| |
| |||||||
Log-Analyse und Auswertung: iexplorer startet automatisch mehrere Prozesse im HintergrundWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
29.03.2011, 18:08
| #16 |
 |  iexplorer startet automatisch mehrere Prozesse im Hintergrund So, hier das neue Log: Code:
ATTFilter ComboFix 11-03-28.05 - xxx 29.03.2011 17:54:32.2.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.6078.3828 [GMT 2:00]
ausgeführt von:: c:\users\xxx\Desktop\CoFi.exe
Benutzte Befehlsschalter :: c:\users\xxx\Desktop\CFScript.txt
AV: Norton 360 Online *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Norton 360 Online *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: Norton 360 Online *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\drivers\tsusbflt.sys"
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\1C4551A64743409391E41477CD655043.TMP
c:\windows\1C4551A64743409391E41477CD655043.TMP\WiseCustomCalla.dll
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_TsUsbFlt
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-02-28 bis 2011-03-29 ))))))))))))))))))))))))))))))
.
.
2011-03-29 16:27 . 2011-03-29 16:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-03-27 09:41 . 2011-03-27 09:41 -------- d-----w- c:\program files\CCleaner
2011-03-26 17:08 . 2010-06-02 03:55 77656 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2011-03-26 17:08 . 2010-06-02 03:55 74072 ----a-w- c:\windows\SysWow64\XAPOFX1_5.dll
2011-03-26 17:08 . 2010-06-02 03:55 527192 ----a-w- c:\windows\SysWow64\XAudio2_7.dll
2011-03-26 17:08 . 2010-06-02 03:55 518488 ----a-w- c:\windows\system32\XAudio2_7.dll
2011-03-26 17:08 . 2010-05-26 10:41 1998168 ----a-w- c:\windows\SysWow64\D3DX9_43.dll
2011-03-26 17:08 . 2010-05-26 10:41 2401112 ----a-w- c:\windows\system32\D3DX9_43.dll
2011-03-26 17:06 . 2011-03-26 17:41 -------- d-----w- c:\program files (x86)\Woodcutter Simulator 2011
2011-03-26 16:29 . 2011-03-26 16:29 -------- d-----w- c:\users\xxx\AppData\Roaming\Rondomedia
2011-03-26 16:27 . 2011-03-26 16:27 -------- d-----w- c:\program files (x86)\Rondomedia
2011-03-26 08:38 . 2011-03-26 08:38 -------- d-----w- C:\_OTL
2011-03-23 18:02 . 2011-03-23 18:02 388096 ----a-r- c:\users\xxx\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-03-23 18:02 . 2011-03-23 18:02 -------- d-----w- c:\program files (x86)\Trend Micro
2011-03-23 05:11 . 2011-03-23 05:11 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-03-22 20:53 . 2011-03-22 20:53 521448 ----a-w- c:\windows\system32\deployJava1.dll
2011-03-22 20:52 . 2011-03-22 20:52 -------- d-----w- c:\program files\Java
2011-03-21 07:22 . 2011-03-21 07:22 -------- d-----w- c:\windows\SysWow64\wbem\en-US
2011-03-21 07:22 . 2011-03-21 07:22 -------- d-----w- c:\windows\system32\wbem\en-US
2011-03-20 17:51 . 2011-03-20 17:51 -------- d-----w- c:\programdata\Deutsche Post AG
2011-03-20 17:51 . 2011-03-20 17:51 -------- d-----w- c:\program files (x86)\Deutsche Post AG
2011-03-09 18:20 . 2011-03-09 18:20 -------- d-----w- c:\program files\iTunes
2011-03-09 18:20 . 2011-03-09 18:20 -------- d-----w- c:\program files (x86)\iTunes
2011-03-09 18:20 . 2011-03-09 18:20 -------- d-----w- c:\program files\iPod
2011-03-08 16:44 . 2011-03-08 16:44 -------- d-----w- c:\programdata\ATI
2011-03-08 16:34 . 2011-03-08 16:34 -------- d-----w- c:\program files\Common Files\ATI Technologies
2011-03-08 16:34 . 2011-03-08 16:34 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies
2011-03-08 16:34 . 2011-03-08 16:34 -------- d-----w- c:\program files (x86)\ATI Stream
2011-03-08 16:34 . 2011-03-08 16:34 -------- d-----w- c:\program files (x86)\ATI
2011-03-07 10:48 . 2011-03-07 10:48 -------- d-----w- c:\users\xxx\AppData\Roaming\ATI
2011-03-07 10:48 . 2011-03-07 10:48 -------- d-----w- c:\users\xxx\AppData\Local\ATI
2011-03-07 10:44 . 2011-03-08 16:39 -------- d-----w- c:\program files (x86)\ATI Technologies
2011-03-07 10:43 . 2011-03-08 16:34 -------- d-----w- c:\program files\ATI Technologies
2011-03-07 10:43 . 2011-03-07 10:43 -------- d-----w- c:\program files\ATI
2011-03-07 10:42 . 2011-03-07 10:42 -------- d-----w- C:\ATI
2011-03-07 10:19 . 2011-03-08 17:13 -------- d-----w- c:\program files (x86)\Landwirtschafts Simulator 2011
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-23 04:54 . 2010-12-20 14:01 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-02-23 21:44 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-02-23 21:44 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-02-20 13:55 . 2011-02-20 13:55 455680 ----a-w- c:\windows\SetACL.exe
2011-02-18 15:36 . 2011-02-18 15:36 51712 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
2011-02-18 15:36 . 2011-02-18 15:36 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-01-26 23:37 . 2011-01-26 23:37 9085952 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2011-01-26 23:22 . 2011-01-26 23:22 22295040 ----a-w- c:\windows\system32\atio6axx.dll
2011-01-26 23:00 . 2011-01-26 23:00 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2011-01-26 23:00 . 2011-01-26 23:00 596480 ----a-w- c:\windows\SysWow64\aticfx32.dll
2011-01-26 22:59 . 2011-01-26 22:59 17204736 ----a-w- c:\windows\SysWow64\atioglxx.dll
2011-01-26 22:59 . 2011-01-26 22:59 708608 ----a-w- c:\windows\system32\aticfx64.dll
2011-01-26 22:56 . 2010-02-11 05:32 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-01-26 22:56 . 2011-01-26 22:56 479232 ----a-w- c:\windows\system32\atieclxx.exe
2011-01-26 22:55 . 2011-01-26 22:55 203776 ----a-w- c:\windows\system32\atiesrxx.exe
2011-01-26 22:54 . 2011-01-26 22:54 120320 ----a-w- c:\windows\system32\atitmm64.dll
2011-01-26 22:54 . 2011-01-26 22:54 423424 ----a-w- c:\windows\system32\atipdl64.dll
2011-01-26 22:53 . 2011-01-26 22:53 356352 ----a-w- c:\windows\SysWow64\atipdlxx.dll
2011-01-26 22:53 . 2011-01-26 22:53 278528 ----a-w- c:\windows\SysWow64\Oemdspif.dll
2011-01-26 22:53 . 2011-01-26 22:53 16384 ----a-w- c:\windows\system32\atimuixx.dll
2011-01-26 22:53 . 2011-01-26 22:53 59392 ----a-w- c:\windows\system32\atiedu64.dll
2011-01-26 22:53 . 2011-01-26 22:53 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2011-01-26 22:49 . 2011-01-26 22:49 4105728 ----a-w- c:\windows\SysWow64\atidxx32.dll
2011-01-26 22:40 . 2011-01-26 22:40 4847616 ----a-w- c:\windows\system32\atidxx64.dll
2011-01-26 22:32 . 2011-01-26 22:32 1208320 ----a-w- c:\windows\system32\atiumd6v.dll
2011-01-26 22:32 . 2011-01-26 22:32 1912832 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2011-01-26 22:32 . 2011-01-26 22:32 3222016 ----a-w- c:\windows\system32\atiumd6a.dll
2011-01-26 22:28 . 2011-01-26 22:28 4170752 ----a-w- c:\windows\SysWow64\atiumdag.dll
2011-01-26 22:27 . 2011-01-26 22:27 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2011-01-26 22:27 . 2011-01-26 22:27 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2011-01-26 22:27 . 2011-01-26 22:27 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2011-01-26 22:27 . 2011-01-26 22:27 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2011-01-26 22:27 . 2011-01-26 22:27 6982144 ----a-w- c:\windows\system32\aticaldd64.dll
2011-01-26 22:25 . 2011-01-26 22:25 5580800 ----a-w- c:\windows\SysWow64\aticaldd.dll
2011-01-26 22:24 . 2011-01-26 22:24 3463680 ----a-w- c:\windows\SysWow64\atiumdva.dll
2011-01-26 22:21 . 2011-01-26 22:21 5316096 ----a-w- c:\windows\system32\atiumd64.dll
2011-01-26 22:20 . 2011-01-26 22:20 58880 ----a-w- c:\windows\system32\coinst.dll
2011-01-26 22:14 . 2010-02-11 04:48 354304 ----a-w- c:\windows\system32\atiadlxx.dll
2011-01-26 22:14 . 2011-01-26 22:14 249856 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2011-01-26 22:13 . 2011-01-26 22:13 14848 ----a-w- c:\windows\system32\atig6pxx.dll
2011-01-26 22:13 . 2011-01-26 22:13 12800 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2011-01-26 22:13 . 2011-01-26 22:13 12800 ----a-w- c:\windows\system32\atiglpxx.dll
2011-01-26 22:13 . 2011-01-26 22:13 39936 ----a-w- c:\windows\system32\atig6txx.dll
2011-01-26 22:13 . 2011-01-26 22:13 32768 ----a-w- c:\windows\SysWow64\atigktxx.dll
2011-01-26 22:13 . 2011-01-26 22:13 299520 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2011-01-26 22:12 . 2011-01-26 22:12 39936 ----a-w- c:\windows\system32\atiuxp64.dll
2011-01-26 22:12 . 2011-01-26 22:12 30720 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2011-01-26 22:12 . 2011-01-26 22:12 38400 ----a-w- c:\windows\system32\atiu9p64.dll
2011-01-26 22:12 . 2011-01-26 22:12 28672 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2011-01-26 22:11 . 2011-01-26 22:11 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-01-26 22:08 . 2011-01-26 22:08 53760 ----a-w- c:\windows\system32\atimpc64.dll
2011-01-26 22:08 . 2011-01-26 22:08 53760 ----a-w- c:\windows\system32\amdpcom64.dll
2011-01-26 22:08 . 2011-01-26 22:08 52736 ----a-w- c:\windows\SysWow64\atimpc32.dll
2011-01-26 22:08 . 2011-01-26 22:08 52736 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2011-01-23 17:46 . 2011-01-23 17:46 230352 ----a-w- c:\windows\system32\drivers\truecrypt.sys
2011-01-17 11:09 . 2011-02-23 18:08 197120 ----a-w- c:\windows\system32\d3d10_1.dll
2011-01-17 05:47 . 2011-02-23 18:08 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2011-01-07 15:02 . 2011-01-07 15:02 45408 ----a-w- c:\windows\system32\drivers\point64.sys
2011-01-07 12:17 . 2011-02-22 22:54 475648 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-01-07 12:17 . 2011-02-22 22:54 1465344 ----a-w- c:\windows\system32\XpsPrint.dll
2011-01-07 12:14 . 2011-02-10 00:58 46080 ----a-w- c:\windows\system32\atmlib.dll
2011-01-07 09:20 . 2011-02-10 00:58 366592 ----a-w- c:\windows\system32\atmfd.dll
2011-01-07 07:46 . 2011-02-22 22:54 870912 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2011-01-07 07:46 . 2011-02-22 22:54 288256 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2011-01-07 07:45 . 2011-02-10 00:58 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2011-01-07 05:43 . 2011-02-10 00:58 294400 ----a-w- c:\windows\SysWow64\atmfd.dll
2011-01-05 06:56 . 2011-02-10 00:58 3129344 ----a-w- c:\windows\system32\win32k.sys
2009-09-24 12:30 . 2010-12-22 13:21 1456640 ----a-w- c:\program files (x86)\Common Files\Falk Navi-Manager.msi
.
.
((((((((((((((((((((((((((((( SnapShot@2011-03-27_09.57.32 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:54 . 2011-03-29 16:31 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-03-26 13:12 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-03-26 13:12 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-03-29 16:31 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-03-26 13:12 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-03-29 16:31 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-12-21 08:41 . 2011-03-27 10:06 43048 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:10 . 2011-03-26 13:14 39860 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-03-29 16:33 39860 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-12-20 13:48 . 2011-03-29 16:33 11900 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4118024604-1245328209-3187949103-1001_UserData.bin
+ 2010-12-20 13:38 . 2011-03-28 20:50 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-12-20 13:38 . 2011-03-27 09:41 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-03-26 15:54 . 2011-03-28 20:50 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-03-26 15:54 . 2011-03-27 09:41 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-03-28 20:50 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-03-27 09:41 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-03-29 16:30 . 2011-03-29 16:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-03-26 13:11 . 2011-03-26 13:11 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-03-29 16:30 . 2011-03-29 16:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-03-26 13:11 . 2011-03-26 13:11 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 02:36 . 2011-02-28 17:09 615810 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-03-27 10:08 615810 c:\windows\system32\perfh009.dat
+ 2009-07-14 17:58 . 2011-03-27 10:08 653928 c:\windows\system32\perfh007.dat
- 2009-07-14 17:58 . 2011-02-28 17:09 653928 c:\windows\system32\perfh007.dat
+ 2009-07-14 02:36 . 2011-03-27 10:08 106190 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2011-02-28 17:09 106190 c:\windows\system32\perfc009.dat
- 2009-07-14 17:58 . 2011-02-28 17:09 129800 c:\windows\system32\perfc007.dat
+ 2009-07-14 17:58 . 2011-03-27 10:08 129800 c:\windows\system32\perfc007.dat
- 2011-03-13 09:17 . 2011-03-26 13:09 618984 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-03-13 09:17 . 2011-03-29 16:29 618984 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2009-07-14 05:01 . 2011-03-26 13:09 503960 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-03-29 16:29 503960 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-03-27 10:02 . 2011-03-27 10:02 504728 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4118024604-1245328209-3187949103-1001-12288.dat
- 2011-01-28 05:00 . 2011-03-26 13:09 7711124 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4118024604-1245328209-3187949103-1001-8192.dat
+ 2011-01-28 05:00 . 2011-03-29 16:29 7711124 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4118024604-1245328209-3187949103-1001-8192.dat
+ 2011-03-22 04:54 . 2011-03-29 16:29 1181224 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4118024604-1245328209-3187949103-1001-4096.dat
- 2011-03-22 04:54 . 2011-03-26 13:09 1181224 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4118024604-1245328209-3187949103-1001-4096.dat
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\xxx\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\xxx\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\xxx\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Growl"="c:\program files (x86)\Growl for Windows\Growl.exe" [2010-11-30 1024000]
"F.lux"="c:\users\xxx\Local Settings\Apps\F.lux\flux.exe" [2009-08-29 966656]
"Sidebar"="c:\program files (x86)\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\ssmmgr.exe" [2009-10-13 606208]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-01-26 336384]
"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-03-07 421160]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2011-01-30 36760]
.
c:\users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\xxx\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-3-1 24850272]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-14 136176]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe [2009-07-14 9728]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R4 GenericMount Helper Service;GenericMount Helper Service;c:\program files (x86)\Norton Ghost\Shared\Drivers\GenericMountHelper.exe [2009-09-21 1571336]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0403000.005\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0403000.005\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20110309.001\BHDrvx64.sys [2011-02-25 1124472]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360x64\0403000.005\ccHPx64.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20110325.002\IDSvia64.sys [2011-03-14 476792]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0403000.005\Ironx64.SYS [x]
S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\N360x64\0403000.005\SYMTDIV.SYS [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 Apache2.2;Apache2.2;c:\xampp\apache\bin\httpd.exe [2009-12-19 29416]
S2 DragonSvc;Dragon Service;c:\program files (x86)\Common Files\Nuance\dgnsvc.exe [2010-08-12 296808]
S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\4.3.0.5\ccSvcHst.exe [2010-02-26 126392]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [x]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2010-12-07 2228008]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-12-20 132656]
S3 GenericMount;Generic Mount Driver;c:\windows\system32\DRIVERS\GenericMount.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
S3 SymSnapService;SymSnapService;c:\program files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe [2009-09-21 2963960]
.
.
Inhalt des "geplante Tasks" Ordners
.
2011-03-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-14 08:18]
.
2011-03-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-14 08:18]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\xxx\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\xxx\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\xxx\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\xxx\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"="c:\cofi\CF24674.cfxxe" [X]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-01-07 2328944]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: An vorhandene PDF-Datei anfügen - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: In Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
FF - ProfilePath - c:\users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\x4ooj935.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:home
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\4.3.0.5\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\4.3.0.5\diMaster.dll\" /prefetch:1"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\xampp\mysql\bin\mysqld.exe
c:\program files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files (x86)\Norton Ghost\Agent\VProSvc.exe
c:\program files (x86)\Nero\Nero BackItUp 4\IoctlSvc.exe
c:\program files (x86)\TeamViewer\Version6\TeamViewer.exe
c:\program files (x86)\TeamViewer\Version6\tv_w32.exe
c:\program files (x86)\Internet Explorer\IELowutil.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-03-29 18:54:34 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2011-03-29 16:54
ComboFix2.txt 2011-03-27 10:00
.
Vor Suchlauf: 19 Verzeichnis(se), 152.417.775.616 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 152.297.111.552 Bytes frei
.
- - End Of File - - F88B026213C530D7ACA890D32CABA648
|
|
29.03.2011, 19:19
| #17 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | iexplorer startet automatisch mehrere Prozesse im Hintergrund Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html
__________________
__________________ |
|
29.03.2011, 19:26
| #18 |
| | iexplorer startet automatisch mehrere Prozesse im HintergrundCode:
ATTFilter 2011/03/29 20:24:03.0660 3804 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/03/29 20:24:05.0662 3804 ================================================================================
2011/03/29 20:24:05.0662 3804 SystemInfo:
2011/03/29 20:24:05.0662 3804
2011/03/29 20:24:05.0662 3804 OS Version: 6.1.7601 ServicePack: 1.0
2011/03/29 20:24:05.0662 3804 Product type: Workstation
2011/03/29 20:24:05.0662 3804 ComputerName: xxx-PC
2011/03/29 20:24:05.0662 3804 UserName: xxx
2011/03/29 20:24:05.0662 3804 Windows directory: C:\Windows
2011/03/29 20:24:05.0662 3804 System windows directory: C:\Windows
2011/03/29 20:24:05.0662 3804 Running under WOW64
2011/03/29 20:24:05.0662 3804 Processor architecture: Intel x64
2011/03/29 20:24:05.0662 3804 Number of processors: 2
2011/03/29 20:24:05.0662 3804 Page size: 0x1000
2011/03/29 20:24:05.0662 3804 Boot type: Normal boot
2011/03/29 20:24:05.0662 3804 ================================================================================
2011/03/29 20:24:06.0600 3804 Initialize success
2011/03/29 20:24:16.0464 2192 ================================================================================
2011/03/29 20:24:16.0464 2192 Scan started
2011/03/29 20:24:16.0464 2192 Mode: Manual;
2011/03/29 20:24:16.0464 2192 ================================================================================
2011/03/29 20:24:17.0671 2192 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
2011/03/29 20:24:17.0740 2192 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
2011/03/29 20:24:17.0801 2192 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
2011/03/29 20:24:17.0886 2192 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/03/29 20:24:17.0970 2192 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/03/29 20:24:18.0049 2192 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/03/29 20:24:18.0156 2192 AFD (d31dc7a16dea4a9baf179f3d6fbdb38c) C:\Windows\system32\drivers\afd.sys
2011/03/29 20:24:18.0232 2192 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
2011/03/29 20:24:18.0397 2192 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
2011/03/29 20:24:18.0463 2192 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
2011/03/29 20:24:18.0542 2192 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/03/29 20:24:18.0824 2192 amdkmdag (dcc8177244fe79c61c4e73c65e63922a) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/03/29 20:24:19.0348 2192 amdkmdap (7fe67d107329dc2cf89136a8e19bceb7) C:\Windows\system32\DRIVERS\atikmpag.sys
2011/03/29 20:24:19.0500 2192 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/03/29 20:24:19.0572 2192 amdsata (6ec6d772eae38dc17c14aed9b178d24b) C:\Windows\system32\drivers\amdsata.sys
2011/03/29 20:24:19.0637 2192 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/03/29 20:24:19.0676 2192 amdxata (1142a21db581a84ea5597b03a26ebaa0) C:\Windows\system32\drivers\amdxata.sys
2011/03/29 20:24:19.0769 2192 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
2011/03/29 20:24:19.0937 2192 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/03/29 20:24:19.0982 2192 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/03/29 20:24:20.0064 2192 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/03/29 20:24:20.0128 2192 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
2011/03/29 20:24:20.0293 2192 AtiHDAudioService (4bf5bca6e2608cd8a00bc4a6673a9f47) C:\Windows\system32\drivers\AtihdW76.sys
2011/03/29 20:24:20.0607 2192 atikmdag (dcc8177244fe79c61c4e73c65e63922a) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/03/29 20:24:20.0848 2192 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/03/29 20:24:20.0926 2192 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/03/29 20:24:20.0984 2192 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/03/29 20:24:21.0162 2192 BHDrvx64 (0163c18a9ebc4a76542790cec49f5120) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20110309.001\BHDrvx64.sys
2011/03/29 20:24:21.0349 2192 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/03/29 20:24:21.0417 2192 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
2011/03/29 20:24:21.0487 2192 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/03/29 20:24:21.0526 2192 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/03/29 20:24:21.0593 2192 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/03/29 20:24:21.0630 2192 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/03/29 20:24:21.0685 2192 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/03/29 20:24:21.0708 2192 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/03/29 20:24:21.0773 2192 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/03/29 20:24:21.0939 2192 ccHP (da66e851e76766d2c84502fe682ab175) C:\Windows\system32\drivers\N360x64\0403000.005\ccHPx64.sys
2011/03/29 20:24:22.0034 2192 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/03/29 20:24:22.0132 2192 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
2011/03/29 20:24:22.0220 2192 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/03/29 20:24:22.0270 2192 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/03/29 20:24:22.0434 2192 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/03/29 20:24:22.0472 2192 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
2011/03/29 20:24:22.0519 2192 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
2011/03/29 20:24:22.0621 2192 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/03/29 20:24:22.0673 2192 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
2011/03/29 20:24:22.0773 2192 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/03/29 20:24:22.0881 2192 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
2011/03/29 20:24:23.0040 2192 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
2011/03/29 20:24:23.0116 2192 DgiVecp (2d589a2c024b2fb238535db9f7b3597d) C:\Windows\system32\Drivers\DgiVecp.sys
2011/03/29 20:24:23.0165 2192 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/03/29 20:24:23.0224 2192 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/03/29 20:24:23.0384 2192 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/03/29 20:24:23.0445 2192 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
2011/03/29 20:24:23.0567 2192 e1express (099e01a94167ca8bda2cf72037ad0e28) C:\Windows\system32\DRIVERS\e1e6232e.sys
2011/03/29 20:24:23.0690 2192 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/03/29 20:24:23.0877 2192 eeCtrl (066108ae4c35835081598827a1a7d08d) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
2011/03/29 20:24:24.0024 2192 ElbyCDIO (9a47ac3dfcf81d30922cdaaf1c2d579f) C:\Windows\system32\Drivers\ElbyCDIO.sys
2011/03/29 20:24:24.0086 2192 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/03/29 20:24:24.0184 2192 EraserUtilRebootDrv (12866876e3851f1e5d462b2a83e25578) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2011/03/29 20:24:24.0312 2192 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
2011/03/29 20:24:24.0400 2192 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/03/29 20:24:24.0429 2192 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/03/29 20:24:24.0627 2192 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/03/29 20:24:24.0696 2192 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/03/29 20:24:24.0729 2192 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/03/29 20:24:24.0775 2192 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/03/29 20:24:24.0841 2192 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
2011/03/29 20:24:24.0955 2192 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/03/29 20:24:24.0987 2192 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/03/29 20:24:25.0081 2192 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
2011/03/29 20:24:25.0124 2192 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/03/29 20:24:25.0203 2192 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/03/29 20:24:25.0274 2192 GenericMount (022807b149127b8faa3dbeb13a7d9b41) C:\Windows\system32\DRIVERS\GenericMount.sys
2011/03/29 20:24:25.0362 2192 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/03/29 20:24:25.0424 2192 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
2011/03/29 20:24:25.0470 2192 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/03/29 20:24:25.0512 2192 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/03/29 20:24:25.0544 2192 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/03/29 20:24:25.0572 2192 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/03/29 20:24:25.0638 2192 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
2011/03/29 20:24:25.0700 2192 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
2011/03/29 20:24:25.0779 2192 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
2011/03/29 20:24:25.0846 2192 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
2011/03/29 20:24:25.0906 2192 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
2011/03/29 20:24:25.0970 2192 iaStorV (3df4395a7cf8b7a72a5f4606366b8c2d) C:\Windows\system32\drivers\iaStorV.sys
2011/03/29 20:24:26.0113 2192 IDSVia64 (8f9faa4583e634a1505bad8d0c04c5c9) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20110325.002\IDSvia64.sys
2011/03/29 20:24:26.0245 2192 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/03/29 20:24:26.0314 2192 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
2011/03/29 20:24:26.0396 2192 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/03/29 20:24:26.0451 2192 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/03/29 20:24:26.0511 2192 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
2011/03/29 20:24:26.0563 2192 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/03/29 20:24:26.0655 2192 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/03/29 20:24:26.0712 2192 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
2011/03/29 20:24:26.0745 2192 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
2011/03/29 20:24:26.0844 2192 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
2011/03/29 20:24:26.0903 2192 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
2011/03/29 20:24:26.0966 2192 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
2011/03/29 20:24:27.0047 2192 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
2011/03/29 20:24:27.0142 2192 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/03/29 20:24:27.0350 2192 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/03/29 20:24:27.0416 2192 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/03/29 20:24:27.0453 2192 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/03/29 20:24:27.0508 2192 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/03/29 20:24:27.0545 2192 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/03/29 20:24:27.0599 2192 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/03/29 20:24:27.0641 2192 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/03/29 20:24:27.0697 2192 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/03/29 20:24:27.0764 2192 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/03/29 20:24:27.0831 2192 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/03/29 20:24:27.0907 2192 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
2011/03/29 20:24:27.0985 2192 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/03/29 20:24:28.0036 2192 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
2011/03/29 20:24:28.0088 2192 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
2011/03/29 20:24:28.0141 2192 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/03/29 20:24:28.0190 2192 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
2011/03/29 20:24:28.0234 2192 mrxsmb (faf015b07e3a2874a790a39b7d2c579f) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/03/29 20:24:28.0265 2192 mrxsmb10 (08e2345df129082bcdffdc1440f9c00d) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/03/29 20:24:28.0338 2192 mrxsmb20 (108d87409c5812ef47d81e22843e8c9d) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/03/29 20:24:28.0384 2192 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
2011/03/29 20:24:28.0410 2192 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
2011/03/29 20:24:28.0503 2192 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/03/29 20:24:28.0532 2192 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/03/29 20:24:28.0592 2192 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
2011/03/29 20:24:28.0676 2192 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/03/29 20:24:28.0712 2192 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/03/29 20:24:28.0740 2192 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/03/29 20:24:28.0780 2192 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
2011/03/29 20:24:28.0835 2192 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
2011/03/29 20:24:28.0917 2192 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/03/29 20:24:28.0958 2192 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/03/29 20:24:29.0011 2192 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/03/29 20:24:29.0186 2192 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/03/29 20:24:29.0297 2192 NAVENG (7be93dbb02b66e72872ff76d8a92e662) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20110329.005\ENG64.SYS
2011/03/29 20:24:29.0367 2192 NAVEX15 (be99edbba322ca59b3f2fe17b9bf987a) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20110329.005\EX64.SYS
2011/03/29 20:24:29.0551 2192 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
2011/03/29 20:24:29.0651 2192 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/03/29 20:24:29.0711 2192 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/03/29 20:24:29.0759 2192 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/03/29 20:24:29.0806 2192 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/03/29 20:24:29.0846 2192 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
2011/03/29 20:24:29.0968 2192 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/03/29 20:24:30.0007 2192 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
2011/03/29 20:24:30.0114 2192 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/03/29 20:24:30.0210 2192 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/03/29 20:24:30.0265 2192 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/03/29 20:24:30.0345 2192 Ntfs (05d78aa5cb5f3f5c31160bdb955d0b7c) C:\Windows\system32\drivers\Ntfs.sys
2011/03/29 20:24:30.0443 2192 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/03/29 20:24:30.0494 2192 nvraid (5d9fd91f3d38dc9da01e3cb5fa89cd48) C:\Windows\system32\drivers\nvraid.sys
2011/03/29 20:24:30.0564 2192 nvstor (f7cd50fe7139f07e77da8ac8033d1832) C:\Windows\system32\drivers\nvstor.sys
2011/03/29 20:24:30.0626 2192 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
2011/03/29 20:24:30.0679 2192 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
2011/03/29 20:24:30.0808 2192 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/03/29 20:24:30.0863 2192 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
2011/03/29 20:24:30.0939 2192 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
2011/03/29 20:24:30.0981 2192 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
2011/03/29 20:24:31.0071 2192 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/03/29 20:24:31.0100 2192 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/03/29 20:24:31.0145 2192 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/03/29 20:24:31.0348 2192 Point64 (b23f79e41e30ed500586151a9ef27d8f) C:\Windows\system32\DRIVERS\point64.sys
2011/03/29 20:24:31.0433 2192 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
2011/03/29 20:24:31.0471 2192 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/03/29 20:24:31.0600 2192 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
2011/03/29 20:24:31.0682 2192 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/03/29 20:24:31.0779 2192 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/03/29 20:24:31.0830 2192 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/03/29 20:24:31.0913 2192 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/03/29 20:24:31.0998 2192 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/03/29 20:24:32.0100 2192 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/03/29 20:24:32.0157 2192 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/03/29 20:24:32.0186 2192 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/03/29 20:24:32.0239 2192 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
2011/03/29 20:24:32.0283 2192 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/03/29 20:24:32.0304 2192 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/03/29 20:24:32.0377 2192 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
2011/03/29 20:24:32.0483 2192 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/03/29 20:24:32.0522 2192 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/03/29 20:24:32.0579 2192 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
2011/03/29 20:24:32.0679 2192 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
2011/03/29 20:24:32.0806 2192 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/03/29 20:24:32.0874 2192 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
2011/03/29 20:24:32.0925 2192 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
2011/03/29 20:24:33.0008 2192 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
2011/03/29 20:24:33.0132 2192 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/03/29 20:24:33.0203 2192 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/03/29 20:24:33.0228 2192 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/03/29 20:24:33.0304 2192 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/03/29 20:24:33.0396 2192 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
2011/03/29 20:24:33.0418 2192 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
2011/03/29 20:24:33.0448 2192 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
2011/03/29 20:24:33.0513 2192 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/03/29 20:24:33.0615 2192 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/03/29 20:24:33.0664 2192 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/03/29 20:24:33.0710 2192 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/03/29 20:24:33.0767 2192 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/03/29 20:24:33.0869 2192 SRTSP (96babc4906ecdb1c69d1176f8647ad8e) C:\Windows\System32\Drivers\N360x64\0403000.005\SRTSP64.SYS
2011/03/29 20:24:34.0011 2192 SRTSPX (c7f491a290e0e4222f5cdcd50eeb8167) C:\Windows\system32\drivers\N360x64\0403000.005\SRTSPX64.SYS
2011/03/29 20:24:34.0101 2192 srv (2098b8556d1cec2aca9a29cd479e3692) C:\Windows\system32\DRIVERS\srv.sys
2011/03/29 20:24:34.0158 2192 srv2 (d0f73a42040f21f92fd314b42ac5c9e7) C:\Windows\system32\DRIVERS\srv2.sys
2011/03/29 20:24:34.0229 2192 srvnet (2ba8f3250828ccdb4204ecf2c6f40b6a) C:\Windows\system32\DRIVERS\srvnet.sys
2011/03/29 20:24:34.0321 2192 SSPORT (0211ab46b73a2623b86c1cfcb30579ab) C:\Windows\system32\Drivers\SSPORT.sys
2011/03/29 20:24:34.0374 2192 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/03/29 20:24:34.0439 2192 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
2011/03/29 20:24:34.0517 2192 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
2011/03/29 20:24:34.0581 2192 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
2011/03/29 20:24:34.0717 2192 SymDS (659b227a72b76115975a6a9491b2fe1f) C:\Windows\system32\drivers\N360x64\0403000.005\SYMDS64.SYS
2011/03/29 20:24:34.0834 2192 SymEFA (42c952d131eff724a9959bb6d78c1b63) C:\Windows\system32\drivers\N360x64\0403000.005\SYMEFA64.SYS
2011/03/29 20:24:34.0917 2192 SymEvent (3f9d5fe52585e2653e59fdbfdf09a94c) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2011/03/29 20:24:35.0020 2192 SymIRON (f57588546e738db1583981d8f44e9bc2) C:\Windows\system32\drivers\N360x64\0403000.005\Ironx64.SYS
2011/03/29 20:24:35.0055 2192 symsnap (2d9b2746f7dea46d1572b84a06311566) C:\Windows\system32\DRIVERS\symsnap.sys
2011/03/29 20:24:35.0185 2192 SYMTDIv (8abb6e5b7d75cd3f0a988695d0d9186a) C:\Windows\System32\Drivers\N360x64\0403000.005\SYMTDIV.SYS
2011/03/29 20:24:35.0400 2192 Tcpip (509383e505c973ed7534a06b3d19688d) C:\Windows\system32\drivers\tcpip.sys
2011/03/29 20:24:35.0574 2192 TCPIP6 (509383e505c973ed7534a06b3d19688d) C:\Windows\system32\DRIVERS\tcpip.sys
2011/03/29 20:24:35.0664 2192 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
2011/03/29 20:24:35.0722 2192 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/03/29 20:24:35.0779 2192 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/03/29 20:24:35.0866 2192 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
2011/03/29 20:24:35.0964 2192 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
2011/03/29 20:24:36.0137 2192 truecrypt (ea43de1743c1ba0d2d17b8db90c91d88) C:\Windows\system32\drivers\truecrypt.sys
2011/03/29 20:24:36.0221 2192 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/03/29 20:24:36.0363 2192 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
2011/03/29 20:24:36.0408 2192 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/03/29 20:24:36.0459 2192 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
2011/03/29 20:24:36.0558 2192 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
2011/03/29 20:24:36.0609 2192 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
2011/03/29 20:24:36.0660 2192 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/03/29 20:24:36.0707 2192 USBAAPL64 (54d4b48d443e7228bf64cf7cdc3118ac) C:\Windows\system32\Drivers\usbaapl64.sys
2011/03/29 20:24:36.0793 2192 usbccgp (481dff26b4dca8f4cbac1f7dce1d6829) C:\Windows\system32\drivers\usbccgp.sys
2011/03/29 20:24:36.0864 2192 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
2011/03/29 20:24:36.0920 2192 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
2011/03/29 20:24:37.0057 2192 usbhub (dc96bd9ccb8403251bcf25047573558e) C:\Windows\system32\drivers\usbhub.sys
2011/03/29 20:24:37.0120 2192 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
2011/03/29 20:24:37.0174 2192 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/03/29 20:24:37.0264 2192 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
2011/03/29 20:24:37.0346 2192 USBSTOR (d76510cfa0fc09023077f22c2f979d86) C:\Windows\system32\drivers\USBSTOR.SYS
2011/03/29 20:24:37.0409 2192 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/03/29 20:24:37.0491 2192 VClone (84bb306b7863883018d7f3eb0c453bd5) C:\Windows\system32\DRIVERS\VClone.sys
2011/03/29 20:24:37.0590 2192 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
2011/03/29 20:24:37.0706 2192 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/03/29 20:24:37.0764 2192 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/03/29 20:24:37.0813 2192 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
2011/03/29 20:24:37.0878 2192 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
2011/03/29 20:24:37.0935 2192 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
2011/03/29 20:24:37.0961 2192 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
2011/03/29 20:24:38.0003 2192 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
2011/03/29 20:24:38.0094 2192 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
2011/03/29 20:24:38.0161 2192 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
2011/03/29 20:24:38.0246 2192 VProEventMonitor (8b7454930230db4bc4ba35a467be09aa) C:\Windows\system32\DRIVERS\vproeventmonitor.sys
2011/03/29 20:24:38.0547 2192 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/03/29 20:24:38.0671 2192 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
2011/03/29 20:24:38.0720 2192 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/03/29 20:24:38.0783 2192 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
2011/03/29 20:24:38.0808 2192 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
2011/03/29 20:24:38.0956 2192 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/03/29 20:24:39.0043 2192 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/03/29 20:24:39.0149 2192 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/03/29 20:24:39.0208 2192 WimFltr (52ded146e4797e6ccf94799e8e22bb2a) C:\Windows\system32\DRIVERS\wimfltr.sys
2011/03/29 20:24:39.0255 2192 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/03/29 20:24:39.0440 2192 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/03/29 20:24:39.0470 2192 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
2011/03/29 20:24:39.0656 2192 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/03/29 20:24:39.0754 2192 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
2011/03/29 20:24:39.0798 2192 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/03/29 20:24:39.0881 2192 ================================================================================
2011/03/29 20:24:39.0881 2192 Scan finished
2011/03/29 20:24:39.0881 2192 ================================================================================
|
|
29.03.2011, 19:40
| #19 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | iexplorer startet automatisch mehrere Prozesse im Hintergrund Bitte nun Logs mit GMER und mbrcheck erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg Anleitung zu mbrcheck: Downloade Dir MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
29.03.2011, 20:21
| #20 |
| | iexplorer startet automatisch mehrere Prozesse im Hintergrund Hier das Ergebnis von MBRCheck: Code:
ATTFilter MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows 7 Professional
Windows Information: Service Pack 1 (build 7601), 64-bit
Base Board Manufacturer: Dell Inc.
BIOS Manufacturer: Dell Inc.
System Manufacturer: Dell Inc.
System Product Name: Dell DM061
Logical Drives Mask: 0x0000f7fc
Kernel Drivers (total 203):
0x02C1B000 \SystemRoot\system32\ntoskrnl.exe
0x03205000 \SystemRoot\system32\hal.dll
0x00BCB000 \SystemRoot\system32\kdcom.dll
0x00CB5000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00D04000 \SystemRoot\system32\PSHED.dll
0x00D18000 \SystemRoot\system32\CLFS.SYS
0x00ED0000 \SystemRoot\system32\CI.dll
0x00E00000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00EA4000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00F90000 \SystemRoot\system32\drivers\ACPI.sys
0x00FE7000 \SystemRoot\system32\drivers\WMILIB.SYS
0x00FF0000 \SystemRoot\system32\drivers\msisadrv.sys
0x00D76000 \SystemRoot\system32\drivers\pci.sys
0x00EB3000 \SystemRoot\system32\drivers\vdrvroot.sys
0x00DA9000 \SystemRoot\System32\drivers\partmgr.sys
0x00DBE000 \SystemRoot\system32\drivers\volmgr.sys
0x00C00000 \SystemRoot\System32\drivers\volmgrx.sys
0x00C5C000 \SystemRoot\System32\drivers\mountmgr.sys
0x00C76000 \SystemRoot\system32\drivers\vmbus.sys
0x00DD3000 \SystemRoot\system32\drivers\winhv.sys
0x0103C000 \SystemRoot\system32\drivers\iaStorV.sys
0x0115A000 \SystemRoot\system32\drivers\amdxata.sys
0x01165000 \SystemRoot\system32\drivers\fltmgr.sys
0x012F2000 \SystemRoot\system32\drivers\N360x64\0403000.005\SYMDS64.SYS
0x01360000 \SystemRoot\system32\drivers\fileinfo.sys
0x01374000 \SystemRoot\system32\drivers\N360x64\0403000.005\SYMEFA64.SYS
0x013AF000 \SystemRoot\system32\DRIVERS\symsnap.sys
0x01455000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01200000 \SystemRoot\System32\Drivers\msrpc.sys
0x01400000 \SystemRoot\System32\Drivers\ksecdd.sys
0x0125E000 \SystemRoot\System32\Drivers\cng.sys
0x0141B000 \SystemRoot\System32\drivers\pcw.sys
0x0142C000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x01633000 \SystemRoot\system32\drivers\ndis.sys
0x01726000 \SystemRoot\system32\drivers\NETIO.SYS
0x01786000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x018A3000 \SystemRoot\System32\drivers\tcpip.sys
0x01AA7000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01AF1000 \SystemRoot\system32\drivers\vmstorfl.sys
0x01B01000 \SystemRoot\system32\drivers\volsnap.sys
0x01B4D000 \SystemRoot\System32\Drivers\spldr.sys
0x01B55000 \SystemRoot\System32\drivers\rdyboost.sys
0x01B8F000 \SystemRoot\System32\Drivers\mup.sys
0x01BA1000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01BAA000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01BE4000 \SystemRoot\system32\DRIVERS\disk.sys
0x01800000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x02FC7000 \SystemRoot\system32\drivers\cdrom.sys
0x02E00000 \SystemRoot\System32\Drivers\N360x64\0403000.005\SRTSP64.SYS
0x0183E000 \SystemRoot\system32\drivers\N360x64\0403000.005\Ironx64.SYS
0x01865000 \SystemRoot\system32\drivers\N360x64\0403000.005\SRTSPX64.SYS
0x03C00000 \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
0x03C36000 \SystemRoot\System32\Drivers\Null.SYS
0x03DF9000 \SystemRoot\System32\Drivers\Beep.SYS
0x02E86000 \SystemRoot\System32\drivers\vga.sys
0x017B1000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x017D6000 \SystemRoot\System32\drivers\watchdog.sys
0x02FF1000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x01899000 \SystemRoot\system32\drivers\rdpencdd.sys
0x017E6000 \SystemRoot\system32\drivers\rdprefmp.sys
0x017EF000 \SystemRoot\System32\Drivers\Msfs.SYS
0x01600000 \SystemRoot\System32\Drivers\Npfs.SYS
0x01611000 \SystemRoot\system32\DRIVERS\tdx.sys
0x01436000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x03E95000 \SystemRoot\System32\Drivers\N360x64\0403000.005\SYMTDIV.SYS
0x03F0B000 \SystemRoot\system32\drivers\afd.sys
0x03F94000 \SystemRoot\System32\DRIVERS\netbt.sys
0x03FD9000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x03E00000 \SystemRoot\system32\DRIVERS\pacer.sys
0x03E26000 \SystemRoot\system32\DRIVERS\netbios.sys
0x03E35000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x03E50000 \SystemRoot\System32\drivers\truecrypt.sys
0x03FE2000 \SystemRoot\system32\drivers\termdd.sys
0x04021000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x04072000 \SystemRoot\system32\drivers\nsiproxy.sys
0x0407E000 \SystemRoot\system32\drivers\mssmbios.sys
0x04089000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20110325.002\IDSvia64.sys
0x04104000 \SystemRoot\System32\Drivers\ElbyCDIO.sys
0x0410F000 \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
0x04185000 \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
0x041AA000 \SystemRoot\System32\drivers\discache.sys
0x042EF000 \SystemRoot\system32\drivers\csc.sys
0x04372000 \SystemRoot\System32\Drivers\dfsc.sys
0x04200000 \SystemRoot\system32\drivers\N360x64\0403000.005\ccHPx64.sys
0x0429C000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x0442E000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20110309.001\BHDrvx64.sys
0x04544000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x0456A000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x04580000 \SystemRoot\system32\DRIVERS\atikmpag.sys
0x04A85000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x0463B000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x0472F000 \SystemRoot\System32\drivers\dxgmms1.sys
0x04775000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x04799000 \SystemRoot\system32\DRIVERS\e1e6232e.sys
0x047E2000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x05381000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x047EF000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x04600000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x0460D000 \SystemRoot\system32\drivers\CompositeBus.sys
0x0461D000 \SystemRoot\system32\DRIVERS\GenericMount.sys
0x053D7000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x04A00000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x04A24000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x04A30000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x04A5F000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x045CE000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x04400000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x04630000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x053ED000 \SystemRoot\system32\drivers\kbdclass.sys
0x0441A000 \SystemRoot\system32\drivers\mouclass.sys
0x045EF000 \SystemRoot\system32\DRIVERS\VClone.sys
0x042AD000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
0x053FC000 \SystemRoot\system32\drivers\swenum.sys
0x04390000 \SystemRoot\system32\drivers\ks.sys
0x043D3000 \SystemRoot\system32\drivers\umbus.sys
0x058C5000 \SystemRoot\system32\drivers\usbhub.sys
0x0591F000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x05934000 \SystemRoot\system32\drivers\AtihdW76.sys
0x05954000 \SystemRoot\system32\drivers\portcls.sys
0x05991000 \SystemRoot\system32\drivers\drmk.sys
0x059B3000 \SystemRoot\system32\drivers\ksthunk.sys
0x05800000 \SystemRoot\system32\drivers\HdAudio.sys
0x0585C000 \SystemRoot\System32\Drivers\crashdmp.sys
0x02E94000 \SystemRoot\System32\Drivers\dump_iaStorV.sys
0x0586A000 \SystemRoot\system32\drivers\usbccgp.sys
0x05887000 \SystemRoot\system32\drivers\USBD.SYS
0x05889000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x0589C000 \SystemRoot\system32\DRIVERS\usbscan.sys
0x058AD000 \SystemRoot\system32\DRIVERS\usbprint.sys
0x059B9000 \SystemRoot\system32\drivers\USBSTOR.SYS
0x000A0000 \SystemRoot\System32\win32k.sys
0x059D4000 \SystemRoot\System32\drivers\Dxapi.sys
0x059E0000 \SystemRoot\system32\drivers\hidusb.sys
0x043E5000 \SystemRoot\system32\drivers\HIDCLASS.SYS
0x059EE000 \SystemRoot\system32\drivers\HIDPARSE.SYS
0x042DC000 \SystemRoot\system32\drivers\kbdhid.sys
0x041B9000 \SystemRoot\system32\DRIVERS\monitor.sys
0x004F0000 \SystemRoot\System32\TSDDD.dll
0x006F0000 \SystemRoot\System32\cdd.dll
0x041C7000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x041D4000 \SystemRoot\system32\DRIVERS\point64.sys
0x00870000 \SystemRoot\System32\ATMFD.DLL
0x013DD000 \SystemRoot\system32\drivers\luafv.sys
0x04000000 \SystemRoot\system32\drivers\WudfPf.sys
0x041E4000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x012D0000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x062A5000 \SystemRoot\system32\drivers\HTTP.sys
0x0636E000 \SystemRoot\system32\DRIVERS\bowser.sys
0x0638C000 \SystemRoot\System32\drivers\mpsdrv.sys
0x063A4000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x06200000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x0624D000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x088A7000 \SystemRoot\system32\drivers\peauth.sys
0x0894D000 \SystemRoot\System32\Drivers\secdrv.SYS
0x08958000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x08989000 \??\C:\Windows\system32\Drivers\SSPORT.sys
0x08991000 \SystemRoot\System32\drivers\tcpipreg.sys
0x08800000 \SystemRoot\System32\DRIVERS\srv2.sys
0x0909F000 \SystemRoot\System32\DRIVERS\srv.sys
0x09138000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x09000000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x03C3F000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20110329.005\EX64.SYS
0x0900B000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20110329.005\ENG64.SYS
0x77590000 \Windows\System32\ntdll.dll
0x482F0000 \Windows\System32\smss.exe
0xFF8B0000 \Windows\System32\apisetschema.dll
0xFFA80000 \Windows\System32\autochk.exe
0xFF800000 \Windows\System32\msvcrt.dll
0x77380000 \Windows\System32\iertutil.dll
0xFF790000 \Windows\System32\gdi32.dll
0xFF760000 \Windows\System32\imm32.dll
0xFF680000 \Windows\System32\oleaut32.dll
0xFF5E0000 \Windows\System32\clbcatq.dll
0x77230000 \Windows\System32\urlmon.dll
0xFF4D0000 \Windows\System32\msctf.dll
0xFF450000 \Windows\System32\difxapi.dll
0xFF240000 \Windows\System32\ole32.dll
0xFF1F0000 \Windows\System32\ws2_32.dll
0xFF170000 \Windows\System32\shlwapi.dll
0xFF0D0000 \Windows\System32\comdlg32.dll
0xFE340000 \Windows\System32\shell32.dll
0xFE330000 \Windows\System32\lpk.dll
0x77130000 \Windows\System32\user32.dll
0xFE310000 \Windows\System32\imagehlp.dll
0x77760000 \Windows\System32\normaliz.dll
0xFE300000 \Windows\System32\nsi.dll
0xFE2A0000 \Windows\System32\Wldap32.dll
0x76FD0000 \Windows\System32\wininet.dll
0xFE1C0000 \Windows\System32\advapi32.dll
0xFE090000 \Windows\System32\rpcrt4.dll
0xFDFC0000 \Windows\System32\usp10.dll
0x76EB0000 \Windows\System32\kernel32.dll
0xFDFA0000 \Windows\System32\sechost.dll
0xFDDC0000 \Windows\System32\setupapi.dll
0x77750000 \Windows\System32\psapi.dll
0xFDDA0000 \Windows\System32\devobj.dll
0xFDC30000 \Windows\System32\crypt32.dll
0xFDB90000 \Windows\System32\comctl32.dll
0xFDB50000 \Windows\System32\cfgmgr32.dll
0xFDB10000 \Windows\System32\wintrust.dll
0xFDAA0000 \Windows\System32\KernelBase.dll
0xFDA90000 \Windows\System32\msasn1.dll
0x75C90000 \Windows\SysWOW64\normaliz.dll
Processes (total 61):
0 System Idle Process
4 System
348 C:\Windows\System32\smss.exe
488 csrss.exe
568 csrss.exe
576 C:\Windows\System32\wininit.exe
624 C:\Windows\System32\winlogon.exe
672 C:\Windows\System32\services.exe
680 C:\Windows\System32\lsass.exe
688 C:\Windows\System32\lsm.exe
780 C:\Windows\System32\svchost.exe
864 C:\Windows\System32\svchost.exe
952 C:\Windows\System32\atiesrxx.exe
1004 C:\Windows\System32\svchost.exe
288 C:\Windows\System32\svchost.exe
384 C:\Windows\System32\svchost.exe
1084 C:\Windows\System32\svchost.exe
1156 C:\Windows\System32\atieclxx.exe
1212 C:\Windows\System32\svchost.exe
1344 C:\Windows\System32\spoolsv.exe
1412 C:\Windows\System32\svchost.exe
1512 C:\xampp\apache\bin\httpd.exe
1556 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1688 C:\Windows\System32\taskhost.exe
1780 C:\Windows\System32\dwm.exe
1836 C:\Windows\explorer.exe
1528 C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
1260 C:\Windows\System32\svchost.exe
1696 C:\xampp\mysql\bin\mysqld.exe
1652 C:\Program Files (x86)\Norton 360\Engine\4.3.0.5\ccsvchst.exe
2088 C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
2156 C:\Windows\WindowsMobile\wmdc.exe
2204 C:\Program Files (x86)\Norton Ghost\Agent\VProSvc.exe
2236 C:\Program Files\Microsoft IntelliPoint\ipoint.exe
2472 C:\Program Files (x86)\Windows Sidebar\sidebar.exe
2748 C:\xampp\apache\bin\httpd.exe
2756 C:\Program Files (x86)\Nero\Nero BackItUp 4\IoctlSvc.exe
2840 C:\Windows\System32\svchost.exe
3300 C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
3580 C:\Program Files (x86)\iTunes\iTunesHelper.exe
3628 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
3636 C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
4208 WmiPrvSE.exe
4352 C:\Windows\System32\SearchIndexer.exe
4704 C:\Program Files (x86)\Norton 360\Engine\4.3.0.5\ccsvchst.exe
4732 C:\Windows\System32\svchost.exe
4772 C:\Windows\System32\svchost.exe
4104 WUDFHost.exe
3644 C:\Program Files\Windows Media Player\wmpnetwk.exe
5424 C:\Program Files\iPod\bin\iPodService.exe
5868 C:\Program Files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe
4324 C:\Windows\System32\svchost.exe
4384 C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
5832 C:\Program Files (x86)\Norton Ghost\Agent\VProTray.exe
5852 C:\Windows\System32\taskmgr.exe
5764 C:\Windows\System32\SearchProtocolHost.exe
1996 C:\Windows\System32\SearchFilterHost.exe
4056 C:\Windows\System32\dllhost.exe
6084 C:\Windows\System32\audiodg.exe
3388 C:\Users\xxx\Downloads\MBRCheck.exe
1816 C:\Windows\System32\conhost.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)
PhysicalDrive0 Model Number: ST3250820AS, Rev: 3.ADG
PhysicalDrive1 Model Number: ST3250820AS, Rev: 3.ADG
Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
232 GB \\.\PhysicalDrive1 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979
Done!
|
|
29.03.2011, 20:22
| #21 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | iexplorer startet automatisch mehrere Prozesse im Hintergrund Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ --> iexplorer startet automatisch mehrere Prozesse im Hintergrund |
|
30.03.2011, 17:18
| #22 |
| | iexplorer startet automatisch mehrere Prozesse im Hintergrund Okay. Schon mal besten Dank. Hier die Logs: Code:
ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Datenbank Version: 6206
Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421
30.03.2011 07:32:41
mbam-log-2011-03-30 (07-32-41).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 468625
Laufzeit: 1 Stunde(n), 27 Minute(n), 39 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Code:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 03/29/2011 at 10:49 PM
Application Version : 4.50.1002
Core Rules Database Version : 6702
Trace Rules Database Version: 4514
Scan type : Complete Scan
Total Scan Time : 00:55:58
Memory items scanned : 640
Memory threats detected : 0
Registry items scanned : 16031
Registry threats detected : 0
File items scanned : 50096
File threats detected : 4
Adware.Tracking Cookie
C:\Users\Simon Zens\AppData\Roaming\Microsoft\Windows\Cookies\simon_zens@msnportal.112.2o7[1].txt
C:\Users\Simon Zens\AppData\Roaming\Microsoft\Windows\Cookies\simon_zens@atdmt[1].txt
C:\Users\Simon Zens\AppData\Roaming\Microsoft\Windows\Cookies\Low\simon_zens@atdmt[1].txt
C:\Users\Simon Zens\AppData\Roaming\Microsoft\Windows\Cookies\Low\simon_zens@msnportal.112.2o7[1].txt
 Gerade liefen wieder 6 Prozesse iexplore.exe |
|
30.03.2011, 19:30
| #23 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | iexplorer startet automatisch mehrere Prozesse im Hintergrund Da wurden nur Cookies gefunden. Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
30.03.2011, 20:48
| #24 | |
| | iexplorer startet automatisch mehrere Prozesse im HintergrundZitat:
|
|
31.03.2011, 12:03
| #25 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | iexplorer startet automatisch mehrere Prozesse im Hintergrund Deinstallier Norton mal bitte komplett. Ich will nicht ausschließen, dass Norton damit irgendwas zu tun.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
01.04.2011, 17:28
| #26 | |
| | iexplorer startet automatisch mehrere Prozesse im HintergrundZitat:
|
|
01.04.2011, 18:57
| #27 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | iexplorer startet automatisch mehrere Prozesse im Hintergrund POste bitte mal frische OTL-Logs.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
02.04.2011, 08:19
| #28 | |
| | iexplorer startet automatisch mehrere Prozesse im HintergrundZitat:
Code:
ATTFilter OTL logfile created on: 01.04.2011 22:08:54 - Run 3 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\xxx\Downloads 64bit- An unknown product Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 6,00 Gb Total Physical Memory | 4,00 Gb Available Physical Memory | 69,00% Memory free 12,00 Gb Paging File | 10,00 Gb Available in Paging File | 81,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 232,83 Gb Total Space | 140,04 Gb Free Space | 60,15% Space Free | Partition Type: NTFS Drive D: | 232,83 Gb Total Space | 111,10 Gb Free Space | 47,72% Space Free | Partition Type: NTFS Computer Name: xxx-PC | User Name: xxx | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\xxx\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 8\firefox.exe (Mozilla Corporation) PRC - C:\Users\xxx\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer.exe (TeamViewer GmbH) PRC - C:\Program Files (x86)\TeamViewer\Version6\tv_w32.exe (TeamViewer GmbH) PRC - C:\Program Files (x86)\Growl for Windows\Growl.exe (element code project) PRC - C:\Program Files (x86)\Norton 360\Engine\5.0.0.125\ccSvcHst.exe (Symantec Corporation) PRC - C:\Program Files (x86)\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe (Nuance Communications, Inc.) PRC - C:\xampp\mysql\bin\mysqld.exe (MySQL AB) PRC - C:\xampp\apache\bin\httpd.exe (Apache Software Foundation) PRC - C:\Windows\Samsung\PanelMgr\SSMMgr.exe () PRC - C:\Program Files (x86)\Norton Ghost\Agent\VProSvc.exe (Symantec Corporation) PRC - C:\Users\xxx\Local Settings\Apps\F.lux\flux.exe () PRC - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG) PRC - C:\Program Files (x86)\Nero\Nero BackItUp 4\IoctlSvc.exe (Prolific Technology Inc.) PRC - C:\Program Files (x86)\Heirue-Soft\FMS32-PRO\fms32pro.exe (HeiRue-Soft) ========== Modules (SafeList) ========== MOD - C:\Users\xxx\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (KMService) -- C:\Windows\SysWOW64\srvany.exe () SRV - (TeamViewer6) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (N360) -- C:\Program Files (x86)\Norton 360\Engine\5.0.0.125\ccSvcHst.exe (Symantec Corporation) SRV - (DragonSvc) -- C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe (Nuance Communications, Inc.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) SRV - (MySQL) -- C:\xampp\mysql\bin\mysqld.exe (MySQL AB) SRV - (Apache2.2) -- C:\xampp\apache\bin\httpd.exe (Apache Software Foundation) SRV - (Norton Ghost) -- C:\Program Files (x86)\Norton Ghost\Agent\VProSvc.exe (Symantec Corporation) SRV - (GenericMount Helper Service) -- C:\Program Files (x86)\Norton Ghost\Shared\Drivers\GenericMountHelper.exe (Symantec) SRV - (SymSnapService) -- C:\Program Files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe (Symantec) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG) SRV - (PLFlash DeviceIoControl Service) -- C:\Program Files (x86)\Nero\Nero BackItUp 4\IoctlSvc.exe (Prolific Technology Inc.) SRV - (LiveUpdate) -- C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE (Symantec Corporation) SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (SMR162) -- C:\Windows\SysNative\drivers\SMR162.SYS (Symantec Corporation) DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (truecrypt) -- C:\Windows\SysNative\drivers\truecrypt.sys (TrueCrypt Foundation) DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation) DRV:64bit: - (SymNetS) -- C:\Windows\SysNative\drivers\N360x64\0500000.07D\symnets.sys (Symantec Corporation) DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\N360x64\0500000.07D\srtsp64.sys (Symantec Corporation) DRV:64bit: - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\SysNative\drivers\N360x64\0500000.07D\srtspx64.sys (Symantec Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\N360x64\0500000.07D\SymEFA64.sys (Symantec Corporation) DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices) DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\N360x64\0500000.07D\Ironx64.sys (Symantec Corporation) DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\N360x64\0500000.07D\SymDS64.sys (Symantec Corporation) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG) DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation) DRV:64bit: - (VProEventMonitor) -- C:\Windows\SysNative\drivers\vproeventmonitor.sys (Symantec Corporation) DRV:64bit: - (GenericMount) -- C:\Windows\SysNative\drivers\GenericMount.sys (Symantec Corporation) DRV:64bit: - (symsnap) -- C:\Windows\SysNative\drivers\symsnap.sys (StorageCraft) DRV:64bit: - (VClone) -- C:\Windows\SysNative\drivers\VClone.sys (Elaborate Bytes AG) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof () DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (e1express) Intel(R) -- C:\Windows\SysNative\drivers\e1e6232e.sys (Intel Corporation) DRV:64bit: - (DgiVecp) -- C:\Windows\SysNative\drivers\DgivEcp.sys (Samsung Electronics Co., Ltd.) DRV:64bit: - (SSPORT) -- C:\Windows\SysNative\drivers\SSPORT.SYS (Samsung Electronics) DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20110401.002\ex64.sys (Symantec Corporation) DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation) DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation) DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20110401.002\eng64.sys (Symantec Corporation) DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20110330.001\IDSviA64.sys (Symantec Corporation) DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20110309.001\BHDrvx64.sys (Symantec Corporation) DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 7B 16 F6 81 CA DE CB 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Web Search..." FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "about:home" FF - HKLM\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2010.12.22 16:20:30 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\ [2011.04.01 18:53:32 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn\ [2011.04.01 18:52:50 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 8\components [2011.03.20 20:11:34 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 8\plugins [2011.03.27 09:59:02 | 000,000,000 | ---D | M] [2010.12.20 15:54:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxx\AppData\Roaming\mozilla\Extensions [2011.03.27 11:43:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\x4ooj935.default\extensions [2011.03.13 17:38:23 | 000,001,583 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\x4ooj935.default\searchplugins\web-search.xml File not found (No name found) -- [2011.03.10 07:14:00 | 000,000,000 | ---D | M] (1Password) -- C:\PROGRAM FILES (X86)\1PASSWORD\FIREFOX@1PASSWD.COM [2011.03.23 06:54:32 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES (X86)\MOZILLA FIREFOX 4.0 BETA 8\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011.04.01 18:53:32 | 000,000,000 | ---D | M] (Norton IPS) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPLGN () (No name found) -- C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X4OOJ935.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI () (No name found) -- C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X4OOJ935.DEFAULT\EXTENSIONS\ISREADITLATER@IDEASHOWER.COM.XPI () (No name found) -- C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X4OOJ935.DEFAULT\EXTENSIONS\TESTPILOT@LABS.MOZILLA.COM.XPI O1 HOSTS File: ([2011.03.29 18:33:25 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\5.0.0.125\coIEPlg.dll (Symantec Corporation) O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\5.0.0.125\IPS\IPSBHO.DLL (Symantec Corporation) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\5.0.0.125\coIEPlg.dll (Symantec Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation) O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\ssmmgr.exe () O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [F.lux] C:\Users\xxx\Local Settings\Apps\F.lux\flux.exe () O4 - HKCU..\Run: [Growl] C:\Program Files (x86)\Growl for Windows\Growl.exe (element code project) O4 - HKCU..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\sidebar.exe (Microsoft Corporation) O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) O4 - Startup: C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\xxx\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKCU\...com [@ = ComFile] -- Reg Error: Key error. File not found O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found ========== Files/Folders - Created Within 30 Days ========== [2011.04.01 21:36:23 | 000,090,232 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SMR162.SYS [2011.04.01 21:35:33 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\NPE [2011.04.01 18:53:24 | 000,174,640 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS [2011.04.01 18:53:24 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Symantec Shared [2011.04.01 18:53:24 | 000,000,000 | ---D | C] -- C:\Programme\Symantec [2011.04.01 18:53:07 | 000,382,072 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0500000.07D\symnets.sys [2011.04.01 18:53:06 | 000,802,864 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0500000.07D\SymEFA64.sys [2011.04.01 18:53:06 | 000,735,864 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0500000.07D\srtsp64.sys [2011.04.01 18:53:06 | 000,450,608 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0500000.07D\SymDS64.sys [2011.04.01 18:53:06 | 000,171,128 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0500000.07D\Ironx64.sys [2011.04.01 18:53:06 | 000,040,568 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0500000.07D\srtspx64.sys [2011.04.01 18:52:52 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360x64 [2011.04.01 18:52:52 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360x64\0500000.07D [2011.04.01 18:52:50 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360 [2011.04.01 18:52:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton 360 [2011.04.01 18:52:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller [2011.03.29 21:53:27 | 000,034,152 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys [2011.03.29 21:50:03 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\SUPERAntiSpyware.com [2011.03.29 21:50:03 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com [2011.03.29 21:50:00 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE [2011.03.29 21:49:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware [2011.03.29 21:49:57 | 000,000,000 | ---D | C] -- C:\Programme\SUPERAntiSpyware [2011.03.29 18:54:57 | 000,000,000 | ---D | C] -- C:\Windows\temp [2011.03.29 18:34:15 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN [2011.03.29 17:52:26 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe [2011.03.27 11:46:53 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2011.03.27 11:46:53 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2011.03.27 11:46:53 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2011.03.27 11:46:43 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2011.03.27 11:45:10 | 000,000,000 | ---D | C] -- C:\Qoobox [2011.03.27 11:41:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2011.03.27 11:41:23 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner [2011.03.26 19:08:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Holzfäller Simulator 2011 [2011.03.26 19:08:24 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_7.dll [2011.03.26 19:08:24 | 000,518,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_7.dll [2011.03.26 19:08:24 | 000,077,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_5.dll [2011.03.26 19:08:24 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_5.dll [2011.03.26 19:08:23 | 002,401,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_43.dll [2011.03.26 19:08:23 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_43.dll [2011.03.26 19:06:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Woodcutter Simulator 2011 [2011.03.26 18:29:00 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Rondomedia [2011.03.26 18:28:20 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rondomedia [2011.03.26 18:27:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Rondomedia [2011.03.26 10:38:43 | 000,000,000 | ---D | C] -- C:\_OTL [2011.03.23 20:02:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro [2011.03.23 20:02:46 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis [2011.03.23 07:11:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2011.03.23 06:54:26 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe [2011.03.23 06:54:26 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe [2011.03.23 06:54:26 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe [2011.03.22 22:53:18 | 000,521,448 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\deployJava1.dll [2011.03.22 22:53:18 | 000,189,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaws.exe [2011.03.22 22:53:18 | 000,171,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaw.exe [2011.03.22 22:53:18 | 000,171,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\java.exe [2011.03.22 22:52:59 | 000,000,000 | ---D | C] -- C:\Programme\Java [2011.03.21 09:02:47 | 001,797,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9.dll [2011.03.21 09:02:47 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2011.03.21 09:02:47 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2011.03.21 09:02:47 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll [2011.03.21 09:02:47 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msls31.dll [2011.03.21 09:02:47 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll [2011.03.21 09:02:47 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2011.03.21 09:02:47 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll [2011.03.21 09:02:47 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2011.03.21 09:02:47 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe [2011.03.21 09:02:47 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe [2011.03.21 09:02:47 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll [2011.03.21 09:02:47 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2011.03.21 09:02:46 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat [2011.03.21 09:02:46 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2011.03.21 09:02:46 | 000,580,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll [2011.03.21 09:02:46 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll [2011.03.21 09:02:46 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec [2011.03.21 09:02:46 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxtmsft.dll [2011.03.21 09:02:46 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2011.03.21 09:02:46 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxtrans.dll [2011.03.21 09:02:46 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe [2011.03.21 09:02:46 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe [2011.03.21 09:02:46 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll [2011.03.21 09:02:46 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2011.03.21 09:02:46 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe [2011.03.21 09:02:46 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2011.03.21 09:02:46 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll [2011.03.21 09:02:46 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx [2011.03.21 09:02:46 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll [2011.03.21 09:02:46 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2011.03.21 09:02:46 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll [2011.03.21 09:02:45 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll [2011.03.21 09:02:45 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll [2011.03.21 09:02:45 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2011.03.21 09:02:45 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll [2011.03.21 09:02:45 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll [2011.03.21 09:02:45 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\imgutil.dll [2011.03.21 09:02:44 | 002,303,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2011.03.21 09:02:44 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll [2011.03.21 09:02:44 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll [2011.03.21 09:02:44 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll [2011.03.21 09:02:44 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2011.03.21 09:02:44 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll [2011.03.21 09:02:44 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll [2011.03.21 09:02:44 | 000,114,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll [2011.03.21 09:02:44 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe [2011.03.21 09:02:44 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll [2011.03.21 09:02:44 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe [2011.03.21 09:02:43 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat [2011.03.21 09:02:43 | 000,818,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2011.03.21 09:02:43 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll [2011.03.21 09:02:43 | 000,452,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll [2011.03.21 09:02:43 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec [2011.03.21 09:02:43 | 000,282,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll [2011.03.21 09:02:43 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2011.03.21 09:02:43 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll [2011.03.21 09:02:43 | 000,145,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll [2011.03.21 09:02:43 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll [2011.03.21 09:02:43 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2011.03.21 09:02:43 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe [2011.03.21 09:02:43 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2011.03.21 09:02:43 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll [2011.03.21 09:02:43 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx [2011.03.21 09:02:43 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll [2011.03.21 09:02:43 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll [2011.03.21 09:02:43 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe [2011.03.21 09:02:42 | 001,492,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2011.03.21 09:02:42 | 000,697,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2011.03.21 09:02:42 | 000,603,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2011.03.21 09:02:42 | 000,236,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2011.03.21 09:02:42 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe [2011.03.21 09:02:42 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe [2011.03.21 09:02:42 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll [2011.03.21 09:02:42 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2011.03.21 09:02:42 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2011.03.21 09:02:42 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2011.03.21 09:02:42 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll [2011.03.20 20:02:49 | 000,000,000 | ---D | C] -- C:\Users\xxx\Dropbox\Privat\Dokumente\Deutsche Post AG [2011.03.20 19:51:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Deutsche Post AG [2011.03.20 19:51:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Deutsche Post AG [2011.03.09 20:20:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2011.03.09 20:20:10 | 000,000,000 | ---D | C] -- C:\Programme\iTunes [2011.03.09 20:20:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2011.03.09 20:20:10 | 000,000,000 | ---D | C] -- C:\Programme\iPod [2011.03.09 15:33:21 | 001,076,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DWrite.dll [2011.03.09 15:33:21 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll [2011.03.09 15:33:20 | 001,544,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll [2011.03.09 15:33:20 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d2d1.dll [2011.03.09 15:33:19 | 001,118,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sbe.dll [2011.03.09 15:33:19 | 000,961,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll [2011.03.09 15:33:19 | 000,850,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sbe.dll [2011.03.09 15:33:19 | 000,723,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll [2011.03.09 15:33:19 | 000,642,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll [2011.03.09 15:33:19 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll [2011.03.09 15:33:19 | 000,259,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax [2011.03.09 15:33:19 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax [2011.03.08 18:44:41 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI [2011.03.08 18:34:38 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\ATI Technologies [2011.03.08 18:34:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies [2011.03.08 18:34:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ATI Stream SDK v2 [2011.03.08 18:34:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Stream [2011.03.08 18:34:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI [2011.03.08 18:34:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center [2011.03.07 12:48:51 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\ATI [2011.03.07 12:48:51 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\ATI [2011.03.07 12:44:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies [2011.03.07 12:43:46 | 000,000,000 | ---D | C] -- C:\Programme\ATI Technologies [2011.03.07 12:43:45 | 000,000,000 | ---D | C] -- C:\Programme\ATI [2011.03.07 12:42:32 | 000,000,000 | ---D | C] -- C:\ATI [2011.03.07 12:32:36 | 000,000,000 | ---D | C] -- C:\Users\xxx\Dropbox\Privat\Dokumente\My Games [2011.03.07 12:21:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Landwirtschafts Simulator 2011 [2011.03.07 12:19:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Landwirtschafts Simulator 2011 ========== Files - Modified Within 30 Days ========== [2011.04.01 21:55:28 | 000,013,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.04.01 21:55:28 | 000,013,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.04.01 21:45:17 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.04.01 21:45:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.04.01 21:44:40 | 484,900,863 | -HS- | M] () -- C:\hiberfil.sys [2011.04.01 21:43:53 | 000,004,096 | -HS- | M] () -- C:\VSNAP.IDX [2011.04.01 21:43:27 | 000,000,749 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\SMRBackup162.dat [2011.04.01 21:36:23 | 000,090,232 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SMR162.SYS [2011.04.01 21:23:12 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.04.01 18:53:35 | 001,521,178 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\0500000.07D\Cat.DB [2011.04.01 18:53:24 | 000,174,640 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS [2011.04.01 18:53:24 | 000,007,440 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT [2011.04.01 18:53:24 | 000,000,854 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF [2011.04.01 18:53:20 | 000,002,479 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk [2011.03.29 21:49:59 | 000,001,814 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2011.03.29 21:35:31 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.03.29 21:35:31 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.03.29 21:35:31 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.03.29 21:35:31 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.03.29 21:35:31 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.03.29 18:33:25 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2011.03.29 17:52:15 | 004,305,591 | R--- | M] () -- C:\Users\xxx\Desktop\CoFi.exe [2011.03.27 11:41:25 | 000,000,828 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2011.03.26 19:08:37 | 000,002,090 | ---- | M] () -- C:\Users\xxx\Desktop\Holzfäller Simulator 2011.lnk [2011.03.26 18:28:29 | 000,002,129 | ---- | M] () -- C:\Users\xxx\Desktop\Weinanbau-Simulator.lnk [2011.03.23 20:02:46 | 000,002,999 | ---- | M] () -- C:\Users\xxx\Desktop\HiJackThis.lnk [2011.03.23 06:54:10 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll [2011.03.23 06:54:10 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe [2011.03.23 06:54:10 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe [2011.03.23 06:54:10 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe [2011.03.22 22:53:01 | 000,189,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaws.exe [2011.03.22 22:53:01 | 000,171,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaw.exe [2011.03.22 22:53:01 | 000,171,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\java.exe [2011.03.22 22:53:00 | 000,521,448 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\deployJava1.dll [2011.03.21 09:02:47 | 001,797,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9.dll [2011.03.21 09:02:47 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2011.03.21 09:02:47 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2011.03.21 09:02:47 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll [2011.03.21 09:02:47 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msls31.dll [2011.03.21 09:02:47 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll [2011.03.21 09:02:47 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2011.03.21 09:02:47 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll [2011.03.21 09:02:47 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2011.03.21 09:02:47 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe [2011.03.21 09:02:47 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe [2011.03.21 09:02:47 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll [2011.03.21 09:02:47 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2011.03.21 09:02:46 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat [2011.03.21 09:02:46 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2011.03.21 09:02:46 | 000,580,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll [2011.03.21 09:02:46 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll [2011.03.21 09:02:46 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec [2011.03.21 09:02:46 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\dxtmsft.dll [2011.03.21 09:02:46 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2011.03.21 09:02:46 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\dxtrans.dll [2011.03.21 09:02:46 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe [2011.03.21 09:02:46 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe [2011.03.21 09:02:46 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll [2011.03.21 09:02:46 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2011.03.21 09:02:46 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe [2011.03.21 09:02:46 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf [2011.03.21 09:02:46 | 000,072,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2011.03.21 09:02:46 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll [2011.03.21 09:02:46 | 000,063,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx [2011.03.21 09:02:46 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll [2011.03.21 09:02:46 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2011.03.21 09:02:46 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll [2011.03.21 09:02:45 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll [2011.03.21 09:02:45 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll [2011.03.21 09:02:45 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2011.03.21 09:02:45 | 000,123,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll [2011.03.21 09:02:45 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll [2011.03.21 09:02:45 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\imgutil.dll [2011.03.21 09:02:44 | 002,303,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2011.03.21 09:02:44 | 000,267,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll [2011.03.21 09:02:44 | 000,222,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll [2011.03.21 09:02:44 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll [2011.03.21 09:02:44 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2011.03.21 09:02:44 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll [2011.03.21 09:02:44 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll [2011.03.21 09:02:44 | 000,114,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll [2011.03.21 09:02:44 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe [2011.03.21 09:02:44 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll [2011.03.21 09:02:44 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe [2011.03.21 09:02:43 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat [2011.03.21 09:02:43 | 000,818,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2011.03.21 09:02:43 | 000,534,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll [2011.03.21 09:02:43 | 000,452,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll [2011.03.21 09:02:43 | 000,448,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec [2011.03.21 09:02:43 | 000,282,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll [2011.03.21 09:02:43 | 000,248,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2011.03.21 09:02:43 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll [2011.03.21 09:02:43 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll [2011.03.21 09:02:43 | 000,135,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll [2011.03.21 09:02:43 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2011.03.21 09:02:43 | 000,091,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe [2011.03.21 09:02:43 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2011.03.21 09:02:43 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll [2011.03.21 09:02:43 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx [2011.03.21 09:02:43 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll [2011.03.21 09:02:43 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll [2011.03.21 09:02:43 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe [2011.03.21 09:02:42 | 001,492,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2011.03.21 09:02:42 | 000,697,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2011.03.21 09:02:42 | 000,603,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2011.03.21 09:02:42 | 000,236,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2011.03.21 09:02:42 | 000,165,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe [2011.03.21 09:02:42 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe [2011.03.21 09:02:42 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll [2011.03.21 09:02:42 | 000,096,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2011.03.21 09:02:42 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2011.03.21 09:02:42 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf [2011.03.21 09:02:42 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2011.03.21 09:02:42 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll [2011.03.16 17:23:57 | 000,002,491 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk [2011.03.09 20:20:52 | 000,001,789 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2011.03.08 19:06:27 | 000,001,293 | ---- | M] () -- C:\Users\xxx\Desktop\Landwirtschafts Simulator 2011 .lnk [2011.03.03 13:49:19 | 000,001,024 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2011.03.03 13:49:18 | 000,001,044 | ---- | M] () -- C:\Users\xxx\Desktop\Dropbox.lnk [2011.03.03 10:52:08 | 000,430,232 | ---- | M] () -- C:\Users\xxx\Desktop\Holzfaeller Simulator 2011 Tastenbelegung.jpg ========== Files Created - No Company Name ========== [2011.04.01 21:43:27 | 000,000,749 | ---- | C] () -- C:\Users\xxx\AppData\Roaming\SMRBackup162.dat [2011.04.01 18:53:28 | 001,521,178 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0500000.07D\Cat.DB [2011.04.01 18:53:24 | 000,007,440 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT [2011.04.01 18:53:24 | 000,000,854 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF [2011.04.01 18:53:20 | 000,002,479 | ---- | C] () -- C:\Users\Public\Desktop\Norton 360.lnk [2011.04.01 18:53:00 | 000,003,374 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0500000.07D\SymEFA.inf [2011.04.01 18:53:00 | 000,002,792 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0500000.07D\SymDS.inf [2011.04.01 18:53:00 | 000,001,446 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0500000.07D\SymNet.inf [2011.04.01 18:53:00 | 000,001,438 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0500000.07D\srtsp64.inf [2011.04.01 18:53:00 | 000,001,422 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0500000.07D\srtspx64.inf [2011.04.01 18:53:00 | 000,000,772 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0500000.07D\Iron.inf [2011.04.01 18:52:52 | 000,007,492 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0500000.07D\iron.cat [2011.04.01 18:52:52 | 000,007,462 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0500000.07D\srtspx64.cat [2011.04.01 18:52:52 | 000,007,460 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0500000.07D\SymEFA64.cat [2011.04.01 18:52:52 | 000,007,458 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0500000.07D\symnet64.cat [2011.04.01 18:52:52 | 000,007,458 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0500000.07D\srtsp64.cat [2011.04.01 18:52:52 | 000,007,454 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0500000.07D\SymDS64.cat [2011.04.01 18:52:52 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0500000.07D\isolate.ini [2011.03.29 21:49:59 | 000,001,814 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2011.03.27 17:07:42 | 000,430,232 | ---- | C] () -- C:\Users\xxx\Desktop\Holzfaeller Simulator 2011 Tastenbelegung.jpg [2011.03.27 11:46:53 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe [2011.03.27 11:46:53 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2011.03.27 11:46:53 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe [2011.03.27 11:46:53 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2011.03.27 11:46:53 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2011.03.27 11:41:25 | 000,000,828 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2011.03.27 11:39:12 | 004,305,591 | R--- | C] () -- C:\Users\xxx\Desktop\CoFi.exe [2011.03.26 19:08:37 | 000,002,090 | ---- | C] () -- C:\Users\xxx\Desktop\Holzfäller Simulator 2011.lnk [2011.03.26 18:28:27 | 000,002,129 | ---- | C] () -- C:\Users\xxx\Desktop\Weinanbau-Simulator.lnk [2011.03.23 20:02:46 | 000,002,999 | ---- | C] () -- C:\Users\xxx\Desktop\HiJackThis.lnk [2011.03.21 09:02:46 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf [2011.03.21 09:02:42 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf [2011.03.16 17:23:57 | 000,002,491 | ---- | C] () -- C:\Users\Public\Desktop\Safari.lnk [2011.03.09 20:20:52 | 000,001,789 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2011.03.07 12:21:15 | 000,001,293 | ---- | C] () -- C:\Users\xxx\Desktop\Landwirtschafts Simulator 2011 .lnk [2011.02.20 15:55:04 | 000,455,680 | ---- | C] () -- C:\Windows\SetACL.exe [2011.02.13 19:01:41 | 000,011,397 | ---- | C] () -- C:\Users\xxx\AppData\Roaming\SmarThruOptions.xml [2011.02.13 19:01:17 | 000,172,032 | ---- | C] () -- C:\Windows\SysWow64\SecSNMP.dll [2011.02.13 19:00:58 | 000,000,136 | ---- | C] () -- C:\Windows\Readiris.ini [2011.02.13 19:00:55 | 000,023,040 | ---- | C] () -- C:\Windows\SysWow64\irisco32.dll [2011.01.29 19:20:08 | 000,000,562 | ---- | C] () -- C:\Windows\wiso.ini [2011.01.24 18:26:30 | 000,000,010 | ---- | C] () -- C:\Windows\WININIT.INI [2011.01.23 18:12:28 | 004,223,268 | ---- | C] () -- C:\ProgramData\SamPCFax000008940000 [2011.01.08 10:08:56 | 000,000,600 | ---- | C] () -- C:\Users\xxx\AppData\Local\PUTTY.RND [2010.12.27 17:48:09 | 000,001,456 | ---- | C] () -- C:\Users\xxx\AppData\Local\Adobe Für Web speichern 12.0 Prefs [2010.12.22 15:21:23 | 001,456,640 | ---- | C] () -- C:\Program Files (x86)\Common Files\Falk Navi-Manager.msi [2010.12.22 13:10:17 | 000,482,408 | ---- | C] () -- C:\Windows\ssndii.exe [2010.12.22 13:08:41 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\SvcMan.exe [2010.12.22 13:00:26 | 000,113,768 | R--- | C] () -- C:\Windows\Wiainst.exe [2010.12.21 10:32:42 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe [2010.12.21 04:27:20 | 000,003,113 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2010.12.20 15:18:11 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2010.03.03 19:48:14 | 000,215,144 | R--- | C] () -- C:\Windows\pw32a.dll [2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat ========== LOP Check ========== [2010.12.29 21:39:17 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\AceBIT [2011.02.17 21:29:13 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Agile Web Solutions [2010.12.21 16:48:07 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Buhl Data Service [2010.12.21 16:48:03 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Buhl Data Service GmbH [2011.04.01 21:49:38 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Dropbox [2011.02.20 17:28:51 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\FileZilla [2011.01.19 22:17:16 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\ISAKS [2011.01.19 23:04:33 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Nuance [2011.03.26 18:29:00 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Rondomedia [2011.02.13 19:01:44 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\SmarThru4 [2010.12.22 16:48:18 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2010.12.29 21:32:20 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Steganos [2011.02.03 21:31:10 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\TrueCrypt [2011.02.25 23:41:05 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1 [2009.07.14 07:08:49 | 000,018,522 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:7FFED16F < End of report > Code:
ATTFilter OTL Extras logfile created on: 01.04.2011 22:08:54 - Run 3
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\xxx\Downloads
64bit- An unknown product Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
6,00 Gb Total Physical Memory | 4,00 Gb Available Physical Memory | 69,00% Memory free
12,00 Gb Paging File | 10,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232,83 Gb Total Space | 140,04 Gb Free Space | 60,15% Space Free | Partition Type: NTFS
Drive D: | 232,83 Gb Total Space | 111,10 Gb Free Space | 47,72% Space Free | Partition Type: NTFS
Computer Name: xxx-PC | User Name: xxx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- Reg Error: Key error. File not found
.cmd [@ = cmdfile] -- Reg Error: Key error. File not found
.com [@ = ComFile] -- Reg Error: Key error. File not found
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 8\firefox.exe (Mozilla Corporation)
.vbs [@ = VBSFile] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{22441735-5983-AD2A-5CC5-FA2CCD7EF732}" = ATI Stream SDK v2 Developer
"{26A24AE4-039D-4CA4-87B4-2F86416024FF}" = Java(TM) 6 Update 24 (64-bit)
"{2BF35D84-6377-4F70-9F39-97CF67E67FFF}" = Microsoft IntelliPoint 8.0
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4A5A427F-BA39-4BF0-7777-9A47FBE60C9F}" = Visual C++ 9.0 Runtime for Dragon NaturallySpeaking 64bit (x64)
"{5E2BDF97-E0C7-75AE-29E1-5EA9DA262F2F}" = WMV9/VC-1 Video Playback
"{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile-Gerätecenter
"{6A9B5F9E-CAF3-2264-9DA0-E374F9A34279}" = AMD Drag and Drop Transcoding
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{8F473675-D702-45F9-8EBC-342B40C17BF5}" = Apple Mobile Device Support
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{92DBCA36-9B41-4DD1-941A-AED149DD37F0}" = Windows Mobile-Gerätecenter: Treiberupdate
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9545E9DB-6F4C-4404-BF25-E221BE8B44C5}" = iTunes
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{AE57C044-8912-A181-A0E4-BC2DAB3A092A}" = ATI Catalyst Install Manager
"{B2C5B378-546F-75A7-7757-C1EAAFAF9E33}" = ccc-utility64
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CFFF260C-F510-45BB-8F8E-1D4AC1232786}" = Adobe Photoshop Lightroom 3.3 64-bit
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}" = Bonjour
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Canon SELPHY CP760" = Canon SELPHY CP760
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"WinRAR archiver" = WinRAR
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02F0B8AE-7501-4333-AFBE-6BAABFEC7637}" = WISO Steuer-Sparbuch 2011
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
"{11FCA050-2066-4351-A336-748D838C049C}" = Adobe Creative Suite 5 Web Premium
"{14D08502-FEE4-40E5-90D3-8A967A1D8BA2}" = Readiris Pro 10
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 24
"{26A87AFB-B337-42C2-BEDF-D4A51F1A5F10}" = Falk Navi-Manager
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{316B3C3F-6B5A-DBC3-1398-FBE614ECCAA7}" = TweetDeck
"{3222B0CE-59C5-4CA0-B545-2B88F200756B}" = Falk Navi-Manager
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{557090F6-9174-B562-71CF-70FD6C7F9895}" = Application Profiles
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5FD89EA1-99C2-40EE-BBF5-20F8991ED756}" = Catalyst Control Center - Branding
"{61AF34EF-B0A4-4664-975B-81904824EB1C}" = WISO Mein Geld 2011 Professional
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{65883ddf-2152-4cb7-8e13-b99194b13498}" = Nero BackItUp
"{664D6E1D-2A6C-D54D-31A5-B6BC30CEB0C6}" = CCC Help English
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75c53f52-398b-4d66-b28a-f9ef170b3b34}" = Nero BackItUp
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B9F5775-8C8C-2A4E-0CAB-74EA7AF5CB09}" = ccc-core-static
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90F1943D-EA4A-4460-B59F-30023F3BA69A}" = SmarThru 4
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA945C94-285E-DE48-A30F-70105C6580DE}" = Catalyst Control Center Graphics Previews Common
"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1 - Deutsch
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B0255743-165B-4BD5-8DA8-37DFB9930015}" = Norton Ghost
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{C22B83AB-0161-4C80-A9E9-1446DEA72780}" = Deutsche Post E-Porto
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C73F2967-062E-48F2-A462-D335B8950183}" = Safari
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{dba84796-8503-4ff0-af57-1747dd9a166d}" = Nero Online Upgrade
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E71925D5-E55D-4B7C-B883-6726FA428950}" = Growl for Windows
"{EFFA53BC-8C04-2E21-3D90-A13B1697B0CA}" = Dragon NaturallySpeaking 11
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"1Password_is1" = 1Password 1.0.4.173
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"EOS Utility" = Canon Utilities EOS Utility
"FarmingSimulator2011DE_is1" = Landwirtschafts Simulator 2011
"JDownloader" = JDownloader
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox 4.0 (x86 de)" = Mozilla Firefox 4.0 (x86 de)
"N360" = Norton 360
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"PhotoStitch" = Canon Utilities PhotoStitch
"PSPad editor_is1" = PSPad editor
"Samsung CLX-3170 Series" = Samsung CLX-3170 Series
"SmarThru PC Fax" = SmarThru PC Fax
"ST6UNST #1" = FMS32-PRO Version 3.2.2
"TeamViewer 6" = TeamViewer 6
"TrueCrypt" = TrueCrypt
"TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1" = TweetDeck
"Veetle TV" = Veetle TV 0.9.18
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 1.1.7
"Weinanbau-Simulator" = Weinanbau-Simulator
"WISO Mein Geld 2011 Professional" = WISO Mein Geld 2011 Professional
"Woodcutter Simulator 2011" = Holzfäller Simulator 2011
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Flux" = F.lux
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 22.03.2011 16:52:15 | Computer Name = xxx-PC | Source = Microsoft-Windows-RestartManager | ID = 10007
Description = Die Anwendung oder der Dienst "isaks Previewgenerator" konnte nicht
neu gestartet werden.
Error - 22.03.2011 16:52:35 | Computer Name = xxx-PC | Source = MsiInstaller | ID = 11500
Description =
Error - 23.03.2011 14:03:10 | Computer Name = xxx-PC | Source = Application Hang | ID = 1002
Description = Programm OUTLOOK.EXE, Version 14.0.4760.1000 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 70c Startzeit: 01cbe84fae3095ed Endzeit: 70 Anwendungspfad:
C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE Berichts-ID: c846aa6f-5577-11e0-b417-0019d1e81edf
Error - 26.03.2011 13:08:30 | Computer Name = xxx-PC | Source = MsiInstaller | ID = 1013
Description =
Error - 27.03.2011 12:41:45 | Computer Name = xxx-PC | Source = Application Hang | ID = 1002
Description = Programm game.exe, Version 4.1.7.1 kann nicht mehr unter Windows ausgeführt
werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 16ec Startzeit:
01cbec9dc9d396cc Endzeit: 37 Anwendungspfad: C:\Program Files (x86)\Landwirtschafts
Simulator 2011\game.exe Berichts-ID: 0e6917bd-5891-11e0-a424-0019d1e81edf
Error - 29.03.2011 15:49:32 | Computer Name = xxx-PC | Source = Application Hang | ID = 1002
Description = Programm ccSvcHst.exe, Version 109.0.3.4 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 103c Startzeit:
01cbee47e200cac1 Endzeit: 45 Anwendungspfad: C:\Program Files (x86)\Norton 360\Engine\4.3.0.5\ccSvcHst.exe
Berichts-ID:
a5b63eef-5a3d-11e0-8cf3-0019d1e81edf
Error - 29.03.2011 15:53:16 | Computer Name = xxx-PC | Source = Norton Ghost | ID = 100
Description = Fehler EC8F1780: Die Änderungen seit der letzten Sitzung können nicht
ordnungsgemäß abgestimmt werden. Fehler EC8F1771: Die aktuellen Laufwerke auf diesem
System können nicht aufgelistet werden. Fehler E0BB0147: Operation 'Snap Volume'
ist derzeit nicht für Volume aktiviert. Fehler E0BB0147: Operation '%1' ist derzeit
nicht für %2 aktiviert. Details: Quelle: Norton Ghost
Error - 29.03.2011 15:53:17 | Computer Name = xxx-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: VProSvc.exe, Version: 15.0.0.35659,
Zeitstempel: 0x4ac570c0 Name des fehlerhaften Moduls: VProSvc.exe, Version: 15.0.0.35659,
Zeitstempel: 0x4ac570c0 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00061c1b ID des fehlerhaften
Prozesses: 0x874 Startzeit der fehlerhaften Anwendung: 0x01cbee47d9027596 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Norton Ghost\Agent\VProSvc.exe Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\Norton Ghost\Agent\VProSvc.exe Berichtskennung:
2ff4e952-5a3e-11e0-8cf3-0019d1e81edf
Error - 31.03.2011 11:00:16 | Computer Name = xxx-PC | Source = Norton Ghost | ID = 100
Description = Fehler EC8F17B7: Wiederherstellungspunkte können nicht erstellt werden
für Auftrag: Laufwerk-Backup von Eigene Dateien (D:\). Fehler EC8F03FE: Die Eigenschaften
des Auftrags können nicht gelesen werden. Fehler EC8F1F62: Externes Gerät "VERBATIM"
nicht gefunden. Fehler EBAB03F1: Das System kann den angegebenen Pfad nicht finden.
Details:
Quelle: Norton Ghost
Error - 31.03.2011 11:09:56 | Computer Name = xxx-PC | Source = Norton Ghost | ID = 100
Description = Fehler EC8F17B7: Wiederherstellungspunkte können nicht erstellt werden
für Auftrag: Laufwerk-Backup von Volume (C:\). Fehler EC8F03FE: Die Eigenschaften
des Auftrags können nicht gelesen werden. Fehler EC8F1F62: Externes Gerät "VERBATIM"
nicht gefunden. Fehler EBAB03F1: Das System kann den angegebenen Pfad nicht finden.
Details:
Quelle: Norton Ghost
[ System Events ]
Error - 01.04.2011 15:47:44 | Computer Name = xxx-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Anwendungsinformationen" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
Error - 01.04.2011 15:48:14 | Computer Name = xxx-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst LanmanServer erreicht.
Error - 01.04.2011 15:48:44 | Computer Name = xxx-PC | Source = DCOM | ID = 10005
Description =
Error - 01.04.2011 15:48:44 | Computer Name = xxx-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst BITS erreicht.
Error - 01.04.2011 15:48:44 | Computer Name = xxx-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Intelligenter Hintergrundübertragungsdienst" wurde aufgrund
folgenden Fehlers nicht gestartet: %%1053
Error - 01.04.2011 15:50:20 | Computer Name = xxx-PC | Source = VDS Basic Provider | ID = 33554433
Description =
Error - 01.04.2011 15:50:26 | Computer Name = xxx-PC | Source = VDS Basic Provider | ID = 33554433
Description =
Error - 01.04.2011 15:50:27 | Computer Name = xxx-PC | Source = VDS Basic Provider | ID = 33554433
Description =
Error - 01.04.2011 15:50:27 | Computer Name = xxx-PC | Source = VDS Basic Provider | ID = 33554433
Description =
Error - 01.04.2011 15:50:27 | Computer Name = xxx-PC | Source = VDS Basic Provider | ID = 33554433
Description =
< End of report >
 Ich habe mal einen aktuellen Screenshot des Task Managers beigefügt. Hinweis: der Zeitpunkt von OTL-Scan und Screenshot ist nicht der gleiche! |
|
02.04.2011, 13:57
| #29 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | iexplorer startet automatisch mehrere Prozesse im HintergrundZitat:
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
SRV - (KMService) -- C:\Windows\SysWOW64\srvany.exe ()
[2010.12.22 13:10:17 | 000,482,408 | ---- | C] () -- C:\Windows\ssndii.exe
[2010.12.22 13:08:41 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\SvcMan.exe
[2010.12.22 13:00:26 | 000,113,768 | R--- | C] () -- C:\Windows\Wiainst.exe
[2010.12.21 10:32:42 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:7FFED16F
:Commands
[purity]
[resethosts]
[emptytemp]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
02.04.2011, 14:12
| #30 | |
| | iexplorer startet automatisch mehrere Prozesse im HintergrundZitat:
Hier das Ergebnis des Fix: Code:
ATTFilter All processes killed
========== OTL ==========
Service KMService stopped successfully!
Service KMService deleted successfully!
C:\Windows\SysWOW64\srvany.exe moved successfully.
C:\Windows\ssndii.exe moved successfully.
C:\Windows\SysWOW64\SvcMan.exe moved successfully.
C:\Windows\Wiainst.exe moved successfully.
File C:\Windows\SysWow64\srvany.exe not found.
ADS C:\ProgramData\TEMP:7FFED16F deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56466 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Public
->Temp folder emptied: 0 bytes
User: xxx
->Temp folder emptied: 3285269 bytes
->Temporary Internet Files folder emptied: 9004118 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 202060874 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 58945 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2583104 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 4117 bytes
Total Files Cleaned = 207,00 mb
OTL by OldTimer - Version 3.2.22.3 log created on 04022011_150425
Files\Folders moved on Reboot...
C:\Users\xxx\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\xxx\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\xxx\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\SuggestedSites.dat moved successfully.
C:\Users\xxx\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X27OW3B7\iframe[1].htm moved successfully.
C:\Users\xxx\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\68S6QAZX\01[9].htm moved successfully.
C:\Users\xxx\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\68S6QAZX\blank[1].htm moved successfully.
C:\Users\xxx\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\68S6QAZX\LiveItemDetail[3].htm moved successfully.
Registry entries deleted on Reboot...
|
|
| Themen zu iexplorer startet automatisch mehrere Prozesse im Hintergrund |
| automatisch, firefox, guten, hintergrund, iexplorer, interne, internetexplorer, laufe, laufen, mehrere prozesse, mehreren, namen, nutze, problem, problemlösung, prozesse, starte, startet, startet automatisch, suche, tan, thread, tipps, woche, wochen |
Linear-Darstellung
