| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Backdoor.Tidserv auf dem Rechner - vollständig entfernt?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
12.05.2011, 18:19
| #1 |
 |  Backdoor.Tidserv auf dem Rechner - vollständig entfernt? Hallo! Ich habe folgendes Problem: Vorhin benachrichtigte mich mein Norton, ein Backdoor (Backdoor.Tidserv) wurde von Auto-Protect gefunden und ich solle meinen PC neu starten. Nachdem ich dies getan hatte, erschien bei mir im Verlauf der Eintrag, alles wurde entfernt. Da es jedoch nur 2 Dateien waren, bin ich mir nicht 100%ig sicher, das alles restlos entfernt wurde; zumal es sich um einen relativ hartnäckigen Backdoor inklusive Rootkit handelt. Ich habe von der Symantec-Seite (und auch von der Norman-Seite) die Entfernungstools ausgeführt; das Symantec-Tool sagte mir, der MBR werde verdächtig genutzt, es wurde aber keine Tidserv-Infektion gefunden. Eine Reparatur ist deshalb nicht nötig/möglich. Stutzig macht mich vor allem, dass die Datei ab 17:55 auf dem Rechner ist und um 17:57 zuletzt verwendet wurde. Zu beiden Zeiten befand ich mich bereits seit längerer Zeit nicht mehr am Rechner; ich hatte weder Browser noch sonstige Programme geöffnet. Ich habe die benser.exe also weder heruntergeladen noch ausgeführt. Dies ist die erste "wirkliche" Infektion seit langem. Ich habe erst gestern das Avira Rescue System laufen lassen, heute Vormittag die Tools Malwarebyte's Anti-Malware und Emsisoft Anti-Malware. Ich nutze weder Online-Spiele (auf dem Desktop befand sich eine nicht sichtbare casino.url) noch öffne ich wahllos unbekannte Dateien. Eigentlich bin ich ein relativ sicherheitsbewusster Nutzer und habe neben Norton noch das verhaltensbasierte ThreatFire sowie eine Router-Firewall laufen. Hat jemand 1. eine Ahnung, woher der Backdoor kommt und 2. eine Ahnung, ob sich noch Reste auf dem Rechner befinden? Hat Norton alle Dateien, die zu diesem Backdoor gehören, gelöscht? Hier das Norton-Protokoll zur Entfernung: Code:
ATTFilter Vollständiger Pfad: c:\users\[benutzer]\downloads\benser.exe
____________________________
____________________________
Auf Computern ab:
12.05.2011 um 17:55:05
Zuletzt verwendet:
12.05.2011 um 17:57:19
Systemstartobjekt:
Ja
Gestartet:
Nein
____________________________
____________________________
Wenige Benutzer
Weniger als 50 Benutzer in der Norton Community haben diese Datei verwendet.
____________________________
Hoch
Das Risiko dieser Datei ist hoch.
____________________________
Bedrohungsdetails
Art der Bedrohung: Virus. Programme, die andere Programme, Dateien oder Computerbereiche infizieren, indem sie sich einfügen oder anhängen.
____________________________
Ursprung
Heruntergeladen von URL nicht verfügbar
Quelldatei:
benser.exe
____________________________
Dateiaktionen
Datei: c:\users\niklas hoffmann\downloads\benser.exe
entfernt
Datei: C:\Users\Niklas Hoffmann\Desktop\Casino.url
entfernt
____________________________
Verdächtige Aktionen
Dienst geändert: spooler
Beendet
____________________________
Dateiabdruck - SHA:
e808631ef84fd2745ee2a858d281f38d63e75603722174e16bdc8bfae432983d
____________________________
Dateiabdruck - MD5:
cb0faa7b6795fd9db1ad8f33ea69b946
____________________________
UserofSeven |
|
12.05.2011, 19:11
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Backdoor.Tidserv auf dem Rechner - vollständig entfernt? benser.exe ist lt. Internet-Recherche ein Bestandteil von Veritas-Backup. Derartige Software im Einsatz? Wohl nicht oder?
__________________Malwarebytes hat was gefunden?
__________________ |
|
12.05.2011, 21:21
| #3 |
| | Backdoor.Tidserv auf dem Rechner - vollständig entfernt? Nach der Datei benser.exe habe ich ebenfalls schon gesucht. Und nein, eine derartige Software habe ich nicht im Einsatz. Zumal die Datei erst seit heute Nachmittag im Download-Ordner existiert.
__________________Ich habe vergessen zu erwähnen, dass weder Malwarebyte's noch Emsisoft oder ein Vollständiger Scan in Norton noch etwas gefunden hat. Allerdings hatte ich noch keine Zeit, eine Live-CD laufen zu lassen, da es sich ja um einen Backdoor handelt, der sich gut versteckt und direkt im MBR eingetragen ist. Ich habe allerdings die Prüfsumme bei Google eingegeben und bin auf Artikel von VirusTotal und einer anderen Malware-Analyseseite gestoßen, wobei beide zweifelsfrei belegen, dass es sich um den Tidserv-Backdoor handelt. Ein Fehlalarm ist folglich auszuschließen. Im Protokoll von Norton steht zwar, es sei ein Systemstartobjekt, wurde jedoch noch nicht ausgeführt. Ob ich der Aussage Glauben schenken kann, dass der Virus noch nicht installiert wurde? UserofSeven |
|
13.05.2011, 15:50
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Backdoor.Tidserv auf dem Rechner - vollständig entfernt? CustomScan mit OTL Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
13.05.2011, 17:30
| #5 |
| | Backdoor.Tidserv auf dem Rechner - vollständig entfernt? So, der OTL-Scan ist fertig: Code:
ATTFilter OTL logfile created on: 13.05.2011 17:42:55 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\***\Downloads 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 64,00% Memory free 8,00 Gb Paging File | 6,00 Gb Available in Paging File | 79,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 81,26 Gb Total Space | 14,67 Gb Free Space | 18,06% Space Free | Partition Type: NTFS Drive D: | 151,52 Gb Total Space | 59,08 Gb Free Space | 38,99% Space Free | Partition Type: NTFS Drive F: | 4,34 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS Drive X: | 465,76 Gb Total Space | 45,33 Gb Free Space | 9,73% Space Free | Partition Type: NTFS Computer Name: *** | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.05.13 17:39:26 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\***\Downloads\OTL.exe PRC - [2011.04.17 02:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe PRC - [2011.04.01 07:09:36 | 002,860,800 | ---- | M] (Emsi Software GmbH) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe PRC - [2011.02.22 14:57:34 | 000,378,128 | ---- | M] (PC Tools) -- C:\Program Files (x86)\ThreatFire\TFTray.exe PRC - [2011.02.22 14:57:30 | 000,070,928 | ---- | M] (PC Tools) -- C:\Program Files (x86)\ThreatFire\TFService.exe PRC - [2011.01.30 17:45:14 | 000,821,144 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe PRC - [2010.11.30 02:23:56 | 001,037,672 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrv.exe PRC - [2010.11.30 02:23:56 | 000,406,888 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrvProxy.exe PRC - [2010.11.30 02:23:44 | 001,029,480 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrv.exe PRC - [2010.11.30 02:23:44 | 000,406,888 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrvProxy.exe PRC - [2010.09.13 21:43:53 | 000,115,056 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.4.155\SymcPCCULaunchSvc.exe PRC - [2009.09.24 20:47:46 | 000,834,560 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe PRC - [2009.08.25 00:49:41 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.4.155\ccSvcHst.exe PRC - [2009.08.23 14:47:34 | 000,716,800 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe PRC - [2006.11.02 20:40:12 | 000,174,656 | ---- | M] () -- C:\Windows\SysWOW64\PSIService.exe ========== Modules (SafeList) ========== MOD - [2011.05.13 17:39:26 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\***\Downloads\OTL.exe MOD - [2011.02.22 14:57:42 | 000,406,800 | ---- | M] (PC Tools) -- C:\Program Files (x86)\ThreatFire\TfWah.dll MOD - [2010.11.20 13:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2011.04.11 11:57:02 | 000,029,040 | ---- | M] (BitDefender) [Auto | Running] -- C:\Program Files\BitDefender\TrafficLight\bsserv.exe -- (bsserv) SRV:64bit: - [2011.01.12 18:32:16 | 000,036,160 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp) SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV:64bit: - [2008.05.08 08:15:06 | 000,314,880 | ---- | M] (OptionNV) [Auto | Running] -- C:\Program Files\T-Mobile\GlobeTrotter Connect\GtDetectSc.exe -- (GtDetectSc) SRV - [2011.05.04 15:49:05 | 003,274,328 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai\netsession_win_3f211bc.dll -- (Akamai) SRV - [2011.04.17 02:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe -- (NIS) SRV - [2011.04.01 07:09:36 | 002,860,800 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe -- (a2AntiMalware) SRV - [2011.03.25 23:26:28 | 000,404,080 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service) SRV - [2011.03.25 23:26:16 | 000,113,264 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe -- (VMAuthdService) SRV - [2011.03.25 22:27:40 | 000,539,248 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService) SRV - [2011.03.25 03:14:52 | 000,057,640 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE -- (HssTrayService) SRV - [2011.03.25 03:13:06 | 000,271,408 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe -- (hshld) SRV - [2011.03.06 19:18:50 | 000,607,040 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag) SRV - [2011.02.22 14:57:30 | 000,070,928 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files (x86)\ThreatFire\TFService.exe -- (ThreatFire) SRV - [2011.02.10 15:29:24 | 000,150,528 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe -- (Sony Ericsson PCCompanion) SRV - [2011.01.12 18:36:56 | 001,403,200 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc) SRV - [2011.01.12 18:32:10 | 000,030,016 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp) SRV - [2011.01.10 16:24:20 | 000,993,848 | ---- | M] (Secunia) [Disabled | Stopped] -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent) SRV - [2011.01.10 16:24:20 | 000,399,416 | ---- | M] (Secunia) [Disabled | Stopped] -- C:\Program Files (x86)\Secunia\PSI\sua.exe -- (Secunia Update Agent) SRV - [2011.01.05 20:30:36 | 000,352,304 | ---- | M] (AnchorFree Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv) SRV - [2010.11.30 02:23:56 | 001,037,672 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrv.exe -- (SpeedDiskService) SRV - [2010.11.30 02:23:44 | 001,029,480 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrv.exe -- (DiskDoctorService) SRV - [2010.10.28 12:14:30 | 000,357,456 | ---- | M] (Logitech, Inc.) [Disabled | Stopped] -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ) SRV - [2010.10.15 20:42:14 | 000,326,704 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -- (HssWd) SRV - [2010.09.13 21:43:53 | 000,115,056 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.4.155\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher) SRV - [2010.08.19 13:57:14 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\VMware\VMware Player\vmware-ufad.exe -- (ufad-ws60) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.08.25 00:49:41 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.4.155\ccSvcHst.exe -- (PCCUJobMgr) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2006.11.02 20:40:12 | 000,174,656 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PSIService.exe -- (ProtexisLicensing) ========== Driver Services (SafeList) ========== DRV:64bit: - [2011.05.11 16:44:24 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent) DRV:64bit: - [2011.05.03 16:59:45 | 000,027,176 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggsemc.sys -- (ggsemc) DRV:64bit: - [2011.05.03 16:59:45 | 000,013,352 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggflt.sys -- (ggflt) DRV:64bit: - [2011.03.31 05:04:12 | 000,043,640 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SymIMV.sys -- (SymIM) DRV:64bit: - [2011.03.31 05:00:09 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\srtsp64.sys -- (SRTSP) DRV:64bit: - [2011.03.31 05:00:09 | 000,040,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL) DRV:64bit: - [2011.03.25 23:27:36 | 000,068,720 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86) DRV:64bit: - [2011.03.25 23:27:34 | 000,081,008 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci) DRV:64bit: - [2011.03.25 23:25:46 | 000,031,856 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMkbd.sys -- (vmkbd) DRV:64bit: - [2011.03.25 23:25:34 | 000,030,320 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif) DRV:64bit: - [2011.03.25 22:27:36 | 000,038,512 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon) DRV:64bit: - [2011.03.25 20:05:00 | 000,037,680 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmusb.sys -- (vmusb) DRV:64bit: - [2011.03.25 20:04:58 | 000,045,104 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge) DRV:64bit: - [2011.03.22 02:39:49 | 000,382,584 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\symnets.sys -- (SymNetS) DRV:64bit: - [2011.03.15 04:31:23 | 000,912,504 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\symefa64.sys -- (SymEFA) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.03.06 21:22:02 | 000,273,456 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2011.02.22 14:57:58 | 000,074,824 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TfSysMon.sys -- (TfSysMon) DRV:64bit: - [2011.02.22 14:57:56 | 000,041,888 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\TfNetMon.sys -- (TfNetMon) DRV:64bit: - [2011.02.22 14:57:54 | 000,065,072 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TfFsMon.sys -- (TfFsMon) DRV:64bit: - [2011.02.11 19:16:38 | 010,628,640 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2011.01.27 08:47:10 | 000,450,680 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\symds64.sys -- (SymDS) DRV:64bit: - [2011.01.27 07:07:06 | 000,171,128 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\ironx64.sys -- (SymIRON) DRV:64bit: - [2011.01.15 18:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone) DRV:64bit: - [2010.12.17 00:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO) DRV:64bit: - [2010.11.30 02:24:02 | 000,191,232 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SymDSMon.sys -- (SymDSMon) DRV:64bit: - [2010.11.30 02:24:02 | 000,163,384 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SymSpeedDisk.sys -- (SYMSpeedDisk) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.20 13:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2010.11.20 12:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser) DRV:64bit: - [2010.09.22 21:19:02 | 000,056,832 | ---- | M] (AnchorFree Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HssDrv.sys -- (HssDrv) DRV:64bit: - [2010.09.22 21:19:02 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss) DRV:64bit: - [2010.09.01 10:30:58 | 000,017,976 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\psi_mf.sys -- (PSI) DRV:64bit: - [2010.08.24 19:29:54 | 000,041,040 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt) DRV:64bit: - [2010.08.24 19:29:10 | 000,063,568 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt) DRV:64bit: - [2010.06.10 04:45:38 | 001,605,632 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2009.09.28 10:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7) DRV:64bit: - [2009.08.13 08:38:24 | 000,029,184 | ---- | M] (CSR, plc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthAvrcp.sys -- (BthAvrcp) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 02:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam) DRV:64bit: - [2009.07.03 10:40:18 | 010,916,352 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snpstd3.sys -- (SNPSTD3) USB PC Camera (SNPSTD3) DRV:64bit: - [2009.06.10 22:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.06.04 19:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2009.05.28 16:38:04 | 000,013,824 | ---- | M] (SAMSUNG ELECTRONICS) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SABI.sys -- (SABI) DRV:64bit: - [2009.05.18 10:47:08 | 000,034,152 | R--- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2008.02.18 16:14:48 | 000,124,928 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Gt51Ip.sys -- (GT72NDISIPXP) DRV:64bit: - [2008.02.08 12:00:42 | 000,080,896 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\gt72ubus.sys -- (GT72UBUS) DRV:64bit: - [2007.03.30 12:38:16 | 000,010,624 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\gtptser.sys -- (GTPTSER) DRV - [2011.05.10 06:57:14 | 000,481,912 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl) DRV - [2011.05.10 06:57:14 | 000,136,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2011.04.15 22:29:04 | 001,127,032 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20110430.001\BHDrvx64.sys -- (BHDrvx64) DRV - [2011.03.31 06:43:38 | 001,828,984 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20110513.002\EX64.SYS -- (NAVEX15) DRV - [2011.03.31 06:43:37 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20110513.002\ENG64.SYS -- (NAVENG) DRV - [2011.03.14 20:58:28 | 000,476,792 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20110512.001\IDSviA64.sys -- (IDSVia64) DRV - [2011.03.06 19:25:45 | 000,085,800 | ---- | M] (Emsi Software GmbH) [File_System | On_Demand | Stopped] -- C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys -- (a2acc) DRV - [2011.02.25 15:39:50 | 000,102,992 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Programme\BitDefender\TrafficLight\bdfwfpf.sys -- (bdfwfpf_bs) DRV - [2010.11.30 02:24:00 | 000,108,800 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\SymSpeedDisk.sys -- (SYMSpeedDisk) DRV - [2010.08.19 13:56:38 | 000,032,816 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\VMware\VMware Player\vstor2-ws60.sys -- (vstor2-ws60) DRV - [2010.02.24 14:41:50 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv) DRV - [2009.07.03 10:15:12 | 010,526,464 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\snpstd3.sys -- (SNPSTD3) USB PC Camera (SNPSTD3) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = EF FA E8 F8 F9 EA CB 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 192.168.2.9:8080 ========== FireFox ========== FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0 FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:5.5 FF - prefs.js..extensions.enabledItems: vtzilla@virustotal.com:1.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3 FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100908 FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.2 FF - prefs.js..extensions.enabledItems: web2pdfextension@web2pdf.adobedotcom:1.0 FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.77 FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\IPSFFPlgn\ [2011.05.11 17:31:17 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\coFFPlgn\ [2011.05.10 06:56:12 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011.03.06 19:02:27 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.04.28 23:39:47 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.04.22 14:52:32 | 000,000,000 | ---D | M] [2011.03.06 14:29:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2011.05.09 14:44:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\cjopaspx.default\extensions [2011.05.09 14:44:17 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\cjopaspx.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2011.04.29 18:59:16 | 000,000,000 | ---D | M] (BitDefender QuickScan) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\cjopaspx.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2011.03.06 17:57:23 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\cjopaspx.default\extensions\de-DE@dictionaries.addons.mozilla.org [2011.03.06 16:14:49 | 000,000,000 | ---D | M] (VTzilla) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\cjopaspx.default\extensions\vtzilla@virustotal.com [2011.03.06 14:29:59 | 000,002,449 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\cjopaspx.default\searchplugins\safesearch.xml [2011.04.15 16:20:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2011.03.06 16:56:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011.04.15 16:20:21 | 000,000,000 | ---D | M] (afurladvisor) -- C:\Program Files (x86)\mozilla firefox\extensions\afurladvisor@anchorfree.com File not found (No name found) -- [2011.05.10 06:56:12 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\COFFPLGN [2011.05.11 17:31:17 | 000,000,000 | ---D | M] (Symantec IPS) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\IPSFFPLGN () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CJOPASPX.DEFAULT\EXTENSIONS\{A0D7CCB3-214D-498B-B4AA-0E8FDA9A7BF7}.XPI () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CJOPASPX.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI [2011.04.28 23:39:44 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.03.06 16:56:31 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011.03.27 17:38:26 | 000,002,046 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrchddr.xml [2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (G Data CloudSecurity) - {AADAC261-4EE9-473A-AB95-D8E153424C38} - C:\Program Files (x86)\G Data\G Data CloudSecurity\CloudSecurityIE64.dll (G Data Software AG) O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll (AnchorFree Inc.) O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll (Symantec Corporation) O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\IPS\IPSBHO.DLL (Symantec Corporation) O2 - BHO: (G Data CloudSecurity) - {AADAC261-4EE9-473A-AB95-D8E153424C38} - C:\Program Files (x86)\G Data\G Data CloudSecurity\CloudSecurityIE.dll (G Data Software AG) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.) O3:64bit: - HKLM\..\Toolbar: (G Data CloudSecurity) - {AADAC261-4EE9-473A-AB95-D8E153424C38} - C:\Program Files (x86)\G Data\G Data CloudSecurity\CloudSecurityIE64.dll (G Data Software AG) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (G Data CloudSecurity) - {AADAC261-4EE9-473A-AB95-D8E153424C38} - C:\Program Files (x86)\G Data\G Data CloudSecurity\CloudSecurityIE.dll (G Data Software AG) O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll (Symantec Corporation) O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [ThreatFire] C:\Program Files (x86)\ThreatFire\TFTray.exe (PC Tools) O4 - HKCU..\Run: [Adobe Acrobat Synchronizer] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe (Adobe Systems Incorporated) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll (VMware, Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll (VMware, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll (VMware, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll (VMware, Inc.) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Key error. - c:\Programme\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010.09.16 18:35:50 | 000,956,848 | R--- | M] (mirabyte GmbH & Co. KG) - F:\autoexec.exe -- [ CDFS ] O32 - AutoRun File - [2011.04.07 14:42:58 | 000,000,448 | R--- | M] () - F:\autorun.inf -- [ CDFS ] O32 - AutoRun File - [2011.04.07 14:42:58 | 000,000,012 | R--- | M] () - F:\autorun.tag -- [ CDFS ] O33 - MountPoints2\{f5df3ba0-47e7-11e0-abdb-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{f5df3ba0-47e7-11e0-abdb-806e6f6e6963}\Shell\AutoRun\command - "" = F:\zdata\cobi.exe -- [2010.12.30 13:33:40 | 004,292,096 | R--- | M] () O33 - MountPoints2\{ff0d3e26-58ac-11e0-b972-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{ff0d3e26-58ac-11e0-b972-806e6f6e6963}\Shell\AutoRun\command - "" = F:\setup.exe AUTORUN=1 O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (C:\PROGRA~2\NO0530~1\Tools\SPEEDD~1\aDSBatch.exe /startup) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs:64bit: UxTuneUp - C:\Windows\SysNative\uxtuneup.dll (TuneUp Software) NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^web'n'walk Manager.lnk - C:\Programme\T-Mobile\GlobeTrotter Connect\web'n'walk Manager.exe - (T-Mobile) MsConfig:64bit - StartUpFolder: C:^Users^***^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Produktregistrierung.lnk - - File not found MsConfig:64bit - StartUpFolder: C:^Users^***^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Warner Bros.lnk - C:\PROGRA~2\WARNER~1.DIG\WARNER~1.EXE - () MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: BrMfcWnd - hkey= - key= - C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.) MsConfig:64bit - StartUpReg: ControlCenter3 - hkey= - key= - C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.) MsConfig:64bit - StartUpReg: dcmsvc - hkey= - key= - C:\Program Files (x86)\dcmsvc\dcmsvc.exe () MsConfig:64bit - StartUpReg: ICQ - hkey= - key= - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.) MsConfig:64bit - StartUpReg: IndexSearch - hkey= - key= - C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe (Nuance Communications, Inc.) MsConfig:64bit - StartUpReg: PaperPort PTD - hkey= - key= - C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe (Nuance Communications, Inc.) MsConfig:64bit - StartUpReg: PPort11reminder - hkey= - key= - C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.) MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.) MsConfig:64bit - StartUpReg: snpstd3 - hkey= - key= - C:\Windows\vsnpstd3.exe () MsConfig:64bit - StartUpReg: Sony Ericsson PC Companion - hkey= - key= - C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe (Sony Ericsson) MsConfig:64bit - StartUpReg: SSBkgdUpdate - hkey= - key= - C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.) MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) MsConfig:64bit - StartUpReg: tsnpstd3 - hkey= - key= - C:\Windows\tsnpstd3.exe () MsConfig:64bit - StartUpReg: VirtualCloneDrive - hkey= - key= - C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG) MsConfig:64bit - StartUpReg: VMware hqtray - hkey= - key= - C:\Program Files (x86)\VMware\VMware Player\hqtray.exe (VMware, Inc.) MsConfig:64bit - State: "startup" - Reg Error: Key error. MsConfig:64bit - State: "services" - Reg Error: Key error. MsConfig:64bit - State: "bootini" - Reg Error: Key error. SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: vmms - Service SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: Messenger - Service SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: vmms - Service SafeBootNet:64bit: WudfUsbccidDriver - Driver SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) Drivers32: VIDC.VMnc - C:\Windows\SysWow64\vmnc.dll (VMware, Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011.05.11 20:33:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\G Data [2011.05.11 20:31:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BitDefender TrafficLight [2011.05.11 20:31:25 | 000,000,000 | ---D | C] -- C:\Programme\BitDefender [2011.05.11 17:19:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NAVIGON [2011.05.09 14:46:12 | 000,000,000 | ---D | C] -- C:\Users\***\dwhelper [2011.05.08 18:41:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth [2011.05.07 12:40:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nokia [2011.05.07 11:18:28 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\COMPUTERBILD App-Center [2011.05.07 11:18:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\COMPUTERBILD App-Center [2011.05.06 21:32:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corel Paint Shop Pro X [2011.05.06 21:31:57 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Corel [2011.05.06 21:31:44 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Spool [2011.05.06 21:31:41 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Meine PSP-Dateien [2011.05.06 21:31:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Corel [2011.05.06 21:29:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Corel [2011.05.05 17:22:57 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\SISContents [2011.05.05 17:22:57 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\SISContents [2011.05.05 16:26:34 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\handy alt [2011.05.03 18:18:48 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\MyPhoneExplorer [2011.05.03 18:18:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyPhoneExplorer [2011.05.03 18:18:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MyPhoneExplorer [2011.05.03 17:00:11 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sony Ericsson [2011.05.03 16:59:45 | 000,027,176 | ---- | C] (Sony Ericsson Mobile Communications) -- C:\Windows\SysNative\drivers\ggsemc.sys [2011.05.03 16:59:45 | 000,013,352 | ---- | C] (Sony Ericsson Mobile Communications) -- C:\Windows\SysNative\drivers\ggflt.sys [2011.05.01 17:08:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ICQ7.5 [2011.05.01 17:08:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ICQ7.5 [2011.05.01 16:26:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Avanquest Bluetooth SDK [2011.04.28 16:59:02 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Norton Utilities [2011.04.28 16:55:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Utilities 15 [2011.04.28 16:55:15 | 000,191,232 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SymDSMon.sys [2011.04.28 16:55:15 | 000,163,384 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SymSpeedDisk.sys [2011.04.28 16:55:15 | 000,108,800 | ---- | C] (Symantec Corporation) -- C:\Windows\SysWow64\drivers\SymSpeedDisk.sys [2011.04.28 16:55:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec [2011.04.28 16:55:13 | 001,101,824 | ---- | C] (Woodbury Associates Limited) -- C:\Windows\SysWow64\UniBox210.ocx [2011.04.28 16:55:13 | 000,880,640 | ---- | C] (Woodbury Associates Limited) -- C:\Windows\SysWow64\UniBox10.ocx [2011.04.28 16:55:13 | 000,212,992 | ---- | C] (Woodbury Associates Limited) -- C:\Windows\SysWow64\UniBoxVB12.ocx [2011.04.28 16:55:09 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\UnErase [2011.04.28 16:55:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec [2011.04.28 16:55:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Utilities 15 [2011.04.28 16:48:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton Installer [2011.04.28 16:46:58 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP [2011.04.22 14:11:33 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess [2011.04.21 13:10:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple [2011.04.21 13:10:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2011.04.21 13:10:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime [2011.04.21 13:10:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer [2011.04.19 21:22:26 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Tific [2011.04.19 21:22:01 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NortonPCCheckupx64 [2011.04.19 21:22:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton PC Checkup [2011.04.19 21:22:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton PC Checkup [2011.04.19 21:22:01 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NortonPCCheckupx64\0200040.09B [2011.04.18 20:55:47 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Sync App Settings [2011.04.18 20:55:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Sync App Settings [2011.04.18 20:55:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Allway Sync [2011.04.18 20:55:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Allway Sync [2011.04.18 20:50:26 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker [2011.04.18 20:50:25 | 000,000,000 | ---D | C] -- C:\Programme\Unlocker [2011.04.18 17:58:36 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ [2011.04.18 17:58:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VirtualDJ [2011.04.18 17:58:30 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\VirtualDJ [2011.04.17 17:21:15 | 000,000,000 | ---D | C] -- C:\Programme\Java [2011.04.17 17:20:23 | 000,000,000 | ---D | C] -- C:\Users\***\.hgt [2011.04.16 17:51:16 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Sony Ericsson [2011.04.16 17:50:40 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Downloaded Installations [2011.04.16 17:50:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony Corporation [2011.04.16 17:50:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sony [2011.04.16 17:49:29 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Apple [2011.04.16 17:49:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update [2011.04.16 17:49:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple [2011.04.16 17:48:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sony Media Go Install [2011.04.16 17:48:03 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Sony [2011.04.16 17:33:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avanquest update [2011.04.16 17:33:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Avanquest [2011.04.16 17:33:00 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Sony Ericsson [2011.04.16 17:33:00 | 000,000,000 | ---D | C] -- C:\ProgramData\BVRP Software [2011.04.16 17:30:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony Ericsson [2011.04.16 17:30:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony Ericsson [2011.04.16 17:30:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sony Ericsson [2011.04.16 17:21:49 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\My eBooks [2011.04.16 17:21:49 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Mobipocket [2011.04.16 17:21:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mobipocket.com [2011.04.16 17:21:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mobipocket.com [2011.04.16 17:16:02 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\andered [2011.04.16 17:14:44 | 000,081,008 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vmci.sys [2011.04.16 17:14:31 | 000,068,720 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vmx86.sys [2011.04.16 17:13:51 | 000,404,080 | ---- | C] (VMware, Inc.) -- C:\Windows\SysWow64\vmnat.exe [2011.04.16 17:13:47 | 000,030,320 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vmnetuserif.sys [2011.04.16 17:13:29 | 000,968,816 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\vnetlib64.dll [2011.04.16 17:12:06 | 000,031,856 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\VMkbd.sys [2011.04.16 17:12:03 | 000,038,512 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\hcmon.sys [2011.04.16 17:11:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VMware [2011.04.16 17:11:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\VMware [2011.04.15 16:54:19 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Garmin [2011.04.15 16:41:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin [2011.04.15 16:20:38 | 000,000,000 | ---D | C] -- C:\Hotspot Shield [2011.04.15 16:20:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotspot Shield [2011.04.15 16:20:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hotspot Shield [2011.04.15 15:16:56 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\WinRAR [2011.03.06 21:44:20 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\rsnpstd3.dll [2011.03.06 21:44:20 | 000,061,440 | ---- | C] ( ) -- C:\Windows\SysWow64\vsnpstd3.dll [2011.03.06 21:44:19 | 000,053,248 | ---- | C] ( ) -- C:\Windows\csnpstd3.dll ========== Files - Modified Within 30 Days ========== [2011.05.13 17:44:02 | 000,001,128 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.05.13 17:40:02 | 000,014,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.05.13 17:40:02 | 000,014,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.05.13 17:31:54 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.05.13 17:28:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.05.13 17:27:59 | 3190,247,424 | -HS- | M] () -- C:\hiberfil.sys [2011.05.12 20:21:52 | 000,002,944 | ---- | M] () -- C:\{951E426C-C7DE-4E9B-9B6D-EE1AC04D4D0E} [2011.05.12 19:09:57 | 000,000,280 | ---- | M] () -- C:\Windows\tasks\NUSchedule.job [2011.05.12 18:01:50 | 000,097,533 | ---- | M] () -- C:\Users\***\Desktop\sportfest_kiga_urkunde.pdf [2011.05.12 15:14:58 | 000,003,240 | ---- | M] () -- C:\{EDEF5BF2-638C-4E7A-A268-7E0420865ED6} [2011.05.12 15:03:18 | 000,002,288 | ---- | M] () -- C:\{079C4A87-704D-404A-AAA0-0C4B01C9526E} [2011.05.12 15:01:30 | 000,002,328 | ---- | M] () -- C:\{172ED615-3AAF-4677-AB39-36C78F574174} [2011.05.12 14:59:10 | 000,002,288 | ---- | M] () -- C:\{5D301076-5A2D-4F3C-A62D-75B4A15F431E} [2011.05.12 14:57:25 | 000,002,304 | ---- | M] () -- C:\{514C636A-0F10-4506-B95B-6ACBDE748D7F} [2011.05.12 14:56:20 | 000,002,176 | ---- | M] () -- C:\{02BB46FB-3816-4FFF-9663-69AC36A68489} [2011.05.12 14:54:54 | 000,002,384 | ---- | M] () -- C:\{BDF2B3B9-C039-4AA5-9A19-F84F42A3B620} [2011.05.12 14:52:46 | 000,002,208 | ---- | M] () -- C:\{C7582B8E-4019-4F2D-85B8-F039E5DCC2DE} [2011.05.12 14:27:02 | 000,002,344 | ---- | M] () -- C:\{634DB7A9-CF84-4853-866F-463944868404} [2011.05.12 14:12:25 | 000,002,384 | ---- | M] () -- C:\{7711DD56-8AD0-412D-A3AF-FD78C4192F6A} [2011.05.12 14:06:57 | 000,002,520 | ---- | M] () -- C:\{F9026E66-A9F7-4239-9BF8-CA1A939396EB} [2011.05.12 11:26:40 | 001,515,352 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.05.12 11:26:40 | 000,660,360 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.05.12 11:26:40 | 000,621,596 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.05.12 11:26:40 | 000,132,226 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.05.12 11:26:40 | 000,108,442 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.05.11 22:09:59 | 000,002,304 | ---- | M] () -- C:\{6488C6A4-FEB8-4DC2-8693-8729D1202A75} [2011.05.11 22:02:17 | 000,002,176 | ---- | M] () -- C:\{7BEB696D-0519-4104-B796-D954BB12F796} [2011.05.11 21:52:27 | 000,002,384 | ---- | M] () -- C:\{C48B1795-50D4-4872-8CED-DBCBFA982DE5} [2011.05.11 21:44:12 | 000,002,208 | ---- | M] () -- C:\{540A8309-6AA2-4CB3-B9BD-1F21F7199704} [2011.05.11 21:38:05 | 000,002,736 | ---- | M] () -- C:\{16B3E0AC-C0A2-4A63-9A51-317B078EAE0A} [2011.05.11 21:33:23 | 000,003,048 | ---- | M] () -- C:\{5813D748-394D-472C-9730-8B37E09624A8} [2011.05.11 17:30:51 | 001,338,472 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\Cat.DB [2011.05.11 17:29:38 | 000,002,498 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk [2011.05.11 17:19:02 | 000,001,342 | ---- | M] () -- C:\Users\Public\Desktop\NAVIGON Fresh.lnk [2011.05.11 16:44:24 | 000,174,200 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS [2011.05.11 16:44:24 | 000,007,488 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT [2011.05.11 16:44:24 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF [2011.05.09 19:41:52 | 000,352,032 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2011.05.09 14:46:42 | 007,052,143 | ---- | M] () -- C:\Users\***\Desktop\Vodafone Werbung - Willkommen im besten Netz von Vodafone.flv [2011.05.09 14:24:03 | 002,253,349 | ---- | M] () -- C:\Users\***\Desktop\Mobilfunkpartner weltweit.pdf [2011.05.06 21:55:34 | 000,000,952 | -HS- | M] () -- C:\Windows\SysWow64\KGyGaAvL.sys [2011.05.03 17:45:37 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ggsemc_01007.Wdf [2011.05.03 17:45:37 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ggflt_01007.Wdf [2011.05.03 16:59:45 | 000,027,176 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\Windows\SysNative\drivers\ggsemc.sys [2011.05.03 16:59:45 | 000,013,352 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\Windows\SysNative\drivers\ggflt.sys [2011.04.30 20:01:45 | 000,002,219 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Google Calendar Sync.lnk [2011.04.29 05:29:05 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\isolate.ini [2011.04.28 16:55:19 | 000,001,057 | ---- | M] () -- C:\Users\Public\Desktop\Norton Utilities 15.lnk [2011.04.19 21:41:23 | 000,003,448 | ---- | M] () -- C:\{4F374361-4858-458E-8B0A-12E7CCECAB09} [2011.04.19 21:37:43 | 000,003,208 | ---- | M] () -- C:\{92E9180A-A344-4186-9D56-9AD1EF75751E} [2011.04.18 20:40:29 | 000,013,358 | -HS- | M] () -- C:\Users\***\Desktop\Folder.jpg [2011.04.18 20:40:29 | 000,005,013 | -HS- | M] () -- C:\Users\***\Desktop\AlbumArtSmall.jpg [2011.04.18 17:58:39 | 000,000,983 | ---- | M] () -- C:\Users\***\Desktop\VirtualDJ Home FREE.lnk [2011.04.16 18:22:20 | 000,000,501 | ---- | M] () -- C:\Users\***\Desktop\Windows 7 (C).lnk [2011.04.16 17:33:04 | 001,535,066 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.04.16 17:11:59 | 000,001,024 | ---- | M] () -- C:\.rnd ========== Files Created - No Company Name ========== [2011.05.12 20:21:50 | 000,002,944 | ---- | C] () -- C:\{951E426C-C7DE-4E9B-9B6D-EE1AC04D4D0E} [2011.05.12 18:01:50 | 000,097,533 | ---- | C] () -- C:\Users\***\Desktop\sportfest_kiga_urkunde.pdf [2011.05.12 15:14:57 | 000,003,240 | ---- | C] () -- C:\{EDEF5BF2-638C-4E7A-A268-7E0420865ED6} [2011.05.12 15:03:18 | 000,002,288 | ---- | C] () -- C:\{079C4A87-704D-404A-AAA0-0C4B01C9526E} [2011.05.12 15:01:29 | 000,002,328 | ---- | C] () -- C:\{172ED615-3AAF-4677-AB39-36C78F574174} [2011.05.12 14:59:09 | 000,002,288 | ---- | C] () -- C:\{5D301076-5A2D-4F3C-A62D-75B4A15F431E} [2011.05.12 14:57:24 | 000,002,304 | ---- | C] () -- C:\{514C636A-0F10-4506-B95B-6ACBDE748D7F} [2011.05.12 14:56:20 | 000,002,176 | ---- | C] () -- C:\{02BB46FB-3816-4FFF-9663-69AC36A68489} [2011.05.12 14:54:52 | 000,002,384 | ---- | C] () -- C:\{BDF2B3B9-C039-4AA5-9A19-F84F42A3B620} [2011.05.12 14:52:45 | 000,002,208 | ---- | C] () -- C:\{C7582B8E-4019-4F2D-85B8-F039E5DCC2DE} [2011.05.12 14:27:02 | 000,002,344 | ---- | C] () -- C:\{634DB7A9-CF84-4853-866F-463944868404} [2011.05.12 14:12:25 | 000,002,384 | ---- | C] () -- C:\{7711DD56-8AD0-412D-A3AF-FD78C4192F6A} [2011.05.12 14:06:57 | 000,002,520 | ---- | C] () -- C:\{F9026E66-A9F7-4239-9BF8-CA1A939396EB} [2011.05.11 22:09:56 | 000,002,304 | ---- | C] () -- C:\{6488C6A4-FEB8-4DC2-8693-8729D1202A75} [2011.05.11 22:02:15 | 000,002,176 | ---- | C] () -- C:\{7BEB696D-0519-4104-B796-D954BB12F796} [2011.05.11 21:52:24 | 000,002,384 | ---- | C] () -- C:\{C48B1795-50D4-4872-8CED-DBCBFA982DE5} [2011.05.11 21:44:02 | 000,002,208 | ---- | C] () -- C:\{540A8309-6AA2-4CB3-B9BD-1F21F7199704} [2011.05.11 21:38:04 | 000,002,736 | ---- | C] () -- C:\{16B3E0AC-C0A2-4A63-9A51-317B078EAE0A} [2011.05.11 21:33:22 | 000,003,048 | ---- | C] () -- C:\{5813D748-394D-472C-9730-8B37E09624A8} [2011.05.11 17:19:02 | 000,001,342 | ---- | C] () -- C:\Users\Public\Desktop\NAVIGON Fresh.lnk [2011.05.09 14:46:17 | 007,052,143 | ---- | C] () -- C:\Users\***\Desktop\Vodafone Werbung - Willkommen im besten Netz von Vodafone.flv [2011.05.09 14:24:03 | 002,253,349 | ---- | C] () -- C:\Users\***\Desktop\Mobilfunkpartner weltweit.pdf [2011.05.08 18:39:58 | 000,001,128 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.05.08 18:39:58 | 000,001,124 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.05.06 21:33:19 | 000,000,952 | -HS- | C] () -- C:\Windows\SysWow64\KGyGaAvL.sys [2011.05.03 17:45:37 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ggsemc_01007.Wdf [2011.05.03 17:45:37 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ggflt_01007.Wdf [2011.04.28 16:57:05 | 000,000,280 | ---- | C] () -- C:\Windows\tasks\NUSchedule.job [2011.04.28 16:55:19 | 000,001,057 | ---- | C] () -- C:\Users\Public\Desktop\Norton Utilities 15.lnk [2011.04.28 16:55:13 | 000,039,784 | ---- | C] () -- C:\Windows\SysNative\CleanMFT64.exe [2011.04.19 21:41:19 | 000,003,448 | ---- | C] () -- C:\{4F374361-4858-458E-8B0A-12E7CCECAB09} [2011.04.19 21:37:39 | 000,003,208 | ---- | C] () -- C:\{92E9180A-A344-4186-9D56-9AD1EF75751E} [2011.04.19 21:22:01 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NortonPCCheckupx64\0200040.09B\isolate.ini [2011.04.18 20:40:29 | 000,013,358 | -HS- | C] () -- C:\Users\***\Desktop\Folder.jpg [2011.04.18 20:40:29 | 000,005,013 | -HS- | C] () -- C:\Users\***\Desktop\AlbumArtSmall.jpg [2011.04.18 17:58:39 | 000,000,983 | ---- | C] () -- C:\Users\***\Desktop\VirtualDJ Home FREE.lnk [2011.04.16 17:49:26 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk [2011.04.09 14:54:17 | 000,000,416 | ---- | C] () -- C:\Windows\BRWMARK.INI [2011.04.09 14:54:17 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD7045N.DAT [2011.04.09 14:51:26 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL [2011.04.09 14:51:21 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI [2011.04.09 14:48:24 | 000,031,864 | ---- | C] () -- C:\Windows\maxlink.ini [2011.03.07 15:59:47 | 001,535,066 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.03.06 21:44:23 | 000,835,584 | ---- | C] () -- C:\Windows\vsnpstd3.exe [2011.03.06 21:44:23 | 000,339,968 | ---- | C] () -- C:\Windows\tsnpstd3.exe [2011.03.06 21:44:23 | 000,015,498 | ---- | C] () -- C:\Windows\snpstd3.ini [2010.08.25 20:34:30 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin [2010.08.25 20:34:30 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin [2010.08.25 20:34:30 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin [2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 23:59:36 | 000,139,824 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin [2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2006.11.02 20:40:12 | 000,174,656 | ---- | C] () -- C:\Windows\SysWow64\PSIService.exe ========== LOP Check ========== [2011.05.09 17:06:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ALFBanCo4 [2011.04.07 20:00:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Amazon [2011.03.07 23:01:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ashampoo [2011.03.06 18:23:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Audacity [2011.03.06 18:09:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Auslogics [2011.04.13 15:04:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\com.warnerbros.DigitalCopyManager.449F66ACC381FDC604DC2AA255FEECEEBBBEE1E5.1 [2011.05.07 21:37:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FileZilla [2011.04.15 16:54:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Garmin [2011.03.25 17:00:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Gmail Backup [2011.04.20 23:01:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gnupg [2011.05.10 08:41:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ [2011.03.06 21:42:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Leadertech [2011.04.09 15:09:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\map&guide [2011.04.16 17:26:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mobipocket [2011.05.03 18:19:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MyPhoneExplorer [2011.03.06 18:24:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Notepad++ [2011.04.16 18:46:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\QuickScan [2011.04.16 17:48:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Sony [2011.04.18 20:55:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Sync App Settings [2011.04.19 21:22:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Tific [2011.04.10 19:54:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TrustPort [2011.03.06 19:11:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TuneUp Software [2011.05.12 19:09:57 | 000,000,280 | ---- | M] () -- C:\Windows\Tasks\NUSchedule.job [2011.05.03 15:22:50 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2011.04.13 15:01:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Adobe [2011.05.09 17:06:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ALFBanCo4 [2011.04.07 20:00:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Amazon [2011.03.07 23:01:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ashampoo [2011.03.06 18:23:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Audacity [2011.03.06 18:09:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Auslogics [2011.04.13 15:04:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\com.warnerbros.DigitalCopyManager.449F66ACC381FDC604DC2AA255FEECEEBBBEE1E5.1 [2011.05.06 21:31:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Corel [2011.03.19 21:34:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\dvdcss [2011.05.07 21:37:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FileZilla [2011.04.15 16:54:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Garmin [2011.03.25 17:00:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Gmail Backup [2011.04.20 23:01:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gnupg [2011.05.10 08:41:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ [2011.03.06 14:09:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Identities [2011.03.06 21:20:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\InstallShield [2011.03.06 21:42:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Leadertech [2011.03.06 21:39:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Logishrd [2011.03.06 21:42:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Logitech [2011.03.06 14:18:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Macromedia [2011.03.06 18:33:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Malwarebytes [2011.04.09 15:09:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\map&guide [2009.07.14 20:18:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Media Center Programs [2011.05.08 21:27:45 | 000,000,000 | --SD | M] -- C:\Users\***\AppData\Roaming\Microsoft [2011.04.16 17:26:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mobipocket [2011.03.06 14:29:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mozilla [2011.05.03 18:19:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MyPhoneExplorer [2011.05.11 19:28:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Norton Utilities [2011.03.06 18:24:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Notepad++ [2011.04.16 18:46:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\QuickScan [2011.04.16 17:48:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Sony [2011.04.18 20:55:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Sync App Settings [2011.04.19 21:22:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Tific [2011.04.10 19:54:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TrustPort [2011.03.06 19:11:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TuneUp Software [2011.05.09 16:46:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\vlc [2011.05.07 12:41:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\VMware [2011.04.15 15:16:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WinRAR < %APPDATA%\*.exe /s > [2011.04.13 15:01:30 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\***\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe [2011.03.06 21:42:04 | 000,053,248 | R--- | M] (Acresso Software Inc.) -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe [2011.05.07 11:18:28 | 000,137,750 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{45FF7828-3974-44AF-9336-B1C1F6F1BF81}\_294D4040875C391AE5FF95.exe [2011.05.07 11:18:28 | 000,137,750 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{45FF7828-3974-44AF-9336-B1C1F6F1BF81}\_3D91AB041EB60560DE708F.exe [2011.05.07 11:18:28 | 000,010,134 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{45FF7828-3974-44AF-9336-B1C1F6F1BF81}\_5B017D2AC6508B1939B0A4.exe [2011.05.07 11:18:28 | 000,137,750 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{45FF7828-3974-44AF-9336-B1C1F6F1BF81}\_853F67D554F05449430E7E.exe [2011.03.21 13:36:50 | 000,106,768 | ---- | M] () -- C:\Users\***\AppData\Roaming\TrustPort\tmpABE8.tmp\carshellhlpr.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: EVENTLOG.DLL > [2009.12.20 00:00:00 | 000,037,520 | ---- | M] (perl.org) MD5=2852D57385C4709EAAE2F9DB01AD3672 -- C:\xampp\perl\site\lib\auto\Win32\EventLog\EventLog.dll < MD5 for: IASTOR.SYS > [2009.06.04 19:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys [2009.06.04 19:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Windows\SysNative\drivers\iaStor.sys [2009.06.04 19:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_7fb62b08f6b7117a\iaStor.sys [2009.06.04 19:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver\IaStor.sys < MD5 for: IASTORV.SYS > [2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll [2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll < MD5 for: NVSTOR.SYS > [2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll [2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll [2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < > ========== Alternate Data Streams ========== @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:D287FACF @Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:D3A96964 < End of report > |
|
13.05.2011, 18:32
| #6 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Backdoor.Tidserv auf dem Rechner - vollständig entfernt?Zitat:
Meine Empfehlung wäre: beides deinstallieren, reiner Virenscanner rauf - zB MS Security Essentials - plus Windows-Firewall. Schlank und effektiv.
__________________ --> Backdoor.Tidserv auf dem Rechner - vollständig entfernt? |
|
13.05.2011, 18:51
| #7 |
| | Backdoor.Tidserv auf dem Rechner - vollständig entfernt? Ja, Symantec muss sein . Bin seit vielen Jahren zufrieden und das soll auch so bleiben.Was GData Cloud-Security angeht ist dies ein reiner Browser-Schutz, um infizierte Seiten zu blockieren. Dieser hat mit dem eigentlichen Virenscanner nichts zu tun. Als Virenscanner habe ich nur Norton inklusive ThreatFire für den Verhaltensbasierten Schutz; ansonsten nur reine Scanner (ohne Wächter) und halt den Browser-Schutz. Das IPS-System hat schon so manche verseuchte Seite von einem Drive-by-Download abgehalten. Das tausche ich nie im Leben gegen Microsoft Security Essentials. Um aber auf das eigentliche Thema zurück zu kommen: Gibt es Anzeichen für eine bestehende Infektion oder wurde der Backdoor erfolgreich an der Installation gehindert? UserofSeven |
|
13.05.2011, 19:22
| #8 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Backdoor.Tidserv auf dem Rechner - vollständig entfernt?Zitat:
Eingeschränkte Rechte, ständig aktuelle Software wie Browser, Flashplayer, PDF-Reader, Java etc. können und werden niemals von so einer angeblichen Rundum-Sorglos geschichte ersetzt werden. Wie so oft haben sich Suites als dämliche Pappkameraden herauskristallisiert. Dieser Artikel ist bekannt? => Editorial | c't 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
13.05.2011, 19:37
| #9 | |
| | Backdoor.Tidserv auf dem Rechner - vollständig entfernt?Zitat:
 Mal abgesehen davon, maximal werde ich nach Ablauf der Lizenz überlegen, auf Norton AntiVirus umzustellen. Aber Symantec bleibt, eben weil ich gute Erfahrungen gemacht habe. Nicht umsonst nutze ich ein Virtuellen Computer mit VMware (wie in OTL zu sehen war). Ich habe hier schon einige kostenlose als auch kostenpflichtige Produkte getestet. Mal abgesehen davon, dass es meinen positiven Eindruck von Norton untermauert hat, ist mir aufgefallen, dass reine Virenscanner viel zu spät Drive-by-Downloads usw. blockieren. Ich habe einige infizierte Seiten provoziert, bei denen das integrierte Intrusion Prevention System viel früher angeschlagen hat, während die reinen Scanner nicht oder erst viel zu spät eingegriffen haben. Manche zum Beispiel haben den bereits installierten Virus daran gehindert, weitere Dateien nachzuladen, konnten den Virus allerdings weder an der Installation hindern, noch ihn einige Tage später (nachdem dann der Virus bekannt war) entfernen. Dass eine Suite aktuelle Systeme und Programme nicht ersetzt ist mit durchaus bekannt. Im Gegenteil, darauf achte ich eigentlich relativ stark. UserofSeven |
|
13.05.2011, 19:52
| #10 | ||
| /// Winkelfunktion /// TB-Süch-Tiger™ | Backdoor.Tidserv auf dem Rechner - vollständig entfernt?Zitat:
Und wenn; ist das ein grund sich auf die "bessere" Programm zu verlassen? Zitat:
Wollen wir nochmal deinen MBR unter die Lupe nehmen?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
13.05.2011, 19:58
| #11 | |
| | Backdoor.Tidserv auf dem Rechner - vollständig entfernt?Zitat:
Und dass manche Virenscanner DbDs zu spät blockieren liegt ganz einfach daran, dass sie den Datenstrom nicht überwachen. Bis auf einige wenige Ausnahmen (z. B. avast!) scannen sie nur auf die Platte geschriebene Dateien; je nach Einstellung auch erst beim Ausführen einer Datei. So auch das bekannte Avira. Und MSE kommt mir auch nicht auf die Platte. Es nutzt immer noch die Windows Updates für seine Virendefinitionen. Und das wird ja auch gern mal ausgeschaltet (von den Schädlingen). UserofSeven |
|
13.05.2011, 20:03
| #12 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Backdoor.Tidserv auf dem Rechner - vollständig entfernt?Zitat:
Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Das Tool so einstellen wie unten im Bild angegeben - also beide Haken setzen, auf Start scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.  Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )  Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
13.05.2011, 20:41
| #13 |
| | Backdoor.Tidserv auf dem Rechner - vollständig entfernt? Auf weitere Argumente zum richtigen Antivirenprogramm verzichte ich an dieser Stelle mal. Kaspersky hat (ebenso wie Symantec und Norman vorher) nichts gefunden. Code:
ATTFilter 2011/05/13 21:37:09.0227 2204 TDSS rootkit removing tool 2.5.1.0 May 13 2011 13:20:29
2011/05/13 21:37:11.0241 2204 ================================================================================
2011/05/13 21:37:11.0242 2204 SystemInfo:
2011/05/13 21:37:11.0242 2204
2011/05/13 21:37:11.0242 2204 OS Version: 6.1.7601 ServicePack: 1.0
2011/05/13 21:37:11.0242 2204 Product type: Workstation
2011/05/13 21:37:11.0242 2204 ComputerName: LAPTOP-NIK
2011/05/13 21:37:11.0243 2204 UserName: ***
2011/05/13 21:37:11.0243 2204 Windows directory: C:\Windows
2011/05/13 21:37:11.0243 2204 System windows directory: C:\Windows
2011/05/13 21:37:11.0243 2204 Running under WOW64
2011/05/13 21:37:11.0243 2204 Processor architecture: Intel x64
2011/05/13 21:37:11.0244 2204 Number of processors: 2
2011/05/13 21:37:11.0244 2204 Page size: 0x1000
2011/05/13 21:37:11.0244 2204 Boot type: Normal boot
2011/05/13 21:37:11.0244 2204 ================================================================================
2011/05/13 21:37:19.0402 2204 Initialize success
2011/05/13 21:37:23.0969 5832 ================================================================================
2011/05/13 21:37:23.0970 5832 Scan started
2011/05/13 21:37:23.0970 5832 Mode: Manual;
2011/05/13 21:37:23.0970 5832 ================================================================================
2011/05/13 21:37:25.0491 5832 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
2011/05/13 21:37:25.0611 5832 a2acc (0b8ed3de81ec30ad50873f033b34b39e) C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys
2011/05/13 21:37:25.0774 5832 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
2011/05/13 21:37:25.0860 5832 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
2011/05/13 21:37:25.0976 5832 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/05/13 21:37:26.0092 5832 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/05/13 21:37:26.0138 5832 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/05/13 21:37:26.0213 5832 AFD (d31dc7a16dea4a9baf179f3d6fbdb38c) C:\Windows\system32\drivers\afd.sys
2011/05/13 21:37:26.0310 5832 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
2011/05/13 21:37:26.0392 5832 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
2011/05/13 21:37:26.0455 5832 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
2011/05/13 21:37:26.0513 5832 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/05/13 21:37:26.0591 5832 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/05/13 21:37:26.0650 5832 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
2011/05/13 21:37:26.0844 5832 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/05/13 21:37:26.0923 5832 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
2011/05/13 21:37:26.0987 5832 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
2011/05/13 21:37:27.0162 5832 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/05/13 21:37:27.0219 5832 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/05/13 21:37:27.0334 5832 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/05/13 21:37:27.0682 5832 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
2011/05/13 21:37:27.0882 5832 athr (2c0bb386e86670bb1b1a57caaef3e50d) C:\Windows\system32\DRIVERS\athrx.sys
2011/05/13 21:37:28.0232 5832 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/05/13 21:37:28.0343 5832 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/05/13 21:37:28.0522 5832 bdfwfpf_bs (ebd18094c1530d51a62e36f2572800ed) C:\Program Files\BitDefender\TrafficLight\bdfwfpf.sys
2011/05/13 21:37:28.0623 5832 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/05/13 21:37:28.0806 5832 BHDrvx64 (3b9b31981894123f78c4ef0d97184319) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20110430.001\BHDrvx64.sys
2011/05/13 21:37:29.0011 5832 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/05/13 21:37:29.0105 5832 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
2011/05/13 21:37:29.0163 5832 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/05/13 21:37:29.0312 5832 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/05/13 21:37:29.0407 5832 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/05/13 21:37:29.0482 5832 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/05/13 21:37:29.0525 5832 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/05/13 21:37:29.0700 5832 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/05/13 21:37:29.0876 5832 BthAvrcp (832b121e4532919cc49f2438f1dcaa21) C:\Windows\system32\DRIVERS\BthAvrcp.sys
2011/05/13 21:37:29.0997 5832 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\DRIVERS\BthEnum.sys
2011/05/13 21:37:30.0098 5832 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/05/13 21:37:30.0155 5832 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
2011/05/13 21:37:30.0268 5832 BTHPORT (0d25b6d300ba26a5f2c3b2a8e96b158b) C:\Windows\system32\Drivers\BTHport.sys
2011/05/13 21:37:30.0394 5832 BTHUSB (1f9912f8ec5bfa53432e71e150636a8a) C:\Windows\system32\Drivers\BTHUSB.sys
2011/05/13 21:37:30.0449 5832 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/05/13 21:37:30.0508 5832 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
2011/05/13 21:37:30.0618 5832 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/05/13 21:37:30.0694 5832 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/05/13 21:37:30.0840 5832 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/05/13 21:37:30.0882 5832 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
2011/05/13 21:37:30.0943 5832 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
2011/05/13 21:37:31.0084 5832 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/05/13 21:37:31.0133 5832 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
2011/05/13 21:37:31.0250 5832 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/05/13 21:37:31.0342 5832 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
2011/05/13 21:37:31.0499 5832 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
2011/05/13 21:37:31.0581 5832 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/05/13 21:37:31.0634 5832 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/05/13 21:37:31.0790 5832 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/05/13 21:37:31.0919 5832 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
2011/05/13 21:37:32.0182 5832 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/05/13 21:37:32.0385 5832 eeCtrl (eb0883462ac43829e47929d705d40933) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
2011/05/13 21:37:32.0540 5832 ElbyCDIO (a05fc7eca0966ebb70e4d17b855a853b) C:\Windows\system32\Drivers\ElbyCDIO.sys
2011/05/13 21:37:32.0626 5832 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/05/13 21:37:32.0798 5832 EraserUtilRebootDrv (86fc0d272f6bb43e7214d4ba955a41e7) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2011/05/13 21:37:32.0888 5832 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
2011/05/13 21:37:33.0006 5832 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/05/13 21:37:33.0083 5832 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/05/13 21:37:33.0136 5832 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/05/13 21:37:33.0216 5832 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/05/13 21:37:33.0301 5832 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/05/13 21:37:33.0361 5832 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/05/13 21:37:33.0424 5832 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
2011/05/13 21:37:33.0556 5832 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/05/13 21:37:33.0637 5832 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/05/13 21:37:33.0704 5832 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
2011/05/13 21:37:33.0760 5832 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/05/13 21:37:33.0855 5832 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/05/13 21:37:33.0963 5832 ggflt (a4198f2bd8aa592cb90476277a81b5e1) C:\Windows\system32\DRIVERS\ggflt.sys
2011/05/13 21:37:34.0075 5832 ggsemc (d266350bdaab9eb6c1aec370eeaaff3a) C:\Windows\system32\DRIVERS\ggsemc.sys
2011/05/13 21:37:34.0164 5832 GT72NDISIPXP (e69d3bff7ae9c6d33419a80e13692c2f) C:\Windows\system32\DRIVERS\Gt51Ip.sys
2011/05/13 21:37:34.0225 5832 GT72UBUS (7e1ef45f4287614ac48e5ad7b5b46d70) C:\Windows\system32\DRIVERS\gt72ubus.sys
2011/05/13 21:37:34.0359 5832 GTPTSER (261cd8a73e74b496c29007ea761cda05) C:\Windows\system32\DRIVERS\gtptser.sys
2011/05/13 21:37:34.0474 5832 hcmon (d5fa01185a7d5a65724fd87b34e53f5b) C:\Windows\system32\drivers\hcmon.sys
2011/05/13 21:37:34.0559 5832 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/05/13 21:37:34.0622 5832 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
2011/05/13 21:37:34.0733 5832 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
2011/05/13 21:37:34.0780 5832 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/05/13 21:37:34.0822 5832 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/05/13 21:37:34.0864 5832 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/05/13 21:37:34.0966 5832 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
2011/05/13 21:37:35.0053 5832 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
2011/05/13 21:37:35.0135 5832 HssDrv (a60c877e1cd3aa2e4e5ccd8af305c0f1) C:\Windows\system32\DRIVERS\HssDrv.sys
2011/05/13 21:37:35.0312 5832 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
2011/05/13 21:37:35.0427 5832 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
2011/05/13 21:37:35.0482 5832 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
2011/05/13 21:37:35.0570 5832 iaStor (1d004cb1da6323b1f55caef7f94b61d9) C:\Windows\system32\DRIVERS\iaStor.sys
2011/05/13 21:37:35.0706 5832 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
2011/05/13 21:37:35.0877 5832 IDSVia64 (8f9faa4583e634a1505bad8d0c04c5c9) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20110512.001\IDSvia64.sys
2011/05/13 21:37:36.0343 5832 igfx (c6238c6abd6ac99f5d152da4e9439a3d) C:\Windows\system32\DRIVERS\igdkmd64.sys
2011/05/13 21:37:36.0746 5832 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/05/13 21:37:36.0911 5832 IntcAzAudAddService (b6e61b181884527cc5b68c2d79504b43) C:\Windows\system32\drivers\RTKVHD64.sys
2011/05/13 21:37:37.0078 5832 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
2011/05/13 21:37:37.0135 5832 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/05/13 21:37:37.0202 5832 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/05/13 21:37:37.0315 5832 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
2011/05/13 21:37:37.0370 5832 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/05/13 21:37:37.0415 5832 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/05/13 21:37:37.0466 5832 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
2011/05/13 21:37:37.0521 5832 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
2011/05/13 21:37:37.0633 5832 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/05/13 21:37:37.0699 5832 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/05/13 21:37:37.0772 5832 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
2011/05/13 21:37:37.0870 5832 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
2011/05/13 21:37:37.0926 5832 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/05/13 21:37:38.0047 5832 LHidFilt (24e09882ba51b9830ae029888a3aaf18) C:\Windows\system32\DRIVERS\LHidFilt.Sys
2011/05/13 21:37:38.0162 5832 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/05/13 21:37:38.0273 5832 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/05/13 21:37:38.0321 5832 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/05/13 21:37:38.0418 5832 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/05/13 21:37:38.0475 5832 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/05/13 21:37:38.0538 5832 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/05/13 21:37:38.0597 5832 LUsbFilt (b8be35421b9e8dc1ab4b0cb7b9b0328b) C:\Windows\system32\Drivers\LUsbFilt.Sys
2011/05/13 21:37:38.0701 5832 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/05/13 21:37:38.0799 5832 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/05/13 21:37:38.0857 5832 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/05/13 21:37:38.0942 5832 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/05/13 21:37:39.0010 5832 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2011/05/13 21:37:39.0063 5832 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/05/13 21:37:39.0128 5832 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
2011/05/13 21:37:39.0217 5832 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
2011/05/13 21:37:39.0290 5832 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/05/13 21:37:39.0362 5832 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
2011/05/13 21:37:39.0464 5832 mrxsmb (c2b4651001a867ff3f8865863b592991) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/05/13 21:37:39.0526 5832 mrxsmb10 (7e79946afc5f799ab62982282be5ac13) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/05/13 21:37:39.0603 5832 mrxsmb20 (5fb954100cea2bfec6446fbbecaa3f79) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/05/13 21:37:39.0853 5832 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
2011/05/13 21:37:39.0915 5832 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
2011/05/13 21:37:40.0007 5832 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/05/13 21:37:40.0069 5832 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/05/13 21:37:40.0150 5832 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
2011/05/13 21:37:40.0240 5832 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/05/13 21:37:40.0295 5832 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/05/13 21:37:40.0335 5832 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/05/13 21:37:40.0437 5832 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
2011/05/13 21:37:40.0531 5832 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
2011/05/13 21:37:40.0606 5832 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/05/13 21:37:40.0667 5832 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/05/13 21:37:40.0722 5832 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/05/13 21:37:40.0839 5832 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/05/13 21:37:40.0963 5832 NAVENG (ba3d1e520fccc1783282f43b8adfc4ca) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20110513.002\ENG64.SYS
2011/05/13 21:37:41.0108 5832 NAVEX15 (9f602385a74e30d13fb9083213cddc87) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20110513.002\EX64.SYS
2011/05/13 21:37:41.0285 5832 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
2011/05/13 21:37:41.0412 5832 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/05/13 21:37:41.0470 5832 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/05/13 21:37:41.0526 5832 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/05/13 21:37:41.0651 5832 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/05/13 21:37:41.0739 5832 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
2011/05/13 21:37:41.0803 5832 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/05/13 21:37:41.0898 5832 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
2011/05/13 21:37:42.0035 5832 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/05/13 21:37:42.0199 5832 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/05/13 21:37:42.0257 5832 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/05/13 21:37:42.0377 5832 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
2011/05/13 21:37:42.0503 5832 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/05/13 21:37:42.0582 5832 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
2011/05/13 21:37:42.0634 5832 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
2011/05/13 21:37:42.0733 5832 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
2011/05/13 21:37:42.0821 5832 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
2011/05/13 21:37:42.0934 5832 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/05/13 21:37:43.0038 5832 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
2011/05/13 21:37:43.0138 5832 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
2011/05/13 21:37:43.0183 5832 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
2011/05/13 21:37:43.0282 5832 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/05/13 21:37:43.0355 5832 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/05/13 21:37:43.0450 5832 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/05/13 21:37:43.0756 5832 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
2011/05/13 21:37:43.0815 5832 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/05/13 21:37:44.0000 5832 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
2011/05/13 21:37:44.0066 5832 PSI (fb46e9a827a8799ebd7bfa9128c91f37) C:\Windows\system32\DRIVERS\psi_mf.sys
2011/05/13 21:37:44.0200 5832 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/05/13 21:37:44.0329 5832 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/05/13 21:37:44.0396 5832 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/05/13 21:37:44.0445 5832 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/05/13 21:37:44.0502 5832 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/05/13 21:37:44.0625 5832 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/05/13 21:37:44.0740 5832 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/05/13 21:37:44.0840 5832 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/05/13 21:37:44.0917 5832 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
2011/05/13 21:37:44.0970 5832 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/05/13 21:37:45.0084 5832 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/05/13 21:37:45.0165 5832 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
2011/05/13 21:37:45.0262 5832 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/05/13 21:37:45.0318 5832 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/05/13 21:37:45.0396 5832 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
2011/05/13 21:37:45.0464 5832 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
2011/05/13 21:37:45.0605 5832 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
2011/05/13 21:37:45.0711 5832 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
2011/05/13 21:37:45.0856 5832 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/05/13 21:37:45.0924 5832 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
2011/05/13 21:37:45.0992 5832 SABI (62db6cc4b0818f1b5f3441241b098f12) C:\Windows\system32\Drivers\SABI.sys
2011/05/13 21:37:46.0128 5832 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
2011/05/13 21:37:46.0213 5832 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
2011/05/13 21:37:46.0328 5832 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/05/13 21:37:46.0495 5832 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/05/13 21:37:46.0554 5832 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/05/13 21:37:46.0619 5832 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/05/13 21:37:46.0750 5832 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
2011/05/13 21:37:46.0801 5832 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
2011/05/13 21:37:46.0845 5832 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
2011/05/13 21:37:46.0898 5832 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/05/13 21:37:47.0081 5832 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/05/13 21:37:47.0154 5832 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/05/13 21:37:47.0201 5832 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/05/13 21:37:47.0659 5832 SNPSTD3 (2991256ae2669897978a7112b10d452d) C:\Windows\system32\DRIVERS\snpstd3.sys
2011/05/13 21:37:48.0152 5832 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/05/13 21:37:48.0326 5832 SRTSP (90ef30c3867bcde4579c01a6d6e75a7a) C:\Windows\System32\Drivers\NISx64\1206000.01D\SRTSP64.SYS
2011/05/13 21:37:48.0472 5832 SRTSPX (c513e8a5e7978da49077f5484344ee1b) C:\Windows\system32\drivers\NISx64\1206000.01D\SRTSPX64.SYS
2011/05/13 21:37:48.0563 5832 srv (65bbf4920148c2ee279055da7228fc7b) C:\Windows\system32\DRIVERS\srv.sys
2011/05/13 21:37:48.0676 5832 srv2 (da939f762a1ccc2d77428621ddbd40a7) C:\Windows\system32\DRIVERS\srv2.sys
2011/05/13 21:37:48.0748 5832 srvnet (3f847c9dc87299516f7dc82fb6572865) C:\Windows\system32\DRIVERS\srvnet.sys
2011/05/13 21:37:48.0848 5832 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/05/13 21:37:48.0934 5832 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
2011/05/13 21:37:49.0022 5832 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
2011/05/13 21:37:49.0088 5832 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
2011/05/13 21:37:49.0134 5832 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
2011/05/13 21:37:49.0311 5832 SymDS (6160145c7a87fc7672e8e3b886888176) C:\Windows\system32\drivers\NISx64\1206000.01D\SYMDS64.SYS
2011/05/13 21:37:49.0433 5832 SymDSMon (e7b1bcb70355a84d6dfee12702b588d0) C:\Windows\system32\drivers\SymDSMon.sys
2011/05/13 21:37:49.0559 5832 SymEFA (96aeed40d4d3521568b42027687e69e0) C:\Windows\system32\drivers\NISx64\1206000.01D\SYMEFA64.SYS
2011/05/13 21:37:49.0686 5832 SymEvent (21a1c2d694c3cf962d31f5e873ab3d6f) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2011/05/13 21:37:49.0802 5832 SymIM (3aa3b2df451da88c38ab00b19fa3562e) C:\Windows\system32\DRIVERS\SymIMv.sys
2011/05/13 21:37:49.0959 5832 SymIRON (bd0d711d8cbfcaa19ca123306eaf53a5) C:\Windows\system32\drivers\NISx64\1206000.01D\Ironx64.SYS
2011/05/13 21:37:50.0050 5832 SymNetS (81d134628a98a22b6e054e971af525dc) C:\Windows\System32\Drivers\NISx64\1206000.01D\SYMNETS.SYS
2011/05/13 21:37:50.0130 5832 SYMSpeedDisk (f0268941519d73658199ecb1bb712be1) C:\Windows\system32\drivers\SymSpeedDisk.sys
2011/05/13 21:37:50.0319 5832 SynTP (929c9fa0b18ad2ebc8340591c4bf00ff) C:\Windows\system32\DRIVERS\SynTP.sys
2011/05/13 21:37:50.0434 5832 taphss (f33fdc72298df4bf9813a55d21f4eb31) C:\Windows\system32\DRIVERS\taphss.sys
2011/05/13 21:37:50.0579 5832 Tcpip (509383e505c973ed7534a06b3d19688d) C:\Windows\system32\drivers\tcpip.sys
2011/05/13 21:37:50.0779 5832 TCPIP6 (509383e505c973ed7534a06b3d19688d) C:\Windows\system32\DRIVERS\tcpip.sys
2011/05/13 21:37:50.0922 5832 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
2011/05/13 21:37:51.0013 5832 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/05/13 21:37:51.0093 5832 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/05/13 21:37:51.0203 5832 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
2011/05/13 21:37:51.0273 5832 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
2011/05/13 21:37:51.0382 5832 TfFsMon (fa5bfb71e561d279edae7e118435c1c9) C:\Windows\system32\drivers\TfFsMon.sys
2011/05/13 21:37:51.0456 5832 TfNetMon (fa8400d74345ec4bf10e476ca0aaa2df) C:\Windows\system32\drivers\TfNetMon.sys
2011/05/13 21:37:51.0513 5832 TfSysMon (f11aa1a704a4c027e5e8e0f355523834) C:\Windows\system32\drivers\TfSysMon.sys
2011/05/13 21:37:51.0680 5832 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/05/13 21:37:51.0780 5832 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
2011/05/13 21:37:51.0961 5832 TuneUpUtilitiesDrv (dcc94c51d27c7ec0dadeca8f64c94fcf) C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys
2011/05/13 21:37:52.0073 5832 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
2011/05/13 21:37:52.0140 5832 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/05/13 21:37:52.0203 5832 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
2011/05/13 21:37:52.0393 5832 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
2011/05/13 21:37:52.0450 5832 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
2011/05/13 21:37:52.0526 5832 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/05/13 21:37:52.0638 5832 UnlockerDriver5 (9dc07e73a4abb9acf692113b36a5009f) C:\Program Files\Unlocker\UnlockerDriver5.sys
2011/05/13 21:37:52.0752 5832 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/05/13 21:37:52.0815 5832 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
2011/05/13 21:37:52.0888 5832 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/05/13 21:37:53.0016 5832 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
2011/05/13 21:37:53.0104 5832 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
2011/05/13 21:37:53.0216 5832 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/05/13 21:37:53.0298 5832 usbser (4acee387fa8fd39f83564fcd2fc234f2) C:\Windows\system32\DRIVERS\usbser.sys
2011/05/13 21:37:53.0398 5832 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/05/13 21:37:53.0476 5832 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/05/13 21:37:53.0646 5832 VClone (fd911873c0bb6945fa38c16e9a2b58f9) C:\Windows\system32\DRIVERS\VClone.sys
2011/05/13 21:37:53.0723 5832 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
2011/05/13 21:37:53.0861 5832 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/05/13 21:37:53.0933 5832 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/05/13 21:37:54.0050 5832 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
2011/05/13 21:37:54.0157 5832 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
2011/05/13 21:37:54.0262 5832 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
2011/05/13 21:37:54.0357 5832 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
2011/05/13 21:37:54.0419 5832 vmci (4c8a14dbd410b510a88f77cb645f2c2a) C:\Windows\system32\drivers\vmci.sys
2011/05/13 21:37:54.0487 5832 vmkbd (ffc30caeeb2fc5fee8568cff74edeaed) C:\Windows\system32\drivers\VMkbd.sys
2011/05/13 21:37:54.0667 5832 VMnetBridge (fb54ef3aa613d2832fd3812e7cb2fc75) C:\Windows\system32\DRIVERS\vmnetbridge.sys
2011/05/13 21:37:54.0788 5832 VMnetuserif (d0b809f6a9fb437c2b880c3ca8c10780) C:\Windows\system32\drivers\vmnetuserif.sys
2011/05/13 21:37:54.0892 5832 vmusb (415b167695c4b5960a13098622ef3d80) C:\Windows\system32\Drivers\vmusb.sys
2011/05/13 21:37:55.0039 5832 vmx86 (541a6d6536710fd0602ec3aa24a81756) C:\Windows\system32\drivers\vmx86.sys
2011/05/13 21:37:55.0140 5832 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
2011/05/13 21:37:55.0249 5832 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
2011/05/13 21:37:55.0335 5832 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
2011/05/13 21:37:55.0450 5832 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/05/13 21:37:55.0604 5832 vstor2-ws60 (e61c910e2ddf4797c1b1f9239636e894) C:\Program Files (x86)\VMware\VMware Player\vstor2-ws60.sys
2011/05/13 21:37:55.0737 5832 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/05/13 21:37:55.0808 5832 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/05/13 21:37:55.0864 5832 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
2011/05/13 21:37:55.0994 5832 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/05/13 21:37:56.0105 5832 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/13 21:37:56.0140 5832 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/13 21:37:56.0341 5832 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/05/13 21:37:56.0410 5832 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/05/13 21:37:56.0701 5832 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/05/13 21:37:56.0752 5832 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/05/13 21:37:56.0972 5832 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/05/13 21:37:57.0106 5832 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
2011/05/13 21:37:57.0245 5832 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/05/13 21:37:57.0399 5832 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
2011/05/13 21:37:57.0456 5832 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/05/13 21:37:57.0619 5832 yukonw7 (64f88af327aa74e03658ae32b48ccb8b) C:\Windows\system32\DRIVERS\yk62x64.sys
2011/05/13 21:37:57.0883 5832 ================================================================================
2011/05/13 21:37:57.0883 5832 Scan finished
2011/05/13 21:37:57.0883 5832 ================================================================================
|
|
13.05.2011, 21:07
| #14 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Backdoor.Tidserv auf dem Rechner - vollständig entfernt?Zitat:
Bitte nun Logs mit GMER und mbrcheck erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg Anleitung zu mbrcheck: Downloade Dir MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
13.05.2011, 21:26
| #15 | |
| | Backdoor.Tidserv auf dem Rechner - vollständig entfernt?Zitat:
Mit GMER habe ich bereits schlechte Erfahrungen gemacht. Ich werde es die nächsten Tage trotzdem noch einmal ausprobieren. Hier das Ergebnis von MBRCheck: Code:
ATTFilter MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows 7 Ultimate Edition
Windows Information: Service Pack 1 (build 7601), 64-bit
Base Board Manufacturer: SAMSUNG ELECTRONICS CO., LTD.
BIOS Manufacturer: Phoenix Technologies Ltd.
System Manufacturer: SAMSUNG ELECTRONICS CO., LTD.
System Product Name: R509
Logical Drives Mask: 0x0000041c
Kernel Drivers (total 188):
0x02E56000 \SystemRoot\system32\ntoskrnl.exe
0x02E0D000 \SystemRoot\system32\hal.dll
0x00BC3000 \SystemRoot\system32\kdcom.dll
0x00C53000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00CA2000 \SystemRoot\system32\PSHED.dll
0x00CB6000 \SystemRoot\system32\CLFS.SYS
0x00D14000 \SystemRoot\system32\CI.dll
0x00E83000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00F27000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00F36000 \SystemRoot\system32\drivers\ACPI.sys
0x00F8D000 \SystemRoot\system32\drivers\WMILIB.SYS
0x00F96000 \SystemRoot\system32\drivers\msisadrv.sys
0x00FA0000 \SystemRoot\system32\drivers\pci.sys
0x00FD3000 \SystemRoot\system32\drivers\vdrvroot.sys
0x00FE0000 \SystemRoot\System32\drivers\partmgr.sys
0x00FF5000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x00E00000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x00E0C000 \SystemRoot\system32\drivers\volmgr.sys
0x00E21000 \SystemRoot\System32\drivers\volmgrx.sys
0x00DD4000 \SystemRoot\System32\drivers\mountmgr.sys
0x00C00000 \SystemRoot\system32\drivers\vmbus.sys
0x00C3C000 \SystemRoot\system32\drivers\winhv.sys
0x01089000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x011A5000 \SystemRoot\system32\drivers\atapi.sys
0x011AE000 \SystemRoot\system32\drivers\ataport.SYS
0x011D8000 \SystemRoot\system32\drivers\msahci.sys
0x011E3000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x011F3000 \SystemRoot\system32\drivers\amdxata.sys
0x01000000 \SystemRoot\system32\drivers\fltmgr.sys
0x012B4000 \SystemRoot\system32\drivers\NISx64\1206000.01D\SYMDS64.SYS
0x01325000 \SystemRoot\system32\drivers\fileinfo.sys
0x01460000 \SystemRoot\system32\drivers\NISx64\1206000.01D\SYMEFA64.SYS
0x01544000 \SystemRoot\system32\drivers\TfFsMon.sys
0x01558000 \SystemRoot\system32\drivers\TfSysMon.sys
0x01635000 \SystemRoot\System32\Drivers\Ntfs.sys
0x0156D000 \SystemRoot\System32\Drivers\msrpc.sys
0x017D8000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01339000 \SystemRoot\System32\Drivers\cng.sys
0x01600000 \SystemRoot\System32\drivers\pcw.sys
0x01611000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x0182B000 \SystemRoot\system32\drivers\ndis.sys
0x0191E000 \SystemRoot\system32\drivers\NETIO.SYS
0x0197E000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01AE0000 \SystemRoot\System32\drivers\tcpip.sys
0x01CE4000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01D2E000 \SystemRoot\system32\drivers\vmstorfl.sys
0x01D3E000 \SystemRoot\system32\drivers\volsnap.sys
0x01D8A000 \SystemRoot\System32\Drivers\spldr.sys
0x01D92000 \SystemRoot\System32\drivers\rdyboost.sys
0x01DCC000 \SystemRoot\System32\Drivers\mup.sys
0x01DDE000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01A00000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01A3A000 \SystemRoot\system32\DRIVERS\disk.sys
0x01A50000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x03013000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x040AB000 \SystemRoot\System32\Drivers\NISx64\1206000.01D\SRTSP64.SYS
0x0416B000 \SystemRoot\system32\drivers\NISx64\1206000.01D\Ironx64.SYS
0x04198000 \SystemRoot\system32\drivers\NISx64\1206000.01D\SRTSPX64.SYS
0x041AE000 \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
0x04420000 \SystemRoot\System32\Drivers\Null.SYS
0x04429000 \SystemRoot\System32\Drivers\Beep.SYS
0x041E4000 \SystemRoot\System32\drivers\vga.sys
0x04000000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x04025000 \SystemRoot\System32\drivers\watchdog.sys
0x045F5000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x04035000 \SystemRoot\system32\drivers\rdpencdd.sys
0x0403E000 \SystemRoot\system32\drivers\rdprefmp.sys
0x04047000 \SystemRoot\System32\Drivers\Msfs.SYS
0x04052000 \SystemRoot\System32\Drivers\Npfs.SYS
0x04063000 \SystemRoot\system32\DRIVERS\tdx.sys
0x04085000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x0303D000 \SystemRoot\system32\drivers\afd.sys
0x01A8E000 \SystemRoot\System32\DRIVERS\netbt.sys
0x04092000 \SystemRoot\system32\drivers\ws2ifsl.sys
0x0409D000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x019A9000 \SystemRoot\system32\DRIVERS\pacer.sys
0x030C6000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x041F2000 \SystemRoot\system32\DRIVERS\SymIMv.sys
0x01DE7000 \SystemRoot\system32\DRIVERS\netbios.sys
0x019CF000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x019EA000 \SystemRoot\system32\drivers\termdd.sys
0x01200000 \SystemRoot\System32\Drivers\NISx64\1206000.01D\SYMNETS.SYS
0x01DF6000 \??\C:\Windows\system32\Drivers\SABI.sys
0x01400000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x01AD3000 \SystemRoot\system32\drivers\nsiproxy.sys
0x01800000 \SystemRoot\system32\drivers\mssmbios.sys
0x03EA9000 \SystemRoot\System32\Drivers\ElbyCDIO.sys
0x03EB5000 \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
0x03F2E000 \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
0x03F54000 \SystemRoot\System32\drivers\discache.sys
0x03F63000 \SystemRoot\system32\drivers\csc.sys
0x03E00000 \SystemRoot\System32\Drivers\dfsc.sys
0x03FE6000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x046C6000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20110430.001\BHDrvx64.sys
0x04600000 \??\C:\Program Files\BitDefender\TrafficLight\bdfwfpf.sys
0x04628000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x04C7D000 \SystemRoot\system32\DRIVERS\igdkmd64.sys
0x056A0000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x05794000 \SystemRoot\System32\drivers\dxgmms1.sys
0x04C00000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x0464E000 \SystemRoot\system32\drivers\HDAudBus.sys
0x04268000 \SystemRoot\system32\DRIVERS\athrx.sys
0x043F3000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x04200000 \SystemRoot\system32\DRIVERS\yk62x64.sys
0x04C67000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x04672000 \SystemRoot\system32\drivers\i8042prt.sys
0x04C6C000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x057E7000 \??\C:\Windows\system32\drivers\VMkbd.sys
0x01266000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x04265000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x04690000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x057F2000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x0469F000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x046B5000 \SystemRoot\system32\drivers\CompositeBus.sys
0x047DE000 \SystemRoot\system32\DRIVERS\serscan.sys
0x047E6000 \SystemRoot\system32\drivers\ksthunk.sys
0x013AB000 \SystemRoot\system32\drivers\ks.sys
0x0180B000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x0161B000 \SystemRoot\system32\DRIVERS\HssDrv.sys
0x015CB000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x047EC000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x0104C000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x05C48000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x05C63000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x05C84000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x05C9E000 \SystemRoot\system32\DRIVERS\taphss.sys
0x05CAB000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x05CB6000 \SystemRoot\system32\DRIVERS\VClone.sys
0x05CC5000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
0x05CF4000 \SystemRoot\system32\drivers\swenum.sys
0x05CF6000 \SystemRoot\system32\DRIVERS\umbus.sys
0x05D08000 \SystemRoot\system32\drivers\usbhub.sys
0x05D62000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x06803000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x05D77000 \SystemRoot\system32\drivers\portcls.sys
0x05DB4000 \SystemRoot\system32\drivers\drmk.sys
0x069F5000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x030F7000 \SystemRoot\System32\Drivers\crashdmp.sys
0x06E5E000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x06F7A000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x00020000 \SystemRoot\System32\win32k.sys
0x06FA5000 \SystemRoot\System32\drivers\Dxapi.sys
0x00410000 \SystemRoot\System32\TSDDD.dll
0x00650000 \SystemRoot\System32\cdd.dll
0x02F87000 \SystemRoot\system32\drivers\luafv.sys
0x02FAA000 \SystemRoot\system32\drivers\WudfPf.sys
0x02FCB000 \SystemRoot\system32\DRIVERS\vmnetbridge.sys
0x02FDB000 \SystemRoot\system32\DRIVERS\VMNET.SYS
0x02FE5000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x02400000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x02453000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x02466000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x0247E000 \SystemRoot\system32\DRIVERS\vwifimp.sys
0x072F4000 \SystemRoot\system32\drivers\HTTP.sys
0x073BD000 \SystemRoot\system32\DRIVERS\bowser.sys
0x073DB000 \SystemRoot\System32\drivers\mpsdrv.sys
0x07200000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x0722D000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x0727A000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x0729E000 \??\C:\Windows\system32\drivers\hcmon.sys
0x072AA000 \??\C:\Windows\system32\drivers\vmci.sys
0x07668000 \??\C:\Windows\system32\drivers\vmx86.sys
0x0773E000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x07A49000 \SystemRoot\system32\drivers\peauth.sys
0x07AEF000 \SystemRoot\System32\Drivers\secdrv.SYS
0x07AFA000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x07B2B000 \SystemRoot\System32\drivers\tcpipreg.sys
0x07B3D000 \??\C:\Windows\system32\drivers\vmnetuserif.sys
0x07B47000 \??\C:\Program Files (x86)\VMware\VMware Player\vstor2-ws60.sys
0x07B53000 \SystemRoot\System32\DRIVERS\srv2.sys
0x0775B000 \SystemRoot\System32\DRIVERS\srv.sys
0x07BBD000 \??\C:\Windows\system32\drivers\SymDSMon.sys
0x07A00000 \??\C:\Windows\system32\drivers\SymSpeedDisk.sys
0x07A26000 \??\C:\Windows\system32\drivers\TfNetMon.sys
0x07600000 \SystemRoot\System32\drivers\rdpdr.sys
0x07A34000 \SystemRoot\system32\drivers\tdtcp.sys
0x07BEA000 \SystemRoot\System32\DRIVERS\tssecsrv.sys
0x06FB1000 \SystemRoot\System32\Drivers\RDPWD.SYS
0x077F3000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x08E71000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x0A914000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x08FA6000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20110513.002\EX64.SYS
0x0A91F000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20110513.002\ENG64.SYS
0x0A93F000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20110512.001\IDSvia64.sys
0x0A9BA000 \SystemRoot\system32\DRIVERS\monitor.sys
0x77300000 \Windows\System32\ntdll.dll
0x47BF0000 \Windows\System32\smss.exe
0xFF620000 \Windows\System32\apisetschema.dll
Processes (total 70):
0 System Idle Process
4 System
332 C:\Windows\System32\smss.exe
536 csrss.exe
608 C:\Windows\System32\wininit.exe
620 csrss.exe
668 C:\Windows\System32\services.exe
676 C:\Windows\System32\lsass.exe
684 C:\Windows\System32\lsm.exe
804 C:\Windows\System32\svchost.exe
876 C:\Windows\System32\winlogon.exe
912 C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
1000 C:\Windows\System32\svchost.exe
552 C:\Windows\System32\svchost.exe
624 C:\Windows\System32\svchost.exe
1016 C:\Windows\System32\svchost.exe
1220 C:\Windows\System32\svchost.exe
1392 C:\Windows\System32\svchost.exe
1524 C:\Windows\System32\spoolsv.exe
1576 C:\Windows\System32\svchost.exe
1712 C:\Windows\SysWOW64\svchost.exe
1736 C:\Program Files\BitDefender\TrafficLight\bsserv.exe
1776 C:\Program Files (x86)\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrv.exe
1832 C:\Windows\System32\svchost.exe
1976 C:\Program Files\T-Mobile\GlobeTrotter Connect\GtDetectSc.exe
2016 C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
1092 C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccsvchst.exe
1132 C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.4.155\SymcPCCULaunchSvc.exe
1948 C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.4.155\ccSvcHst.exe
1984 C:\Windows\SysWOW64\PSIService.exe
2116 C:\Program Files (x86)\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrv.exe
2312 C:\Program Files (x86)\ThreatFire\TFService.exe
2924 C:\Windows\System32\svchost.exe
3128 C:\Windows\System32\svchost.exe
1760 C:\Windows\System32\svchost.exe
3648 C:\Program Files\Windows Media Player\wmpnetwk.exe
3380 C:\Windows\System32\SearchIndexer.exe
2988 C:\Windows\System32\taskhost.exe
3032 C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccsvchst.exe
3352 C:\Windows\System32\dwm.exe
4048 C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.4.155\ccSvcHst.exe
3520 C:\Windows\explorer.exe
2164 C:\Program Files (x86)\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrvProxy.exe
3148 C:\Program Files (x86)\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrvProxy.exe
4120 C:\Windows\System32\taskeng.exe
4368 C:\Program Files (x86)\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
4384 C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
4424 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
4432 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
4464 C:\Windows\System32\hkcmd.exe
4484 C:\Windows\System32\igfxpers.exe
4492 C:\Program Files\Windows Sidebar\sidebar.exe
4928 C:\Program Files (x86)\ThreatFire\TFTray.exe
4996 C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
3364 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
2336 C:\Windows\System32\svchost.exe
5416 C:\Windows\System32\igfxext.exe
5484 C:\Windows\System32\igfxsrvc.exe
5276 C:\Windows\explorer.exe
5840 C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE
4328 C:\Windows\SysWOW64\SearchProtocolHost.exe
5948 C:\Windows\System32\SearchFilterHost.exe
3120 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
5672 C:\Windows\System32\SearchProtocolHost.exe
4840 C:\Windows\explorer.exe
1316 C:\Windows\System32\audiodg.exe
4516 <unknown>
3960 dllhost.exe
4416 C:\Users\***\Downloads\MBRCheck.exe
5756 C:\Windows\System32\conhost.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000014`571a7a00 (NTFS)
PhysicalDrive0 Model Number: HitachiHTS543225L9A300, Rev: FBEOC4CC
Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
Done!
|
|
| Themen zu Backdoor.Tidserv auf dem Rechner - vollständig entfernt? |
| anti-malware, avira, avira rescue, backdoor, backdoor.tidserv, benutzer, browser, code, computer, computern, dateien, desktop, emsisoft, entfernt, entfernt?, folge, gelöscht, geändert, hartnäckigen, neu, nicht mehr, norton, problem, programme, rechner, relativ, rootkit, system, tidserv, unbekannte, verlauf, virus |
Textbox.
.
Linear-Darstellung
