLo - ok 10:00:38.0479 1260 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys 10:00:38.0529 1260 BrFiltUp - ok 10:00:38.0573 1260 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys 10:00:38.0714 1260 Brserid - ok 10:00:38.0747 1260 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys 10:00:38.0802 1260 BrSerWdm - ok 10:00:38.0827 1260 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys 10:00:38.0882 1260 BrUsbMdm - ok 10:00:38.0913 1260 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys 10:00:38.0957 1260 BrUsbSer - ok 10:00:38.0999 1260 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys 10:00:39.0018 1260 BthEnum - ok 10:00:39.0060 1260 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys 10:00:39.0109 1260 BTHMODEM - ok 10:00:39.0147 1260 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys 10:00:39.0189 1260 BthPan - ok 10:00:39.0228 1260 BTHPORT (611ff3f2f095c8d4a6d4cfd9dcc09793) C:\Windows\system32\Drivers\BTHport.sys 10:00:39.0293 1260 BTHPORT - ok 10:00:39.0333 1260 BTHUSB (d330803eab2a15caec7f011f1d4cb30e) C:\Windows\system32\Drivers\BTHUSB.sys 10:00:39.0352 1260 BTHUSB - ok 10:00:39.0404 1260 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys 10:00:39.0433 1260 cdfs - ok 10:00:39.0495 1260 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys 10:00:39.0532 1260 cdrom - ok 10:00:39.0569 1260 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys 10:00:39.0609 1260 circlass - ok 10:00:39.0666 1260 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys 10:00:39.0681 1260 CLFS - ok 10:00:39.0759 1260 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys 10:00:39.0779 1260 CmBatt - ok 10:00:39.0809 1260 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys 10:00:39.0818 1260 cmdide - ok 10:00:39.0828 1260 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys 10:00:39.0836 1260 Compbatt - ok 10:00:39.0889 1260 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys 10:00:39.0898 1260 crcdisk - ok 10:00:39.0964 1260 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys 10:00:40.0004 1260 Crusoe - ok 10:00:40.0042 1260 CSC (9bdb2e89be8d0ef37b1f25c3d3fc192c) C:\Windows\system32\drivers\csc.sys 10:00:40.0089 1260 CSC - ok 10:00:40.0130 1260 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\Windows\system32\DRIVERS\CVirtA.sys 10:00:40.0171 1260 CVirtA - ok 10:00:40.0227 1260 CVPNDRVA (18994842386fd3039279d7865740abbd) C:\Windows\system32\Drivers\CVPNDRVA.sys 10:00:40.0247 1260 CVPNDRVA ( UnsignedFile.Multi.Generic ) - warning 10:00:40.0247 1260 CVPNDRVA - detected UnsignedFile.Multi.Generic (1) 10:00:40.0289 1260 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys 10:00:40.0323 1260 DfsC - ok 10:00:40.0389 1260 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys 10:00:40.0398 1260 disk - ok 10:00:40.0436 1260 DNE (b5aa5aa5ac327bd7c1aec0c58f0c1144) C:\Windows\system32\DRIVERS\dne2000.sys 10:00:40.0444 1260 DNE - ok 10:00:40.0492 1260 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys 10:00:40.0515 1260 drmkaud - ok 10:00:40.0549 1260 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys 10:00:40.0597 1260 DXGKrnl - ok 10:00:40.0678 1260 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys 10:00:40.0720 1260 E1G60 - ok 10:00:40.0756 1260 e1yexpress (76a02bc4e8008a8cbaf5cc7efb9df839) C:\Windows\system32\DRIVERS\e1y6032.sys 10:00:40.0767 1260 e1yexpress - ok 10:00:40.0835 1260 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys 10:00:40.0872 1260 Ecache - ok 10:00:41.0021 1260 eeCtrl (8f7dbc4be48f5388a6fe1f285e7948ef) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 10:00:41.0032 1260 eeCtrl - ok 10:00:41.0083 1260 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys 10:00:41.0100 1260 elxstor - ok 10:00:41.0157 1260 EraserUtilRebootDrv (3ee14d400e0fdd0d214275a4a20b7022) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 10:00:41.0165 1260 EraserUtilRebootDrv - ok 10:00:41.0206 1260 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys 10:00:41.0242 1260 ErrDev - ok 10:00:41.0282 1260 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys 10:00:41.0337 1260 exfat - ok 10:00:41.0376 1260 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys 10:00:41.0403 1260 fastfat - ok 10:00:41.0450 1260 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys 10:00:41.0486 1260 fdc - ok 10:00:41.0529 1260 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys 10:00:41.0537 1260 FileInfo - ok 10:00:41.0564 1260 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys 10:00:41.0584 1260 Filetrace - ok 10:00:41.0633 1260 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys 10:00:41.0690 1260 flpydisk - ok 10:00:41.0735 1260 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys 10:00:41.0747 1260 FltMgr - ok 10:00:41.0784 1260 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys 10:00:41.0800 1260 Fs_Rec - ok 10:00:41.0820 1260 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys 10:00:41.0828 1260 gagp30kx - ok 10:00:41.0871 1260 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 10:00:41.0877 1260 GEARAspiWDM - ok 10:00:41.0937 1260 HBtnKey (de15777902a5d9121857d155873a1d1b) C:\Windows\system32\DRIVERS\cpqbttn.sys 10:00:41.0973 1260 HBtnKey - ok 10:00:42.0029 1260 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys 10:00:42.0083 1260 HdAudAddService - ok 10:00:42.0127 1260 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys 10:00:42.0162 1260 HDAudBus - ok 10:00:42.0239 1260 HECI (2df64415a28ce036ac6acec7645a996f) C:\Windows\system32\DRIVERS\HECI.sys 10:00:42.0277 1260 HECI - ok 10:00:42.0308 1260 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys 10:00:42.0361 1260 HidBth - ok 10:00:42.0398 1260 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys 10:00:42.0447 1260 HidIr - ok 10:00:42.0508 1260 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys 10:00:42.0548 1260 HidUsb - ok 10:00:42.0591 1260 hotcore3 (8be9369d385dc0fdf86a59f70d90ae79) C:\Windows\system32\DRIVERS\hotcore3.sys 10:00:42.0599 1260 hotcore3 - ok 10:00:42.0639 1260 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys 10:00:42.0647 1260 HpCISSs - ok 10:00:42.0684 1260 hpdskflt (3520a74fca88a5aefbbe7b937bea75f7) C:\Windows\system32\DRIVERS\hpdskflt.sys 10:00:42.0690 1260 hpdskflt - ok 10:00:42.0764 1260 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys 10:00:42.0799 1260 HTTP - ok 10:00:42.0864 1260 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys 10:00:42.0872 1260 i2omp - ok 10:00:42.0918 1260 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys 10:00:42.0951 1260 i8042prt - ok 10:00:42.0983 1260 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys 10:00:42.0997 1260 iaStorV - ok 10:00:43.0034 1260 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys 10:00:43.0042 1260 iirsp - ok 10:00:43.0101 1260 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys 10:00:43.0109 1260 intelide - ok 10:00:43.0139 1260 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys 10:00:43.0164 1260 intelppm - ok 10:00:43.0199 1260 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys 10:00:43.0227 1260 IpFilterDriver - ok 10:00:43.0238 1260 IpInIp - ok 10:00:43.0269 1260 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys 10:00:43.0303 1260 IPMIDRV - ok 10:00:43.0326 1260 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys 10:00:43.0359 1260 IPNAT - ok 10:00:43.0399 1260 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys 10:00:43.0432 1260 IRENUM - ok 10:00:43.0462 1260 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys 10:00:43.0471 1260 isapnp - ok 10:00:43.0504 1260 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys 10:00:43.0516 1260 iScsiPrt - ok 10:00:43.0542 1260 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys 10:00:43.0550 1260 iteatapi - ok 10:00:43.0564 1260 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys 10:00:43.0571 1260 iteraid - ok 10:00:43.0596 1260 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys 10:00:43.0605 1260 kbdclass - ok 10:00:43.0633 1260 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys 10:00:43.0648 1260 kbdhid - ok 10:00:43.0681 1260 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys 10:00:43.0702 1260 KSecDD - ok 10:00:43.0778 1260 Lbd (713cd5267abfb86fe90a72e384e82a38) C:\Windows\system32\DRIVERS\Lbd.sys 10:00:43.0786 1260 Lbd - ok 10:00:43.0828 1260 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys 10:00:43.0848 1260 lltdio - ok 10:00:43.0892 1260 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys 10:00:43.0902 1260 LSI_FC - ok 10:00:43.0931 1260 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys 10:00:43.0941 1260 LSI_SAS - ok 10:00:43.0993 1260 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys 10:00:44.0003 1260 LSI_SCSI - ok 10:00:44.0014 1260 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys 10:00:44.0053 1260 luafv - ok 10:00:44.0107 1260 MBAMSwissArmy (0905dc0814d738cff53577a59ccd81e0) C:\Windows\system32\drivers\mbamswissarmy.sys 10:00:44.0115 1260 MBAMSwissArmy - ok 10:00:44.0140 1260 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys 10:00:44.0148 1260 megasas - ok 10:00:44.0183 1260 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys 10:00:44.0202 1260 MegaSR - ok 10:00:44.0238 1260 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys 10:00:44.0266 1260 Modem - ok 10:00:44.0297 1260 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys 10:00:44.0328 1260 monitor - ok 10:00:44.0354 1260 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys 10:00:44.0361 1260 mouclass - ok 10:00:44.0399 1260 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys 10:00:44.0430 1260 mouhid - ok 10:00:44.0450 1260 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys 10:00:44.0459 1260 MountMgr - ok 10:00:44.0502 1260 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys 10:00:44.0511 1260 mpio - ok 10:00:44.0543 1260 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys 10:00:44.0571 1260 mpsdrv - ok 10:00:44.0603 1260 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys 10:00:44.0659 1260 Mraid35x - ok 10:00:44.0694 1260 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys 10:00:44.0737 1260 MRxDAV - ok 10:00:44.0784 1260 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys 10:00:44.0811 1260 mrxsmb - ok 10:00:44.0855 1260 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys 10:00:44.0871 1260 mrxsmb10 - ok 10:00:44.0920 1260 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 10:00:44.0945 1260 mrxsmb20 - ok 10:00:44.0989 1260 msahci (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys 10:00:44.0998 1260 msahci - ok 10:00:45.0027 1260 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys 10:00:45.0036 1260 msdsm - ok 10:00:45.0074 1260 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys 10:00:45.0103 1260 Msfs - ok 10:00:45.0134 1260 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys 10:00:45.0142 1260 msisadrv - ok 10:00:45.0182 1260 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys 10:00:45.0202 1260 MSKSSRV - ok 10:00:45.0220 1260 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys 10:00:45.0253 1260 MSPCLOCK - ok 10:00:45.0275 1260 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys 10:00:45.0294 1260 MSPQM - ok 10:00:45.0322 1260 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys 10:00:45.0335 1260 MsRPC - ok 10:00:45.0363 1260 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys 10:00:45.0370 1260 mssmbios - ok 10:00:45.0408 1260 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys 10:00:45.0427 1260 MSTEE - ok 10:00:45.0461 1260 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys 10:00:45.0471 1260 Mup - ok 10:00:45.0515 1260 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys 10:00:45.0529 1260 NativeWifiP - ok 10:00:45.0680 1260 NAVENG (862f55824ac81295837b0ab63f91071f) C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20111105.009\NAVENG.SYS 10:00:45.0685 1260 NAVENG - ok 10:00:45.0740 1260 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20111105.009\NAVEX15.SYS 10:00:45.0775 1260 NAVEX15 - ok 10:00:45.0853 1260 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys 10:00:45.0874 1260 NDIS - ok 10:00:45.0919 1260 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys 10:00:45.0950 1260 NdisTapi - ok 10:00:45.0965 1260 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys 10:00:45.0993 1260 Ndisuio - ok 10:00:46.0039 1260 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys 10:00:46.0069 1260 NdisWan - ok 10:00:46.0097 1260 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys 10:00:46.0119 1260 NDProxy - ok 10:00:46.0181 1260 Netaapl (1352e1648213551923a0a822e441553c) C:\Windows\system32\DRIVERS\netaapl.sys 10:00:46.0214 1260 Netaapl - ok 10:00:46.0250 1260 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys 10:00:46.0277 1260 NetBIOS - ok 10:00:46.0322 1260 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys 10:00:46.0341 1260 netbt - ok 10:00:46.0470 1260 NETw5v32 (e559ea9138c77b5d1fda8c558764a25f) C:\Windows\system32\DRIVERS\NETw5v32.sys 10:00:46.0623 1260 NETw5v32 - ok 10:00:46.0658 1260 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys 10:00:46.0723 1260 nfrd960 - ok 10:00:46.0782 1260 NPF (b48dc6abcd3aeff8618350ccbdc6b09a) C:\Windows\system32\drivers\npf.sys 10:00:46.0789 1260 NPF - ok 10:00:46.0809 1260 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys 10:00:46.0838 1260 Npfs - ok 10:00:46.0868 1260 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys 10:00:46.0887 1260 nsiproxy - ok 10:00:46.0946 1260 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys 10:00:46.0992 1260 Ntfs - ok 10:00:47.0025 1260 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys 10:00:47.0081 1260 ntrigdigi - ok 10:00:47.0106 1260 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys 10:00:47.0137 1260 Null - ok 10:00:47.0300 1260 nvlddmkm (c8deeb8b743a1697edb5e2cfd0b6aec6) C:\Windows\system32\DRIVERS\nvlddmkm.sys 10:00:47.0640 1260 nvlddmkm - ok 10:00:47.0672 1260 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys 10:00:47.0681 1260 nvraid - ok 10:00:47.0700 1260 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys 10:00:47.0708 1260 nvstor - ok 10:00:47.0741 1260 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys 10:00:47.0751 1260 nv_agp - ok 10:00:47.0761 1260 NwlnkFlt - ok 10:00:47.0771 1260 NwlnkFwd - ok 10:00:47.0803 1260 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys 10:00:47.0818 1260 ohci1394 - ok 10:00:47.0891 1260 Parport (8a79fdf04a73428597e2caf9d0d67850) C:\Windows\system32\DRIVERS\parport.sys 10:00:47.0936 1260 Parport - ok 10:00:47.0962 1260 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys 10:00:47.0972 1260 partmgr - ok 10:00:47.0997 1260 Parvdm (6c580025c81caf3ae9e3617c22cad00e) C:\Windows\system32\DRIVERS\parvdm.sys 10:00:48.0024 1260 Parvdm - ok 10:00:48.0059 1260 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys 10:00:48.0070 1260 pci - ok 10:00:48.0111 1260 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys 10:00:48.0120 1260 pciide - ok 10:00:48.0140 1260 pcmcia (3bb2244f343b610c29c98035504c9b75) C:\Windows\system32\DRIVERS\pcmcia.sys 10:00:48.0152 1260 pcmcia - ok 10:00:48.0213 1260 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys 10:00:48.0284 1260 PEAUTH - ok 10:00:48.0360 1260 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys 10:00:48.0389 1260 PptpMiniport - ok 10:00:48.0426 1260 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys 10:00:48.0460 1260 Processor - ok 10:00:48.0504 1260 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys 10:00:48.0537 1260 PSched - ok 10:00:48.0575 1260 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\Windows\system32\Drivers\PxHelp20.sys 10:00:48.0582 1260 PxHelp20 - ok 10:00:48.0649 1260 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys 10:00:48.0697 1260 ql2300 - ok 10:00:48.0731 1260 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys 10:00:48.0752 1260 ql40xx - ok 10:00:48.0786 1260 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys 10:00:48.0813 1260 QWAVEdrv - ok 10:00:48.0829 1260 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys 10:00:48.0861 1260 RasAcd - ok 10:00:48.0889 1260 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys 10:00:48.0924 1260 Rasl2tp - ok 10:00:48.0964 1260 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys 10:00:48.0981 1260 RasPppoe - ok 10:00:49.0045 1260 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys 10:00:49.0057 1260 RasSstp - ok 10:00:49.0097 1260 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys 10:00:49.0128 1260 rdbss - ok 10:00:49.0148 1260 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys 10:00:49.0179 1260 RDPCDD - ok 10:00:49.0203 1260 rdpdr (943b18305eae3935598a9b4a3d560b4c) C:\Windows\system32\DRIVERS\rdpdr.sys 10:00:49.0230 1260 rdpdr - ok 10:00:49.0241 1260 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys 10:00:49.0260 1260 RDPENCDD - ok 10:00:49.0298 1260 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys 10:00:49.0353 1260 RDPWD - ok 10:00:49.0381 1260 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys 10:00:49.0408 1260 RFCOMM - ok 10:00:49.0443 1260 rimmptsk (ded01a389926a89540b82373e4c550ee) C:\Windows\system32\DRIVERS\rimmptsk.sys 10:00:49.0473 1260 rimmptsk - ok 10:00:49.0523 1260 rimsptsk (c398bca91216755b098679a8da8a2300) C:\Windows\system32\DRIVERS\rimsptsk.sys 10:00:49.0581 1260 rimsptsk - ok 10:00:49.0614 1260 rismc32 (7c21554942bef51cbd84fd7d4e62cb9a) C:\Windows\system32\DRIVERS\rismc32.sys 10:00:49.0634 1260 rismc32 - ok 10:00:49.0686 1260 rismxdp (2a2554cb24506e0a0508fc395c4a1b42) C:\Windows\system32\DRIVERS\rixdptsk.sys 10:00:49.0701 1260 rismxdp - ok 10:00:49.0758 1260 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys 10:00:49.0785 1260 rspndr - ok 10:00:49.0826 1260 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys 10:00:49.0834 1260 sbp2port - ok 10:00:49.0916 1260 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys 10:00:49.0949 1260 sdbus - ok 10:00:49.0973 1260 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 10:00:50.0018 1260 secdrv - ok 10:00:50.0078 1260 Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys 10:00:50.0097 1260 Serenum - ok 10:00:50.0149 1260 Serial (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys 10:00:50.0170 1260 Serial - ok 10:00:50.0194 1260 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys 10:00:50.0213 1260 sermouse - ok 10:00:50.0249 1260 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys 10:00:50.0279 1260 sffdisk - ok 10:00:50.0313 1260 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys 10:00:50.0341 1260 sffp_mmc - ok 10:00:50.0364 1260 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys 10:00:50.0383 1260 sffp_sd - ok 10:00:50.0407 1260 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys 10:00:50.0460 1260 sfloppy - ok 10:00:50.0519 1260 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys 10:00:50.0528 1260 sisagp - ok 10:00:50.0558 1260 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys 10:00:50.0566 1260 SiSRaid2 - ok 10:00:50.0610 1260 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys 10:00:50.0630 1260 SiSRaid4 - ok 10:00:50.0661 1260 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys 10:00:50.0696 1260 Smb - ok 10:00:50.0767 1260 SNP2UVC (cf9cde12fbc19dba8de528b7511a2f4f) C:\Windows\system32\DRIVERS\snp2uvc.sys 10:00:50.0879 1260 SNP2UVC - ok 10:00:51.0083 1260 SPBBCDrv (e87cf104f12c92401c4d33c50a3d5dc8) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys 10:00:51.0100 1260 SPBBCDrv - ok 10:00:51.0120 1260 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys 10:00:51.0128 1260 spldr - ok 10:00:51.0152 1260 SRTSP (14389e87d0d2e25b12bf2cc74cfaee07) C:\Windows\system32\Drivers\SRTSP.SYS 10:00:51.0165 1260 SRTSP - ok 10:00:51.0200 1260 SRTSPL (aed0f68c185fe698a21cefcd76f0b8a4) C:\Windows\system32\Drivers\SRTSPL.SYS 10:00:51.0213 1260 SRTSPL - ok 10:00:51.0251 1260 SRTSPX (0e2ca6326726477fe29863808bbad413) C:\Windows\system32\Drivers\SRTSPX.SYS 10:00:51.0258 1260 SRTSPX - ok 10:00:51.0298 1260 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys 10:00:51.0357 1260 srv - ok 10:00:51.0392 1260 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys 10:00:51.0431 1260 srv2 - ok 10:00:51.0480 1260 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys 10:00:51.0492 1260 srvnet - ok 10:00:51.0517 1260 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys 10:00:51.0525 1260 swenum - ok 10:00:51.0557 1260 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys 10:00:51.0564 1260 Symc8xx - ok 10:00:51.0644 1260 SymEvent (e42a34e6f5ca71a84d4c2de620aad13d) C:\Windows\system32\Drivers\SYMEVENT.SYS 10:00:51.0652 1260 SymEvent - ok 10:00:51.0717 1260 SYMREDRV (394b2368212114d538316812af60fddd) C:\Windows\System32\Drivers\SYMREDRV.SYS 10:00:51.0726 1260 SYMREDRV - ok 10:00:51.0752 1260 SYMTDI (d46676bb414c7531bdffe637a33f5033) C:\Windows\System32\Drivers\SYMTDI.SYS 10:00:51.0762 1260 SYMTDI - ok 10:00:51.0797 1260 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys 10:00:51.0805 1260 Sym_hi - ok 10:00:51.0833 1260 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys 10:00:51.0841 1260 Sym_u3 - ok 10:00:51.0911 1260 SynTP (f5d926807bd9bc0af68f9376144de425) C:\Windows\system32\DRIVERS\SynTP.sys 10:00:51.0922 1260 SynTP - ok 10:00:51.0983 1260 Tcpip (2756186e287139310997090797e0182b) C:\Windows\system32\drivers\tcpip.sys 10:00:52.0028 1260 Tcpip - ok 10:00:52.0075 1260 Tcpip6 (2756186e287139310997090797e0182b) C:\Windows\system32\DRIVERS\tcpip.sys 10:00:52.0098 1260 Tcpip6 - ok 10:00:52.0171 1260 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys 10:00:52.0207 1260 tcpipreg - ok 10:00:52.0228 1260 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys 10:00:52.0258 1260 TDPIPE - ok 10:00:52.0286 1260 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys 10:00:52.0320 1260 TDTCP - ok 10:00:52.0352 1260 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys 10:00:52.0378 1260 tdx - ok 10:00:52.0415 1260 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys 10:00:52.0424 1260 TermDD - ok 10:00:52.0492 1260 TPM (cb258c2f726f1be73c507022be33ebb3) C:\Windows\system32\drivers\tpm.sys 10:00:52.0500 1260 TPM - ok 10:00:52.0549 1260 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys 10:00:52.0583 1260 tssecsrv - ok 10:00:52.0606 1260 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys 10:00:52.0634 1260 tunmp - ok 10:00:52.0674 1260 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys 10:00:52.0694 1260 tunnel - ok 10:00:52.0713 1260 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys 10:00:52.0722 1260 uagp35 - ok 10:00:52.0775 1260 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys 10:00:52.0795 1260 udfs - ok 10:00:52.0853 1260 UimBus (16264d4a7f052a7cc516b23e00b14213) C:\Windows\system32\DRIVERS\UimBus.sys 10:00:52.0859 1260 UimBus - ok 10:00:52.0895 1260 Uim_IM (811e4296913821ce402b9e6629740350) C:\Windows\system32\Drivers\Uim_IM.sys 10:00:52.0910 1260 Uim_IM - ok 10:00:52.0920 1260 UIUSys - ok 10:00:52.0969 1260 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys 10:00:52.0978 1260 uliagpkx - ok 10:00:53.0003 1260 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys 10:00:53.0016 1260 uliahci - ok 10:00:53.0040 1260 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys 10:00:53.0049 1260 UlSata - ok 10:00:53.0084 1260 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys 10:00:53.0094 1260 ulsata2 - ok 10:00:53.0131 1260 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys 10:00:53.0161 1260 umbus - ok 10:00:53.0217 1260 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys 10:00:53.0263 1260 USBAAPL - ok 10:00:53.0305 1260 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys 10:00:53.0332 1260 usbccgp - ok 10:00:53.0376 1260 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys 10:00:53.0423 1260 usbcir - ok 10:00:53.0477 1260 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys 10:00:53.0493 1260 usbehci - ok 10:00:53.0534 1260 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys 10:00:53.0553 1260 usbhub - ok 10:00:53.0584 1260 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys 10:00:53.0633 1260 usbohci - ok 10:00:53.0682 1260 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys 10:00:53.0703 1260 usbprint - ok 10:00:53.0778 1260 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys 10:00:53.0816 1260 usbscan - ok 10:00:53.0838 1260 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS 10:00:53.0859 1260 USBSTOR - ok 10:00:53.0881 1260 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys 10:00:53.0904 1260 usbuhci - ok 10:00:53.0962 1260 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys 10:00:53.0998 1260 usbvideo - ok 10:00:54.0049 1260 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys 10:00:54.0085 1260 vga - ok 10:00:54.0107 1260 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys 10:00:54.0127 1260 VgaSave - ok 10:00:54.0148 1260 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys 10:00:54.0156 1260 viaagp - ok 10:00:54.0195 1260 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys 10:00:54.0234 1260 ViaC7 - ok 10:00:54.0268 1260 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys 10:00:54.0276 1260 viaide - ok 10:00:54.0306 1260 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys 10:00:54.0314 1260 volmgr - ok 10:00:54.0343 1260 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys 10:00:54.0359 1260 volmgrx - ok 10:00:54.0406 1260 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys 10:00:54.0420 1260 volsnap - ok 10:00:54.0451 1260 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys 10:00:54.0461 1260 vsmraid - ok 10:00:54.0496 1260 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys 10:00:54.0531 1260 WacomPen - ok 10:00:54.0574 1260 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 10:00:54.0590 1260 Wanarp - ok 10:00:54.0593 1260 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 10:00:54.0618 1260 Wanarpv6 - ok 10:00:54.0655 1260 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys 10:00:54.0663 1260 Wd - ok 10:00:54.0702 1260 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys 10:00:54.0760 1260 Wdf01000 - ok 10:00:54.0819 1260 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys 10:00:54.0834 1260 WmiAcpi - ok 10:00:54.0884 1260 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys 10:00:54.0911 1260 WpdUsb - ok 10:00:54.0929 1260 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys 10:00:54.0948 1260 ws2ifsl - ok 10:00:55.0008 1260 WSDPrintDevice (4422ac5ed8d4c2f0db63e71d4c069dd7) C:\Windows\system32\DRIVERS\WSDPrint.sys 10:00:55.0027 1260 WSDPrintDevice - ok 10:00:55.0063 1260 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys 10:00:55.0095 1260 WUDFRd - ok 10:00:55.0138 1260 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0 10:00:55.0282 1260 \Device\Harddisk0\DR0 - ok 10:00:55.0302 1260 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1 10:00:55.0406 1260 \Device\Harddisk1\DR1 - ok 10:00:55.0413 1260 Boot (0x1200) (8f54955bbe752075e34f616b91888902) \Device\Harddisk0\DR0\Partition0 10:00:55.0414 1260 \Device\Harddisk0\DR0\Partition0 - ok 10:00:55.0418 1260 Boot (0x1200) (dbeecd0976230721f2e198e10bab7ef6) \Device\Harddisk1\DR1\Partition0 10:00:55.0419 1260 \Device\Harddisk1\DR1\Partition0 - ok 10:00:55.0419 1260 ============================================================ 10:00:55.0419 1260 Scan finished 10:00:55.0419 1260 ============================================================ 10:00:55.0425 0832 Detected object count: 1 10:00:55.0425 0832 Actual detected object count: 1 10:01:23.0820 0832 CVPNDRVA ( UnsignedFile.Multi.Generic ) - skipped by user 10:01:23.0820 0832 CVPNDRVA ( UnsignedFile.Multi.Generic ) - User select action: Skip (Sorry dass es immer so lange dauert, bin in den Staaten und bin 7h hinter Deutscher Zeit) |
|
09.11.2011, 17:29
| #12 |
| | Privacy Protection mit rkill und tdsskiller behandelt. Alles sauber? TDSSKILL ausgeführt. 1 Threat gefunden. Geskipped, wie gewünscht. Hier das Log File. DANKE! 09:59:29.0559 1168 TDSS rootkit removing tool 2.6.16.0 Nov 7 2011 16:26:51 09:59:29.0658 1168 ============================================================ 09:59:29.0658 1168 Current date / time: 2011/11/09 09:59:29.0658 09:59:29.0658 1168 SystemInfo: 09:59:29.0658 1168 09:59:29.0658 1168 OS Version: 6.0.6002 ServicePack: 2.0 09:59:29.0658 1168 Product type: Workstation 09:59:29.0658 1168 ComputerName: RTSPC 09:59:29.0658 1168 UserName: Raffaele 09:59:29.0658 1168 Windows directory: C:\Windows 09:59:29.0658 1168 System windows directory: C:\Windows 09:59:29.0658 1168 Processor architecture: Intel x86 09:59:29.0658 1168 Number of processors: 2 09:59:29.0658 1168 Page size: 0x1000 09:59:29.0658 1168 Boot type: Safe boot with network 09:59:29.0658 1168 ============================================================ 09:59:30.0853 1168 Initialize success 10:00:35.0408 1260 ============================================================ 10:00:35.0408 1260 Scan started 10:00:35.0408 1260 Mode: Manual; SigCheck; TDLFS; 10:00:35.0408 1260 ============================================================ 10:00:36.0097 1260 Accelerometer (a9b917777841b76f299e2ea946e03adf) C:\Windows\system32\DRIVERS\Accelerometer.sys 10:00:36.0199 1260 Accelerometer - ok 10:00:36.0232 1260 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys 10:00:36.0248 1260 ACPI - ok 10:00:36.0291 1260 ADIHdAudAddService (3d691c6bf2b258e738057b42f9f57cce) C:\Windows\system32\drivers\ADIHdAud.sys 10:00:36.0393 1260 ADIHdAudAddService - ok 10:00:36.0473 1260 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys 10:00:36.0493 1260 adp94xx - ok 10:00:36.0537 1260 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys 10:00:36.0552 1260 adpahci - ok 10:00:36.0575 1260 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys 10:00:36.0585 1260 adpu160m - ok 10:00:36.0606 1260 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys 10:00:36.0626 1260 adpu320 - ok 10:00:36.0715 1260 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys 10:00:36.0754 1260 AFD - ok 10:00:36.0821 1260 AgereSoftModem (38325c6aa8eae011897d61ce48ec6435) C:\Windows\system32\DRIVERS\AGRSM.sys 10:00:36.0963 1260 AgereSoftModem - ok 10:00:37.0009 1260 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys 10:00:37.0018 1260 agp440 - ok 10:00:37.0084 1260 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys 10:00:37.0094 1260 aic78xx - ok 10:00:37.0144 1260 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys 10:00:37.0152 1260 aliide - ok 10:00:37.0176 1260 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys 10:00:37.0185 1260 amdagp - ok 10:00:37.0207 1260 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys 10:00:37.0215 1260 amdide - ok 10:00:37.0252 1260 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys 10:00:37.0384 1260 AmdK7 - ok 10:00:37.0405 1260 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys 10:00:37.0448 1260 AmdK8 - ok 10:00:37.0506 1260 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys 10:00:37.0516 1260 arc - ok 10:00:37.0549 1260 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys 10:00:37.0572 1260 arcsas - ok 10:00:37.0626 1260 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys 10:00:37.0659 1260 AsyncMac - ok 10:00:37.0696 1260 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys 10:00:37.0703 1260 atapi - ok 10:00:37.0757 1260 ATSwpWDF (1ec637725aebe586508626ba50af3324) C:\Windows\system32\Drivers\ATSwpWDF.sys 10:00:37.0826 1260 ATSwpWDF - ok 10:00:37.0920 1260 AvgLdx86 (b8c187439d27aba430dd69fdcf1fa657) C:\Windows\System32\Drivers\avgldx86.sys 10:00:37.0932 1260 AvgLdx86 - ok 10:00:37.0954 1260 AvgMfx86 (80ff2b1b7eeda966394f0baa895bbf4b) C:\Windows\System32\Drivers\avgmfx86.sys 10:00:37.0960 1260 AvgMfx86 - ok 10:00:37.0991 1260 AvgTdiX (9a7a93388f503a34e7339ae7f9997449) C:\Windows\System32\Drivers\avgtdix.sys 10:00:38.0002 1260 AvgTdiX - ok 10:00:38.0059 1260 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys 10:00:38.0093 1260 Beep - ok 10:00:38.0146 1260 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys 10:00:38.0188 1260 blbdrive - ok 10:00:38.0263 1260 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys 10:00:38.0284 1260 bowser - ok 10:00:38.0329 1260 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys 10:00:38.0451 1260 BrFiltLo - ok 10:00:38.0479 1260 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys 10:00:38.0529 1260 BrFiltUp - ok 10:00:38.0573 1260 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys 10:00:38.0714 1260 Brserid - ok 10:00:38.0747 1260 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys 10:00:38.0802 1260 BrSerWdm - ok 10:00:38.0827 1260 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys 10:00:38.0882 1260 BrUsbMdm - ok 10:00:38.0913 1260 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys 10:00:38.0957 1260 BrUsbSer - ok 10:00:38.0999 1260 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys 10:00:39.0018 1260 BthEnum - ok 10:00:39.0060 1260 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys 10:00:39.0109 1260 BTHMODEM - ok 10:00:39.0147 1260 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys 10:00:39.0189 1260 BthPan - ok 10:00:39.0228 1260 BTHPORT (611ff3f2f095c8d4a6d4cfd9dcc09793) C:\Windows\system32\Drivers\BTHport.sys 10:00:39.0293 1260 BTHPORT - ok 10:00:39.0333 1260 BTHUSB (d330803eab2a15caec7f011f1d4cb30e) C:\Windows\system32\Drivers\BTHUSB.sys 10:00:39.0352 1260 BTHUSB - ok 10:00:39.0404 1260 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys 10:00:39.0433 1260 cdfs - ok 10:00:39.0495 1260 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys 10:00:39.0532 1260 cdrom - ok 10:00:39.0569 1260 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys 10:00:39.0609 1260 circlass - ok 10:00:39.0666 1260 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys 10:00:39.0681 1260 CLFS - ok 10:00:39.0759 1260 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys 10:00:39.0779 1260 CmBatt - ok 10:00:39.0809 1260 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys 10:00:39.0818 1260 cmdide - ok 10:00:39.0828 1260 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys 10:00:39.0836 1260 Compbatt - ok 10:00:39.0889 1260 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys 10:00:39.0898 1260 crcdisk - ok 10:00:39.0964 1260 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys 10:00:40.0004 1260 Crusoe - ok 10:00:40.0042 1260 CSC (9bdb2e89be8d0ef37b1f25c3d3fc192c) C:\Windows\system32\drivers\csc.sys 10:00:40.0089 1260 CSC - ok 10:00:40.0130 1260 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\Windows\system32\DRIVERS\CVirtA.sys 10:00:40.0171 1260 CVirtA - ok 10:00:40.0227 1260 CVPNDRVA (18994842386fd3039279d7865740abbd) C:\Windows\system32\Drivers\CVPNDRVA.sys 10:00:40.0247 1260 CVPNDRVA ( UnsignedFile.Multi.Generic ) - warning 10:00:40.0247 1260 CVPNDRVA - detected UnsignedFile.Multi.Generic (1) 10:00:40.0289 1260 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys 10:00:40.0323 1260 DfsC - ok 10:00:40.0389 1260 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys 10:00:40.0398 1260 disk - ok 10:00:40.0436 1260 DNE (b5aa5aa5ac327bd7c1aec0c58f0c1144) C:\Windows\system32\DRIVERS\dne2000.sys 10:00:40.0444 1260 DNE - ok 10:00:40.0492 1260 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys 10:00:40.0515 1260 drmkaud - ok 10:00:40.0549 1260 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys 10:00:40.0597 1260 DXGKrnl - ok 10:00:40.0678 1260 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys 10:00:40.0720 1260 E1G60 - ok 10:00:40.0756 1260 e1yexpress (76a02bc4e8008a8cbaf5cc7efb9df839) C:\Windows\system32\DRIVERS\e1y6032.sys 10:00:40.0767 1260 e1yexpress - ok 10:00:40.0835 1260 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys 10:00:40.0872 1260 Ecache - ok 10:00:41.0021 1260 eeCtrl (8f7dbc4be48f5388a6fe1f285e7948ef) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 10:00:41.0032 1260 eeCtrl - ok 10:00:41.0083 1260 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys 10:00:41.0100 1260 elxstor - ok 10:00:41.0157 1260 EraserUtilRebootDrv (3ee14d400e0fdd0d214275a4a20b7022) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 10:00:41.0165 1260 EraserUtilRebootDrv - ok 10:00:41.0206 1260 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys 10:00:41.0242 1260 ErrDev - ok 10:00:41.0282 1260 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys 10:00:41.0337 1260 exfat - ok 10:00:41.0376 1260 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys 10:00:41.0403 1260 fastfat - ok 10:00:41.0450 1260 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys 10:00:41.0486 1260 fdc - ok 10:00:41.0529 1260 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys 10:00:41.0537 1260 FileInfo - ok 10:00:41.0564 1260 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys 10:00:41.0584 1260 Filetrace - ok 10:00:41.0633 1260 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys 10:00:41.0690 1260 flpydisk - ok 10:00:41.0735 1260 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys 10:00:41.0747 1260 FltMgr - ok 10:00:41.0784 1260 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys 10:00:41.0800 1260 Fs_Rec - ok 10:00:41.0820 1260 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys 10:00:41.0828 1260 gagp30kx - ok 10:00:41.0871 1260 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 10:00:41.0877 1260 GEARAspiWDM - ok 10:00:41.0937 1260 HBtnKey (de15777902a5d9121857d155873a1d1b) C:\Windows\system32\DRIVERS\cpqbttn.sys 10:00:41.0973 1260 HBtnKey - ok 10:00:42.0029 1260 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys 10:00:42.0083 1260 HdAudAddService - ok 10:00:42.0127 1260 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys 10:00:42.0162 1260 HDAudBus - ok 10:00:42.0239 1260 HECI (2df64415a28ce036ac6acec7645a996f) C:\Windows\system32\DRIVERS\HECI.sys 10:00:42.0277 1260 HECI - ok 10:00:42.0308 1260 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys 10:00:42.0361 1260 HidBth - ok 10:00:42.0398 1260 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys 10:00:42.0447 1260 HidIr - ok 10:00:42.0508 1260 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys 10:00:42.0548 1260 HidUsb - ok 10:00:42.0591 1260 hotcore3 (8be9369d385dc0fdf86a59f70d90ae79) C:\Windows\system32\DRIVERS\hotcore3.sys 10:00:42.0599 1260 hotcore3 - ok 10:00:42.0639 1260 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys 10:00:42.0647 1260 HpCISSs - ok 10:00:42.0684 1260 hpdskflt (3520a74fca88a5aefbbe7b937bea75f7) C:\Windows\system32\DRIVERS\hpdskflt.sys 10:00:42.0690 1260 hpdskflt - ok 10:00:42.0764 1260 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys 10:00:42.0799 1260 HTTP - ok 10:00:42.0864 1260 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys 10:00:42.0872 1260 i2omp - ok 10:00:42.0918 1260 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys 10:00:42.0951 1260 i8042prt - ok 10:00:42.0983 1260 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys 10:00:42.0997 1260 iaStorV - ok 10:00:43.0034 1260 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys 10:00:43.0042 1260 iirsp - ok 10:00:43.0101 1260 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys 10:00:43.0109 1260 intelide - ok 10:00:43.0139 1260 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys 10:00:43.0164 1260 intelppm - ok 10:00:43.0199 1260 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys 10:00:43.0227 1260 IpFilterDriver - ok 10:00:43.0238 1260 IpInIp - ok 10:00:43.0269 1260 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys 10:00:43.0303 1260 IPMIDRV - ok 10:00:43.0326 1260 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys 10:00:43.0359 1260 IPNAT - ok 10:00:43.0399 1260 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys 10:00:43.0432 1260 IRENUM - ok 10:00:43.0462 1260 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys 10:00:43.0471 1260 isapnp - ok 10:00:43.0504 1260 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys 10:00:43.0516 1260 iScsiPrt - ok 10:00:43.0542 1260 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys 10:00:43.0550 1260 iteatapi - ok 10:00:43.0564 1260 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys 10:00:43.0571 1260 iteraid - ok 10:00:43.0596 1260 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys 10:00:43.0605 1260 kbdclass - ok 10:00:43.0633 1260 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys 10:00:43.0648 1260 kbdhid - ok 10:00:43.0681 1260 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys 10:00:43.0702 1260 KSecDD - ok 10:00:43.0778 1260 Lbd (713cd5267abfb86fe90a72e384e82a38) C:\Windows\system32\DRIVERS\Lbd.sys 10:00:43.0786 1260 Lbd - ok 10:00:43.0828 1260 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys 10:00:43.0848 1260 lltdio - ok 10:00:43.0892 1260 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys 10:00:43.0902 1260 LSI_FC - ok 10:00:43.0931 1260 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys 10:00:43.0941 1260 LSI_SAS - ok 10:00:43.0993 1260 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys 10:00:44.0003 1260 LSI_SCSI - ok 10:00:44.0014 1260 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys 10:00:44.0053 1260 luafv - ok 10:00:44.0107 1260 MBAMSwissArmy (0905dc0814d738cff53577a59ccd81e0) C:\Windows\system32\drivers\mbamswissarmy.sys 10:00:44.0115 1260 MBAMSwissArmy - ok 10:00:44.0140 1260 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys 10:00:44.0148 1260 megasas - ok 10:00:44.0183 1260 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys 10:00:44.0202 1260 MegaSR - ok 10:00:44.0238 1260 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys 10:00:44.0266 1260 Modem - ok 10:00:44.0297 1260 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys 10:00:44.0328 1260 monitor - ok 10:00:44.0354 1260 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys 10:00:44.0361 1260 mouclass - ok 10:00:44.0399 1260 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys 10:00:44.0430 1260 mouhid - ok 10:00:44.0450 1260 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys 10:00:44.0459 1260 MountMgr - ok 10:00:44.0502 1260 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys 10:00:44.0511 1260 mpio - ok 10:00:44.0543 1260 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys 10:00:44.0571 1260 mpsdrv - ok 10:00:44.0603 1260 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys 10:00:44.0659 1260 Mraid35x - ok 10:00:44.0694 1260 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys 10:00:44.0737 1260 MRxDAV - ok 10:00:44.0784 1260 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys 10:00:44.0811 1260 mrxsmb - ok 10:00:44.0855 1260 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys 10:00:44.0871 1260 mrxsmb10 - ok 10:00:44.0920 1260 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 10:00:44.0945 1260 mrxsmb20 - ok 10:00:44.0989 1260 msahci (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys 10:00:44.0998 1260 msahci - ok 10:00:45.0027 1260 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys 10:00:45.0036 1260 msdsm - ok 10:00:45.0074 1260 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys 10:00:45.0103 1260 Msfs - ok 10:00:45.0134 1260 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys 10:00:45.0142 1260 msisadrv - ok 10:00:45.0182 1260 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys 10:00:45.0202 1260 MSKSSRV - ok 10:00:45.0220 1260 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys 10:00:45.0253 1260 MSPCLOCK - ok 10:00:45.0275 1260 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys 10:00:45.0294 1260 MSPQM - ok 10:00:45.0322 1260 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys 10:00:45.0335 1260 MsRPC - ok 10:00:45.0363 1260 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys 10:00:45.0370 1260 mssmbios - ok 10:00:45.0408 1260 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys 10:00:45.0427 1260 MSTEE - ok 10:00:45.0461 1260 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys 10:00:45.0471 1260 Mup - ok 10:00:45.0515 1260 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys 10:00:45.0529 1260 NativeWifiP - ok 10:00:45.0680 1260 NAVENG (862f55824ac81295837b0ab63f91071f) C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20111105.009\NAVENG.SYS 10:00:45.0685 1260 NAVENG - ok 10:00:45.0740 1260 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20111105.009\NAVEX15.SYS 10:00:45.0775 1260 NAVEX15 - ok 10:00:45.0853 1260 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys 10:00:45.0874 1260 NDIS - ok 10:00:45.0919 1260 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys 10:00:45.0950 1260 NdisTapi - ok 10:00:45.0965 1260 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys 10:00:45.0993 1260 Ndisuio - ok 10:00:46.0039 1260 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys 10:00:46.0069 1260 NdisWan - ok 10:00:46.0097 1260 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys 10:00:46.0119 1260 NDProxy - ok 10:00:46.0181 1260 Netaapl (1352e1648213551923a0a822e441553c) C:\Windows\system32\DRIVERS\netaapl.sys 10:00:46.0214 1260 Netaapl - ok 10:00:46.0250 1260 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys 10:00:46.0277 1260 NetBIOS - ok 10:00:46.0322 1260 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys 10:00:46.0341 1260 netbt - ok 10:00:46.0470 1260 NETw5v32 (e559ea9138c77b5d1fda8c558764a25f) C:\Windows\system32\DRIVERS\NETw5v32.sys 10:00:46.0623 1260 NETw5v32 - ok 10:00:46.0658 1260 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys 10:00:46.0723 1260 nfrd960 - ok 10:00:46.0782 1260 NPF (b48dc6abcd3aeff8618350ccbdc6b09a) C:\Windows\system32\drivers\npf.sys 10:00:46.0789 1260 NPF - ok 10:00:46.0809 1260 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys 10:00:46.0838 1260 Npfs - ok 10:00:46.0868 1260 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys 10:00:46.0887 1260 nsiproxy - ok 10:00:46.0946 1260 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys 10:00:46.0992 1260 Ntfs - ok 10:00:47.0025 1260 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys 10:00:47.0081 1260 ntrigdigi - ok 10:00:47.0106 1260 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys 10:00:47.0137 1260 Null - ok 10:00:47.0300 1260 nvlddmkm (c8deeb8b743a1697edb5e2cfd0b6aec6) C:\Windows\system32\DRIVERS\nvlddmkm.sys 10:00:47.0640 1260 nvlddmkm - ok 10:00:47.0672 1260 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys 10:00:47.0681 1260 nvraid - ok 10:00:47.0700 1260 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys 10:00:47.0708 1260 nvstor - ok 10:00:47.0741 1260 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys 10:00:47.0751 1260 nv_agp - ok 10:00:47.0761 1260 NwlnkFlt - ok 10:00:47.0771 1260 NwlnkFwd - ok 10:00:47.0803 1260 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys 10:00:47.0818 1260 ohci1394 - ok 10:00:47.0891 1260 Parport (8a79fdf04a73428597e2caf9d0d67850) C:\Windows\system32\DRIVERS\parport.sys 10:00:47.0936 1260 Parport - ok 10:00:47.0962 1260 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys 10:00:47.0972 1260 partmgr - ok 10:00:47.0997 1260 Parvdm (6c580025c81caf3ae9e3617c22cad00e) C:\Windows\system32\DRIVERS\parvdm.sys 10:00:48.0024 1260 Parvdm - ok 10:00:48.0059 1260 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys 10:00:48.0070 1260 pci - ok 10:00:48.0111 1260 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys 10:00:48.0120 1260 pciide - ok 10:00:48.0140 1260 pcmcia (3bb2244f343b610c29c98035504c9b75) C:\Windows\system32\DRIVERS\pcmcia.sys 10:00:48.0152 1260 pcmcia - ok 10:00:48.0213 1260 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys 10:00:48.0284 1260 PEAUTH - ok 10:00:48.0360 1260 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys 10:00:48.0389 1260 PptpMiniport - ok 10:00:48.0426 1260 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys 10:00:48.0460 1260 Processor - ok 10:00:48.0504 1260 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys 10:00:48.0537 1260 PSched - ok 10:00:48.0575 1260 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\Windows\system32\Drivers\PxHelp20.sys 10:00:48.0582 1260 PxHelp20 - ok 10:00:48.0649 1260 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys 10:00:48.0697 1260 ql2300 - ok 10:00:48.0731 1260 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys 10:00:48.0752 1260 ql40xx - ok 10:00:48.0786 1260 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys 10:00:48.0813 1260 QWAVEdrv - ok 10:00:48.0829 1260 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys 10:00:48.0861 1260 RasAcd - ok 10:00:48.0889 1260 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys 10:00:48.0924 1260 Rasl2tp - ok 10:00:48.0964 1260 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys 10:00:48.0981 1260 RasPppoe - ok 10:00:49.0045 1260 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys 10:00:49.0057 1260 RasSstp - ok 10:00:49.0097 1260 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys 10:00:49.0128 1260 rdbss - ok 10:00:49.0148 1260 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys 10:00:49.0179 1260 RDPCDD - ok 10:00:49.0203 1260 rdpdr (943b18305eae3935598a9b4a3d560b4c) C:\Windows\system32\DRIVERS\rdpdr.sys 10:00:49.0230 1260 rdpdr - ok 10:00:49.0241 1260 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys 10:00:49.0260 1260 RDPENCDD - ok 10:00:49.0298 1260 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys 10:00:49.0353 1260 RDPWD - ok 10:00:49.0381 1260 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys 10:00:49.0408 1260 RFCOMM - ok 10:00:49.0443 1260 rimmptsk (ded01a389926a89540b82373e4c550ee) C:\Windows\system32\DRIVERS\rimmptsk.sys 10:00:49.0473 1260 rimmptsk - ok 10:00:49.0523 1260 rimsptsk (c398bca91216755b098679a8da8a2300) C:\Windows\system32\DRIVERS\rimsptsk.sys 10:00:49.0581 1260 rimsptsk - ok 10:00:49.0614 1260 rismc32 (7c21554942bef51cbd84fd7d4e62cb9a) C:\Windows\system32\DRIVERS\rismc32.sys 10:00:49.0634 1260 rismc32 - ok 10:00:49.0686 1260 rismxdp (2a2554cb24506e0a0508fc395c4a1b42) C:\Windows\system32\DRIVERS\rixdptsk.sys 10:00:49.0701 1260 rismxdp - ok 10:00:49.0758 1260 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys 10:00:49.0785 1260 rspndr - ok 10:00:49.0826 1260 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys 10:00:49.0834 1260 sbp2port - ok 10:00:49.0916 1260 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys 10:00:49.0949 1260 sdbus - ok 10:00:49.0973 1260 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 10:00:50.0018 1260 secdrv - ok 10:00:50.0078 1260 Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys 10:00:50.0097 1260 Serenum - ok 10:00:50.0149 1260 Serial (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys 10:00:50.0170 1260 Serial - ok 10:00:50.0194 1260 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys 10:00:50.0213 1260 sermouse - ok 10:00:50.0249 1260 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys 10:00:50.0279 1260 sffdisk - ok 10:00:50.0313 1260 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys 10:00:50.0341 1260 sffp_mmc - ok 10:00:50.0364 1260 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys 10:00:50.0383 1260 sffp_sd - ok 10:00:50.0407 1260 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys 10:00:50.0460 1260 sfloppy - ok 10:00:50.0519 1260 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys 10:00:50.0528 1260 sisagp - ok 10:00:50.0558 1260 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys 10:00:50.0566 1260 SiSRaid2 - ok 10:00:50.0610 1260 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys 10:00:50.0630 1260 SiSRaid4 - ok 10:00:50.0661 1260 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys 10:00:50.0696 1260 Smb - ok 10:00:50.0767 1260 SNP2UVC (cf9cde12fbc19dba8de528b7511a2f4f) C:\Windows\system32\DRIVERS\snp2uvc.sys 10:00:50.0879 1260 SNP2UVC - ok 10:00:51.0083 1260 SPBBCDrv (e87cf104f12c92401c4d33c50a3d5dc8) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys 10:00:51.0100 1260 SPBBCDrv - ok 10:00:51.0120 1260 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys 10:00:51.0128 1260 spldr - ok 10:00:51.0152 1260 SRTSP (14389e87d0d2e25b12bf2cc74cfaee07) C:\Windows\system32\Drivers\SRTSP.SYS 10:00:51.0165 1260 SRTSP - ok 10:00:51.0200 1260 SRTSPL (aed0f68c185fe698a21cefcd76f0b8a4) C:\Windows\system32\Drivers\SRTSPL.SYS 10:00:51.0213 1260 SRTSPL - ok 10:00:51.0251 1260 SRTSPX (0e2ca6326726477fe29863808bbad413) C:\Windows\system32\Drivers\SRTSPX.SYS 10:00:51.0258 1260 SRTSPX - ok 10:00:51.0298 1260 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys 10:00:51.0357 1260 srv - ok 10:00:51.0392 1260 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys 10:00:51.0431 1260 srv2 - ok 10:00:51.0480 1260 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys 10:00:51.0492 1260 srvnet - ok 10:00:51.0517 1260 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys 10:00:51.0525 1260 swenum - ok 10:00:51.0557 1260 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys 10:00:51.0564 1260 Symc8xx - ok 10:00:51.0644 1260 SymEvent (e42a34e6f5ca71a84d4c2de620aad13d) C:\Windows\system32\Drivers\SYMEVENT.SYS 10:00:51.0652 1260 SymEvent - ok 10:00:51.0717 1260 SYMREDRV (394b2368212114d538316812af60fddd) C:\Windows\System32\Drivers\SYMREDRV.SYS 10:00:51.0726 1260 SYMREDRV - ok 10:00:51.0752 1260 SYMTDI (d46676bb414c7531bdffe637a33f5033) C:\Windows\System32\Drivers\SYMTDI.SYS 10:00:51.0762 1260 SYMTDI - ok 10:00:51.0797 1260 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys 10:00:51.0805 1260 Sym_hi - ok 10:00:51.0833 1260 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys 10:00:51.0841 1260 Sym_u3 - ok 10:00:51.0911 1260 SynTP (f5d926807bd9bc0af68f9376144de425) C:\Windows\system32\DRIVERS\SynTP.sys 10:00:51.0922 1260 SynTP - ok 10:00:51.0983 1260 Tcpip (2756186e287139310997090797e0182b) C:\Windows\system32\drivers\tcpip.sys 10:00:52.0028 1260 Tcpip - ok 10:00:52.0075 1260 Tcpip6 (2756186e287139310997090797e0182b) C:\Windows\system32\DRIVERS\tcpip.sys 10:00:52.0098 1260 Tcpip6 - ok 10:00:52.0171 1260 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys 10:00:52.0207 1260 tcpipreg - ok 10:00:52.0228 1260 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys 10:00:52.0258 1260 TDPIPE - ok 10:00:52.0286 1260 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys 10:00:52.0320 1260 TDTCP - ok 10:00:52.0352 1260 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys 10:00:52.0378 1260 tdx - ok 10:00:52.0415 1260 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys 10:00:52.0424 1260 TermDD - ok 10:00:52.0492 1260 TPM (cb258c2f726f1be73c507022be33ebb3) C:\Windows\system32\drivers\tpm.sys 10:00:52.0500 1260 TPM - ok 10:00:52.0549 1260 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys 10:00:52.0583 1260 tssecsrv - ok 10:00:52.0606 1260 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys 10:00:52.0634 1260 tunmp - ok 10:00:52.0674 1260 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys 10:00:52.0694 1260 tunnel - ok 10:00:52.0713 1260 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys 10:00:52.0722 1260 uagp35 - ok 10:00:52.0775 1260 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys 10:00:52.0795 1260 udfs - ok 10:00:52.0853 1260 UimBus (16264d4a7f052a7cc516b23e00b14213) C:\Windows\system32\DRIVERS\UimBus.sys 10:00:52.0859 1260 UimBus - ok 10:00:52.0895 1260 Uim_IM (811e4296913821ce402b9e6629740350) C:\Windows\system32\Drivers\Uim_IM.sys 10:00:52.0910 1260 Uim_IM - ok 10:00:52.0920 1260 UIUSys - ok 10:00:52.0969 1260 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys 10:00:52.0978 1260 uliagpkx - ok 10:00:53.0003 1260 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys 10:00:53.0016 1260 uliahci - ok 10:00:53.0040 1260 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys 10:00:53.0049 1260 UlSata - ok 10:00:53.0084 1260 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys 10:00:53.0094 1260 ulsata2 - ok 10:00:53.0131 1260 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys 10:00:53.0161 1260 umbus - ok 10:00:53.0217 1260 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys 10:00:53.0263 1260 USBAAPL - ok 10:00:53.0305 1260 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys 10:00:53.0332 1260 usbccgp - ok 10:00:53.0376 1260 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys 10:00:53.0423 1260 usbcir - ok 10:00:53.0477 1260 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys 10:00:53.0493 1260 usbehci - ok 10:00:53.0534 1260 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys 10:00:53.0553 1260 usbhub - ok 10:00:53.0584 1260 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys 10:00:53.0633 1260 usbohci - ok 10:00:53.0682 1260 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys 10:00:53.0703 1260 usbprint - ok 10:00:53.0778 1260 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys 10:00:53.0816 1260 usbscan - ok 10:00:53.0838 1260 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS 10:00:53.0859 1260 USBSTOR - ok 10:00:53.0881 1260 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys 10:00:53.0904 1260 usbuhci - ok 10:00:53.0962 1260 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys 10:00:53.0998 1260 usbvideo - ok 10:00:54.0049 1260 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys 10:00:54.0085 1260 vga - ok 10:00:54.0107 1260 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys 10:00:54.0127 1260 VgaSave - ok 10:00:54.0148 1260 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys 10:00:54.0156 1260 viaagp - ok 10:00:54.0195 1260 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys 10:00:54.0234 1260 ViaC7 - ok 10:00:54.0268 1260 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys 10:00:54.0276 1260 viaide - ok 10:00:54.0306 1260 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys 10:00:54.0314 1260 volmgr - ok 10:00:54.0343 1260 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys 10:00:54.0359 1260 volmgrx - ok 10:00:54.0406 1260 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys 10:00:54.0420 1260 volsnap - ok 10:00:54.0451 1260 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys 10:00:54.0461 1260 vsmraid - ok 10:00:54.0496 1260 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys 10:00:54.0531 1260 WacomPen - ok 10:00:54.0574 1260 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 10:00:54.0590 1260 Wanarp - ok 10:00:54.0593 1260 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 10:00:54.0618 1260 Wanarpv6 - ok 10:00:54.0655 1260 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys 10:00:54.0663 1260 Wd - ok 10:00:54.0702 1260 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys 10:00:54.0760 1260 Wdf01000 - ok 10:00:54.0819 1260 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys 10:00:54.0834 1260 WmiAcpi - ok 10:00:54.0884 1260 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys 10:00:54.0911 1260 WpdUsb - ok 10:00:54.0929 1260 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys 10:00:54.0948 1260 ws2ifsl - ok 10:00:55.0008 1260 WSDPrintDevice (4422ac5ed8d4c2f0db63e71d4c069dd7) C:\Windows\system32\DRIVERS\WSDPrint.sys 10:00:55.0027 1260 WSDPrintDevice - ok 10:00:55.0063 1260 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys 10:00:55.0095 1260 WUDFRd - ok 10:00:55.0138 1260 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0 10:00:55.0282 1260 \Device\Harddisk0\DR0 - ok 10:00:55.0302 1260 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1 10:00:55.0406 1260 \Device\Harddisk1\DR1 - ok 10:00:55.0413 1260 Boot (0x1200) (8f54955bbe752075e34f616b91888902) \Device\Harddisk0\DR0\Partition0 10:00:55.0414 1260 \Device\Harddisk0\DR0\Partition0 - ok 10:00:55.0418 1260 Boot (0x1200) (dbeecd0976230721f2e198e10bab7ef6) \Device\Harddisk1\DR1\Partition0 10:00:55.0419 1260 \Device\Harddisk1\DR1\Partition0 - ok 10:00:55.0419 1260 ============================================================ 10:00:55.0419 1260 Scan finished 10:00:55.0419 1260 ============================================================ 10:00:55.0425 0832 Detected object count: 1 10:00:55.0425 0832 Actual detected object count: 1 10:01:23.0820 0832 CVPNDRVA ( UnsignedFile.Multi.Generic ) - skipped by user 10:01:23.0820 0832 CVPNDRVA ( UnsignedFile.Multi.Generic ) - User select action: Skip (Sorry dass es immer so lange dauert, bin in den Staaten und bin 7h hinter Deutscher Zeit) |
|
10.11.2011, 10:21
| #13 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Privacy Protection mit rkill und tdsskiller behandelt. Alles sauber? Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
10.11.2011, 17:03
| #14 |
| | Privacy Protection mit rkill und tdsskiller behandelt. Alles sauber? Hi Arne, Ich hab ein kleines Problem. Es poppt auf, dass Symantec immer noch läuft. Es hat aber kein entsprechendes Icon in der Taskleiste und wenn ich den Task Manager öffne ist da auch kein Symantec Prozess zu sehen. Ich komme mir zwar ein bisschen blöd vor das zu fragen, aber wie kann ich das denn ausschalten ohne zu deinstallieren? |
|
10.11.2011, 21:34
| #15 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Privacy Protection mit rkill und tdsskiller behandelt. Alles sauber? Notfalls Symtaec deinstallieren, später kanns wieder rauf (oder ein anderer Virenscanner)
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Privacy Protection mit rkill und tdsskiller behandelt. Alles sauber? |
| ad-aware, antivirus, application/pdf, application/pdf:, auswerten, bho, bonjour, computer, computern, converter, desktop, diagnostics, document, excel.exe, firefox, google earth, helper, infizierte dateien, kaspersky, langs, log file, logfile, mozilla, mp3, nvlddmkm.sys, object, plug-in, registry, root kit, scan, senden, software, symantec, usb, version=1.0, virus, vista, wenig ahnung, windows |
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
Linear-Darstellung
