Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Norton online funktioniert nicht mehr

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 12.01.2013, 20:18   #1
schlump
 
Norton online funktioniert nicht mehr - Standard

Norton online funktioniert nicht mehr



Hallo,

ich hatte mir vor einiger Zeit den GVU-Trojaner eingefangen, und hatte den mit Norton 360 in Quarantäne geschoben und hatte dann keine Schwierigkeiten mehr.
Heute (einige Monate nach de Infizierung) habe ich festgestellt, dass mein Norton nicht mehr reagiert. Über Startleiste aufgerufen, kurzes Laden, aber nichts passiert.
Daraufhin habe ich mich im Internet schlau gemacht. Habe Antivar deinstalliert (ja es lief parallel). Dennoch lief Norton nicht.
Daraufhin habe ich Antimaleware rüber laufen lassen und da wurde der Virus gefunden. Keine Ahnung, ob ich ihn mir wieder eingefangen habe, oder er immer noch aktiv war, weil ich das letzte Mal dem Ganzen keine weitere Beachtung schenkte.

Hier die Daten der Auswertung von Antimaleware:
Malwarebytes Anti-Malware (Test) 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.01.12.07

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Jd :: JD-PC [Administrator]

Schutz: Aktiviert

12.01.2013 18:31:21
mbam-log-2013-01-12 (18-31-21).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 293238
Laufzeit: 38 Minute(n), 42 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\ProgramData\dsgsdgdsgdsgw.pad (Exploit.Drop.GSA) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)


Dannach habe ich den OTL Scan durchgeführt:

OTL logfile created on: 12.01.2013 19:54:39 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jd\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

1,99 Gb Total Physical Memory | 1,01 Gb Available Physical Memory | 50,89% Memory free
3,98 Gb Paging File | 2,79 Gb Available in Paging File | 70,18% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465,66 Gb Total Space | 393,64 Gb Free Space | 84,53% Space Free | Partition Type: NTFS

Computer Name: JD-PC | User Name: Jd | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Jd\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\Macromed\Flash\FlashUtil32_11_4_402_278_ActiveX.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\drivers\o2flash.exe (O2Micro International)
PRC - C:\Program Files\Synaptics\SynTP\SynToshiba.exe (Synaptics, Inc.)
PRC - C:\Windows\OEM13Mon.exe (Creative Technology Ltd.)


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (N360) -- C:\Program Files\Norton 360\Engine\20.2.0.19\ccSvcHst.exe (Symantec Corporation)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (WAS) -- C:\Windows\System32\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (W3SVC) -- C:\Windows\System32\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (AppHostSvc) -- C:\Windows\System32\inetsrv\apphostsvc.dll (Microsoft Corporation)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (o2flash) -- C:\Windows\System32\drivers\o2flash.exe (O2Micro International)


========== Driver Services (SafeList) ==========

DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20121017.020\NAVEX15.SYS File not found
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20121017.020\NAVENG.SYS File not found
DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20120901.001\IDSVix86.sys File not found
DRV - (BHDrvx86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20120928.001\BHDrvx86.sys File not found
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\System32\drivers\N360\1402000.013\srtsp.sys (Symantec Corporation)
DRV - (SymEFA) -- C:\Windows\System32\drivers\N360\1402000.013\symefa.sys (Symantec Corporation)
DRV - (SymDS) -- C:\Windows\System32\drivers\N360\1402000.013\symds.sys (Symantec Corporation)
DRV - (ccSet_N360) -- C:\Windows\System32\drivers\N360\1402000.013\ccsetx86.sys (Symantec Corporation)
DRV - (SymNetS) -- C:\Windows\System32\drivers\N360\1402000.013\symnets.sys (Symantec Corporation)
DRV - (SymIRON) -- C:\Windows\System32\drivers\N360\1402000.013\ironx86.sys (Symantec Corporation)
DRV - (SRTSPX) -- C:\Windows\System32\drivers\N360\1402000.013\srtspx.sys (Symantec Corporation)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (MQAC) -- C:\Windows\System32\drivers\mqac.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (O2MDRDR) -- C:\Windows\System32\drivers\o2media.sys (O2Micro )
DRV - (O2SDRDR) -- C:\Windows\System32\drivers\o2sd.sys (O2Micro )
DRV - (OEM13Vid) -- C:\Windows\System32\drivers\OEM13Vid.sys (Creative Technology Ltd.)
DRV - (OEM13Vfx) -- C:\Windows\System32\drivers\OEM13Vfx.sys (EyePower Games Pte. Ltd.)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)

IE - HKU\S-1-5-20\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)

IE - HKU\S-1-5-21-2286783814-2036696160-2845618320-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-2286783814-2036696160-2845618320-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE - HKU\S-1-5-21-2286783814-2036696160-2845618320-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-2286783814-2036696160-2845618320-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2286783814-2036696160-2845618320-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-2286783814-2036696160-2845618320-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 2B DB 53 00 02 99 CD 01 [binary data]
IE - HKU\S-1-5-21-2286783814-2036696160-2845618320-1000\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-2286783814-2036696160-2845618320-1000\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-2286783814-2036696160-2845618320-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2286783814-2036696160-2845618320-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=114874&tt=120912_nocpc_3812_8&babsrc=SP_ss&mntrId=244511a500000000000000225f346ee1
IE - HKU\S-1-5-21-2286783814-2036696160-2845618320-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\coFFPlgn\ [2013.01.09 22:52:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\IPSFFPlgn\ [2013.01.06 17:23:55 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\onetab@onetab.net: C:\Users\Jd\AppData\Roaming\OneTab\xpi [2012.09.23 07:57:19 | 000,000,000 | ---D | M]

[2012.09.23 07:57:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (OneTab Add-on) - {16ADEA98-D215-4F51-80AF-5E5ED660B9C0} - C:\Users\Jd\AppData\Roaming\OneTab\OneTab.dll (OnPageAds)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\20.2.0.19\coIEPlg.dll File not found
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\20.2.0.19\IPS\IPSBHO.DLL File not found
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\20.2.0.19\coIEPlg.dll File not found
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [OEM13Mon.exe] C:\Windows\OEM13Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Jd\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} hxxp://xserv.dell.com/DellDriverScanner/DellSystem.CAB (DellSystem.Scanner)
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB (DellSystemLite.Scanner)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{12A70D17-D861-4488-AD5D-52DFFAFDAEDE}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CEE771D8-7E8C-4431-B740-E8D2E51D588D}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\System32\livessp.dll (Microsoft Corp.)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013.01.12 19:39:08 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Jd\Desktop\OTL.exe
[2013.01.12 18:30:08 | 000,000,000 | ---D | C] -- C:\Users\Jd\AppData\Roaming\Malwarebytes
[2013.01.12 18:29:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.01.12 18:29:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.01.12 18:29:50 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.01.12 18:29:50 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013.01.12 18:29:33 | 000,000,000 | ---D | C] -- C:\Users\Jd\AppData\Local\Programs
[2013.01.12 18:24:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013.01.12 18:24:29 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013.01.12 18:03:03 | 000,000,000 | ---D | C] -- C:\Windows\System32\SDA
[2013.01.12 18:03:03 | 000,000,000 | ---D | C] -- C:\Program Files\O2Micro Flash Memory Card Driver
[2013.01.09 23:06:14 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013.01.09 23:05:48 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
[2013.01.09 23:05:48 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2013.01.09 23:05:48 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2013.01.09 23:05:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2013.01.09 23:05:47 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2013.01.09 23:05:47 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2013.01.09 23:05:47 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2013.01.09 23:05:47 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2013.01.09 23:05:47 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2013.01.09 23:05:47 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2013.01.09 23:05:47 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2013.01.09 23:05:47 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2013.01.09 23:05:47 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2013.01.09 23:05:47 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2013.01.09 23:05:47 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2013.01.09 23:05:47 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2013.01.09 23:05:47 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.01.09 23:05:47 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2013.01.09 23:05:47 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2013.01.09 23:05:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2013.01.09 23:05:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2013.01.09 23:05:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013.01.09 23:05:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2013.01.09 23:05:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2013.01.09 23:05:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2013.01.09 23:05:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2013.01.09 23:05:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2013.01.09 23:05:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2013.01.09 23:05:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2013.01.09 23:05:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2013.01.09 23:05:15 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\System32\fpb.rs
[2013.01.09 23:05:15 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\System32\oflc-nz.rs
[2013.01.09 23:05:15 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\System32\pegibbfc.rs
[2013.01.09 23:05:15 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\System32\csrr.rs
[2013.01.09 23:05:15 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\System32\cob-au.rs
[2013.01.09 23:05:15 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\System32\usk.rs
[2013.01.09 23:05:15 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\System32\grb.rs
[2013.01.09 23:05:15 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\System32\pegi.rs
[2013.01.09 23:05:15 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\System32\djctq.rs
[2013.01.09 23:05:14 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2013.01.09 23:05:14 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Wpc.dll
[2013.01.09 23:05:14 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\System32\pegi-pt.rs
[2013.01.09 23:05:13 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\System32\cero.rs
[2013.01.09 23:05:13 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\System32\esrb.rs
[2013.01.09 23:05:13 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\System32\oflc.rs
[2013.01.09 23:05:13 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\System32\pegi-fi.rs
[2013.01.09 23:03:01 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2013.01.09 23:03:00 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
[2013.01.06 19:38:59 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft
[2013.01.06 19:38:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft
[2012.12.21 02:42:27 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2012.12.21 02:42:26 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2012.12.20 01:21:58 | 000,237,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2012.12.19 22:51:22 | 000,000,000 | ---D | C] -- C:\Users\Jd\AppData\Local\Diagnostics
[2012.12.19 21:57:08 | 000,000,000 | ---D | C] -- C:\Users\Jd\AppData\Local\NPE

========== Files - Modified Within 30 Days ==========

[2013.01.12 19:39:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jd\Desktop\OTL.exe
[2013.01.12 18:29:53 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.01.12 18:21:09 | 000,014,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.01.12 18:21:09 | 000,014,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.01.12 18:13:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.01.12 18:13:00 | 1603,084,288 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.12 15:46:32 | 000,001,283 | ---- | M] () -- C:\Users\Jd\Desktop\Norton Installation Files.lnk
[2013.01.10 03:26:07 | 000,268,336 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.01.10 03:25:24 | 001,443,737 | ---- | M] () -- C:\Windows\System32\drivers\N360\1402000.013\Cat.DB
[2013.01.10 03:05:43 | 000,676,214 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.01.10 03:05:43 | 000,126,890 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.01.06 10:11:27 | 000,142,496 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2013.01.06 10:11:27 | 000,007,446 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2013.01.06 10:11:27 | 000,000,806 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2013.01.04 03:52:13 | 000,069,549 | ---- | M] () -- C:\Users\Jd\Desktop\61313_10151143737022666_1781801791_n.jpg
[2013.01.04 03:46:16 | 000,034,290 | ---- | M] () -- C:\Users\Jd\Desktop\148939_10151160642602666_1563280116_n.jpg
[2012.12.16 15:13:28 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2012.12.16 15:13:20 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2012.12.14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2013.01.12 18:29:53 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.01.12 15:37:09 | 000,001,283 | ---- | C] () -- C:\Users\Jd\Desktop\Norton Installation Files.lnk
[2013.01.04 03:53:12 | 000,069,549 | ---- | C] () -- C:\Users\Jd\Desktop\61313_10151143737022666_1781801791_n.jpg
[2013.01.04 03:46:55 | 000,034,290 | ---- | C] () -- C:\Users\Jd\Desktop\148939_10151160642602666_1563280116_n.jpg
[2012.11.03 20:32:16 | 000,006,144 | ---- | C] () -- C:\Users\Jd\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.09.23 08:05:28 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2012.09.23 07:41:34 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2011.06.10 05:34:52 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll

========== ZeroAccess Check ==========

[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >

und die "Extras"
OTL Extras logfile created on: 12.01.2013 19:54:39 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jd\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

1,99 Gb Total Physical Memory | 1,01 Gb Available Physical Memory | 50,89% Memory free
3,98 Gb Paging File | 2,79 Gb Available in Paging File | 70,18% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465,66 Gb Total Space | 393,64 Gb Free Space | 84,53% Space Free | Partition Type: NTFS

Computer Name: JD-PC | User Name: Jd | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1665B9EB-B99F-4426-B8A7-C247216BC7D5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{26FED042-E6B4-4B02-BD66-44C69050E518}" = lport=2869 | protocol=6 | dir=in | app=system |
"{303C029E-0326-42EB-86B0-062BFA81EB6C}" = rport=10243 | protocol=6 | dir=out | app=system |
"{5F0D47A7-4E49-4E02-9FF9-E845FA6B5311}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{61499EB9-E2C9-45E7-AB81-27A5993CA85D}" = lport=3389 | protocol=6 | dir=in | app=system |
"{649813AB-0059-4D47-8EEC-C69FE15EAA2D}" = lport=3389 | protocol=6 | dir=in | svc=termservice | app=%systemroot%\system32\svchost.exe |
"{6C2D050C-4142-4184-9789-7C3451622404}" = rport=139 | protocol=6 | dir=out | app=system |
"{7AF8B2FB-3570-4A27-9A53-DB1E2B371C33}" = lport=139 | protocol=6 | dir=in | app=system |
"{7E7F745E-5A65-40CC-9178-5D8A48A30C8D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{8748AF68-7154-4952-8564-76A1C0AABA59}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{8F3C257A-7148-488A-B130-CFA3ECFA6899}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9631A404-C487-482A-80C5-CD8EFA52C0D3}" = lport=445 | protocol=6 | dir=in | app=system |
"{97583896-06A3-4EC5-9A89-5DAB03E013ED}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A2216489-6FCB-4BEB-B65A-A0294F4FFAC6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A27AA20F-A3A7-4B31-9926-53250946ECC1}" = lport=10243 | protocol=6 | dir=in | app=system |
"{B01A6AD4-AA00-43FA-8C98-EE41266E37E9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B67334C7-7742-4AE4-AC0B-F4EFB5BA57D2}" = lport=138 | protocol=17 | dir=in | app=system |
"{B67B0219-B65E-4A76-A51D-E8D07B1A2A18}" = lport=137 | protocol=17 | dir=in | app=system |
"{B98CEBF1-A3C8-4B0B-9780-C378224073FB}" = rport=445 | protocol=6 | dir=out | app=system |
"{C269F01A-C381-4DEA-9DBC-D183D87C066B}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{C5B60560-3B6F-45AD-B641-D7C4E2515374}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CBCC3860-AAF5-49F2-8D2A-1F2957837FA8}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{E3D048D0-4C9F-4FC4-8BB8-88DA2439CEF8}" = rport=137 | protocol=17 | dir=out | app=system |
"{E9AB778D-7D8D-46EC-B43B-3424B23CC4EA}" = rport=138 | protocol=17 | dir=out | app=system |
"{F30A1F37-D1AD-4E12-9283-51FE6908AD5C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0147177B-399C-4454-8BB6-855BCA7D3C95}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{0B173CDA-6CD4-4729-AD87-AF845B875B8F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0E1CA6D5-81EA-4E3D-9BB0-CFFAF7057C9E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0F328125-FC37-4599-9624-4966DF783B1E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1072D377-F221-4701-8E1C-82E3D62812CB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{13356DE0-3724-43CD-9FCE-2405D9F0141A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{22EEEE46-58EB-4E64-AA51-0CADCEC86E41}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3097AA5C-FFF5-49AB-9302-E0F6F77172DD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5A66C682-DC5F-41F4-A937-0C449BDC9154}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6446D27E-C9A8-481C-8927-76699C94E525}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{77EAD79B-B83A-49C0-80A0-945AB83C3976}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{816FA0DA-3FEF-47D9-B2F0-7B2B17BEFB8F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9EC39914-25D0-42B2-936F-D1F45F792376}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{AD09FF3F-EA7B-4F66-9BE7-25762077486B}" = protocol=6 | dir=out | app=system |
"{BCE31B02-56E5-4578-A7D9-5D9C4A4A6C5D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{BD971C1D-6DA8-4525-B99E-C2EE20D655DE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C9C5C3F3-1599-460A-A4A2-6E88B9A39543}" = dir=in | app=c:\users\jd\appdata\local\microsoft\skydrive\skydrive.exe |
"{D800E56E-C86A-453D-BE4B-9E0AA36B0FD2}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{DB3A9B1A-D721-4A6C-8B4D-314A169462D8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F1D52493-F9D8-4F67-96E5-978D6B07DD54}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03CC9D58-B132-4CC0-A521-4F3660AA43C7}" = Movie Maker
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{15F3A6F5-06AE-4332-AE3E-21CD0416827A}" = Windows Live Mail
"{18272881-CFC0-434D-A975-E5BE44206AA0}" = Windows Live UX Platform Language Pack
"{1B947146-366B-42CD-86D5-219993CE3EE2}" = Windows Live MIME IFilter
"{1EA7C505-E6DA-4B85-9432-EBD3C70D510D}" = Windows Live Messenger
"{23A3E560-069F-4CFC-8F6C-1B526EC735FC}" = Windows Live Writer Resources
"{26A24AE4-039D-4CA4-87B4-2F83216035FF}" = Java(TM) 6 Update 37
"{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C3DCD2B-6FC7-41BF-BB80-40A936E1A785}" = Windows Live Writer
"{3CBD94C1-BA15-488C-888B-D8DD296CC6DC}" = Fotogalerie
"{400C31E4-796F-4E86-8FDC-C3C4FACC6847}" = Junk Mail filter update
"{4926AA2D-3C66-443D-A456-53AE3FA44144}" = Windows Live Family Safety
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{5BABDA39-61CF-41EE-992D-4054B6649A9B}" = Movie Maker
"{690F5BA3-5DEB-42CD-962B-F687EE59FAA7}" = Windows Live Essentials
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{70854FE6-3BF1-4C69-94D0-BEB821102E34}" = Windows Live Mail
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7B0C5EF6-DE4C-4E20-8889-C17604FFE5CD}" = Windows Live Family Safety
"{8256F87F-8554-4457-8C3D-3F3324697D9F}" = Windows Live ID Sign-in Assistant
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85CE9026-C02A-46B4-B08C-4C77CCCC54FF}" = Windows Live Family Safety
"{86C40513-B5A4-476E-9EAB-EC118DCF4502}" = Windows Live Writer
"{8913AC02-67B8-4B52-91B2-BBA7B9C265B5}" = Windows Live Writer Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97C79BEC-43F7-4BD8-A6A7-85C0257E488A}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AE364ACC-B9DF-466B-B4EA-AEECD0CD581E}" = Windows Live Messenger
"{B727564C-47D3-473A-AC9E-F4BE7B1BD5D3}" = Windows Live UX Platform Language Pack
"{B80D3EA9-A252-4AE5-AC51-81729F5C586F}" = Windows Live Mail
"{C034A6F9-6569-491B-B3BF-F5D15221A708}" = Windows Live Essentials
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{D2C146B1-948D-47EF-8387-5D1C6B980F7C}" = Windows Live Writer
"{D888F114-7537-4D48-AF03-5DA9C82D7540}" = Photo Common
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1203F8C-FF34-4968-A4A5-B4F1F8533DAB}" = Photo Common
"{E2867240-F889-4D76-9AAF-252D9A1A623E}" = O2Micro Flash Memory Card Reader Driver (x86)
"{E55E7026-EF2A-4A17-AAA7-DB98EA3FD1B1}" = BabylonObjectInstaller
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F2235E5E-7881-4293-9B6F-04B2609FBFF0}" = Windows Live Messenger
"{FC6C7107-7D72-41A1-A031-3CE751159BAB}" = Photo Gallery
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"CCleaner" = CCleaner
"CDex" = CDex - Open Source Digital Audio CD Extractor
"Creative OEM013" = Laptop Integrated Webcam Driver (1.01.01.0529)
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.37.1212
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"N360" = Norton 360
"OneTab" = OneTab
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TVWiz" = Intel(R) TV Wizard
"WinLiveSuite" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2286783814-2036696160-2845618320-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"SkyDriveSetup.exe" = Microsoft SkyDrive

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 12.01.2013 12:59:32 | Computer Name = Jd-PC | Source = Application Error | ID = 1000
Description = Faulting application name: WSCStub.exe, version: 20.2.0.19, time stamp:
0x50810276 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18015, time stamp:
0x50b83b16 Exception code: 0xc06d007e Fault offset: 0x0000812f Faulting process id:
0x27c Faulting application start time: 0x01cdf0e63133c86c Faulting application path:
C:\Program Files\Norton 360\Engine\20.2.0.19\WSCStub.exe Faulting module path: C:\Windows\system32\KERNELBASE.dll
Report
Id: 6f01a690-5cd9-11e2-8c09-002170c40828

Error - 12.01.2013 13:00:29 | Computer Name = Jd-PC | Source = Application Error | ID = 1000
Description = Faulting application name: WSCStub.exe, version: 20.2.0.19, time stamp:
0x50810276 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18015, time stamp:
0x50b83b16 Exception code: 0xc06d007e Fault offset: 0x0000812f Faulting process id:
0xdc0 Faulting application start time: 0x01cdf0e653053531 Faulting application path:
C:\Program Files\Norton 360\Engine\20.2.0.19\WSCStub.exe Faulting module path: C:\Windows\system32\KERNELBASE.dll
Report
Id: 90c72c73-5cd9-11e2-8c09-002170c40828

Error - 12.01.2013 13:04:11 | Computer Name = Jd-PC | Source = Application Error | ID = 1000
Description = Faulting application name: WSCStub.exe, version: 20.2.0.19, time stamp:
0x50810276 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18015, time stamp:
0x50b83b16 Exception code: 0xc06d007e Fault offset: 0x0000812f Faulting process id:
0x9f8 Faulting application start time: 0x01cdf0e6d75a0993 Faulting application path:
C:\Program Files\Norton 360\Engine\20.2.0.19\WSCStub.exe Faulting module path: C:\Windows\system32\KERNELBASE.dll
Report
Id: 153fb57a-5cda-11e2-8c09-002170c40828

Error - 12.01.2013 13:13:58 | Computer Name = Jd-PC | Source = Application Error | ID = 1000
Description = Faulting application name: ccSvcHst.exe, version: 12.2.0.8, time stamp:
0x5075eeaf Faulting module name: KERNELBASE.dll, version: 6.1.7601.18015, time stamp:
0x50b83b16 Exception code: 0xc06d007e Fault offset: 0x0000812f Faulting process id:
0x740 Faulting application start time: 0x01cdf0e82ca74c96 Faulting application path:
C:\Program Files\Norton 360\Engine\20.2.0.19\ccSvcHst.exe Faulting module path:
C:\Windows\system32\KERNELBASE.dll Report Id: 734f7793-5cdb-11e2-a8a6-002170c40828

Error - 12.01.2013 13:14:13 | Computer Name = Jd-PC | Source = Application Error | ID = 1000
Description = Faulting application name: uistub.exe, version: 20.2.0.19, time stamp:
0x5081038c Faulting module name: KERNELBASE.dll, version: 6.1.7601.18015, time stamp:
0x50b83b16 Exception code: 0xc06d007e Fault offset: 0x0000812f Faulting process id:
0xce0 Faulting application start time: 0x01cdf0e83eb3ca5d Faulting application path:
C:\Program Files\Norton 360\Engine\20.2.0.19\uistub.exe Faulting module path: C:\Windows\system32\KERNELBASE.dll
Report
Id: 7c69dabf-5cdb-11e2-a8a6-002170c40828

Error - 12.01.2013 13:14:38 | Computer Name = Jd-PC | Source = Application Error | ID = 1000
Description = Faulting application name: uistub.exe, version: 20.2.0.19, time stamp:
0x5081038c Faulting module name: KERNELBASE.dll, version: 6.1.7601.18015, time stamp:
0x50b83b16 Exception code: 0xc06d007e Fault offset: 0x0000812f Faulting process id:
0xd64 Faulting application start time: 0x01cdf0e84d378e69 Faulting application path:
C:\Program Files\Norton 360\Engine\20.2.0.19\uistub.exe Faulting module path: C:\Windows\system32\KERNELBASE.dll
Report
Id: 8b056c8d-5cdb-11e2-a8a6-002170c40828

Error - 12.01.2013 13:16:06 | Computer Name = Jd-PC | Source = Application Error | ID = 1000
Description = Faulting application name: WSCStub.exe, version: 20.2.0.19, time stamp:
0x50810276 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18015, time stamp:
0x50b83b16 Exception code: 0xc06d007e Fault offset: 0x0000812f Faulting process id:
0xd10 Faulting application start time: 0x01cdf0e88174b01c Faulting application path:
C:\Program Files\Norton 360\Engine\20.2.0.19\WSCStub.exe Faulting module path: C:\Windows\system32\KERNELBASE.dll
Report
Id: bf76ec86-5cdb-11e2-a8a6-002170c40828

Error - 12.01.2013 13:18:53 | Computer Name = Jd-PC | Source = Application Error | ID = 1000
Description = Faulting application name: WSCStub.exe, version: 20.2.0.19, time stamp:
0x50810276 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18015, time stamp:
0x50b83b16 Exception code: 0xc06d007e Fault offset: 0x0000812f Faulting process id:
0x9e0 Faulting application start time: 0x01cdf0e8e48217ec Faulting application path:
C:\Program Files\Norton 360\Engine\20.2.0.19\WSCStub.exe Faulting module path: C:\Windows\system32\KERNELBASE.dll
Report
Id: 22f43503-5cdc-11e2-a8a6-002170c40828

Error - 12.01.2013 13:23:19 | Computer Name = Jd-PC | Source = Application Error | ID = 1000
Description = Faulting application name: WSCStub.exe, version: 20.2.0.19, time stamp:
0x50810276 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18015, time stamp:
0x50b83b16 Exception code: 0xc06d007e Fault offset: 0x0000812f Faulting process id:
0xcb4 Faulting application start time: 0x01cdf0e9836248c2 Faulting application path:
C:\Program Files\Norton 360\Engine\20.2.0.19\WSCStub.exe Faulting module path: C:\Windows\system32\KERNELBASE.dll
Report
Id: c1a04ffc-5cdc-11e2-a8a6-002170c40828

Error - 12.01.2013 13:25:45 | Computer Name = Jd-PC | Source = Application Error | ID = 1000
Description = Faulting application name: uistub.exe, version: 20.2.0.19, time stamp:
0x5081038c Faulting module name: KERNELBASE.dll, version: 6.1.7601.18015, time stamp:
0x50b83b16 Exception code: 0xc06d007e Fault offset: 0x0000812f Faulting process id:
0x31c Faulting application start time: 0x01cdf0e9d9e44929 Faulting application path:
C:\Program Files\Norton 360\Engine\20.2.0.19\uistub.exe Faulting module path: C:\Windows\system32\KERNELBASE.dll
Report
Id: 187a1ae4-5cdd-11e2-a8a6-002170c40828

[ System Events ]
Error - 12.01.2013 10:47:00 | Computer Name = Jd-PC | Source = Service Control Manager | ID = 7000
Description = The Norton 360 service failed to start due to the following error:
%%1053

Error - 12.01.2013 12:24:26 | Computer Name = Jd-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Norton
360 service to connect.

Error - 12.01.2013 12:24:26 | Computer Name = Jd-PC | Source = Service Control Manager | ID = 7000
Description = The Norton 360 service failed to start due to the following error:
%%1053

Error - 12.01.2013 12:46:49 | Computer Name = Jd-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Norton
360 service to connect.

Error - 12.01.2013 12:46:49 | Computer Name = Jd-PC | Source = Service Control Manager | ID = 7000
Description = The Norton 360 service failed to start due to the following error:
%%1053

Error - 12.01.2013 12:46:54 | Computer Name = Jd-PC | Source = Service Control Manager | ID = 7023
Description = The Server service terminated with the following error: %%1062

Error - 12.01.2013 12:51:20 | Computer Name = Jd-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Norton
360 service to connect.

Error - 12.01.2013 12:51:20 | Computer Name = Jd-PC | Source = Service Control Manager | ID = 7000
Description = The Norton 360 service failed to start due to the following error:
%%1053

Error - 12.01.2013 13:14:00 | Computer Name = Jd-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Norton
360 service to connect.

Error - 12.01.2013 13:14:00 | Computer Name = Jd-PC | Source = Service Control Manager | ID = 7000
Description = The Norton 360 service failed to start due to the following error:
%%1053


< End of report >


Was ist der nächste Schritt, den ich tun muss?

Vielen Dank vorab!

Alt 13.01.2013, 20:50   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Norton online funktioniert nicht mehr - Standard

Norton online funktioniert nicht mehr



Hallo und

Zitat:
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Warum bitte eine Professional Edition für Windows? Wer braucht das als Heimanwender?
Ist das rein zufällig ein Büro-/Firmen-PC? Oder ein Uni-Rechner?
__________________

__________________

Alt 13.01.2013, 21:27   #3
schlump
 
Norton online funktioniert nicht mehr - Standard

Norton online funktioniert nicht mehr



Hi Cosinus,

ersteres ist der Fall. Bei Bedarf nutze ich das Notebook auch für Firmenzwecke.

VG
Schlump
__________________

Alt 13.01.2013, 21:35   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Norton online funktioniert nicht mehr - Standard

Norton online funktioniert nicht mehr



Firmenrechner werden hier eigentlich nicht bereinigt

Siehe => http://www.trojaner-board.de/108422-...-anfragen.html

Zitat:
3. Grundsätzlich bereinigen wir keine gewerblich genutzten Rechner. Dafür ist die IT Abteilung eurer Firma zuständig.

Bei Kleinunternehmen, welche keinen IT Support haben, machen wir da eine Ausnahme und helfen gerne ( kleine Spende hilft auch uns ).
Voraussetzung: Ihr teilt uns dies in eurer ersten Antwort mit.
Bedenkt jedoch, dass Logfiles viele heikle Informationen enthalten können ( Kundendaten, Bankdaten, etc ) sowie das Malware die Möglichkeit besitzt, diese auszuspähen und zu missbrauchen. Hier legen wir euch ein Formatieren und Neuaufsetzen nahe.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 14.01.2013, 00:15   #5
schlump
 
Norton online funktioniert nicht mehr - Standard

Norton online funktioniert nicht mehr



Es handelt sich um meinen privaten PC, von dem ich auch "home office" mache. Also ist es kein gewerblich genutzter Rechner, wir haben auch keine IT-Abteilung. Die Professional Version habe ich nur drauf, weil mir letztes Jahr die Festplatte kaputt gegangen ist und ich netter Weise eine Lizenz von einem Kollegen bekam.


Alt 14.01.2013, 08:41   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Norton online funktioniert nicht mehr - Standard

Norton online funktioniert nicht mehr



Ok. Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner?
Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!
__________________
--> Norton online funktioniert nicht mehr

Alt 14.01.2013, 19:33   #7
schlump
 
Norton online funktioniert nicht mehr - Standard

Norton online funktioniert nicht mehr



nein, habe ich nicht.

Alt 14.01.2013, 22:13   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Norton online funktioniert nicht mehr - Standard

Norton online funktioniert nicht mehr



Bevor wir uns an die weitere Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.


Malwarebytes Anti-Rootkit

Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Entpacke das Archiv auf deinem Desktop.
  • Im neu erstellten Ordner starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 15.01.2013, 19:56   #9
schlump
 
Norton online funktioniert nicht mehr - Standard

Norton online funktioniert nicht mehr



Laut dem Scan war kein Clean up notwendig.
Habe das Programm dann nur normal über "Exit" verlassen.

Hier das Logfile

Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.01.0.1016
www.malwarebytes.org

Database version: v2013.01.15.12

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Jd :: JD-PC [administrator]

15.01.2013 19:51:17
mbar-log-2013-01-15 (19-51-17).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 27342
Time elapsed: 9 minute(s), 6 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
         

Alt 16.01.2013, 14:21   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Norton online funktioniert nicht mehr - Standard

Norton online funktioniert nicht mehr



1. aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehlalarm!
  • Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.


2. TDSS-Killer

Download TDSS-Killer auf Desktop siehe => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 16.01.2013, 23:08   #11
schlump
 
Norton online funktioniert nicht mehr - Standard

Norton online funktioniert nicht mehr



Erst hatte der Scan mit aswMBR nach der Aktualisierung nicht funktioniert.
Nachdem ich nochmals die aktuelle Version downgeloaded habe, funktionierte der Scan.

Code:
ATTFilter
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-01-16 22:36:59
-----------------------------
22:36:59.508    OS Version: Windows 6.1.7601 Service Pack 1
22:36:59.508    Number of processors: 2 586 0xF0D
22:36:59.524    ComputerName: JD-PC  UserName: Jd
22:37:05.670    Initialze error C000010E - driver not loaded
22:40:27.732    AVAST engine defs: 13011600
22:41:05.001    Scan error: Incorrect function.
22:41:49.239    The log file has been saved successfully to "C:\Users\Jd\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-01-16 22:36:24
-----------------------------
22:36:24.370    OS Version: Windows 6.1.7601 Service Pack 1
22:36:24.370    Number of processors: 2 586 0xF0D
22:36:24.510    ComputerName: JD-PC  UserName: Jd
22:37:05.998    Initialize success
22:37:06.060    write error "aswEngin.dll". The process cannot access the file because it is being used by another process.
22:44:13.139    AVAST engine defs: 13011600
22:44:19.130    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4
22:44:19.145    Disk 0 Vendor: ST500LM011_HM501II 2AJ10001 Size: 476940MB BusType: 11
22:44:19.161    Disk 0 MBR read successfully
22:44:19.176    Disk 0 MBR scan
22:44:19.176    Disk 0 Windows 7 default MBR code
22:44:19.239    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
22:44:19.254    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       476838 MB offset 206848
22:44:19.270    Disk 0 scanning sectors +976771072
22:44:19.364    Disk 0 scanning C:\Windows\system32\drivers
22:44:33.482    Service scanning
22:45:03.070    Modules scanning
22:45:15.176    Disk 0 trace - called modules:
22:45:15.223    ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll PCIIDEX.SYS msahci.sys 
22:45:15.238    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8566f030]
22:45:15.254    3 CLASSPNP.SYS[88a0459e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-4[0x85540030]
22:45:17.547    AVAST engine scan C:\Windows
22:45:20.542    AVAST engine scan C:\Windows\system32
22:49:26.693    AVAST engine scan C:\Windows\system32\drivers
22:49:46.474    AVAST engine scan C:\Users\Jd
22:53:35.675    AVAST engine scan C:\ProgramData
22:54:16.500    Scan finished successfully
22:54:33.402    Disk 0 MBR has been saved successfully to "C:\Users\Jd\Desktop\MBR.dat"
22:54:33.418    The log file has been saved successfully to "C:\Users\Jd\Desktop\aswMBR.txt"
         

Der Scan mit TDDS Killer verlief ohne Probleme.

Code:
ATTFilter
 
22:57:30.0015 3432  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
22:57:30.0234 3432  ============================================================
22:57:30.0234 3432  Current date / time: 2013/01/16 22:57:30.0234
22:57:30.0234 3432  SystemInfo:
22:57:30.0234 3432  
22:57:30.0234 3432  OS Version: 6.1.7601 ServicePack: 1.0
22:57:30.0234 3432  Product type: Workstation
22:57:30.0234 3432  ComputerName: JD-PC
22:57:30.0234 3432  UserName: Jd
22:57:30.0234 3432  Windows directory: C:\Windows
22:57:30.0234 3432  System windows directory: C:\Windows
22:57:30.0234 3432  Processor architecture: Intel x86
22:57:30.0234 3432  Number of processors: 2
22:57:30.0234 3432  Page size: 0x1000
22:57:30.0234 3432  Boot type: Normal boot
22:57:30.0234 3432  ============================================================
22:57:31.0778 3432  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
22:57:31.0794 3432  ============================================================
22:57:31.0794 3432  \Device\Harddisk0\DR0:
22:57:31.0794 3432  MBR partitions:
22:57:31.0794 3432  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
22:57:31.0794 3432  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353000
22:57:31.0794 3432  ============================================================
22:57:31.0825 3432  C: <-> \Device\Harddisk0\DR0\Partition2
22:57:31.0825 3432  ============================================================
22:57:31.0825 3432  Initialize success
22:57:31.0825 3432  ============================================================
22:58:28.0251 3096  ============================================================
22:58:28.0251 3096  Scan started
22:58:28.0251 3096  Mode: Manual; SigCheck; TDLFS; 
22:58:28.0251 3096  ============================================================
22:58:28.0750 3096  ================ Scan system memory ========================
22:58:28.0750 3096  System memory - ok
22:58:28.0750 3096  ================ Scan services =============================
22:58:28.0938 3096  [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
22:58:29.0109 3096  1394ohci - ok
22:58:29.0156 3096  [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
22:58:29.0203 3096  ACPI - ok
22:58:29.0250 3096  [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
22:58:29.0312 3096  AcpiPmi - ok
22:58:29.0421 3096  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
22:58:29.0452 3096  AdobeARMservice - ok
22:58:29.0515 3096  [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
22:58:29.0577 3096  adp94xx - ok
22:58:29.0593 3096  [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
22:58:29.0640 3096  adpahci - ok
22:58:29.0655 3096  [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
22:58:29.0686 3096  adpu320 - ok
22:58:29.0718 3096  [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
22:58:29.0764 3096  AeLookupSvc - ok
22:58:29.0811 3096  [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD             C:\Windows\system32\drivers\afd.sys
22:58:29.0874 3096  AFD - ok
22:58:29.0905 3096  [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440          C:\Windows\system32\drivers\agp440.sys
22:58:29.0936 3096  agp440 - ok
22:58:29.0983 3096  [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx         C:\Windows\system32\DRIVERS\djsvs.sys
22:58:30.0014 3096  aic78xx - ok
22:58:30.0076 3096  [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG             C:\Windows\System32\alg.exe
22:58:30.0123 3096  ALG - ok
22:58:30.0154 3096  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide          C:\Windows\system32\drivers\aliide.sys
22:58:30.0186 3096  aliide - ok
22:58:30.0201 3096  [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
22:58:30.0232 3096  amdagp - ok
22:58:30.0248 3096  [ CD5914170297126B6266860198D1D4F0 ] amdide          C:\Windows\system32\drivers\amdide.sys
22:58:30.0279 3096  amdide - ok
22:58:30.0326 3096  [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
22:58:30.0373 3096  AmdK8 - ok
22:58:30.0373 3096  [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
22:58:30.0420 3096  AmdPPM - ok
22:58:30.0466 3096  [ D320BF87125326F996D4904FE24300FC ] amdsata         C:\Windows\system32\drivers\amdsata.sys
22:58:30.0498 3096  amdsata - ok
22:58:30.0529 3096  [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
22:58:30.0560 3096  amdsbs - ok
22:58:30.0591 3096  [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
22:58:30.0622 3096  amdxata - ok
22:58:30.0716 3096  [ D1AF38FBAC0DC7E6D796B0ED01707EE0 ] AppHostSvc      C:\Windows\system32\inetsrv\apphostsvc.dll
22:58:30.0763 3096  AppHostSvc - ok
22:58:30.0810 3096  [ AEA177F783E20150ACE5383EE368DA19 ] AppID           C:\Windows\system32\drivers\appid.sys
22:58:30.0966 3096  AppID - ok
22:58:31.0028 3096  [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
22:58:31.0106 3096  AppIDSvc - ok
22:58:31.0153 3096  [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo         C:\Windows\System32\appinfo.dll
22:58:31.0246 3096  Appinfo - ok
22:58:31.0418 3096  [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt         C:\Windows\System32\appmgmts.dll
22:58:31.0465 3096  AppMgmt - ok
22:58:31.0512 3096  [ 2932004F49677BD84DBC72EDB754FFB3 ] arc             C:\Windows\system32\DRIVERS\arc.sys
22:58:31.0543 3096  arc - ok
22:58:31.0558 3096  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
22:58:31.0590 3096  arcsas - ok
22:58:31.0621 3096  [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
22:58:31.0761 3096  AsyncMac - ok
22:58:31.0792 3096  [ 338C86357871C167A96AB976519BF59E ] atapi           C:\Windows\system32\drivers\atapi.sys
22:58:31.0824 3096  atapi - ok
22:58:31.0886 3096  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
22:58:31.0980 3096  AudioEndpointBuilder - ok
22:58:31.0995 3096  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
22:58:32.0073 3096  Audiosrv - ok
22:58:32.0120 3096  [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
22:58:32.0167 3096  AxInstSV - ok
22:58:32.0245 3096  [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbdx.sys
22:58:32.0307 3096  b06bdrv - ok
22:58:32.0354 3096  [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
22:58:32.0385 3096  b57nd60x - ok
22:58:32.0526 3096  [ F9CE9B5E049EFC66B8E6C73C18EE8438 ] BCM43XX         C:\Windows\system32\DRIVERS\bcmwl6.sys
22:58:32.0666 3096  BCM43XX - ok
22:58:32.0713 3096  [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC          C:\Windows\System32\bdesvc.dll
22:58:32.0760 3096  BDESVC - ok
22:58:32.0806 3096  [ 505506526A9D467307B3C393DEDAF858 ] Beep            C:\Windows\system32\drivers\Beep.sys
22:58:32.0884 3096  Beep - ok
22:58:32.0931 3096  [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE             C:\Windows\System32\bfe.dll
22:58:33.0025 3096  BFE - ok
22:58:33.0196 3096  BHDrvx86 - ok
22:58:33.0228 3096  [ E585445D5021971FAE10393F0F1C3961 ] BITS            C:\Windows\System32\qmgr.dll
22:58:33.0337 3096  BITS - ok
22:58:33.0368 3096  [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
22:58:33.0415 3096  blbdrive - ok
22:58:33.0446 3096  [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
22:58:33.0477 3096  bowser - ok
22:58:33.0524 3096  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:58:33.0555 3096  BrFiltLo - ok
22:58:33.0586 3096  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:58:33.0649 3096  BrFiltUp - ok
22:58:33.0680 3096  [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser         C:\Windows\System32\browser.dll
22:58:33.0742 3096  Browser - ok
22:58:33.0836 3096  [ 845B8CE732E67F3B4133164868C666EA ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
22:58:33.0883 3096  Brserid - ok
22:58:33.0898 3096  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
22:58:33.0945 3096  BrSerWdm - ok
22:58:33.0961 3096  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
22:58:34.0008 3096  BrUsbMdm - ok
22:58:34.0023 3096  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
22:58:34.0070 3096  BrUsbSer - ok
22:58:34.0101 3096  [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
22:58:34.0148 3096  BTHMODEM - ok
22:58:34.0195 3096  [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv         C:\Windows\system32\bthserv.dll
22:58:34.0273 3096  bthserv - ok
22:58:34.0366 3096  [ 1277AD8F053CC60C17CAFAB411F3CF40 ] ccSet_N360      C:\Windows\system32\drivers\N360\1402000.013\ccSetx86.sys
22:58:34.0398 3096  ccSet_N360 - ok
22:58:34.0429 3096  [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
22:58:34.0522 3096  cdfs - ok
22:58:34.0585 3096  [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
22:58:34.0616 3096  cdrom - ok
22:58:34.0663 3096  [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc     C:\Windows\System32\certprop.dll
22:58:34.0725 3096  CertPropSvc - ok
22:58:34.0772 3096  [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
22:58:34.0819 3096  circlass - ok
22:58:34.0850 3096  [ 3E2AFAFA158C9ED670C106842BDCC81E ] CISVC           C:\Windows\system32\CISVC.EXE
22:58:34.0897 3096  CISVC - ok
22:58:34.0959 3096  [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS            C:\Windows\system32\CLFS.sys
22:58:35.0006 3096  CLFS - ok
22:58:35.0084 3096  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:58:35.0115 3096  clr_optimization_v2.0.50727_32 - ok
22:58:35.0209 3096  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:58:35.0240 3096  clr_optimization_v4.0.30319_32 - ok
22:58:35.0271 3096  [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
22:58:35.0318 3096  CmBatt - ok
22:58:35.0334 3096  [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
22:58:35.0365 3096  cmdide - ok
22:58:35.0396 3096  [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG             C:\Windows\system32\Drivers\cng.sys
22:58:35.0458 3096  CNG - ok
22:58:35.0505 3096  [ A6023D3823C37043986713F118A89BEE ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
22:58:35.0536 3096  Compbatt - ok
22:58:35.0583 3096  [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
22:58:35.0614 3096  CompositeBus - ok
22:58:35.0630 3096  COMSysApp - ok
22:58:35.0661 3096  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
22:58:35.0692 3096  crcdisk - ok
22:58:35.0755 3096  [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc        C:\Windows\system32\cryptsvc.dll
22:58:35.0802 3096  CryptSvc - ok
22:58:35.0848 3096  [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC             C:\Windows\system32\drivers\csc.sys
22:58:35.0895 3096  CSC - ok
22:58:35.0942 3096  [ 15F93B37F6801943360D9EB42485D5D3 ] CscService      C:\Windows\System32\cscsvc.dll
22:58:35.0989 3096  CscService - ok
22:58:36.0020 3096  [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch      C:\Windows\system32\rpcss.dll
22:58:36.0098 3096  DcomLaunch - ok
22:58:36.0129 3096  [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc       C:\Windows\System32\defragsvc.dll
22:58:36.0223 3096  defragsvc - ok
22:58:36.0270 3096  [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
22:58:36.0363 3096  DfsC - ok
22:58:36.0441 3096  [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp            C:\Windows\system32\dhcpcore.dll
22:58:36.0488 3096  Dhcp - ok
22:58:36.0535 3096  [ 1A050B0274BFB3890703D490F330C0DA ] discache        C:\Windows\system32\drivers\discache.sys
22:58:36.0660 3096  discache - ok
22:58:36.0753 3096  [ 565003F326F99802E68CA78F2A68E9FF ] Disk            C:\Windows\system32\DRIVERS\disk.sys
22:58:36.0784 3096  Disk - ok
22:58:36.0831 3096  [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
22:58:36.0878 3096  Dnscache - ok
22:58:36.0940 3096  [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc         C:\Windows\System32\dot3svc.dll
22:58:37.0018 3096  dot3svc - ok
22:58:37.0050 3096  [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS             C:\Windows\system32\dps.dll
22:58:37.0128 3096  DPS - ok
22:58:37.0174 3096  [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
22:58:37.0237 3096  drmkaud - ok
22:58:37.0330 3096  [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
22:58:37.0393 3096  DXGKrnl - ok
22:58:37.0440 3096  [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost         C:\Windows\System32\eapsvc.dll
22:58:37.0518 3096  EapHost - ok
22:58:37.0658 3096  [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv           C:\Windows\system32\DRIVERS\evbdx.sys
22:58:37.0814 3096  ebdrv - ok
22:58:37.0876 3096  [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl          C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
22:58:37.0908 3096  eeCtrl - ok
22:58:37.0939 3096  [ 81951F51E318AECC2D68559E47485CC4 ] EFS             C:\Windows\System32\lsass.exe
22:58:37.0986 3096  EFS - ok
22:58:38.0064 3096  [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
22:58:38.0110 3096  ehRecvr - ok
22:58:38.0173 3096  [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched         C:\Windows\ehome\ehsched.exe
22:58:38.0220 3096  ehSched - ok
22:58:38.0298 3096  [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
22:58:38.0344 3096  elxstor - ok
22:58:38.0391 3096  [ B5A8A04A6E5B4E86B95B1553AA918F5F ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
22:58:38.0407 3096  EraserUtilRebootDrv - ok
22:58:38.0454 3096  [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
22:58:38.0500 3096  ErrDev - ok
22:58:38.0547 3096  [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem     C:\Windows\system32\es.dll
22:58:38.0641 3096  EventSystem - ok
22:58:38.0672 3096  [ 2DC9108D74081149CC8B651D3A26207F ] exfat           C:\Windows\system32\drivers\exfat.sys
22:58:38.0750 3096  exfat - ok
22:58:38.0797 3096  [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
22:58:38.0859 3096  fastfat - ok
22:58:38.0922 3096  [ 967EA5B213E9984CBE270205DF37755B ] Fax             C:\Windows\system32\fxssvc.exe
22:58:38.0968 3096  Fax - ok
22:58:39.0000 3096  [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
22:58:39.0031 3096  fdc - ok
22:58:39.0078 3096  [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost         C:\Windows\system32\fdPHost.dll
22:58:39.0140 3096  fdPHost - ok
22:58:39.0156 3096  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub        C:\Windows\system32\fdrespub.dll
22:58:39.0249 3096  FDResPub - ok
22:58:39.0296 3096  [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
22:58:39.0327 3096  FileInfo - ok
22:58:39.0343 3096  [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
22:58:39.0421 3096  Filetrace - ok
22:58:39.0436 3096  [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
22:58:39.0483 3096  flpydisk - ok
22:58:39.0514 3096  [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
22:58:39.0561 3096  FltMgr - ok
22:58:39.0608 3096  [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache       C:\Windows\system32\FntCache.dll
22:58:39.0686 3096  FontCache - ok
22:58:39.0764 3096  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
22:58:39.0780 3096  FontCache3.0.0.0 - ok
22:58:39.0811 3096  [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
22:58:39.0842 3096  FsDepends - ok
22:58:39.0904 3096  [ 2ED0BABD4CD98ED820FD0D0BCBE96721 ] fssfltr         C:\Windows\system32\DRIVERS\fssfltr.sys
22:58:39.0936 3096  fssfltr - ok
22:58:40.0029 3096  [ 812E1BA5C52A78F13EA6AA10DF708B1D ] fsssvc          C:\Program Files\Windows Live\Family Safety\fsssvc.exe
22:58:40.0138 3096  fsssvc - ok
22:58:40.0185 3096  [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
22:58:40.0216 3096  Fs_Rec - ok
22:58:40.0263 3096  [ 8A73E79089B282100B9393B644CB853B ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
22:58:40.0310 3096  fvevol - ok
22:58:40.0357 3096  [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
22:58:40.0388 3096  gagp30kx - ok
22:58:40.0435 3096  [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc           C:\Windows\System32\gpsvc.dll
22:58:40.0528 3096  gpsvc - ok
22:58:40.0560 3096  [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
22:58:40.0622 3096  hcw85cir - ok
22:58:40.0669 3096  [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
22:58:40.0716 3096  HdAudAddService - ok
22:58:40.0762 3096  [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
22:58:40.0809 3096  HDAudBus - ok
22:58:40.0825 3096  [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
22:58:40.0856 3096  HidBatt - ok
22:58:40.0903 3096  [ 89448F40E6DF260C206A193A4683BA78 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
22:58:40.0950 3096  HidBth - ok
22:58:40.0981 3096  [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
22:58:41.0043 3096  HidIr - ok
22:58:41.0059 3096  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv         C:\Windows\system32\hidserv.dll
22:58:41.0152 3096  hidserv - ok
22:58:41.0199 3096  [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb          C:\Windows\system32\drivers\hidusb.sys
22:58:41.0246 3096  HidUsb - ok
22:58:41.0262 3096  [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc          C:\Windows\system32\kmsvc.dll
22:58:41.0355 3096  hkmsvc - ok
22:58:41.0386 3096  [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
22:58:41.0433 3096  HomeGroupListener - ok
22:58:41.0480 3096  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
22:58:41.0542 3096  HomeGroupProvider - ok
22:58:41.0574 3096  [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
22:58:41.0605 3096  HpSAMD - ok
22:58:41.0683 3096  [ 871917B07A141BFF43D76D8844D48106 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
22:58:41.0761 3096  HTTP - ok
22:58:41.0823 3096  [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
22:58:41.0854 3096  hwpolicy - ok
22:58:41.0901 3096  [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
22:58:41.0932 3096  i8042prt - ok
22:58:41.0979 3096  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
22:58:42.0026 3096  iaStorV - ok
22:58:42.0088 3096  [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
22:58:42.0151 3096  idsvc - ok
22:58:42.0182 3096  IDSVix86 - ok
22:58:42.0432 3096  [ 9467514EA189475A6E7FDC5D7BDE9D3F ] igfx            C:\Windows\system32\DRIVERS\igdkmd32.sys
22:58:42.0728 3096  igfx - ok
22:58:42.0790 3096  [ 4173FF5708F3236CF25195FECD742915 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
22:58:42.0822 3096  iirsp - ok
22:58:42.0884 3096  [ F95622F161474511B8D80D6B093AA610 ] IKEEXT          C:\Windows\System32\ikeext.dll
22:58:42.0993 3096  IKEEXT - ok
22:58:43.0040 3096  [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide        C:\Windows\system32\drivers\intelide.sys
22:58:43.0071 3096  intelide - ok
22:58:43.0118 3096  [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
22:58:43.0149 3096  intelppm - ok
22:58:43.0196 3096  [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
22:58:43.0290 3096  IPBusEnum - ok
22:58:43.0321 3096  [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:58:43.0399 3096  IpFilterDriver - ok
22:58:43.0461 3096  [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
22:58:43.0524 3096  iphlpsvc - ok
22:58:43.0555 3096  [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
22:58:43.0602 3096  IPMIDRV - ok
22:58:43.0648 3096  [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
22:58:43.0742 3096  IPNAT - ok
22:58:43.0758 3096  [ 42996CFF20A3084A56017B7902307E9F ] IRENUM          C:\Windows\system32\drivers\irenum.sys
22:58:43.0820 3096  IRENUM - ok
22:58:43.0851 3096  [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
22:58:43.0882 3096  isapnp - ok
22:58:43.0929 3096  [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
22:58:43.0960 3096  iScsiPrt - ok
22:58:43.0992 3096  [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
22:58:44.0023 3096  kbdclass - ok
22:58:44.0070 3096  [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
22:58:44.0101 3096  kbdhid - ok
22:58:44.0116 3096  [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso          C:\Windows\system32\lsass.exe
22:58:44.0163 3096  KeyIso - ok
22:58:44.0241 3096  [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
22:58:44.0272 3096  KSecDD - ok
22:58:44.0304 3096  [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
22:58:44.0335 3096  KSecPkg - ok
22:58:44.0382 3096  [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm           C:\Windows\system32\msdtckrm.dll
22:58:44.0475 3096  KtmRm - ok
22:58:44.0538 3096  [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer    C:\Windows\system32\srvsvc.dll
22:58:44.0616 3096  LanmanServer - ok
22:58:44.0662 3096  [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
22:58:44.0740 3096  LanmanWorkstation - ok
22:58:44.0787 3096  [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
22:58:44.0881 3096  lltdio - ok
22:58:44.0912 3096  [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
22:58:45.0006 3096  lltdsvc - ok
22:58:45.0021 3096  [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts         C:\Windows\System32\lmhsvc.dll
22:58:45.0099 3096  lmhosts - ok
22:58:45.0146 3096  [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
22:58:45.0177 3096  LSI_FC - ok
22:58:45.0193 3096  [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
22:58:45.0224 3096  LSI_SAS - ok
22:58:45.0240 3096  [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:58:45.0271 3096  LSI_SAS2 - ok
22:58:45.0286 3096  [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:58:45.0318 3096  LSI_SCSI - ok
22:58:45.0349 3096  [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv           C:\Windows\system32\drivers\luafv.sys
22:58:45.0427 3096  luafv - ok
22:58:45.0474 3096  [ 629CABB0421668C9D3D402A3C3D77E14 ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
22:58:45.0505 3096  MBAMProtector - ok
22:58:45.0552 3096  [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler   C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
22:58:45.0598 3096  MBAMScheduler - ok
22:58:45.0630 3096  [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService     C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
22:58:45.0676 3096  MBAMService - ok
22:58:45.0708 3096  [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
22:58:45.0754 3096  Mcx2Svc - ok
22:58:45.0786 3096  [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
22:58:45.0817 3096  megasas - ok
22:58:45.0832 3096  [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
22:58:45.0879 3096  MegaSR - ok
22:58:45.0926 3096  [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS           C:\Windows\system32\mmcss.dll
22:58:46.0020 3096  MMCSS - ok
22:58:46.0051 3096  [ F001861E5700EE84E2D4E52C712F4964 ] Modem           C:\Windows\system32\drivers\modem.sys
22:58:46.0129 3096  Modem - ok
22:58:46.0144 3096  [ 79D10964DE86B292320E9DFE02282A23 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
22:58:46.0207 3096  monitor - ok
22:58:46.0222 3096  [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass        C:\Windows\system32\drivers\mouclass.sys
22:58:46.0254 3096  mouclass - ok
22:58:46.0285 3096  [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
22:58:46.0332 3096  mouhid - ok
22:58:46.0378 3096  [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
22:58:46.0410 3096  mountmgr - ok
22:58:46.0425 3096  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio            C:\Windows\system32\drivers\mpio.sys
22:58:46.0472 3096  mpio - ok
22:58:46.0488 3096  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
22:58:46.0550 3096  mpsdrv - ok
22:58:46.0597 3096  [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc          C:\Windows\system32\mpssvc.dll
22:58:46.0706 3096  MpsSvc - ok
22:58:46.0753 3096  [ A5888C609EFCC07B060DD823FA3D474A ] MQAC            C:\Windows\system32\drivers\mqac.sys
22:58:46.0800 3096  MQAC - ok
22:58:46.0831 3096  [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
22:58:46.0878 3096  MRxDAV - ok
22:58:46.0924 3096  [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
22:58:46.0971 3096  mrxsmb - ok
22:58:47.0002 3096  [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:58:47.0034 3096  mrxsmb10 - ok
22:58:47.0049 3096  [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:58:47.0096 3096  mrxsmb20 - ok
22:58:47.0143 3096  [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci          C:\Windows\system32\drivers\msahci.sys
22:58:47.0190 3096  msahci - ok
22:58:47.0221 3096  [ 55055F8AD8BE27A64C831322A780A228 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
22:58:47.0252 3096  msdsm - ok
22:58:47.0283 3096  [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC           C:\Windows\System32\msdtc.exe
22:58:47.0330 3096  MSDTC - ok
22:58:47.0392 3096  [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs            C:\Windows\system32\drivers\Msfs.sys
22:58:47.0455 3096  Msfs - ok
22:58:47.0470 3096  [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
22:58:47.0548 3096  mshidkmdf - ok
22:58:47.0580 3096  [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
22:58:47.0611 3096  msisadrv - ok
22:58:47.0642 3096  [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
22:58:47.0720 3096  MSiSCSI - ok
22:58:47.0736 3096  msiserver - ok
22:58:47.0782 3096  [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
22:58:47.0860 3096  MSKSSRV - ok
22:58:47.0892 3096  [ E582B9E88EF4980C3B76276620FE667B ] MSMQ            C:\Windows\system32\mqsvc.exe
22:58:47.0938 3096  MSMQ - ok
22:58:47.0970 3096  [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
22:58:48.0048 3096  MSPCLOCK - ok
22:58:48.0048 3096  [ F456E973590D663B1073E9C463B40932 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
22:58:48.0126 3096  MSPQM - ok
22:58:48.0172 3096  [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
22:58:48.0204 3096  MsRPC - ok
22:58:48.0250 3096  [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
22:58:48.0282 3096  mssmbios - ok
22:58:48.0297 3096  [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
22:58:48.0375 3096  MSTEE - ok
22:58:48.0406 3096  [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
22:58:48.0453 3096  MTConfig - ok
22:58:48.0500 3096  [ 159FAD02F64E6381758C990F753BCC80 ] Mup             C:\Windows\system32\Drivers\mup.sys
22:58:48.0531 3096  Mup - ok
22:58:48.0594 3096  [ 4A9258B9597A31DB68EC9740F3A8A70B ] N360            C:\Program Files\Norton 360\Engine\20.2.0.19\ccSvcHst.exe
22:58:48.0625 3096  N360 - ok
22:58:48.0656 3096  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent        C:\Windows\system32\qagentRT.dll
22:58:48.0750 3096  napagent - ok
22:58:48.0812 3096  [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
22:58:48.0859 3096  NativeWifiP - ok
22:58:48.0890 3096  NAVENG - ok
22:58:48.0906 3096  NAVEX15 - ok
22:58:48.0952 3096  [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS            C:\Windows\system32\drivers\ndis.sys
22:58:48.0999 3096  NDIS - ok
22:58:49.0030 3096  [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
22:58:49.0093 3096  NdisCap - ok
22:58:49.0140 3096  [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
22:58:49.0218 3096  NdisTapi - ok
22:58:49.0264 3096  [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
22:58:49.0327 3096  Ndisuio - ok
22:58:49.0358 3096  [ 38FBE267E7E6983311179230FACB1017 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
22:58:49.0420 3096  NdisWan - ok
22:58:49.0467 3096  [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
22:58:49.0530 3096  NDProxy - ok
22:58:49.0545 3096  [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
22:58:49.0623 3096  NetBIOS - ok
22:58:49.0670 3096  [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
22:58:49.0748 3096  NetBT - ok
22:58:49.0779 3096  [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon        C:\Windows\system32\lsass.exe
22:58:49.0810 3096  Netlogon - ok
22:58:49.0873 3096  [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman          C:\Windows\System32\netman.dll
22:58:49.0951 3096  Netman - ok
22:58:49.0966 3096  [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm        C:\Windows\System32\netprofm.dll
22:58:50.0060 3096  netprofm - ok
22:58:50.0091 3096  [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:58:50.0107 3096  NetTcpPortSharing - ok
22:58:50.0154 3096  [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
22:58:50.0185 3096  nfrd960 - ok
22:58:50.0216 3096  [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc          C:\Windows\System32\nlasvc.dll
22:58:50.0278 3096  NlaSvc - ok
22:58:50.0310 3096  [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
22:58:50.0372 3096  Npfs - ok
22:58:50.0403 3096  [ BA387E955E890C8A88306D9B8D06BF17 ] nsi             C:\Windows\system32\nsisvc.dll
22:58:50.0481 3096  nsi - ok
22:58:50.0497 3096  [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
22:58:50.0575 3096  nsiproxy - ok
22:58:50.0668 3096  [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
22:58:50.0746 3096  Ntfs - ok
22:58:50.0778 3096  [ F9756A98D69098DCA8945D62858A812C ] Null            C:\Windows\system32\drivers\Null.sys
22:58:50.0856 3096  Null - ok
22:58:50.0902 3096  [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
22:58:50.0934 3096  nvraid - ok
22:58:50.0965 3096  [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
22:58:51.0012 3096  nvstor - ok
22:58:51.0027 3096  [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
22:58:51.0058 3096  nv_agp - ok
22:58:51.0121 3096  [ BBD5503999F331278DB39046888D559C ] o2flash         C:\Windows\system32\DRIVERS\o2flash.exe
22:58:51.0136 3096  o2flash - ok
22:58:51.0168 3096  [ 305E0EC480EBC7A24D4B691DA76E008C ] O2MDRDR         C:\Windows\system32\DRIVERS\o2media.sys
22:58:51.0183 3096  O2MDRDR - ok
22:58:51.0214 3096  [ 6E590C91F97AE5E3408453C8AE9A3000 ] O2SDRDR         C:\Windows\system32\DRIVERS\o2sd.sys
22:58:51.0230 3096  O2SDRDR - ok
22:58:51.0261 3096  [ 86326062A90494BDD79CE383511D7D69 ] OEM13Vfx        C:\Windows\system32\DRIVERS\OEM13Vfx.sys
22:58:51.0308 3096  OEM13Vfx - ok
22:58:51.0324 3096  [ 12539B57ED05DE7552403A12B3E0161C ] OEM13Vid        C:\Windows\system32\DRIVERS\OEM13Vid.sys
22:58:51.0370 3096  OEM13Vid - ok
22:58:51.0402 3096  [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
22:58:51.0448 3096  ohci1394 - ok
22:58:51.0495 3096  [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
22:58:51.0558 3096  p2pimsvc - ok
22:58:51.0589 3096  [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc          C:\Windows\system32\p2psvc.dll
22:58:51.0651 3096  p2psvc - ok
22:58:51.0682 3096  [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
22:58:51.0714 3096  Parport - ok
22:58:51.0760 3096  [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr         C:\Windows\system32\drivers\partmgr.sys
22:58:51.0792 3096  partmgr - ok
22:58:51.0807 3096  [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys
22:58:51.0854 3096  Parvdm - ok
22:58:51.0901 3096  [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc          C:\Windows\System32\pcasvc.dll
22:58:51.0948 3096  PcaSvc - ok
22:58:51.0963 3096  [ 673E55C3498EB970088E812EA820AA8F ] pci             C:\Windows\system32\drivers\pci.sys
22:58:51.0994 3096  pci - ok
22:58:52.0026 3096  [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide          C:\Windows\system32\drivers\pciide.sys
22:58:52.0057 3096  pciide - ok
22:58:52.0088 3096  [ F396431B31693E71E8A80687EF523506 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
22:58:52.0119 3096  pcmcia - ok
22:58:52.0150 3096  [ 250F6B43D2B613172035C6747AEEB19F ] pcw             C:\Windows\system32\drivers\pcw.sys
22:58:52.0182 3096  pcw - ok
22:58:52.0260 3096  [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
22:58:52.0369 3096  PEAUTH - ok
22:58:52.0431 3096  [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
22:58:52.0494 3096  PeerDistSvc - ok
22:58:52.0603 3096  [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla             C:\Windows\system32\pla.dll
22:58:52.0728 3096  pla - ok
22:58:52.0774 3096  [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
22:58:52.0852 3096  PlugPlay - ok
22:58:52.0884 3096  [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
22:58:52.0930 3096  PNRPAutoReg - ok
22:58:52.0962 3096  [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
22:58:53.0008 3096  PNRPsvc - ok
22:58:53.0055 3096  [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
22:58:53.0149 3096  PolicyAgent - ok
22:58:53.0211 3096  [ F87D30E72E03D579A5199CCB3831D6EA ] Power           C:\Windows\system32\umpo.dll
22:58:53.0274 3096  Power - ok
22:58:53.0320 3096  [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
22:58:53.0414 3096  PptpMiniport - ok
22:58:53.0445 3096  [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
22:58:53.0476 3096  Processor - ok
22:58:53.0508 3096  [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc         C:\Windows\system32\profsvc.dll
22:58:53.0554 3096  ProfSvc - ok
22:58:53.0586 3096  [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
22:58:53.0617 3096  ProtectedStorage - ok
22:58:53.0632 3096  [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
22:58:53.0710 3096  Psched - ok
22:58:53.0773 3096  [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
22:58:53.0866 3096  ql2300 - ok
22:58:53.0882 3096  [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
22:58:53.0913 3096  ql40xx - ok
22:58:53.0944 3096  [ 31AC809E7707EB580B2BDB760390765A ] QWAVE           C:\Windows\system32\qwave.dll
22:58:54.0007 3096  QWAVE - ok
22:58:54.0038 3096  [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
22:58:54.0085 3096  QWAVEdrv - ok
22:58:54.0116 3096  [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
22:58:54.0194 3096  RasAcd - ok
22:58:54.0225 3096  [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
22:58:54.0303 3096  RasAgileVpn - ok
22:58:54.0319 3096  [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto         C:\Windows\System32\rasauto.dll
22:58:54.0397 3096  RasAuto - ok
22:58:54.0412 3096  [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
22:58:54.0490 3096  Rasl2tp - ok
22:58:54.0537 3096  [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan          C:\Windows\System32\rasmans.dll
22:58:54.0615 3096  RasMan - ok
22:58:54.0646 3096  [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
22:58:54.0709 3096  RasPppoe - ok
22:58:54.0740 3096  [ 44101F495A83EA6401D886E7FD70096B ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
22:58:54.0818 3096  RasSstp - ok
22:58:54.0880 3096  [ D528BC58A489409BA40334EBF96A311B ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
22:58:54.0958 3096  rdbss - ok
22:58:54.0990 3096  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
22:58:55.0021 3096  rdpbus - ok
22:58:55.0052 3096  [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
22:58:55.0114 3096  RDPCDD - ok
22:58:55.0146 3096  [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
22:58:55.0192 3096  RDPDR - ok
22:58:55.0208 3096  [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
22:58:55.0286 3096  RDPENCDD - ok
22:58:55.0317 3096  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
22:58:55.0395 3096  RDPREFMP - ok
22:58:55.0426 3096  [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
22:58:55.0473 3096  RDPWD - ok
22:58:55.0520 3096  [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
22:58:55.0567 3096  rdyboost - ok
22:58:55.0598 3096  [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess    C:\Windows\System32\mprdim.dll
22:58:55.0692 3096  RemoteAccess - ok
22:58:55.0738 3096  [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
22:58:55.0816 3096  RemoteRegistry - ok
22:58:55.0848 3096  [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
22:58:55.0926 3096  RpcEptMapper - ok
22:58:55.0941 3096  [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator      C:\Windows\system32\locator.exe
22:58:55.0988 3096  RpcLocator - ok
22:58:56.0019 3096  [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs           C:\Windows\system32\rpcss.dll
22:58:56.0097 3096  RpcSs - ok
22:58:56.0144 3096  [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
22:58:56.0222 3096  rspndr - ok
22:58:56.0269 3096  [ 5283B9A27FF230F2FF70D92451FF409A ] RTL8167         C:\Windows\system32\DRIVERS\Rt86win7.sys
22:58:56.0316 3096  RTL8167 - ok
22:58:56.0347 3096  [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
22:58:56.0378 3096  s3cap - ok
22:58:56.0409 3096  [ 81951F51E318AECC2D68559E47485CC4 ] SamSs           C:\Windows\system32\lsass.exe
22:58:56.0440 3096  SamSs - ok
22:58:56.0472 3096  [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
22:58:56.0503 3096  sbp2port - ok
22:58:56.0550 3096  [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
22:58:56.0643 3096  SCardSvr - ok
22:58:56.0690 3096  [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
22:58:56.0752 3096  scfilter - ok
22:58:56.0799 3096  [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule        C:\Windows\system32\schedsvc.dll
22:58:56.0908 3096  Schedule - ok
22:58:56.0940 3096  [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc     C:\Windows\System32\certprop.dll
22:58:57.0002 3096  SCPolicySvc - ok
22:58:57.0049 3096  [ 0328BE1C7F1CBA23848179F8762E391C ] sdbus           C:\Windows\system32\drivers\sdbus.sys
22:58:57.0096 3096  sdbus - ok
22:58:57.0127 3096  [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
22:58:57.0174 3096  SDRSVC - ok
22:58:57.0252 3096  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
22:58:57.0330 3096  secdrv - ok
22:58:57.0376 3096  [ A59B3A4442C52060CC7A85293AA3546F ] seclogon        C:\Windows\system32\seclogon.dll
22:58:57.0454 3096  seclogon - ok
22:58:57.0517 3096  [ DCB7FCDCC97F87360F75D77425B81737 ] SENS            C:\Windows\System32\sens.dll
22:58:57.0626 3096  SENS - ok
22:58:57.0657 3096  [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc        C:\Windows\system32\sensrsvc.dll
22:58:57.0704 3096  SensrSvc - ok
22:58:57.0720 3096  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
22:58:57.0751 3096  Serenum - ok
22:58:57.0782 3096  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
22:58:57.0813 3096  Serial - ok
22:58:57.0844 3096  [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
22:58:57.0891 3096  sermouse - ok
22:58:57.0938 3096  [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv      C:\Windows\system32\sessenv.dll
22:58:58.0047 3096  SessionEnv - ok
22:58:58.0078 3096  [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
22:58:58.0125 3096  sffdisk - ok
22:58:58.0141 3096  [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
22:58:58.0188 3096  sffp_mmc - ok
22:58:58.0203 3096  [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
22:58:58.0250 3096  sffp_sd - ok
22:58:58.0281 3096  [ DB96666CC8312EBC45032F30B007A547 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
22:58:58.0328 3096  sfloppy - ok
22:58:58.0375 3096  [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
22:58:58.0453 3096  SharedAccess - ok
22:58:58.0484 3096  [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
22:58:58.0578 3096  ShellHWDetection - ok
22:58:58.0609 3096  [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp          C:\Windows\system32\drivers\sisagp.sys
22:58:58.0640 3096  sisagp - ok
22:58:58.0671 3096  [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:58:58.0702 3096  SiSRaid2 - ok
22:58:58.0718 3096  [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
22:58:58.0749 3096  SiSRaid4 - ok
22:58:58.0796 3096  [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
22:58:58.0827 3096  SkypeUpdate - ok
22:58:58.0858 3096  [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb             C:\Windows\system32\DRIVERS\smb.sys
22:58:58.0921 3096  Smb - ok
22:58:58.0999 3096  [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
22:58:59.0046 3096  SNMPTRAP - ok
22:58:59.0061 3096  [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr           C:\Windows\system32\drivers\spldr.sys
22:58:59.0092 3096  spldr - ok
22:58:59.0139 3096  [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler         C:\Windows\System32\spoolsv.exe
22:58:59.0202 3096  Spooler - ok
22:58:59.0326 3096  [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc          C:\Windows\system32\sppsvc.exe
22:58:59.0514 3096  sppsvc - ok
22:58:59.0560 3096  [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
22:58:59.0623 3096  sppuinotify - ok
22:58:59.0685 3096  [ 26C1B59C80FEF94B025DF5C3C1B791A7 ] SRTSP           C:\Windows\system32\drivers\N360\1402000.013\SRTSP.SYS
22:58:59.0732 3096  SRTSP - ok
22:58:59.0779 3096  [ 21AC3AE81E8263061624C4ED3B11509A ] SRTSPX          C:\Windows\system32\drivers\N360\1402000.013\SRTSPX.SYS
22:58:59.0794 3096  SRTSPX - ok
22:58:59.0841 3096  [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv             C:\Windows\system32\DRIVERS\srv.sys
22:58:59.0888 3096  srv - ok
22:58:59.0919 3096  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
22:58:59.0982 3096  srv2 - ok
22:59:00.0013 3096  [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
22:59:00.0044 3096  srvnet - ok
22:59:00.0091 3096  [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
22:59:00.0169 3096  SSDPSRV - ok
22:59:00.0200 3096  [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
22:59:00.0278 3096  SstpSvc - ok
22:59:00.0309 3096  [ DB32D325C192B801DF274BFD12A7E72B ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
22:59:00.0340 3096  stexstor - ok
22:59:00.0372 3096  [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc          C:\Windows\System32\wiaservc.dll
22:59:00.0450 3096  StiSvc - ok
22:59:00.0481 3096  [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
22:59:00.0512 3096  storflt - ok
22:59:00.0543 3096  [ 0BF669F0A910BEDA4A32258D363AF2A5 ] StorSvc         C:\Windows\system32\storsvc.dll
22:59:00.0574 3096  StorSvc - ok
22:59:00.0606 3096  [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
22:59:00.0637 3096  storvsc - ok
22:59:00.0652 3096  [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum          C:\Windows\system32\drivers\swenum.sys
22:59:00.0684 3096  swenum - ok
22:59:00.0730 3096  [ A28BD92DF340E57B024BA433165D34D7 ] swprv           C:\Windows\System32\swprv.dll
22:59:00.0824 3096  swprv - ok
22:59:00.0871 3096  [ FB69A67FEEE3026C7F99774A1C405326 ] SymDS           C:\Windows\system32\drivers\N360\1402000.013\SYMDS.SYS
22:59:00.0902 3096  SymDS - ok
22:59:00.0964 3096  [ 28C5FAFA7FD1C522B8DCD59694D39412 ] SymEFA          C:\Windows\system32\drivers\N360\1402000.013\SYMEFA.SYS
22:59:01.0027 3096  SymEFA - ok
22:59:01.0074 3096  [ C940F10C31E2C60CC967FFD6A370720C ] SymEvent        C:\Windows\system32\Drivers\SYMEVENT.SYS
22:59:01.0105 3096  SymEvent - ok
22:59:01.0136 3096  [ 8C9B9036E301A9965CF15BEC91C58A12 ] SymIRON         C:\Windows\system32\drivers\N360\1402000.013\Ironx86.SYS
22:59:01.0167 3096  SymIRON - ok
22:59:01.0214 3096  [ 21698476A90ACAA056B8CFE09A82785F ] SymNetS         C:\Windows\system32\drivers\N360\1402000.013\SYMNETS.SYS
22:59:01.0245 3096  SymNetS - ok
22:59:01.0308 3096  [ 964524A9EDCCE945E82419ABE9DB94EE ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
22:59:01.0323 3096  SynTP - ok
22:59:01.0401 3096  [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain         C:\Windows\system32\sysmain.dll
22:59:01.0479 3096  SysMain - ok
22:59:01.0510 3096  [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
22:59:01.0557 3096  TabletInputService - ok
22:59:01.0604 3096  [ 613BF4820361543956909043A265C6AC ] TapiSrv         C:\Windows\System32\tapisrv.dll
22:59:01.0698 3096  TapiSrv - ok
22:59:01.0744 3096  [ B799D9FDB26111737F58288D8DC172D9 ] TBS             C:\Windows\System32\tbssvc.dll
22:59:01.0838 3096  TBS - ok
22:59:01.0900 3096  [ E23A56F843E2AEBBB209D0ACCA73C640 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
22:59:01.0978 3096  Tcpip - ok
22:59:02.0041 3096  [ E23A56F843E2AEBBB209D0ACCA73C640 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
22:59:02.0119 3096  TCPIP6 - ok
22:59:02.0150 3096  [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
22:59:02.0197 3096  tcpipreg - ok
22:59:02.0244 3096  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
22:59:02.0275 3096  TDPIPE - ok
22:59:02.0306 3096  [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
22:59:02.0353 3096  TDTCP - ok
22:59:02.0400 3096  [ B459575348C20E8121D6039DA063C704 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
22:59:02.0478 3096  tdx - ok
22:59:02.0509 3096  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD          C:\Windows\system32\drivers\termdd.sys
22:59:02.0540 3096  TermDD - ok
22:59:02.0602 3096  [ 382C804C92811BE57829D8E550A900E2 ] TermService     C:\Windows\System32\termsrv.dll
22:59:02.0696 3096  TermService - ok
22:59:02.0743 3096  [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes          C:\Windows\system32\themeservice.dll
22:59:02.0790 3096  Themes - ok
22:59:02.0821 3096  [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER     C:\Windows\system32\mmcss.dll
22:59:02.0899 3096  THREADORDER - ok
22:59:02.0946 3096  [ CE92B84ED806F1C5C340A51DFD3E49BC ] TlntSvr         C:\Windows\System32\tlntsvr.exe
22:59:02.0992 3096  TlntSvr - ok
22:59:03.0024 3096  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks          C:\Windows\System32\trkwks.dll
22:59:03.0102 3096  TrkWks - ok
22:59:03.0195 3096  [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
22:59:03.0258 3096  TrustedInstaller - ok
22:59:03.0289 3096  [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
22:59:03.0351 3096  tssecsrv - ok
22:59:03.0398 3096  [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
22:59:03.0429 3096  TsUsbFlt - ok
22:59:03.0492 3096  [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
22:59:03.0554 3096  tunnel - ok
22:59:03.0585 3096  [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
22:59:03.0616 3096  uagp35 - ok
22:59:03.0648 3096  [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
22:59:03.0726 3096  udfs - ok
22:59:03.0804 3096  [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
22:59:03.0850 3096  UI0Detect - ok
22:59:03.0882 3096  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
22:59:03.0913 3096  uliagpkx - ok
22:59:03.0944 3096  [ D295BED4B898F0FD999FCFA9B32B071B ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
22:59:03.0975 3096  umbus - ok
22:59:04.0022 3096  [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
22:59:04.0078 3096  UmPass - ok
22:59:04.0118 3096  [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService    C:\Windows\System32\umrdp.dll
22:59:04.0158 3096  UmRdpService - ok
22:59:04.0188 3096  [ 833FBB672460EFCE8011D262175FAD33 ] upnphost        C:\Windows\System32\upnphost.dll
22:59:04.0278 3096  upnphost - ok
22:59:04.0308 3096  [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
22:59:04.0348 3096  usbccgp - ok
22:59:04.0378 3096  [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
22:59:04.0418 3096  usbcir - ok
22:59:04.0448 3096  [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
22:59:04.0478 3096  usbehci - ok
22:59:04.0508 3096  [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
22:59:04.0568 3096  usbhub - ok
22:59:04.0598 3096  [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
22:59:04.0638 3096  usbohci - ok
22:59:04.0668 3096  [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
22:59:04.0708 3096  usbprint - ok
22:59:04.0718 3096  [ F991AB9CC6B908DB552166768176896A ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:59:04.0778 3096  USBSTOR - ok
22:59:04.0808 3096  [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
22:59:04.0838 3096  usbuhci - ok
22:59:04.0878 3096  [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
22:59:04.0918 3096  usbvideo - ok
22:59:04.0948 3096  [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms           C:\Windows\System32\uxsms.dll
22:59:05.0018 3096  UxSms - ok
22:59:05.0028 3096  [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc        C:\Windows\system32\lsass.exe
22:59:05.0058 3096  VaultSvc - ok
22:59:05.0088 3096  [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
22:59:05.0118 3096  vdrvroot - ok
22:59:05.0168 3096  [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds             C:\Windows\System32\vds.exe
22:59:05.0268 3096  vds - ok
22:59:05.0298 3096  [ 17C408214EA61696CEC9C66E388B14F3 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
22:59:05.0348 3096  vga - ok
22:59:05.0378 3096  [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave         C:\Windows\System32\drivers\vga.sys
22:59:05.0438 3096  VgaSave - ok
22:59:05.0468 3096  [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
22:59:05.0508 3096  vhdmp - ok
22:59:05.0608 3096  [ C829317A37B4BEA8F39735D4B076E923 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
22:59:05.0638 3096  viaagp - ok
22:59:05.0658 3096  [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7           C:\Windows\system32\DRIVERS\viac7.sys
22:59:05.0708 3096  ViaC7 - ok
22:59:05.0738 3096  [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide          C:\Windows\system32\drivers\viaide.sys
22:59:05.0768 3096  viaide - ok
22:59:05.0798 3096  [ C2F2911156FDC7817C52829C86DA494E ] vmbus           C:\Windows\system32\drivers\vmbus.sys
22:59:05.0838 3096  vmbus - ok
22:59:05.0858 3096  [ D4D77455211E204F370D08F4963063CE ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
22:59:05.0888 3096  VMBusHID - ok
22:59:05.0908 3096  [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
22:59:05.0938 3096  volmgr - ok
22:59:05.0968 3096  [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
22:59:06.0008 3096  volmgrx - ok
22:59:06.0038 3096  [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
22:59:06.0079 3096  volsnap - ok
22:59:06.0110 3096  [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
22:59:06.0141 3096  vsmraid - ok
22:59:06.0204 3096  [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS             C:\Windows\system32\vssvc.exe
22:59:06.0313 3096  VSS - ok
22:59:06.0328 3096  [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
22:59:06.0391 3096  vwifibus - ok
22:59:06.0422 3096  [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
22:59:06.0469 3096  vwififlt - ok
22:59:06.0547 3096  [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time         C:\Windows\system32\w32time.dll
22:59:06.0625 3096  W32Time - ok
22:59:06.0687 3096  [ 57C8C20BFA5BEF6BD851EBAC67A8CED0 ] W3SVC           C:\Windows\system32\inetsrv\iisw3adm.dll
22:59:06.0734 3096  W3SVC - ok
22:59:06.0765 3096  [ DE3721E89C653AA281428C8A69745D90 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
22:59:06.0796 3096  WacomPen - ok
22:59:06.0828 3096  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
22:59:06.0906 3096  WANARP - ok
22:59:06.0906 3096  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
22:59:06.0968 3096  Wanarpv6 - ok
22:59:06.0984 3096  [ 57C8C20BFA5BEF6BD851EBAC67A8CED0 ] WAS             C:\Windows\system32\inetsrv\iisw3adm.dll
22:59:07.0030 3096  WAS - ok
22:59:07.0093 3096  [ 691E3285E53DCA558E1A84667F13E15A ] wbengine        C:\Windows\system32\wbengine.exe
22:59:07.0171 3096  wbengine - ok
22:59:07.0218 3096  [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
22:59:07.0296 3096  WbioSrvc - ok
22:59:07.0342 3096  [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc         C:\Windows\System32\wcncsvc.dll
22:59:07.0389 3096  wcncsvc - ok
22:59:07.0420 3096  [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
22:59:07.0467 3096  WcsPlugInService - ok
22:59:07.0498 3096  [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd              C:\Windows\system32\DRIVERS\wd.sys
22:59:07.0530 3096  Wd - ok
22:59:07.0561 3096  [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
22:59:07.0623 3096  Wdf01000 - ok
22:59:07.0639 3096  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
22:59:07.0701 3096  WdiServiceHost - ok
22:59:07.0717 3096  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
22:59:07.0748 3096  WdiSystemHost - ok
22:59:07.0810 3096  [ A9D880F97530D5B8FEE278923349929D ] WebClient       C:\Windows\System32\webclnt.dll
22:59:07.0873 3096  WebClient - ok
22:59:07.0920 3096  [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc          C:\Windows\system32\wecsvc.dll
22:59:07.0998 3096  Wecsvc - ok
22:59:08.0044 3096  [ AC804569BB2364FB6017370258A4091B ] wercplsupport   C:\Windows\System32\wercplsupport.dll
22:59:08.0138 3096  wercplsupport - ok
22:59:08.0169 3096  [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc          C:\Windows\System32\WerSvc.dll
22:59:08.0263 3096  WerSvc - ok
22:59:08.0310 3096  [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
22:59:08.0372 3096  WfpLwf - ok
22:59:08.0403 3096  [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
22:59:08.0434 3096  WIMMount - ok
22:59:08.0512 3096  [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
22:59:08.0590 3096  WinDefend - ok
22:59:08.0590 3096  WinHttpAutoProxySvc - ok
22:59:08.0653 3096  [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
22:59:08.0731 3096  Winmgmt - ok
22:59:08.0793 3096  [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM           C:\Windows\system32\WsmSvc.dll
22:59:08.0918 3096  WinRM - ok
22:59:08.0980 3096  [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
22:59:09.0027 3096  WinUsb - ok
22:59:09.0090 3096  [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc         C:\Windows\System32\wlansvc.dll
22:59:09.0183 3096  Wlansvc - ok
22:59:09.0308 3096  [ 5E7C103F8475C4289847D15E129C20F7 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
22:59:09.0417 3096  wlidsvc - ok
22:59:09.0464 3096  [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
22:59:09.0511 3096  WmiAcpi - ok
22:59:09.0542 3096  [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
22:59:09.0589 3096  wmiApSrv - ok
22:59:09.0698 3096  [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
22:59:09.0792 3096  WMPNetworkSvc - ok
22:59:09.0823 3096  [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc          C:\Windows\System32\wpcsvc.dll
22:59:09.0870 3096  WPCSvc - ok
22:59:09.0901 3096  [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
22:59:09.0948 3096  WPDBusEnum - ok
22:59:09.0963 3096  [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
22:59:10.0057 3096  ws2ifsl - ok
22:59:10.0104 3096  [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc          C:\Windows\System32\wscsvc.dll
22:59:10.0150 3096  wscsvc - ok
22:59:10.0150 3096  WSearch - ok
22:59:10.0260 3096  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
22:59:10.0369 3096  wuauserv - ok
22:59:10.0416 3096  [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
22:59:10.0447 3096  WudfPf - ok
22:59:10.0494 3096  [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
22:59:10.0540 3096  WUDFRd - ok
22:59:10.0572 3096  [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
22:59:10.0603 3096  wudfsvc - ok
22:59:10.0650 3096  [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc         C:\Windows\System32\wwansvc.dll
22:59:10.0696 3096  WwanSvc - ok
22:59:10.0712 3096  ================ Scan global ===============================
22:59:10.0743 3096  [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
22:59:10.0790 3096  [ D70FE45855CAD4C0C6B1C1426ABDEBA9 ] C:\Windows\system32\winsrv.dll
22:59:10.0806 3096  [ D70FE45855CAD4C0C6B1C1426ABDEBA9 ] C:\Windows\system32\winsrv.dll
22:59:10.0852 3096  [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
22:59:10.0884 3096  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
22:59:10.0899 3096  [Global] - ok
22:59:10.0899 3096  ================ Scan MBR ==================================
22:59:10.0915 3096  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
22:59:11.0211 3096  \Device\Harddisk0\DR0 - ok
22:59:11.0211 3096  ================ Scan VBR ==================================
22:59:11.0211 3096  [ FB29D0FC80C3497CBCE0B802BA2DF6F2 ] \Device\Harddisk0\DR0\Partition1
22:59:11.0211 3096  \Device\Harddisk0\DR0\Partition1 - ok
22:59:11.0258 3096  [ E1672D93B9F69F4CF99FFD50D90E6958 ] \Device\Harddisk0\DR0\Partition2
22:59:11.0258 3096  \Device\Harddisk0\DR0\Partition2 - ok
22:59:11.0258 3096  ============================================================
22:59:11.0258 3096  Scan finished
22:59:11.0258 3096  ============================================================
22:59:11.0289 3048  Detected object count: 0
22:59:11.0289 3048  Actual detected object count: 0
         

Alt 21.01.2013, 11:45   #12
schlump
 
Norton online funktioniert nicht mehr - Standard

Norton online funktioniert nicht mehr



Hoffe erholsames WE gehabt zu haben.
Dies ist eine Erinnung

Alt 21.01.2013, 11:47   #13
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Norton online funktioniert nicht mehr - Standard

Norton online funktioniert nicht mehr



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 21.01.2013, 23:30   #14
schlump
 
Norton online funktioniert nicht mehr - Standard

Norton online funktioniert nicht mehr



hat alles funktioniert.

[code]
Combofix Logfile:
Code:
ATTFilter
ComboFix 13-01-21.04 - Jd 21.01.2013  23:15:56.1.2 - x86
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1033.18.2038.1296 [GMT 1:00]
ausgeführt von:: c:\users\Jd\Desktop\ComboFix.exe
AV: Norton 360 Online *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 Online *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 Online *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Jd\4.0
c:\users\Jd\AppData\Roaming\OneTab\OnETab.dll
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-12-21 bis 2013-01-21  ))))))))))))))))))))))))))))))
.
.
2013-01-18 19:42 . 2013-01-08 04:57	6991832	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{2C5587EB-8C59-469F-BC6E-6CCC494F7B12}\mpengine.dll
2013-01-12 17:30 . 2013-01-12 17:30	--------	d-----w-	c:\users\Jd\AppData\Roaming\Malwarebytes
2013-01-12 17:29 . 2013-01-12 17:29	--------	d-----w-	c:\programdata\Malwarebytes
2013-01-12 17:29 . 2013-01-12 17:29	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2013-01-12 17:29 . 2012-12-14 15:49	21104	----a-w-	c:\windows\system32\drivers\mbam.sys
2013-01-12 17:29 . 2013-01-12 17:29	--------	d-----w-	c:\users\Jd\AppData\Local\Programs
2013-01-12 17:24 . 2013-01-12 17:24	--------	d-----w-	c:\program files\CCleaner
2013-01-12 17:03 . 2013-01-12 17:03	--------	d-----w-	c:\windows\system32\SDA
2013-01-12 17:03 . 2013-01-12 17:03	--------	d-----w-	c:\program files\O2Micro Flash Memory Card Driver
2013-01-09 22:06 . 2012-11-22 04:45	626688	----a-w-	c:\windows\system32\usp10.dll
2013-01-09 22:06 . 2012-11-23 02:56	2345984	----a-w-	c:\windows\system32\win32k.sys
2013-01-09 22:06 . 2012-11-09 04:43	492032	----a-w-	c:\windows\system32\win32spl.dll
2013-01-09 22:06 . 2012-11-01 04:47	1389568	----a-w-	c:\windows\system32\msxml6.dll
2013-01-09 22:03 . 2012-11-20 04:51	220160	----a-w-	c:\windows\system32\ncrypt.dll
2013-01-09 22:03 . 2012-11-23 02:48	49152	----a-w-	c:\windows\system32\taskhost.exe
2013-01-07 18:10 . 2013-01-08 19:02	--------	d-----w-	c:\windows\system32\drivers\N360\1402000.013
2013-01-06 18:38 . 2013-01-06 18:39	--------	d-----w-	c:\program files\Common Files\DVDVideoSoft
2013-01-06 18:38 . 2013-01-06 18:38	--------	d-----w-	c:\program files\DVDVideoSoft
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-21 22:00 . 2012-10-15 21:15	4194304	----a-w-	c:\windows\ServiceProfiles\NetworkService\msmqlog.bin
2013-01-06 09:11 . 2012-10-13 08:22	142496	----a-w-	c:\windows\system32\drivers\SYMEVENT.SYS
2012-12-16 14:13 . 2012-12-21 01:42	295424	----a-w-	c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-21 01:42	34304	----a-w-	c:\windows\system32\atmlib.dll
2012-11-14 02:09 . 2012-12-13 02:02	1800704	----a-w-	c:\windows\system32\jscript9.dll
2012-11-14 01:58 . 2012-12-13 02:02	1427968	----a-w-	c:\windows\system32\inetcpl.cpl
2012-11-14 01:57 . 2012-12-13 02:02	1129472	----a-w-	c:\windows\system32\wininet.dll
2012-11-14 01:49 . 2012-12-13 02:02	142848	----a-w-	c:\windows\system32\ieUnatt.exe
2012-11-14 01:48 . 2012-12-13 02:02	420864	----a-w-	c:\windows\system32\vbscript.dll
2012-11-14 01:44 . 2012-12-13 02:02	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2012-11-09 04:42 . 2012-12-12 22:36	2048	----a-w-	c:\windows\system32\tzres.dll
2012-11-02 05:11 . 2012-12-12 22:37	376832	----a-w-	c:\windows\system32\dpnet.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-10-14 09:48	220632	----a-w-	c:\users\Jd\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-10-14 09:48	220632	----a-w-	c:\users\Jd\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-10-14 09:48	220632	----a-w-	c:\users\Jd\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-06-20 1316136]
"OEM13Mon.exe"="c:\windows\OEM13Mon.exe" [2008-01-07 36864]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OEM13Mon.exe]
2008-01-07 15:00	36864	----a-w-	c:\windows\OEM13Mon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2012-11-09 10:27	17877168	----a-r-	c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
R2 N360;Norton 360;c:\program files\Norton 360\Engine\20.2.0.19\ccSvcHst.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20120928.001\BHDrvx86.sys [x]
R3 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360\1402000.013\ccSetx86.sys [x]
R3 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20120901.001\IDSVix86.sys [x]
R3 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\1402000.013\SYMDS.SYS [x]
R3 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\1402000.013\SYMEFA.SYS [x]
R3 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\1402000.013\Ironx86.SYS [x]
R3 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\N360\1402000.013\SYMNETS.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2media.sys [x]
S3 O2SDRDR;O2SDRDR;c:\windows\system32\DRIVERS\o2sd.sys [x]
S3 OEM13Vfx;Creative Camera OEM013 Video VFX Driver;c:\windows\system32\DRIVERS\OEM13Vfx.sys [x]
S3 OEM13Vid;Creative Camera OEM013 Driver;c:\windows\system32\DRIVERS\OEM13Vid.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
iissvcs	REG_MULTI_SZ   	w3svc was
apphost	REG_MULTI_SZ   	apphostsvc
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
IE: Free YouTube to MP3 Converter - c:\users\Jd\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 192.168.178.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
MSConfigStartUp-download beast - c:\program files\Download Beast\DownloadBeast.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\20.2.0.19\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\20.2.0.19\diMaster.dll\" /prefetch:1"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2286783814-2036696160-2845618320-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2286783814-2036696160-2845618320-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-01-21  23:25:38
ComboFix-quarantined-files.txt  2013-01-21 22:25
.
Vor Suchlauf: 422.031.048.704 bytes free
Nach Suchlauf: 421.573.980.160 bytes free
.
- - End Of File - - A19CCF7E2B735E9D61BED3B0BB8FA2B5
         
--- --- ---

Alt 22.01.2013, 10:35   #15
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Norton online funktioniert nicht mehr - Standard

Norton online funktioniert nicht mehr



Kurze Zwischenfrage, wie sieht es mit dem Ursprungsproblem aus? => Norton online funktioniert nicht mehr
__________________
Logfiles bitte immer in CODE-Tags posten

Antwort

Themen zu Norton online funktioniert nicht mehr
adobe, autorun, bho, converter, defender, explorer, failed, firefox, flash player, format, ftp, funktioniert nicht mehr, helper, install.exe, installation, internet, logfile, mp3, object, plug-in, registry, rundll, scan, schannel.dll, security, software, svchost.exe, symantec, taskhost.exe, virus




Ähnliche Themen: Norton online funktioniert nicht mehr


  1. Internetverbindung weg, LAN-Netzwerkzugriff weg, Norton kann nicht mehr geöffnet werden
    Plagegeister aller Art und deren Bekämpfung - 15.07.2015 (1)
  2. Norton 360 lässt sich nicht mehr öffnen
    Plagegeister aller Art und deren Bekämpfung - 25.01.2015 (11)
  3. avast und mcaffee arbeiten nicht mehr und die Tastatur funktioniert nicht mehr
    Plagegeister aller Art und deren Bekämpfung - 03.11.2014 (1)
  4. IE funktioniert nicht mehr (vermutlich nach Java Update..)- komme nicht mehr ins Internet
    Log-Analyse und Auswertung - 16.06.2014 (6)
  5. Auf einmal ging mein driver Genius nicht mehr und nach neuinstalation steht (Online Downloader funktioniert nicht mehr
    Alles rund um Windows - 13.05.2014 (2)
  6. Möglicherweise Opfer Softwarefälschung/Norton funktioniert nicht mehr
    Plagegeister aller Art und deren Bekämpfung - 12.03.2014 (19)
  7. Sound funktioniert nicht mehr, Firefox spielt Videos nicht ab
    Alles rund um Windows - 10.03.2014 (3)
  8. Trojan.Ransom.ANC - Browser funktioniert nicht mehr - Virenprogramme funktionieren nicht mehr
    Log-Analyse und Auswertung - 30.10.2012 (2)
  9. Trojan.Spyeyes, Taskmanager nicht mehr auffindbar, Acrobat Reader funktioniert nicht mehr
    Plagegeister aller Art und deren Bekämpfung - 17.10.2011 (8)
  10. Norton Firewall nicht mehr konfigurierbar!
    Plagegeister aller Art und deren Bekämpfung - 21.04.2010 (5)
  11. Norton Internet Security 2010 startet nicht mehr !
    Antiviren-, Firewall- und andere Schutzprogramme - 27.01.2010 (3)
  12. kein online scanner funktioniert mehr (Virus??)
    Plagegeister aller Art und deren Bekämpfung - 28.09.2008 (5)
  13. IE funktioniert nicht mehr, Task-Manager lässt sich nicht starten
    Mülltonne - 27.09.2008 (0)
  14. Nach Virenbefall funkt I-Explorer und Norton nicht mehr!?
    Log-Analyse und Auswertung - 23.09.2008 (18)
  15. T-Online 6.0 startet nicht mehr
    Plagegeister aller Art und deren Bekämpfung - 26.11.2007 (1)
  16. Norton Antivir Wurmschutz startet nicht mehr
    Log-Analyse und Auswertung - 04.03.2006 (1)
  17. Norton startet nicht mehr und kein Zugriff mehr auf Antiviren-Internetseiten!
    Plagegeister aller Art und deren Bekämpfung - 16.10.2004 (5)

Zum Thema Norton online funktioniert nicht mehr - Hallo, ich hatte mir vor einiger Zeit den GVU-Trojaner eingefangen, und hatte den mit Norton 360 in Quarantäne geschoben und hatte dann keine Schwierigkeiten mehr. Heute (einige Monate nach de - Norton online funktioniert nicht mehr...
Archiv
Du betrachtest: Norton online funktioniert nicht mehr auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.