Windows Explorer in Taskleiste schließt sich beim Berühren mit Maus

Jules_ · 30.04.2011, 10:39

Hallo,
seit einigen Tagen wird das geöffnete Fenster "Windows-Explorer" in der Taskleiste geschlossen, wenn ich es mit dem Mauszeiger berühre.
Es ist somit nicht möglich auf Bilder, Musik oder ähnliches zu zugreifen und wenn, nur für einige Sekunden.
Dabei flackert die Taskleiste weiß und neben der Maus erscheint das "beschäftigt"-Symbol.
Es flackert immer, wenn ich unten auf die Taskleiste komme, aber bspw. "Mozilla" wird nicht automatisch geschlossen.
Bisher habe ich noch nicht das gleiche Problem im Netz finden können.
Keine Ahnung, ob ich selbst ausversehen etwas per Tastenkombination verstellt hab, oder ob mein Laptop (Win7) infiziert ist.
Daher bin ich auch nicht sicher, ob ich jetzt schon Logfiles posten soll..?
Ich hoffe auf Hilfe.
Viele Grüße,
Jules

cosinus · 01.05.2011, 16:01

Hallo und

Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

Danach OTL-Logs erstellen:

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den Inhalt in die Textbox.

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Jules_ · 01.05.2011, 20:56

Hallo,
danke schonmal für die Antwort.

------------------------------

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6484

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

01.05.2011 20:56:41
mbam-log-2011-05-01 (20-56-41).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Durchsuchte Objekte: 306368
Laufzeit: 51 Minute(n), 40 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

------------------------------

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 01.05.2011 21:02:45 - Run 2
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\Jules\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 60,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 79,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 116,44 Gb Total Space | 45,31 Gb Free Space | 38,92% Space Free | Partition Type: NTFS
Drive D: | 334,67 Gb Total Space | 334,21 Gb Free Space | 99,86% Space Free | Partition Type: NTFS
 
Computer Name: JULES-PC | User Name: Jules | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Jules\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Windows\AsScrPro.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
PRC - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Jules\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\AVAST Software\Avast\snxhk.dll (AVAST Software)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV:64bit: - (AFBAgent) -- C:\Windows\SysNative\FBAgent.exe (ASUSTeK Computer Inc.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV:64bit: - (LIVESRV) -- C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe (BitDefender SRL)
SRV:64bit: - (VSSERV) -- C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe (BitDefender S. R. L.)
SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (Stereo Service) -- C:\Windows\SysWOW64\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (ATKGFNEXSrv) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS)
SRV - (ASLDRService) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe (ASUS)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (bdfm) -- C:\Windows\SysNative\drivers\bdfm.sys (BitDefender S.R.L. Bucharest, ROMANIA)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (ETD) -- C:\Windows\SysNative\drivers\ETD.sys (ELAN Microelectronic Corp.)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (AmUStor) -- C:\Windows\SysNative\drivers\AmUStor.sys (Alcor Micro, Corp.)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (kbfiltr) -- C:\Windows\SysNative\drivers\kbfiltr.sys ( )
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (SiSGbeLH) -- C:\Windows\SysNative\drivers\SiSG664.sys (Silicon Integrated Systems Corp.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\SysNative\drivers\snp2uvc.sys ()
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ATK64AMD.sys (ASUS)
DRV:64bit: - (bdfsfltr) -- C:\Windows\SysNative\drivers\bdfsfltr.sys (BitDefender S.R.L. Bucharest, ROMANIA)
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (ASMMAP64) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys (ASUS)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\tbsoft.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.msn.com/?ocid=ie9hp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.msn.com/?ocid=ie9hp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://asus.de.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E0 07 FC C1 6C E9 CA 01  [binary data]
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\tbsoft.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaultthis.engineName: "softonic-de3 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2431245&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.startup.homepage: "hxxp://msn.de"
FF - prefs.js..extensions.enabledItems: {464F169E-ACE1-4C5F-A778-A433A3DABBAE}:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:3.3.3.2
FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.51
FF - prefs.js..extensions.enabledItems: {9815d32d-08c2-42ca-a8c6-43e501a4512f}:0.3.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {b749fc7c-e949-447f-926c-3f4eed6accfe}:0.7.0.2
FF - prefs.js..extensions.enabledItems: wrc@avast.com:20110101
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2431245&q="
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.11.05 20:41:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011.03.18 08:03:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011.04.26 11:04:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.04.29 22:00:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.04.30 09:21:01 | 000,000,000 | ---D | M]
 
[2010.02.04 18:13:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jules\AppData\Roaming\mozilla\Extensions
[2011.04.30 18:54:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jules\AppData\Roaming\mozilla\Firefox\Profiles\52lublja.default\extensions
[2010.11.09 20:44:59 | 000,000,000 | ---D | M] (Tor-Proxy.NET Toolbar) -- C:\Users\Jules\AppData\Roaming\mozilla\Firefox\Profiles\52lublja.default\extensions\{9815d32d-08c2-42ca-a8c6-43e501a4512f}
[2011.03.18 11:40:45 | 000,000,000 | ---D | M] (Modify Headers) -- C:\Users\Jules\AppData\Roaming\mozilla\Firefox\Profiles\52lublja.default\extensions\{b749fc7c-e949-447f-926c-3f4eed6accfe}
[2011.04.08 07:54:05 | 000,000,000 | ---D | M] (softonic-de3 Community Toolbar) -- C:\Users\Jules\AppData\Roaming\mozilla\Firefox\Profiles\52lublja.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}
[2011.04.08 07:54:06 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Jules\AppData\Roaming\mozilla\Firefox\Profiles\52lublja.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011.04.08 07:54:04 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Jules\AppData\Roaming\mozilla\Firefox\Profiles\52lublja.default\extensions\engine@conduit.com
[2010.06.08 12:29:10 | 000,000,927 | ---- | M] () -- C:\Users\Jules\AppData\Roaming\Mozilla\Firefox\Profiles\52lublja.default\searchplugins\conduit.xml
[2011.04.27 20:00:00 | 000,000,944 | ---- | M] () -- C:\Users\Jules\AppData\Roaming\Mozilla\Firefox\Profiles\52lublja.default\searchplugins\icqplugin.xml
[2011.04.29 22:00:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.02.05 16:27:52 | 000,000,000 | ---D | M] (VMLoad) -- C:\Program Files (x86)\mozilla firefox\extensions\{464F169E-ACE1-4C5F-A778-A433A3DABBAE}
[2010.05.09 17:24:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.08.10 11:44:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.11.22 13:13:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.01.08 12:59:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
File not found (No name found) -- 
[2011.04.26 11:04:14 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2011.04.14 18:40:03 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010.11.12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (VMLoadHBO Class) - {C17C7688-31D1-46D7-8C9B-5D253E4F5D5E} - C:\Users\Jules\AppData\Roaming\VMLoad\addin\VMLoad.dll (TODO: <Company name>)
O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Program Files (x86)\softonic-de3\tbsoft.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (AlcorMicro Co., Ltd.)
O4:64bit: - HKLM..\Run: [EeeStorageBackup] C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe ()
O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{2b492b2f-29e1-11df-b85f-e0cb4e35c481}\Shell - "" = AutoRun
O33 - MountPoints2\{2b492b2f-29e1-11df-b85f-e0cb4e35c481}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{99131a2e-916e-11df-8566-e0cb4e35c481}\Shell - "" = AutoRun
O33 - MountPoints2\{99131a2e-916e-11df-8566-e0cb4e35c481}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
 
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: ASUS Screen Saver Protector - hkey= - key= - C:\Windows\AsScrPro.exe (ASUS)
MsConfig:64bit - StartUpReg: avgnt - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: BDAgent - hkey= - key= - C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe (BitDefender S.R.L.)
MsConfig:64bit - StartUpReg: CLMLServer - hkey= - key= - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
MsConfig:64bit - StartUpReg: FreePDF Assistant - hkey= - key= - C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de)
MsConfig:64bit - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: P2Go_Menu - hkey= - key= - C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: RegistryBooster - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: RtHDVCpl - hkey= - key= - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
MsConfig:64bit - StartUpReg: Setwallpaper - hkey= - key= -  File not found
MsConfig:64bit - State: "startup" - Reg Error: Key error.
 
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {BCE2E75D-EE14-48F8-990E-AC87C57FFB84} - Bing Bar
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{BB89BA8E-2153-4651-A4EC-E63ED120FA89} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {54E1342C-1FDF-4F2A-98AB-4E82A5616FC8} - C:\Program Files (x86)\PixiePack Codec Pack\InstallerHelper.exe
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: vidc.VP60 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)
Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
Error creating restore point.
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.05.01 20:01:42 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Jules\Desktop\OTL.exe
[2011.04.30 07:36:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011.04.30 07:36:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2011.04.29 08:57:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011.04.29 08:57:17 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011.04.29 08:57:16 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011.04.29 08:57:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2011.04.29 08:55:00 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011.04.29 08:55:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2011.04.20 16:08:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010.10.31 21:45:51 | 002,736,736 | ---- | C] (Conduit Ltd.) -- C:\Program Files (x86)\tbsoft.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.05.01 20:02:18 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Jules\Desktop\OTL.exe
[2011.05.01 18:12:11 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.05.01 18:12:11 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.05.01 18:05:19 | 000,002,062 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini
[2011.05.01 18:04:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.05.01 18:04:27 | 3220,647,936 | -HS- | M] () -- C:\hiberfil.sys
[2011.05.01 16:27:09 | 000,081,984 | ---- | M] () -- C:\Windows\SysNative\bdod.bin
[2011.05.01 14:04:50 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.05.01 14:04:50 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.05.01 14:04:50 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.05.01 14:04:50 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.05.01 14:04:50 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.04.30 20:48:29 | 000,001,479 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini
[2011.04.30 12:18:22 | 000,000,385 | ---- | M] () -- C:\Windows\SysNative\user_gensett.xml
[2011.04.30 09:41:57 | 000,015,152 | ---- | M] () -- C:\Users\Jules\Documents\cc_20110430_094148.reg
[2011.04.28 18:07:58 | 000,481,784 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.04.26 11:04:18 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2011.04.18 19:25:12 | 000,040,112 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2011.04.18 19:25:10 | 000,199,304 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2011.04.18 19:25:00 | 000,253,888 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2011.04.18 19:18:01 | 000,287,064 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2011.04.18 19:17:59 | 000,600,920 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2011.04.18 19:16:23 | 000,053,592 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2011.04.18 19:13:24 | 000,031,064 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2011.04.18 19:13:13 | 000,064,344 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2011.04.18 19:13:01 | 000,022,360 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2011.04.17 13:53:11 | 002,529,622 | ---- | M] () -- C:\Users\Jules\AppData\Local\[j0002]-[p06].bmp
[2011.04.10 18:31:07 | 002,529,622 | ---- | M] () -- C:\Users\Jules\AppData\Local\[j0003]-[p04].bmp
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.04.30 09:41:55 | 000,015,152 | ---- | C] () -- C:\Users\Jules\Documents\cc_20110430_094148.reg
[2011.04.29 22:00:36 | 000,001,152 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011.04.17 13:53:11 | 002,529,622 | ---- | C] () -- C:\Users\Jules\AppData\Local\[j0002]-[p06].bmp
[2011.04.10 18:31:07 | 002,529,622 | ---- | C] () -- C:\Users\Jules\AppData\Local\[j0003]-[p04].bmp
[2011.01.18 18:37:06 | 002,529,622 | ---- | C] () -- C:\Users\Jules\AppData\Local\[j0016]-[p14].bmp
[2011.01.18 18:35:11 | 002,529,622 | ---- | C] () -- C:\Users\Jules\AppData\Local\[j0015]-[p14].bmp
[2011.01.18 18:30:00 | 002,529,622 | ---- | C] () -- C:\Users\Jules\AppData\Local\[j0014]-[p10].bmp
[2011.01.18 18:22:58 | 002,529,622 | ---- | C] () -- C:\Users\Jules\AppData\Local\[j0012]-[p12].bmp
[2011.01.18 18:20:16 | 002,529,622 | ---- | C] () -- C:\Users\Jules\AppData\Local\[j0011]-[p12].bmp
[2011.01.18 18:17:09 | 002,529,622 | ---- | C] () -- C:\Users\Jules\AppData\Local\[j0010]-[p12].bmp
[2011.01.18 18:08:02 | 002,529,622 | ---- | C] () -- C:\Users\Jules\AppData\Local\[j0008]-[p18].bmp
[2011.01.18 18:01:46 | 002,529,622 | ---- | C] () -- C:\Users\Jules\AppData\Local\[j0006]-[p06].bmp
[2011.01.18 18:00:09 | 002,529,622 | ---- | C] () -- C:\Users\Jules\AppData\Local\[j0005]-[p06].bmp
[2011.01.18 17:54:49 | 002,529,622 | ---- | C] () -- C:\Users\Jules\AppData\Local\[j0002]-[p30].bmp
[2011.01.17 19:16:50 | 002,529,622 | ---- | C] () -- C:\Users\Jules\AppData\Local\[j0005]-[p08].bmp
[2011.01.10 17:42:41 | 002,529,622 | ---- | C] () -- C:\Users\Jules\AppData\Local\[j0005]-[p10].bmp
[2011.01.10 17:40:44 | 002,529,622 | ---- | C] () -- C:\Users\Jules\AppData\Local\[j0004]-[p10].bmp
[2011.01.03 12:38:53 | 002,529,622 | ---- | C] () -- C:\Users\Jules\AppData\Local\[j0005]-[p20].bmp
[2011.01.03 12:36:04 | 002,529,622 | ---- | C] () -- C:\Users\Jules\AppData\Local\[j0004]-[p20].bmp
[2011.01.03 12:34:03 | 002,529,622 | ---- | C] () -- C:\Users\Jules\AppData\Local\[j0003]-[p20].bmp
[2010.11.25 22:32:46 | 002,529,622 | ---- | C] () -- C:\Users\Jules\AppData\Local\[j0013]-[p10].bmp
[2010.11.25 21:21:25 | 002,529,622 | ---- | C] () -- C:\Users\Jules\AppData\Local\[j0007]-[p08].bmp
[2010.11.25 21:16:03 | 002,529,622 | ---- | C] () -- C:\Users\Jules\AppData\Local\[j0006]-[p08].bmp
[2010.11.05 22:16:56 | 000,001,843 | ---- | C] () -- C:\Windows\hpwmdl23.dat.temp
[2010.11.05 20:11:26 | 000,266,130 | ---- | C] () -- C:\Windows\hpwins23.dat
[2010.10.31 21:45:51 | 000,153,088 | ---- | C] () -- C:\Program Files (x86)\UNWISE.EXE
[2010.10.31 21:45:51 | 000,006,836 | ---- | C] () -- C:\Program Files (x86)\UNWISE.INI
[2010.10.13 17:31:15 | 000,000,472 | ---- | C] () -- C:\Users\Jules\AppData\Roaming\Poladroid prefs.plist
[2010.07.14 12:41:22 | 000,003,584 | ---- | C] () -- C:\Users\Jules\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.02.19 11:05:32 | 000,000,000 | ---- | C] () -- C:\Users\Jules\AppData\Roaming\wklnhst.dat
[2010.02.15 22:13:11 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.02.10 23:35:28 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini
[2010.01.11 10:37:42 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2010.01.11 10:27:20 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\LogonStart.dll
[2009.12.11 17:50:00 | 000,095,848 | ---- | C] () -- C:\Windows\SysWow64\nvimage.dll
[2009.11.06 11:17:18 | 000,001,843 | ---- | C] () -- C:\Windows\hpwmdl23.dat
[2009.10.26 05:38:20 | 000,000,176 | ---- | C] () -- C:\Windows\explorer.exe.config
[2009.08.19 10:33:09 | 000,018,432 | ---- | C] () -- C:\Windows\OOBEPlayer.exe
[2009.08.19 10:33:09 | 000,000,035 | ---- | C] () -- C:\Windows\OOBEPlayer.ini
[2009.07.29 07:20:40 | 000,000,010 | ---- | C] () -- C:\Windows\SysWow64\ABLKSR.ini
[2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009.03.02 12:33:32 | 000,067,584 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2008.10.30 10:49:34 | 000,000,022 | ---- | C] () -- C:\ProgramData\8f01a90e-7eb3-48d3-93b1-50d88fd146fb
 
========== LOP Check ==========
 
[2010.02.14 12:44:10 | 000,000,000 | -HSD | M] -- C:\Users\Jules\AppData\Roaming\.#
[2011.01.29 20:17:09 | 000,000,000 | ---D | M] -- C:\Users\Jules\AppData\Roaming\Asus WebStorage
[2010.08.10 11:33:57 | 000,000,000 | ---D | M] -- C:\Users\Jules\AppData\Roaming\BitDefender
[2010.12.23 18:31:51 | 000,000,000 | ---D | M] -- C:\Users\Jules\AppData\Roaming\DVDVideoSoft
[2010.12.05 21:50:55 | 000,000,000 | ---D | M] -- C:\Users\Jules\AppData\Roaming\gtk-2.0
[2011.05.01 19:45:56 | 000,000,000 | ---D | M] -- C:\Users\Jules\AppData\Roaming\ICQ
[2010.04.27 08:02:25 | 000,000,000 | ---D | M] -- C:\Users\Jules\AppData\Roaming\OpenCandy
[2010.04.26 15:57:24 | 000,000,000 | ---D | M] -- C:\Users\Jules\AppData\Roaming\OpenOffice.org
[2011.01.29 20:17:10 | 000,000,000 | ---D | M] -- C:\Users\Jules\AppData\Roaming\PhotoFiltre
[2010.04.26 22:09:29 | 000,000,000 | ---D | M] -- C:\Users\Jules\AppData\Roaming\PrimoPDF
[2010.02.19 11:05:33 | 000,000,000 | ---D | M] -- C:\Users\Jules\AppData\Roaming\Template
[2010.09.04 09:30:05 | 000,000,000 | ---D | M] -- C:\Users\Jules\AppData\Roaming\TubeBox
[2011.02.16 20:36:40 | 000,000,000 | ---D | M] -- C:\Users\Jules\AppData\Roaming\TuneUp Software
[2010.09.16 08:11:20 | 000,000,000 | ---D | M] -- C:\Users\Jules\AppData\Roaming\Uniblue
[2010.09.23 13:23:41 | 000,000,000 | ---D | M] -- C:\Users\Jules\AppData\Roaming\VMLoad
[2011.01.07 09:17:42 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011.03.03 09:59:37 | 000,000,240 | ---- | M] () -- C:\Windows\Tasks\TuneUpUtilities_Task_BkGndMaintenance2011.job
[2011.03.18 08:07:17 | 000,000,278 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{895679C6-9D24-4915-B2C8-618FDF0F4EC1}.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2010.02.14 12:44:10 | 000,000,000 | -HSD | M] -- C:\Users\Jules\AppData\Roaming\.#
[2010.02.05 23:11:58 | 000,000,000 | ---D | M] -- C:\Users\Jules\AppData\Roaming\Adobe
[2011.04.30 18:14:31 | 000,000,000 | ---D | M] -- C:\Users\Jules\AppData\Roaming\Apple Computer
[2011.01.29 20:17:09 | 000,000,000 | ---D | M] -- C:\Users\Jules\AppData\Roaming\Asus WebStorage
[2010.08.10 11:33:57 | 000,000,000 | ---D | M] -- C:\Users\Jules\AppData\Roaming\BitDefender
[2010.12.11 11:08:29 | 000,000,000 | ---D | M] -- C:\Users\Jules\AppData\Roaming\CyberLink
[2010.10.03 20:11:18 | 000,000,000 | ---D | M] -- C:\Users\Jules\AppData\Roaming\dvdcss
[2010.12.23 18:31:51 | 000,000,000 | ---D | M] -- C:\Users\Jules\AppData\Roaming\DVDVideoSoft
[2010.12.05 21:50:55 | 000,000,000 | ---D | M] -- C:\Users\Jules\AppData\Roaming\gtk-2.0
[2010.11.05 22:34:56 | 000,000,000 | ---D | M] -- C:\Users\Jules\AppData\Roaming\HP
[2011.05.01 19:45:56 | 000,000,000 | ---D | M] -- C:\Users\Jules\AppData\Roaming\ICQ
[2010.02.04 15:43:43 | 000,000,000 | ---D | M] -- C:\Users\Jules\AppData\Roaming\Identities
[2010.02.04 17:19:19 | 000,000,000 | ---D | M] -- C:\Users\Jules\AppData\Roaming\Macromedia
[2011.02.18 20:37:55 | 000,000,000 | ---D | M] -- C:\Users\Jules\AppData\Roaming\Malwarebytes
[2009.07.14 09:44:38 | 000,000,000 | ---D | M] -- C:\Users\Jules\AppData\Roaming\Media Center Programs
[2011.03.18 16:16:35 | 000,000,000 | --SD | M] -- C:\Users\Jules\AppData\Roaming\Microsoft
[2010.03.12 16:12:19 | 000,000,000 | ---D | M] -- C:\Users\Jules\AppData\Roaming\Move Networks
[2010.02.04 18:13:19 | 000,000,000 | ---D | M] -- C:\Users\Jules\AppData\Roaming\Mozilla
[2010.04.27 08:02:25 | 000,000,000 | ---D | M] -- C:\Users\Jules\AppData\Roaming\OpenCandy
[2010.04.26 15:57:24 | 000,000,000 | ---D | M] -- C:\Users\Jules\AppData\Roaming\OpenOffice.org
[2011.01.29 20:17:10 | 000,000,000 | ---D | M] -- C:\Users\Jules\AppData\Roaming\PhotoFiltre
[2010.04.26 22:09:29 | 000,000,000 | ---D | M] -- C:\Users\Jules\AppData\Roaming\PrimoPDF
[2010.02.20 16:35:15 | 000,000,000 | RH-D | M] -- C:\Users\Jules\AppData\Roaming\SecuROM
[2011.04.26 10:52:55 | 000,000,000 | ---D | M] -- C:\Users\Jules\AppData\Roaming\Skype
[2011.04.21 19:17:12 | 000,000,000 | ---D | M] -- C:\Users\Jules\AppData\Roaming\skypePM
[2010.02.19 11:05:33 | 000,000,000 | ---D | M] -- C:\Users\Jules\AppData\Roaming\Template
[2010.09.04 09:30:05 | 000,000,000 | ---D | M] -- C:\Users\Jules\AppData\Roaming\TubeBox
[2011.02.16 20:36:40 | 000,000,000 | ---D | M] -- C:\Users\Jules\AppData\Roaming\TuneUp Software
[2010.08.01 21:09:32 | 000,000,000 | ---D | M] -- C:\Users\Jules\AppData\Roaming\U3
[2010.09.16 08:11:20 | 000,000,000 | ---D | M] -- C:\Users\Jules\AppData\Roaming\Uniblue
[2011.04.04 14:40:40 | 000,000,000 | ---D | M] -- C:\Users\Jules\AppData\Roaming\vlc
[2010.09.23 13:23:41 | 000,000,000 | ---D | M] -- C:\Users\Jules\AppData\Roaming\VMLoad
 
< %APPDATA%\*.exe /s >
[2010.05.06 09:53:28 | 001,925,088 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\Jules\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
[2011.03.01 10:57:44 | 000,034,494 | R--- | M] () -- C:\Users\Jules\AppData\Roaming\Microsoft\Installer\{75C14F0A-EAA4-43CD-AA81-32FDB1686329}\_6FEFF9B68218417F98F549.exe
[2011.02.15 22:07:40 | 000,010,134 | R--- | M] () -- C:\Users\Jules\AppData\Roaming\Microsoft\Installer\{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}\ARPPRODUCTICON.exe
[2010.10.12 20:54:38 | 000,034,494 | R--- | M] () -- C:\Users\Jules\AppData\Roaming\Microsoft\Installer\{8DB77BE4-629D-458D-BD68-9F36667C2177}\_6FEFF9B68218417F98F549.exe
[2011.03.18 15:04:04 | 000,010,134 | R--- | M] () -- C:\Users\Jules\AppData\Roaming\Microsoft\Installer\{EAE8F6AB-68E8-4AA9-9518-F677090690B2}\_6514C169A30B32C1D9071C.exe
[2011.03.18 15:04:04 | 000,034,494 | R--- | M] () -- C:\Users\Jules\AppData\Roaming\Microsoft\Installer\{EAE8F6AB-68E8-4AA9-9518-F677090690B2}\_6FEFF9B68218417F98F549.exe
[2011.03.18 15:04:04 | 000,355,574 | R--- | M] () -- C:\Users\Jules\AppData\Roaming\Microsoft\Installer\{EAE8F6AB-68E8-4AA9-9518-F677090690B2}\_A284EAE41E055547217DE7.exe
[2011.03.18 15:04:04 | 000,080,992 | R--- | M] () -- C:\Users\Jules\AppData\Roaming\Microsoft\Installer\{EAE8F6AB-68E8-4AA9-9518-F677090690B2}\_BEA59818F40318269C802B.exe
[2011.03.18 15:04:04 | 000,355,574 | R--- | M] () -- C:\Users\Jules\AppData\Roaming\Microsoft\Installer\{EAE8F6AB-68E8-4AA9-9518-F677090690B2}\_E3DBAAA0CAF950FA4295EE.exe
[2010.03.12 16:12:19 | 000,144,053 | ---- | M] () -- C:\Users\Jules\AppData\Roaming\Move Networks\uninstall.exe
[2010.02.11 21:31:38 | 000,097,216 | ---- | M] () -- C:\Users\Jules\AppData\Roaming\Move Networks\ie_bin\MovePlayerUpgrade.exe
[2010.04.26 20:55:03 | 000,257,257 | ---- | M] () -- C:\Users\Jules\AppData\Roaming\OpenCandy\DLMgr3WrapperUniBlue.exe
[2010.03.05 23:42:26 | 004,004,928 | ---- | M] (Uniblue Systems Ltd                                         ) -- C:\Users\Jules\AppData\Roaming\OpenCandy\registrybooster(9).exe
[2007.10.23 09:27:20 | 000,110,592 | ---- | M] () -- C:\Users\Jules\AppData\Roaming\U3\temp\cleanup.exe
[2008.05.02 10:41:48 | 003,493,888 | -H-- | M] (SanDisk Corporation) -- C:\Users\Jules\AppData\Roaming\U3\temp\Launchpad Removal.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
<           >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:AB689DEA
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:E1069F99
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:15024E60
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:4CF61E54
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:8CE646EE
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:A724744F
@Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:9547F1DB

< End of report >

--- --- ---

Hoffe es ist so richtig.
Viele Grüße

cosinus · 02.05.2011, 11:23

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{2b492b2f-29e1-11df-b85f-e0cb4e35c481}\Shell - "" = AutoRun
O33 - MountPoints2\{2b492b2f-29e1-11df-b85f-e0cb4e35c481}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{99131a2e-916e-11df-8566-e0cb4e35c481}\Shell - "" = AutoRun
O33 - MountPoints2\{99131a2e-916e-11df-8566-e0cb4e35c481}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
[2010.02.14 12:44:10 | 000,000,000 | -HSD | M] -- C:\Users\Jules\AppData\Roaming\.#
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:AB689DEA
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:E1069F99
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:15024E60
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:4CF61E54
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:8CE646EE
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:A724744F
@Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:9547F1DB
:Commands
[purity]
[resethosts]
[emptytemp]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Jules_ · 02.05.2011, 20:47

Hallo,

hab es so durchgeführt, wie beschrieben und das kam dabei raus:

All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\SpybotSD TeaTimer deleted successfully.
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe moved successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2b492b2f-29e1-11df-b85f-e0cb4e35c481}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2b492b2f-29e1-11df-b85f-e0cb4e35c481}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2b492b2f-29e1-11df-b85f-e0cb4e35c481}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2b492b2f-29e1-11df-b85f-e0cb4e35c481}\ not found.
File F:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{99131a2e-916e-11df-8566-e0cb4e35c481}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99131a2e-916e-11df-8566-e0cb4e35c481}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{99131a2e-916e-11df-8566-e0cb4e35c481}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99131a2e-916e-11df-8566-e0cb4e35c481}\ not found.
File F:\LaunchU3.exe -a not found.
C:\Users\Jules\AppData\Roaming\.# folder moved successfully.
ADS C:\ProgramData\Temp:AB689DEA deleted successfully.
ADS C:\ProgramData\Temp:E1069F99 deleted successfully.
ADS C:\ProgramData\Temp:15024E60 deleted successfully.
ADS C:\ProgramData\Temp:4CF61E54 deleted successfully.
ADS C:\ProgramData\Temp:8CE646EE deleted successfully.
ADS C:\ProgramData\Temp:A724744F deleted successfully.
ADS C:\ProgramData\Temp:9547F1DB deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Jules
->Temp folder emptied: 129555483 bytes
->Temporary Internet Files folder emptied: 169793326 bytes
->Java cache emptied: 15649701 bytes
->FireFox cache emptied: 273501638 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 1936222 bytes

User: Katzenfrosch
->Temp folder emptied: 443689 bytes
->Temporary Internet Files folder emptied: 31357686 bytes
->Flash cache emptied: 18996 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 36064737 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 619330949 bytes

Total Files Cleaned = 1.219,00 mb

OTL by OldTimer - Version 3.2.22.3 log created on 05022011_213718

Files\Folders moved on Reboot...
C:\Users\Jules\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

War/ist das ein Virus oder hab ich was verstellt oder gelöscht?

Viele Grüße

Edit: Gerade flackert die Taskleiste nicht mehr. Soll es das gewesen sein?! *Juhu*

cosinus · 02.05.2011, 21:03

Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )

Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen!

Jules_ · 03.05.2011, 08:17

Hallo,

Habe das Tool ausgeführt, aber es stand nichts bei dem Log (weißes Feld) drin.
Obendrüber steht:
"Duration: 00:00:45
Processed: 260 objects
Infection: no found"

wenn ich auf "report" klicke, kommt das hier:

2011/05/03 09:11:54.0993 2948 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/05/03 09:11:55.0189 2948 ================================================================================
2011/05/03 09:11:55.0189 2948 SystemInfo:
2011/05/03 09:11:55.0189 2948
2011/05/03 09:11:55.0189 2948 OS Version: 6.1.7601 ServicePack: 1.0
2011/05/03 09:11:55.0189 2948 Product type: Workstation
2011/05/03 09:11:55.0189 2948 ComputerName: JULES-PC
2011/05/03 09:11:55.0189 2948 UserName: Jules
2011/05/03 09:11:55.0190 2948 Windows directory: C:\Windows
2011/05/03 09:11:55.0190 2948 System windows directory: C:\Windows
2011/05/03 09:11:55.0190 2948 Running under WOW64
2011/05/03 09:11:55.0190 2948 Processor architecture: Intel x64
2011/05/03 09:11:55.0190 2948 Number of processors: 2
2011/05/03 09:11:55.0190 2948 Page size: 0x1000
2011/05/03 09:11:55.0190 2948 Boot type: Normal boot
2011/05/03 09:11:55.0190 2948 ================================================================================
2011/05/03 09:11:55.0473 2948 Initialize success

Auf meine eigenen Dateinen kann ich zugreifen. Lässt sich alles öffnen.

Viele Grüße (:

cosinus · 03.05.2011, 10:41

Hast du beide Haken gesetzt beim tdsskiller?

Jules_ · 03.05.2011, 18:40

Ich habe es gerade nochmal probiert. Zuerst war ein Update verfügbar, dass ich installiert habe. Ja, beide Haken waren gesetzt. Es wurde erneut nichts in dem weißen Feld angezeigt. Als ich diesmal auf "report" geklickt habe, erschien das:

2011/05/03 19:34:35.0596 1324 TDSS rootkit removing tool 2.5.0.0 May 1 2011 14:20:16
2011/05/03 19:34:35.0767 1324 ================================================================================
2011/05/03 19:34:35.0767 1324 SystemInfo:
2011/05/03 19:34:35.0767 1324
2011/05/03 19:34:35.0767 1324 OS Version: 6.1.7601 ServicePack: 1.0
2011/05/03 19:34:35.0767 1324 Product type: Workstation
2011/05/03 19:34:35.0767 1324 ComputerName: JULES-PC
2011/05/03 19:34:35.0767 1324 UserName: Jules
2011/05/03 19:34:35.0767 1324 Windows directory: C:\Windows
2011/05/03 19:34:35.0767 1324 System windows directory: C:\Windows
2011/05/03 19:34:35.0767 1324 Running under WOW64
2011/05/03 19:34:35.0767 1324 Processor architecture: Intel x64
2011/05/03 19:34:35.0767 1324 Number of processors: 2
2011/05/03 19:34:35.0767 1324 Page size: 0x1000
2011/05/03 19:34:35.0767 1324 Boot type: Normal boot
2011/05/03 19:34:35.0767 1324 ================================================================================
2011/05/03 19:34:36.0251 1324 Initialize success
2011/05/03 19:35:10.0412 0316 ================================================================================
2011/05/03 19:35:10.0412 0316 Scan started
2011/05/03 19:35:10.0412 0316 Mode: Manual;
2011/05/03 19:35:10.0412 0316 ================================================================================
2011/05/03 19:35:12.0081 0316 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
2011/05/03 19:35:12.0159 0316 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
2011/05/03 19:35:12.0253 0316 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
2011/05/03 19:35:12.0346 0316 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/05/03 19:35:12.0424 0316 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/05/03 19:35:12.0502 0316 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/05/03 19:35:12.0689 0316 AFD (d31dc7a16dea4a9baf179f3d6fbdb38c) C:\Windows\system32\drivers\afd.sys
2011/05/03 19:35:12.0767 0316 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
2011/05/03 19:35:12.0830 0316 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
2011/05/03 19:35:12.0939 0316 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
2011/05/03 19:35:13.0001 0316 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/05/03 19:35:13.0064 0316 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/05/03 19:35:13.0126 0316 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
2011/05/03 19:35:13.0220 0316 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/05/03 19:35:13.0282 0316 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
2011/05/03 19:35:13.0360 0316 AmUStor (9c7f164b49cadc658d1b3c575782f346) C:\Windows\system32\drivers\AmUStor.SYS
2011/05/03 19:35:13.0469 0316 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
2011/05/03 19:35:13.0610 0316 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/05/03 19:35:13.0641 0316 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/05/03 19:35:13.0750 0316 ASMMAP64 (4c016fd76ed5c05e84ca8cab77993961) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
2011/05/03 19:35:13.0891 0316 aswFsBlk (499af6f57cf093642d647cafc006deaa) C:\Windows\system32\drivers\aswFsBlk.sys
2011/05/03 19:35:14.0000 0316 aswMonFlt (54edf58577868baf01d25d8359f9e84f) C:\Windows\system32\drivers\aswMonFlt.sys
2011/05/03 19:35:14.0093 0316 aswRdr (e69cdc2d04a0a4b338a933c44bdb0fd4) C:\Windows\system32\drivers\aswRdr.sys
2011/05/03 19:35:14.0265 0316 aswSnx (22f7ed60f9fa6272af7f35813ca548d6) C:\Windows\system32\drivers\aswSnx.sys
2011/05/03 19:35:14.0405 0316 aswSP (be84efcd3cdd11ddcc79f3ecab47e827) C:\Windows\system32\drivers\aswSP.sys
2011/05/03 19:35:14.0546 0316 aswTdi (0bf5483e5fb88d85638708e7d56300d8) C:\Windows\system32\drivers\aswTdi.sys
2011/05/03 19:35:14.0593 0316 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/05/03 19:35:14.0639 0316 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
2011/05/03 19:35:14.0702 0316 athr (0acc06fcf46f64ed4f11e57ee461c1f4) C:\Windows\system32\DRIVERS\athrx.sys
2011/05/03 19:35:14.0951 0316 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/05/03 19:35:14.0998 0316 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/05/03 19:35:15.0170 0316 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/05/03 19:35:15.0232 0316 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/05/03 19:35:15.0388 0316 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
2011/05/03 19:35:15.0435 0316 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/05/03 19:35:15.0466 0316 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/05/03 19:35:15.0513 0316 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/05/03 19:35:15.0560 0316 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/05/03 19:35:15.0591 0316 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/05/03 19:35:15.0622 0316 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/05/03 19:35:15.0653 0316 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/05/03 19:35:15.0716 0316 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/05/03 19:35:15.0809 0316 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
2011/05/03 19:35:15.0965 0316 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/05/03 19:35:16.0012 0316 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/05/03 19:35:16.0184 0316 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/05/03 19:35:16.0215 0316 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
2011/05/03 19:35:16.0277 0316 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
2011/05/03 19:35:16.0402 0316 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/05/03 19:35:16.0449 0316 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
2011/05/03 19:35:16.0558 0316 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/05/03 19:35:16.0699 0316 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
2011/05/03 19:35:16.0745 0316 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/05/03 19:35:16.0808 0316 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/05/03 19:35:16.0901 0316 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
2011/05/03 19:35:17.0011 0316 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\drivers\Dot4Prt.sys
2011/05/03 19:35:17.0057 0316 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
2011/05/03 19:35:17.0120 0316 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/05/03 19:35:17.0167 0316 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
2011/05/03 19:35:17.0354 0316 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/05/03 19:35:17.0603 0316 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/05/03 19:35:17.0650 0316 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
2011/05/03 19:35:17.0759 0316 ETD (3c38648375b7f3988691f53a7aae10a9) C:\Windows\system32\DRIVERS\ETD.sys
2011/05/03 19:35:17.0884 0316 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/05/03 19:35:17.0931 0316 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/05/03 19:35:18.0009 0316 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/05/03 19:35:18.0103 0316 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/05/03 19:35:18.0134 0316 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/05/03 19:35:18.0181 0316 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/05/03 19:35:18.0290 0316 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
2011/05/03 19:35:18.0337 0316 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/05/03 19:35:18.0399 0316 fssfltr (53dab1791917a72738539ad25c4eed7f) C:\Windows\system32\DRIVERS\fssfltr.sys
2011/05/03 19:35:18.0446 0316 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/05/03 19:35:18.0508 0316 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
2011/05/03 19:35:18.0571 0316 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/05/03 19:35:18.0695 0316 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/05/03 19:35:18.0742 0316 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/05/03 19:35:18.0836 0316 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
2011/05/03 19:35:18.0898 0316 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
2011/05/03 19:35:18.0961 0316 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/05/03 19:35:18.0992 0316 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/05/03 19:35:19.0023 0316 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/05/03 19:35:19.0148 0316 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
2011/05/03 19:35:19.0475 0316 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
2011/05/03 19:35:20.0006 0316 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
2011/05/03 19:35:20.0255 0316 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
2011/05/03 19:35:20.0521 0316 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
2011/05/03 19:35:20.0645 0316 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
2011/05/03 19:35:20.0942 0316 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/05/03 19:35:21.0394 0316 IntcAzAudAddService (181e4ff75674a7105ecd0a02c35ef43a) C:\Windows\system32\drivers\RTKVHD64.sys
2011/05/03 19:35:21.0644 0316 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
2011/05/03 19:35:21.0784 0316 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/05/03 19:35:21.0987 0316 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/05/03 19:35:22.0112 0316 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
2011/05/03 19:35:22.0143 0316 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/05/03 19:35:22.0361 0316 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/05/03 19:35:22.0455 0316 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
2011/05/03 19:35:22.0564 0316 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
2011/05/03 19:35:22.0705 0316 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
2011/05/03 19:35:22.0798 0316 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
2011/05/03 19:35:22.0954 0316 kbfiltr (e63ef8c3271d014f14e2469ce75fecb4) C:\Windows\system32\DRIVERS\kbfiltr.sys
2011/05/03 19:35:23.0173 0316 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
2011/05/03 19:35:23.0297 0316 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
2011/05/03 19:35:23.0485 0316 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/05/03 19:35:23.0625 0316 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/05/03 19:35:23.0797 0316 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/05/03 19:35:24.0062 0316 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/05/03 19:35:24.0296 0316 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/05/03 19:35:24.0436 0316 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/05/03 19:35:24.0592 0316 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/05/03 19:35:24.0670 0316 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/05/03 19:35:24.0811 0316 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/05/03 19:35:24.0982 0316 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/05/03 19:35:25.0076 0316 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/05/03 19:35:25.0138 0316 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
2011/05/03 19:35:25.0201 0316 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/05/03 19:35:25.0247 0316 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
2011/05/03 19:35:25.0294 0316 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
2011/05/03 19:35:25.0357 0316 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/05/03 19:35:25.0450 0316 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
2011/05/03 19:35:25.0559 0316 mrxsmb (c2b4651001a867ff3f8865863b592991) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/05/03 19:35:25.0778 0316 mrxsmb10 (7e79946afc5f799ab62982282be5ac13) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/05/03 19:35:26.0043 0316 mrxsmb20 (5fb954100cea2bfec6446fbbecaa3f79) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/05/03 19:35:26.0137 0316 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
2011/05/03 19:35:26.0230 0316 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
2011/05/03 19:35:26.0371 0316 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/05/03 19:35:26.0386 0316 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/05/03 19:35:26.0433 0316 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
2011/05/03 19:35:26.0620 0316 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/05/03 19:35:26.0667 0316 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/05/03 19:35:26.0823 0316 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/05/03 19:35:27.0088 0316 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
2011/05/03 19:35:27.0353 0316 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
2011/05/03 19:35:27.0541 0316 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/05/03 19:35:27.0790 0316 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/05/03 19:35:27.0899 0316 MTsensor (032d35c996f21d19a205a7c8f0b76f3c) C:\Windows\system32\DRIVERS\ATK64AMD.sys
2011/05/03 19:35:28.0009 0316 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/05/03 19:35:28.0149 0316 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/05/03 19:35:28.0367 0316 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
2011/05/03 19:35:28.0617 0316 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/05/03 19:35:28.0913 0316 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/05/03 19:35:29.0038 0316 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/05/03 19:35:29.0163 0316 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/05/03 19:35:29.0381 0316 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
2011/05/03 19:35:29.0615 0316 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/05/03 19:35:29.0943 0316 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
2011/05/03 19:35:30.0083 0316 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/05/03 19:35:30.0224 0316 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/05/03 19:35:30.0286 0316 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/05/03 19:35:30.0754 0316 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
2011/05/03 19:35:30.0910 0316 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/05/03 19:35:31.0051 0316 NVHDA (ad37248bd442d41c9a896e53eb8a85ee) C:\Windows\system32\drivers\nvhda64v.sys
2011/05/03 19:35:32.0392 0316 nvlddmkm (bc2d2480f58c3bc7f03c1e36a8ad4bf9) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/05/03 19:35:32.0829 0316 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
2011/05/03 19:35:33.0141 0316 nvsmu (a1381b3d52850bc4f0cc8b4697bd891c) C:\Windows\system32\DRIVERS\nvsmu.sys
2011/05/03 19:35:33.0500 0316 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
2011/05/03 19:35:33.0734 0316 nvstor64 (ebfe363aab0d6e4086adbf04c41ebdf8) C:\Windows\system32\DRIVERS\nvstor64.sys
2011/05/03 19:35:34.0061 0316 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
2011/05/03 19:35:34.0171 0316 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
2011/05/03 19:35:34.0483 0316 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/05/03 19:35:34.0826 0316 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
2011/05/03 19:35:35.0153 0316 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
2011/05/03 19:35:35.0419 0316 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
2011/05/03 19:35:35.0746 0316 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/05/03 19:35:36.0043 0316 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/05/03 19:35:36.0542 0316 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/05/03 19:35:36.0979 0316 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
2011/05/03 19:35:37.0228 0316 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/05/03 19:35:37.0415 0316 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
2011/05/03 19:35:38.0039 0316 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/05/03 19:35:38.0180 0316 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/05/03 19:35:38.0461 0316 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/05/03 19:35:38.0554 0316 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/05/03 19:35:38.0617 0316 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/05/03 19:35:38.0679 0316 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/05/03 19:35:38.0726 0316 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/05/03 19:35:38.0882 0316 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/05/03 19:35:39.0303 0316 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
2011/05/03 19:35:39.0662 0316 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/05/03 19:35:39.0943 0316 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/05/03 19:35:40.0099 0316 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/05/03 19:35:40.0426 0316 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/05/03 19:35:40.0769 0316 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
2011/05/03 19:35:41.0035 0316 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
2011/05/03 19:35:41.0191 0316 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/05/03 19:35:41.0269 0316 RTL8167 (4b42bc58294e83a6a92ec8b88c14c4a3) C:\Windows\system32\DRIVERS\Rt64win7.sys
2011/05/03 19:35:41.0627 0316 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
2011/05/03 19:35:41.0815 0316 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
2011/05/03 19:35:41.0971 0316 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/05/03 19:35:42.0049 0316 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/05/03 19:35:42.0173 0316 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/05/03 19:35:42.0470 0316 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/05/03 19:35:42.0813 0316 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
2011/05/03 19:35:43.0031 0316 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
2011/05/03 19:35:43.0078 0316 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
2011/05/03 19:35:43.0125 0316 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/05/03 19:35:43.0187 0316 SiSGbeLH (1bc348cf6baa90ec8e533ef6e6a69933) C:\Windows\system32\DRIVERS\SiSG664.sys
2011/05/03 19:35:43.0312 0316 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/05/03 19:35:43.0375 0316 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/05/03 19:35:43.0421 0316 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/05/03 19:35:43.0718 0316 SNP2UVC (1d8474722cdffbb8fca5fa12c50a05a2) C:\Windows\system32\DRIVERS\snp2uvc.sys
2011/05/03 19:35:43.0952 0316 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/05/03 19:35:44.0170 0316 srv (65bbf4920148c2ee279055da7228fc7b) C:\Windows\system32\DRIVERS\srv.sys
2011/05/03 19:35:44.0560 0316 srv2 (da939f762a1ccc2d77428621ddbd40a7) C:\Windows\system32\DRIVERS\srv2.sys
2011/05/03 19:35:44.0903 0316 srvnet (3f847c9dc87299516f7dc82fb6572865) C:\Windows\system32\DRIVERS\srvnet.sys
2011/05/03 19:35:45.0044 0316 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/05/03 19:35:45.0106 0316 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
2011/05/03 19:35:45.0403 0316 Tcpip (509383e505c973ed7534a06b3d19688d) C:\Windows\system32\drivers\tcpip.sys
2011/05/03 19:35:45.0855 0316 TCPIP6 (509383e505c973ed7534a06b3d19688d) C:\Windows\system32\DRIVERS\tcpip.sys
2011/05/03 19:35:46.0073 0316 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
2011/05/03 19:35:46.0323 0316 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/05/03 19:35:46.0463 0316 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/05/03 19:35:46.0697 0316 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
2011/05/03 19:35:46.0885 0316 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
2011/05/03 19:35:47.0150 0316 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/05/03 19:35:47.0243 0316 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
2011/05/03 19:35:47.0321 0316 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
2011/05/03 19:35:47.0368 0316 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/05/03 19:35:47.0446 0316 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
2011/05/03 19:35:47.0633 0316 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
2011/05/03 19:35:47.0774 0316 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
2011/05/03 19:35:47.0821 0316 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/05/03 19:35:47.0899 0316 USBAAPL64 (54d4b48d443e7228bf64cf7cdc3118ac) C:\Windows\system32\Drivers\usbaapl64.sys
2011/05/03 19:35:47.0945 0316 usbccgp (481dff26b4dca8f4cbac1f7dce1d6829) C:\Windows\system32\drivers\usbccgp.sys
2011/05/03 19:35:48.0086 0316 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
2011/05/03 19:35:48.0148 0316 usbehci (df9f9afc9aaabd8ed47975d44e38169a) C:\Windows\system32\DRIVERS\usbehci.sys
2011/05/03 19:35:48.0242 0316 usbhub (dc96bd9ccb8403251bcf25047573558e) C:\Windows\system32\drivers\usbhub.sys
2011/05/03 19:35:48.0289 0316 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
2011/05/03 19:35:48.0335 0316 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/05/03 19:35:48.0382 0316 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
2011/05/03 19:35:48.0429 0316 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS
2011/05/03 19:35:48.0476 0316 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/05/03 19:35:48.0694 0316 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
2011/05/03 19:35:48.0819 0316 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
2011/05/03 19:35:49.0084 0316 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/05/03 19:35:49.0271 0316 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/05/03 19:35:49.0396 0316 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
2011/05/03 19:35:49.0459 0316 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
2011/05/03 19:35:49.0521 0316 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
2011/05/03 19:35:49.0630 0316 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
2011/05/03 19:35:49.0942 0316 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
2011/05/03 19:35:50.0098 0316 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/05/03 19:35:50.0129 0316 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/05/03 19:35:50.0161 0316 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/05/03 19:35:50.0207 0316 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
2011/05/03 19:35:50.0254 0316 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/05/03 19:35:50.0332 0316 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/03 19:35:50.0363 0316 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/03 19:35:50.0519 0316 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/05/03 19:35:50.0629 0316 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/05/03 19:35:50.0925 0316 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/05/03 19:35:51.0112 0316 WimFltr (52ded146e4797e6ccf94799e8e22bb2a) C:\Windows\system32\DRIVERS\wimfltr.sys
2011/05/03 19:35:51.0206 0316 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/05/03 19:35:51.0409 0316 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/05/03 19:35:51.0565 0316 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
2011/05/03 19:35:51.0705 0316 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/05/03 19:35:51.0783 0316 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
2011/05/03 19:35:51.0830 0316 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/05/03 19:35:51.0939 0316 ================================================================================
2011/05/03 19:35:51.0939 0316 Scan finished
2011/05/03 19:35:51.0939 0316 ================================================================================

cosinus · 04.05.2011, 10:31

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.

Dann folgende Anleitung durchlesen und abarbeiten -> CCleaner Systembereinigung

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Jules_ · 04.05.2011, 12:53

Habe es wie beschrieben durchgeführt.

Combofix Logfile:

Code:

ATTFilter

ComboFix 11-05-03.04 - Jules 04.05.2011  13:41:05.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.4095.2853 [GMT 2:00]
ausgeführt von:: c:\users\Jules\Desktop\cofi.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\INSTALL.LOG
c:\program files (x86)\UNWISE.EXE
c:\programdata\FullRemove.exe
c:\windows\system32\service
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-04-04 bis 2011-05-04  ))))))))))))))))))))))))))))))
.
.
2011-05-04 11:47 . 2011-05-04 11:47	--------	d-----w-	c:\users\Katzenfrosch\AppData\Local\temp
2011-05-04 11:47 . 2011-05-04 11:47	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-05-03 06:17 . 2011-04-18 07:15	8802128	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{550EA18F-4DFF-4915-A115-32E433AD0D8F}\mpengine.dll
2011-05-02 19:37 . 2011-05-02 19:48	--------	d-----w-	C:\_OTL
2011-04-30 05:36 . 2011-05-02 19:37	--------	d-----w-	c:\program files (x86)\Spybot - Search & Destroy
2011-04-29 20:00 . 2011-04-14 16:40	142296	----a-w-	c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll
2011-04-29 20:00 . 2011-04-14 16:40	781272	----a-w-	c:\program files (x86)\Mozilla Firefox\mozsqlite3.dll
2011-04-29 20:00 . 2011-04-14 16:40	1874904	----a-w-	c:\program files (x86)\Mozilla Firefox\mozjs.dll
2011-04-29 20:00 . 2011-04-14 16:40	89048	----a-w-	c:\program files (x86)\Mozilla Firefox\libEGL.dll
2011-04-29 20:00 . 2011-04-14 16:40	465880	----a-w-	c:\program files (x86)\Mozilla Firefox\libGLESv2.dll
2011-04-29 20:00 . 2011-04-14 16:40	15832	----a-w-	c:\program files (x86)\Mozilla Firefox\mozalloc.dll
2011-04-29 20:00 . 2010-01-01 08:00	1974616	----a-w-	c:\program files (x86)\Mozilla Firefox\D3DCompiler_42.dll
2011-04-29 20:00 . 2010-01-01 08:00	1892184	----a-w-	c:\program files (x86)\Mozilla Firefox\d3dx9_42.dll
2011-04-29 06:57 . 2011-04-29 06:57	--------	d-----w-	c:\program files\iPod
2011-04-29 06:57 . 2011-04-29 06:57	--------	d-----w-	c:\program files\iTunes
2011-04-29 06:57 . 2011-04-29 06:57	--------	d-----w-	c:\program files (x86)\iTunes
2011-04-29 06:55 . 2011-04-29 06:55	--------	d-----w-	c:\program files\Bonjour
2011-04-29 06:55 . 2011-04-29 06:55	--------	d-----w-	c:\program files (x86)\Bonjour
2011-04-28 16:17 . 2011-01-17 11:09	197120	----a-w-	c:\windows\system32\d3d10_1.dll
2011-04-28 16:17 . 2011-01-17 05:47	161792	----a-w-	c:\windows\SysWow64\d3d10_1.dll
2011-04-27 05:24 . 2011-02-24 06:15	476160	----a-w-	c:\windows\system32\XpsGdiConverter.dll
2011-04-27 05:24 . 2011-02-24 05:38	288256	----a-w-	c:\windows\SysWow64\XpsGdiConverter.dll
2011-04-27 05:22 . 2011-02-05 17:06	605552	----a-w-	c:\windows\system32\winload.exe
2011-04-27 05:22 . 2011-02-05 17:06	566208	----a-w-	c:\windows\system32\winresume.efi
2011-04-27 05:22 . 2011-02-05 17:10	642944	----a-w-	c:\windows\system32\winload.efi
2011-04-27 05:22 . 2011-02-05 17:10	20352	----a-w-	c:\windows\system32\kdusb.dll
2011-04-27 05:22 . 2011-02-05 17:10	19328	----a-w-	c:\windows\system32\kd1394.dll
2011-04-27 05:22 . 2011-02-05 17:10	17792	----a-w-	c:\windows\system32\kdcom.dll
2011-04-27 05:22 . 2011-02-05 17:06	518672	----a-w-	c:\windows\system32\winresume.exe
2011-04-27 05:20 . 2011-02-23 04:56	158208	----a-w-	c:\windows\system32\drivers\mrxsmb.sys
2011-04-27 05:20 . 2011-02-23 04:55	287744	----a-w-	c:\windows\system32\drivers\mrxsmb10.sys
2011-04-27 05:20 . 2011-02-23 04:55	128000	----a-w-	c:\windows\system32\drivers\mrxsmb20.sys
2011-04-27 05:20 . 2011-02-23 04:55	90624	----a-w-	c:\windows\system32\drivers\bowser.sys
2011-04-27 05:20 . 2011-02-12 11:34	267776	----a-w-	c:\windows\system32\FXSCOVER.exe
2011-04-20 14:08 . 2011-04-30 18:50	--------	d-----w-	c:\programdata\Spybot - Search & Destroy
2011-04-14 21:28 . 2011-03-03 03:52	3135488	----a-w-	c:\windows\system32\win32k.sys
2011-04-14 01:39 . 2011-04-14 01:39	103864	----a-w-	c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2011-04-14 01:39 . 2011-04-14 01:39	103864	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2011-04-06 14:26 . 2011-04-06 14:26	96544	----a-w-	c:\windows\system32\dnssd.dll
2011-04-06 14:26 . 2011-04-06 14:26	69408	----a-w-	c:\windows\system32\jdns_sd.dll
2011-04-06 14:26 . 2011-04-06 14:26	237856	----a-w-	c:\windows\system32\dnssdX.dll
2011-04-06 14:26 . 2011-04-06 14:26	119584	----a-w-	c:\windows\system32\dns-sd.exe
2011-04-06 14:20 . 2011-04-06 14:20	91424	----a-w-	c:\windows\SysWow64\dnssd.dll
2011-04-06 14:20 . 2011-04-06 14:20	75040	----a-w-	c:\windows\SysWow64\jdns_sd.dll
2011-04-06 14:20 . 2011-04-06 14:20	197920	----a-w-	c:\windows\SysWow64\dnssdX.dll
2011-04-06 14:20 . 2011-04-06 14:20	107808	----a-w-	c:\windows\SysWow64\dns-sd.exe
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-02 19:29 . 2010-08-10 11:48	81984	----a-w-	c:\windows\system32\bdod.bin
2011-04-18 17:25 . 2011-03-18 08:09	40112	----a-w-	c:\windows\avastSS.scr
2011-04-18 17:25 . 2011-03-18 08:09	199304	----a-w-	c:\windows\SysWow64\aswBoot.exe
2011-04-18 17:25 . 2011-03-18 08:10	253888	----a-w-	c:\windows\system32\aswBoot.exe
2011-04-18 17:18 . 2011-03-18 08:10	287064	----a-w-	c:\windows\system32\drivers\aswSP.sys
2011-04-18 17:17 . 2011-03-18 08:10	600920	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2011-04-18 17:16 . 2011-03-18 08:10	53592	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2011-04-18 17:13 . 2011-03-18 08:10	31064	----a-w-	c:\windows\system32\drivers\aswRdr.sys
2011-04-18 17:13 . 2011-03-18 08:10	64344	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2011-04-18 17:13 . 2011-03-18 08:10	22360	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2011-03-18 07:37 . 2009-07-14 02:36	152576	----a-w-	c:\windows\SysWow64\msclmd.dll
2011-03-18 07:37 . 2009-07-14 02:36	175616	----a-w-	c:\windows\system32\msclmd.dll
2011-03-18 06:01 . 2011-03-18 06:01	74752	----a-w-	c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-03-18 06:01 . 2011-03-18 06:01	1797632	----a-w-	c:\windows\SysWow64\jscript9.dll
2011-03-18 06:01 . 2011-03-18 06:01	161792	----a-w-	c:\windows\SysWow64\msls31.dll
2011-03-18 06:01 . 2011-03-18 06:01	1126912	----a-w-	c:\windows\SysWow64\wininet.dll
2011-03-18 06:01 . 2011-03-18 06:01	110592	----a-w-	c:\windows\SysWow64\IEAdvpack.dll
2011-03-18 06:01 . 2011-03-18 06:01	86528	----a-w-	c:\windows\SysWow64\iesysprep.dll
2011-03-18 06:01 . 2011-03-18 06:01	76800	----a-w-	c:\windows\SysWow64\SetIEInstalledDate.exe
2011-03-18 06:01 . 2011-03-18 06:01	74752	----a-w-	c:\windows\SysWow64\iesetup.dll
2011-03-18 06:01 . 2011-03-18 06:01	63488	----a-w-	c:\windows\SysWow64\tdc.ocx
2011-03-18 06:01 . 2011-03-18 06:01	48640	----a-w-	c:\windows\SysWow64\mshtmler.dll
2011-03-18 06:01 . 2011-03-18 06:01	367104	----a-w-	c:\windows\SysWow64\html.iec
2011-03-18 06:01 . 2011-03-18 06:01	23552	----a-w-	c:\windows\SysWow64\licmgr10.dll
2011-03-18 06:01 . 2011-03-18 06:01	152064	----a-w-	c:\windows\SysWow64\wextract.exe
2011-03-18 06:01 . 2011-03-18 06:01	150528	----a-w-	c:\windows\SysWow64\iexpress.exe
2011-03-18 06:01 . 2011-03-18 06:01	1427456	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2011-03-18 06:01 . 2011-03-18 06:01	89088	----a-w-	c:\windows\system32\RegisterIEPKEYs.exe
2011-03-18 06:01 . 2011-03-18 06:01	49664	----a-w-	c:\windows\system32\imgutil.dll
2011-03-18 06:01 . 2011-03-18 06:01	420864	----a-w-	c:\windows\SysWow64\vbscript.dll
2011-03-18 06:01 . 2011-03-18 06:01	35840	----a-w-	c:\windows\SysWow64\imgutil.dll
2011-03-18 06:01 . 2011-03-18 06:01	2382848	----a-w-	c:\windows\SysWow64\mshtml.tlb
2011-03-18 06:01 . 2011-03-18 06:01	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2011-03-18 06:01 . 2011-03-18 06:01	2303488	----a-w-	c:\windows\system32\jscript9.dll
2011-03-18 06:01 . 2011-03-18 06:01	222208	----a-w-	c:\windows\system32\msls31.dll
2011-03-18 06:01 . 2011-03-18 06:01	173056	----a-w-	c:\windows\system32\ieUnatt.exe
2011-03-18 06:01 . 2011-03-18 06:01	142848	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2011-03-18 06:01 . 2011-03-18 06:01	1389056	----a-w-	c:\windows\system32\wininet.dll
2011-03-18 06:01 . 2011-03-18 06:01	12288	----a-w-	c:\windows\system32\mshta.exe
2011-03-18 06:01 . 2011-03-18 06:01	11776	----a-w-	c:\windows\SysWow64\mshta.exe
2011-03-18 06:01 . 2011-03-18 06:01	114176	----a-w-	c:\windows\system32\admparse.dll
2011-03-18 06:01 . 2011-03-18 06:01	101888	----a-w-	c:\windows\SysWow64\admparse.dll
2011-03-18 06:01 . 2011-03-18 06:01	91648	----a-w-	c:\windows\system32\SetIEInstalledDate.exe
2011-03-18 06:01 . 2011-03-18 06:01	85504	----a-w-	c:\windows\system32\iesetup.dll
2011-03-18 06:01 . 2011-03-18 06:01	76800	----a-w-	c:\windows\system32\tdc.ocx
2011-03-18 06:01 . 2011-03-18 06:01	48640	----a-w-	c:\windows\system32\mshtmler.dll
2011-03-18 06:01 . 2011-03-18 06:01	448512	----a-w-	c:\windows\system32\html.iec
2011-03-18 06:01 . 2011-03-18 06:01	30720	----a-w-	c:\windows\system32\licmgr10.dll
2011-03-18 06:01 . 2011-03-18 06:01	160256	----a-w-	c:\windows\system32\wextract.exe
2011-03-18 06:01 . 2011-03-18 06:01	1492992	----a-w-	c:\windows\system32\inetcpl.cpl
2011-03-18 06:01 . 2011-03-18 06:01	135168	----a-w-	c:\windows\system32\IEAdvpack.dll
2011-03-18 06:01 . 2011-03-18 06:01	111616	----a-w-	c:\windows\system32\iesysprep.dll
2011-03-18 06:01 . 2011-03-18 06:01	165888	----a-w-	c:\windows\system32\iexpress.exe
2011-03-18 06:01 . 2011-03-18 06:01	603648	----a-w-	c:\windows\system32\vbscript.dll
2011-03-04 06:19 . 2011-04-27 05:25	135168	----a-w-	c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2011-03-04 06:19 . 2011-04-27 05:25	350208	----a-w-	c:\windows\apppatch\AppPatch64\AcLayers.dll
2011-02-19 12:05 . 2011-03-09 07:58	1139200	----a-w-	c:\windows\system32\FntCache.dll
2011-02-19 12:04 . 2011-03-09 07:58	1544192	----a-w-	c:\windows\system32\DWrite.dll
2011-02-19 12:04 . 2011-03-09 07:58	902656	----a-w-	c:\windows\system32\d2d1.dll
2011-02-19 06:30 . 2011-03-09 07:58	1076736	----a-w-	c:\windows\SysWow64\DWrite.dll
2011-02-19 06:30 . 2011-03-09 07:58	739840	----a-w-	c:\windows\SysWow64\d2d1.dll
2011-02-18 15:36 . 2011-02-18 15:36	51712	----a-w-	c:\windows\system32\drivers\usbaapl64.sys
2011-02-18 15:36 . 2011-02-18 15:36	4184352	----a-w-	c:\windows\system32\usbaaplrc.dll
2010-06-03 17:24 . 2010-10-31 19:45	2736736	----a-w-	c:\program files (x86)\tbsoft.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}"= "c:\program files (x86)\softonic-de3\tbsoft.dll" [2010-06-03 2736736]
.
[HKEY_CLASSES_ROOT\clsid\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}]
2010-06-03 17:24	2736736	----a-w-	c:\program files (x86)\softonic-de3\tbsoft.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}"= "c:\program files (x86)\softonic-de3\tbsoft.dll" [2010-06-03 2736736]
.
[HKEY_CLASSES_ROOT\clsid\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2009-10-27 6998656]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2009-08-20 170624]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-04-18 3460784]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-04-14 421160]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
FancyStart daemon.lnk - c:\windows\Installer\{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}\_A1DDD39913A1970387B7B3.exe [2010-1-11 12862]
SRS Premium Sound.lnk - c:\windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe [2010-1-11 156952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"HP Software Update"=c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [x]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\windows\SysWOW64\nvSCPAPISvr.exe [2009-12-11 239208]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{54E1342C-1FDF-4F2A-98AB-4E82A5616FC8}]
2009-03-02 11:49	8192	----a-w-	c:\program files (x86)\PixiePack Codec Pack\InstallerHelper.exe
.
Inhalt des "geplante Tasks" Ordners
.
2011-03-18 c:\windows\Tasks\User_Feed_Synchronization-{895679C6-9D24-4915-B2C8-618FDF0F4EC1}.job
- c:\windows\system32\msfeedssync.exe [2011-03-18 06:01]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-04-18 17:25	134384	----a-w-	c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2009-11-26 05:49	70656	----a-w-	c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2009-11-26 05:49	70656	----a-w-	c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EeeStorageBackup"="c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe" [2009-11-26 1732608]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-12-11 16414824]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-09-30 621440]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-09-01 323584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Jules\AppData\Roaming\Mozilla\Firefox\Profiles\52lublja.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2431245&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://msn.de
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2431245&q=
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
WebBrowser-{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - (no file)
AddRemove-ASUS_Screensaver - c:\windows\system32\ASUS_Screensaver.scr
AddRemove-softonic-de3 Toolbar - c:\progra~2\UNWISE.EXE
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\macromed\\flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\macromed\\flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\macromed\\flash\\Flash.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\macromed\\flash\\Flash.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\macromed\\flash\\Flash.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\macromed\\flash\\Flash.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-05-04  13:50:42
ComboFix-quarantined-files.txt  2011-05-04 11:50
.
Vor Suchlauf: 9 Verzeichnis(se), 51.161.522.176 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 50.622.750.720 Bytes frei
.
- - End Of File - - 026F2B495FCFC056691C0CFE92996FDF

--- --- ---

cosinus · 04.05.2011, 13:55

Bitte nun Logs mit GMER und mbrcheck erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg

Anleitung zu mbrcheck:
Downloade Dir MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.

Doppelklick auf die MBRCheck.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Das Tool braucht nur wenige Sekunden.
Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.

Poste mir bitte den Inhalt des .txt Dokumentes

Jules_ · 04.05.2011, 16:35

Ich bin nicht sicher, ob das mit GMER richtig gelaufen ist, da es nicht angezeigt hat, dass es fertig ist.. nach einiger Zeit tat sich nur einfach nichts mehr. Auf "copy" geklickt, kam nur das:
(Soll ich es evtl. nochmal probieren?)

GMER Logfile:

Code:

ATTFilter

GMER 1.0.15.15627 - hxxp://www.gmer.net
Rootkit scan 2011-05-04 17:23:22
Windows 6.1.7601 Service Pack 1 
Running: x63peoex.exe


---- Registry - GMER 1.0.15 ----

Reg  HKLM\SYSTEM\CurrentControlSet\services\eventlog\Application@Sources  MSDMine?DfSdk
Reg  HKLM\SYSTEM\ControlSet002\services\eventlog\Application@Sources      MSDMine?DfSdk

---- EOF - GMER 1.0.15 ----

--- --- ---

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: Service Pack 1 (build 7601), 64-bit
Base Board Manufacturer: ASUSTeK Computer Inc.
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: ASUSTeK Computer Inc.
System Product Name: K50ID
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 201):
0x03217000 \SystemRoot\system32\ntoskrnl.exe
0x03801000 \SystemRoot\system32\hal.dll
0x00BB1000 \SystemRoot\system32\kdcom.dll
0x00C4D000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00C9C000 \SystemRoot\system32\PSHED.dll
0x00CB0000 \SystemRoot\system32\CLFS.SYS
0x00D0E000 \SystemRoot\system32\CI.dll
0x00E32000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00ED6000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00EE5000 \SystemRoot\system32\drivers\ACPI.sys
0x00F3C000 \SystemRoot\system32\drivers\WMILIB.SYS
0x00F45000 \SystemRoot\system32\drivers\msisadrv.sys
0x00F4F000 \SystemRoot\system32\drivers\pci.sys
0x00F82000 \SystemRoot\system32\drivers\vdrvroot.sys
0x00F8F000 \SystemRoot\System32\drivers\partmgr.sys
0x00FA4000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x00FAD000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x00FB9000 \SystemRoot\system32\drivers\volmgr.sys
0x010EB000 \SystemRoot\System32\drivers\volmgrx.sys
0x01147000 \SystemRoot\system32\drivers\pciide.sys
0x0114E000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x0115E000 \SystemRoot\System32\drivers\mountmgr.sys
0x01178000 \SystemRoot\system32\drivers\atapi.sys
0x01181000 \SystemRoot\system32\drivers\ataport.SYS
0x011AB000 \SystemRoot\system32\drivers\msahci.sys
0x011B6000 \SystemRoot\system32\DRIVERS\nvstor64.sys
0x01000000 \SystemRoot\system32\DRIVERS\storport.sys
0x01063000 \SystemRoot\system32\drivers\amdxata.sys
0x0106E000 \SystemRoot\system32\drivers\fltmgr.sys
0x010BA000 \SystemRoot\system32\drivers\fileinfo.sys
0x01235000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01451000 \SystemRoot\System32\Drivers\msrpc.sys
0x014AF000 \SystemRoot\System32\Drivers\ksecdd.sys
0x014CA000 \SystemRoot\System32\Drivers\cng.sys
0x0153C000 \SystemRoot\System32\drivers\pcw.sys
0x0154D000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x016C6000 \SystemRoot\system32\drivers\ndis.sys
0x01600000 \SystemRoot\system32\drivers\NETIO.SYS
0x01660000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01893000 \SystemRoot\System32\drivers\tcpip.sys
0x01A97000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01AE1000 \SystemRoot\system32\drivers\volsnap.sys
0x01B2D000 \SystemRoot\System32\Drivers\spldr.sys
0x01B35000 \SystemRoot\System32\drivers\rdyboost.sys
0x01B6F000 \SystemRoot\System32\Drivers\mup.sys
0x01B81000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01B8A000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01BC4000 \SystemRoot\system32\DRIVERS\disk.sys
0x01800000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x0168B000 \SystemRoot\system32\drivers\cdrom.sys
0x01557000 \SystemRoot\System32\Drivers\aswSnx.SYS
0x01BED000 \SystemRoot\System32\Drivers\Null.SYS
0x01BF6000 \SystemRoot\System32\Drivers\Beep.SYS
0x016B5000 \SystemRoot\System32\drivers\vga.sys
0x017B9000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x017DE000 \SystemRoot\System32\drivers\watchdog.sys
0x01886000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x017EE000 \SystemRoot\system32\drivers\rdpencdd.sys
0x017F7000 \SystemRoot\system32\drivers\rdprefmp.sys
0x015EF000 \SystemRoot\System32\Drivers\Msfs.SYS
0x01400000 \SystemRoot\System32\Drivers\Npfs.SYS
0x01411000 \SystemRoot\system32\DRIVERS\tdx.sys
0x01433000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x01440000 \SystemRoot\System32\Drivers\aswTdi.SYS
0x03CA6000 \SystemRoot\system32\drivers\afd.sys
0x03D2F000 \SystemRoot\System32\Drivers\aswRdr.SYS
0x03D39000 \SystemRoot\System32\DRIVERS\netbt.sys
0x03D7E000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x03D87000 \SystemRoot\system32\DRIVERS\pacer.sys
0x03DAD000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x03DC3000 \SystemRoot\system32\DRIVERS\netbios.sys
0x03DD2000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x03C00000 \SystemRoot\system32\drivers\termdd.sys
0x03C14000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x03C65000 \SystemRoot\system32\drivers\nsiproxy.sys
0x03C71000 \SystemRoot\system32\drivers\mssmbios.sys
0x03C7C000 \SystemRoot\System32\drivers\discache.sys
0x013D8000 \SystemRoot\System32\Drivers\dfsc.sys
0x03C8B000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x00C00000 \SystemRoot\System32\Drivers\aswSP.SYS
0x01200000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x010CE000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x00FCE000 \SystemRoot\system32\drivers\i8042prt.sys
0x03C9C000 \SystemRoot\system32\DRIVERS\kbfiltr.sys
0x03DED000 \SystemRoot\system32\drivers\kbdclass.sys
0x00E00000 \SystemRoot\system32\DRIVERS\ETD.sys
0x01226000 \SystemRoot\system32\drivers\mouclass.sys
0x011F4000 \SystemRoot\system32\DRIVERS\nvsmu.sys
0x00E22000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x040DE000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x04134000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x04145000 \SystemRoot\system32\drivers\HDAudBus.sys
0x04169000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x04A04000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x0552E000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x04479000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x0456D000 \SystemRoot\System32\drivers\dxgmms1.sys
0x04400000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
0x04608000 \SystemRoot\system32\DRIVERS\athrx.sys
0x04785000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x04792000 \SystemRoot\system32\drivers\wmiacpi.sys
0x0479B000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x047A0000 \SystemRoot\system32\DRIVERS\ATK64AMD.sys
0x047A8000 \SystemRoot\system32\drivers\CompositeBus.sys
0x047B8000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x047CE000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x047F2000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x045B3000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x045E2000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x04456000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x05530000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x047FE000 \SystemRoot\system32\drivers\swenum.sys
0x0554A000 \SystemRoot\system32\drivers\ks.sys
0x0558D000 \SystemRoot\system32\drivers\umbus.sys
0x0559F000 \SystemRoot\system32\drivers\usbhub.sys
0x04176000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x0667C000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x0689B000 \SystemRoot\system32\drivers\portcls.sys
0x068D8000 \SystemRoot\system32\drivers\drmk.sys
0x068FA000 \SystemRoot\system32\drivers\ksthunk.sys
0x06900000 \SystemRoot\system32\drivers\nvhda64v.sys
0x06918000 \SystemRoot\System32\Drivers\crashdmp.sys
0x06926000 \SystemRoot\System32\Drivers\dump_diskdump.sys
0x06930000 \SystemRoot\System32\Drivers\dump_nvstor64.sys
0x0696E000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x06981000 \SystemRoot\system32\drivers\usbccgp.sys
0x0699E000 \SystemRoot\system32\drivers\USBD.SYS
0x069A0000 \SystemRoot\system32\drivers\hidusb.sys
0x069AE000 \SystemRoot\system32\drivers\HIDCLASS.SYS
0x069C7000 \SystemRoot\system32\drivers\HIDPARSE.SYS
0x069D0000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x00030000 \SystemRoot\System32\win32k.sys
0x069DD000 \SystemRoot\System32\drivers\Dxapi.sys
0x02001000 \SystemRoot\system32\DRIVERS\snp2uvc.sys
0x021B9000 \SystemRoot\system32\DRIVERS\STREAM.SYS
0x021CA000 \SystemRoot\system32\DRIVERS\sncduvc.SYS
0x021D3000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00570000 \SystemRoot\System32\TSDDD.dll
0x00710000 \SystemRoot\System32\cdd.dll
0x06600000 \SystemRoot\system32\drivers\luafv.sys
0x06623000 \??\C:\Windows\system32\drivers\aswMonFlt.sys
0x021E1000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0x0418B000 \SystemRoot\system32\drivers\WudfPf.sys
0x021EA000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x041AC000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x0665D000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x04000000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x06670000 \??\C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
0x069E9000 \SystemRoot\system32\DRIVERS\vwifimp.sys
0x05613000 \SystemRoot\system32\drivers\HTTP.sys
0x056DC000 \SystemRoot\system32\DRIVERS\bowser.sys
0x056FA000 \SystemRoot\System32\drivers\mpsdrv.sys
0x05712000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x0573F000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x0578C000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x04018000 \SystemRoot\system32\drivers\peauth.sys
0x057B0000 \SystemRoot\System32\Drivers\secdrv.SYS
0x057BB000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x057EC000 \SystemRoot\System32\drivers\tcpipreg.sys
0x07C8E000 \SystemRoot\System32\DRIVERS\srv2.sys
0x07CF8000 \SystemRoot\System32\DRIVERS\srv.sys
0x07D90000 \SystemRoot\System32\Drivers\fastfat.SYS
0x77380000 \Windows\System32\ntdll.dll
0x47910000 \Windows\System32\smss.exe
0xFF6A0000 \Windows\System32\apisetschema.dll
0xFF890000 \Windows\System32\autochk.exe
0xFF5F0000 \Windows\System32\comdlg32.dll
0xFF4E0000 \Windows\System32\msctf.dll
0xFF480000 \Windows\System32\Wldap32.dll
0xFF430000 \Windows\System32\ws2_32.dll
0xFF360000 \Windows\System32\usp10.dll
0xFF2F0000 \Windows\System32\gdi32.dll
0x77230000 \Windows\System32\urlmon.dll
0xFE560000 \Windows\System32\shell32.dll
0x77130000 \Windows\System32\user32.dll
0xFE4C0000 \Windows\System32\clbcatq.dll
0xFE3E0000 \Windows\System32\advapi32.dll
0xFE3C0000 \Windows\System32\imagehlp.dll
0xFE1E0000 \Windows\System32\setupapi.dll
0x76F20000 \Windows\System32\iertutil.dll
0x76E00000 \Windows\System32\kernel32.dll
0xFE1B0000 \Windows\System32\imm32.dll
0xFE130000 \Windows\System32\shlwapi.dll
0x77550000 \Windows\System32\normaliz.dll
0xFE110000 \Windows\System32\sechost.dll
0x77540000 \Windows\System32\psapi.dll
0xFE100000 \Windows\System32\lpk.dll
0xFE060000 \Windows\System32\msvcrt.dll
0xFDFE0000 \Windows\System32\difxapi.dll
0xFDF00000 \Windows\System32\oleaut32.dll
0x76CA0000 \Windows\System32\wininet.dll
0xFDCF0000 \Windows\System32\ole32.dll
0xFDBC0000 \Windows\System32\rpcrt4.dll
0xFDBB0000 \Windows\System32\nsi.dll
0xFDB10000 \Windows\System32\comctl32.dll
0xFD9A0000 \Windows\System32\crypt32.dll
0xFD930000 \Windows\System32\KernelBase.dll
0xFD8F0000 \Windows\System32\wintrust.dll
0xFD8D0000 \Windows\System32\devobj.dll
0xFD890000 \Windows\System32\cfgmgr32.dll
0xFD880000 \Windows\System32\msasn1.dll

Processes (total 67):
0 System Idle Process
4 System
300 C:\Windows\System32\smss.exe
432 csrss.exe
484 C:\Windows\System32\wininit.exe
496 csrss.exe
544 C:\Windows\System32\services.exe
552 C:\Windows\System32\lsass.exe
560 C:\Windows\System32\lsm.exe
676 C:\Windows\System32\winlogon.exe
692 C:\Windows\System32\svchost.exe
780 C:\Windows\System32\nvvsvc.exe
820 C:\Windows\System32\svchost.exe
884 C:\Windows\System32\svchost.exe
956 C:\Windows\System32\svchost.exe
984 C:\Windows\System32\svchost.exe
332 C:\Windows\System32\audiodg.exe
1012 C:\Windows\System32\svchost.exe
1040 C:\Windows\System32\svchost.exe
1112 C:\Windows\System32\nvvsvc.exe
1292 C:\Windows\System32\FBAgent.exe
1312 C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
1396 C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
1428 C:\Program Files\AVAST Software\Avast\AvastSvc.exe
1696 C:\Windows\System32\spoolsv.exe
1728 C:\Windows\System32\svchost.exe
1856 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1920 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
1956 C:\Windows\System32\svchost.exe
2012 C:\Windows\SysWOW64\svchost.exe
2044 C:\Windows\System32\svchost.exe
1264 C:\Windows\System32\svchost.exe
1204 C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
1844 C:\Windows\SysWOW64\nvSCPAPISvr.exe
2052 C:\Windows\System32\svchost.exe
2124 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
2280 C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
2360 C:\Windows\System32\dwm.exe
2384 C:\Windows\explorer.exe
2644 C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
2708 C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
2724 C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
2760 C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
2884 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
2912 C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe
2992 C:\Program Files\Elantech\ETDCtrl.exe
3000 C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
3052 C:\Windows\System32\SearchIndexer.exe
2216 C:\Windows\System32\svchost.exe
3412 C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe
3436 C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
3536 C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
3544 C:\Program Files\AVAST Software\Avast\AvastUI.exe
3572 C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
3580 C:\Program Files (x86)\iTunes\iTunesHelper.exe
3816 C:\Windows\System32\svchost.exe
4016 C:\Program Files\iPod\bin\iPodService.exe
3320 WmiPrvSE.exe
3724 C:\Program Files\Windows Media Player\wmpnetwk.exe
3684 WmiPrvSE.exe
4268 dllhost.exe
4396 C:\Windows\AsScrPro.exe
4448 C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
4552 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
672 C:\Users\Jules\Desktop\MBRCheck.exe
4084 C:\Windows\System32\conhost.exe
4196 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`a962f000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000020`c56a2e00 (NTFS)

PhysicalDrive0 Model Number: ST9500325AS, Rev: 0002

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 RE: Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979

Done!

Viele Grüße (:

cosinus · 04.05.2011, 17:55

Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Jules_ · 04.05.2011, 21:13

Hier die beiden Vollscans:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6506

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

04.05.2011 20:20:19
mbam-log-2011-05-04 (20-20-19).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Durchsuchte Objekte: 307044
Laufzeit: 48 Minute(n), 34 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 05/04/2011 at 10:07 PM

Application Version : 4.51.1000

Core Rules Database Version : 6987
Trace Rules Database Version: 4799

Scan type : Complete Scan
Total Scan Time : 01:39:51

Memory items scanned : 661
Memory threats detected : 0
Registry items scanned : 14367
Registry threats detected : 0
File items scanned : 144866
File threats detected : 2

Adware.Tracking Cookie
C:\Users\Jules\AppData\Roaming\Microsoft\Windows\Cookies\jules@sevenoneintermedia.112.2o7[1].txt
media.dshini.net [ C:\Users\Jules\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\K72BJVTN ]

Viele Grüße (:

03.05.2011, 10:41	#8
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Windows Explorer in Taskleiste schließt sich beim Berühren mit Maus Hast du beide Haken gesetzt beim tdsskiller? __________________ Logfiles bitte immer in CODE-Tags posten

04.05.2011, 17:55	#14
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Windows Explorer in Taskleiste schließt sich beim Berühren mit Maus Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!! __________________ Logfiles bitte immer in CODE-Tags posten

Windows Explorer in Taskleiste schließt sich beim Berühren mit Maus

Plagegeister aller Art und deren Bekämpfung: Windows Explorer in Taskleiste schließt sich beim Berühren mit Maus