Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Backdoor.Tidserv auf dem Rechner - vollständig entfernt? (https://www.trojaner-board.de/98999-backdoor-tidserv-rechner-vollstaendig-entfernt.html)

UserofSeven 12.05.2011 18:19
Backdoor.Tidserv auf dem Rechner - vollständig entfernt?
 
Hallo!

Ich habe folgendes Problem: Vorhin benachrichtigte mich mein Norton, ein Backdoor (Backdoor.Tidserv) wurde von Auto-Protect gefunden und ich solle meinen PC neu starten. Nachdem ich dies getan hatte, erschien bei mir im Verlauf der Eintrag, alles wurde entfernt. Da es jedoch nur 2 Dateien waren, bin ich mir nicht 100%ig sicher, das alles restlos entfernt wurde; zumal es sich um einen relativ hartnäckigen Backdoor inklusive Rootkit handelt. Ich habe von der Symantec-Seite (und auch von der Norman-Seite) die Entfernungstools ausgeführt; das Symantec-Tool sagte mir, der MBR werde verdächtig genutzt, es wurde aber keine Tidserv-Infektion gefunden. Eine Reparatur ist deshalb nicht nötig/möglich.

Stutzig macht mich vor allem, dass die Datei ab 17:55 auf dem Rechner ist und um 17:57 zuletzt verwendet wurde. Zu beiden Zeiten befand ich mich bereits seit längerer Zeit nicht mehr am Rechner; ich hatte weder Browser noch sonstige Programme geöffnet. Ich habe die benser.exe also weder heruntergeladen noch ausgeführt.
Dies ist die erste "wirkliche" Infektion seit langem. Ich habe erst gestern das Avira Rescue System laufen lassen, heute Vormittag die Tools Malwarebyte's Anti-Malware und Emsisoft Anti-Malware.

Ich nutze weder Online-Spiele (auf dem Desktop befand sich eine nicht sichtbare casino.url) noch öffne ich wahllos unbekannte Dateien. Eigentlich bin ich ein relativ sicherheitsbewusster Nutzer und habe neben Norton noch das verhaltensbasierte ThreatFire sowie eine Router-Firewall laufen.

Hat jemand
1. eine Ahnung, woher der Backdoor kommt und
2. eine Ahnung, ob sich noch Reste auf dem Rechner befinden? Hat Norton alle Dateien, die zu diesem Backdoor gehören, gelöscht?


Hier das Norton-Protokoll zur Entfernung:

Code:
Vollständiger Pfad: c:\users\[benutzer]\downloads\benser.exe
____________________________
____________________________
Auf Computern ab:
12.05.2011 um 17:55:05
Zuletzt verwendet:
12.05.2011 um 17:57:19
Systemstartobjekt:
Ja
Gestartet:
Nein
____________________________
____________________________
Wenige Benutzer
Weniger als 50 Benutzer in der Norton Community haben diese Datei verwendet.
____________________________
Hoch
Das Risiko dieser Datei ist hoch.
____________________________
Bedrohungsdetails
Art der Bedrohung: Virus. Programme, die andere Programme, Dateien oder Computerbereiche infizieren, indem sie sich einfügen oder anhängen.
____________________________
Ursprung
Heruntergeladen von  URL nicht verfügbar

Quelldatei:
benser.exe
____________________________
Dateiaktionen
Datei: c:\users\niklas hoffmann\downloads\benser.exe
entfernt
Datei: C:\Users\Niklas Hoffmann\Desktop\Casino.url
entfernt
____________________________
Verdächtige Aktionen
Dienst geändert: spooler
Beendet
____________________________
Dateiabdruck - SHA:
e808631ef84fd2745ee2a858d281f38d63e75603722174e16bdc8bfae432983d
____________________________
Dateiabdruck - MD5:
cb0faa7b6795fd9db1ad8f33ea69b946
____________________________
Vielen Dank schonmal im Voraus!

UserofSeven

cosinus 12.05.2011 19:11
benser.exe ist lt. Internet-Recherche ein Bestandteil von Veritas-Backup. Derartige Software im Einsatz? Wohl nicht oder?

Malwarebytes hat was gefunden?

UserofSeven 12.05.2011 21:21
Nach der Datei benser.exe habe ich ebenfalls schon gesucht. Und nein, eine derartige Software habe ich nicht im Einsatz. Zumal die Datei erst seit heute Nachmittag im Download-Ordner existiert.

Ich habe vergessen zu erwähnen, dass weder Malwarebyte's noch Emsisoft oder ein Vollständiger Scan in Norton noch etwas gefunden hat. Allerdings hatte ich noch keine Zeit, eine Live-CD laufen zu lassen, da es sich ja um einen Backdoor handelt, der sich gut versteckt und direkt im MBR eingetragen ist. Ich habe allerdings die Prüfsumme bei Google eingegeben und bin auf Artikel von VirusTotal und einer anderen Malware-Analyseseite gestoßen, wobei beide zweifelsfrei belegen, dass es sich um den Tidserv-Backdoor handelt. Ein Fehlalarm ist folglich auszuschließen.

Im Protokoll von Norton steht zwar, es sei ein Systemstartobjekt, wurde jedoch noch nicht ausgeführt. Ob ich der Aussage Glauben schenken kann, dass der Virus noch nicht installiert wurde?

UserofSeven

cosinus 13.05.2011 15:50
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

UserofSeven 13.05.2011 17:30
So, der OTL-Scan ist fertig:

Code:
OTL logfile created on: 13.05.2011 17:42:55 - Run 1
OTL by OldTimer - Version 3.2.22.3    Folder = C:\Users\***\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 64,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 79,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 81,26 Gb Total Space | 14,67 Gb Free Space | 18,06% Space Free | Partition Type: NTFS
Drive D: | 151,52 Gb Total Space | 59,08 Gb Free Space | 38,99% Space Free | Partition Type: NTFS
Drive F: | 4,34 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive X: | 465,76 Gb Total Space | 45,33 Gb Free Space | 9,73% Space Free | Partition Type: NTFS
 
Computer Name: *** | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.05.13 17:39:26 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\***\Downloads\OTL.exe
PRC - [2011.04.17 02:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
PRC - [2011.04.01 07:09:36 | 002,860,800 | ---- | M] (Emsi Software GmbH) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
PRC - [2011.02.22 14:57:34 | 000,378,128 | ---- | M] (PC Tools) -- C:\Program Files (x86)\ThreatFire\TFTray.exe
PRC - [2011.02.22 14:57:30 | 000,070,928 | ---- | M] (PC Tools) -- C:\Program Files (x86)\ThreatFire\TFService.exe
PRC - [2011.01.30 17:45:14 | 000,821,144 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
PRC - [2010.11.30 02:23:56 | 001,037,672 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrv.exe
PRC - [2010.11.30 02:23:56 | 000,406,888 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrvProxy.exe
PRC - [2010.11.30 02:23:44 | 001,029,480 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrv.exe
PRC - [2010.11.30 02:23:44 | 000,406,888 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrvProxy.exe
PRC - [2010.09.13 21:43:53 | 000,115,056 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.4.155\SymcPCCULaunchSvc.exe
PRC - [2009.09.24 20:47:46 | 000,834,560 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
PRC - [2009.08.25 00:49:41 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.4.155\ccSvcHst.exe
PRC - [2009.08.23 14:47:34 | 000,716,800 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
PRC - [2006.11.02 20:40:12 | 000,174,656 | ---- | M] () -- C:\Windows\SysWOW64\PSIService.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.05.13 17:39:26 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\***\Downloads\OTL.exe
MOD - [2011.02.22 14:57:42 | 000,406,800 | ---- | M] (PC Tools) -- C:\Program Files (x86)\ThreatFire\TfWah.dll
MOD - [2010.11.20 13:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011.04.11 11:57:02 | 000,029,040 | ---- | M] (BitDefender) [Auto | Running] -- C:\Program Files\BitDefender\TrafficLight\bsserv.exe -- (bsserv)
SRV:64bit: - [2011.01.12 18:32:16 | 000,036,160 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2008.05.08 08:15:06 | 000,314,880 | ---- | M] (OptionNV) [Auto | Running] -- C:\Program Files\T-Mobile\GlobeTrotter Connect\GtDetectSc.exe -- (GtDetectSc)
SRV - [2011.05.04 15:49:05 | 003,274,328 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai\netsession_win_3f211bc.dll -- (Akamai)
SRV - [2011.04.17 02:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe -- (NIS)
SRV - [2011.04.01 07:09:36 | 002,860,800 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe -- (a2AntiMalware)
SRV - [2011.03.25 23:26:28 | 000,404,080 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)
SRV - [2011.03.25 23:26:16 | 000,113,264 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe -- (VMAuthdService)
SRV - [2011.03.25 22:27:40 | 000,539,248 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService)
SRV - [2011.03.25 03:14:52 | 000,057,640 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE -- (HssTrayService)
SRV - [2011.03.25 03:13:06 | 000,271,408 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe -- (hshld)
SRV - [2011.03.06 19:18:50 | 000,607,040 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2011.02.22 14:57:30 | 000,070,928 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files (x86)\ThreatFire\TFService.exe -- (ThreatFire)
SRV - [2011.02.10 15:29:24 | 000,150,528 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe -- (Sony Ericsson PCCompanion)
SRV - [2011.01.12 18:36:56 | 001,403,200 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011.01.12 18:32:10 | 000,030,016 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)
SRV - [2011.01.10 16:24:20 | 000,993,848 | ---- | M] (Secunia) [Disabled | Stopped] -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2011.01.10 16:24:20 | 000,399,416 | ---- | M] (Secunia) [Disabled | Stopped] -- C:\Program Files (x86)\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2011.01.05 20:30:36 | 000,352,304 | ---- | M] (AnchorFree Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv)
SRV - [2010.11.30 02:23:56 | 001,037,672 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrv.exe -- (SpeedDiskService)
SRV - [2010.11.30 02:23:44 | 001,029,480 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrv.exe -- (DiskDoctorService)
SRV - [2010.10.28 12:14:30 | 000,357,456 | ---- | M] (Logitech, Inc.) [Disabled | Stopped] -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2010.10.15 20:42:14 | 000,326,704 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -- (HssWd)
SRV - [2010.09.13 21:43:53 | 000,115,056 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.4.155\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher)
SRV - [2010.08.19 13:57:14 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\VMware\VMware Player\vmware-ufad.exe -- (ufad-ws60)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.08.25 00:49:41 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.4.155\ccSvcHst.exe -- (PCCUJobMgr)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2006.11.02 20:40:12 | 000,174,656 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PSIService.exe -- (ProtexisLicensing)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.05.11 16:44:24 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2011.05.03 16:59:45 | 000,027,176 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggsemc.sys -- (ggsemc)
DRV:64bit: - [2011.05.03 16:59:45 | 000,013,352 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggflt.sys -- (ggflt)
DRV:64bit: - [2011.03.31 05:04:12 | 000,043,640 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SymIMV.sys -- (SymIM)
DRV:64bit: - [2011.03.31 05:00:09 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2011.03.31 05:00:09 | 000,040,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2011.03.25 23:27:36 | 000,068,720 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86)
DRV:64bit: - [2011.03.25 23:27:34 | 000,081,008 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci)
DRV:64bit: - [2011.03.25 23:25:46 | 000,031,856 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMkbd.sys -- (vmkbd)
DRV:64bit: - [2011.03.25 23:25:34 | 000,030,320 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV:64bit: - [2011.03.25 22:27:36 | 000,038,512 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)
DRV:64bit: - [2011.03.25 20:05:00 | 000,037,680 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmusb.sys -- (vmusb)
DRV:64bit: - [2011.03.25 20:04:58 | 000,045,104 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV:64bit: - [2011.03.22 02:39:49 | 000,382,584 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\symnets.sys -- (SymNetS)
DRV:64bit: - [2011.03.15 04:31:23 | 000,912,504 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\symefa64.sys -- (SymEFA)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.03.06 21:22:02 | 000,273,456 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011.02.22 14:57:58 | 000,074,824 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TfSysMon.sys -- (TfSysMon)
DRV:64bit: - [2011.02.22 14:57:56 | 000,041,888 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\TfNetMon.sys -- (TfNetMon)
DRV:64bit: - [2011.02.22 14:57:54 | 000,065,072 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TfFsMon.sys -- (TfFsMon)
DRV:64bit: - [2011.02.11 19:16:38 | 010,628,640 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011.01.27 08:47:10 | 000,450,680 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\symds64.sys -- (SymDS)
DRV:64bit: - [2011.01.27 07:07:06 | 000,171,128 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\ironx64.sys -- (SymIRON)
DRV:64bit: - [2011.01.15 18:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2010.12.17 00:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010.11.30 02:24:02 | 000,191,232 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SymDSMon.sys -- (SymDSMon)
DRV:64bit: - [2010.11.30 02:24:02 | 000,163,384 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SymSpeedDisk.sys -- (SYMSpeedDisk)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 13:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010.11.20 12:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2010.09.22 21:19:02 | 000,056,832 | ---- | M] (AnchorFree Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HssDrv.sys -- (HssDrv)
DRV:64bit: - [2010.09.22 21:19:02 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)
DRV:64bit: - [2010.09.01 10:30:58 | 000,017,976 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\psi_mf.sys -- (PSI)
DRV:64bit: - [2010.08.24 19:29:54 | 000,041,040 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV:64bit: - [2010.08.24 19:29:10 | 000,063,568 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2010.06.10 04:45:38 | 001,605,632 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009.09.28 10:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009.08.13 08:38:24 | 000,029,184 | ---- | M] (CSR, plc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthAvrcp.sys -- (BthAvrcp)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009.07.03 10:40:18 | 010,916,352 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snpstd3.sys -- (SNPSTD3) USB PC Camera (SNPSTD3)
DRV:64bit: - [2009.06.10 22:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.04 19:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.05.28 16:38:04 | 000,013,824 | ---- | M] (SAMSUNG ELECTRONICS) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SABI.sys -- (SABI)
DRV:64bit: - [2009.05.18 10:47:08 | 000,034,152 | R--- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008.02.18 16:14:48 | 000,124,928 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Gt51Ip.sys -- (GT72NDISIPXP)
DRV:64bit: - [2008.02.08 12:00:42 | 000,080,896 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\gt72ubus.sys -- (GT72UBUS)
DRV:64bit: - [2007.03.30 12:38:16 | 000,010,624 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\gtptser.sys -- (GTPTSER)
DRV - [2011.05.10 06:57:14 | 000,481,912 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2011.05.10 06:57:14 | 000,136,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011.04.15 22:29:04 | 001,127,032 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20110430.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2011.03.31 06:43:38 | 001,828,984 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20110513.002\EX64.SYS -- (NAVEX15)
DRV - [2011.03.31 06:43:37 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20110513.002\ENG64.SYS -- (NAVENG)
DRV - [2011.03.14 20:58:28 | 000,476,792 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20110512.001\IDSviA64.sys -- (IDSVia64)
DRV - [2011.03.06 19:25:45 | 000,085,800 | ---- | M] (Emsi Software GmbH) [File_System | On_Demand | Stopped] -- C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys -- (a2acc)
DRV - [2011.02.25 15:39:50 | 000,102,992 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Programme\BitDefender\TrafficLight\bdfwfpf.sys -- (bdfwfpf_bs)
DRV - [2010.11.30 02:24:00 | 000,108,800 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\SymSpeedDisk.sys -- (SYMSpeedDisk)
DRV - [2010.08.19 13:56:38 | 000,032,816 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\VMware\VMware Player\vstor2-ws60.sys -- (vstor2-ws60)
DRV - [2010.02.24 14:41:50 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2009.07.03 10:15:12 | 010,526,464 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\snpstd3.sys -- (SNPSTD3) USB PC Camera (SNPSTD3)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = EF FA E8 F8 F9 EA CB 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 192.168.2.9:8080
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:5.5
FF - prefs.js..extensions.enabledItems: vtzilla@virustotal.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100908
FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.2
FF - prefs.js..extensions.enabledItems: web2pdfextension@web2pdf.adobedotcom:1.0
FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.77
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\IPSFFPlgn\ [2011.05.11 17:31:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\coFFPlgn\ [2011.05.10 06:56:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011.03.06 19:02:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.04.28 23:39:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.04.22 14:52:32 | 000,000,000 | ---D | M]
 
[2011.03.06 14:29:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2011.05.09 14:44:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\cjopaspx.default\extensions
[2011.05.09 14:44:17 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\cjopaspx.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.04.29 18:59:16 | 000,000,000 | ---D | M] (BitDefender QuickScan) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\cjopaspx.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2011.03.06 17:57:23 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\cjopaspx.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2011.03.06 16:14:49 | 000,000,000 | ---D | M] (VTzilla) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\cjopaspx.default\extensions\vtzilla@virustotal.com
[2011.03.06 14:29:59 | 000,002,449 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\cjopaspx.default\searchplugins\safesearch.xml
[2011.04.15 16:20:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.03.06 16:56:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.04.15 16:20:21 | 000,000,000 | ---D | M] (afurladvisor) -- C:\Program Files (x86)\mozilla firefox\extensions\afurladvisor@anchorfree.com
File not found (No name found) --
[2011.05.10 06:56:12 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\COFFPLGN
[2011.05.11 17:31:17 | 000,000,000 | ---D | M] (Symantec IPS) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\IPSFFPLGN
() (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CJOPASPX.DEFAULT\EXTENSIONS\{A0D7CCB3-214D-498B-B4AA-0E8FDA9A7BF7}.XPI
() (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CJOPASPX.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011.04.28 23:39:44 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.03.06 16:56:31 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.03.27 17:38:26 | 000,002,046 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrchddr.xml
[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (G Data CloudSecurity) - {AADAC261-4EE9-473A-AB95-D8E153424C38} - C:\Program Files (x86)\G Data\G Data CloudSecurity\CloudSecurityIE64.dll (G Data Software AG)
O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll (AnchorFree Inc.)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\IPS\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (G Data CloudSecurity) - {AADAC261-4EE9-473A-AB95-D8E153424C38} - C:\Program Files (x86)\G Data\G Data CloudSecurity\CloudSecurityIE.dll (G Data Software AG)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.)
O3:64bit: - HKLM\..\Toolbar: (G Data CloudSecurity) - {AADAC261-4EE9-473A-AB95-D8E153424C38} - C:\Program Files (x86)\G Data\G Data CloudSecurity\CloudSecurityIE64.dll (G Data Software AG)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (G Data CloudSecurity) - {AADAC261-4EE9-473A-AB95-D8E153424C38} - C:\Program Files (x86)\G Data\G Data CloudSecurity\CloudSecurityIE.dll (G Data Software AG)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ThreatFire] C:\Program Files (x86)\ThreatFire\TFTray.exe (PC Tools)
O4 - HKCU..\Run: [Adobe Acrobat Synchronizer] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe (Adobe Systems Incorporated)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Key error. - c:\Programme\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.09.16 18:35:50 | 000,956,848 | R--- | M] (mirabyte GmbH & Co. KG) - F:\autoexec.exe -- [ CDFS ]
O32 - AutoRun File - [2011.04.07 14:42:58 | 000,000,448 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2011.04.07 14:42:58 | 000,000,012 | R--- | M] () - F:\autorun.tag -- [ CDFS ]
O33 - MountPoints2\{f5df3ba0-47e7-11e0-abdb-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{f5df3ba0-47e7-11e0-abdb-806e6f6e6963}\Shell\AutoRun\command - "" = F:\zdata\cobi.exe -- [2010.12.30 13:33:40 | 004,292,096 | R--- | M] ()
O33 - MountPoints2\{ff0d3e26-58ac-11e0-b972-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{ff0d3e26-58ac-11e0-b972-806e6f6e6963}\Shell\AutoRun\command - "" = F:\setup.exe AUTORUN=1
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O34 - HKLM BootExecute: (C:\PROGRA~2\NO0530~1\Tools\SPEEDD~1\aDSBatch.exe /startup) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs:64bit: UxTuneUp - C:\Windows\SysNative\uxtuneup.dll (TuneUp Software)
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^web'n'walk Manager.lnk - C:\Programme\T-Mobile\GlobeTrotter Connect\web'n'walk Manager.exe - (T-Mobile)
MsConfig:64bit - StartUpFolder: C:^Users^***^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Produktregistrierung.lnk -  - File not found
MsConfig:64bit - StartUpFolder: C:^Users^***^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Warner Bros.lnk - C:\PROGRA~2\WARNER~1.DIG\WARNER~1.EXE - ()
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: BrMfcWnd - hkey= - key= - C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.)
MsConfig:64bit - StartUpReg: ControlCenter3 - hkey= - key= - C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
MsConfig:64bit - StartUpReg: dcmsvc - hkey= - key= - C:\Program Files (x86)\dcmsvc\dcmsvc.exe ()
MsConfig:64bit - StartUpReg: ICQ - hkey= - key= - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
MsConfig:64bit - StartUpReg: IndexSearch - hkey= - key= - C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe (Nuance Communications, Inc.)
MsConfig:64bit - StartUpReg: PaperPort PTD - hkey= - key= - C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
MsConfig:64bit - StartUpReg: PPort11reminder - hkey= - key= - C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.)
MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: snpstd3 - hkey= - key= - C:\Windows\vsnpstd3.exe ()
MsConfig:64bit - StartUpReg: Sony Ericsson PC Companion - hkey= - key= - C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe (Sony Ericsson)
MsConfig:64bit - StartUpReg: SSBkgdUpdate - hkey= - key= - C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig:64bit - StartUpReg: tsnpstd3 - hkey= - key= - C:\Windows\tsnpstd3.exe ()
MsConfig:64bit - StartUpReg: VirtualCloneDrive - hkey= - key= - C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
MsConfig:64bit - StartUpReg: VMware hqtray - hkey= - key= - C:\Program Files (x86)\VMware\VMware Player\hqtray.exe (VMware, Inc.)
MsConfig:64bit - State: "startup" - Reg Error: Key error.
MsConfig:64bit - State: "services" - Reg Error: Key error.
MsConfig:64bit - State: "bootini" - Reg Error: Key error.
 
SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.VMnc - C:\Windows\SysWow64\vmnc.dll (VMware, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.05.11 20:33:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\G Data
[2011.05.11 20:31:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BitDefender TrafficLight
[2011.05.11 20:31:25 | 000,000,000 | ---D | C] -- C:\Programme\BitDefender
[2011.05.11 17:19:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NAVIGON
[2011.05.09 14:46:12 | 000,000,000 | ---D | C] -- C:\Users\***\dwhelper
[2011.05.08 18:41:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2011.05.07 12:40:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nokia
[2011.05.07 11:18:28 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\COMPUTERBILD App-Center
[2011.05.07 11:18:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\COMPUTERBILD App-Center
[2011.05.06 21:32:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corel Paint Shop Pro X
[2011.05.06 21:31:57 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Corel
[2011.05.06 21:31:44 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Spool
[2011.05.06 21:31:41 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Meine PSP-Dateien
[2011.05.06 21:31:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Corel
[2011.05.06 21:29:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Corel
[2011.05.05 17:22:57 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\SISContents
[2011.05.05 17:22:57 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\SISContents
[2011.05.05 16:26:34 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\handy alt
[2011.05.03 18:18:48 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\MyPhoneExplorer
[2011.05.03 18:18:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyPhoneExplorer
[2011.05.03 18:18:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MyPhoneExplorer
[2011.05.03 17:00:11 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sony Ericsson
[2011.05.03 16:59:45 | 000,027,176 | ---- | C] (Sony Ericsson Mobile Communications) -- C:\Windows\SysNative\drivers\ggsemc.sys
[2011.05.03 16:59:45 | 000,013,352 | ---- | C] (Sony Ericsson Mobile Communications) -- C:\Windows\SysNative\drivers\ggflt.sys
[2011.05.01 17:08:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ICQ7.5
[2011.05.01 17:08:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ICQ7.5
[2011.05.01 16:26:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Avanquest Bluetooth SDK
[2011.04.28 16:59:02 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Norton Utilities
[2011.04.28 16:55:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Utilities 15
[2011.04.28 16:55:15 | 000,191,232 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SymDSMon.sys
[2011.04.28 16:55:15 | 000,163,384 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SymSpeedDisk.sys
[2011.04.28 16:55:15 | 000,108,800 | ---- | C] (Symantec Corporation) -- C:\Windows\SysWow64\drivers\SymSpeedDisk.sys
[2011.04.28 16:55:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec
[2011.04.28 16:55:13 | 001,101,824 | ---- | C] (Woodbury Associates Limited) -- C:\Windows\SysWow64\UniBox210.ocx
[2011.04.28 16:55:13 | 000,880,640 | ---- | C] (Woodbury Associates Limited) -- C:\Windows\SysWow64\UniBox10.ocx
[2011.04.28 16:55:13 | 000,212,992 | ---- | C] (Woodbury Associates Limited) -- C:\Windows\SysWow64\UniBoxVB12.ocx
[2011.04.28 16:55:09 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\UnErase
[2011.04.28 16:55:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec
[2011.04.28 16:55:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Utilities 15
[2011.04.28 16:48:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton Installer
[2011.04.28 16:46:58 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2011.04.22 14:11:33 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2011.04.21 13:10:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2011.04.21 13:10:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011.04.21 13:10:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2011.04.21 13:10:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2011.04.19 21:22:26 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Tific
[2011.04.19 21:22:01 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NortonPCCheckupx64
[2011.04.19 21:22:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton PC Checkup
[2011.04.19 21:22:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton PC Checkup
[2011.04.19 21:22:01 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NortonPCCheckupx64\0200040.09B
[2011.04.18 20:55:47 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Sync App Settings
[2011.04.18 20:55:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Sync App Settings
[2011.04.18 20:55:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Allway Sync
[2011.04.18 20:55:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Allway Sync
[2011.04.18 20:50:26 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker
[2011.04.18 20:50:25 | 000,000,000 | ---D | C] -- C:\Programme\Unlocker
[2011.04.18 17:58:36 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ
[2011.04.18 17:58:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VirtualDJ
[2011.04.18 17:58:30 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\VirtualDJ
[2011.04.17 17:21:15 | 000,000,000 | ---D | C] -- C:\Programme\Java
[2011.04.17 17:20:23 | 000,000,000 | ---D | C] -- C:\Users\***\.hgt
[2011.04.16 17:51:16 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Sony Ericsson
[2011.04.16 17:50:40 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Downloaded Installations
[2011.04.16 17:50:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony Corporation
[2011.04.16 17:50:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sony
[2011.04.16 17:49:29 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Apple
[2011.04.16 17:49:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2011.04.16 17:49:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2011.04.16 17:48:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sony Media Go Install
[2011.04.16 17:48:03 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Sony
[2011.04.16 17:33:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avanquest update
[2011.04.16 17:33:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Avanquest
[2011.04.16 17:33:00 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Sony Ericsson
[2011.04.16 17:33:00 | 000,000,000 | ---D | C] -- C:\ProgramData\BVRP Software
[2011.04.16 17:30:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony Ericsson
[2011.04.16 17:30:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony Ericsson
[2011.04.16 17:30:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sony Ericsson
[2011.04.16 17:21:49 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\My eBooks
[2011.04.16 17:21:49 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Mobipocket
[2011.04.16 17:21:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mobipocket.com
[2011.04.16 17:21:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mobipocket.com
[2011.04.16 17:16:02 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\andered
[2011.04.16 17:14:44 | 000,081,008 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vmci.sys
[2011.04.16 17:14:31 | 000,068,720 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vmx86.sys
[2011.04.16 17:13:51 | 000,404,080 | ---- | C] (VMware, Inc.) -- C:\Windows\SysWow64\vmnat.exe
[2011.04.16 17:13:47 | 000,030,320 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vmnetuserif.sys
[2011.04.16 17:13:29 | 000,968,816 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\vnetlib64.dll
[2011.04.16 17:12:06 | 000,031,856 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\VMkbd.sys
[2011.04.16 17:12:03 | 000,038,512 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\hcmon.sys
[2011.04.16 17:11:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VMware
[2011.04.16 17:11:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\VMware
[2011.04.15 16:54:19 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Garmin
[2011.04.15 16:41:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
[2011.04.15 16:20:38 | 000,000,000 | ---D | C] -- C:\Hotspot Shield
[2011.04.15 16:20:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotspot Shield
[2011.04.15 16:20:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hotspot Shield
[2011.04.15 15:16:56 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\WinRAR
[2011.03.06 21:44:20 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\rsnpstd3.dll
[2011.03.06 21:44:20 | 000,061,440 | ---- | C] ( ) -- C:\Windows\SysWow64\vsnpstd3.dll
[2011.03.06 21:44:19 | 000,053,248 | ---- | C] ( ) -- C:\Windows\csnpstd3.dll
 
========== Files - Modified Within 30 Days ==========
 
[2011.05.13 17:44:02 | 000,001,128 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.05.13 17:40:02 | 000,014,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.05.13 17:40:02 | 000,014,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.05.13 17:31:54 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.05.13 17:28:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.05.13 17:27:59 | 3190,247,424 | -HS- | M] () -- C:\hiberfil.sys
[2011.05.12 20:21:52 | 000,002,944 | ---- | M] () -- C:\{951E426C-C7DE-4E9B-9B6D-EE1AC04D4D0E}
[2011.05.12 19:09:57 | 000,000,280 | ---- | M] () -- C:\Windows\tasks\NUSchedule.job
[2011.05.12 18:01:50 | 000,097,533 | ---- | M] () -- C:\Users\***\Desktop\sportfest_kiga_urkunde.pdf
[2011.05.12 15:14:58 | 000,003,240 | ---- | M] () -- C:\{EDEF5BF2-638C-4E7A-A268-7E0420865ED6}
[2011.05.12 15:03:18 | 000,002,288 | ---- | M] () -- C:\{079C4A87-704D-404A-AAA0-0C4B01C9526E}
[2011.05.12 15:01:30 | 000,002,328 | ---- | M] () -- C:\{172ED615-3AAF-4677-AB39-36C78F574174}
[2011.05.12 14:59:10 | 000,002,288 | ---- | M] () -- C:\{5D301076-5A2D-4F3C-A62D-75B4A15F431E}
[2011.05.12 14:57:25 | 000,002,304 | ---- | M] () -- C:\{514C636A-0F10-4506-B95B-6ACBDE748D7F}
[2011.05.12 14:56:20 | 000,002,176 | ---- | M] () -- C:\{02BB46FB-3816-4FFF-9663-69AC36A68489}
[2011.05.12 14:54:54 | 000,002,384 | ---- | M] () -- C:\{BDF2B3B9-C039-4AA5-9A19-F84F42A3B620}
[2011.05.12 14:52:46 | 000,002,208 | ---- | M] () -- C:\{C7582B8E-4019-4F2D-85B8-F039E5DCC2DE}
[2011.05.12 14:27:02 | 000,002,344 | ---- | M] () -- C:\{634DB7A9-CF84-4853-866F-463944868404}
[2011.05.12 14:12:25 | 000,002,384 | ---- | M] () -- C:\{7711DD56-8AD0-412D-A3AF-FD78C4192F6A}
[2011.05.12 14:06:57 | 000,002,520 | ---- | M] () -- C:\{F9026E66-A9F7-4239-9BF8-CA1A939396EB}
[2011.05.12 11:26:40 | 001,515,352 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.05.12 11:26:40 | 000,660,360 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.05.12 11:26:40 | 000,621,596 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.05.12 11:26:40 | 000,132,226 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.05.12 11:26:40 | 000,108,442 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.05.11 22:09:59 | 000,002,304 | ---- | M] () -- C:\{6488C6A4-FEB8-4DC2-8693-8729D1202A75}
[2011.05.11 22:02:17 | 000,002,176 | ---- | M] () -- C:\{7BEB696D-0519-4104-B796-D954BB12F796}
[2011.05.11 21:52:27 | 000,002,384 | ---- | M] () -- C:\{C48B1795-50D4-4872-8CED-DBCBFA982DE5}
[2011.05.11 21:44:12 | 000,002,208 | ---- | M] () -- C:\{540A8309-6AA2-4CB3-B9BD-1F21F7199704}
[2011.05.11 21:38:05 | 000,002,736 | ---- | M] () -- C:\{16B3E0AC-C0A2-4A63-9A51-317B078EAE0A}
[2011.05.11 21:33:23 | 000,003,048 | ---- | M] () -- C:\{5813D748-394D-472C-9730-8B37E09624A8}
[2011.05.11 17:30:51 | 001,338,472 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\Cat.DB
[2011.05.11 17:29:38 | 000,002,498 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2011.05.11 17:19:02 | 000,001,342 | ---- | M] () -- C:\Users\Public\Desktop\NAVIGON Fresh.lnk
[2011.05.11 16:44:24 | 000,174,200 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2011.05.11 16:44:24 | 000,007,488 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2011.05.11 16:44:24 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2011.05.09 19:41:52 | 000,352,032 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.05.09 14:46:42 | 007,052,143 | ---- | M] () -- C:\Users\***\Desktop\Vodafone Werbung - Willkommen im besten Netz von Vodafone.flv
[2011.05.09 14:24:03 | 002,253,349 | ---- | M] () -- C:\Users\***\Desktop\Mobilfunkpartner weltweit.pdf
[2011.05.06 21:55:34 | 000,000,952 | -HS- | M] () -- C:\Windows\SysWow64\KGyGaAvL.sys
[2011.05.03 17:45:37 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ggsemc_01007.Wdf
[2011.05.03 17:45:37 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ggflt_01007.Wdf
[2011.05.03 16:59:45 | 000,027,176 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\Windows\SysNative\drivers\ggsemc.sys
[2011.05.03 16:59:45 | 000,013,352 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\Windows\SysNative\drivers\ggflt.sys
[2011.04.30 20:01:45 | 000,002,219 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Google Calendar Sync.lnk
[2011.04.29 05:29:05 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\isolate.ini
[2011.04.28 16:55:19 | 000,001,057 | ---- | M] () -- C:\Users\Public\Desktop\Norton Utilities 15.lnk
[2011.04.19 21:41:23 | 000,003,448 | ---- | M] () -- C:\{4F374361-4858-458E-8B0A-12E7CCECAB09}
[2011.04.19 21:37:43 | 000,003,208 | ---- | M] () -- C:\{92E9180A-A344-4186-9D56-9AD1EF75751E}
[2011.04.18 20:40:29 | 000,013,358 | -HS- | M] () -- C:\Users\***\Desktop\Folder.jpg
[2011.04.18 20:40:29 | 000,005,013 | -HS- | M] () -- C:\Users\***\Desktop\AlbumArtSmall.jpg
[2011.04.18 17:58:39 | 000,000,983 | ---- | M] () -- C:\Users\***\Desktop\VirtualDJ Home FREE.lnk
[2011.04.16 18:22:20 | 000,000,501 | ---- | M] () -- C:\Users\***\Desktop\Windows 7 (C).lnk
[2011.04.16 17:33:04 | 001,535,066 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.04.16 17:11:59 | 000,001,024 | ---- | M] () -- C:\.rnd
 
========== Files Created - No Company Name ==========
 
[2011.05.12 20:21:50 | 000,002,944 | ---- | C] () -- C:\{951E426C-C7DE-4E9B-9B6D-EE1AC04D4D0E}
[2011.05.12 18:01:50 | 000,097,533 | ---- | C] () -- C:\Users\***\Desktop\sportfest_kiga_urkunde.pdf
[2011.05.12 15:14:57 | 000,003,240 | ---- | C] () -- C:\{EDEF5BF2-638C-4E7A-A268-7E0420865ED6}
[2011.05.12 15:03:18 | 000,002,288 | ---- | C] () -- C:\{079C4A87-704D-404A-AAA0-0C4B01C9526E}
[2011.05.12 15:01:29 | 000,002,328 | ---- | C] () -- C:\{172ED615-3AAF-4677-AB39-36C78F574174}
[2011.05.12 14:59:09 | 000,002,288 | ---- | C] () -- C:\{5D301076-5A2D-4F3C-A62D-75B4A15F431E}
[2011.05.12 14:57:24 | 000,002,304 | ---- | C] () -- C:\{514C636A-0F10-4506-B95B-6ACBDE748D7F}
[2011.05.12 14:56:20 | 000,002,176 | ---- | C] () -- C:\{02BB46FB-3816-4FFF-9663-69AC36A68489}
[2011.05.12 14:54:52 | 000,002,384 | ---- | C] () -- C:\{BDF2B3B9-C039-4AA5-9A19-F84F42A3B620}
[2011.05.12 14:52:45 | 000,002,208 | ---- | C] () -- C:\{C7582B8E-4019-4F2D-85B8-F039E5DCC2DE}
[2011.05.12 14:27:02 | 000,002,344 | ---- | C] () -- C:\{634DB7A9-CF84-4853-866F-463944868404}
[2011.05.12 14:12:25 | 000,002,384 | ---- | C] () -- C:\{7711DD56-8AD0-412D-A3AF-FD78C4192F6A}
[2011.05.12 14:06:57 | 000,002,520 | ---- | C] () -- C:\{F9026E66-A9F7-4239-9BF8-CA1A939396EB}
[2011.05.11 22:09:56 | 000,002,304 | ---- | C] () -- C:\{6488C6A4-FEB8-4DC2-8693-8729D1202A75}
[2011.05.11 22:02:15 | 000,002,176 | ---- | C] () -- C:\{7BEB696D-0519-4104-B796-D954BB12F796}
[2011.05.11 21:52:24 | 000,002,384 | ---- | C] () -- C:\{C48B1795-50D4-4872-8CED-DBCBFA982DE5}
[2011.05.11 21:44:02 | 000,002,208 | ---- | C] () -- C:\{540A8309-6AA2-4CB3-B9BD-1F21F7199704}
[2011.05.11 21:38:04 | 000,002,736 | ---- | C] () -- C:\{16B3E0AC-C0A2-4A63-9A51-317B078EAE0A}
[2011.05.11 21:33:22 | 000,003,048 | ---- | C] () -- C:\{5813D748-394D-472C-9730-8B37E09624A8}
[2011.05.11 17:19:02 | 000,001,342 | ---- | C] () -- C:\Users\Public\Desktop\NAVIGON Fresh.lnk
[2011.05.09 14:46:17 | 007,052,143 | ---- | C] () -- C:\Users\***\Desktop\Vodafone Werbung - Willkommen im besten Netz von Vodafone.flv
[2011.05.09 14:24:03 | 002,253,349 | ---- | C] () -- C:\Users\***\Desktop\Mobilfunkpartner weltweit.pdf
[2011.05.08 18:39:58 | 000,001,128 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.05.08 18:39:58 | 000,001,124 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.05.06 21:33:19 | 000,000,952 | -HS- | C] () -- C:\Windows\SysWow64\KGyGaAvL.sys
[2011.05.03 17:45:37 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ggsemc_01007.Wdf
[2011.05.03 17:45:37 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ggflt_01007.Wdf
[2011.04.28 16:57:05 | 000,000,280 | ---- | C] () -- C:\Windows\tasks\NUSchedule.job
[2011.04.28 16:55:19 | 000,001,057 | ---- | C] () -- C:\Users\Public\Desktop\Norton Utilities 15.lnk
[2011.04.28 16:55:13 | 000,039,784 | ---- | C] () -- C:\Windows\SysNative\CleanMFT64.exe
[2011.04.19 21:41:19 | 000,003,448 | ---- | C] () -- C:\{4F374361-4858-458E-8B0A-12E7CCECAB09}
[2011.04.19 21:37:39 | 000,003,208 | ---- | C] () -- C:\{92E9180A-A344-4186-9D56-9AD1EF75751E}
[2011.04.19 21:22:01 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NortonPCCheckupx64\0200040.09B\isolate.ini
[2011.04.18 20:40:29 | 000,013,358 | -HS- | C] () -- C:\Users\***\Desktop\Folder.jpg
[2011.04.18 20:40:29 | 000,005,013 | -HS- | C] () -- C:\Users\***\Desktop\AlbumArtSmall.jpg
[2011.04.18 17:58:39 | 000,000,983 | ---- | C] () -- C:\Users\***\Desktop\VirtualDJ Home FREE.lnk
[2011.04.16 17:49:26 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2011.04.09 14:54:17 | 000,000,416 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011.04.09 14:54:17 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD7045N.DAT
[2011.04.09 14:51:26 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL
[2011.04.09 14:51:21 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI
[2011.04.09 14:48:24 | 000,031,864 | ---- | C] () -- C:\Windows\maxlink.ini
[2011.03.07 15:59:47 | 001,535,066 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.03.06 21:44:23 | 000,835,584 | ---- | C] () -- C:\Windows\vsnpstd3.exe
[2011.03.06 21:44:23 | 000,339,968 | ---- | C] () -- C:\Windows\tsnpstd3.exe
[2011.03.06 21:44:23 | 000,015,498 | ---- | C] () -- C:\Windows\snpstd3.ini
[2010.08.25 20:34:30 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2010.08.25 20:34:30 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2010.08.25 20:34:30 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:59:36 | 000,139,824 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006.11.02 20:40:12 | 000,174,656 | ---- | C] () -- C:\Windows\SysWow64\PSIService.exe
 
========== LOP Check ==========
 
[2011.05.09 17:06:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ALFBanCo4
[2011.04.07 20:00:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Amazon
[2011.03.07 23:01:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ashampoo
[2011.03.06 18:23:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Audacity
[2011.03.06 18:09:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Auslogics
[2011.04.13 15:04:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\com.warnerbros.DigitalCopyManager.449F66ACC381FDC604DC2AA255FEECEEBBBEE1E5.1
[2011.05.07 21:37:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FileZilla
[2011.04.15 16:54:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Garmin
[2011.03.25 17:00:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Gmail Backup
[2011.04.20 23:01:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gnupg
[2011.05.10 08:41:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ
[2011.03.06 21:42:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Leadertech
[2011.04.09 15:09:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\map&guide
[2011.04.16 17:26:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mobipocket
[2011.05.03 18:19:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MyPhoneExplorer
[2011.03.06 18:24:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Notepad++
[2011.04.16 18:46:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\QuickScan
[2011.04.16 17:48:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Sony
[2011.04.18 20:55:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Sync App Settings
[2011.04.19 21:22:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Tific
[2011.04.10 19:54:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TrustPort
[2011.03.06 19:11:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TuneUp Software
[2011.05.12 19:09:57 | 000,000,280 | ---- | M] () -- C:\Windows\Tasks\NUSchedule.job
[2011.05.03 15:22:50 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.04.13 15:01:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Adobe
[2011.05.09 17:06:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ALFBanCo4
[2011.04.07 20:00:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Amazon
[2011.03.07 23:01:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ashampoo
[2011.03.06 18:23:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Audacity
[2011.03.06 18:09:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Auslogics
[2011.04.13 15:04:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\com.warnerbros.DigitalCopyManager.449F66ACC381FDC604DC2AA255FEECEEBBBEE1E5.1
[2011.05.06 21:31:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Corel
[2011.03.19 21:34:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\dvdcss
[2011.05.07 21:37:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FileZilla
[2011.04.15 16:54:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Garmin
[2011.03.25 17:00:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Gmail Backup
[2011.04.20 23:01:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gnupg
[2011.05.10 08:41:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ
[2011.03.06 14:09:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Identities
[2011.03.06 21:20:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\InstallShield
[2011.03.06 21:42:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Leadertech
[2011.03.06 21:39:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Logishrd
[2011.03.06 21:42:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Logitech
[2011.03.06 14:18:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Macromedia
[2011.03.06 18:33:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2011.04.09 15:09:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\map&guide
[2009.07.14 20:18:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Media Center Programs
[2011.05.08 21:27:45 | 000,000,000 | --SD | M] -- C:\Users\***\AppData\Roaming\Microsoft
[2011.04.16 17:26:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mobipocket
[2011.03.06 14:29:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mozilla
[2011.05.03 18:19:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MyPhoneExplorer
[2011.05.11 19:28:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Norton Utilities
[2011.03.06 18:24:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Notepad++
[2011.04.16 18:46:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\QuickScan
[2011.04.16 17:48:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Sony
[2011.04.18 20:55:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Sync App Settings
[2011.04.19 21:22:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Tific
[2011.04.10 19:54:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TrustPort
[2011.03.06 19:11:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TuneUp Software
[2011.05.09 16:46:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\vlc
[2011.05.07 12:41:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\VMware
[2011.04.15 15:16:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2011.04.13 15:01:30 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\***\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2011.03.06 21:42:04 | 000,053,248 | R--- | M] (Acresso Software Inc.) -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
[2011.05.07 11:18:28 | 000,137,750 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{45FF7828-3974-44AF-9336-B1C1F6F1BF81}\_294D4040875C391AE5FF95.exe
[2011.05.07 11:18:28 | 000,137,750 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{45FF7828-3974-44AF-9336-B1C1F6F1BF81}\_3D91AB041EB60560DE708F.exe
[2011.05.07 11:18:28 | 000,010,134 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{45FF7828-3974-44AF-9336-B1C1F6F1BF81}\_5B017D2AC6508B1939B0A4.exe
[2011.05.07 11:18:28 | 000,137,750 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{45FF7828-3974-44AF-9336-B1C1F6F1BF81}\_853F67D554F05449430E7E.exe
[2011.03.21 13:36:50 | 000,106,768 | ---- | M] () -- C:\Users\***\AppData\Roaming\TrustPort\tmpABE8.tmp\carshellhlpr.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EVENTLOG.DLL  >
[2009.12.20 00:00:00 | 000,037,520 | ---- | M] (perl.org) MD5=2852D57385C4709EAAE2F9DB01AD3672 -- C:\xampp\perl\site\lib\auto\Win32\EventLog\EventLog.dll
 
< MD5 for: IASTOR.SYS  >
[2009.06.04 19:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2009.06.04 19:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Windows\SysNative\drivers\iaStor.sys
[2009.06.04 19:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_7fb62b08f6b7117a\iaStor.sys
[2009.06.04 19:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
<          >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:D287FACF
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:D3A96964

< End of report >

cosinus 13.05.2011 18:32
Zitat:
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\IPS\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (G Data CloudSecurity) - {AADAC261-4EE9-473A-AB95-D8E153424C38} - C:\Program Files (x86)\G Data\G Data CloudSecurity\CloudSecurityIE.dll (G Data Software AG)
Muss das Zeug unbedingt sein?
Meine Empfehlung wäre: beides deinstallieren, reiner Virenscanner rauf - zB MS Security Essentials - plus Windows-Firewall. Schlank und effektiv.

UserofSeven 13.05.2011 18:51
Ja, Symantec muss sein :). Bin seit vielen Jahren zufrieden und das soll auch so bleiben.
Was GData Cloud-Security angeht ist dies ein reiner Browser-Schutz, um infizierte Seiten zu blockieren. Dieser hat mit dem eigentlichen Virenscanner nichts zu tun. Als Virenscanner habe ich nur Norton inklusive ThreatFire für den Verhaltensbasierten Schutz; ansonsten nur reine Scanner (ohne Wächter) und halt den Browser-Schutz.

Das IPS-System hat schon so manche verseuchte Seite von einem Drive-by-Download abgehalten. Das tausche ich nie im Leben gegen Microsoft Security Essentials.

Um aber auf das eigentliche Thema zurück zu kommen:
Gibt es Anzeichen für eine bestehende Infektion oder wurde der Backdoor erfolgreich an der Installation gehindert?

UserofSeven

cosinus 13.05.2011 19:22
Zitat:
Das IPS-System hat schon so manche verseuchte Seite von einem Drive-by-Download abgehalten.
Dass du mit einer IS aber viel mehr Probleme ins Boot holst ist anscheinend nicht bekannt.
Eingeschränkte Rechte, ständig aktuelle Software wie Browser, Flashplayer, PDF-Reader, Java etc. können und werden niemals von so einer angeblichen Rundum-Sorglos geschichte ersetzt werden. Wie so oft haben sich Suites als dämliche Pappkameraden herauskristallisiert.

Dieser Artikel ist bekannt? => Editorial | c't

:pfeiff:

UserofSeven 13.05.2011 19:37
Zitat:
und Papa Norton lässt seinen Kindern viel zu viel durchgehen.
Nun, wenn's weiter nichts ist. Die Kindersicherung nutze ich eh nicht ;)

Mal abgesehen davon, maximal werde ich nach Ablauf der Lizenz überlegen, auf Norton AntiVirus umzustellen. Aber Symantec bleibt, eben weil ich gute Erfahrungen gemacht habe.

Nicht umsonst nutze ich ein Virtuellen Computer mit VMware (wie in OTL zu sehen war). Ich habe hier schon einige kostenlose als auch kostenpflichtige Produkte getestet. Mal abgesehen davon, dass es meinen positiven Eindruck von Norton untermauert hat, ist mir aufgefallen, dass reine Virenscanner viel zu spät Drive-by-Downloads usw. blockieren. Ich habe einige infizierte Seiten provoziert, bei denen das integrierte Intrusion Prevention System viel früher angeschlagen hat, während die reinen Scanner nicht oder erst viel zu spät eingegriffen haben. Manche zum Beispiel haben den bereits installierten Virus daran gehindert, weitere Dateien nachzuladen, konnten den Virus allerdings weder an der Installation hindern, noch ihn einige Tage später (nachdem dann der Virus bekannt war) entfernen.

Dass eine Suite aktuelle Systeme und Programme nicht ersetzt ist mit durchaus bekannt. Im Gegenteil, darauf achte ich eigentlich relativ stark.

UserofSeven

cosinus 13.05.2011 19:52
Zitat:
dass reine Virenscanner viel zu spät Drive-by-Downloads usw. blockieren.
Wieso sollen reine Virenscanner da weniger Schwächen haben?
Und wenn; ist das ein grund sich auf die "bessere" Programm zu verlassen? :pfeiff:

Zitat:
Dass eine Suite aktuelle Systeme und Programme nicht ersetzt ist mit durchaus bekannt. Im Gegenteil, darauf achte ich eigentlich relativ stark.
Eben. Dann wundert es mich, dass du dir Gedanken um DbD machst.

Wollen wir nochmal deinen MBR unter die Lupe nehmen?

UserofSeven 13.05.2011 19:58
Zitat:
Wollen wir nochmal deinen MBR unter die Lupe nehmen?
Da sich der Backdoor laut dem Symantec Virenlabor im MBR einnistet ist dies vielleicht sinnvoll.

Und dass manche Virenscanner DbDs zu spät blockieren liegt ganz einfach daran, dass sie den Datenstrom nicht überwachen. Bis auf einige wenige Ausnahmen (z. B. avast!) scannen sie nur auf die Platte geschriebene Dateien; je nach Einstellung auch erst beim Ausführen einer Datei. So auch das bekannte Avira. Und MSE kommt mir auch nicht auf die Platte. Es nutzt immer noch die Windows Updates für seine Virendefinitionen. Und das wird ja auch gern mal ausgeschaltet (von den Schädlingen).

UserofSeven

cosinus 13.05.2011 20:03
Zitat:
Es nutzt immer noch die Windows Updates für seine Virendefinitionen.
MSE aktualisiert mW 1x täglich die Signaturen. Du meinst es nutzt den Updatedienst Automatische Updates? Wenn der ausgeknippst werden kann, können auch die anderen Virenscanner deaktiviert werden, von daher ist das kein Argument gegen MSE.


Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - also beide Haken setzen, auf Start scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

http://www.trojaner-board.de/attachm...rnen-start.png


Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

UserofSeven 13.05.2011 20:41
Auf weitere Argumente zum richtigen Antivirenprogramm verzichte ich an dieser Stelle mal.

Kaspersky hat (ebenso wie Symantec und Norman vorher) nichts gefunden.

Code:
2011/05/13 21:37:09.0227 2204        TDSS rootkit removing tool 2.5.1.0 May 13 2011 13:20:29
2011/05/13 21:37:11.0241 2204        ================================================================================
2011/05/13 21:37:11.0242 2204        SystemInfo:
2011/05/13 21:37:11.0242 2204       
2011/05/13 21:37:11.0242 2204        OS Version: 6.1.7601 ServicePack: 1.0
2011/05/13 21:37:11.0242 2204        Product type: Workstation
2011/05/13 21:37:11.0242 2204        ComputerName: LAPTOP-NIK
2011/05/13 21:37:11.0243 2204        UserName: ***
2011/05/13 21:37:11.0243 2204        Windows directory: C:\Windows
2011/05/13 21:37:11.0243 2204        System windows directory: C:\Windows
2011/05/13 21:37:11.0243 2204        Running under WOW64
2011/05/13 21:37:11.0243 2204        Processor architecture: Intel x64
2011/05/13 21:37:11.0244 2204        Number of processors: 2
2011/05/13 21:37:11.0244 2204        Page size: 0x1000
2011/05/13 21:37:11.0244 2204        Boot type: Normal boot
2011/05/13 21:37:11.0244 2204        ================================================================================
2011/05/13 21:37:19.0402 2204        Initialize success
2011/05/13 21:37:23.0969 5832        ================================================================================
2011/05/13 21:37:23.0970 5832        Scan started
2011/05/13 21:37:23.0970 5832        Mode: Manual;
2011/05/13 21:37:23.0970 5832        ================================================================================
2011/05/13 21:37:25.0491 5832        1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
2011/05/13 21:37:25.0611 5832        a2acc          (0b8ed3de81ec30ad50873f033b34b39e) C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys
2011/05/13 21:37:25.0774 5832        ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
2011/05/13 21:37:25.0860 5832        AcpiPmi        (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
2011/05/13 21:37:25.0976 5832        adp94xx        (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/05/13 21:37:26.0092 5832        adpahci        (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/05/13 21:37:26.0138 5832        adpu320        (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/05/13 21:37:26.0213 5832        AFD            (d31dc7a16dea4a9baf179f3d6fbdb38c) C:\Windows\system32\drivers\afd.sys
2011/05/13 21:37:26.0310 5832        agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
2011/05/13 21:37:26.0392 5832        aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
2011/05/13 21:37:26.0455 5832        amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
2011/05/13 21:37:26.0513 5832        AmdK8          (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/05/13 21:37:26.0591 5832        AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/05/13 21:37:26.0650 5832        amdsata        (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
2011/05/13 21:37:26.0844 5832        amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/05/13 21:37:26.0923 5832        amdxata        (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
2011/05/13 21:37:26.0987 5832        AppID          (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
2011/05/13 21:37:27.0162 5832        arc            (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/05/13 21:37:27.0219 5832        arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/05/13 21:37:27.0334 5832        AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/05/13 21:37:27.0682 5832        atapi          (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
2011/05/13 21:37:27.0882 5832        athr            (2c0bb386e86670bb1b1a57caaef3e50d) C:\Windows\system32\DRIVERS\athrx.sys
2011/05/13 21:37:28.0232 5832        b06bdrv        (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/05/13 21:37:28.0343 5832        b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/05/13 21:37:28.0522 5832        bdfwfpf_bs      (ebd18094c1530d51a62e36f2572800ed) C:\Program Files\BitDefender\TrafficLight\bdfwfpf.sys
2011/05/13 21:37:28.0623 5832        Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/05/13 21:37:28.0806 5832        BHDrvx64        (3b9b31981894123f78c4ef0d97184319) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20110430.001\BHDrvx64.sys
2011/05/13 21:37:29.0011 5832        blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/05/13 21:37:29.0105 5832        bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
2011/05/13 21:37:29.0163 5832        BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/05/13 21:37:29.0312 5832        BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/05/13 21:37:29.0407 5832        Brserid        (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/05/13 21:37:29.0482 5832        BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/05/13 21:37:29.0525 5832        BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/05/13 21:37:29.0700 5832        BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/05/13 21:37:29.0876 5832        BthAvrcp        (832b121e4532919cc49f2438f1dcaa21) C:\Windows\system32\DRIVERS\BthAvrcp.sys
2011/05/13 21:37:29.0997 5832        BthEnum        (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\DRIVERS\BthEnum.sys
2011/05/13 21:37:30.0098 5832        BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/05/13 21:37:30.0155 5832        BthPan          (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
2011/05/13 21:37:30.0268 5832        BTHPORT        (0d25b6d300ba26a5f2c3b2a8e96b158b) C:\Windows\system32\Drivers\BTHport.sys
2011/05/13 21:37:30.0394 5832        BTHUSB          (1f9912f8ec5bfa53432e71e150636a8a) C:\Windows\system32\Drivers\BTHUSB.sys
2011/05/13 21:37:30.0449 5832        cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/05/13 21:37:30.0508 5832        cdrom          (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
2011/05/13 21:37:30.0618 5832        circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/05/13 21:37:30.0694 5832        CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/05/13 21:37:30.0840 5832        CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/05/13 21:37:30.0882 5832        cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
2011/05/13 21:37:30.0943 5832        CNG            (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
2011/05/13 21:37:31.0084 5832        Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/05/13 21:37:31.0133 5832        CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
2011/05/13 21:37:31.0250 5832        crcdisk        (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/05/13 21:37:31.0342 5832        CSC            (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
2011/05/13 21:37:31.0499 5832        DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
2011/05/13 21:37:31.0581 5832        discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/05/13 21:37:31.0634 5832        Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/05/13 21:37:31.0790 5832        drmkaud        (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/05/13 21:37:31.0919 5832        DXGKrnl        (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
2011/05/13 21:37:32.0182 5832        ebdrv          (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/05/13 21:37:32.0385 5832        eeCtrl          (eb0883462ac43829e47929d705d40933) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
2011/05/13 21:37:32.0540 5832        ElbyCDIO        (a05fc7eca0966ebb70e4d17b855a853b) C:\Windows\system32\Drivers\ElbyCDIO.sys
2011/05/13 21:37:32.0626 5832        elxstor        (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/05/13 21:37:32.0798 5832        EraserUtilRebootDrv (86fc0d272f6bb43e7214d4ba955a41e7) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2011/05/13 21:37:32.0888 5832        ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
2011/05/13 21:37:33.0006 5832        exfat          (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/05/13 21:37:33.0083 5832        fastfat        (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/05/13 21:37:33.0136 5832        fdc            (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/05/13 21:37:33.0216 5832        FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/05/13 21:37:33.0301 5832        Filetrace      (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/05/13 21:37:33.0361 5832        flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/05/13 21:37:33.0424 5832        FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
2011/05/13 21:37:33.0556 5832        FsDepends      (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/05/13 21:37:33.0637 5832        Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/05/13 21:37:33.0704 5832        fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
2011/05/13 21:37:33.0760 5832        gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/05/13 21:37:33.0855 5832        GEARAspiWDM    (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/05/13 21:37:33.0963 5832        ggflt          (a4198f2bd8aa592cb90476277a81b5e1) C:\Windows\system32\DRIVERS\ggflt.sys
2011/05/13 21:37:34.0075 5832        ggsemc          (d266350bdaab9eb6c1aec370eeaaff3a) C:\Windows\system32\DRIVERS\ggsemc.sys
2011/05/13 21:37:34.0164 5832        GT72NDISIPXP    (e69d3bff7ae9c6d33419a80e13692c2f) C:\Windows\system32\DRIVERS\Gt51Ip.sys
2011/05/13 21:37:34.0225 5832        GT72UBUS        (7e1ef45f4287614ac48e5ad7b5b46d70) C:\Windows\system32\DRIVERS\gt72ubus.sys
2011/05/13 21:37:34.0359 5832        GTPTSER        (261cd8a73e74b496c29007ea761cda05) C:\Windows\system32\DRIVERS\gtptser.sys
2011/05/13 21:37:34.0474 5832        hcmon          (d5fa01185a7d5a65724fd87b34e53f5b) C:\Windows\system32\drivers\hcmon.sys
2011/05/13 21:37:34.0559 5832        hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/05/13 21:37:34.0622 5832        HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
2011/05/13 21:37:34.0733 5832        HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
2011/05/13 21:37:34.0780 5832        HidBatt        (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/05/13 21:37:34.0822 5832        HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/05/13 21:37:34.0864 5832        HidIr          (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/05/13 21:37:34.0966 5832        HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
2011/05/13 21:37:35.0053 5832        HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
2011/05/13 21:37:35.0135 5832        HssDrv          (a60c877e1cd3aa2e4e5ccd8af305c0f1) C:\Windows\system32\DRIVERS\HssDrv.sys
2011/05/13 21:37:35.0312 5832        HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
2011/05/13 21:37:35.0427 5832        hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
2011/05/13 21:37:35.0482 5832        i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
2011/05/13 21:37:35.0570 5832        iaStor          (1d004cb1da6323b1f55caef7f94b61d9) C:\Windows\system32\DRIVERS\iaStor.sys
2011/05/13 21:37:35.0706 5832        iaStorV        (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
2011/05/13 21:37:35.0877 5832        IDSVia64        (8f9faa4583e634a1505bad8d0c04c5c9) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20110512.001\IDSvia64.sys
2011/05/13 21:37:36.0343 5832        igfx            (c6238c6abd6ac99f5d152da4e9439a3d) C:\Windows\system32\DRIVERS\igdkmd64.sys
2011/05/13 21:37:36.0746 5832        iirsp          (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/05/13 21:37:36.0911 5832        IntcAzAudAddService (b6e61b181884527cc5b68c2d79504b43) C:\Windows\system32\drivers\RTKVHD64.sys
2011/05/13 21:37:37.0078 5832        intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
2011/05/13 21:37:37.0135 5832        intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/05/13 21:37:37.0202 5832        IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/05/13 21:37:37.0315 5832        IPMIDRV        (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
2011/05/13 21:37:37.0370 5832        IPNAT          (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/05/13 21:37:37.0415 5832        IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/05/13 21:37:37.0466 5832        isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
2011/05/13 21:37:37.0521 5832        iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
2011/05/13 21:37:37.0633 5832        kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/05/13 21:37:37.0699 5832        kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/05/13 21:37:37.0772 5832        KSecDD          (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
2011/05/13 21:37:37.0870 5832        KSecPkg        (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
2011/05/13 21:37:37.0926 5832        ksthunk        (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/05/13 21:37:38.0047 5832        LHidFilt        (24e09882ba51b9830ae029888a3aaf18) C:\Windows\system32\DRIVERS\LHidFilt.Sys
2011/05/13 21:37:38.0162 5832        lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/05/13 21:37:38.0273 5832        LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/05/13 21:37:38.0321 5832        LSI_SAS        (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/05/13 21:37:38.0418 5832        LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/05/13 21:37:38.0475 5832        LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/05/13 21:37:38.0538 5832        luafv          (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/05/13 21:37:38.0597 5832        LUsbFilt        (b8be35421b9e8dc1ab4b0cb7b9b0328b) C:\Windows\system32\Drivers\LUsbFilt.Sys
2011/05/13 21:37:38.0701 5832        megasas        (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/05/13 21:37:38.0799 5832        MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/05/13 21:37:38.0857 5832        Modem          (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/05/13 21:37:38.0942 5832        monitor        (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/05/13 21:37:39.0010 5832        mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2011/05/13 21:37:39.0063 5832        mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/05/13 21:37:39.0128 5832        mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
2011/05/13 21:37:39.0217 5832        mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
2011/05/13 21:37:39.0290 5832        mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/05/13 21:37:39.0362 5832        MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
2011/05/13 21:37:39.0464 5832        mrxsmb          (c2b4651001a867ff3f8865863b592991) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/05/13 21:37:39.0526 5832        mrxsmb10        (7e79946afc5f799ab62982282be5ac13) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/05/13 21:37:39.0603 5832        mrxsmb20        (5fb954100cea2bfec6446fbbecaa3f79) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/05/13 21:37:39.0853 5832        msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
2011/05/13 21:37:39.0915 5832        msdsm          (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
2011/05/13 21:37:40.0007 5832        Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/05/13 21:37:40.0069 5832        mshidkmdf      (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/05/13 21:37:40.0150 5832        msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
2011/05/13 21:37:40.0240 5832        MSKSSRV        (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/05/13 21:37:40.0295 5832        MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/05/13 21:37:40.0335 5832        MSPQM          (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/05/13 21:37:40.0437 5832        MsRPC          (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
2011/05/13 21:37:40.0531 5832        mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
2011/05/13 21:37:40.0606 5832        MSTEE          (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/05/13 21:37:40.0667 5832        MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/05/13 21:37:40.0722 5832        Mup            (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/05/13 21:37:40.0839 5832        NativeWifiP    (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/05/13 21:37:40.0963 5832        NAVENG          (ba3d1e520fccc1783282f43b8adfc4ca) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20110513.002\ENG64.SYS
2011/05/13 21:37:41.0108 5832        NAVEX15        (9f602385a74e30d13fb9083213cddc87) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20110513.002\EX64.SYS
2011/05/13 21:37:41.0285 5832        NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
2011/05/13 21:37:41.0412 5832        NdisCap        (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/05/13 21:37:41.0470 5832        NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/05/13 21:37:41.0526 5832        Ndisuio        (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/05/13 21:37:41.0651 5832        NdisWan        (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/05/13 21:37:41.0739 5832        NDProxy        (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
2011/05/13 21:37:41.0803 5832        NetBIOS        (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/05/13 21:37:41.0898 5832        NetBT          (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
2011/05/13 21:37:42.0035 5832        nfrd960        (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/05/13 21:37:42.0199 5832        Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/05/13 21:37:42.0257 5832        nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/05/13 21:37:42.0377 5832        Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
2011/05/13 21:37:42.0503 5832        Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/05/13 21:37:42.0582 5832        nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
2011/05/13 21:37:42.0634 5832        nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
2011/05/13 21:37:42.0733 5832        nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
2011/05/13 21:37:42.0821 5832        ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
2011/05/13 21:37:42.0934 5832        Parport        (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/05/13 21:37:43.0038 5832        partmgr        (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
2011/05/13 21:37:43.0138 5832        pci            (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
2011/05/13 21:37:43.0183 5832        pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
2011/05/13 21:37:43.0282 5832        pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/05/13 21:37:43.0355 5832        pcw            (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/05/13 21:37:43.0450 5832        PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/05/13 21:37:43.0756 5832        PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
2011/05/13 21:37:43.0815 5832        Processor      (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/05/13 21:37:44.0000 5832        Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
2011/05/13 21:37:44.0066 5832        PSI            (fb46e9a827a8799ebd7bfa9128c91f37) C:\Windows\system32\DRIVERS\psi_mf.sys
2011/05/13 21:37:44.0200 5832        ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/05/13 21:37:44.0329 5832        ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/05/13 21:37:44.0396 5832        QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/05/13 21:37:44.0445 5832        RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/05/13 21:37:44.0502 5832        RasAgileVpn    (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/05/13 21:37:44.0625 5832        Rasl2tp        (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/05/13 21:37:44.0740 5832        RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/05/13 21:37:44.0840 5832        RasSstp        (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/05/13 21:37:44.0917 5832        rdbss          (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
2011/05/13 21:37:44.0970 5832        rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/05/13 21:37:45.0084 5832        RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/05/13 21:37:45.0165 5832        RDPDR          (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
2011/05/13 21:37:45.0262 5832        RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/05/13 21:37:45.0318 5832        RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/05/13 21:37:45.0396 5832        RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
2011/05/13 21:37:45.0464 5832        RDPWD          (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
2011/05/13 21:37:45.0605 5832        rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
2011/05/13 21:37:45.0711 5832        RFCOMM          (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
2011/05/13 21:37:45.0856 5832        rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/05/13 21:37:45.0924 5832        s3cap          (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
2011/05/13 21:37:45.0992 5832        SABI            (62db6cc4b0818f1b5f3441241b098f12) C:\Windows\system32\Drivers\SABI.sys
2011/05/13 21:37:46.0128 5832        sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
2011/05/13 21:37:46.0213 5832        scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
2011/05/13 21:37:46.0328 5832        secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/05/13 21:37:46.0495 5832        Serenum        (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/05/13 21:37:46.0554 5832        Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/05/13 21:37:46.0619 5832        sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/05/13 21:37:46.0750 5832        sffdisk        (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
2011/05/13 21:37:46.0801 5832        sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
2011/05/13 21:37:46.0845 5832        sffp_sd        (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
2011/05/13 21:37:46.0898 5832        sfloppy        (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/05/13 21:37:47.0081 5832        SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/05/13 21:37:47.0154 5832        SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/05/13 21:37:47.0201 5832        Smb            (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/05/13 21:37:47.0659 5832        SNPSTD3        (2991256ae2669897978a7112b10d452d) C:\Windows\system32\DRIVERS\snpstd3.sys
2011/05/13 21:37:48.0152 5832        spldr          (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/05/13 21:37:48.0326 5832        SRTSP          (90ef30c3867bcde4579c01a6d6e75a7a) C:\Windows\System32\Drivers\NISx64\1206000.01D\SRTSP64.SYS
2011/05/13 21:37:48.0472 5832        SRTSPX          (c513e8a5e7978da49077f5484344ee1b) C:\Windows\system32\drivers\NISx64\1206000.01D\SRTSPX64.SYS
2011/05/13 21:37:48.0563 5832        srv            (65bbf4920148c2ee279055da7228fc7b) C:\Windows\system32\DRIVERS\srv.sys
2011/05/13 21:37:48.0676 5832        srv2            (da939f762a1ccc2d77428621ddbd40a7) C:\Windows\system32\DRIVERS\srv2.sys
2011/05/13 21:37:48.0748 5832        srvnet          (3f847c9dc87299516f7dc82fb6572865) C:\Windows\system32\DRIVERS\srvnet.sys
2011/05/13 21:37:48.0848 5832        stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/05/13 21:37:48.0934 5832        StillCam        (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
2011/05/13 21:37:49.0022 5832        storflt        (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
2011/05/13 21:37:49.0088 5832        storvsc        (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
2011/05/13 21:37:49.0134 5832        swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
2011/05/13 21:37:49.0311 5832        SymDS          (6160145c7a87fc7672e8e3b886888176) C:\Windows\system32\drivers\NISx64\1206000.01D\SYMDS64.SYS
2011/05/13 21:37:49.0433 5832        SymDSMon        (e7b1bcb70355a84d6dfee12702b588d0) C:\Windows\system32\drivers\SymDSMon.sys
2011/05/13 21:37:49.0559 5832        SymEFA          (96aeed40d4d3521568b42027687e69e0) C:\Windows\system32\drivers\NISx64\1206000.01D\SYMEFA64.SYS
2011/05/13 21:37:49.0686 5832        SymEvent        (21a1c2d694c3cf962d31f5e873ab3d6f) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2011/05/13 21:37:49.0802 5832        SymIM          (3aa3b2df451da88c38ab00b19fa3562e) C:\Windows\system32\DRIVERS\SymIMv.sys
2011/05/13 21:37:49.0959 5832        SymIRON        (bd0d711d8cbfcaa19ca123306eaf53a5) C:\Windows\system32\drivers\NISx64\1206000.01D\Ironx64.SYS
2011/05/13 21:37:50.0050 5832        SymNetS        (81d134628a98a22b6e054e971af525dc) C:\Windows\System32\Drivers\NISx64\1206000.01D\SYMNETS.SYS
2011/05/13 21:37:50.0130 5832        SYMSpeedDisk    (f0268941519d73658199ecb1bb712be1) C:\Windows\system32\drivers\SymSpeedDisk.sys
2011/05/13 21:37:50.0319 5832        SynTP          (929c9fa0b18ad2ebc8340591c4bf00ff) C:\Windows\system32\DRIVERS\SynTP.sys
2011/05/13 21:37:50.0434 5832        taphss          (f33fdc72298df4bf9813a55d21f4eb31) C:\Windows\system32\DRIVERS\taphss.sys
2011/05/13 21:37:50.0579 5832        Tcpip          (509383e505c973ed7534a06b3d19688d) C:\Windows\system32\drivers\tcpip.sys
2011/05/13 21:37:50.0779 5832        TCPIP6          (509383e505c973ed7534a06b3d19688d) C:\Windows\system32\DRIVERS\tcpip.sys
2011/05/13 21:37:50.0922 5832        tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
2011/05/13 21:37:51.0013 5832        TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/05/13 21:37:51.0093 5832        TDTCP          (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/05/13 21:37:51.0203 5832        tdx            (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
2011/05/13 21:37:51.0273 5832        TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
2011/05/13 21:37:51.0382 5832        TfFsMon        (fa5bfb71e561d279edae7e118435c1c9) C:\Windows\system32\drivers\TfFsMon.sys
2011/05/13 21:37:51.0456 5832        TfNetMon        (fa8400d74345ec4bf10e476ca0aaa2df) C:\Windows\system32\drivers\TfNetMon.sys
2011/05/13 21:37:51.0513 5832        TfSysMon        (f11aa1a704a4c027e5e8e0f355523834) C:\Windows\system32\drivers\TfSysMon.sys
2011/05/13 21:37:51.0680 5832        tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/05/13 21:37:51.0780 5832        TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
2011/05/13 21:37:51.0961 5832        TuneUpUtilitiesDrv (dcc94c51d27c7ec0dadeca8f64c94fcf) C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys
2011/05/13 21:37:52.0073 5832        tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
2011/05/13 21:37:52.0140 5832        uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/05/13 21:37:52.0203 5832        udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
2011/05/13 21:37:52.0393 5832        uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
2011/05/13 21:37:52.0450 5832        umbus          (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
2011/05/13 21:37:52.0526 5832        UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/05/13 21:37:52.0638 5832        UnlockerDriver5 (9dc07e73a4abb9acf692113b36a5009f) C:\Program Files\Unlocker\UnlockerDriver5.sys
2011/05/13 21:37:52.0752 5832        usbccgp        (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/05/13 21:37:52.0815 5832        usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
2011/05/13 21:37:52.0888 5832        usbehci        (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/05/13 21:37:53.0016 5832        usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
2011/05/13 21:37:53.0104 5832        usbohci        (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
2011/05/13 21:37:53.0216 5832        usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/05/13 21:37:53.0298 5832        usbser          (4acee387fa8fd39f83564fcd2fc234f2) C:\Windows\system32\DRIVERS\usbser.sys
2011/05/13 21:37:53.0398 5832        USBSTOR        (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/05/13 21:37:53.0476 5832        usbuhci        (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/05/13 21:37:53.0646 5832        VClone          (fd911873c0bb6945fa38c16e9a2b58f9) C:\Windows\system32\DRIVERS\VClone.sys
2011/05/13 21:37:53.0723 5832        vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
2011/05/13 21:37:53.0861 5832        vga            (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/05/13 21:37:53.0933 5832        VgaSave        (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/05/13 21:37:54.0050 5832        vhdmp          (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
2011/05/13 21:37:54.0157 5832        viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
2011/05/13 21:37:54.0262 5832        vmbus          (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
2011/05/13 21:37:54.0357 5832        VMBusHID        (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
2011/05/13 21:37:54.0419 5832        vmci            (4c8a14dbd410b510a88f77cb645f2c2a) C:\Windows\system32\drivers\vmci.sys
2011/05/13 21:37:54.0487 5832        vmkbd          (ffc30caeeb2fc5fee8568cff74edeaed) C:\Windows\system32\drivers\VMkbd.sys
2011/05/13 21:37:54.0667 5832        VMnetBridge    (fb54ef3aa613d2832fd3812e7cb2fc75) C:\Windows\system32\DRIVERS\vmnetbridge.sys
2011/05/13 21:37:54.0788 5832        VMnetuserif    (d0b809f6a9fb437c2b880c3ca8c10780) C:\Windows\system32\drivers\vmnetuserif.sys
2011/05/13 21:37:54.0892 5832        vmusb          (415b167695c4b5960a13098622ef3d80) C:\Windows\system32\Drivers\vmusb.sys
2011/05/13 21:37:55.0039 5832        vmx86          (541a6d6536710fd0602ec3aa24a81756) C:\Windows\system32\drivers\vmx86.sys
2011/05/13 21:37:55.0140 5832        volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
2011/05/13 21:37:55.0249 5832        volmgrx        (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
2011/05/13 21:37:55.0335 5832        volsnap        (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
2011/05/13 21:37:55.0450 5832        vsmraid        (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/05/13 21:37:55.0604 5832        vstor2-ws60    (e61c910e2ddf4797c1b1f9239636e894) C:\Program Files (x86)\VMware\VMware Player\vstor2-ws60.sys
2011/05/13 21:37:55.0737 5832        vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/05/13 21:37:55.0808 5832        vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/05/13 21:37:55.0864 5832        vwifimp        (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
2011/05/13 21:37:55.0994 5832        WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/05/13 21:37:56.0105 5832        WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/13 21:37:56.0140 5832        Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/13 21:37:56.0341 5832        Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/05/13 21:37:56.0410 5832        Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/05/13 21:37:56.0701 5832        WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/05/13 21:37:56.0752 5832        WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/05/13 21:37:56.0972 5832        WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/05/13 21:37:57.0106 5832        WmiAcpi        (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
2011/05/13 21:37:57.0245 5832        ws2ifsl        (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/05/13 21:37:57.0399 5832        WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
2011/05/13 21:37:57.0456 5832        WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/05/13 21:37:57.0619 5832        yukonw7        (64f88af327aa74e03658ae32b48ccb8b) C:\Windows\system32\DRIVERS\yk62x64.sys
2011/05/13 21:37:57.0883 5832        ================================================================================
2011/05/13 21:37:57.0883 5832        Scan finished
2011/05/13 21:37:57.0883 5832        ================================================================================

cosinus 13.05.2011 21:07
Zitat:
Auf weitere Argumente zum richtigen Antivirenprogramm verzichte ich an dieser Stelle mal.
Sollten wir hier auch nicht weiter vertiefen. Die Meinungen gehen auch bei Experten auseinander. Wenn dich die Suite unterstützt und du mit der Bedienung vertraut bist, sollte sie auch keine weiteren Probleme bereiten.


Bitte nun Logs mit GMER und mbrcheck erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg

Anleitung zu mbrcheck:
Downloade Dir MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur wenige Sekunden.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes

UserofSeven 13.05.2011 21:26
Zitat:
Sollten wir hier auch nicht weiter vertiefen.
Eben.


Mit GMER habe ich bereits schlechte Erfahrungen gemacht. Ich werde es die nächsten Tage trotzdem noch einmal ausprobieren.

Hier das Ergebnis von MBRCheck:

Code:
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:                       
Windows Version:                Windows 7 Ultimate Edition
Windows Information:                Service Pack 1 (build 7601), 64-bit
Base Board Manufacturer:        SAMSUNG ELECTRONICS CO., LTD.
BIOS Manufacturer:                Phoenix Technologies Ltd.
System Manufacturer:                SAMSUNG ELECTRONICS CO., LTD.
System Product Name:                R509
Logical Drives Mask:                0x0000041c

Kernel Drivers (total 188):
  0x02E56000 \SystemRoot\system32\ntoskrnl.exe
  0x02E0D000 \SystemRoot\system32\hal.dll
  0x00BC3000 \SystemRoot\system32\kdcom.dll
  0x00C53000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
  0x00CA2000 \SystemRoot\system32\PSHED.dll
  0x00CB6000 \SystemRoot\system32\CLFS.SYS
  0x00D14000 \SystemRoot\system32\CI.dll
  0x00E83000 \SystemRoot\system32\drivers\Wdf01000.sys
  0x00F27000 \SystemRoot\system32\drivers\WDFLDR.SYS
  0x00F36000 \SystemRoot\system32\drivers\ACPI.sys
  0x00F8D000 \SystemRoot\system32\drivers\WMILIB.SYS
  0x00F96000 \SystemRoot\system32\drivers\msisadrv.sys
  0x00FA0000 \SystemRoot\system32\drivers\pci.sys
  0x00FD3000 \SystemRoot\system32\drivers\vdrvroot.sys
  0x00FE0000 \SystemRoot\System32\drivers\partmgr.sys
  0x00FF5000 \SystemRoot\system32\DRIVERS\compbatt.sys
  0x00E00000 \SystemRoot\system32\DRIVERS\BATTC.SYS
  0x00E0C000 \SystemRoot\system32\drivers\volmgr.sys
  0x00E21000 \SystemRoot\System32\drivers\volmgrx.sys
  0x00DD4000 \SystemRoot\System32\drivers\mountmgr.sys
  0x00C00000 \SystemRoot\system32\drivers\vmbus.sys
  0x00C3C000 \SystemRoot\system32\drivers\winhv.sys
  0x01089000 \SystemRoot\system32\DRIVERS\iaStor.sys
  0x011A5000 \SystemRoot\system32\drivers\atapi.sys
  0x011AE000 \SystemRoot\system32\drivers\ataport.SYS
  0x011D8000 \SystemRoot\system32\drivers\msahci.sys
  0x011E3000 \SystemRoot\system32\drivers\PCIIDEX.SYS
  0x011F3000 \SystemRoot\system32\drivers\amdxata.sys
  0x01000000 \SystemRoot\system32\drivers\fltmgr.sys
  0x012B4000 \SystemRoot\system32\drivers\NISx64\1206000.01D\SYMDS64.SYS
  0x01325000 \SystemRoot\system32\drivers\fileinfo.sys
  0x01460000 \SystemRoot\system32\drivers\NISx64\1206000.01D\SYMEFA64.SYS
  0x01544000 \SystemRoot\system32\drivers\TfFsMon.sys
  0x01558000 \SystemRoot\system32\drivers\TfSysMon.sys
  0x01635000 \SystemRoot\System32\Drivers\Ntfs.sys
  0x0156D000 \SystemRoot\System32\Drivers\msrpc.sys
  0x017D8000 \SystemRoot\System32\Drivers\ksecdd.sys
  0x01339000 \SystemRoot\System32\Drivers\cng.sys
  0x01600000 \SystemRoot\System32\drivers\pcw.sys
  0x01611000 \SystemRoot\System32\Drivers\Fs_Rec.sys
  0x0182B000 \SystemRoot\system32\drivers\ndis.sys
  0x0191E000 \SystemRoot\system32\drivers\NETIO.SYS
  0x0197E000 \SystemRoot\System32\Drivers\ksecpkg.sys
  0x01AE0000 \SystemRoot\System32\drivers\tcpip.sys
  0x01CE4000 \SystemRoot\System32\drivers\fwpkclnt.sys
  0x01D2E000 \SystemRoot\system32\drivers\vmstorfl.sys
  0x01D3E000 \SystemRoot\system32\drivers\volsnap.sys
  0x01D8A000 \SystemRoot\System32\Drivers\spldr.sys
  0x01D92000 \SystemRoot\System32\drivers\rdyboost.sys
  0x01DCC000 \SystemRoot\System32\Drivers\mup.sys
  0x01DDE000 \SystemRoot\System32\drivers\hwpolicy.sys
  0x01A00000 \SystemRoot\System32\DRIVERS\fvevol.sys
  0x01A3A000 \SystemRoot\system32\DRIVERS\disk.sys
  0x01A50000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
  0x03013000 \SystemRoot\system32\DRIVERS\cdrom.sys
  0x040AB000 \SystemRoot\System32\Drivers\NISx64\1206000.01D\SRTSP64.SYS
  0x0416B000 \SystemRoot\system32\drivers\NISx64\1206000.01D\Ironx64.SYS
  0x04198000 \SystemRoot\system32\drivers\NISx64\1206000.01D\SRTSPX64.SYS
  0x041AE000 \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
  0x04420000 \SystemRoot\System32\Drivers\Null.SYS
  0x04429000 \SystemRoot\System32\Drivers\Beep.SYS
  0x041E4000 \SystemRoot\System32\drivers\vga.sys
  0x04000000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
  0x04025000 \SystemRoot\System32\drivers\watchdog.sys
  0x045F5000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0x04035000 \SystemRoot\system32\drivers\rdpencdd.sys
  0x0403E000 \SystemRoot\system32\drivers\rdprefmp.sys
  0x04047000 \SystemRoot\System32\Drivers\Msfs.SYS
  0x04052000 \SystemRoot\System32\Drivers\Npfs.SYS
  0x04063000 \SystemRoot\system32\DRIVERS\tdx.sys
  0x04085000 \SystemRoot\system32\DRIVERS\TDI.SYS
  0x0303D000 \SystemRoot\system32\drivers\afd.sys
  0x01A8E000 \SystemRoot\System32\DRIVERS\netbt.sys
  0x04092000 \SystemRoot\system32\drivers\ws2ifsl.sys
  0x0409D000 \SystemRoot\system32\DRIVERS\wfplwf.sys
  0x019A9000 \SystemRoot\system32\DRIVERS\pacer.sys
  0x030C6000 \SystemRoot\system32\DRIVERS\vwififlt.sys
  0x041F2000 \SystemRoot\system32\DRIVERS\SymIMv.sys
  0x01DE7000 \SystemRoot\system32\DRIVERS\netbios.sys
  0x019CF000 \SystemRoot\system32\DRIVERS\wanarp.sys
  0x019EA000 \SystemRoot\system32\drivers\termdd.sys
  0x01200000 \SystemRoot\System32\Drivers\NISx64\1206000.01D\SYMNETS.SYS
  0x01DF6000 \??\C:\Windows\system32\Drivers\SABI.sys
  0x01400000 \SystemRoot\system32\DRIVERS\rdbss.sys
  0x01AD3000 \SystemRoot\system32\drivers\nsiproxy.sys
  0x01800000 \SystemRoot\system32\drivers\mssmbios.sys
  0x03EA9000 \SystemRoot\System32\Drivers\ElbyCDIO.sys
  0x03EB5000 \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
  0x03F2E000 \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
  0x03F54000 \SystemRoot\System32\drivers\discache.sys
  0x03F63000 \SystemRoot\system32\drivers\csc.sys
  0x03E00000 \SystemRoot\System32\Drivers\dfsc.sys
  0x03FE6000 \SystemRoot\system32\DRIVERS\blbdrive.sys
  0x046C6000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20110430.001\BHDrvx64.sys
  0x04600000 \??\C:\Program Files\BitDefender\TrafficLight\bdfwfpf.sys
  0x04628000 \SystemRoot\system32\DRIVERS\tunnel.sys
  0x04C7D000 \SystemRoot\system32\DRIVERS\igdkmd64.sys
  0x056A0000 \SystemRoot\System32\drivers\dxgkrnl.sys
  0x05794000 \SystemRoot\System32\drivers\dxgmms1.sys
  0x04C00000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
  0x0464E000 \SystemRoot\system32\drivers\HDAudBus.sys
  0x04268000 \SystemRoot\system32\DRIVERS\athrx.sys
  0x043F3000 \SystemRoot\system32\DRIVERS\vwifibus.sys
  0x04200000 \SystemRoot\system32\DRIVERS\yk62x64.sys
  0x04C67000 \SystemRoot\system32\DRIVERS\CmBatt.sys
  0x04672000 \SystemRoot\system32\drivers\i8042prt.sys
  0x04C6C000 \SystemRoot\system32\DRIVERS\kbdclass.sys
  0x057E7000 \??\C:\Windows\system32\drivers\VMkbd.sys
  0x01266000 \SystemRoot\system32\DRIVERS\SynTP.sys
  0x04265000 \SystemRoot\system32\DRIVERS\USBD.SYS
  0x04690000 \SystemRoot\system32\DRIVERS\mouclass.sys
  0x057F2000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
  0x0469F000 \SystemRoot\system32\DRIVERS\intelppm.sys
  0x046B5000 \SystemRoot\system32\drivers\CompositeBus.sys
  0x047DE000 \SystemRoot\system32\DRIVERS\serscan.sys
  0x047E6000 \SystemRoot\system32\drivers\ksthunk.sys
  0x013AB000 \SystemRoot\system32\drivers\ks.sys
  0x0180B000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
  0x0161B000 \SystemRoot\system32\DRIVERS\HssDrv.sys
  0x015CB000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
  0x047EC000 \SystemRoot\system32\DRIVERS\ndistapi.sys
  0x0104C000 \SystemRoot\system32\DRIVERS\ndiswan.sys
  0x05C48000 \SystemRoot\system32\DRIVERS\raspppoe.sys
  0x05C63000 \SystemRoot\system32\DRIVERS\raspptp.sys
  0x05C84000 \SystemRoot\system32\DRIVERS\rassstp.sys
  0x05C9E000 \SystemRoot\system32\DRIVERS\taphss.sys
  0x05CAB000 \SystemRoot\system32\DRIVERS\rdpbus.sys
  0x05CB6000 \SystemRoot\system32\DRIVERS\VClone.sys
  0x05CC5000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
  0x05CF4000 \SystemRoot\system32\drivers\swenum.sys
  0x05CF6000 \SystemRoot\system32\DRIVERS\umbus.sys
  0x05D08000 \SystemRoot\system32\drivers\usbhub.sys
  0x05D62000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0x06803000 \SystemRoot\system32\drivers\RTKVHD64.sys
  0x05D77000 \SystemRoot\system32\drivers\portcls.sys
  0x05DB4000 \SystemRoot\system32\drivers\drmk.sys
  0x069F5000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
  0x030F7000 \SystemRoot\System32\Drivers\crashdmp.sys
  0x06E5E000 \SystemRoot\System32\Drivers\dump_iaStor.sys
  0x06F7A000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
  0x00020000 \SystemRoot\System32\win32k.sys
  0x06FA5000 \SystemRoot\System32\drivers\Dxapi.sys
  0x00410000 \SystemRoot\System32\TSDDD.dll
  0x00650000 \SystemRoot\System32\cdd.dll
  0x02F87000 \SystemRoot\system32\drivers\luafv.sys
  0x02FAA000 \SystemRoot\system32\drivers\WudfPf.sys
  0x02FCB000 \SystemRoot\system32\DRIVERS\vmnetbridge.sys
  0x02FDB000 \SystemRoot\system32\DRIVERS\VMNET.SYS
  0x02FE5000 \SystemRoot\system32\DRIVERS\lltdio.sys
  0x02400000 \SystemRoot\system32\DRIVERS\nwifi.sys
  0x02453000 \SystemRoot\system32\DRIVERS\ndisuio.sys
  0x02466000 \SystemRoot\system32\DRIVERS\rspndr.sys
  0x0247E000 \SystemRoot\system32\DRIVERS\vwifimp.sys
  0x072F4000 \SystemRoot\system32\drivers\HTTP.sys
  0x073BD000 \SystemRoot\system32\DRIVERS\bowser.sys
  0x073DB000 \SystemRoot\System32\drivers\mpsdrv.sys
  0x07200000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  0x0722D000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
  0x0727A000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
  0x0729E000 \??\C:\Windows\system32\drivers\hcmon.sys
  0x072AA000 \??\C:\Windows\system32\drivers\vmci.sys
  0x07668000 \??\C:\Windows\system32\drivers\vmx86.sys
  0x0773E000 \SystemRoot\system32\DRIVERS\cdfs.sys
  0x07A49000 \SystemRoot\system32\drivers\peauth.sys
  0x07AEF000 \SystemRoot\System32\Drivers\secdrv.SYS
  0x07AFA000 \SystemRoot\System32\DRIVERS\srvnet.sys
  0x07B2B000 \SystemRoot\System32\drivers\tcpipreg.sys
  0x07B3D000 \??\C:\Windows\system32\drivers\vmnetuserif.sys
  0x07B47000 \??\C:\Program Files (x86)\VMware\VMware Player\vstor2-ws60.sys
  0x07B53000 \SystemRoot\System32\DRIVERS\srv2.sys
  0x0775B000 \SystemRoot\System32\DRIVERS\srv.sys
  0x07BBD000 \??\C:\Windows\system32\drivers\SymDSMon.sys
  0x07A00000 \??\C:\Windows\system32\drivers\SymSpeedDisk.sys
  0x07A26000 \??\C:\Windows\system32\drivers\TfNetMon.sys
  0x07600000 \SystemRoot\System32\drivers\rdpdr.sys
  0x07A34000 \SystemRoot\system32\drivers\tdtcp.sys
  0x07BEA000 \SystemRoot\System32\DRIVERS\tssecsrv.sys
  0x06FB1000 \SystemRoot\System32\Drivers\RDPWD.SYS
  0x077F3000 \SystemRoot\system32\DRIVERS\usbuhci.sys
  0x08E71000 \SystemRoot\system32\DRIVERS\usbehci.sys
  0x0A914000 \SystemRoot\system32\DRIVERS\asyncmac.sys
  0x08FA6000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20110513.002\EX64.SYS
  0x0A91F000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20110513.002\ENG64.SYS
  0x0A93F000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20110512.001\IDSvia64.sys
  0x0A9BA000 \SystemRoot\system32\DRIVERS\monitor.sys
  0x77300000 \Windows\System32\ntdll.dll
  0x47BF0000 \Windows\System32\smss.exe
  0xFF620000 \Windows\System32\apisetschema.dll

Processes (total 70):
      0 System Idle Process
      4 System
    332 C:\Windows\System32\smss.exe
    536 csrss.exe
    608 C:\Windows\System32\wininit.exe
    620 csrss.exe
    668 C:\Windows\System32\services.exe
    676 C:\Windows\System32\lsass.exe
    684 C:\Windows\System32\lsm.exe
    804 C:\Windows\System32\svchost.exe
    876 C:\Windows\System32\winlogon.exe
    912 C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
    1000 C:\Windows\System32\svchost.exe
    552 C:\Windows\System32\svchost.exe
    624 C:\Windows\System32\svchost.exe
    1016 C:\Windows\System32\svchost.exe
    1220 C:\Windows\System32\svchost.exe
    1392 C:\Windows\System32\svchost.exe
    1524 C:\Windows\System32\spoolsv.exe
    1576 C:\Windows\System32\svchost.exe
    1712 C:\Windows\SysWOW64\svchost.exe
    1736 C:\Program Files\BitDefender\TrafficLight\bsserv.exe
    1776 C:\Program Files (x86)\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrv.exe
    1832 C:\Windows\System32\svchost.exe
    1976 C:\Program Files\T-Mobile\GlobeTrotter Connect\GtDetectSc.exe
    2016 C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
    1092 C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccsvchst.exe
    1132 C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.4.155\SymcPCCULaunchSvc.exe
    1948 C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.4.155\ccSvcHst.exe
    1984 C:\Windows\SysWOW64\PSIService.exe
    2116 C:\Program Files (x86)\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrv.exe
    2312 C:\Program Files (x86)\ThreatFire\TFService.exe
    2924 C:\Windows\System32\svchost.exe
    3128 C:\Windows\System32\svchost.exe
    1760 C:\Windows\System32\svchost.exe
    3648 C:\Program Files\Windows Media Player\wmpnetwk.exe
    3380 C:\Windows\System32\SearchIndexer.exe
    2988 C:\Windows\System32\taskhost.exe
    3032 C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccsvchst.exe
    3352 C:\Windows\System32\dwm.exe
    4048 C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.4.155\ccSvcHst.exe
    3520 C:\Windows\explorer.exe
    2164 C:\Program Files (x86)\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrvProxy.exe
    3148 C:\Program Files (x86)\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrvProxy.exe
    4120 C:\Windows\System32\taskeng.exe
    4368 C:\Program Files (x86)\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
    4384 C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
    4424 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    4432 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    4464 C:\Windows\System32\hkcmd.exe
    4484 C:\Windows\System32\igfxpers.exe
    4492 C:\Program Files\Windows Sidebar\sidebar.exe
    4928 C:\Program Files (x86)\ThreatFire\TFTray.exe
    4996 C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
    3364 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    2336 C:\Windows\System32\svchost.exe
    5416 C:\Windows\System32\igfxext.exe
    5484 C:\Windows\System32\igfxsrvc.exe
    5276 C:\Windows\explorer.exe
    5840 C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE
    4328 C:\Windows\SysWOW64\SearchProtocolHost.exe
    5948 C:\Windows\System32\SearchFilterHost.exe
    3120 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    5672 C:\Windows\System32\SearchProtocolHost.exe
    4840 C:\Windows\explorer.exe
    1316 C:\Windows\System32\audiodg.exe
    4516 <unknown>
    3960 dllhost.exe
    4416 C:\Users\***\Downloads\MBRCheck.exe
    5756 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000  (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000014`571a7a00  (NTFS)

PhysicalDrive0 Model Number: HitachiHTS543225L9A300, Rev: FBEOC4CC

      Size  Device Name          MBR Status
  --------------------------------------------
    232 GB  \\.\PhysicalDrive0  Windows 7 MBR code detected
            SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


Done!
UserofSeven

cosinus 13.05.2011 21:49
Zitat:
232 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
MBR ist ok.
Suite kommt jetzt auf den Kompost? :D

UserofSeven 15.05.2011 12:09
Zitat:
Zitat von cosinus (Beitrag 657847)
Suite kommt jetzt auf den Kompost? :D
Nein, schließlich hat sie den Backdoor erfolgreich an der Installation gehindert... :D

Und wie war das? Never change a running system!?

cosinus 15.05.2011 12:26
Zitat:
Nein, schließlich hat sie den Backdoor erfolgreich an der Installation gehindert...
Aber nur weil du Glück hattest und der erkannt wurde. Eingeschränkte Rechte hätten Manipulationen am MBR unmöglich gemacht.

Zitat:
Und wie war das? Never change a running system!?
Deswegen lass ich die Finger von Suites. Ein reiner Virenscanner ist ok, aber keine Suite :pfui:


Alle Zeitangaben in WEZ +1. Es ist jetzt 22:38 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131