Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Desinfizierung nach Bootsektorfehlern, 2 Rechner betroffen

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 13.07.2011, 10:52   #1
burningice
/// Malwareteam
 
Desinfizierung nach Bootsektorfehlern, 2 Rechner betroffen - Icon21

Desinfizierung nach Bootsektorfehlern, 2 Rechner betroffen



Hallu,

vorgestern Abend ist plötzlich der Rechner von meinem Vater und meiner nach dem nächsten Start hängengeblieben und waren teilweise nichtmal in der Lage von CD zu booten. Ich ging erst von einem Hardware (RAM) defekt aus, aber an 2 PCs gleichzeitig war mir etwas zuviel, zumal wir völlig unterschiedliche Systeme haben. Nachdem bei beiden die Systemstartreperatur fehlschlug und ich über Linux aber noch über alle (ausser der Partition D: auf meinem Rechner zugreifen konnte), habe ich schließlich bei beiden PCs /fixmbr in der Steuerkonsole ausgeführt und beide Rechner fuhren sofort anstandslos mit allen Partitionen hoch, chkdsk auf allen Platten und sfc /scannow waren alle fehlerfrei.

Erstmal der Rechner von meinem Vater:

Windows 7 Professional 32bit:

Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 09:45 on 13/07/2011 (Walter)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
         
Code:
ATTFilter
OTL logfile created on: 13.07.2011 09:51:51 - Run 1
OTL by OldTimer - Version 3.2.26.1     Folder = C:\Users\Walter\Desktop
 An unknown product Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,04 Gb Available Physical Memory | 67,90% Memory free
6,00 Gb Paging File | 5,01 Gb Available in Paging File | 83,63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 270,44 Gb Total Space | 222,43 Gb Free Space | 82,25% Space Free | Partition Type: NTFS
Drive D: | 195,31 Gb Total Space | 195,02 Gb Free Space | 99,85% Space Free | Partition Type: NTFS
Drive F: | 7,46 Gb Total Space | 7,39 Gb Free Space | 99,11% Space Free | Partition Type: NTFS
Drive K: | 298,09 Gb Total Space | 108,58 Gb Free Space | 36,42% Space Free | Partition Type: NTFS
 
Computer Name: WALTER-PC | User Name: Walter | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.07.13 09:41:23 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Walter\Desktop\OTL.exe
PRC - [2011.05.21 06:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011.05.21 06:01:00 | 000,839,272 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2011.05.05 17:30:46 | 000,549,384 | ---- | M] (Star Finanz - Software Entwicklung und Vertriebs GmbH) -- C:\Programme\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe
PRC - [2011.04.17 02:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Programme\Norton Internet Security\Engine\18.6.0.29\ccsvchst.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.12.23 11:41:36 | 003,304,768 | ---- | M] (devolo AG) -- C:\Programme\devolo\dlan\devolonetsvc.exe
PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.11.20 14:17:41 | 001,174,016 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2010.06.26 02:15:32 | 001,311,312 | ---- | M] (Logitech, Inc.) -- C:\Programme\Logitech\SetPointP\SetPoint.exe
PRC - [2010.06.22 21:09:20 | 000,112,208 | ---- | M] (Logitech, Inc.) -- C:\Programme\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
PRC - [2009.11.27 17:24:34 | 000,185,640 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version5\TeamViewer_Service.exe
PRC - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009.08.18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2009.07.14 03:14:46 | 000,115,200 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE
PRC - [2009.04.30 11:23:26 | 000,090,112 | ---- | M] () -- C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
PRC - [2009.02.26 15:24:50 | 000,097,680 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE
PRC - [2008.11.03 13:21:30 | 000,339,240 | ---- | M] (Lexware GmbH & Co. KG) -- C:\Programme\Common Files\Lexware\Update Manager\LxUpdateManager.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.07.13 09:41:23 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Walter\Desktop\OTL.exe
MOD - [2010.11.20 13:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.05.21 06:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011.05.05 17:30:46 | 000,549,384 | ---- | M] (Star Finanz - Software Entwicklung und Vertriebs GmbH) [Auto | Running] -- C:\Programme\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe -- (StarMoney 7.0 OnlineUpdate)
SRV - [2011.04.17 02:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe -- (NIS)
SRV - [2010.12.23 11:41:36 | 003,304,768 | ---- | M] (devolo AG) [Auto | Running] -- C:\Programme\devolo\dlan\devolonetsvc.exe -- (DevoloNetworkService)
SRV - [2010.11.20 14:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010.11.20 14:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010.11.20 14:18:03 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2010.05.18 14:00:37 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010.05.06 11:29:12 | 000,293,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2009.11.27 17:24:34 | 000,185,640 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.04.30 11:23:26 | 000,090,112 | ---- | M] () [Auto | Running] -- C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe -- (OMSI download service)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.07.07 17:01:40 | 000,367,736 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110712.034\IDSvix86.sys -- (IDSVix86)
DRV - [2011.06.05 14:21:20 | 001,542,392 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110712.033\NAVEX15.SYS -- (NAVEX15)
DRV - [2011.06.05 14:21:20 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011.06.05 14:21:20 | 000,105,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Programme\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011.06.05 14:21:20 | 000,086,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110712.033\NAVENG.SYS -- (NAVENG)
DRV - [2011.06.05 14:19:20 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011.05.21 06:01:00 | 010,589,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011.05.19 21:37:06 | 000,810,616 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110701.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011.03.31 05:00:09 | 000,516,216 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\system32\drivers\NIS\1206000.01D\SRTSP.SYS -- (SRTSP)
DRV - [2011.03.31 05:00:09 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1206000.01D\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011.03.22 02:39:49 | 000,296,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1206000.01D\SYMNETS.SYS -- (SymNetS)
DRV - [2011.03.15 04:31:23 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\NIS\1206000.01D\SYMEFA.SYS -- (SymEFA)
DRV - [2011.02.01 20:56:26 | 000,038,976 | ---- | M] (microOLAP Technologies LTD) [Kernel | System | Running] -- C:\Windows\System32\drivers\pssdk42.sys -- (PSSDK42)
DRV - [2011.01.27 08:47:10 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\NIS\1206000.01D\SYMDS.SYS -- (SymDS)
DRV - [2011.01.27 07:07:05 | 000,136,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1206000.01D\Ironx86.SYS -- (SymIRON)
DRV - [2010.11.20 14:30:17 | 000,296,064 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcvmm.sys -- (vpcvmm)
DRV - [2010.11.20 14:30:17 | 000,172,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpchbus.sys -- (vpcbus)
DRV - [2010.11.20 14:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 14:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 14:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 12:50:38 | 000,078,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpcusb.sys -- (vpcusb)
DRV - [2010.11.20 12:50:37 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 11:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 11:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.09.27 17:42:16 | 000,238,208 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\akshasp.sys -- (akshasp)
DRV - [2010.06.10 12:32:14 | 000,035,840 | ---- | M] (CACE Technologies) [Kernel | Auto | Running] -- C:\Windows\system32\drivers\npf_devolo.sys -- (NPF_devolo) NetGroup Packet Filter Driver (devolo)
DRV - [2010.05.12 14:12:39 | 000,023,456 | ---- | M] (Phoenix Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\DrvAgent32.sys -- (DrvAgent32)
DRV - [2010.03.23 02:17:06 | 001,812,512 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL85n86.sys -- (RTL85n86)
DRV - [2010.03.18 11:02:32 | 000,028,624 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2010.03.18 11:02:08 | 000,037,328 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2010.03.18 11:01:52 | 000,038,864 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009.11.27 18:20:40 | 000,016,376 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2006.11.22 11:01:48 | 000,693,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\system32\drivers\hardlock.sys -- (Hardlock)
DRV - [2006.11.22 10:01:48 | 000,100,096 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\aksusb.sys -- (aksusb)
DRV - [2006.09.24 15:28:46 | 000,005,248 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Boot | Running] -- C:\Windows\system32\speedfan.sys -- (speedfan)
DRV - [1996.04.03 21:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\system32\giveio.sys -- (giveio)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/|hxxp://stores.ebay.de/interbuch-plus|hxxp://stores.ebay.de/klickbuch24|hxxp://www.buchkatalog.de/"
FF - prefs.js..extensions.enabledItems: support@predictad.com:1.11
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Walter\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Walter\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\support@predictad.com: C:\Program Files\AutocompletePro\support@predictad.com [2010.05.11 23:22:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\ [2011.07.08 09:17:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn_2011_7_0_8 [2011.07.13 09:48:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.06.05 14:05:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.07.10 12:00:25 | 000,000,000 | ---D | M]
 
[2011.06.05 13:50:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Walter\AppData\Roaming\mozilla\Extensions
[2011.07.02 21:46:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Walter\AppData\Roaming\mozilla\Firefox\Profiles\pb4r09dj.default\extensions
[2011.06.05 13:55:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Walter\AppData\Roaming\mozilla\Firefox\Profiles\pb4r09dj.default\extensions\nostmp
[2011.06.05 13:50:43 | 000,002,449 | ---- | M] () -- C:\Users\Walter\AppData\Roaming\Mozilla\Firefox\Profiles\pb4r09dj.default\searchplugins\safesearch.xml
[2011.07.10 12:04:30 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.05.11 08:06:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.08.13 07:41:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011.07.10 12:04:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
File not found (No name found) -- 
[2010.04.04 12:55:38 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
[2010.05.11 08:06:31 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.08.13 07:41:45 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011.07.10 12:04:30 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011.07.13 09:48:59 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\COFFPLGN_2011_7_0_8
[2011.07.08 09:17:12 | 000,000,000 | ---D | M] (Symantec IPS) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPLGN
() (No name found) -- C:\USERS\WALTER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PB4R09DJ.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\WALTER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PB4R09DJ.DEFAULT\EXTENSIONS\AUTOPAGER@MOZILLA.ORG.XPI
() (No name found) -- C:\USERS\WALTER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PB4R09DJ.DEFAULT\EXTENSIONS\TESTPILOT@LABS.MOZILLA.COM.XPI
[2011.04.14 18:40:03 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.05.04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programme\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Norton Internet Security\Engine\18.6.0.29\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (&NetWorx Desk Band) - {FEEA54B4-D80F-41C7-87B9-DC08E6D3255F} - C:\Programme\NetWorx\deskband.dll (SoftPerfect Research)
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Lexware GmbH & Co. KG)
O4 - HKLM..\Run: [NetWorx] C:\Program Files\NetWorx\networx.exe (SoftPerfect Research)
O4 - Startup: C:\Users\Walter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O4 - Startup: C:\Users\Walter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: interbooks-online.de ([www] https in Trusted sites)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab (Windows Live OneCare safety scanner control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Programme\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{95d74f4e-daab-11de-8941-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{95d74f4e-daab-11de-8941-806e6f6e6963}\Shell\AutoRun\command - "" = E:\INTRO.EXE
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - 
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpReg: Sony Ericsson PC Suite - hkey= - key= - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe (Sony Ericsson Mobile Communications AB)
MsConfig - State: "bootini" - 2
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.07.13 09:44:34 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\Walter\Desktop\OTL.exe
[2011.07.13 00:27:27 | 000,000,000 | ---D | C] -- C:\Users\Walter\AppData\Roaming\Malwarebytes
[2011.07.13 00:26:54 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.07.13 00:26:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.07.13 00:26:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.07.13 00:26:48 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.07.13 00:26:48 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.07.12 23:43:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011.07.10 12:05:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011.06.29 16:53:41 | 000,000,000 | ---D | C] -- C:\Users\Walter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011.06.20 16:13:51 | 000,000,000 | ---D | C] -- C:\Windows\System32\SPReview
[2011.06.20 16:13:26 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2011.06.14 12:28:32 | 000,000,000 | ---D | C] -- C:\Users\Walter\AppData\Local\CrashDumps
[2010.06.26 10:52:30 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpeB4EF.dll
[2009.12.03 17:02:09 | 000,030,208 | ---- | C] ( ) -- C:\Windows\System32\RC00C150.dll
 
========== Files - Modified Within 30 Days ==========
 
[2011.07.13 09:55:03 | 000,414,394 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.07.13 09:55:03 | 000,153,712 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.07.13 09:55:03 | 000,074,288 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.07.13 09:55:03 | 000,050,576 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.07.13 09:48:32 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.07.13 09:48:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.07.13 09:47:48 | 2414,731,264 | -HS- | M] () -- C:\hiberfil.sys
[2011.07.13 09:45:16 | 000,000,000 | ---- | M] () -- C:\Users\Walter\defogger_reenable
[2011.07.13 09:41:23 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Walter\Desktop\OTL.exe
[2011.07.13 09:38:51 | 000,050,477 | ---- | M] () -- C:\Users\Walter\Desktop\Defogger.exe
[2011.07.13 09:25:08 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.07.13 08:58:01 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1488151914-114474058-723148296-1000UA.job
[2011.07.13 08:06:23 | 000,015,040 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.07.13 08:06:23 | 000,015,040 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.07.13 07:58:34 | 000,378,128 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.07.13 00:27:01 | 000,001,073 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.07.12 23:43:06 | 000,002,505 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2011.07.10 19:01:48 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1488151914-114474058-723148296-1000Core.job
[2011.07.10 12:00:29 | 000,001,990 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011.06.29 16:53:44 | 000,002,326 | ---- | M] () -- C:\Users\Walter\Desktop\Google Chrome.lnk
 
========== Files Created - No Company Name ==========
 
[2011.07.13 09:45:16 | 000,000,000 | ---- | C] () -- C:\Users\Walter\defogger_reenable
[2011.07.13 09:44:34 | 000,050,477 | ---- | C] () -- C:\Users\Walter\Desktop\Defogger.exe
[2011.07.13 00:26:59 | 000,001,073 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.06.29 16:53:44 | 000,002,326 | ---- | C] () -- C:\Users\Walter\Desktop\Google Chrome.lnk
[2011.06.29 16:53:13 | 000,001,124 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1488151914-114474058-723148296-1000UA.job
[2011.06.29 16:53:13 | 000,001,072 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1488151914-114474058-723148296-1000Core.job
[2011.06.07 09:02:19 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2010.12.04 12:20:20 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2010.10.28 19:43:41 | 000,000,209 | ---- | C] () -- C:\ProgramData\nvUnsupRes.dat
[2010.08.04 11:37:56 | 000,057,344 | ---- | C] () -- C:\Windows\System32\FKStampPainter20.dll
[2010.07.20 11:02:00 | 000,081,920 | ---- | C] () -- C:\Windows\System32\KSESinoUeberwachung5.exe
[2010.07.10 11:34:03 | 000,016,183 | ---- | C] () -- C:\Windows\System32\SELF32.INI
[2010.07.02 22:07:37 | 000,178,688 | ---- | C] () -- C:\Windows\System32\BpShellEx.dll
[2010.06.28 22:16:22 | 000,000,466 | ---- | C] () -- C:\Windows\wiso.ini
[2010.06.28 21:02:58 | 000,000,000 | ---- | C] () -- C:\Windows\buhl.ini
[2010.05.01 11:43:19 | 000,028,672 | ---- | C] () -- C:\Windows\System32\hlduinst.exe
[2010.05.01 11:43:19 | 000,006,836 | ---- | C] () -- C:\Windows\System32\UNWISE.INI
[2010.05.01 11:43:18 | 000,153,088 | ---- | C] () -- C:\Windows\System32\UNWISE.EXE
[2010.04.22 13:49:04 | 000,000,198 | ---- | C] () -- C:\Windows\ODBCINST.ini
[2010.03.20 14:42:06 | 000,554,496 | ---- | C] () -- C:\Program Files\ShirusuPad.exe
[2010.03.16 18:31:32 | 000,098,304 | ---- | C] () -- C:\Windows\System32\KSEIBUeberwachung5.exe
[2010.02.08 21:32:41 | 000,016,384 | ---- | C] () -- C:\Windows\System32\FileOps.exe
[2010.02.03 08:43:06 | 000,453,024 | ---- | C] () -- C:\Program Files\setup.exe
[2010.02.03 08:42:28 | 146,495,042 | ---- | C] () -- C:\Program Files\openofficeorg1.cab
[2010.02.03 08:41:34 | 010,181,120 | ---- | C] () -- C:\Program Files\openofficeorg32.msi
[2010.02.02 00:11:36 | 000,000,290 | ---- | C] () -- C:\Program Files\setup.ini
[2009.12.03 17:02:10 | 000,000,078 | ---- | C] () -- C:\Windows\ricdb.ini
[2009.12.03 17:02:08 | 000,000,000 | ---- | C] () -- C:\Windows\System32\RPCS.ini
[2009.11.29 13:15:47 | 000,108,032 | ---- | C] () -- C:\Windows\System32\sh33w32.dll
[2009.11.28 13:10:44 | 000,000,017 | ---- | C] () -- C:\Users\Walter\AppData\Local\resmon.resmoncfg
[2009.11.27 18:20:38 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2009.11.26 22:42:55 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.11.26 19:44:02 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009.11.17 17:13:12 | 000,208,896 | ---- | C] () -- C:\Windows\System32\LXPrnUtil10.dll
[2009.11.17 17:11:26 | 000,303,104 | ---- | C] () -- C:\Windows\System32\dnt27VC8.dll
[2009.11.17 17:09:36 | 000,143,360 | ---- | C] () -- C:\Windows\System32\dntvmc27VC8.dll
[2009.11.17 17:09:20 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dntvm27VC8.dll
[2009.08.03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009.08.03 16:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009.08.03 14:16:46 | 000,475,238 | ---- | C] () -- C:\Windows\System32\KSEBasisBerechnungen5.dll
[2009.07.14 10:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.07.14 10:47:43 | 000,153,712 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.07.14 10:47:43 | 000,050,576 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.07.14 10:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.07.14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 06:33:53 | 000,378,128 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 04:05:48 | 000,414,394 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 04:05:48 | 000,074,288 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2008.08.11 17:37:28 | 000,049,152 | ---- | C] () -- C:\Windows\System32\inditool32_2.dll
[2007.08.16 16:17:50 | 000,143,360 | ---- | C] () -- C:\Windows\System32\nsldap32v50.dll
[2007.06.21 08:34:08 | 000,203,328 | R--- | C] () -- C:\Windows\GSetup.exe
[2006.11.21 17:41:40 | 000,045,056 | ---- | C] () -- C:\Windows\System32\KSEConsorsÜberwachung.exe
[2006.05.17 17:28:58 | 000,282,624 | ---- | C] () -- C:\Windows\System32\AOSMTPEX.dll
[2005.12.21 17:57:04 | 000,024,576 | ---- | C] () -- C:\Windows\System32\nsldappr32v50.dll
[2005.12.21 17:54:34 | 000,040,960 | ---- | C] () -- C:\Windows\System32\nsldapssl32v50.dll
[2003.03.27 11:38:44 | 000,040,960 | ---- | C] () -- C:\Windows\System32\ddeimp32_2.dll
[2001.12.12 13:41:36 | 000,041,472 | ---- | C] () -- C:\Windows\System32\W32btstp.dll
[2001.12.12 13:41:36 | 000,025,088 | ---- | C] () -- C:\Windows\System32\W32btxlt.dll
[2000.08.18 11:26:08 | 000,423,424 | ---- | C] () -- C:\Windows\System32\NWPDLL.DLL
[1999.05.27 11:15:00 | 000,221,184 | ---- | C] () -- C:\Windows\System32\TPAccess.dll
[1996.04.03 21:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys
 
========== LOP Check ==========
 
[2010.12.13 12:52:19 | 000,000,000 | ---D | M] -- C:\Users\Walter\AppData\Roaming\Actior
[2010.05.11 23:22:24 | 000,000,000 | ---D | M] -- C:\Users\Walter\AppData\Roaming\Audio Recorder for Free
[2010.06.28 22:15:41 | 000,000,000 | ---D | M] -- C:\Users\Walter\AppData\Roaming\Buhl Data Service
[2010.07.01 07:21:13 | 000,000,000 | ---D | M] -- C:\Users\Walter\AppData\Roaming\Buhl Data Service GmbH
[2009.11.27 15:40:08 | 000,000,000 | ---D | M] -- C:\Users\Walter\AppData\Roaming\Canon
[2011.02.10 09:33:51 | 000,000,000 | ---D | M] -- C:\Users\Walter\AppData\Roaming\FileZilla
[2010.01.04 15:14:54 | 000,000,000 | ---D | M] -- C:\Users\Walter\AppData\Roaming\FX Flat
[2010.10.28 19:57:22 | 000,000,000 | ---D | M] -- C:\Users\Walter\AppData\Roaming\Leadertech
[2010.04.22 13:57:18 | 000,000,000 | ---D | M] -- C:\Users\Walter\AppData\Roaming\Lexware
[2010.05.14 09:44:38 | 000,000,000 | ---D | M] -- C:\Users\Walter\AppData\Roaming\NCH Swift Sound
[2010.03.20 15:33:21 | 000,000,000 | ---D | M] -- C:\Users\Walter\AppData\Roaming\OpenOffice.org
[2010.02.28 22:24:22 | 000,000,000 | ---D | M] -- C:\Users\Walter\AppData\Roaming\ProtectDisc
[2009.12.03 19:54:50 | 000,000,000 | ---D | M] -- C:\Users\Walter\AppData\Roaming\TeamViewer
[2009.11.26 19:44:01 | 000,000,000 | ---D | M] -- C:\Users\Walter\AppData\Roaming\Thunderbird
[2011.03.01 17:39:19 | 000,000,000 | ---D | M] -- C:\Users\Walter\AppData\Roaming\WH SELFINVEST
[2010.08.09 12:04:16 | 000,000,452 | ---- | M] () -- C:\Windows\Tasks\Kursupdate starten (2).job
[2010.08.09 12:19:18 | 000,000,452 | ---- | M] () -- C:\Windows\Tasks\Kursupdate starten.job
[2011.07.12 20:19:27 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2010.12.04 15:30:11 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2010.12.13 19:36:03 | 000,000,000 | ---D | M] -- C:\237e048cc37b8b0ec53c9031
[2011.06.20 17:07:40 | 000,000,000 | -HSD | M] -- C:\Boot
[2009.11.26 22:10:23 | 000,000,000 | -H-D | M] -- C:\CanoScan
[2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2009.11.26 18:58:26 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2010.12.14 15:47:26 | 000,000,000 | ---D | M] -- C:\inetpub
[2009.11.27 18:21:25 | 000,000,000 | ---D | M] -- C:\Intel
[2011.02.22 19:48:08 | 000,000,000 | ---D | M] -- C:\Investox
[2010.05.02 17:11:00 | 000,000,000 | ---D | M] -- C:\MS
[2009.11.27 15:49:45 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2009.07.14 04:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2010.12.06 18:19:03 | 000,000,000 | ---D | M] -- C:\PINNACLE
[2011.07.13 00:26:48 | 000,000,000 | R--D | M] -- C:\Program Files
[2011.07.13 00:26:53 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2009.11.26 18:58:26 | 000,000,000 | -HSD | M] -- C:\Programme
[2009.11.26 18:58:27 | 000,000,000 | -HSD | M] -- C:\Recovery
[2011.07.13 09:54:18 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2010.10.28 17:06:55 | 000,000,000 | ---D | M] -- C:\Temp
[2011.07.03 13:44:41 | 000,000,000 | R--D | M] -- C:\Users
[2011.07.04 10:19:58 | 000,000,000 | ---D | M] -- C:\Windows
[2010.03.03 22:15:58 | 000,000,000 | -H-D | M] -- C:\_rpcs
 
< %PROGRAMFILES%\*.exe >
[2010.02.03 08:43:06 | 000,453,024 | ---- | M] () -- C:\Program Files\setup.exe
[2005.02.22 13:42:34 | 000,554,496 | ---- | M] () -- C:\Program Files\ShirusuPad.exe
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: EXPLORER.EXE  >
[2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
 
< MD5 for: REGEDIT.EXE  >
[2009.07.14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe
[2009.07.14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_f4050b883d2c3c08\regedit.exe
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-07-12 22:34:58

< End of report >
         
GMER hat sich beim ersten Versuch erst aufgehängt (funktioniert nicht mehr), dann beim 2. versuch kam augenblicklich ein Bluescreen und beim 3. mal ergab sich schließlich dashier:


Code:
ATTFilter
GMER 1.0.15.15640 - hxxp://www.gmer.net
Rootkit scan 2011-07-13 11:48:15
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD5000AAKS-00M9A0 rev.05.01D05
Running: bydwdceu.exe; Driver: C:\Users\Walter\AppData\Local\Temp\uxliqpow.sys


---- System - GMER 1.0.15 ----

SSDT                                                                                                                                  86FFB968                                  ZwAlertResumeThread
SSDT                                                                                                                                  86FFBA48                                  ZwAlertThread
SSDT                                                                                                                                  86FF1F60                                  ZwAllocateVirtualMemory
SSDT                                                                                                                                  86D200D8                                  ZwAlpcConnectPort
SSDT                                                                                                                                  86FF7F28                                  ZwAssignProcessToJobObject
SSDT                                                                                                                                  86FFB6B8                                  ZwCreateMutant
SSDT                                                                                                                                  86FF2E40                                  ZwCreateSymbolicLinkObject
SSDT                                                                                                                                  86FF9508                                  ZwCreateThread
SSDT                                                                                                                                  86FF2FB0                                  ZwCreateThreadEx
SSDT                                                                                                                                  86FF7E50                                  ZwDebugActiveProcess
SSDT                                                                                                                                  86FFA560                                  ZwDuplicateObject
SSDT                                                                                                                                  86FF1D80                                  ZwFreeVirtualMemory
SSDT                                                                                                                                  86FFB7A8                                  ZwImpersonateAnonymousToken
SSDT                                                                                                                                  86FFB888                                  ZwImpersonateThread
SSDT                                                                                                                                  86ABF6D0                                  ZwLoadDriver
SSDT                                                                                                                                  86FF1C80                                  ZwMapViewOfSection
SSDT                                                                                                                                  86FFB558                                  ZwOpenEvent
SSDT                                                                                                                                  86FFA740                                  ZwOpenProcess
SSDT                                                                                                                                  86FFA480                                  ZwOpenProcessToken
SSDT                                                                                                                                  86FFCDE0                                  ZwOpenSection
SSDT                                                                                                                                  86FFA650                                  ZwOpenThread
SSDT                                                                                                                                  86FF6580                                  ZwProtectVirtualMemory
SSDT                                                                                                                                  86FFBB28                                  ZwResumeThread
SSDT                                                                                                                                  86FF9DE0                                  ZwSetContextThread
SSDT                                                                                                                                  86FF9EC0                                  ZwSetInformationProcess
SSDT                                                                                                                                  86FFCC98                                  ZwSetSystemInformation
SSDT                                                                                                                                  86FFCFD0                                  ZwSuspendProcess
SSDT                                                                                                                                  86FF9C20                                  ZwSuspendThread
SSDT                                                                                                                                  86FF9608                                  ZwTerminateProcess
SSDT                                                                                                                                  86FF9D00                                  ZwTerminateThread
SSDT                                                                                                                                  86FF9F90                                  ZwUnmapViewOfSection
SSDT                                                                                                                                  86FF1E70                                  ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

.text                                                                                                                                 ntkrnlpa.exe!ZwSaveKey + 13C1             82E80339 1 Byte  [06]
.text                                                                                                                                 ntkrnlpa.exe!KiDispatchInterrupt + 5A2    82EB9D52 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text                                                                                                                                 ntkrnlpa.exe!KeRemoveQueueEx + 10DB       82EC0DD0 8 Bytes  [68, B9, FF, 86, 48, BA, FF, ...]
.text                                                                                                                                 ntkrnlpa.exe!KeRemoveQueueEx + 10F3       82EC0DE8 4 Bytes  [60, 1F, FF, 86]
.text                                                                                                                                 ntkrnlpa.exe!KeRemoveQueueEx + 10FF       82EC0DF4 4 Bytes  [D8, 00, D2, 86]
.text                                                                                                                                 ntkrnlpa.exe!KeRemoveQueueEx + 1153       82EC0E48 4 Bytes  [28, 7F, FF, 86]
.text                                                                                                                                 ntkrnlpa.exe!KeRemoveQueueEx + 11CF       82EC0EC4 4 Bytes  [B8, B6, FF, 86]
.text                                                                                                                                 ...                                       
.text                                                                                                                                 C:\Windows\system32\drivers\hardlock.sys  section is writeable [0xA1E5E400, 0x87EE2, 0xE8000020]
.protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".p" section [0xA1F02620]  C:\Windows\system32\drivers\hardlock.sys  entry point in ".protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".p" section [0xA1F02620]
.protectÿÿÿÿhardlockunknown last code section [0xA1F02400, 0x5126, 0xE0000020]                                                        C:\Windows\system32\drivers\hardlock.sys  unknown last code section [0xA1F02400, 0x5126, 0xE0000020]
PAGE                                                                                                                                  spsys.sys!?SPRevision@@3PADA + 4F90       A4CFB000 290 Bytes  [8B, FF, 55, 8B, EC, 33, C0, ...]
PAGE                                                                                                                                  spsys.sys!?SPRevision@@3PADA + 50B3       A4CFB123 629 Bytes  [65, CF, A4, FE, 05, 34, 65, ...]
PAGE                                                                                                                                  spsys.sys!?SPRevision@@3PADA + 5329       A4CFB399 101 Bytes  [6A, 28, 59, A5, 5E, C6, 03, ...]
PAGE                                                                                                                                  spsys.sys!?SPRevision@@3PADA + 538F       A4CFB3FF 148 Bytes  [18, 5D, C2, 14, 00, 8B, FF, ...]
PAGE                                                                                                                                  spsys.sys!?SPRevision@@3PADA + 543B       A4CFB4AB 2228 Bytes  [8B, FF, 55, 8B, EC, FF, 75, ...]
PAGE                                                                                                                                  ...                                       

---- Devices - GMER 1.0.15 ----

AttachedDevice                                                                                                                        \Driver\volmgr \Device\HarddiskVolume1    fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice                                                                                                                        \Driver\volmgr \Device\HarddiskVolume2    fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice                                                                                                                        \Driver\volmgr \Device\HarddiskVolume3    fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice                                                                                                                        \Driver\volmgr \Device\HarddiskVolume4    fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice                                                                                                                        \Driver\volmgr \Device\HarddiskVolume5    fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice                                                                                                                        \Driver\volmgr \Device\HarddiskVolume6    fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device                                                                                                                                \Driver\ACPI_HAL \Device\0000005c         halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice                                                                                                                        \FileSystem\fastfat \Fat                  fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
         
das mir hardlock, er verwendet häufig sog.
hxxp://www3.de.safenet-inc.com/hasp/hardlock/hardlock_uebersicht.aspx
Hardlock-Dongle für eine spezielle Datensoftware, die ohne das teil nicht geöffnet werden kann, das ist son USB-stick, der nicht im Explorer erscheint, aber vom programm erkannt wird.

Achja, MalwareBytes hat keine Feststellung

Hoffe das hilft, jetzt noch meiner..

Geändert von burningice (13.07.2011 um 11:03 Uhr)

Alt 13.07.2011, 10:57   #2
burningice
/// Malwareteam
 
Desinfizierung nach Bootsektorfehlern, 2 Rechner betroffen - Standard

Desinfizierung nach Bootsektorfehlern, 2 Rechner betroffen



Code:
ATTFilter
 
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 10:00 on 13/07/2011 (Rafael)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
         
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 13.07.2011 10:02:49 - Run 1
OTL by OldTimer - Version 3.2.26.1     Folder = C:\Users\Rafael\Desktop
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
5,99 Gb Total Physical Memory | 3,11 Gb Available Physical Memory | 51,83% Memory free
14,98 Gb Paging File | 12,26 Gb Available in Paging File | 81,85% Paging File free
Paging file location(s): c:\pagefile.sys 9202 9292 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 74,43 Gb Total Space | 11,99 Gb Free Space | 16,11% Space Free | Partition Type: NTFS
Drive D: | 865,10 Gb Total Space | 669,62 Gb Free Space | 77,40% Space Free | Partition Type: NTFS
Drive E: | 465,76 Gb Total Space | 392,95 Gb Free Space | 84,37% Space Free | Partition Type: NTFS
Drive F: | 66,41 Gb Total Space | 53,62 Gb Free Space | 80,75% Space Free | Partition Type: NTFS
Drive G: | 0,38 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive H: | 7,46 Gb Total Space | 7,39 Gb Free Space | 99,11% Space Free | Partition Type: NTFS
 
Computer Name: RAFAEL-PC | User Name: Rafael | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.07.13 09:41:23 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Rafael\Desktop\OTL.exe
PRC - [2011.06.27 10:19:36 | 002,211,984 | ---- | M] (Giraffic) -- C:\Program Files (x86)\Giraffic\GirafficWatchdog.exe
PRC - [2011.06.27 10:19:20 | 003,624,576 | ---- | M] (Giraffic) -- C:\Program Files (x86)\Giraffic\Giraffic.exe
PRC - [2011.05.27 19:14:59 | 000,066,872 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011.05.21 06:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011.04.12 15:29:02 | 000,953,232 | ---- | M] (Razer USA Ltd) -- C:\Program Files (x86)\Razer\Naga\RazerNagaSysTray.exe
PRC - [2011.04.07 21:54:52 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010.12.23 11:41:36 | 003,304,768 | ---- | M] (devolo AG) -- D:\Programme\devolo\dlan\devolonetsvc.exe
PRC - [2010.12.07 12:32:02 | 002,228,008 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2010.09.22 18:11:26 | 000,640,440 | ---- | M] (Adobe Systems Inc.) -- D:\Programme\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2010.03.18 11:26:08 | 000,172,328 | ---- | M] (TeamViewer GmbH) -- D:\Programme\Version5\TeamViewer_Service.exe
PRC - [2009.06.15 12:29:54 | 000,906,968 | ---- | M] (Acronis) -- D:\Programme\AcronisWD\TimounterMonitor.exe
PRC - [2009.06.15 12:27:16 | 001,352,584 | ---- | M] (Acronis) -- D:\Programme\AcronisWD\TrueImageMonitor.exe
PRC - [2009.06.15 10:55:18 | 000,136,472 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2009.01.26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- D:\Programme\Spybot - Search & Destroy\SDWinSec.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.07.13 09:41:23 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Rafael\Desktop\OTL.exe
MOD - [2010.08.21 07:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011.04.27 17:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2011.04.27 17:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010.03.23 17:27:04 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009.06.05 18:42:04 | 000,111,616 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\AEADISRV.EXE -- (AEADIFilters)
SRV - [2011.06.30 14:54:03 | 003,435,096 | ---- | M] () [Auto | Running] -- c:\Program Files (x86)\Common Files\Akamai\netsession_win_e477fed.dll -- (Akamai)
SRV - [2011.06.27 10:19:36 | 002,211,984 | ---- | M] (Giraffic) [Auto | Running] -- C:\Program Files (x86)\Giraffic\GirafficWatchdog.exe -- (Giraffic)
SRV - [2011.05.28 11:24:12 | 000,080,256 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\ezGOSvc.dll -- (ezGOSvc)
SRV - [2011.05.27 19:14:59 | 000,066,872 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011.05.21 06:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011.04.07 21:54:52 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011.03.01 18:29:58 | 000,130,976 | ---- | M] (Futuremark Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service)
SRV - [2010.12.23 11:41:36 | 003,304,768 | ---- | M] (devolo AG) [Auto | Running] -- D:\Programme\devolo\dlan\devolonetsvc.exe -- (DevoloNetworkService)
SRV - [2010.12.07 12:32:02 | 002,228,008 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2010.11.09 18:41:52 | 000,011,264 | ---- | M] (Tenable Network Security, Inc) [On_Demand | Stopped] -- D:\Programme\Nessus64\nessus-service.exe -- (Tenable Nessus)
SRV - [2010.08.23 19:33:00 | 004,016,760 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWow64\GameMon.des -- (npggsvc)
SRV - [2010.03.23 17:25:36 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.18 11:26:08 | 000,172,328 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- D:\Programme\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2009.07.20 13:36:14 | 000,160,784 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2009.06.15 10:55:34 | 000,605,976 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.01.26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- D:\Programme\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008.08.15 06:46:20 | 000,284,016 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)
SRV - [2008.08.01 11:11:20 | 000,158,208 | ---- | M] (NVIDIA) [Auto | Running] -- D:\Programme\NVIDIA Control\UpdateCenterService.exe -- (UpdateCenterService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.07.11 13:54:02 | 000,711,712 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter)
DRV:64bit: - [2011.07.11 13:54:02 | 000,235,552 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman)
DRV:64bit: - [2011.07.11 13:54:02 | 000,081,952 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\tifsfilt.sys -- (tifsfilter)
DRV:64bit: - [2011.07.11 13:54:01 | 000,593,952 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tdrpman.sys -- (tdrpman)
DRV:64bit: - [2011.05.10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011.04.27 15:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2011.04.15 14:11:54 | 000,057,016 | ---- | M] (NetFilterSDK.com) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\networx.sys -- (networx)
DRV:64bit: - [2011.03.31 15:01:50 | 000,126,464 | ---- | M] (Razer USA Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RzSynapse.sys -- (RzSynapse)
DRV:64bit: - [2011.03.28 10:52:52 | 000,053,840 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\uimx64.sys -- (UimBus)
DRV:64bit: - [2011.03.28 10:52:50 | 000,528,464 | ---- | M] (Paragon) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\Uim_IMx64.sys -- (Uim_IM)
DRV:64bit: - [2011.03.03 17:59:18 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011.02.19 14:13:21 | 000,066,728 | ---- | M] (Eugene V. Muzychenko) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vrtaucbl.sys -- (EuMusDesignVirtualAudioCableWdm) Virtual Audio Cable (WDM)
DRV:64bit: - [2011.02.01 20:42:52 | 000,053,312 | ---- | M] (microOLAP Technologies LTD) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pssdk42.sys -- (PSSDK42)
DRV:64bit: - [2010.09.29 12:34:50 | 000,377,176 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ladfSBVMamd64.sys -- (LADF_SBVM)
DRV:64bit: - [2010.09.29 12:34:48 | 000,062,168 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ladfDHP2amd64.sys -- (LADF_DHP2)
DRV:64bit: - [2010.03.23 18:24:27 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2010.03.23 18:24:27 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2009.11.23 18:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
DRV:64bit: - [2009.11.23 18:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2009.09.28 10:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009.09.23 03:46:18 | 000,066,304 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2009.09.23 03:46:17 | 000,359,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2009.09.23 03:32:39 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2009.09.23 03:32:33 | 000,187,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2009.07.14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009.07.14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.17 18:54:30 | 000,057,872 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2009.06.17 18:54:22 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2009.06.10 22:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.05 18:42:04 | 000,475,136 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV:64bit: - [2009.05.18 15:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009.02.17 18:22:22 | 000,017,792 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\asusgsb.sys -- (asusgsb)
DRV:64bit: - [2008.09.17 14:14:00 | 000,012,744 | R--- | M] (EnTech Taiwan) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Entech64.sys -- (ENTECH64)
DRV:64bit: - [2008.01.19 01:10:30 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV:64bit: - [2005.03.29 02:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV - [2010.06.10 12:32:14 | 000,034,048 | ---- | M] (CACE Technologies) [Kernel | Auto | Running] -- C:\Windows\sysWOW64\drivers\npf_devolo.sys -- (NPF_devolo) NetGroup Packet Filter Driver (devolo)
DRV - [2008.08.18 09:30:00 | 000,040,480 | ---- | M] (NVidia Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\nvoclk64.sys -- (NVR0Dev)
DRV - [2008.08.14 08:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWow64\drivers\adfs.sys -- (adfs)
DRV - [2008.08.01 11:08:28 | 000,040,480 | ---- | M] (NVidia Corp.) [Kernel | Auto | Running] -- C:\Windows\nvflsh64.sys -- (NVR0FLASHDev)
DRV - [2007.02.07 20:27:46 | 000,014,104 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\speedfan.sys -- (speedfan)
DRV - [2004.12.29 02:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 2C 86 18 17 B8 BB CA 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.de/ig?hl=de|hxxp://www.wisedock.at/m.php?id=10823c1d281721689b3949255b6512d7dae99"
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: artur.dubovoy@gmail.com:2.0.15
FF - prefs.js..extensions.enabledItems: {35379F86-8CCB-4724-AE33-4278DE266C70}:1.0.4
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.8.4
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:5.5
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.6&q="
 
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Programme\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: D:\Programme\Java\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: D:\Programme\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.02.02 16:38:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.05.01 18:45:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 6\components [2011.07.10 19:04:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 6\plugins
 
[2010.03.04 18:58:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rafael\AppData\Roaming\mozilla\Extensions
[2011.07.10 19:04:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rafael\AppData\Roaming\mozilla\Firefox\Profiles\760ees8h.default\extensions
[2011.07.03 14:16:44 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Rafael\AppData\Roaming\mozilla\Firefox\Profiles\760ees8h.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.07.07 13:37:22 | 000,000,950 | ---- | M] () -- C:\Users\Rafael\AppData\Roaming\Mozilla\Firefox\Profiles\760ees8h.default\searchplugins\icqplugin-1.xml
[2010.06.28 15:05:28 | 000,000,950 | ---- | M] () -- C:\Users\Rafael\AppData\Roaming\Mozilla\Firefox\Profiles\760ees8h.default\searchplugins\icqplugin-2.xml
[2010.06.20 16:34:44 | 000,000,947 | ---- | M] () -- C:\Users\Rafael\AppData\Roaming\Mozilla\Firefox\Profiles\760ees8h.default\searchplugins\icqplugin.xml
[2010.12.12 14:48:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010.08.29 15:49:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
File not found (No name found) -- 
() (No name found) -- C:\USERS\RAFAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\760EES8H.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\RAFAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\760EES8H.DEFAULT\EXTENSIONS\AUTOPAGER@MOZILLA.ORG.XPI
() (No name found) -- C:\USERS\RAFAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\760EES8H.DEFAULT\EXTENSIONS\TESTPILOT@LABS.MOZILLA.COM.XPI
[2010.08.29 15:49:35 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010.01.16 03:15:29 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.16 03:15:29 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.16 03:15:29 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.16 03:15:29 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.16 03:15:29 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.02.27 14:51:58 | 000,430,182 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 127.0.0.1	1-2005-search.com
O1 - Hosts: 127.0.0.1	123fporn.info
O1 - Hosts: 14806 more lines...
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - D:\Programme\/Adobe Contribute CS4/contributeieplugin.dll ()
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Programme\Java\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - D:\Programme\/Adobe Contribute CS4/contributeieplugin.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [NetWorx] D:\Programme\NetWorx\networx.exe (SoftPerfect Research)
O4:64bit: - HKLM..\Run: [SoundMAX] C:\Program Files (x86)\Analog Devices\SoundMAX\soundmax.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] D:\Programme\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [AcronisTimounterMonitor] D:\Programme\AcronisWD\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Logitech G35] C:\Program Files (x86)\Logitech\G35\G35.exe (Logitech(c))
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] D:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Razer Naga Driver] C:\Program Files (x86)\Razer\Naga\RazerNagaSysTray.exe (Razer USA Ltd)
O4 - HKLM..\Run: [TrueImageMonitor.exe] D:\Programme\AcronisWD\TrueImageMonitor.exe (Acronis)
O4 - HKCU..\Run: [bluebirds] C:\Users\Rafael\Bluebirds\BlueBirds.exe (LG Electronics)
O4 - HKCU..\Run: [SpybotSD TeaTimer] D:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [VeohPlugin] C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] D:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\Rafael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: An vorhandenes PDF anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - D:\Programme\Office12\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: An vorhandenes PDF anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - D:\Programme\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Programme\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Programme\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Programme\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Key error. - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30:64bit: - LSA: Authentication Packages - (relog_ap) - C:\Windows\SysNative\relog_ap.dll (Acronis)
O30 - LSA: Authentication Packages - (relog_ap) - C:\Windows\SysWow64\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.04.29 11:02:01 | 000,000,055 | R--- | M] () - G:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{38fd574b-27a8-11df-a5fb-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{38fd574b-27a8-11df-a5fb-806e6f6e6963}\Shell\AutoRun\command - "" = G:\BlueBirds.exe -- [2009.04.29 11:02:01 | 000,270,336 | R--- | M] (LG Electronics)
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {A9BCCA18-2130-764A-ABA0-1DC2E81A3A8E} - Microsoft Windows Media Player
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {ECE1B501-54AA-2D45-0150-16F226E32B4A} - Microsoft Windows Media Player
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
MsConfig:64bit - State: "startup" - Reg Error: Key error.
MsConfig:64bit - State: "services" - Reg Error: Key error.
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.07.13 09:41:18 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\Rafael\Desktop\OTL.exe
[2011.07.13 09:01:55 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011.07.13 09:01:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.07.12 22:52:13 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2011.07.12 22:24:59 | 000,000,000 | ---D | C] -- C:\Temp
[2011.07.11 14:11:24 | 000,000,000 | ---D | C] -- C:\archive_db
[2011.07.11 14:10:41 | 000,000,000 | ---D | C] -- C:\ProgramData\backup
[2011.07.11 14:10:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Acronis
[2011.07.11 14:10:13 | 000,000,000 | ---D | C] -- C:\ProgramData\explauncher
[2011.07.11 14:10:12 | 000,000,000 | ---D | C] -- C:\ProgramData\launcher
[2011.07.11 13:54:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis
[2011.07.11 13:53:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Acronis
[2011.07.11 13:45:01 | 000,000,000 | ---D | C] -- D:\Eigene Dokumente\Reflect
[2011.07.11 13:42:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Macrium
[2011.07.10 16:21:55 | 000,000,000 | ---D | C] -- C:\swsetup
[2011.07.10 15:53:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\nLite
[2011.07.03 15:16:32 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2011.07.03 15:15:42 | 000,000,000 | ---D | C] -- D:\Eigene Dokumente\3DMark 11
[2011.07.03 15:15:31 | 000,000,000 | ---D | C] -- C:\Users\Rafael\AppData\Local\IsolatedStorage
[2011.07.03 15:15:31 | 000,000,000 | ---D | C] -- C:\Users\Rafael\AppData\Local\Futuremark_Corporation
[2011.07.03 15:14:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Futuremark
[2011.07.03 14:15:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MozBackup
[2011.07.03 14:02:50 | 000,057,016 | ---- | C] (NetFilterSDK.com) -- C:\Windows\SysNative\drivers\networx.sys
[2011.07.03 14:02:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NetWorx
[2011.07.03 14:02:48 | 000,000,000 | ---D | C] -- C:\ProgramData\SoftPerfect
[2011.07.02 20:19:41 | 000,000,000 | ---D | C] -- C:\Users\Rafael\AppData\Roaming\TuneUp Software
[2011.07.02 20:18:52 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2011.07.02 20:17:19 | 000,000,000 | -HSD | C] -- C:\ProgramData\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
[2011.07.02 19:12:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tools
[2011.07.02 19:09:04 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2011.07.02 17:55:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Giraffic
[2011.07.02 17:55:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Giraffic
[2011.07.02 17:49:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2011.07.02 17:49:57 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011.07.02 16:24:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011.06.29 19:52:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2011.06.25 19:45:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Ubisoft
[2011.06.20 18:31:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.07.13 10:00:28 | 000,000,000 | ---- | M] () -- C:\Users\Rafael\defogger_reenable
[2011.07.13 09:55:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.07.13 09:41:23 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Rafael\Desktop\OTL.exe
[2011.07.13 09:38:51 | 000,050,477 | ---- | M] () -- C:\Users\Rafael\Desktop\Defogger.exe
[2011.07.13 09:05:50 | 000,014,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.07.13 09:05:50 | 000,014,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.07.13 09:01:55 | 000,000,878 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.07.13 08:58:46 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.07.13 08:58:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.07.13 08:58:39 | 529,883,135 | -HS- | M] () -- C:\hiberfil.sys
[2011.07.13 00:10:45 | 002,929,864 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.07.11 14:00:17 | 000,161,168 | ---- | M] () -- C:\Windows\SysNative\inst.reg
[2011.07.03 15:14:26 | 000,000,872 | ---- | M] () -- C:\Users\Public\Desktop\3DMark 11.lnk
[2011.07.03 14:21:25 | 000,000,253 | ---- | M] () -- C:\Users\Rafael\Application Mover.cfg
[2011.07.03 14:15:21 | 000,000,820 | ---- | M] () -- C:\Users\Public\Desktop\MozBackup.lnk
[2011.07.02 17:50:08 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011.07.02 16:34:54 | 000,920,384 | ---- | M] () -- C:\Users\Rafael\Desktop\Norton_Removal_Tool.exe
[2011.06.28 23:17:58 | 000,000,922 | ---- | M] () -- C:\Users\Rafael\Desktop\HAWX_.lnk
[2011.06.28 23:17:58 | 000,000,918 | ---- | M] () -- C:\Users\Rafael\Desktop\Anno 1404.lnk
[2011.06.28 23:17:58 | 000,000,912 | ---- | M] () -- C:\Users\Rafael\Desktop\Fiesta Online(EU_German).lnk
[2011.06.28 23:17:58 | 000,000,766 | ---- | M] () -- C:\Users\Rafael\Desktop\LuaEdit.lnk
[2011.06.28 23:17:57 | 000,001,284 | ---- | M] () -- C:\Users\Rafael\Desktop\WoW.lnk
[2011.06.28 23:17:57 | 000,000,776 | ---- | M] () -- C:\Users\Rafael\Desktop\Ventrilo.lnk
[2011.06.22 19:22:13 | 000,001,974 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.07.13 10:00:28 | 000,000,000 | ---- | C] () -- C:\Users\Rafael\defogger_reenable
[2011.07.13 09:38:49 | 000,050,477 | ---- | C] () -- C:\Users\Rafael\Desktop\Defogger.exe
[2011.07.13 09:01:55 | 000,000,878 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.07.11 14:00:17 | 000,161,168 | ---- | C] () -- C:\Windows\SysNative\inst.reg
[2011.07.03 15:14:26 | 000,000,872 | ---- | C] () -- C:\Users\Public\Desktop\3DMark 11.lnk
[2011.07.03 14:21:25 | 000,000,253 | ---- | C] () -- C:\Users\Rafael\Application Mover.cfg
[2011.07.03 14:15:21 | 000,000,820 | ---- | C] () -- C:\Users\Public\Desktop\MozBackup.lnk
[2011.07.02 19:05:17 | 000,001,751 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk
[2011.07.02 19:05:17 | 000,000,910 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\phase-6 Reminder.lnk
[2011.07.02 19:05:17 | 000,000,000 | ---- | C] () -- C:\Users\Rafael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
[2011.07.02 17:49:58 | 000,001,897 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011.07.02 16:34:58 | 000,920,384 | ---- | C] () -- C:\Users\Rafael\Desktop\Norton_Removal_Tool.exe
[2011.06.22 19:22:13 | 000,001,974 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011.06.02 17:43:39 | 000,080,256 | ---- | C] () -- C:\Windows\SysWow64\ezGOSvc.dll
[2011.05.27 19:14:59 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.05.27 19:14:54 | 000,183,112 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010.06.23 16:14:19 | 000,000,000 | ---- | C] () -- C:\Users\Rafael\AppData\Roaming\Application.set
[2010.06.06 17:35:06 | 000,000,258 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2010.05.12 19:02:19 | 000,007,621 | ---- | C] () -- C:\Users\Rafael\AppData\Local\Resmon.ResmonCfg
[2010.04.29 18:12:46 | 000,004,608 | ---- | C] () -- C:\Users\Rafael\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.03.26 15:17:05 | 000,000,924 | ---- | C] () -- C:\Windows\disney.ini
[2010.03.06 23:07:39 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2010.03.04 19:02:12 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2002.09.18 01:45:00 | 000,119,808 | ---- | C] () -- C:\Windows\lsb_un20.exe
 
========== LOP Check ==========
 
[2010.03.06 16:26:10 | 000,000,000 | ---D | M] -- C:\Users\Rafael\AppData\Roaming\Acreon
[2011.03.09 17:57:23 | 000,000,000 | ---D | M] -- C:\Users\Rafael\AppData\Roaming\BitTorrent
[2011.04.11 17:33:51 | 000,000,000 | ---D | M] -- C:\Users\Rafael\AppData\Roaming\Diercke Globus Online
[2010.03.26 15:36:37 | 000,000,000 | ---D | M] -- C:\Users\Rafael\AppData\Roaming\Disney Interactive Studios
[2011.03.19 17:40:02 | 000,000,000 | ---D | M] -- C:\Users\Rafael\AppData\Roaming\FFSJ
[2011.07.02 16:13:14 | 000,000,000 | ---D | M] -- C:\Users\Rafael\AppData\Roaming\go
[2010.03.04 20:18:00 | 000,000,000 | ---D | M] -- C:\Users\Rafael\AppData\Roaming\GrabPro
[2011.05.03 20:45:09 | 000,000,000 | ---D | M] -- C:\Users\Rafael\AppData\Roaming\ICQ
[2010.03.05 17:55:11 | 000,000,000 | ---D | M] -- C:\Users\Rafael\AppData\Roaming\ImgBurn
[2010.03.04 19:23:14 | 000,000,000 | ---D | M] -- C:\Users\Rafael\AppData\Roaming\Leadertech
[2010.12.23 15:16:52 | 000,000,000 | ---D | M] -- C:\Users\Rafael\AppData\Roaming\MobMapUpdater
[2010.07.30 21:44:21 | 000,000,000 | ---D | M] -- C:\Users\Rafael\AppData\Roaming\Mumble
[2011.02.02 16:32:24 | 000,000,000 | ---D | M] -- C:\Users\Rafael\AppData\Roaming\Orbit
[2010.11.09 15:29:49 | 000,000,000 | ---D | M] -- C:\Users\Rafael\AppData\Roaming\Phase6
[2011.02.02 16:32:11 | 000,000,000 | ---D | M] -- C:\Users\Rafael\AppData\Roaming\ProgSense
[2010.10.16 16:29:41 | 000,000,000 | ---D | M] -- C:\Users\Rafael\AppData\Roaming\Software Informer
[2011.03.05 17:40:42 | 000,000,000 | ---D | M] -- C:\Users\Rafael\AppData\Roaming\TeamViewer
[2011.05.18 16:44:49 | 000,000,000 | ---D | M] -- C:\Users\Rafael\AppData\Roaming\TS3Client
[2011.07.02 20:26:15 | 000,000,000 | ---D | M] -- C:\Users\Rafael\AppData\Roaming\TuneUp Software
[2011.06.25 19:47:08 | 000,000,000 | ---D | M] -- C:\Users\Rafael\AppData\Roaming\Ubisoft
[2011.07.05 16:05:24 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2011.02.13 17:41:28 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2011.07.11 14:11:24 | 000,000,000 | ---D | M] -- C:\archive_db
[2011.07.12 22:24:59 | 000,000,000 | -HSD | M] -- C:\Boot
[2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2010.03.04 18:16:19 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2010.03.05 17:41:12 | 000,000,000 | ---D | M] -- C:\downloads
[2011.06.10 21:27:39 | 000,000,000 | ---D | M] -- C:\ebad36570541bdb3e08c5e5f
[2010.03.22 15:59:31 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2011.04.24 10:12:28 | 000,000,000 | ---D | M] -- C:\NVIDIA
[2009.07.14 05:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2011.07.02 19:09:04 | 000,000,000 | R--D | M] -- C:\Program Files
[2011.07.03 14:53:08 | 000,000,000 | ---D | M] -- C:\Program Files (x86)
[2011.07.11 14:10:42 | 000,000,000 | ---D | M] -- C:\ProgramData
[2010.03.04 18:16:19 | 000,000,000 | -HSD | M] -- C:\Programme
[2010.03.04 18:16:19 | 000,000,000 | -HSD | M] -- C:\Recovery
[2011.07.10 16:21:55 | 000,000,000 | ---D | M] -- C:\swsetup
[2011.07.13 10:03:41 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.07.12 22:24:59 | 000,000,000 | ---D | M] -- C:\Temp
[2011.04.24 10:15:08 | 000,000,000 | R--D | M] -- C:\Users
[2011.07.11 13:42:48 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: EXPLORER.EXE  >
[2011.02.26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\explorer.exe
[2011.02.26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\SysWOW64\explorer.exe
[2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.02.26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2010.06.04 15:18:44 | 000,004,608 | ---- | M] () MD5=4140C56FE13A421BE901DA64EA99DA67 -- C:\Users\Rafael\AppData\Local\Xenocode\ApplianceCaches\GameCamV2.exe_v70A6B3A1\Native\STUBEXE\@SYSTEM@\explorer.exe
[2009.08.03 08:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009.10.31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010.11.20 15:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009.10.31 08:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011.02.26 08:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009.08.03 08:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
 
< MD5 for: REGEDIT.EXE  >
[2009.07.14 03:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5023a70bf589ad3e\regedit.exe
[2009.07.14 03:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe
[2009.07.14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\SysWOW64\regedit.exe
[2009.07.14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5a78515e29ea6f39\regedit.exe
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< End of report >
         
--- --- ---


Mit den unter O1 genannten einträgen habe ich keine Ahnung, ich besuche jedoch sicherlicht nicht solche obskuren Websites^^

Code:
ATTFilter
Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Datenbank Version: 7105

Windows 6.1.7600
Internet Explorer 9.0.8112.16421

13.07.2011 09:54:19
mbam-log-2011-07-13 (09-54-19).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|)
Durchsuchte Objekte: 745330
Laufzeit: 50 Minute(n), 30 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
d:\eigene dokumente\alter pc\Wilms\Desktop\pantsoff.exe (PUP.PSWFinder) -> Quarantined and deleted successfully.
         
die Platte F: ist die eigentliche Sicherungsplatte meines Vaters, sein PC bootet jedoch nicht wenn sie angeschlossen ist, keine Ahnung wieso, chkdsk war fehlerfrei.
__________________


Alt 13.07.2011, 10:58   #3
burningice
/// Malwareteam
 
Desinfizierung nach Bootsektorfehlern, 2 Rechner betroffen - Standard

Desinfizierung nach Bootsektorfehlern, 2 Rechner betroffen



<doppelpost>
__________________

Geändert von burningice (13.07.2011 um 10:59 Uhr) Grund: doppelpost

Alt 13.07.2011, 11:17   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Desinfizierung nach Bootsektorfehlern, 2 Rechner betroffen - Standard

Desinfizierung nach Bootsektorfehlern, 2 Rechner betroffen



Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 13.07.2011, 11:25   #5
burningice
/// Malwareteam
 
Desinfizierung nach Bootsektorfehlern, 2 Rechner betroffen - Standard

Desinfizierung nach Bootsektorfehlern, 2 Rechner betroffen



Keinen mit Feststellung, ich habe grade auf meinem Rechner noch einen Scan am laufen, dauert aber noch ca 20mins; es war ein alter Log mit einer feststellung aus 2010 glaube ich vorhanden, auch posten?

Wenn ja poste ich den momentanen und den alten dann... =)

Auf dem Rechner vom Vater war keine Feststellung, auch keine weiteren Logs

Der McSE hat in der Datensicherung im Gegensatz zu Malwarebytes dashier gefunden:

Code:
ATTFilter
Adware:Win32/OpenCandy

Elemente: 
containerfile:E:\WALTER-PC\Backup Set 2011-02-06 150847\Backup Files 2011-02-06 150847\Backup files 14.zip
containerfile:E:\WALTER-PC\Backup Set 2011-06-06 093918\Backup Files 2011-06-06 093918\Backup files 14.zip
file:E:\WALTER-PC\Backup Set 2011-02-06 150847\Backup Files 2011-02-06 150847\Backup files 14.zip->C\Users\Walter\Downloads\IZArc4.1.exe->(inno#000155)
file:E:\WALTER-PC\Backup Set 2011-06-06 093918\Backup Files 2011-06-06 093918\Backup files 14.zip->C\Users\Walter\Downloads\IZArc4.1.exe->(inno#000155)
         
ich kenn aber IZArc, das ist mein .zip-Programm^^


Alt 13.07.2011, 11:27   #6
burningice
/// Malwareteam
 
Desinfizierung nach Bootsektorfehlern, 2 Rechner betroffen - Standard

Desinfizierung nach Bootsektorfehlern, 2 Rechner betroffen



ah schon fertig;

mein momentaner Scan:
Code:
ATTFilter
Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Datenbank Version: 7111

Windows 6.1.7600
Internet Explorer 9.0.8112.16421

13.07.2011 12:26:01
mbam-log-2011-07-13 (12-26-01).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|)
Durchsuchte Objekte: 745145
Laufzeit: 28 Minute(n), 36 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
         
und der alte

Code:
ATTFilter
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4284

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

06.07.2010 21:49:33
mbam-log-2010-07-06 (21-49-33).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|)
Durchsuchte Objekte: 437160
Laufzeit: 29 Minute(n), 45 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 2
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
         

Alt 13.07.2011, 12:39   #7
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Desinfizierung nach Bootsektorfehlern, 2 Rechner betroffen - Standard

Desinfizierung nach Bootsektorfehlern, 2 Rechner betroffen



Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - also beide Haken setzen, auf Start scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.




Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 13.07.2011, 13:31   #8
burningice
/// Malwareteam
 
Desinfizierung nach Bootsektorfehlern, 2 Rechner betroffen - Standard

Desinfizierung nach Bootsektorfehlern, 2 Rechner betroffen



und vom Vater
Code:
ATTFilter
2011/07/13 14:29:20.0939 0980	TDSS rootkit removing tool 2.5.11.0 Jul 11 2011 16:56:56
2011/07/13 14:29:21.0126 0980	================================================================================
2011/07/13 14:29:21.0126 0980	SystemInfo:
2011/07/13 14:29:21.0126 0980	
2011/07/13 14:29:21.0126 0980	OS Version: 6.1.7601 ServicePack: 1.0
2011/07/13 14:29:21.0126 0980	Product type: Workstation
2011/07/13 14:29:21.0126 0980	ComputerName: WALTER-PC
2011/07/13 14:29:21.0126 0980	UserName: Walter
2011/07/13 14:29:21.0126 0980	Windows directory: C:\Windows
2011/07/13 14:29:21.0126 0980	System windows directory: C:\Windows
2011/07/13 14:29:21.0126 0980	Processor architecture: Intel x86
2011/07/13 14:29:21.0126 0980	Number of processors: 4
2011/07/13 14:29:21.0126 0980	Page size: 0x1000
2011/07/13 14:29:21.0126 0980	Boot type: Normal boot
2011/07/13 14:29:21.0126 0980	================================================================================
2011/07/13 14:29:22.0000 0980	Initialize success
2011/07/13 14:29:23.0154 3392	================================================================================
2011/07/13 14:29:23.0154 3392	Scan started
2011/07/13 14:29:23.0154 3392	Mode: Manual; 
2011/07/13 14:29:23.0154 3392	================================================================================
2011/07/13 14:29:23.0965 3392	1394ohci        (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
2011/07/13 14:29:23.0997 3392	ACPI            (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
2011/07/13 14:29:24.0043 3392	AcpiPmi         (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
2011/07/13 14:29:24.0075 3392	adp94xx         (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/07/13 14:29:24.0090 3392	adpahci         (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2011/07/13 14:29:24.0121 3392	adpu320         (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2011/07/13 14:29:24.0215 3392	AFD             (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
2011/07/13 14:29:24.0246 3392	agp440          (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
2011/07/13 14:29:24.0262 3392	aic78xx         (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2011/07/13 14:29:24.0324 3392	akshasp         (64fc197d24a2b240598f29ce0a6660c0) C:\Windows\system32\DRIVERS\akshasp.sys
2011/07/13 14:29:24.0371 3392	aksusb          (d2b95315cc47f9230006fdbcba394d8d) C:\Windows\system32\DRIVERS\aksusb.sys
2011/07/13 14:29:24.0402 3392	aliide          (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
2011/07/13 14:29:24.0449 3392	amdagp          (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
2011/07/13 14:29:24.0465 3392	amdide          (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
2011/07/13 14:29:24.0480 3392	AmdK8           (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2011/07/13 14:29:24.0496 3392	AmdPPM          (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2011/07/13 14:29:24.0527 3392	amdsata         (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
2011/07/13 14:29:24.0558 3392	amdsbs          (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/07/13 14:29:24.0574 3392	amdxata         (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
2011/07/13 14:29:24.0636 3392	AppID           (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
2011/07/13 14:29:24.0683 3392	arc             (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2011/07/13 14:29:24.0699 3392	arcsas          (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2011/07/13 14:29:24.0745 3392	AsyncMac        (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/07/13 14:29:24.0777 3392	atapi           (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
2011/07/13 14:29:24.0808 3392	b06bdrv         (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2011/07/13 14:29:24.0839 3392	b57nd60x        (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/07/13 14:29:24.0870 3392	Beep            (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2011/07/13 14:29:25.0057 3392	BHDrvx86        (ad73b4cd214de82d003fdadbaeab6410) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110701.001\BHDrvx86.sys
2011/07/13 14:29:25.0104 3392	blbdrive        (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/07/13 14:29:25.0151 3392	bowser          (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
2011/07/13 14:29:25.0167 3392	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/07/13 14:29:25.0182 3392	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/07/13 14:29:25.0213 3392	Brserid         (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2011/07/13 14:29:25.0229 3392	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/07/13 14:29:25.0245 3392	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/07/13 14:29:25.0260 3392	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/07/13 14:29:25.0291 3392	BTHMODEM        (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/07/13 14:29:25.0323 3392	cdfs            (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2011/07/13 14:29:25.0369 3392	cdrom           (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
2011/07/13 14:29:25.0416 3392	circlass        (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2011/07/13 14:29:25.0447 3392	CLFS            (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2011/07/13 14:29:25.0494 3392	CmBatt          (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/07/13 14:29:25.0510 3392	cmdide          (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
2011/07/13 14:29:25.0541 3392	CNG             (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2011/07/13 14:29:25.0557 3392	Compbatt        (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2011/07/13 14:29:25.0588 3392	CompositeBus    (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
2011/07/13 14:29:25.0619 3392	crcdisk         (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/07/13 14:29:25.0650 3392	CSC             (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
2011/07/13 14:29:25.0728 3392	DfsC            (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
2011/07/13 14:29:25.0759 3392	discache        (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2011/07/13 14:29:25.0791 3392	Disk            (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2011/07/13 14:29:25.0900 3392	drmkaud         (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2011/07/13 14:29:25.0962 3392	DrvAgent32      (651554e483712b708ede864d0ca1aa73) C:\Windows\system32\Drivers\DrvAgent32.sys
2011/07/13 14:29:26.0009 3392	DXGKrnl         (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
2011/07/13 14:29:26.0071 3392	ebdrv           (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2011/07/13 14:29:26.0181 3392	eeCtrl          (5461f01b7def17dc90d90b029f874c3b) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2011/07/13 14:29:26.0243 3392	elxstor         (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2011/07/13 14:29:26.0290 3392	EraserUtilRebootDrv (17fcc372d03ba39f3aee85198c0ec594) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2011/07/13 14:29:26.0321 3392	ErrDev          (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
2011/07/13 14:29:26.0368 3392	exfat           (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2011/07/13 14:29:26.0399 3392	fastfat         (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2011/07/13 14:29:26.0430 3392	fdc             (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2011/07/13 14:29:26.0446 3392	FileInfo        (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2011/07/13 14:29:26.0461 3392	Filetrace       (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2011/07/13 14:29:26.0477 3392	flpydisk        (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/07/13 14:29:26.0508 3392	FltMgr          (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2011/07/13 14:29:26.0539 3392	FsDepends       (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2011/07/13 14:29:26.0555 3392	Fs_Rec          (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2011/07/13 14:29:26.0602 3392	fvevol          (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
2011/07/13 14:29:26.0633 3392	gagp30kx        (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/07/13 14:29:26.0664 3392	gdrv            (b6bfec7542730e9a376bf2408423d493) C:\Windows\gdrv.sys
2011/07/13 14:29:26.0680 3392	GearAspiWDM     (5dc17164f66380cbfefd895c18467773) C:\Windows\system32\drivers\GEARAspiWDM.sys
2011/07/13 14:29:26.0727 3392	giveio          (77ebf3e9386daa51551af429052d88d0) C:\Windows\system32\giveio.sys
2011/07/13 14:29:26.0805 3392	Hardlock        (d95554949082fd29a04d351b58396718) C:\Windows\system32\drivers\hardlock.sys
2011/07/13 14:29:26.0836 3392	hcw85cir        (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2011/07/13 14:29:26.0883 3392	HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
2011/07/13 14:29:26.0914 3392	HDAudBus        (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
2011/07/13 14:29:26.0929 3392	HidBatt         (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/07/13 14:29:26.0945 3392	HidBth          (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2011/07/13 14:29:26.0976 3392	HidIr           (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2011/07/13 14:29:27.0007 3392	HidUsb          (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys
2011/07/13 14:29:27.0039 3392	HpSAMD          (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
2011/07/13 14:29:27.0085 3392	HTTP            (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
2011/07/13 14:29:27.0117 3392	hwpolicy        (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
2011/07/13 14:29:27.0163 3392	i8042prt        (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/07/13 14:29:27.0179 3392	iaStorV         (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
2011/07/13 14:29:27.0382 3392	IDSVix86        (c15fcea5c150314489698b2571a5190d) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110712.034\IDSvix86.sys
2011/07/13 14:29:27.0413 3392	iirsp           (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2011/07/13 14:29:27.0507 3392	IntcAzAudAddService (f42f2f88017a2e2b6f783acef6c2c149) C:\Windows\system32\drivers\RTKVHDA.sys
2011/07/13 14:29:27.0585 3392	intelide        (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
2011/07/13 14:29:27.0616 3392	intelppm        (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2011/07/13 14:29:27.0631 3392	IpFilterDriver  (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/07/13 14:29:27.0678 3392	IPMIDRV         (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
2011/07/13 14:29:27.0709 3392	IPNAT           (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2011/07/13 14:29:27.0725 3392	IRENUM          (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2011/07/13 14:29:27.0741 3392	isapnp          (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
2011/07/13 14:29:27.0787 3392	iScsiPrt        (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
2011/07/13 14:29:27.0803 3392	kbdclass        (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
2011/07/13 14:29:27.0850 3392	kbdhid          (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
2011/07/13 14:29:27.0881 3392	KSecDD          (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys
2011/07/13 14:29:27.0928 3392	KSecPkg         (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
2011/07/13 14:29:28.0068 3392	LHidFilt        (b68309f25c5787385da842eb5b496958) C:\Windows\system32\DRIVERS\LHidFilt.Sys
2011/07/13 14:29:28.0099 3392	lltdio          (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/07/13 14:29:28.0131 3392	LMouFilt        (63d3b1d3cd267fcc186a0146b80d453b) C:\Windows\system32\DRIVERS\LMouFilt.Sys
2011/07/13 14:29:28.0162 3392	LSI_FC          (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/07/13 14:29:28.0177 3392	LSI_SAS         (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/07/13 14:29:28.0209 3392	LSI_SAS2        (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/07/13 14:29:28.0224 3392	LSI_SCSI        (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/07/13 14:29:28.0255 3392	luafv           (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2011/07/13 14:29:28.0287 3392	LUsbFilt        (0c62957912d4df1e4ba9795e6be3ed38) C:\Windows\system32\Drivers\LUsbFilt.Sys
2011/07/13 14:29:28.0318 3392	megasas         (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2011/07/13 14:29:28.0333 3392	MegaSR          (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/07/13 14:29:28.0365 3392	Modem           (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2011/07/13 14:29:28.0380 3392	monitor         (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2011/07/13 14:29:28.0411 3392	mouclass        (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
2011/07/13 14:29:28.0427 3392	mouhid          (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2011/07/13 14:29:28.0474 3392	mountmgr        (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
2011/07/13 14:29:28.0505 3392	mpio            (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
2011/07/13 14:29:28.0583 3392	mpsdrv          (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2011/07/13 14:29:28.0630 3392	MRxDAV          (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
2011/07/13 14:29:28.0692 3392	mrxsmb          (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/07/13 14:29:28.0708 3392	mrxsmb10        (a70c828a93cce4c11617f6249f4d87fc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/07/13 14:29:28.0739 3392	mrxsmb20        (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/07/13 14:29:28.0755 3392	msahci          (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
2011/07/13 14:29:28.0801 3392	msdsm           (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
2011/07/13 14:29:28.0833 3392	Msfs            (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2011/07/13 14:29:28.0833 3392	mshidkmdf       (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2011/07/13 14:29:28.0864 3392	msisadrv        (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
2011/07/13 14:29:28.0911 3392	MSKSSRV         (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2011/07/13 14:29:28.0926 3392	MSPCLOCK        (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/07/13 14:29:28.0942 3392	MSPQM           (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2011/07/13 14:29:28.0973 3392	MsRPC           (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2011/07/13 14:29:29.0004 3392	mssmbios        (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
2011/07/13 14:29:29.0020 3392	MSTEE           (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2011/07/13 14:29:29.0035 3392	MTConfig        (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/07/13 14:29:29.0051 3392	Mup             (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2011/07/13 14:29:29.0082 3392	NativeWifiP     (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2011/07/13 14:29:29.0238 3392	NAVENG          (920d9701bba90dbb7ccfd3536ea4d6f9) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110712.033\NAVENG.SYS
2011/07/13 14:29:29.0316 3392	NAVEX15         (31b1a9b53c3319b97f7874347cd992d2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110712.033\NAVEX15.SYS
2011/07/13 14:29:29.0379 3392	NDIS            (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
2011/07/13 14:29:29.0410 3392	NdisCap         (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/07/13 14:29:29.0441 3392	NdisTapi        (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/07/13 14:29:29.0488 3392	Ndisuio         (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/07/13 14:29:29.0519 3392	NdisWan         (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/07/13 14:29:29.0550 3392	NDProxy         (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
2011/07/13 14:29:29.0581 3392	NetBIOS         (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2011/07/13 14:29:29.0613 3392	NetBT           (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
2011/07/13 14:29:29.0691 3392	nfrd960         (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/07/13 14:29:29.0722 3392	Npfs            (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2011/07/13 14:29:29.0769 3392	NPF_devolo      (75ac610a7481cb1f343dc971249bcb19) C:\Windows\system32\drivers\npf_devolo.sys
2011/07/13 14:29:29.0784 3392	nsiproxy        (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2011/07/13 14:29:29.0847 3392	Ntfs            (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
2011/07/13 14:29:29.0862 3392	Null            (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2011/07/13 14:29:30.0081 3392	nvlddmkm        (847b1755f7757f825305a1ffe6dac3e9) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/07/13 14:29:30.0268 3392	nvraid          (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
2011/07/13 14:29:30.0330 3392	nvstor          (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
2011/07/13 14:29:30.0377 3392	nv_agp          (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
2011/07/13 14:29:30.0424 3392	ohci1394        (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
2011/07/13 14:29:30.0486 3392	Parport         (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2011/07/13 14:29:30.0533 3392	partmgr         (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
2011/07/13 14:29:30.0549 3392	Parvdm          (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2011/07/13 14:29:30.0580 3392	pci             (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
2011/07/13 14:29:30.0595 3392	pciide          (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
2011/07/13 14:29:30.0611 3392	pcmcia          (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/07/13 14:29:30.0642 3392	pcw             (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2011/07/13 14:29:30.0658 3392	PEAUTH          (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2011/07/13 14:29:30.0751 3392	PptpMiniport    (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2011/07/13 14:29:30.0767 3392	Processor       (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2011/07/13 14:29:30.0814 3392	Psched          (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2011/07/13 14:29:30.0876 3392	PSSDK42         (c8eb36910d3bd582891977e80925e21e) C:\Windows\system32\Drivers\pssdk42.sys
2011/07/13 14:29:30.0939 3392	ql2300          (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2011/07/13 14:29:30.0985 3392	ql40xx          (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/07/13 14:29:31.0017 3392	QWAVEdrv        (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2011/07/13 14:29:31.0032 3392	RasAcd          (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2011/07/13 14:29:31.0063 3392	RasAgileVpn     (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/07/13 14:29:31.0079 3392	Rasl2tp         (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/07/13 14:29:31.0110 3392	RasPppoe        (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/07/13 14:29:31.0126 3392	RasSstp         (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2011/07/13 14:29:31.0157 3392	rdbss           (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
2011/07/13 14:29:31.0173 3392	rdpbus          (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/07/13 14:29:31.0204 3392	RDPCDD          (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/07/13 14:29:31.0251 3392	RDPDR           (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
2011/07/13 14:29:31.0266 3392	RDPENCDD        (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2011/07/13 14:29:31.0297 3392	RDPREFMP        (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2011/07/13 14:29:31.0344 3392	RDPWD           (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
2011/07/13 14:29:31.0391 3392	rdyboost        (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
2011/07/13 14:29:31.0438 3392	rspndr          (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2011/07/13 14:29:31.0485 3392	RTL8167         (3983cea05bb855351d75f5482b6c42ce) C:\Windows\system32\DRIVERS\Rt86win7.sys
2011/07/13 14:29:31.0547 3392	RTL85n86        (17bb009e31a660b4ccfc061b02de2ef6) C:\Windows\system32\DRIVERS\RTL85n86.sys
2011/07/13 14:29:31.0609 3392	s3cap           (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
2011/07/13 14:29:31.0656 3392	sbp2port        (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
2011/07/13 14:29:31.0703 3392	scfilter        (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
2011/07/13 14:29:31.0734 3392	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/07/13 14:29:31.0765 3392	Serenum         (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2011/07/13 14:29:31.0781 3392	Serial          (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2011/07/13 14:29:31.0812 3392	sermouse        (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2011/07/13 14:29:31.0843 3392	sffdisk         (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
2011/07/13 14:29:31.0859 3392	sffp_mmc        (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
2011/07/13 14:29:31.0890 3392	sffp_sd         (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
2011/07/13 14:29:31.0906 3392	sfloppy         (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/07/13 14:29:31.0937 3392	sisagp          (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
2011/07/13 14:29:31.0953 3392	SiSRaid2        (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/07/13 14:29:31.0968 3392	SiSRaid4        (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/07/13 14:29:31.0999 3392	Smb             (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2011/07/13 14:29:32.0046 3392	SMR200          (718a5f664bd78cf727f5d662eba4b2da) C:\Windows\system32\drivers\SMR200.SYS
2011/07/13 14:29:32.0109 3392	speedfan        (5d6401db90ec81b71f8e2c5c8f0fef23) C:\Windows\system32\speedfan.sys
2011/07/13 14:29:32.0124 3392	spldr           (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2011/07/13 14:29:32.0249 3392	SRTSP           (83726cf02eced69138948083e06b6eac) C:\Windows\system32\drivers\NIS\1206000.01D\SRTSP.SYS
2011/07/13 14:29:32.0280 3392	SRTSPX          (4e7eab2e5615d39cf1f1df9c71e5e225) C:\Windows\system32\drivers\NIS\1206000.01D\SRTSPX.SYS
2011/07/13 14:29:32.0343 3392	srv             (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
2011/07/13 14:29:32.0389 3392	srv2            (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
2011/07/13 14:29:32.0405 3392	srvnet          (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
2011/07/13 14:29:32.0452 3392	stexstor        (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2011/07/13 14:29:32.0499 3392	storflt         (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
2011/07/13 14:29:32.0530 3392	storvsc         (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
2011/07/13 14:29:32.0545 3392	swenum          (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
2011/07/13 14:29:32.0577 3392	SymDS           (9bbeb8c6258e72d62e7560e6667aad39) C:\Windows\system32\drivers\NIS\1206000.01D\SYMDS.SYS
2011/07/13 14:29:32.0623 3392	SymEFA          (d5c02629c02a820a7e71bca3d44294a3) C:\Windows\system32\drivers\NIS\1206000.01D\SYMEFA.SYS
2011/07/13 14:29:32.0670 3392	SymEvent        (ab33c3b196197ca467cbdda717860dba) C:\Windows\system32\Drivers\SYMEVENT.SYS
2011/07/13 14:29:32.0701 3392	SymIRON         (a73399804d5d4a8b20ba60fcf70c9f1f) C:\Windows\system32\drivers\NIS\1206000.01D\Ironx86.SYS
2011/07/13 14:29:32.0717 3392	SymNetS         (cc71cf163de8b62ccd077e20e909c960) C:\Windows\system32\drivers\NIS\1206000.01D\SYMNETS.SYS
2011/07/13 14:29:32.0779 3392	Tcpip           (24326784df8f3d5f5bbb9f878ce33c14) C:\Windows\system32\drivers\tcpip.sys
2011/07/13 14:29:32.0826 3392	TCPIP6          (24326784df8f3d5f5bbb9f878ce33c14) C:\Windows\system32\DRIVERS\tcpip.sys
2011/07/13 14:29:32.0873 3392	tcpipreg        (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
2011/07/13 14:29:32.0920 3392	TDPIPE          (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
2011/07/13 14:29:32.0935 3392	TDTCP           (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
2011/07/13 14:29:32.0967 3392	tdx             (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
2011/07/13 14:29:33.0013 3392	TermDD          (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
2011/07/13 14:29:33.0076 3392	tssecsrv        (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/07/13 14:29:33.0123 3392	TsUsbFlt        (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
2011/07/13 14:29:33.0185 3392	tunnel          (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
2011/07/13 14:29:33.0216 3392	uagp35          (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2011/07/13 14:29:33.0263 3392	udfs            (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
2011/07/13 14:29:33.0294 3392	uliagpkx        (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
2011/07/13 14:29:33.0325 3392	umbus           (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
2011/07/13 14:29:33.0357 3392	UmPass          (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2011/07/13 14:29:33.0372 3392	usbccgp         (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\drivers\usbccgp.sys
2011/07/13 14:29:33.0403 3392	usbcir          (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
2011/07/13 14:29:33.0435 3392	usbehci         (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\drivers\usbehci.sys
2011/07/13 14:29:33.0466 3392	usbhub          (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
2011/07/13 14:29:33.0497 3392	usbohci         (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
2011/07/13 14:29:33.0528 3392	usbprint        (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2011/07/13 14:29:33.0559 3392	usbscan         (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
2011/07/13 14:29:33.0575 3392	USBSTOR         (f991ab9cc6b908db552166768176896a) C:\Windows\system32\drivers\USBSTOR.SYS
2011/07/13 14:29:33.0606 3392	usbuhci         (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\drivers\usbuhci.sys
2011/07/13 14:29:33.0653 3392	vdrvroot        (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
2011/07/13 14:29:33.0684 3392	vga             (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/07/13 14:29:33.0700 3392	VgaSave         (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2011/07/13 14:29:33.0715 3392	vhdmp           (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
2011/07/13 14:29:33.0747 3392	viaagp          (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
2011/07/13 14:29:33.0778 3392	ViaC7           (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2011/07/13 14:29:33.0793 3392	viaide          (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
2011/07/13 14:29:33.0809 3392	vmbus           (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
2011/07/13 14:29:33.0825 3392	VMBusHID        (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
2011/07/13 14:29:33.0856 3392	volmgr          (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
2011/07/13 14:29:33.0871 3392	volmgrx         (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2011/07/13 14:29:33.0887 3392	volsnap         (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
2011/07/13 14:29:33.0918 3392	vpcbus          (b26536add1d748cda104d856c979ae79) C:\Windows\system32\DRIVERS\vpchbus.sys
2011/07/13 14:29:33.0996 3392	vpcnfltr        (a0f7e923a6261760130f22b85df9040e) C:\Windows\system32\DRIVERS\vpcnfltr.sys
2011/07/13 14:29:34.0027 3392	vpcusb          (5f4b55e91ce7e2523c9e1e0ece858869) C:\Windows\system32\DRIVERS\vpcusb.sys
2011/07/13 14:29:34.0059 3392	vpcvmm          (b487191fe18d6863381a1ac55482469a) C:\Windows\system32\drivers\vpcvmm.sys
2011/07/13 14:29:34.0090 3392	vsmraid         (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/07/13 14:29:34.0105 3392	vwifibus        (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
2011/07/13 14:29:34.0152 3392	WacomPen        (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2011/07/13 14:29:34.0199 3392	WANARP          (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/13 14:29:34.0199 3392	Wanarpv6        (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/13 14:29:34.0261 3392	Wd              (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2011/07/13 14:29:34.0293 3392	Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2011/07/13 14:29:34.0355 3392	WfpLwf          (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/07/13 14:29:34.0371 3392	WIMMount        (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2011/07/13 14:29:34.0449 3392	WmiAcpi         (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
2011/07/13 14:29:34.0495 3392	ws2ifsl         (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/07/13 14:29:34.0527 3392	WudfPf          (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
2011/07/13 14:29:34.0573 3392	WUDFRd          (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/07/13 14:29:34.0605 3392	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
2011/07/13 14:29:34.0620 3392	MBR (0x1B8)     (65e858a8a0293be11a920b0bc99d695e) \Device\Harddisk5\DR5
2011/07/13 14:29:34.0651 3392	Boot (0x1200)   (348dcd651f3dedd5c90250c3a84b4c94) \Device\Harddisk0\DR0\Partition0
2011/07/13 14:29:34.0683 3392	Boot (0x1200)   (315511e9c858620e9af0b48419c43c38) \Device\Harddisk0\DR0\Partition1
2011/07/13 14:29:34.0683 3392	Boot (0x1200)   (c591cf085d5dc87b9f22ac1c5c1e2b9d) \Device\Harddisk5\DR5\Partition0
2011/07/13 14:29:34.0698 3392	================================================================================
2011/07/13 14:29:34.0698 3392	Scan finished
2011/07/13 14:29:34.0698 3392	================================================================================
2011/07/13 14:29:34.0698 5520	Detected object count: 0
2011/07/13 14:29:34.0698 5520	Actual detected object count: 0
         
wieso is meiner so anders?

Geändert von burningice (13.07.2011 um 14:15 Uhr)

Alt 13.07.2011, 13:53   #9
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Desinfizierung nach Bootsektorfehlern, 2 Rechner betroffen - Standard

Desinfizierung nach Bootsektorfehlern, 2 Rechner betroffen



Wieso von zwei verschiedenen Rechnern?! Pro Strang nur Logs von einem Rechner posten sonst bricht hier das Chaos aus!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 13.07.2011, 14:21   #10
burningice
/// Malwareteam
 
Desinfizierung nach Bootsektorfehlern, 2 Rechner betroffen - Standard

Desinfizierung nach Bootsektorfehlern, 2 Rechner betroffen



steht doch schon ganz oben -.-

Also nochmal von vorne^^

Das sind alle Logs die ich von einem Rechner habe:
Code:
ATTFilter
2011/07/13 14:29:20.0939 0980	TDSS rootkit removing tool 2.5.11.0 Jul 11 2011 16:56:56
2011/07/13 14:29:21.0126 0980	================================================================================
2011/07/13 14:29:21.0126 0980	SystemInfo:
2011/07/13 14:29:21.0126 0980	
2011/07/13 14:29:21.0126 0980	OS Version: 6.1.7601 ServicePack: 1.0
2011/07/13 14:29:21.0126 0980	Product type: Workstation
2011/07/13 14:29:21.0126 0980	ComputerName: WALTER-PC
2011/07/13 14:29:21.0126 0980	UserName: Walter
2011/07/13 14:29:21.0126 0980	Windows directory: C:\Windows
2011/07/13 14:29:21.0126 0980	System windows directory: C:\Windows
2011/07/13 14:29:21.0126 0980	Processor architecture: Intel x86
2011/07/13 14:29:21.0126 0980	Number of processors: 4
2011/07/13 14:29:21.0126 0980	Page size: 0x1000
2011/07/13 14:29:21.0126 0980	Boot type: Normal boot
2011/07/13 14:29:21.0126 0980	================================================================================
2011/07/13 14:29:22.0000 0980	Initialize success
2011/07/13 14:29:23.0154 3392	================================================================================
2011/07/13 14:29:23.0154 3392	Scan started
2011/07/13 14:29:23.0154 3392	Mode: Manual; 
2011/07/13 14:29:23.0154 3392	================================================================================
2011/07/13 14:29:23.0965 3392	1394ohci        (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
2011/07/13 14:29:23.0997 3392	ACPI            (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
2011/07/13 14:29:24.0043 3392	AcpiPmi         (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
2011/07/13 14:29:24.0075 3392	adp94xx         (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/07/13 14:29:24.0090 3392	adpahci         (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2011/07/13 14:29:24.0121 3392	adpu320         (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2011/07/13 14:29:24.0215 3392	AFD             (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
2011/07/13 14:29:24.0246 3392	agp440          (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
2011/07/13 14:29:24.0262 3392	aic78xx         (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2011/07/13 14:29:24.0324 3392	akshasp         (64fc197d24a2b240598f29ce0a6660c0) C:\Windows\system32\DRIVERS\akshasp.sys
2011/07/13 14:29:24.0371 3392	aksusb          (d2b95315cc47f9230006fdbcba394d8d) C:\Windows\system32\DRIVERS\aksusb.sys
2011/07/13 14:29:24.0402 3392	aliide          (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
2011/07/13 14:29:24.0449 3392	amdagp          (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
2011/07/13 14:29:24.0465 3392	amdide          (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
2011/07/13 14:29:24.0480 3392	AmdK8           (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2011/07/13 14:29:24.0496 3392	AmdPPM          (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2011/07/13 14:29:24.0527 3392	amdsata         (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
2011/07/13 14:29:24.0558 3392	amdsbs          (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/07/13 14:29:24.0574 3392	amdxata         (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
2011/07/13 14:29:24.0636 3392	AppID           (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
2011/07/13 14:29:24.0683 3392	arc             (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2011/07/13 14:29:24.0699 3392	arcsas          (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2011/07/13 14:29:24.0745 3392	AsyncMac        (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/07/13 14:29:24.0777 3392	atapi           (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
2011/07/13 14:29:24.0808 3392	b06bdrv         (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2011/07/13 14:29:24.0839 3392	b57nd60x        (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/07/13 14:29:24.0870 3392	Beep            (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2011/07/13 14:29:25.0057 3392	BHDrvx86        (ad73b4cd214de82d003fdadbaeab6410) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110701.001\BHDrvx86.sys
2011/07/13 14:29:25.0104 3392	blbdrive        (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/07/13 14:29:25.0151 3392	bowser          (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
2011/07/13 14:29:25.0167 3392	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/07/13 14:29:25.0182 3392	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/07/13 14:29:25.0213 3392	Brserid         (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2011/07/13 14:29:25.0229 3392	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/07/13 14:29:25.0245 3392	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/07/13 14:29:25.0260 3392	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/07/13 14:29:25.0291 3392	BTHMODEM        (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/07/13 14:29:25.0323 3392	cdfs            (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2011/07/13 14:29:25.0369 3392	cdrom           (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
2011/07/13 14:29:25.0416 3392	circlass        (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2011/07/13 14:29:25.0447 3392	CLFS            (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2011/07/13 14:29:25.0494 3392	CmBatt          (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/07/13 14:29:25.0510 3392	cmdide          (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
2011/07/13 14:29:25.0541 3392	CNG             (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2011/07/13 14:29:25.0557 3392	Compbatt        (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2011/07/13 14:29:25.0588 3392	CompositeBus    (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
2011/07/13 14:29:25.0619 3392	crcdisk         (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/07/13 14:29:25.0650 3392	CSC             (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
2011/07/13 14:29:25.0728 3392	DfsC            (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
2011/07/13 14:29:25.0759 3392	discache        (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2011/07/13 14:29:25.0791 3392	Disk            (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2011/07/13 14:29:25.0900 3392	drmkaud         (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2011/07/13 14:29:25.0962 3392	DrvAgent32      (651554e483712b708ede864d0ca1aa73) C:\Windows\system32\Drivers\DrvAgent32.sys
2011/07/13 14:29:26.0009 3392	DXGKrnl         (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
2011/07/13 14:29:26.0071 3392	ebdrv           (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2011/07/13 14:29:26.0181 3392	eeCtrl          (5461f01b7def17dc90d90b029f874c3b) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2011/07/13 14:29:26.0243 3392	elxstor         (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2011/07/13 14:29:26.0290 3392	EraserUtilRebootDrv (17fcc372d03ba39f3aee85198c0ec594) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2011/07/13 14:29:26.0321 3392	ErrDev          (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
2011/07/13 14:29:26.0368 3392	exfat           (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2011/07/13 14:29:26.0399 3392	fastfat         (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2011/07/13 14:29:26.0430 3392	fdc             (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2011/07/13 14:29:26.0446 3392	FileInfo        (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2011/07/13 14:29:26.0461 3392	Filetrace       (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2011/07/13 14:29:26.0477 3392	flpydisk        (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/07/13 14:29:26.0508 3392	FltMgr          (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2011/07/13 14:29:26.0539 3392	FsDepends       (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2011/07/13 14:29:26.0555 3392	Fs_Rec          (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2011/07/13 14:29:26.0602 3392	fvevol          (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
2011/07/13 14:29:26.0633 3392	gagp30kx        (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/07/13 14:29:26.0664 3392	gdrv            (b6bfec7542730e9a376bf2408423d493) C:\Windows\gdrv.sys
2011/07/13 14:29:26.0680 3392	GearAspiWDM     (5dc17164f66380cbfefd895c18467773) C:\Windows\system32\drivers\GEARAspiWDM.sys
2011/07/13 14:29:26.0727 3392	giveio          (77ebf3e9386daa51551af429052d88d0) C:\Windows\system32\giveio.sys
2011/07/13 14:29:26.0805 3392	Hardlock        (d95554949082fd29a04d351b58396718) C:\Windows\system32\drivers\hardlock.sys
2011/07/13 14:29:26.0836 3392	hcw85cir        (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2011/07/13 14:29:26.0883 3392	HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
2011/07/13 14:29:26.0914 3392	HDAudBus        (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
2011/07/13 14:29:26.0929 3392	HidBatt         (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/07/13 14:29:26.0945 3392	HidBth          (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2011/07/13 14:29:26.0976 3392	HidIr           (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2011/07/13 14:29:27.0007 3392	HidUsb          (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys
2011/07/13 14:29:27.0039 3392	HpSAMD          (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
2011/07/13 14:29:27.0085 3392	HTTP            (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
2011/07/13 14:29:27.0117 3392	hwpolicy        (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
2011/07/13 14:29:27.0163 3392	i8042prt        (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/07/13 14:29:27.0179 3392	iaStorV         (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
2011/07/13 14:29:27.0382 3392	IDSVix86        (c15fcea5c150314489698b2571a5190d) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110712.034\IDSvix86.sys
2011/07/13 14:29:27.0413 3392	iirsp           (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2011/07/13 14:29:27.0507 3392	IntcAzAudAddService (f42f2f88017a2e2b6f783acef6c2c149) C:\Windows\system32\drivers\RTKVHDA.sys
2011/07/13 14:29:27.0585 3392	intelide        (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
2011/07/13 14:29:27.0616 3392	intelppm        (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2011/07/13 14:29:27.0631 3392	IpFilterDriver  (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/07/13 14:29:27.0678 3392	IPMIDRV         (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
2011/07/13 14:29:27.0709 3392	IPNAT           (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2011/07/13 14:29:27.0725 3392	IRENUM          (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2011/07/13 14:29:27.0741 3392	isapnp          (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
2011/07/13 14:29:27.0787 3392	iScsiPrt        (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
2011/07/13 14:29:27.0803 3392	kbdclass        (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
2011/07/13 14:29:27.0850 3392	kbdhid          (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
2011/07/13 14:29:27.0881 3392	KSecDD          (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys
2011/07/13 14:29:27.0928 3392	KSecPkg         (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
2011/07/13 14:29:28.0068 3392	LHidFilt        (b68309f25c5787385da842eb5b496958) C:\Windows\system32\DRIVERS\LHidFilt.Sys
2011/07/13 14:29:28.0099 3392	lltdio          (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/07/13 14:29:28.0131 3392	LMouFilt        (63d3b1d3cd267fcc186a0146b80d453b) C:\Windows\system32\DRIVERS\LMouFilt.Sys
2011/07/13 14:29:28.0162 3392	LSI_FC          (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/07/13 14:29:28.0177 3392	LSI_SAS         (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/07/13 14:29:28.0209 3392	LSI_SAS2        (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/07/13 14:29:28.0224 3392	LSI_SCSI        (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/07/13 14:29:28.0255 3392	luafv           (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2011/07/13 14:29:28.0287 3392	LUsbFilt        (0c62957912d4df1e4ba9795e6be3ed38) C:\Windows\system32\Drivers\LUsbFilt.Sys
2011/07/13 14:29:28.0318 3392	megasas         (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2011/07/13 14:29:28.0333 3392	MegaSR          (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/07/13 14:29:28.0365 3392	Modem           (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2011/07/13 14:29:28.0380 3392	monitor         (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2011/07/13 14:29:28.0411 3392	mouclass        (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
2011/07/13 14:29:28.0427 3392	mouhid          (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2011/07/13 14:29:28.0474 3392	mountmgr        (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
2011/07/13 14:29:28.0505 3392	mpio            (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
2011/07/13 14:29:28.0583 3392	mpsdrv          (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2011/07/13 14:29:28.0630 3392	MRxDAV          (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
2011/07/13 14:29:28.0692 3392	mrxsmb          (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/07/13 14:29:28.0708 3392	mrxsmb10        (a70c828a93cce4c11617f6249f4d87fc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/07/13 14:29:28.0739 3392	mrxsmb20        (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/07/13 14:29:28.0755 3392	msahci          (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
2011/07/13 14:29:28.0801 3392	msdsm           (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
2011/07/13 14:29:28.0833 3392	Msfs            (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2011/07/13 14:29:28.0833 3392	mshidkmdf       (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2011/07/13 14:29:28.0864 3392	msisadrv        (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
2011/07/13 14:29:28.0911 3392	MSKSSRV         (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2011/07/13 14:29:28.0926 3392	MSPCLOCK        (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/07/13 14:29:28.0942 3392	MSPQM           (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2011/07/13 14:29:28.0973 3392	MsRPC           (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2011/07/13 14:29:29.0004 3392	mssmbios        (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
2011/07/13 14:29:29.0020 3392	MSTEE           (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2011/07/13 14:29:29.0035 3392	MTConfig        (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/07/13 14:29:29.0051 3392	Mup             (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2011/07/13 14:29:29.0082 3392	NativeWifiP     (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2011/07/13 14:29:29.0238 3392	NAVENG          (920d9701bba90dbb7ccfd3536ea4d6f9) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110712.033\NAVENG.SYS
2011/07/13 14:29:29.0316 3392	NAVEX15         (31b1a9b53c3319b97f7874347cd992d2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110712.033\NAVEX15.SYS
2011/07/13 14:29:29.0379 3392	NDIS            (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
2011/07/13 14:29:29.0410 3392	NdisCap         (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/07/13 14:29:29.0441 3392	NdisTapi        (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/07/13 14:29:29.0488 3392	Ndisuio         (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/07/13 14:29:29.0519 3392	NdisWan         (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/07/13 14:29:29.0550 3392	NDProxy         (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
2011/07/13 14:29:29.0581 3392	NetBIOS         (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2011/07/13 14:29:29.0613 3392	NetBT           (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
2011/07/13 14:29:29.0691 3392	nfrd960         (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/07/13 14:29:29.0722 3392	Npfs            (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2011/07/13 14:29:29.0769 3392	NPF_devolo      (75ac610a7481cb1f343dc971249bcb19) C:\Windows\system32\drivers\npf_devolo.sys
2011/07/13 14:29:29.0784 3392	nsiproxy        (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2011/07/13 14:29:29.0847 3392	Ntfs            (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
2011/07/13 14:29:29.0862 3392	Null            (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2011/07/13 14:29:30.0081 3392	nvlddmkm        (847b1755f7757f825305a1ffe6dac3e9) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/07/13 14:29:30.0268 3392	nvraid          (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
2011/07/13 14:29:30.0330 3392	nvstor          (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
2011/07/13 14:29:30.0377 3392	nv_agp          (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
2011/07/13 14:29:30.0424 3392	ohci1394        (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
2011/07/13 14:29:30.0486 3392	Parport         (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2011/07/13 14:29:30.0533 3392	partmgr         (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
2011/07/13 14:29:30.0549 3392	Parvdm          (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2011/07/13 14:29:30.0580 3392	pci             (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
2011/07/13 14:29:30.0595 3392	pciide          (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
2011/07/13 14:29:30.0611 3392	pcmcia          (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/07/13 14:29:30.0642 3392	pcw             (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2011/07/13 14:29:30.0658 3392	PEAUTH          (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2011/07/13 14:29:30.0751 3392	PptpMiniport    (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2011/07/13 14:29:30.0767 3392	Processor       (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2011/07/13 14:29:30.0814 3392	Psched          (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2011/07/13 14:29:30.0876 3392	PSSDK42         (c8eb36910d3bd582891977e80925e21e) C:\Windows\system32\Drivers\pssdk42.sys
2011/07/13 14:29:30.0939 3392	ql2300          (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2011/07/13 14:29:30.0985 3392	ql40xx          (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/07/13 14:29:31.0017 3392	QWAVEdrv        (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2011/07/13 14:29:31.0032 3392	RasAcd          (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2011/07/13 14:29:31.0063 3392	RasAgileVpn     (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/07/13 14:29:31.0079 3392	Rasl2tp         (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/07/13 14:29:31.0110 3392	RasPppoe        (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/07/13 14:29:31.0126 3392	RasSstp         (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2011/07/13 14:29:31.0157 3392	rdbss           (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
2011/07/13 14:29:31.0173 3392	rdpbus          (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/07/13 14:29:31.0204 3392	RDPCDD          (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/07/13 14:29:31.0251 3392	RDPDR           (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
2011/07/13 14:29:31.0266 3392	RDPENCDD        (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2011/07/13 14:29:31.0297 3392	RDPREFMP        (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2011/07/13 14:29:31.0344 3392	RDPWD           (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
2011/07/13 14:29:31.0391 3392	rdyboost        (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
2011/07/13 14:29:31.0438 3392	rspndr          (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2011/07/13 14:29:31.0485 3392	RTL8167         (3983cea05bb855351d75f5482b6c42ce) C:\Windows\system32\DRIVERS\Rt86win7.sys
2011/07/13 14:29:31.0547 3392	RTL85n86        (17bb009e31a660b4ccfc061b02de2ef6) C:\Windows\system32\DRIVERS\RTL85n86.sys
2011/07/13 14:29:31.0609 3392	s3cap           (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
2011/07/13 14:29:31.0656 3392	sbp2port        (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
2011/07/13 14:29:31.0703 3392	scfilter        (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
2011/07/13 14:29:31.0734 3392	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/07/13 14:29:31.0765 3392	Serenum         (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2011/07/13 14:29:31.0781 3392	Serial          (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2011/07/13 14:29:31.0812 3392	sermouse        (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2011/07/13 14:29:31.0843 3392	sffdisk         (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
2011/07/13 14:29:31.0859 3392	sffp_mmc        (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
2011/07/13 14:29:31.0890 3392	sffp_sd         (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
2011/07/13 14:29:31.0906 3392	sfloppy         (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/07/13 14:29:31.0937 3392	sisagp          (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
2011/07/13 14:29:31.0953 3392	SiSRaid2        (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/07/13 14:29:31.0968 3392	SiSRaid4        (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/07/13 14:29:31.0999 3392	Smb             (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2011/07/13 14:29:32.0046 3392	SMR200          (718a5f664bd78cf727f5d662eba4b2da) C:\Windows\system32\drivers\SMR200.SYS
2011/07/13 14:29:32.0109 3392	speedfan        (5d6401db90ec81b71f8e2c5c8f0fef23) C:\Windows\system32\speedfan.sys
2011/07/13 14:29:32.0124 3392	spldr           (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2011/07/13 14:29:32.0249 3392	SRTSP           (83726cf02eced69138948083e06b6eac) C:\Windows\system32\drivers\NIS\1206000.01D\SRTSP.SYS
2011/07/13 14:29:32.0280 3392	SRTSPX          (4e7eab2e5615d39cf1f1df9c71e5e225) C:\Windows\system32\drivers\NIS\1206000.01D\SRTSPX.SYS
2011/07/13 14:29:32.0343 3392	srv             (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
2011/07/13 14:29:32.0389 3392	srv2            (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
2011/07/13 14:29:32.0405 3392	srvnet          (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
2011/07/13 14:29:32.0452 3392	stexstor        (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2011/07/13 14:29:32.0499 3392	storflt         (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
2011/07/13 14:29:32.0530 3392	storvsc         (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
2011/07/13 14:29:32.0545 3392	swenum          (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
2011/07/13 14:29:32.0577 3392	SymDS           (9bbeb8c6258e72d62e7560e6667aad39) C:\Windows\system32\drivers\NIS\1206000.01D\SYMDS.SYS
2011/07/13 14:29:32.0623 3392	SymEFA          (d5c02629c02a820a7e71bca3d44294a3) C:\Windows\system32\drivers\NIS\1206000.01D\SYMEFA.SYS
2011/07/13 14:29:32.0670 3392	SymEvent        (ab33c3b196197ca467cbdda717860dba) C:\Windows\system32\Drivers\SYMEVENT.SYS
2011/07/13 14:29:32.0701 3392	SymIRON         (a73399804d5d4a8b20ba60fcf70c9f1f) C:\Windows\system32\drivers\NIS\1206000.01D\Ironx86.SYS
2011/07/13 14:29:32.0717 3392	SymNetS         (cc71cf163de8b62ccd077e20e909c960) C:\Windows\system32\drivers\NIS\1206000.01D\SYMNETS.SYS
2011/07/13 14:29:32.0779 3392	Tcpip           (24326784df8f3d5f5bbb9f878ce33c14) C:\Windows\system32\drivers\tcpip.sys
2011/07/13 14:29:32.0826 3392	TCPIP6          (24326784df8f3d5f5bbb9f878ce33c14) C:\Windows\system32\DRIVERS\tcpip.sys
2011/07/13 14:29:32.0873 3392	tcpipreg        (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
2011/07/13 14:29:32.0920 3392	TDPIPE          (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
2011/07/13 14:29:32.0935 3392	TDTCP           (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
2011/07/13 14:29:32.0967 3392	tdx             (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
2011/07/13 14:29:33.0013 3392	TermDD          (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
2011/07/13 14:29:33.0076 3392	tssecsrv        (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/07/13 14:29:33.0123 3392	TsUsbFlt        (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
2011/07/13 14:29:33.0185 3392	tunnel          (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
2011/07/13 14:29:33.0216 3392	uagp35          (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2011/07/13 14:29:33.0263 3392	udfs            (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
2011/07/13 14:29:33.0294 3392	uliagpkx        (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
2011/07/13 14:29:33.0325 3392	umbus           (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
2011/07/13 14:29:33.0357 3392	UmPass          (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2011/07/13 14:29:33.0372 3392	usbccgp         (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\drivers\usbccgp.sys
2011/07/13 14:29:33.0403 3392	usbcir          (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
2011/07/13 14:29:33.0435 3392	usbehci         (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\drivers\usbehci.sys
2011/07/13 14:29:33.0466 3392	usbhub          (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
2011/07/13 14:29:33.0497 3392	usbohci         (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
2011/07/13 14:29:33.0528 3392	usbprint        (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2011/07/13 14:29:33.0559 3392	usbscan         (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
2011/07/13 14:29:33.0575 3392	USBSTOR         (f991ab9cc6b908db552166768176896a) C:\Windows\system32\drivers\USBSTOR.SYS
2011/07/13 14:29:33.0606 3392	usbuhci         (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\drivers\usbuhci.sys
2011/07/13 14:29:33.0653 3392	vdrvroot        (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
2011/07/13 14:29:33.0684 3392	vga             (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/07/13 14:29:33.0700 3392	VgaSave         (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2011/07/13 14:29:33.0715 3392	vhdmp           (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
2011/07/13 14:29:33.0747 3392	viaagp          (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
2011/07/13 14:29:33.0778 3392	ViaC7           (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2011/07/13 14:29:33.0793 3392	viaide          (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
2011/07/13 14:29:33.0809 3392	vmbus           (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
2011/07/13 14:29:33.0825 3392	VMBusHID        (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
2011/07/13 14:29:33.0856 3392	volmgr          (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
2011/07/13 14:29:33.0871 3392	volmgrx         (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2011/07/13 14:29:33.0887 3392	volsnap         (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
2011/07/13 14:29:33.0918 3392	vpcbus          (b26536add1d748cda104d856c979ae79) C:\Windows\system32\DRIVERS\vpchbus.sys
2011/07/13 14:29:33.0996 3392	vpcnfltr        (a0f7e923a6261760130f22b85df9040e) C:\Windows\system32\DRIVERS\vpcnfltr.sys
2011/07/13 14:29:34.0027 3392	vpcusb          (5f4b55e91ce7e2523c9e1e0ece858869) C:\Windows\system32\DRIVERS\vpcusb.sys
2011/07/13 14:29:34.0059 3392	vpcvmm          (b487191fe18d6863381a1ac55482469a) C:\Windows\system32\drivers\vpcvmm.sys
2011/07/13 14:29:34.0090 3392	vsmraid         (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/07/13 14:29:34.0105 3392	vwifibus        (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
2011/07/13 14:29:34.0152 3392	WacomPen        (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2011/07/13 14:29:34.0199 3392	WANARP          (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/13 14:29:34.0199 3392	Wanarpv6        (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/13 14:29:34.0261 3392	Wd              (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2011/07/13 14:29:34.0293 3392	Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2011/07/13 14:29:34.0355 3392	WfpLwf          (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/07/13 14:29:34.0371 3392	WIMMount        (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2011/07/13 14:29:34.0449 3392	WmiAcpi         (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
2011/07/13 14:29:34.0495 3392	ws2ifsl         (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/07/13 14:29:34.0527 3392	WudfPf          (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
2011/07/13 14:29:34.0573 3392	WUDFRd          (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/07/13 14:29:34.0605 3392	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
2011/07/13 14:29:34.0620 3392	MBR (0x1B8)     (65e858a8a0293be11a920b0bc99d695e) \Device\Harddisk5\DR5
2011/07/13 14:29:34.0651 3392	Boot (0x1200)   (348dcd651f3dedd5c90250c3a84b4c94) \Device\Harddisk0\DR0\Partition0
2011/07/13 14:29:34.0683 3392	Boot (0x1200)   (315511e9c858620e9af0b48419c43c38) \Device\Harddisk0\DR0\Partition1
2011/07/13 14:29:34.0683 3392	Boot (0x1200)   (c591cf085d5dc87b9f22ac1c5c1e2b9d) \Device\Harddisk5\DR5\Partition0
2011/07/13 14:29:34.0698 3392	================================================================================
2011/07/13 14:29:34.0698 3392	Scan finished
2011/07/13 14:29:34.0698 3392	================================================================================
2011/07/13 14:29:34.0698 5520	Detected object count: 0
2011/07/13 14:29:34.0698 5520	Actual detected object count: 0
         
Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 09:45 on 13/07/2011 (Walter)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
         
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 13.07.2011 09:51:51 - Run 1
OTL by OldTimer - Version 3.2.26.1     Folder = C:\Users\Walter\Desktop
 An unknown product Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,04 Gb Available Physical Memory | 67,90% Memory free
6,00 Gb Paging File | 5,01 Gb Available in Paging File | 83,63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 270,44 Gb Total Space | 222,43 Gb Free Space | 82,25% Space Free | Partition Type: NTFS
Drive D: | 195,31 Gb Total Space | 195,02 Gb Free Space | 99,85% Space Free | Partition Type: NTFS
Drive F: | 7,46 Gb Total Space | 7,39 Gb Free Space | 99,11% Space Free | Partition Type: NTFS
Drive K: | 298,09 Gb Total Space | 108,58 Gb Free Space | 36,42% Space Free | Partition Type: NTFS
 
Computer Name: WALTER-PC | User Name: Walter | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.07.13 09:41:23 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Walter\Desktop\OTL.exe
PRC - [2011.05.21 06:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011.05.21 06:01:00 | 000,839,272 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2011.05.05 17:30:46 | 000,549,384 | ---- | M] (Star Finanz - Software Entwicklung und Vertriebs GmbH) -- C:\Programme\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe
PRC - [2011.04.17 02:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Programme\Norton Internet Security\Engine\18.6.0.29\ccsvchst.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.12.23 11:41:36 | 003,304,768 | ---- | M] (devolo AG) -- C:\Programme\devolo\dlan\devolonetsvc.exe
PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.11.20 14:17:41 | 001,174,016 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2010.06.26 02:15:32 | 001,311,312 | ---- | M] (Logitech, Inc.) -- C:\Programme\Logitech\SetPointP\SetPoint.exe
PRC - [2010.06.22 21:09:20 | 000,112,208 | ---- | M] (Logitech, Inc.) -- C:\Programme\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
PRC - [2009.11.27 17:24:34 | 000,185,640 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version5\TeamViewer_Service.exe
PRC - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009.08.18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2009.07.14 03:14:46 | 000,115,200 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE
PRC - [2009.04.30 11:23:26 | 000,090,112 | ---- | M] () -- C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
PRC - [2009.02.26 15:24:50 | 000,097,680 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE
PRC - [2008.11.03 13:21:30 | 000,339,240 | ---- | M] (Lexware GmbH & Co. KG) -- C:\Programme\Common Files\Lexware\Update Manager\LxUpdateManager.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.07.13 09:41:23 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Walter\Desktop\OTL.exe
MOD - [2010.11.20 13:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.05.21 06:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011.05.05 17:30:46 | 000,549,384 | ---- | M] (Star Finanz - Software Entwicklung und Vertriebs GmbH) [Auto | Running] -- C:\Programme\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe -- (StarMoney 7.0 OnlineUpdate)
SRV - [2011.04.17 02:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe -- (NIS)
SRV - [2010.12.23 11:41:36 | 003,304,768 | ---- | M] (devolo AG) [Auto | Running] -- C:\Programme\devolo\dlan\devolonetsvc.exe -- (DevoloNetworkService)
SRV - [2010.11.20 14:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010.11.20 14:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010.11.20 14:18:03 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2010.05.18 14:00:37 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010.05.06 11:29:12 | 000,293,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2009.11.27 17:24:34 | 000,185,640 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.04.30 11:23:26 | 000,090,112 | ---- | M] () [Auto | Running] -- C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe -- (OMSI download service)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.07.07 17:01:40 | 000,367,736 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110712.034\IDSvix86.sys -- (IDSVix86)
DRV - [2011.06.05 14:21:20 | 001,542,392 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110712.033\NAVEX15.SYS -- (NAVEX15)
DRV - [2011.06.05 14:21:20 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011.06.05 14:21:20 | 000,105,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Programme\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011.06.05 14:21:20 | 000,086,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110712.033\NAVENG.SYS -- (NAVENG)
DRV - [2011.06.05 14:19:20 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011.05.21 06:01:00 | 010,589,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011.05.19 21:37:06 | 000,810,616 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110701.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011.03.31 05:00:09 | 000,516,216 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\system32\drivers\NIS\1206000.01D\SRTSP.SYS -- (SRTSP)
DRV - [2011.03.31 05:00:09 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1206000.01D\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011.03.22 02:39:49 | 000,296,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1206000.01D\SYMNETS.SYS -- (SymNetS)
DRV - [2011.03.15 04:31:23 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\NIS\1206000.01D\SYMEFA.SYS -- (SymEFA)
DRV - [2011.02.01 20:56:26 | 000,038,976 | ---- | M] (microOLAP Technologies LTD) [Kernel | System | Running] -- C:\Windows\System32\drivers\pssdk42.sys -- (PSSDK42)
DRV - [2011.01.27 08:47:10 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\NIS\1206000.01D\SYMDS.SYS -- (SymDS)
DRV - [2011.01.27 07:07:05 | 000,136,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1206000.01D\Ironx86.SYS -- (SymIRON)
DRV - [2010.11.20 14:30:17 | 000,296,064 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcvmm.sys -- (vpcvmm)
DRV - [2010.11.20 14:30:17 | 000,172,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpchbus.sys -- (vpcbus)
DRV - [2010.11.20 14:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 14:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 14:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 12:50:38 | 000,078,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpcusb.sys -- (vpcusb)
DRV - [2010.11.20 12:50:37 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 11:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 11:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.09.27 17:42:16 | 000,238,208 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\akshasp.sys -- (akshasp)
DRV - [2010.06.10 12:32:14 | 000,035,840 | ---- | M] (CACE Technologies) [Kernel | Auto | Running] -- C:\Windows\system32\drivers\npf_devolo.sys -- (NPF_devolo) NetGroup Packet Filter Driver (devolo)
DRV - [2010.05.12 14:12:39 | 000,023,456 | ---- | M] (Phoenix Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\DrvAgent32.sys -- (DrvAgent32)
DRV - [2010.03.23 02:17:06 | 001,812,512 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL85n86.sys -- (RTL85n86)
DRV - [2010.03.18 11:02:32 | 000,028,624 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2010.03.18 11:02:08 | 000,037,328 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2010.03.18 11:01:52 | 000,038,864 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009.11.27 18:20:40 | 000,016,376 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2006.11.22 11:01:48 | 000,693,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\system32\drivers\hardlock.sys -- (Hardlock)
DRV - [2006.11.22 10:01:48 | 000,100,096 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\aksusb.sys -- (aksusb)
DRV - [2006.09.24 15:28:46 | 000,005,248 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Boot | Running] -- C:\Windows\system32\speedfan.sys -- (speedfan)
DRV - [1996.04.03 21:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\system32\giveio.sys -- (giveio)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/|hxxp://stores.ebay.de/interbuch-plus|hxxp://stores.ebay.de/klickbuch24|hxxp://www.buchkatalog.de/"
FF - prefs.js..extensions.enabledItems: support@predictad.com:1.11
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Walter\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Walter\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\support@predictad.com: C:\Program Files\AutocompletePro\support@predictad.com [2010.05.11 23:22:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\ [2011.07.08 09:17:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn_2011_7_0_8 [2011.07.13 09:48:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.06.05 14:05:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.07.10 12:00:25 | 000,000,000 | ---D | M]
 
[2011.06.05 13:50:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Walter\AppData\Roaming\mozilla\Extensions
[2011.07.02 21:46:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Walter\AppData\Roaming\mozilla\Firefox\Profiles\pb4r09dj.default\extensions
[2011.06.05 13:55:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Walter\AppData\Roaming\mozilla\Firefox\Profiles\pb4r09dj.default\extensions\nostmp
[2011.06.05 13:50:43 | 000,002,449 | ---- | M] () -- C:\Users\Walter\AppData\Roaming\Mozilla\Firefox\Profiles\pb4r09dj.default\searchplugins\safesearch.xml
[2011.07.10 12:04:30 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.05.11 08:06:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.08.13 07:41:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011.07.10 12:04:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
File not found (No name found) -- 
[2010.04.04 12:55:38 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
[2010.05.11 08:06:31 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.08.13 07:41:45 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011.07.10 12:04:30 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011.07.13 09:48:59 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\COFFPLGN_2011_7_0_8
[2011.07.08 09:17:12 | 000,000,000 | ---D | M] (Symantec IPS) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPLGN
() (No name found) -- C:\USERS\WALTER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PB4R09DJ.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\WALTER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PB4R09DJ.DEFAULT\EXTENSIONS\AUTOPAGER@MOZILLA.ORG.XPI
() (No name found) -- C:\USERS\WALTER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PB4R09DJ.DEFAULT\EXTENSIONS\TESTPILOT@LABS.MOZILLA.COM.XPI
[2011.04.14 18:40:03 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.05.04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programme\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Norton Internet Security\Engine\18.6.0.29\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (&NetWorx Desk Band) - {FEEA54B4-D80F-41C7-87B9-DC08E6D3255F} - C:\Programme\NetWorx\deskband.dll (SoftPerfect Research)
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Lexware GmbH & Co. KG)
O4 - HKLM..\Run: [NetWorx] C:\Program Files\NetWorx\networx.exe (SoftPerfect Research)
O4 - Startup: C:\Users\Walter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O4 - Startup: C:\Users\Walter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: interbooks-online.de ([www] https in Trusted sites)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab (Windows Live OneCare safety scanner control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Programme\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{95d74f4e-daab-11de-8941-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{95d74f4e-daab-11de-8941-806e6f6e6963}\Shell\AutoRun\command - "" = E:\INTRO.EXE
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - 
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpReg: Sony Ericsson PC Suite - hkey= - key= - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe (Sony Ericsson Mobile Communications AB)
MsConfig - State: "bootini" - 2
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.07.13 09:44:34 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\Walter\Desktop\OTL.exe
[2011.07.13 00:27:27 | 000,000,000 | ---D | C] -- C:\Users\Walter\AppData\Roaming\Malwarebytes
[2011.07.13 00:26:54 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.07.13 00:26:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.07.13 00:26:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.07.13 00:26:48 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.07.13 00:26:48 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.07.12 23:43:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011.07.10 12:05:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011.06.29 16:53:41 | 000,000,000 | ---D | C] -- C:\Users\Walter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011.06.20 16:13:51 | 000,000,000 | ---D | C] -- C:\Windows\System32\SPReview
[2011.06.20 16:13:26 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2011.06.14 12:28:32 | 000,000,000 | ---D | C] -- C:\Users\Walter\AppData\Local\CrashDumps
[2010.06.26 10:52:30 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpeB4EF.dll
[2009.12.03 17:02:09 | 000,030,208 | ---- | C] ( ) -- C:\Windows\System32\RC00C150.dll
 
========== Files - Modified Within 30 Days ==========
 
[2011.07.13 09:55:03 | 000,414,394 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.07.13 09:55:03 | 000,153,712 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.07.13 09:55:03 | 000,074,288 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.07.13 09:55:03 | 000,050,576 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.07.13 09:48:32 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.07.13 09:48:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.07.13 09:47:48 | 2414,731,264 | -HS- | M] () -- C:\hiberfil.sys
[2011.07.13 09:45:16 | 000,000,000 | ---- | M] () -- C:\Users\Walter\defogger_reenable
[2011.07.13 09:41:23 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Walter\Desktop\OTL.exe
[2011.07.13 09:38:51 | 000,050,477 | ---- | M] () -- C:\Users\Walter\Desktop\Defogger.exe
[2011.07.13 09:25:08 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.07.13 08:58:01 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1488151914-114474058-723148296-1000UA.job
[2011.07.13 08:06:23 | 000,015,040 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.07.13 08:06:23 | 000,015,040 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.07.13 07:58:34 | 000,378,128 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.07.13 00:27:01 | 000,001,073 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.07.12 23:43:06 | 000,002,505 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2011.07.10 19:01:48 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1488151914-114474058-723148296-1000Core.job
[2011.07.10 12:00:29 | 000,001,990 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011.06.29 16:53:44 | 000,002,326 | ---- | M] () -- C:\Users\Walter\Desktop\Google Chrome.lnk
 
========== Files Created - No Company Name ==========
 
[2011.07.13 09:45:16 | 000,000,000 | ---- | C] () -- C:\Users\Walter\defogger_reenable
[2011.07.13 09:44:34 | 000,050,477 | ---- | C] () -- C:\Users\Walter\Desktop\Defogger.exe
[2011.07.13 00:26:59 | 000,001,073 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.06.29 16:53:44 | 000,002,326 | ---- | C] () -- C:\Users\Walter\Desktop\Google Chrome.lnk
[2011.06.29 16:53:13 | 000,001,124 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1488151914-114474058-723148296-1000UA.job
[2011.06.29 16:53:13 | 000,001,072 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1488151914-114474058-723148296-1000Core.job
[2011.06.07 09:02:19 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2010.12.04 12:20:20 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2010.10.28 19:43:41 | 000,000,209 | ---- | C] () -- C:\ProgramData\nvUnsupRes.dat
[2010.08.04 11:37:56 | 000,057,344 | ---- | C] () -- C:\Windows\System32\FKStampPainter20.dll
[2010.07.20 11:02:00 | 000,081,920 | ---- | C] () -- C:\Windows\System32\KSESinoUeberwachung5.exe
[2010.07.10 11:34:03 | 000,016,183 | ---- | C] () -- C:\Windows\System32\SELF32.INI
[2010.07.02 22:07:37 | 000,178,688 | ---- | C] () -- C:\Windows\System32\BpShellEx.dll
[2010.06.28 22:16:22 | 000,000,466 | ---- | C] () -- C:\Windows\wiso.ini
[2010.06.28 21:02:58 | 000,000,000 | ---- | C] () -- C:\Windows\buhl.ini
[2010.05.01 11:43:19 | 000,028,672 | ---- | C] () -- C:\Windows\System32\hlduinst.exe
[2010.05.01 11:43:19 | 000,006,836 | ---- | C] () -- C:\Windows\System32\UNWISE.INI
[2010.05.01 11:43:18 | 000,153,088 | ---- | C] () -- C:\Windows\System32\UNWISE.EXE
[2010.04.22 13:49:04 | 000,000,198 | ---- | C] () -- C:\Windows\ODBCINST.ini
[2010.03.20 14:42:06 | 000,554,496 | ---- | C] () -- C:\Program Files\ShirusuPad.exe
[2010.03.16 18:31:32 | 000,098,304 | ---- | C] () -- C:\Windows\System32\KSEIBUeberwachung5.exe
[2010.02.08 21:32:41 | 000,016,384 | ---- | C] () -- C:\Windows\System32\FileOps.exe
[2010.02.03 08:43:06 | 000,453,024 | ---- | C] () -- C:\Program Files\setup.exe
[2010.02.03 08:42:28 | 146,495,042 | ---- | C] () -- C:\Program Files\openofficeorg1.cab
[2010.02.03 08:41:34 | 010,181,120 | ---- | C] () -- C:\Program Files\openofficeorg32.msi
[2010.02.02 00:11:36 | 000,000,290 | ---- | C] () -- C:\Program Files\setup.ini
[2009.12.03 17:02:10 | 000,000,078 | ---- | C] () -- C:\Windows\ricdb.ini
[2009.12.03 17:02:08 | 000,000,000 | ---- | C] () -- C:\Windows\System32\RPCS.ini
[2009.11.29 13:15:47 | 000,108,032 | ---- | C] () -- C:\Windows\System32\sh33w32.dll
[2009.11.28 13:10:44 | 000,000,017 | ---- | C] () -- C:\Users\Walter\AppData\Local\resmon.resmoncfg
[2009.11.27 18:20:38 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2009.11.26 22:42:55 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.11.26 19:44:02 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009.11.17 17:13:12 | 000,208,896 | ---- | C] () -- C:\Windows\System32\LXPrnUtil10.dll
[2009.11.17 17:11:26 | 000,303,104 | ---- | C] () -- C:\Windows\System32\dnt27VC8.dll
[2009.11.17 17:09:36 | 000,143,360 | ---- | C] () -- C:\Windows\System32\dntvmc27VC8.dll
[2009.11.17 17:09:20 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dntvm27VC8.dll
[2009.08.03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009.08.03 16:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009.08.03 14:16:46 | 000,475,238 | ---- | C] () -- C:\Windows\System32\KSEBasisBerechnungen5.dll
[2009.07.14 10:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.07.14 10:47:43 | 000,153,712 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.07.14 10:47:43 | 000,050,576 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.07.14 10:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.07.14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 06:33:53 | 000,378,128 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 04:05:48 | 000,414,394 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 04:05:48 | 000,074,288 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2008.08.11 17:37:28 | 000,049,152 | ---- | C] () -- C:\Windows\System32\inditool32_2.dll
[2007.08.16 16:17:50 | 000,143,360 | ---- | C] () -- C:\Windows\System32\nsldap32v50.dll
[2007.06.21 08:34:08 | 000,203,328 | R--- | C] () -- C:\Windows\GSetup.exe
[2006.11.21 17:41:40 | 000,045,056 | ---- | C] () -- C:\Windows\System32\KSEConsorsÜberwachung.exe
[2006.05.17 17:28:58 | 000,282,624 | ---- | C] () -- C:\Windows\System32\AOSMTPEX.dll
[2005.12.21 17:57:04 | 000,024,576 | ---- | C] () -- C:\Windows\System32\nsldappr32v50.dll
[2005.12.21 17:54:34 | 000,040,960 | ---- | C] () -- C:\Windows\System32\nsldapssl32v50.dll
[2003.03.27 11:38:44 | 000,040,960 | ---- | C] () -- C:\Windows\System32\ddeimp32_2.dll
[2001.12.12 13:41:36 | 000,041,472 | ---- | C] () -- C:\Windows\System32\W32btstp.dll
[2001.12.12 13:41:36 | 000,025,088 | ---- | C] () -- C:\Windows\System32\W32btxlt.dll
[2000.08.18 11:26:08 | 000,423,424 | ---- | C] () -- C:\Windows\System32\NWPDLL.DLL
[1999.05.27 11:15:00 | 000,221,184 | ---- | C] () -- C:\Windows\System32\TPAccess.dll
[1996.04.03 21:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys
 
========== LOP Check ==========
 
[2010.12.13 12:52:19 | 000,000,000 | ---D | M] -- C:\Users\Walter\AppData\Roaming\Actior
[2010.05.11 23:22:24 | 000,000,000 | ---D | M] -- C:\Users\Walter\AppData\Roaming\Audio Recorder for Free
[2010.06.28 22:15:41 | 000,000,000 | ---D | M] -- C:\Users\Walter\AppData\Roaming\Buhl Data Service
[2010.07.01 07:21:13 | 000,000,000 | ---D | M] -- C:\Users\Walter\AppData\Roaming\Buhl Data Service GmbH
[2009.11.27 15:40:08 | 000,000,000 | ---D | M] -- C:\Users\Walter\AppData\Roaming\Canon
[2011.02.10 09:33:51 | 000,000,000 | ---D | M] -- C:\Users\Walter\AppData\Roaming\FileZilla
[2010.01.04 15:14:54 | 000,000,000 | ---D | M] -- C:\Users\Walter\AppData\Roaming\FX Flat
[2010.10.28 19:57:22 | 000,000,000 | ---D | M] -- C:\Users\Walter\AppData\Roaming\Leadertech
[2010.04.22 13:57:18 | 000,000,000 | ---D | M] -- C:\Users\Walter\AppData\Roaming\Lexware
[2010.05.14 09:44:38 | 000,000,000 | ---D | M] -- C:\Users\Walter\AppData\Roaming\NCH Swift Sound
[2010.03.20 15:33:21 | 000,000,000 | ---D | M] -- C:\Users\Walter\AppData\Roaming\OpenOffice.org
[2010.02.28 22:24:22 | 000,000,000 | ---D | M] -- C:\Users\Walter\AppData\Roaming\ProtectDisc
[2009.12.03 19:54:50 | 000,000,000 | ---D | M] -- C:\Users\Walter\AppData\Roaming\TeamViewer
[2009.11.26 19:44:01 | 000,000,000 | ---D | M] -- C:\Users\Walter\AppData\Roaming\Thunderbird
[2011.03.01 17:39:19 | 000,000,000 | ---D | M] -- C:\Users\Walter\AppData\Roaming\WH SELFINVEST
[2010.08.09 12:04:16 | 000,000,452 | ---- | M] () -- C:\Windows\Tasks\Kursupdate starten (2).job
[2010.08.09 12:19:18 | 000,000,452 | ---- | M] () -- C:\Windows\Tasks\Kursupdate starten.job
[2011.07.12 20:19:27 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2010.12.04 15:30:11 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2010.12.13 19:36:03 | 000,000,000 | ---D | M] -- C:\237e048cc37b8b0ec53c9031
[2011.06.20 17:07:40 | 000,000,000 | -HSD | M] -- C:\Boot
[2009.11.26 22:10:23 | 000,000,000 | -H-D | M] -- C:\CanoScan
[2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2009.11.26 18:58:26 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2010.12.14 15:47:26 | 000,000,000 | ---D | M] -- C:\inetpub
[2009.11.27 18:21:25 | 000,000,000 | ---D | M] -- C:\Intel
[2011.02.22 19:48:08 | 000,000,000 | ---D | M] -- C:\Investox
[2010.05.02 17:11:00 | 000,000,000 | ---D | M] -- C:\MS
[2009.11.27 15:49:45 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2009.07.14 04:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2010.12.06 18:19:03 | 000,000,000 | ---D | M] -- C:\PINNACLE
[2011.07.13 00:26:48 | 000,000,000 | R--D | M] -- C:\Program Files
[2011.07.13 00:26:53 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2009.11.26 18:58:26 | 000,000,000 | -HSD | M] -- C:\Programme
[2009.11.26 18:58:27 | 000,000,000 | -HSD | M] -- C:\Recovery
[2011.07.13 09:54:18 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2010.10.28 17:06:55 | 000,000,000 | ---D | M] -- C:\Temp
[2011.07.03 13:44:41 | 000,000,000 | R--D | M] -- C:\Users
[2011.07.04 10:19:58 | 000,000,000 | ---D | M] -- C:\Windows
[2010.03.03 22:15:58 | 000,000,000 | -H-D | M] -- C:\_rpcs
 
< %PROGRAMFILES%\*.exe >
[2010.02.03 08:43:06 | 000,453,024 | ---- | M] () -- C:\Program Files\setup.exe
[2005.02.22 13:42:34 | 000,554,496 | ---- | M] () -- C:\Program Files\ShirusuPad.exe
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: EXPLORER.EXE  >
[2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
 
< MD5 for: REGEDIT.EXE  >
[2009.07.14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe
[2009.07.14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_f4050b883d2c3c08\regedit.exe
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-07-12 22:34:58

< End of report >
         
--- --- ---
[/CODE]
GMER Logfile:
Code:
ATTFilter
GMER 1.0.15.15640 - hxxp://www.gmer.net
Rootkit scan 2011-07-13 11:48:15
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD5000AAKS-00M9A0 rev.05.01D05
Running: bydwdceu.exe; Driver: C:\Users\Walter\AppData\Local\Temp\uxliqpow.sys


---- System - GMER 1.0.15 ----

SSDT                                                                                                                                  86FFB968                                  ZwAlertResumeThread
SSDT                                                                                                                                  86FFBA48                                  ZwAlertThread
SSDT                                                                                                                                  86FF1F60                                  ZwAllocateVirtualMemory
SSDT                                                                                                                                  86D200D8                                  ZwAlpcConnectPort
SSDT                                                                                                                                  86FF7F28                                  ZwAssignProcessToJobObject
SSDT                                                                                                                                  86FFB6B8                                  ZwCreateMutant
SSDT                                                                                                                                  86FF2E40                                  ZwCreateSymbolicLinkObject
SSDT                                                                                                                                  86FF9508                                  ZwCreateThread
SSDT                                                                                                                                  86FF2FB0                                  ZwCreateThreadEx
SSDT                                                                                                                                  86FF7E50                                  ZwDebugActiveProcess
SSDT                                                                                                                                  86FFA560                                  ZwDuplicateObject
SSDT                                                                                                                                  86FF1D80                                  ZwFreeVirtualMemory
SSDT                                                                                                                                  86FFB7A8                                  ZwImpersonateAnonymousToken
SSDT                                                                                                                                  86FFB888                                  ZwImpersonateThread
SSDT                                                                                                                                  86ABF6D0                                  ZwLoadDriver
SSDT                                                                                                                                  86FF1C80                                  ZwMapViewOfSection
SSDT                                                                                                                                  86FFB558                                  ZwOpenEvent
SSDT                                                                                                                                  86FFA740                                  ZwOpenProcess
SSDT                                                                                                                                  86FFA480                                  ZwOpenProcessToken
SSDT                                                                                                                                  86FFCDE0                                  ZwOpenSection
SSDT                                                                                                                                  86FFA650                                  ZwOpenThread
SSDT                                                                                                                                  86FF6580                                  ZwProtectVirtualMemory
SSDT                                                                                                                                  86FFBB28                                  ZwResumeThread
SSDT                                                                                                                                  86FF9DE0                                  ZwSetContextThread
SSDT                                                                                                                                  86FF9EC0                                  ZwSetInformationProcess
SSDT                                                                                                                                  86FFCC98                                  ZwSetSystemInformation
SSDT                                                                                                                                  86FFCFD0                                  ZwSuspendProcess
SSDT                                                                                                                                  86FF9C20                                  ZwSuspendThread
SSDT                                                                                                                                  86FF9608                                  ZwTerminateProcess
SSDT                                                                                                                                  86FF9D00                                  ZwTerminateThread
SSDT                                                                                                                                  86FF9F90                                  ZwUnmapViewOfSection
SSDT                                                                                                                                  86FF1E70                                  ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

.text                                                                                                                                 ntkrnlpa.exe!ZwSaveKey + 13C1             82E80339 1 Byte  [06]
.text                                                                                                                                 ntkrnlpa.exe!KiDispatchInterrupt + 5A2    82EB9D52 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text                                                                                                                                 ntkrnlpa.exe!KeRemoveQueueEx + 10DB       82EC0DD0 8 Bytes  [68, B9, FF, 86, 48, BA, FF, ...]
.text                                                                                                                                 ntkrnlpa.exe!KeRemoveQueueEx + 10F3       82EC0DE8 4 Bytes  [60, 1F, FF, 86]
.text                                                                                                                                 ntkrnlpa.exe!KeRemoveQueueEx + 10FF       82EC0DF4 4 Bytes  [D8, 00, D2, 86]
.text                                                                                                                                 ntkrnlpa.exe!KeRemoveQueueEx + 1153       82EC0E48 4 Bytes  [28, 7F, FF, 86]
.text                                                                                                                                 ntkrnlpa.exe!KeRemoveQueueEx + 11CF       82EC0EC4 4 Bytes  [B8, B6, FF, 86]
.text                                                                                                                                 ...                                       
.text                                                                                                                                 C:\Windows\system32\drivers\hardlock.sys  section is writeable [0xA1E5E400, 0x87EE2, 0xE8000020]
.protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".p" section [0xA1F02620]  C:\Windows\system32\drivers\hardlock.sys  entry point in ".protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".p" section [0xA1F02620]
.protectÿÿÿÿhardlockunknown last code section [0xA1F02400, 0x5126, 0xE0000020]                                                        C:\Windows\system32\drivers\hardlock.sys  unknown last code section [0xA1F02400, 0x5126, 0xE0000020]
PAGE                                                                                                                                  spsys.sys!?SPRevision@@3PADA + 4F90       A4CFB000 290 Bytes  [8B, FF, 55, 8B, EC, 33, C0, ...]
PAGE                                                                                                                                  spsys.sys!?SPRevision@@3PADA + 50B3       A4CFB123 629 Bytes  [65, CF, A4, FE, 05, 34, 65, ...]
PAGE                                                                                                                                  spsys.sys!?SPRevision@@3PADA + 5329       A4CFB399 101 Bytes  [6A, 28, 59, A5, 5E, C6, 03, ...]
PAGE                                                                                                                                  spsys.sys!?SPRevision@@3PADA + 538F       A4CFB3FF 148 Bytes  [18, 5D, C2, 14, 00, 8B, FF, ...]
PAGE                                                                                                                                  spsys.sys!?SPRevision@@3PADA + 543B       A4CFB4AB 2228 Bytes  [8B, FF, 55, 8B, EC, FF, 75, ...]
PAGE                                                                                                                                  ...                                       

---- Devices - GMER 1.0.15 ----

AttachedDevice                                                                                                                        \Driver\volmgr \Device\HarddiskVolume1    fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice                                                                                                                        \Driver\volmgr \Device\HarddiskVolume2    fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice                                                                                                                        \Driver\volmgr \Device\HarddiskVolume3    fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice                                                                                                                        \Driver\volmgr \Device\HarddiskVolume4    fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice                                                                                                                        \Driver\volmgr \Device\HarddiskVolume5    fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice                                                                                                                        \Driver\volmgr \Device\HarddiskVolume6    fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device                                                                                                                                \Driver\ACPI_HAL \Device\0000005c         halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice                                                                                                                        \FileSystem\fastfat \Fat                  fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
         
--- --- ---

[/CODE]

MalwareBytes alle Berichte unauffällig.

Besser?^^

Alt 13.07.2011, 15:42   #11
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Desinfizierung nach Bootsektorfehlern, 2 Rechner betroffen - Standard

Desinfizierung nach Bootsektorfehlern, 2 Rechner betroffen



Ja hab ich übersehen - grundsätzlich sind hier aber Logs von verschiedenen Rechnern in einem Strang NICHT erwünscht. Mach für den zweiten Rechnern einen anderen Strang auf.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 13.07.2011, 16:34   #12
burningice
/// Malwareteam
 
Desinfizierung nach Bootsektorfehlern, 2 Rechner betroffen - Standard

Desinfizierung nach Bootsektorfehlern, 2 Rechner betroffen



ok^^
brauchst du hier noch etwas für? =)

Alt 13.07.2011, 19:37   #13
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Desinfizierung nach Bootsektorfehlern, 2 Rechner betroffen - Standard

Desinfizierung nach Bootsektorfehlern, 2 Rechner betroffen



Hast du denn hier schon Logs durcheinander gepostet? Ich will hier nicht erst die Logs durchsehen um zu unterscheiden was von welchem Rechner ist!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 13.07.2011, 19:57   #14
burningice
/// Malwareteam
 
Desinfizierung nach Bootsektorfehlern, 2 Rechner betroffen - Standard

Desinfizierung nach Bootsektorfehlern, 2 Rechner betroffen



http://www.trojaner-board.de/101284-...tml#post682338


alles was daa drin steht ist alles was ich von diesem einen rechner habe und gehört auch nur zu diesem einen.. Den rest musst nicht weiter beachten, anderer Thread jetzt.

Alt 13.07.2011, 20:14   #15
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Desinfizierung nach Bootsektorfehlern, 2 Rechner betroffen - Standard

Desinfizierung nach Bootsektorfehlern, 2 Rechner betroffen



Soll ich die Beiträge davor in einen neuen Thread auslagern oder hast du schon einen neuen erstellt?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu Desinfizierung nach Bootsektorfehlern, 2 Rechner betroffen
autorun, bluescreen, c:\windows\system32\rundll32.exe, chkdsk, cs4/contributeieplugin.dll, defender, explorer, firefox, funktioniert nicht mehr, harddisk, intrusion prevention, langs, locker, malware.trace, microsoft, nvlddmkm.sys, object, programme, pup.pswfinder, registry, security, sfc /scannow, starmoney, start menu, systemstartreperatur, trojan.fakealert, winlogon.exe



Ähnliche Themen: Desinfizierung nach Bootsektorfehlern, 2 Rechner betroffen


  1. Bluescreen nach ca 1 Stunde am Rechner
    Plagegeister aller Art und deren Bekämpfung - 17.11.2015 (5)
  2. Qick-Seeker.com Virus, PC und Festplatte betroffen! Nach Online-Scan über 20 schädliche Funde! Rettung möglich?
    Plagegeister aller Art und deren Bekämpfung - 18.04.2015 (61)
  3. Weißer Bildschirm nach Windows Start - nur ein Benutzer betroffen
    Log-Analyse und Auswertung - 15.04.2015 (1)
  4. E-Mail Account gehackt - Rechner betroffen?
    Log-Analyse und Auswertung - 24.06.2014 (5)
  5. E-Mail Account betroffen nach Sicherheitstest.bsi überprufung !!!!!
    Plagegeister aller Art und deren Bekämpfung - 26.01.2014 (9)
  6. Rechner sauber nach Recovery?
    Log-Analyse und Auswertung - 10.12.2013 (3)
  7. Desinfizierung durch Kaspersky nicht möglich: Trojan.Win32.Bromngr.k, HEUR:Trojan.Win32.Generic, Trojan-Downloader.Win32.MultiDL.I
    Plagegeister aller Art und deren Bekämpfung - 28.11.2013 (1)
  8. Nach GVU - ist mein Rechner sauber?
    Plagegeister aller Art und deren Bekämpfung - 18.03.2013 (12)
  9. Rechner nach ZAccess sauber?
    Plagegeister aller Art und deren Bekämpfung - 02.09.2012 (3)
  10. Rechner nach Virusfund sauber?
    Log-Analyse und Auswertung - 15.07.2012 (22)
  11. usb funktioniert nach einiger Zeit nicht mehr, Maus und Tastatur betroffen
    Alles rund um Windows - 22.09.2010 (7)
  12. Windows von Rechner A nach B!
    Alles rund um Windows - 22.03.2009 (13)
  13. Rechner friert ein nach Normalstart
    Log-Analyse und Auswertung - 20.03.2009 (2)
  14. Rechner stürzt nach Systemstart ab
    Plagegeister aller Art und deren Bekämpfung - 29.12.2008 (0)
  15. Nach vermeintlicher Desinfizierung PC sehr langsam --> noch Befallen?
    Log-Analyse und Auswertung - 26.12.2008 (2)
  16. Rechner langsam nach Trojaner
    Mülltonne - 10.11.2008 (0)
  17. Nach dem Runterfahren bleibt der Rechner an
    Alles rund um Windows - 08.12.2004 (8)

Zum Thema Desinfizierung nach Bootsektorfehlern, 2 Rechner betroffen - Hallu, vorgestern Abend ist plötzlich der Rechner von meinem Vater und meiner nach dem nächsten Start hängengeblieben und waren teilweise nichtmal in der Lage von CD zu booten. Ich ging - Desinfizierung nach Bootsektorfehlern, 2 Rechner betroffen...
Archiv
Du betrachtest: Desinfizierung nach Bootsektorfehlern, 2 Rechner betroffen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.