|
Plagegeister aller Art und deren Bekämpfung: Backdoor.Tidserv auf dem Rechner - vollständig entfernt?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
12.05.2011, 18:19 | #1 |
| Backdoor.Tidserv auf dem Rechner - vollständig entfernt? Hallo! Ich habe folgendes Problem: Vorhin benachrichtigte mich mein Norton, ein Backdoor (Backdoor.Tidserv) wurde von Auto-Protect gefunden und ich solle meinen PC neu starten. Nachdem ich dies getan hatte, erschien bei mir im Verlauf der Eintrag, alles wurde entfernt. Da es jedoch nur 2 Dateien waren, bin ich mir nicht 100%ig sicher, das alles restlos entfernt wurde; zumal es sich um einen relativ hartnäckigen Backdoor inklusive Rootkit handelt. Ich habe von der Symantec-Seite (und auch von der Norman-Seite) die Entfernungstools ausgeführt; das Symantec-Tool sagte mir, der MBR werde verdächtig genutzt, es wurde aber keine Tidserv-Infektion gefunden. Eine Reparatur ist deshalb nicht nötig/möglich. Stutzig macht mich vor allem, dass die Datei ab 17:55 auf dem Rechner ist und um 17:57 zuletzt verwendet wurde. Zu beiden Zeiten befand ich mich bereits seit längerer Zeit nicht mehr am Rechner; ich hatte weder Browser noch sonstige Programme geöffnet. Ich habe die benser.exe also weder heruntergeladen noch ausgeführt. Dies ist die erste "wirkliche" Infektion seit langem. Ich habe erst gestern das Avira Rescue System laufen lassen, heute Vormittag die Tools Malwarebyte's Anti-Malware und Emsisoft Anti-Malware. Ich nutze weder Online-Spiele (auf dem Desktop befand sich eine nicht sichtbare casino.url) noch öffne ich wahllos unbekannte Dateien. Eigentlich bin ich ein relativ sicherheitsbewusster Nutzer und habe neben Norton noch das verhaltensbasierte ThreatFire sowie eine Router-Firewall laufen. Hat jemand 1. eine Ahnung, woher der Backdoor kommt und 2. eine Ahnung, ob sich noch Reste auf dem Rechner befinden? Hat Norton alle Dateien, die zu diesem Backdoor gehören, gelöscht? Hier das Norton-Protokoll zur Entfernung: Code:
ATTFilter Vollständiger Pfad: c:\users\[benutzer]\downloads\benser.exe ____________________________ ____________________________ Auf Computern ab: 12.05.2011 um 17:55:05 Zuletzt verwendet: 12.05.2011 um 17:57:19 Systemstartobjekt: Ja Gestartet: Nein ____________________________ ____________________________ Wenige Benutzer Weniger als 50 Benutzer in der Norton Community haben diese Datei verwendet. ____________________________ Hoch Das Risiko dieser Datei ist hoch. ____________________________ Bedrohungsdetails Art der Bedrohung: Virus. Programme, die andere Programme, Dateien oder Computerbereiche infizieren, indem sie sich einfügen oder anhängen. ____________________________ Ursprung Heruntergeladen von URL nicht verfügbar Quelldatei: benser.exe ____________________________ Dateiaktionen Datei: c:\users\niklas hoffmann\downloads\benser.exe entfernt Datei: C:\Users\Niklas Hoffmann\Desktop\Casino.url entfernt ____________________________ Verdächtige Aktionen Dienst geändert: spooler Beendet ____________________________ Dateiabdruck - SHA: e808631ef84fd2745ee2a858d281f38d63e75603722174e16bdc8bfae432983d ____________________________ Dateiabdruck - MD5: cb0faa7b6795fd9db1ad8f33ea69b946 ____________________________ UserofSeven |
12.05.2011, 19:11 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Backdoor.Tidserv auf dem Rechner - vollständig entfernt? benser.exe ist lt. Internet-Recherche ein Bestandteil von Veritas-Backup. Derartige Software im Einsatz? Wohl nicht oder?
__________________Malwarebytes hat was gefunden?
__________________ |
12.05.2011, 21:21 | #3 |
| Backdoor.Tidserv auf dem Rechner - vollständig entfernt? Nach der Datei benser.exe habe ich ebenfalls schon gesucht. Und nein, eine derartige Software habe ich nicht im Einsatz. Zumal die Datei erst seit heute Nachmittag im Download-Ordner existiert.
__________________Ich habe vergessen zu erwähnen, dass weder Malwarebyte's noch Emsisoft oder ein Vollständiger Scan in Norton noch etwas gefunden hat. Allerdings hatte ich noch keine Zeit, eine Live-CD laufen zu lassen, da es sich ja um einen Backdoor handelt, der sich gut versteckt und direkt im MBR eingetragen ist. Ich habe allerdings die Prüfsumme bei Google eingegeben und bin auf Artikel von VirusTotal und einer anderen Malware-Analyseseite gestoßen, wobei beide zweifelsfrei belegen, dass es sich um den Tidserv-Backdoor handelt. Ein Fehlalarm ist folglich auszuschließen. Im Protokoll von Norton steht zwar, es sei ein Systemstartobjekt, wurde jedoch noch nicht ausgeführt. Ob ich der Aussage Glauben schenken kann, dass der Virus noch nicht installiert wurde? UserofSeven |
13.05.2011, 15:50 | #4 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Backdoor.Tidserv auf dem Rechner - vollständig entfernt? CustomScan mit OTL Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %SYSTEMDRIVE%\*.exe /md5start wininit.exe userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten |
13.05.2011, 17:30 | #5 |
| Backdoor.Tidserv auf dem Rechner - vollständig entfernt? So, der OTL-Scan ist fertig: Code:
ATTFilter OTL logfile created on: 13.05.2011 17:42:55 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\***\Downloads 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 64,00% Memory free 8,00 Gb Paging File | 6,00 Gb Available in Paging File | 79,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 81,26 Gb Total Space | 14,67 Gb Free Space | 18,06% Space Free | Partition Type: NTFS Drive D: | 151,52 Gb Total Space | 59,08 Gb Free Space | 38,99% Space Free | Partition Type: NTFS Drive F: | 4,34 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS Drive X: | 465,76 Gb Total Space | 45,33 Gb Free Space | 9,73% Space Free | Partition Type: NTFS Computer Name: *** | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.05.13 17:39:26 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\***\Downloads\OTL.exe PRC - [2011.04.17 02:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe PRC - [2011.04.01 07:09:36 | 002,860,800 | ---- | M] (Emsi Software GmbH) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe PRC - [2011.02.22 14:57:34 | 000,378,128 | ---- | M] (PC Tools) -- C:\Program Files (x86)\ThreatFire\TFTray.exe PRC - [2011.02.22 14:57:30 | 000,070,928 | ---- | M] (PC Tools) -- C:\Program Files (x86)\ThreatFire\TFService.exe PRC - [2011.01.30 17:45:14 | 000,821,144 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe PRC - [2010.11.30 02:23:56 | 001,037,672 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrv.exe PRC - [2010.11.30 02:23:56 | 000,406,888 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrvProxy.exe PRC - [2010.11.30 02:23:44 | 001,029,480 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrv.exe PRC - [2010.11.30 02:23:44 | 000,406,888 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrvProxy.exe PRC - [2010.09.13 21:43:53 | 000,115,056 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.4.155\SymcPCCULaunchSvc.exe PRC - [2009.09.24 20:47:46 | 000,834,560 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe PRC - [2009.08.25 00:49:41 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.4.155\ccSvcHst.exe PRC - [2009.08.23 14:47:34 | 000,716,800 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe PRC - [2006.11.02 20:40:12 | 000,174,656 | ---- | M] () -- C:\Windows\SysWOW64\PSIService.exe ========== Modules (SafeList) ========== MOD - [2011.05.13 17:39:26 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\***\Downloads\OTL.exe MOD - [2011.02.22 14:57:42 | 000,406,800 | ---- | M] (PC Tools) -- C:\Program Files (x86)\ThreatFire\TfWah.dll MOD - [2010.11.20 13:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2011.04.11 11:57:02 | 000,029,040 | ---- | M] (BitDefender) [Auto | Running] -- C:\Program Files\BitDefender\TrafficLight\bsserv.exe -- (bsserv) SRV:64bit: - [2011.01.12 18:32:16 | 000,036,160 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp) SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV:64bit: - [2008.05.08 08:15:06 | 000,314,880 | ---- | M] (OptionNV) [Auto | Running] -- C:\Program Files\T-Mobile\GlobeTrotter Connect\GtDetectSc.exe -- (GtDetectSc) SRV - [2011.05.04 15:49:05 | 003,274,328 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai\netsession_win_3f211bc.dll -- (Akamai) SRV - [2011.04.17 02:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe -- (NIS) SRV - [2011.04.01 07:09:36 | 002,860,800 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe -- (a2AntiMalware) SRV - [2011.03.25 23:26:28 | 000,404,080 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service) SRV - [2011.03.25 23:26:16 | 000,113,264 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe -- (VMAuthdService) SRV - [2011.03.25 22:27:40 | 000,539,248 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService) SRV - [2011.03.25 03:14:52 | 000,057,640 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE -- (HssTrayService) SRV - [2011.03.25 03:13:06 | 000,271,408 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe -- (hshld) SRV - [2011.03.06 19:18:50 | 000,607,040 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag) SRV - [2011.02.22 14:57:30 | 000,070,928 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files (x86)\ThreatFire\TFService.exe -- (ThreatFire) SRV - [2011.02.10 15:29:24 | 000,150,528 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe -- (Sony Ericsson PCCompanion) SRV - [2011.01.12 18:36:56 | 001,403,200 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc) SRV - [2011.01.12 18:32:10 | 000,030,016 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp) SRV - [2011.01.10 16:24:20 | 000,993,848 | ---- | M] (Secunia) [Disabled | Stopped] -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent) SRV - [2011.01.10 16:24:20 | 000,399,416 | ---- | M] (Secunia) [Disabled | Stopped] -- C:\Program Files (x86)\Secunia\PSI\sua.exe -- (Secunia Update Agent) SRV - [2011.01.05 20:30:36 | 000,352,304 | ---- | M] (AnchorFree Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv) SRV - [2010.11.30 02:23:56 | 001,037,672 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrv.exe -- (SpeedDiskService) SRV - [2010.11.30 02:23:44 | 001,029,480 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrv.exe -- (DiskDoctorService) SRV - [2010.10.28 12:14:30 | 000,357,456 | ---- | M] (Logitech, Inc.) [Disabled | Stopped] -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ) SRV - [2010.10.15 20:42:14 | 000,326,704 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -- (HssWd) SRV - [2010.09.13 21:43:53 | 000,115,056 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.4.155\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher) SRV - [2010.08.19 13:57:14 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\VMware\VMware Player\vmware-ufad.exe -- (ufad-ws60) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.08.25 00:49:41 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.4.155\ccSvcHst.exe -- (PCCUJobMgr) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2006.11.02 20:40:12 | 000,174,656 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PSIService.exe -- (ProtexisLicensing) ========== Driver Services (SafeList) ========== DRV:64bit: - [2011.05.11 16:44:24 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent) DRV:64bit: - [2011.05.03 16:59:45 | 000,027,176 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggsemc.sys -- (ggsemc) DRV:64bit: - [2011.05.03 16:59:45 | 000,013,352 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggflt.sys -- (ggflt) DRV:64bit: - [2011.03.31 05:04:12 | 000,043,640 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SymIMV.sys -- (SymIM) DRV:64bit: - [2011.03.31 05:00:09 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\srtsp64.sys -- (SRTSP) DRV:64bit: - [2011.03.31 05:00:09 | 000,040,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL) DRV:64bit: - [2011.03.25 23:27:36 | 000,068,720 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86) DRV:64bit: - [2011.03.25 23:27:34 | 000,081,008 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci) DRV:64bit: - [2011.03.25 23:25:46 | 000,031,856 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMkbd.sys -- (vmkbd) DRV:64bit: - [2011.03.25 23:25:34 | 000,030,320 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif) DRV:64bit: - [2011.03.25 22:27:36 | 000,038,512 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon) DRV:64bit: - [2011.03.25 20:05:00 | 000,037,680 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmusb.sys -- (vmusb) DRV:64bit: - [2011.03.25 20:04:58 | 000,045,104 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge) DRV:64bit: - [2011.03.22 02:39:49 | 000,382,584 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\symnets.sys -- (SymNetS) DRV:64bit: - [2011.03.15 04:31:23 | 000,912,504 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\symefa64.sys -- (SymEFA) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.03.06 21:22:02 | 000,273,456 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2011.02.22 14:57:58 | 000,074,824 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TfSysMon.sys -- (TfSysMon) DRV:64bit: - [2011.02.22 14:57:56 | 000,041,888 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\TfNetMon.sys -- (TfNetMon) DRV:64bit: - [2011.02.22 14:57:54 | 000,065,072 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TfFsMon.sys -- (TfFsMon) DRV:64bit: - [2011.02.11 19:16:38 | 010,628,640 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2011.01.27 08:47:10 | 000,450,680 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\symds64.sys -- (SymDS) DRV:64bit: - [2011.01.27 07:07:06 | 000,171,128 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\ironx64.sys -- (SymIRON) DRV:64bit: - [2011.01.15 18:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone) DRV:64bit: - [2010.12.17 00:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO) DRV:64bit: - [2010.11.30 02:24:02 | 000,191,232 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SymDSMon.sys -- (SymDSMon) DRV:64bit: - [2010.11.30 02:24:02 | 000,163,384 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SymSpeedDisk.sys -- (SYMSpeedDisk) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.20 13:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2010.11.20 12:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser) DRV:64bit: - [2010.09.22 21:19:02 | 000,056,832 | ---- | M] (AnchorFree Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HssDrv.sys -- (HssDrv) DRV:64bit: - [2010.09.22 21:19:02 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss) DRV:64bit: - [2010.09.01 10:30:58 | 000,017,976 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\psi_mf.sys -- (PSI) DRV:64bit: - [2010.08.24 19:29:54 | 000,041,040 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt) DRV:64bit: - [2010.08.24 19:29:10 | 000,063,568 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt) DRV:64bit: - [2010.06.10 04:45:38 | 001,605,632 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2009.09.28 10:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7) DRV:64bit: - [2009.08.13 08:38:24 | 000,029,184 | ---- | M] (CSR, plc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthAvrcp.sys -- (BthAvrcp) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 02:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam) DRV:64bit: - [2009.07.03 10:40:18 | 010,916,352 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snpstd3.sys -- (SNPSTD3) USB PC Camera (SNPSTD3) DRV:64bit: - [2009.06.10 22:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.06.04 19:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2009.05.28 16:38:04 | 000,013,824 | ---- | M] (SAMSUNG ELECTRONICS) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SABI.sys -- (SABI) DRV:64bit: - [2009.05.18 10:47:08 | 000,034,152 | R--- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2008.02.18 16:14:48 | 000,124,928 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Gt51Ip.sys -- (GT72NDISIPXP) DRV:64bit: - [2008.02.08 12:00:42 | 000,080,896 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\gt72ubus.sys -- (GT72UBUS) DRV:64bit: - [2007.03.30 12:38:16 | 000,010,624 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\gtptser.sys -- (GTPTSER) DRV - [2011.05.10 06:57:14 | 000,481,912 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl) DRV - [2011.05.10 06:57:14 | 000,136,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2011.04.15 22:29:04 | 001,127,032 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20110430.001\BHDrvx64.sys -- (BHDrvx64) DRV - [2011.03.31 06:43:38 | 001,828,984 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20110513.002\EX64.SYS -- (NAVEX15) DRV - [2011.03.31 06:43:37 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20110513.002\ENG64.SYS -- (NAVENG) DRV - [2011.03.14 20:58:28 | 000,476,792 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20110512.001\IDSviA64.sys -- (IDSVia64) DRV - [2011.03.06 19:25:45 | 000,085,800 | ---- | M] (Emsi Software GmbH) [File_System | On_Demand | Stopped] -- C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys -- (a2acc) DRV - [2011.02.25 15:39:50 | 000,102,992 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Programme\BitDefender\TrafficLight\bdfwfpf.sys -- (bdfwfpf_bs) DRV - [2010.11.30 02:24:00 | 000,108,800 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\SymSpeedDisk.sys -- (SYMSpeedDisk) DRV - [2010.08.19 13:56:38 | 000,032,816 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\VMware\VMware Player\vstor2-ws60.sys -- (vstor2-ws60) DRV - [2010.02.24 14:41:50 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv) DRV - [2009.07.03 10:15:12 | 010,526,464 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\snpstd3.sys -- (SNPSTD3) USB PC Camera (SNPSTD3) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = EF FA E8 F8 F9 EA CB 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 192.168.2.9:8080 ========== FireFox ========== FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0 FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:5.5 FF - prefs.js..extensions.enabledItems: vtzilla@virustotal.com:1.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3 FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100908 FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.2 FF - prefs.js..extensions.enabledItems: web2pdfextension@web2pdf.adobedotcom:1.0 FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.77 FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\IPSFFPlgn\ [2011.05.11 17:31:17 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\coFFPlgn\ [2011.05.10 06:56:12 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011.03.06 19:02:27 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.04.28 23:39:47 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.04.22 14:52:32 | 000,000,000 | ---D | M] [2011.03.06 14:29:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2011.05.09 14:44:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\cjopaspx.default\extensions [2011.05.09 14:44:17 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\cjopaspx.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2011.04.29 18:59:16 | 000,000,000 | ---D | M] (BitDefender QuickScan) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\cjopaspx.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2011.03.06 17:57:23 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\cjopaspx.default\extensions\de-DE@dictionaries.addons.mozilla.org [2011.03.06 16:14:49 | 000,000,000 | ---D | M] (VTzilla) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\cjopaspx.default\extensions\vtzilla@virustotal.com [2011.03.06 14:29:59 | 000,002,449 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\cjopaspx.default\searchplugins\safesearch.xml [2011.04.15 16:20:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2011.03.06 16:56:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011.04.15 16:20:21 | 000,000,000 | ---D | M] (afurladvisor) -- C:\Program Files (x86)\mozilla firefox\extensions\afurladvisor@anchorfree.com File not found (No name found) -- [2011.05.10 06:56:12 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\COFFPLGN [2011.05.11 17:31:17 | 000,000,000 | ---D | M] (Symantec IPS) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\IPSFFPLGN () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CJOPASPX.DEFAULT\EXTENSIONS\{A0D7CCB3-214D-498B-B4AA-0E8FDA9A7BF7}.XPI () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CJOPASPX.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI [2011.04.28 23:39:44 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.03.06 16:56:31 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011.03.27 17:38:26 | 000,002,046 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrchddr.xml [2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (G Data CloudSecurity) - {AADAC261-4EE9-473A-AB95-D8E153424C38} - C:\Program Files (x86)\G Data\G Data CloudSecurity\CloudSecurityIE64.dll (G Data Software AG) O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll (AnchorFree Inc.) O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll (Symantec Corporation) O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\IPS\IPSBHO.DLL (Symantec Corporation) O2 - BHO: (G Data CloudSecurity) - {AADAC261-4EE9-473A-AB95-D8E153424C38} - C:\Program Files (x86)\G Data\G Data CloudSecurity\CloudSecurityIE.dll (G Data Software AG) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.) O3:64bit: - HKLM\..\Toolbar: (G Data CloudSecurity) - {AADAC261-4EE9-473A-AB95-D8E153424C38} - C:\Program Files (x86)\G Data\G Data CloudSecurity\CloudSecurityIE64.dll (G Data Software AG) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (G Data CloudSecurity) - {AADAC261-4EE9-473A-AB95-D8E153424C38} - C:\Program Files (x86)\G Data\G Data CloudSecurity\CloudSecurityIE.dll (G Data Software AG) O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll (Symantec Corporation) O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [ThreatFire] C:\Program Files (x86)\ThreatFire\TFTray.exe (PC Tools) O4 - HKCU..\Run: [Adobe Acrobat Synchronizer] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe (Adobe Systems Incorporated) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll (VMware, Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll (VMware, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll (VMware, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll (VMware, Inc.) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Key error. - c:\Programme\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010.09.16 18:35:50 | 000,956,848 | R--- | M] (mirabyte GmbH & Co. KG) - F:\autoexec.exe -- [ CDFS ] O32 - AutoRun File - [2011.04.07 14:42:58 | 000,000,448 | R--- | M] () - F:\autorun.inf -- [ CDFS ] O32 - AutoRun File - [2011.04.07 14:42:58 | 000,000,012 | R--- | M] () - F:\autorun.tag -- [ CDFS ] O33 - MountPoints2\{f5df3ba0-47e7-11e0-abdb-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{f5df3ba0-47e7-11e0-abdb-806e6f6e6963}\Shell\AutoRun\command - "" = F:\zdata\cobi.exe -- [2010.12.30 13:33:40 | 004,292,096 | R--- | M] () O33 - MountPoints2\{ff0d3e26-58ac-11e0-b972-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{ff0d3e26-58ac-11e0-b972-806e6f6e6963}\Shell\AutoRun\command - "" = F:\setup.exe AUTORUN=1 O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (C:\PROGRA~2\NO0530~1\Tools\SPEEDD~1\aDSBatch.exe /startup) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs:64bit: UxTuneUp - C:\Windows\SysNative\uxtuneup.dll (TuneUp Software) NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^web'n'walk Manager.lnk - C:\Programme\T-Mobile\GlobeTrotter Connect\web'n'walk Manager.exe - (T-Mobile) MsConfig:64bit - StartUpFolder: C:^Users^***^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Produktregistrierung.lnk - - File not found MsConfig:64bit - StartUpFolder: C:^Users^***^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Warner Bros.lnk - C:\PROGRA~2\WARNER~1.DIG\WARNER~1.EXE - () MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: BrMfcWnd - hkey= - key= - C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.) MsConfig:64bit - StartUpReg: ControlCenter3 - hkey= - key= - C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.) MsConfig:64bit - StartUpReg: dcmsvc - hkey= - key= - C:\Program Files (x86)\dcmsvc\dcmsvc.exe () MsConfig:64bit - StartUpReg: ICQ - hkey= - key= - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.) MsConfig:64bit - StartUpReg: IndexSearch - hkey= - key= - C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe (Nuance Communications, Inc.) MsConfig:64bit - StartUpReg: PaperPort PTD - hkey= - key= - C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe (Nuance Communications, Inc.) MsConfig:64bit - StartUpReg: PPort11reminder - hkey= - key= - C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.) MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.) MsConfig:64bit - StartUpReg: snpstd3 - hkey= - key= - C:\Windows\vsnpstd3.exe () MsConfig:64bit - StartUpReg: Sony Ericsson PC Companion - hkey= - key= - C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe (Sony Ericsson) MsConfig:64bit - StartUpReg: SSBkgdUpdate - hkey= - key= - C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.) MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) MsConfig:64bit - StartUpReg: tsnpstd3 - hkey= - key= - C:\Windows\tsnpstd3.exe () MsConfig:64bit - StartUpReg: VirtualCloneDrive - hkey= - key= - C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG) MsConfig:64bit - StartUpReg: VMware hqtray - hkey= - key= - C:\Program Files (x86)\VMware\VMware Player\hqtray.exe (VMware, Inc.) MsConfig:64bit - State: "startup" - Reg Error: Key error. MsConfig:64bit - State: "services" - Reg Error: Key error. MsConfig:64bit - State: "bootini" - Reg Error: Key error. SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: vmms - Service SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: Messenger - Service SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: vmms - Service SafeBootNet:64bit: WudfUsbccidDriver - Driver SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) Drivers32: VIDC.VMnc - C:\Windows\SysWow64\vmnc.dll (VMware, Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011.05.11 20:33:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\G Data [2011.05.11 20:31:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BitDefender TrafficLight [2011.05.11 20:31:25 | 000,000,000 | ---D | C] -- C:\Programme\BitDefender [2011.05.11 17:19:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NAVIGON [2011.05.09 14:46:12 | 000,000,000 | ---D | C] -- C:\Users\***\dwhelper [2011.05.08 18:41:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth [2011.05.07 12:40:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nokia [2011.05.07 11:18:28 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\COMPUTERBILD App-Center [2011.05.07 11:18:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\COMPUTERBILD App-Center [2011.05.06 21:32:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corel Paint Shop Pro X [2011.05.06 21:31:57 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Corel [2011.05.06 21:31:44 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Spool [2011.05.06 21:31:41 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Meine PSP-Dateien [2011.05.06 21:31:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Corel [2011.05.06 21:29:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Corel [2011.05.05 17:22:57 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\SISContents [2011.05.05 17:22:57 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\SISContents [2011.05.05 16:26:34 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\handy alt [2011.05.03 18:18:48 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\MyPhoneExplorer [2011.05.03 18:18:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyPhoneExplorer [2011.05.03 18:18:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MyPhoneExplorer [2011.05.03 17:00:11 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sony Ericsson [2011.05.03 16:59:45 | 000,027,176 | ---- | C] (Sony Ericsson Mobile Communications) -- C:\Windows\SysNative\drivers\ggsemc.sys [2011.05.03 16:59:45 | 000,013,352 | ---- | C] (Sony Ericsson Mobile Communications) -- C:\Windows\SysNative\drivers\ggflt.sys [2011.05.01 17:08:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ICQ7.5 [2011.05.01 17:08:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ICQ7.5 [2011.05.01 16:26:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Avanquest Bluetooth SDK [2011.04.28 16:59:02 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Norton Utilities [2011.04.28 16:55:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Utilities 15 [2011.04.28 16:55:15 | 000,191,232 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SymDSMon.sys [2011.04.28 16:55:15 | 000,163,384 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SymSpeedDisk.sys [2011.04.28 16:55:15 | 000,108,800 | ---- | C] (Symantec Corporation) -- C:\Windows\SysWow64\drivers\SymSpeedDisk.sys [2011.04.28 16:55:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec [2011.04.28 16:55:13 | 001,101,824 | ---- | C] (Woodbury Associates Limited) -- C:\Windows\SysWow64\UniBox210.ocx [2011.04.28 16:55:13 | 000,880,640 | ---- | C] (Woodbury Associates Limited) -- C:\Windows\SysWow64\UniBox10.ocx [2011.04.28 16:55:13 | 000,212,992 | ---- | C] (Woodbury Associates Limited) -- C:\Windows\SysWow64\UniBoxVB12.ocx [2011.04.28 16:55:09 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\UnErase [2011.04.28 16:55:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec [2011.04.28 16:55:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Utilities 15 [2011.04.28 16:48:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton Installer [2011.04.28 16:46:58 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP [2011.04.22 14:11:33 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess [2011.04.21 13:10:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple [2011.04.21 13:10:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2011.04.21 13:10:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime [2011.04.21 13:10:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer [2011.04.19 21:22:26 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Tific [2011.04.19 21:22:01 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NortonPCCheckupx64 [2011.04.19 21:22:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton PC Checkup [2011.04.19 21:22:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton PC Checkup [2011.04.19 21:22:01 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NortonPCCheckupx64\0200040.09B [2011.04.18 20:55:47 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Sync App Settings [2011.04.18 20:55:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Sync App Settings [2011.04.18 20:55:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Allway Sync [2011.04.18 20:55:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Allway Sync [2011.04.18 20:50:26 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker [2011.04.18 20:50:25 | 000,000,000 | ---D | C] -- C:\Programme\Unlocker [2011.04.18 17:58:36 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ [2011.04.18 17:58:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VirtualDJ [2011.04.18 17:58:30 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\VirtualDJ [2011.04.17 17:21:15 | 000,000,000 | ---D | C] -- C:\Programme\Java [2011.04.17 17:20:23 | 000,000,000 | ---D | C] -- C:\Users\***\.hgt [2011.04.16 17:51:16 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Sony Ericsson [2011.04.16 17:50:40 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Downloaded Installations [2011.04.16 17:50:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony Corporation [2011.04.16 17:50:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sony [2011.04.16 17:49:29 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Apple [2011.04.16 17:49:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update [2011.04.16 17:49:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple [2011.04.16 17:48:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sony Media Go Install [2011.04.16 17:48:03 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Sony [2011.04.16 17:33:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avanquest update [2011.04.16 17:33:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Avanquest [2011.04.16 17:33:00 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Sony Ericsson [2011.04.16 17:33:00 | 000,000,000 | ---D | C] -- C:\ProgramData\BVRP Software [2011.04.16 17:30:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony Ericsson [2011.04.16 17:30:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony Ericsson [2011.04.16 17:30:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sony Ericsson [2011.04.16 17:21:49 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\My eBooks [2011.04.16 17:21:49 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Mobipocket [2011.04.16 17:21:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mobipocket.com [2011.04.16 17:21:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mobipocket.com [2011.04.16 17:16:02 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\andered [2011.04.16 17:14:44 | 000,081,008 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vmci.sys [2011.04.16 17:14:31 | 000,068,720 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vmx86.sys [2011.04.16 17:13:51 | 000,404,080 | ---- | C] (VMware, Inc.) -- C:\Windows\SysWow64\vmnat.exe [2011.04.16 17:13:47 | 000,030,320 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vmnetuserif.sys [2011.04.16 17:13:29 | 000,968,816 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\vnetlib64.dll [2011.04.16 17:12:06 | 000,031,856 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\VMkbd.sys [2011.04.16 17:12:03 | 000,038,512 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\hcmon.sys [2011.04.16 17:11:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VMware [2011.04.16 17:11:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\VMware [2011.04.15 16:54:19 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Garmin [2011.04.15 16:41:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin [2011.04.15 16:20:38 | 000,000,000 | ---D | C] -- C:\Hotspot Shield [2011.04.15 16:20:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotspot Shield [2011.04.15 16:20:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hotspot Shield [2011.04.15 15:16:56 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\WinRAR [2011.03.06 21:44:20 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\rsnpstd3.dll [2011.03.06 21:44:20 | 000,061,440 | ---- | C] ( ) -- C:\Windows\SysWow64\vsnpstd3.dll [2011.03.06 21:44:19 | 000,053,248 | ---- | C] ( ) -- C:\Windows\csnpstd3.dll ========== Files - Modified Within 30 Days ========== [2011.05.13 17:44:02 | 000,001,128 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.05.13 17:40:02 | 000,014,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.05.13 17:40:02 | 000,014,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.05.13 17:31:54 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.05.13 17:28:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.05.13 17:27:59 | 3190,247,424 | -HS- | M] () -- C:\hiberfil.sys [2011.05.12 20:21:52 | 000,002,944 | ---- | M] () -- C:\{951E426C-C7DE-4E9B-9B6D-EE1AC04D4D0E} [2011.05.12 19:09:57 | 000,000,280 | ---- | M] () -- C:\Windows\tasks\NUSchedule.job [2011.05.12 18:01:50 | 000,097,533 | ---- | M] () -- C:\Users\***\Desktop\sportfest_kiga_urkunde.pdf [2011.05.12 15:14:58 | 000,003,240 | ---- | M] () -- C:\{EDEF5BF2-638C-4E7A-A268-7E0420865ED6} [2011.05.12 15:03:18 | 000,002,288 | ---- | M] () -- C:\{079C4A87-704D-404A-AAA0-0C4B01C9526E} [2011.05.12 15:01:30 | 000,002,328 | ---- | M] () -- C:\{172ED615-3AAF-4677-AB39-36C78F574174} [2011.05.12 14:59:10 | 000,002,288 | ---- | M] () -- C:\{5D301076-5A2D-4F3C-A62D-75B4A15F431E} [2011.05.12 14:57:25 | 000,002,304 | ---- | M] () -- C:\{514C636A-0F10-4506-B95B-6ACBDE748D7F} [2011.05.12 14:56:20 | 000,002,176 | ---- | M] () -- C:\{02BB46FB-3816-4FFF-9663-69AC36A68489} [2011.05.12 14:54:54 | 000,002,384 | ---- | M] () -- C:\{BDF2B3B9-C039-4AA5-9A19-F84F42A3B620} [2011.05.12 14:52:46 | 000,002,208 | ---- | M] () -- C:\{C7582B8E-4019-4F2D-85B8-F039E5DCC2DE} [2011.05.12 14:27:02 | 000,002,344 | ---- | M] () -- C:\{634DB7A9-CF84-4853-866F-463944868404} [2011.05.12 14:12:25 | 000,002,384 | ---- | M] () -- C:\{7711DD56-8AD0-412D-A3AF-FD78C4192F6A} [2011.05.12 14:06:57 | 000,002,520 | ---- | M] () -- C:\{F9026E66-A9F7-4239-9BF8-CA1A939396EB} [2011.05.12 11:26:40 | 001,515,352 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.05.12 11:26:40 | 000,660,360 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.05.12 11:26:40 | 000,621,596 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.05.12 11:26:40 | 000,132,226 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.05.12 11:26:40 | 000,108,442 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.05.11 22:09:59 | 000,002,304 | ---- | M] () -- C:\{6488C6A4-FEB8-4DC2-8693-8729D1202A75} [2011.05.11 22:02:17 | 000,002,176 | ---- | M] () -- C:\{7BEB696D-0519-4104-B796-D954BB12F796} [2011.05.11 21:52:27 | 000,002,384 | ---- | M] () -- C:\{C48B1795-50D4-4872-8CED-DBCBFA982DE5} [2011.05.11 21:44:12 | 000,002,208 | ---- | M] () -- C:\{540A8309-6AA2-4CB3-B9BD-1F21F7199704} [2011.05.11 21:38:05 | 000,002,736 | ---- | M] () -- C:\{16B3E0AC-C0A2-4A63-9A51-317B078EAE0A} [2011.05.11 21:33:23 | 000,003,048 | ---- | M] () -- C:\{5813D748-394D-472C-9730-8B37E09624A8} [2011.05.11 17:30:51 | 001,338,472 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\Cat.DB [2011.05.11 17:29:38 | 000,002,498 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk [2011.05.11 17:19:02 | 000,001,342 | ---- | M] () -- C:\Users\Public\Desktop\NAVIGON Fresh.lnk [2011.05.11 16:44:24 | 000,174,200 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS [2011.05.11 16:44:24 | 000,007,488 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT [2011.05.11 16:44:24 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF [2011.05.09 19:41:52 | 000,352,032 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2011.05.09 14:46:42 | 007,052,143 | ---- | M] () -- C:\Users\***\Desktop\Vodafone Werbung - Willkommen im besten Netz von Vodafone.flv [2011.05.09 14:24:03 | 002,253,349 | ---- | M] () -- C:\Users\***\Desktop\Mobilfunkpartner weltweit.pdf [2011.05.06 21:55:34 | 000,000,952 | -HS- | M] () -- C:\Windows\SysWow64\KGyGaAvL.sys [2011.05.03 17:45:37 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ggsemc_01007.Wdf [2011.05.03 17:45:37 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ggflt_01007.Wdf [2011.05.03 16:59:45 | 000,027,176 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\Windows\SysNative\drivers\ggsemc.sys [2011.05.03 16:59:45 | 000,013,352 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\Windows\SysNative\drivers\ggflt.sys [2011.04.30 20:01:45 | 000,002,219 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Google Calendar Sync.lnk [2011.04.29 05:29:05 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\isolate.ini [2011.04.28 16:55:19 | 000,001,057 | ---- | M] () -- C:\Users\Public\Desktop\Norton Utilities 15.lnk [2011.04.19 21:41:23 | 000,003,448 | ---- | M] () -- C:\{4F374361-4858-458E-8B0A-12E7CCECAB09} [2011.04.19 21:37:43 | 000,003,208 | ---- | M] () -- C:\{92E9180A-A344-4186-9D56-9AD1EF75751E} [2011.04.18 20:40:29 | 000,013,358 | -HS- | M] () -- C:\Users\***\Desktop\Folder.jpg [2011.04.18 20:40:29 | 000,005,013 | -HS- | M] () -- C:\Users\***\Desktop\AlbumArtSmall.jpg [2011.04.18 17:58:39 | 000,000,983 | ---- | M] () -- C:\Users\***\Desktop\VirtualDJ Home FREE.lnk [2011.04.16 18:22:20 | 000,000,501 | ---- | M] () -- C:\Users\***\Desktop\Windows 7 (C).lnk [2011.04.16 17:33:04 | 001,535,066 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.04.16 17:11:59 | 000,001,024 | ---- | M] () -- C:\.rnd ========== Files Created - No Company Name ========== [2011.05.12 20:21:50 | 000,002,944 | ---- | C] () -- C:\{951E426C-C7DE-4E9B-9B6D-EE1AC04D4D0E} [2011.05.12 18:01:50 | 000,097,533 | ---- | C] () -- C:\Users\***\Desktop\sportfest_kiga_urkunde.pdf [2011.05.12 15:14:57 | 000,003,240 | ---- | C] () -- C:\{EDEF5BF2-638C-4E7A-A268-7E0420865ED6} [2011.05.12 15:03:18 | 000,002,288 | ---- | C] () -- C:\{079C4A87-704D-404A-AAA0-0C4B01C9526E} [2011.05.12 15:01:29 | 000,002,328 | ---- | C] () -- C:\{172ED615-3AAF-4677-AB39-36C78F574174} [2011.05.12 14:59:09 | 000,002,288 | ---- | C] () -- C:\{5D301076-5A2D-4F3C-A62D-75B4A15F431E} [2011.05.12 14:57:24 | 000,002,304 | ---- | C] () -- C:\{514C636A-0F10-4506-B95B-6ACBDE748D7F} [2011.05.12 14:56:20 | 000,002,176 | ---- | C] () -- C:\{02BB46FB-3816-4FFF-9663-69AC36A68489} [2011.05.12 14:54:52 | 000,002,384 | ---- | C] () -- C:\{BDF2B3B9-C039-4AA5-9A19-F84F42A3B620} [2011.05.12 14:52:45 | 000,002,208 | ---- | C] () -- C:\{C7582B8E-4019-4F2D-85B8-F039E5DCC2DE} [2011.05.12 14:27:02 | 000,002,344 | ---- | C] () -- C:\{634DB7A9-CF84-4853-866F-463944868404} [2011.05.12 14:12:25 | 000,002,384 | ---- | C] () -- C:\{7711DD56-8AD0-412D-A3AF-FD78C4192F6A} [2011.05.12 14:06:57 | 000,002,520 | ---- | C] () -- C:\{F9026E66-A9F7-4239-9BF8-CA1A939396EB} [2011.05.11 22:09:56 | 000,002,304 | ---- | C] () -- C:\{6488C6A4-FEB8-4DC2-8693-8729D1202A75} [2011.05.11 22:02:15 | 000,002,176 | ---- | C] () -- C:\{7BEB696D-0519-4104-B796-D954BB12F796} [2011.05.11 21:52:24 | 000,002,384 | ---- | C] () -- C:\{C48B1795-50D4-4872-8CED-DBCBFA982DE5} [2011.05.11 21:44:02 | 000,002,208 | ---- | C] () -- C:\{540A8309-6AA2-4CB3-B9BD-1F21F7199704} [2011.05.11 21:38:04 | 000,002,736 | ---- | C] () -- C:\{16B3E0AC-C0A2-4A63-9A51-317B078EAE0A} [2011.05.11 21:33:22 | 000,003,048 | ---- | C] () -- C:\{5813D748-394D-472C-9730-8B37E09624A8} [2011.05.11 17:19:02 | 000,001,342 | ---- | C] () -- C:\Users\Public\Desktop\NAVIGON Fresh.lnk [2011.05.09 14:46:17 | 007,052,143 | ---- | C] () -- C:\Users\***\Desktop\Vodafone Werbung - Willkommen im besten Netz von Vodafone.flv [2011.05.09 14:24:03 | 002,253,349 | ---- | C] () -- C:\Users\***\Desktop\Mobilfunkpartner weltweit.pdf [2011.05.08 18:39:58 | 000,001,128 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.05.08 18:39:58 | 000,001,124 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.05.06 21:33:19 | 000,000,952 | -HS- | C] () -- C:\Windows\SysWow64\KGyGaAvL.sys [2011.05.03 17:45:37 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ggsemc_01007.Wdf [2011.05.03 17:45:37 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ggflt_01007.Wdf [2011.04.28 16:57:05 | 000,000,280 | ---- | C] () -- C:\Windows\tasks\NUSchedule.job [2011.04.28 16:55:19 | 000,001,057 | ---- | C] () -- C:\Users\Public\Desktop\Norton Utilities 15.lnk [2011.04.28 16:55:13 | 000,039,784 | ---- | C] () -- C:\Windows\SysNative\CleanMFT64.exe [2011.04.19 21:41:19 | 000,003,448 | ---- | C] () -- C:\{4F374361-4858-458E-8B0A-12E7CCECAB09} [2011.04.19 21:37:39 | 000,003,208 | ---- | C] () -- C:\{92E9180A-A344-4186-9D56-9AD1EF75751E} [2011.04.19 21:22:01 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NortonPCCheckupx64\0200040.09B\isolate.ini [2011.04.18 20:40:29 | 000,013,358 | -HS- | C] () -- C:\Users\***\Desktop\Folder.jpg [2011.04.18 20:40:29 | 000,005,013 | -HS- | C] () -- C:\Users\***\Desktop\AlbumArtSmall.jpg [2011.04.18 17:58:39 | 000,000,983 | ---- | C] () -- C:\Users\***\Desktop\VirtualDJ Home FREE.lnk [2011.04.16 17:49:26 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk [2011.04.09 14:54:17 | 000,000,416 | ---- | C] () -- C:\Windows\BRWMARK.INI [2011.04.09 14:54:17 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD7045N.DAT [2011.04.09 14:51:26 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL [2011.04.09 14:51:21 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI [2011.04.09 14:48:24 | 000,031,864 | ---- | C] () -- C:\Windows\maxlink.ini [2011.03.07 15:59:47 | 001,535,066 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.03.06 21:44:23 | 000,835,584 | ---- | C] () -- C:\Windows\vsnpstd3.exe [2011.03.06 21:44:23 | 000,339,968 | ---- | C] () -- C:\Windows\tsnpstd3.exe [2011.03.06 21:44:23 | 000,015,498 | ---- | C] () -- C:\Windows\snpstd3.ini [2010.08.25 20:34:30 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin [2010.08.25 20:34:30 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin [2010.08.25 20:34:30 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin [2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 23:59:36 | 000,139,824 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin [2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2006.11.02 20:40:12 | 000,174,656 | ---- | C] () -- C:\Windows\SysWow64\PSIService.exe ========== LOP Check ========== [2011.05.09 17:06:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ALFBanCo4 [2011.04.07 20:00:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Amazon [2011.03.07 23:01:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ashampoo [2011.03.06 18:23:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Audacity [2011.03.06 18:09:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Auslogics [2011.04.13 15:04:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\com.warnerbros.DigitalCopyManager.449F66ACC381FDC604DC2AA255FEECEEBBBEE1E5.1 [2011.05.07 21:37:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FileZilla [2011.04.15 16:54:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Garmin [2011.03.25 17:00:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Gmail Backup [2011.04.20 23:01:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gnupg [2011.05.10 08:41:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ [2011.03.06 21:42:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Leadertech [2011.04.09 15:09:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\map&guide [2011.04.16 17:26:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mobipocket [2011.05.03 18:19:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MyPhoneExplorer [2011.03.06 18:24:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Notepad++ [2011.04.16 18:46:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\QuickScan [2011.04.16 17:48:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Sony [2011.04.18 20:55:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Sync App Settings [2011.04.19 21:22:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Tific [2011.04.10 19:54:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TrustPort [2011.03.06 19:11:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TuneUp Software [2011.05.12 19:09:57 | 000,000,280 | ---- | M] () -- C:\Windows\Tasks\NUSchedule.job [2011.05.03 15:22:50 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2011.04.13 15:01:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Adobe [2011.05.09 17:06:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ALFBanCo4 [2011.04.07 20:00:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Amazon [2011.03.07 23:01:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ashampoo [2011.03.06 18:23:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Audacity [2011.03.06 18:09:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Auslogics [2011.04.13 15:04:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\com.warnerbros.DigitalCopyManager.449F66ACC381FDC604DC2AA255FEECEEBBBEE1E5.1 [2011.05.06 21:31:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Corel [2011.03.19 21:34:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\dvdcss [2011.05.07 21:37:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FileZilla [2011.04.15 16:54:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Garmin [2011.03.25 17:00:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Gmail Backup [2011.04.20 23:01:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gnupg [2011.05.10 08:41:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ [2011.03.06 14:09:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Identities [2011.03.06 21:20:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\InstallShield [2011.03.06 21:42:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Leadertech [2011.03.06 21:39:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Logishrd [2011.03.06 21:42:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Logitech [2011.03.06 14:18:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Macromedia [2011.03.06 18:33:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Malwarebytes [2011.04.09 15:09:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\map&guide [2009.07.14 20:18:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Media Center Programs [2011.05.08 21:27:45 | 000,000,000 | --SD | M] -- C:\Users\***\AppData\Roaming\Microsoft [2011.04.16 17:26:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mobipocket [2011.03.06 14:29:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mozilla [2011.05.03 18:19:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MyPhoneExplorer [2011.05.11 19:28:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Norton Utilities [2011.03.06 18:24:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Notepad++ [2011.04.16 18:46:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\QuickScan [2011.04.16 17:48:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Sony [2011.04.18 20:55:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Sync App Settings [2011.04.19 21:22:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Tific [2011.04.10 19:54:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TrustPort [2011.03.06 19:11:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TuneUp Software [2011.05.09 16:46:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\vlc [2011.05.07 12:41:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\VMware [2011.04.15 15:16:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WinRAR < %APPDATA%\*.exe /s > [2011.04.13 15:01:30 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\***\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe [2011.03.06 21:42:04 | 000,053,248 | R--- | M] (Acresso Software Inc.) -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe [2011.05.07 11:18:28 | 000,137,750 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{45FF7828-3974-44AF-9336-B1C1F6F1BF81}\_294D4040875C391AE5FF95.exe [2011.05.07 11:18:28 | 000,137,750 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{45FF7828-3974-44AF-9336-B1C1F6F1BF81}\_3D91AB041EB60560DE708F.exe [2011.05.07 11:18:28 | 000,010,134 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{45FF7828-3974-44AF-9336-B1C1F6F1BF81}\_5B017D2AC6508B1939B0A4.exe [2011.05.07 11:18:28 | 000,137,750 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{45FF7828-3974-44AF-9336-B1C1F6F1BF81}\_853F67D554F05449430E7E.exe [2011.03.21 13:36:50 | 000,106,768 | ---- | M] () -- C:\Users\***\AppData\Roaming\TrustPort\tmpABE8.tmp\carshellhlpr.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: EVENTLOG.DLL > [2009.12.20 00:00:00 | 000,037,520 | ---- | M] (perl.org) MD5=2852D57385C4709EAAE2F9DB01AD3672 -- C:\xampp\perl\site\lib\auto\Win32\EventLog\EventLog.dll < MD5 for: IASTOR.SYS > [2009.06.04 19:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys [2009.06.04 19:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Windows\SysNative\drivers\iaStor.sys [2009.06.04 19:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_7fb62b08f6b7117a\iaStor.sys [2009.06.04 19:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver\IaStor.sys < MD5 for: IASTORV.SYS > [2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll [2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll < MD5 for: NVSTOR.SYS > [2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll [2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll [2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < > ========== Alternate Data Streams ========== @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:D287FACF @Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:D3A96964 < End of report > |
13.05.2011, 18:32 | #6 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Backdoor.Tidserv auf dem Rechner - vollständig entfernt?Zitat:
Meine Empfehlung wäre: beides deinstallieren, reiner Virenscanner rauf - zB MS Security Essentials - plus Windows-Firewall. Schlank und effektiv.
__________________ --> Backdoor.Tidserv auf dem Rechner - vollständig entfernt? |
13.05.2011, 18:51 | #7 |
| Backdoor.Tidserv auf dem Rechner - vollständig entfernt? Ja, Symantec muss sein . Bin seit vielen Jahren zufrieden und das soll auch so bleiben. Was GData Cloud-Security angeht ist dies ein reiner Browser-Schutz, um infizierte Seiten zu blockieren. Dieser hat mit dem eigentlichen Virenscanner nichts zu tun. Als Virenscanner habe ich nur Norton inklusive ThreatFire für den Verhaltensbasierten Schutz; ansonsten nur reine Scanner (ohne Wächter) und halt den Browser-Schutz. Das IPS-System hat schon so manche verseuchte Seite von einem Drive-by-Download abgehalten. Das tausche ich nie im Leben gegen Microsoft Security Essentials. Um aber auf das eigentliche Thema zurück zu kommen: Gibt es Anzeichen für eine bestehende Infektion oder wurde der Backdoor erfolgreich an der Installation gehindert? UserofSeven |
13.05.2011, 19:22 | #8 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Backdoor.Tidserv auf dem Rechner - vollständig entfernt?Zitat:
Eingeschränkte Rechte, ständig aktuelle Software wie Browser, Flashplayer, PDF-Reader, Java etc. können und werden niemals von so einer angeblichen Rundum-Sorglos geschichte ersetzt werden. Wie so oft haben sich Suites als dämliche Pappkameraden herauskristallisiert. Dieser Artikel ist bekannt? => Editorial | c't
__________________ Logfiles bitte immer in CODE-Tags posten |
13.05.2011, 19:37 | #9 | |
| Backdoor.Tidserv auf dem Rechner - vollständig entfernt?Zitat:
Mal abgesehen davon, maximal werde ich nach Ablauf der Lizenz überlegen, auf Norton AntiVirus umzustellen. Aber Symantec bleibt, eben weil ich gute Erfahrungen gemacht habe. Nicht umsonst nutze ich ein Virtuellen Computer mit VMware (wie in OTL zu sehen war). Ich habe hier schon einige kostenlose als auch kostenpflichtige Produkte getestet. Mal abgesehen davon, dass es meinen positiven Eindruck von Norton untermauert hat, ist mir aufgefallen, dass reine Virenscanner viel zu spät Drive-by-Downloads usw. blockieren. Ich habe einige infizierte Seiten provoziert, bei denen das integrierte Intrusion Prevention System viel früher angeschlagen hat, während die reinen Scanner nicht oder erst viel zu spät eingegriffen haben. Manche zum Beispiel haben den bereits installierten Virus daran gehindert, weitere Dateien nachzuladen, konnten den Virus allerdings weder an der Installation hindern, noch ihn einige Tage später (nachdem dann der Virus bekannt war) entfernen. Dass eine Suite aktuelle Systeme und Programme nicht ersetzt ist mit durchaus bekannt. Im Gegenteil, darauf achte ich eigentlich relativ stark. UserofSeven |
13.05.2011, 19:52 | #10 | ||
/// Winkelfunktion /// TB-Süch-Tiger™ | Backdoor.Tidserv auf dem Rechner - vollständig entfernt?Zitat:
Und wenn; ist das ein grund sich auf die "bessere" Programm zu verlassen? Zitat:
Wollen wir nochmal deinen MBR unter die Lupe nehmen?
__________________ Logfiles bitte immer in CODE-Tags posten |
13.05.2011, 19:58 | #11 | |
| Backdoor.Tidserv auf dem Rechner - vollständig entfernt?Zitat:
Und dass manche Virenscanner DbDs zu spät blockieren liegt ganz einfach daran, dass sie den Datenstrom nicht überwachen. Bis auf einige wenige Ausnahmen (z. B. avast!) scannen sie nur auf die Platte geschriebene Dateien; je nach Einstellung auch erst beim Ausführen einer Datei. So auch das bekannte Avira. Und MSE kommt mir auch nicht auf die Platte. Es nutzt immer noch die Windows Updates für seine Virendefinitionen. Und das wird ja auch gern mal ausgeschaltet (von den Schädlingen). UserofSeven |
13.05.2011, 20:03 | #12 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Backdoor.Tidserv auf dem Rechner - vollständig entfernt?Zitat:
Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Das Tool so einstellen wie unten im Bild angegeben - also beide Haken setzen, auf Start scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern ) Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ Logfiles bitte immer in CODE-Tags posten |
13.05.2011, 20:41 | #13 |
| Backdoor.Tidserv auf dem Rechner - vollständig entfernt? Auf weitere Argumente zum richtigen Antivirenprogramm verzichte ich an dieser Stelle mal. Kaspersky hat (ebenso wie Symantec und Norman vorher) nichts gefunden. Code:
ATTFilter 2011/05/13 21:37:09.0227 2204 TDSS rootkit removing tool 2.5.1.0 May 13 2011 13:20:29 2011/05/13 21:37:11.0241 2204 ================================================================================ 2011/05/13 21:37:11.0242 2204 SystemInfo: 2011/05/13 21:37:11.0242 2204 2011/05/13 21:37:11.0242 2204 OS Version: 6.1.7601 ServicePack: 1.0 2011/05/13 21:37:11.0242 2204 Product type: Workstation 2011/05/13 21:37:11.0242 2204 ComputerName: LAPTOP-NIK 2011/05/13 21:37:11.0243 2204 UserName: *** 2011/05/13 21:37:11.0243 2204 Windows directory: C:\Windows 2011/05/13 21:37:11.0243 2204 System windows directory: C:\Windows 2011/05/13 21:37:11.0243 2204 Running under WOW64 2011/05/13 21:37:11.0243 2204 Processor architecture: Intel x64 2011/05/13 21:37:11.0244 2204 Number of processors: 2 2011/05/13 21:37:11.0244 2204 Page size: 0x1000 2011/05/13 21:37:11.0244 2204 Boot type: Normal boot 2011/05/13 21:37:11.0244 2204 ================================================================================ 2011/05/13 21:37:19.0402 2204 Initialize success 2011/05/13 21:37:23.0969 5832 ================================================================================ 2011/05/13 21:37:23.0970 5832 Scan started 2011/05/13 21:37:23.0970 5832 Mode: Manual; 2011/05/13 21:37:23.0970 5832 ================================================================================ 2011/05/13 21:37:25.0491 5832 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys 2011/05/13 21:37:25.0611 5832 a2acc (0b8ed3de81ec30ad50873f033b34b39e) C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys 2011/05/13 21:37:25.0774 5832 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys 2011/05/13 21:37:25.0860 5832 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys 2011/05/13 21:37:25.0976 5832 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys 2011/05/13 21:37:26.0092 5832 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys 2011/05/13 21:37:26.0138 5832 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys 2011/05/13 21:37:26.0213 5832 AFD (d31dc7a16dea4a9baf179f3d6fbdb38c) C:\Windows\system32\drivers\afd.sys 2011/05/13 21:37:26.0310 5832 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys 2011/05/13 21:37:26.0392 5832 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys 2011/05/13 21:37:26.0455 5832 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys 2011/05/13 21:37:26.0513 5832 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys 2011/05/13 21:37:26.0591 5832 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys 2011/05/13 21:37:26.0650 5832 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys 2011/05/13 21:37:26.0844 5832 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys 2011/05/13 21:37:26.0923 5832 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys 2011/05/13 21:37:26.0987 5832 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys 2011/05/13 21:37:27.0162 5832 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys 2011/05/13 21:37:27.0219 5832 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys 2011/05/13 21:37:27.0334 5832 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys 2011/05/13 21:37:27.0682 5832 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys 2011/05/13 21:37:27.0882 5832 athr (2c0bb386e86670bb1b1a57caaef3e50d) C:\Windows\system32\DRIVERS\athrx.sys 2011/05/13 21:37:28.0232 5832 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys 2011/05/13 21:37:28.0343 5832 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys 2011/05/13 21:37:28.0522 5832 bdfwfpf_bs (ebd18094c1530d51a62e36f2572800ed) C:\Program Files\BitDefender\TrafficLight\bdfwfpf.sys 2011/05/13 21:37:28.0623 5832 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys 2011/05/13 21:37:28.0806 5832 BHDrvx64 (3b9b31981894123f78c4ef0d97184319) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20110430.001\BHDrvx64.sys 2011/05/13 21:37:29.0011 5832 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys 2011/05/13 21:37:29.0105 5832 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys 2011/05/13 21:37:29.0163 5832 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys 2011/05/13 21:37:29.0312 5832 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys 2011/05/13 21:37:29.0407 5832 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys 2011/05/13 21:37:29.0482 5832 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys 2011/05/13 21:37:29.0525 5832 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys 2011/05/13 21:37:29.0700 5832 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys 2011/05/13 21:37:29.0876 5832 BthAvrcp (832b121e4532919cc49f2438f1dcaa21) C:\Windows\system32\DRIVERS\BthAvrcp.sys 2011/05/13 21:37:29.0997 5832 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\DRIVERS\BthEnum.sys 2011/05/13 21:37:30.0098 5832 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys 2011/05/13 21:37:30.0155 5832 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys 2011/05/13 21:37:30.0268 5832 BTHPORT (0d25b6d300ba26a5f2c3b2a8e96b158b) C:\Windows\system32\Drivers\BTHport.sys 2011/05/13 21:37:30.0394 5832 BTHUSB (1f9912f8ec5bfa53432e71e150636a8a) C:\Windows\system32\Drivers\BTHUSB.sys 2011/05/13 21:37:30.0449 5832 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys 2011/05/13 21:37:30.0508 5832 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys 2011/05/13 21:37:30.0618 5832 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys 2011/05/13 21:37:30.0694 5832 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys 2011/05/13 21:37:30.0840 5832 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys 2011/05/13 21:37:30.0882 5832 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys 2011/05/13 21:37:30.0943 5832 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys 2011/05/13 21:37:31.0084 5832 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys 2011/05/13 21:37:31.0133 5832 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys 2011/05/13 21:37:31.0250 5832 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys 2011/05/13 21:37:31.0342 5832 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys 2011/05/13 21:37:31.0499 5832 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys 2011/05/13 21:37:31.0581 5832 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys 2011/05/13 21:37:31.0634 5832 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys 2011/05/13 21:37:31.0790 5832 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys 2011/05/13 21:37:31.0919 5832 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys 2011/05/13 21:37:32.0182 5832 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys 2011/05/13 21:37:32.0385 5832 eeCtrl (eb0883462ac43829e47929d705d40933) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys 2011/05/13 21:37:32.0540 5832 ElbyCDIO (a05fc7eca0966ebb70e4d17b855a853b) C:\Windows\system32\Drivers\ElbyCDIO.sys 2011/05/13 21:37:32.0626 5832 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys 2011/05/13 21:37:32.0798 5832 EraserUtilRebootDrv (86fc0d272f6bb43e7214d4ba955a41e7) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 2011/05/13 21:37:32.0888 5832 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys 2011/05/13 21:37:33.0006 5832 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys 2011/05/13 21:37:33.0083 5832 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys 2011/05/13 21:37:33.0136 5832 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys 2011/05/13 21:37:33.0216 5832 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys 2011/05/13 21:37:33.0301 5832 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys 2011/05/13 21:37:33.0361 5832 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys 2011/05/13 21:37:33.0424 5832 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys 2011/05/13 21:37:33.0556 5832 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys 2011/05/13 21:37:33.0637 5832 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys 2011/05/13 21:37:33.0704 5832 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys 2011/05/13 21:37:33.0760 5832 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys 2011/05/13 21:37:33.0855 5832 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 2011/05/13 21:37:33.0963 5832 ggflt (a4198f2bd8aa592cb90476277a81b5e1) C:\Windows\system32\DRIVERS\ggflt.sys 2011/05/13 21:37:34.0075 5832 ggsemc (d266350bdaab9eb6c1aec370eeaaff3a) C:\Windows\system32\DRIVERS\ggsemc.sys 2011/05/13 21:37:34.0164 5832 GT72NDISIPXP (e69d3bff7ae9c6d33419a80e13692c2f) C:\Windows\system32\DRIVERS\Gt51Ip.sys 2011/05/13 21:37:34.0225 5832 GT72UBUS (7e1ef45f4287614ac48e5ad7b5b46d70) C:\Windows\system32\DRIVERS\gt72ubus.sys 2011/05/13 21:37:34.0359 5832 GTPTSER (261cd8a73e74b496c29007ea761cda05) C:\Windows\system32\DRIVERS\gtptser.sys 2011/05/13 21:37:34.0474 5832 hcmon (d5fa01185a7d5a65724fd87b34e53f5b) C:\Windows\system32\drivers\hcmon.sys 2011/05/13 21:37:34.0559 5832 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys 2011/05/13 21:37:34.0622 5832 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys 2011/05/13 21:37:34.0733 5832 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys 2011/05/13 21:37:34.0780 5832 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys 2011/05/13 21:37:34.0822 5832 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys 2011/05/13 21:37:34.0864 5832 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys 2011/05/13 21:37:34.0966 5832 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys 2011/05/13 21:37:35.0053 5832 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys 2011/05/13 21:37:35.0135 5832 HssDrv (a60c877e1cd3aa2e4e5ccd8af305c0f1) C:\Windows\system32\DRIVERS\HssDrv.sys 2011/05/13 21:37:35.0312 5832 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys 2011/05/13 21:37:35.0427 5832 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys 2011/05/13 21:37:35.0482 5832 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys 2011/05/13 21:37:35.0570 5832 iaStor (1d004cb1da6323b1f55caef7f94b61d9) C:\Windows\system32\DRIVERS\iaStor.sys 2011/05/13 21:37:35.0706 5832 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys 2011/05/13 21:37:35.0877 5832 IDSVia64 (8f9faa4583e634a1505bad8d0c04c5c9) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20110512.001\IDSvia64.sys 2011/05/13 21:37:36.0343 5832 igfx (c6238c6abd6ac99f5d152da4e9439a3d) C:\Windows\system32\DRIVERS\igdkmd64.sys 2011/05/13 21:37:36.0746 5832 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys 2011/05/13 21:37:36.0911 5832 IntcAzAudAddService (b6e61b181884527cc5b68c2d79504b43) C:\Windows\system32\drivers\RTKVHD64.sys 2011/05/13 21:37:37.0078 5832 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys 2011/05/13 21:37:37.0135 5832 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys 2011/05/13 21:37:37.0202 5832 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys 2011/05/13 21:37:37.0315 5832 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys 2011/05/13 21:37:37.0370 5832 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys 2011/05/13 21:37:37.0415 5832 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys 2011/05/13 21:37:37.0466 5832 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys 2011/05/13 21:37:37.0521 5832 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys 2011/05/13 21:37:37.0633 5832 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys 2011/05/13 21:37:37.0699 5832 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys 2011/05/13 21:37:37.0772 5832 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys 2011/05/13 21:37:37.0870 5832 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys 2011/05/13 21:37:37.0926 5832 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys 2011/05/13 21:37:38.0047 5832 LHidFilt (24e09882ba51b9830ae029888a3aaf18) C:\Windows\system32\DRIVERS\LHidFilt.Sys 2011/05/13 21:37:38.0162 5832 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys 2011/05/13 21:37:38.0273 5832 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys 2011/05/13 21:37:38.0321 5832 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys 2011/05/13 21:37:38.0418 5832 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys 2011/05/13 21:37:38.0475 5832 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys 2011/05/13 21:37:38.0538 5832 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys 2011/05/13 21:37:38.0597 5832 LUsbFilt (b8be35421b9e8dc1ab4b0cb7b9b0328b) C:\Windows\system32\Drivers\LUsbFilt.Sys 2011/05/13 21:37:38.0701 5832 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys 2011/05/13 21:37:38.0799 5832 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys 2011/05/13 21:37:38.0857 5832 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys 2011/05/13 21:37:38.0942 5832 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys 2011/05/13 21:37:39.0010 5832 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys 2011/05/13 21:37:39.0063 5832 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys 2011/05/13 21:37:39.0128 5832 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys 2011/05/13 21:37:39.0217 5832 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys 2011/05/13 21:37:39.0290 5832 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys 2011/05/13 21:37:39.0362 5832 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys 2011/05/13 21:37:39.0464 5832 mrxsmb (c2b4651001a867ff3f8865863b592991) C:\Windows\system32\DRIVERS\mrxsmb.sys 2011/05/13 21:37:39.0526 5832 mrxsmb10 (7e79946afc5f799ab62982282be5ac13) C:\Windows\system32\DRIVERS\mrxsmb10.sys 2011/05/13 21:37:39.0603 5832 mrxsmb20 (5fb954100cea2bfec6446fbbecaa3f79) C:\Windows\system32\DRIVERS\mrxsmb20.sys 2011/05/13 21:37:39.0853 5832 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys 2011/05/13 21:37:39.0915 5832 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys 2011/05/13 21:37:40.0007 5832 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys 2011/05/13 21:37:40.0069 5832 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys 2011/05/13 21:37:40.0150 5832 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys 2011/05/13 21:37:40.0240 5832 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys 2011/05/13 21:37:40.0295 5832 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys 2011/05/13 21:37:40.0335 5832 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys 2011/05/13 21:37:40.0437 5832 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys 2011/05/13 21:37:40.0531 5832 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys 2011/05/13 21:37:40.0606 5832 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys 2011/05/13 21:37:40.0667 5832 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys 2011/05/13 21:37:40.0722 5832 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys 2011/05/13 21:37:40.0839 5832 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys 2011/05/13 21:37:40.0963 5832 NAVENG (ba3d1e520fccc1783282f43b8adfc4ca) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20110513.002\ENG64.SYS 2011/05/13 21:37:41.0108 5832 NAVEX15 (9f602385a74e30d13fb9083213cddc87) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20110513.002\EX64.SYS 2011/05/13 21:37:41.0285 5832 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys 2011/05/13 21:37:41.0412 5832 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys 2011/05/13 21:37:41.0470 5832 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys 2011/05/13 21:37:41.0526 5832 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys 2011/05/13 21:37:41.0651 5832 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys 2011/05/13 21:37:41.0739 5832 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys 2011/05/13 21:37:41.0803 5832 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys 2011/05/13 21:37:41.0898 5832 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys 2011/05/13 21:37:42.0035 5832 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys 2011/05/13 21:37:42.0199 5832 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys 2011/05/13 21:37:42.0257 5832 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys 2011/05/13 21:37:42.0377 5832 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys 2011/05/13 21:37:42.0503 5832 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys 2011/05/13 21:37:42.0582 5832 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys 2011/05/13 21:37:42.0634 5832 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys 2011/05/13 21:37:42.0733 5832 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys 2011/05/13 21:37:42.0821 5832 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys 2011/05/13 21:37:42.0934 5832 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys 2011/05/13 21:37:43.0038 5832 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys 2011/05/13 21:37:43.0138 5832 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys 2011/05/13 21:37:43.0183 5832 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys 2011/05/13 21:37:43.0282 5832 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys 2011/05/13 21:37:43.0355 5832 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys 2011/05/13 21:37:43.0450 5832 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys 2011/05/13 21:37:43.0756 5832 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys 2011/05/13 21:37:43.0815 5832 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys 2011/05/13 21:37:44.0000 5832 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys 2011/05/13 21:37:44.0066 5832 PSI (fb46e9a827a8799ebd7bfa9128c91f37) C:\Windows\system32\DRIVERS\psi_mf.sys 2011/05/13 21:37:44.0200 5832 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys 2011/05/13 21:37:44.0329 5832 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys 2011/05/13 21:37:44.0396 5832 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys 2011/05/13 21:37:44.0445 5832 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys 2011/05/13 21:37:44.0502 5832 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys 2011/05/13 21:37:44.0625 5832 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys 2011/05/13 21:37:44.0740 5832 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys 2011/05/13 21:37:44.0840 5832 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys 2011/05/13 21:37:44.0917 5832 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys 2011/05/13 21:37:44.0970 5832 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys 2011/05/13 21:37:45.0084 5832 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys 2011/05/13 21:37:45.0165 5832 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys 2011/05/13 21:37:45.0262 5832 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys 2011/05/13 21:37:45.0318 5832 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys 2011/05/13 21:37:45.0396 5832 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys 2011/05/13 21:37:45.0464 5832 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys 2011/05/13 21:37:45.0605 5832 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys 2011/05/13 21:37:45.0711 5832 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys 2011/05/13 21:37:45.0856 5832 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys 2011/05/13 21:37:45.0924 5832 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys 2011/05/13 21:37:45.0992 5832 SABI (62db6cc4b0818f1b5f3441241b098f12) C:\Windows\system32\Drivers\SABI.sys 2011/05/13 21:37:46.0128 5832 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys 2011/05/13 21:37:46.0213 5832 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys 2011/05/13 21:37:46.0328 5832 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 2011/05/13 21:37:46.0495 5832 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys 2011/05/13 21:37:46.0554 5832 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys 2011/05/13 21:37:46.0619 5832 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys 2011/05/13 21:37:46.0750 5832 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys 2011/05/13 21:37:46.0801 5832 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys 2011/05/13 21:37:46.0845 5832 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys 2011/05/13 21:37:46.0898 5832 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys 2011/05/13 21:37:47.0081 5832 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys 2011/05/13 21:37:47.0154 5832 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys 2011/05/13 21:37:47.0201 5832 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys 2011/05/13 21:37:47.0659 5832 SNPSTD3 (2991256ae2669897978a7112b10d452d) C:\Windows\system32\DRIVERS\snpstd3.sys 2011/05/13 21:37:48.0152 5832 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys 2011/05/13 21:37:48.0326 5832 SRTSP (90ef30c3867bcde4579c01a6d6e75a7a) C:\Windows\System32\Drivers\NISx64\1206000.01D\SRTSP64.SYS 2011/05/13 21:37:48.0472 5832 SRTSPX (c513e8a5e7978da49077f5484344ee1b) C:\Windows\system32\drivers\NISx64\1206000.01D\SRTSPX64.SYS 2011/05/13 21:37:48.0563 5832 srv (65bbf4920148c2ee279055da7228fc7b) C:\Windows\system32\DRIVERS\srv.sys 2011/05/13 21:37:48.0676 5832 srv2 (da939f762a1ccc2d77428621ddbd40a7) C:\Windows\system32\DRIVERS\srv2.sys 2011/05/13 21:37:48.0748 5832 srvnet (3f847c9dc87299516f7dc82fb6572865) C:\Windows\system32\DRIVERS\srvnet.sys 2011/05/13 21:37:48.0848 5832 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys 2011/05/13 21:37:48.0934 5832 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys 2011/05/13 21:37:49.0022 5832 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys 2011/05/13 21:37:49.0088 5832 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys 2011/05/13 21:37:49.0134 5832 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys 2011/05/13 21:37:49.0311 5832 SymDS (6160145c7a87fc7672e8e3b886888176) C:\Windows\system32\drivers\NISx64\1206000.01D\SYMDS64.SYS 2011/05/13 21:37:49.0433 5832 SymDSMon (e7b1bcb70355a84d6dfee12702b588d0) C:\Windows\system32\drivers\SymDSMon.sys 2011/05/13 21:37:49.0559 5832 SymEFA (96aeed40d4d3521568b42027687e69e0) C:\Windows\system32\drivers\NISx64\1206000.01D\SYMEFA64.SYS 2011/05/13 21:37:49.0686 5832 SymEvent (21a1c2d694c3cf962d31f5e873ab3d6f) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS 2011/05/13 21:37:49.0802 5832 SymIM (3aa3b2df451da88c38ab00b19fa3562e) C:\Windows\system32\DRIVERS\SymIMv.sys 2011/05/13 21:37:49.0959 5832 SymIRON (bd0d711d8cbfcaa19ca123306eaf53a5) C:\Windows\system32\drivers\NISx64\1206000.01D\Ironx64.SYS 2011/05/13 21:37:50.0050 5832 SymNetS (81d134628a98a22b6e054e971af525dc) C:\Windows\System32\Drivers\NISx64\1206000.01D\SYMNETS.SYS 2011/05/13 21:37:50.0130 5832 SYMSpeedDisk (f0268941519d73658199ecb1bb712be1) C:\Windows\system32\drivers\SymSpeedDisk.sys 2011/05/13 21:37:50.0319 5832 SynTP (929c9fa0b18ad2ebc8340591c4bf00ff) C:\Windows\system32\DRIVERS\SynTP.sys 2011/05/13 21:37:50.0434 5832 taphss (f33fdc72298df4bf9813a55d21f4eb31) C:\Windows\system32\DRIVERS\taphss.sys 2011/05/13 21:37:50.0579 5832 Tcpip (509383e505c973ed7534a06b3d19688d) C:\Windows\system32\drivers\tcpip.sys 2011/05/13 21:37:50.0779 5832 TCPIP6 (509383e505c973ed7534a06b3d19688d) C:\Windows\system32\DRIVERS\tcpip.sys 2011/05/13 21:37:50.0922 5832 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys 2011/05/13 21:37:51.0013 5832 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys 2011/05/13 21:37:51.0093 5832 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys 2011/05/13 21:37:51.0203 5832 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys 2011/05/13 21:37:51.0273 5832 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys 2011/05/13 21:37:51.0382 5832 TfFsMon (fa5bfb71e561d279edae7e118435c1c9) C:\Windows\system32\drivers\TfFsMon.sys 2011/05/13 21:37:51.0456 5832 TfNetMon (fa8400d74345ec4bf10e476ca0aaa2df) C:\Windows\system32\drivers\TfNetMon.sys 2011/05/13 21:37:51.0513 5832 TfSysMon (f11aa1a704a4c027e5e8e0f355523834) C:\Windows\system32\drivers\TfSysMon.sys 2011/05/13 21:37:51.0680 5832 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys 2011/05/13 21:37:51.0780 5832 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys 2011/05/13 21:37:51.0961 5832 TuneUpUtilitiesDrv (dcc94c51d27c7ec0dadeca8f64c94fcf) C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys 2011/05/13 21:37:52.0073 5832 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys 2011/05/13 21:37:52.0140 5832 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys 2011/05/13 21:37:52.0203 5832 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys 2011/05/13 21:37:52.0393 5832 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys 2011/05/13 21:37:52.0450 5832 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys 2011/05/13 21:37:52.0526 5832 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys 2011/05/13 21:37:52.0638 5832 UnlockerDriver5 (9dc07e73a4abb9acf692113b36a5009f) C:\Program Files\Unlocker\UnlockerDriver5.sys 2011/05/13 21:37:52.0752 5832 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys 2011/05/13 21:37:52.0815 5832 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys 2011/05/13 21:37:52.0888 5832 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys 2011/05/13 21:37:53.0016 5832 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys 2011/05/13 21:37:53.0104 5832 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys 2011/05/13 21:37:53.0216 5832 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys 2011/05/13 21:37:53.0298 5832 usbser (4acee387fa8fd39f83564fcd2fc234f2) C:\Windows\system32\DRIVERS\usbser.sys 2011/05/13 21:37:53.0398 5832 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS 2011/05/13 21:37:53.0476 5832 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys 2011/05/13 21:37:53.0646 5832 VClone (fd911873c0bb6945fa38c16e9a2b58f9) C:\Windows\system32\DRIVERS\VClone.sys 2011/05/13 21:37:53.0723 5832 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys 2011/05/13 21:37:53.0861 5832 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys 2011/05/13 21:37:53.0933 5832 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys 2011/05/13 21:37:54.0050 5832 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys 2011/05/13 21:37:54.0157 5832 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys 2011/05/13 21:37:54.0262 5832 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys 2011/05/13 21:37:54.0357 5832 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys 2011/05/13 21:37:54.0419 5832 vmci (4c8a14dbd410b510a88f77cb645f2c2a) C:\Windows\system32\drivers\vmci.sys 2011/05/13 21:37:54.0487 5832 vmkbd (ffc30caeeb2fc5fee8568cff74edeaed) C:\Windows\system32\drivers\VMkbd.sys 2011/05/13 21:37:54.0667 5832 VMnetBridge (fb54ef3aa613d2832fd3812e7cb2fc75) C:\Windows\system32\DRIVERS\vmnetbridge.sys 2011/05/13 21:37:54.0788 5832 VMnetuserif (d0b809f6a9fb437c2b880c3ca8c10780) C:\Windows\system32\drivers\vmnetuserif.sys 2011/05/13 21:37:54.0892 5832 vmusb (415b167695c4b5960a13098622ef3d80) C:\Windows\system32\Drivers\vmusb.sys 2011/05/13 21:37:55.0039 5832 vmx86 (541a6d6536710fd0602ec3aa24a81756) C:\Windows\system32\drivers\vmx86.sys 2011/05/13 21:37:55.0140 5832 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys 2011/05/13 21:37:55.0249 5832 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys 2011/05/13 21:37:55.0335 5832 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys 2011/05/13 21:37:55.0450 5832 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys 2011/05/13 21:37:55.0604 5832 vstor2-ws60 (e61c910e2ddf4797c1b1f9239636e894) C:\Program Files (x86)\VMware\VMware Player\vstor2-ws60.sys 2011/05/13 21:37:55.0737 5832 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys 2011/05/13 21:37:55.0808 5832 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys 2011/05/13 21:37:55.0864 5832 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys 2011/05/13 21:37:55.0994 5832 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys 2011/05/13 21:37:56.0105 5832 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 2011/05/13 21:37:56.0140 5832 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 2011/05/13 21:37:56.0341 5832 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys 2011/05/13 21:37:56.0410 5832 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys 2011/05/13 21:37:56.0701 5832 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys 2011/05/13 21:37:56.0752 5832 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys 2011/05/13 21:37:56.0972 5832 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys 2011/05/13 21:37:57.0106 5832 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys 2011/05/13 21:37:57.0245 5832 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys 2011/05/13 21:37:57.0399 5832 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys 2011/05/13 21:37:57.0456 5832 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys 2011/05/13 21:37:57.0619 5832 yukonw7 (64f88af327aa74e03658ae32b48ccb8b) C:\Windows\system32\DRIVERS\yk62x64.sys 2011/05/13 21:37:57.0883 5832 ================================================================================ 2011/05/13 21:37:57.0883 5832 Scan finished 2011/05/13 21:37:57.0883 5832 ================================================================================ |
13.05.2011, 21:07 | #14 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Backdoor.Tidserv auf dem Rechner - vollständig entfernt?Zitat:
Bitte nun Logs mit GMER und mbrcheck erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg Anleitung zu mbrcheck: Downloade Dir MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten |
13.05.2011, 21:26 | #15 | |
| Backdoor.Tidserv auf dem Rechner - vollständig entfernt?Zitat:
Mit GMER habe ich bereits schlechte Erfahrungen gemacht. Ich werde es die nächsten Tage trotzdem noch einmal ausprobieren. Hier das Ergebnis von MBRCheck: Code:
ATTFilter MBRCheck, version 1.2.3 (c) 2010, AD Command-line: Windows Version: Windows 7 Ultimate Edition Windows Information: Service Pack 1 (build 7601), 64-bit Base Board Manufacturer: SAMSUNG ELECTRONICS CO., LTD. BIOS Manufacturer: Phoenix Technologies Ltd. System Manufacturer: SAMSUNG ELECTRONICS CO., LTD. System Product Name: R509 Logical Drives Mask: 0x0000041c Kernel Drivers (total 188): 0x02E56000 \SystemRoot\system32\ntoskrnl.exe 0x02E0D000 \SystemRoot\system32\hal.dll 0x00BC3000 \SystemRoot\system32\kdcom.dll 0x00C53000 \SystemRoot\system32\mcupdate_GenuineIntel.dll 0x00CA2000 \SystemRoot\system32\PSHED.dll 0x00CB6000 \SystemRoot\system32\CLFS.SYS 0x00D14000 \SystemRoot\system32\CI.dll 0x00E83000 \SystemRoot\system32\drivers\Wdf01000.sys 0x00F27000 \SystemRoot\system32\drivers\WDFLDR.SYS 0x00F36000 \SystemRoot\system32\drivers\ACPI.sys 0x00F8D000 \SystemRoot\system32\drivers\WMILIB.SYS 0x00F96000 \SystemRoot\system32\drivers\msisadrv.sys 0x00FA0000 \SystemRoot\system32\drivers\pci.sys 0x00FD3000 \SystemRoot\system32\drivers\vdrvroot.sys 0x00FE0000 \SystemRoot\System32\drivers\partmgr.sys 0x00FF5000 \SystemRoot\system32\DRIVERS\compbatt.sys 0x00E00000 \SystemRoot\system32\DRIVERS\BATTC.SYS 0x00E0C000 \SystemRoot\system32\drivers\volmgr.sys 0x00E21000 \SystemRoot\System32\drivers\volmgrx.sys 0x00DD4000 \SystemRoot\System32\drivers\mountmgr.sys 0x00C00000 \SystemRoot\system32\drivers\vmbus.sys 0x00C3C000 \SystemRoot\system32\drivers\winhv.sys 0x01089000 \SystemRoot\system32\DRIVERS\iaStor.sys 0x011A5000 \SystemRoot\system32\drivers\atapi.sys 0x011AE000 \SystemRoot\system32\drivers\ataport.SYS 0x011D8000 \SystemRoot\system32\drivers\msahci.sys 0x011E3000 \SystemRoot\system32\drivers\PCIIDEX.SYS 0x011F3000 \SystemRoot\system32\drivers\amdxata.sys 0x01000000 \SystemRoot\system32\drivers\fltmgr.sys 0x012B4000 \SystemRoot\system32\drivers\NISx64\1206000.01D\SYMDS64.SYS 0x01325000 \SystemRoot\system32\drivers\fileinfo.sys 0x01460000 \SystemRoot\system32\drivers\NISx64\1206000.01D\SYMEFA64.SYS 0x01544000 \SystemRoot\system32\drivers\TfFsMon.sys 0x01558000 \SystemRoot\system32\drivers\TfSysMon.sys 0x01635000 \SystemRoot\System32\Drivers\Ntfs.sys 0x0156D000 \SystemRoot\System32\Drivers\msrpc.sys 0x017D8000 \SystemRoot\System32\Drivers\ksecdd.sys 0x01339000 \SystemRoot\System32\Drivers\cng.sys 0x01600000 \SystemRoot\System32\drivers\pcw.sys 0x01611000 \SystemRoot\System32\Drivers\Fs_Rec.sys 0x0182B000 \SystemRoot\system32\drivers\ndis.sys 0x0191E000 \SystemRoot\system32\drivers\NETIO.SYS 0x0197E000 \SystemRoot\System32\Drivers\ksecpkg.sys 0x01AE0000 \SystemRoot\System32\drivers\tcpip.sys 0x01CE4000 \SystemRoot\System32\drivers\fwpkclnt.sys 0x01D2E000 \SystemRoot\system32\drivers\vmstorfl.sys 0x01D3E000 \SystemRoot\system32\drivers\volsnap.sys 0x01D8A000 \SystemRoot\System32\Drivers\spldr.sys 0x01D92000 \SystemRoot\System32\drivers\rdyboost.sys 0x01DCC000 \SystemRoot\System32\Drivers\mup.sys 0x01DDE000 \SystemRoot\System32\drivers\hwpolicy.sys 0x01A00000 \SystemRoot\System32\DRIVERS\fvevol.sys 0x01A3A000 \SystemRoot\system32\DRIVERS\disk.sys 0x01A50000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS 0x03013000 \SystemRoot\system32\DRIVERS\cdrom.sys 0x040AB000 \SystemRoot\System32\Drivers\NISx64\1206000.01D\SRTSP64.SYS 0x0416B000 \SystemRoot\system32\drivers\NISx64\1206000.01D\Ironx64.SYS 0x04198000 \SystemRoot\system32\drivers\NISx64\1206000.01D\SRTSPX64.SYS 0x041AE000 \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS 0x04420000 \SystemRoot\System32\Drivers\Null.SYS 0x04429000 \SystemRoot\System32\Drivers\Beep.SYS 0x041E4000 \SystemRoot\System32\drivers\vga.sys 0x04000000 \SystemRoot\System32\drivers\VIDEOPRT.SYS 0x04025000 \SystemRoot\System32\drivers\watchdog.sys 0x045F5000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0x04035000 \SystemRoot\system32\drivers\rdpencdd.sys 0x0403E000 \SystemRoot\system32\drivers\rdprefmp.sys 0x04047000 \SystemRoot\System32\Drivers\Msfs.SYS 0x04052000 \SystemRoot\System32\Drivers\Npfs.SYS 0x04063000 \SystemRoot\system32\DRIVERS\tdx.sys 0x04085000 \SystemRoot\system32\DRIVERS\TDI.SYS 0x0303D000 \SystemRoot\system32\drivers\afd.sys 0x01A8E000 \SystemRoot\System32\DRIVERS\netbt.sys 0x04092000 \SystemRoot\system32\drivers\ws2ifsl.sys 0x0409D000 \SystemRoot\system32\DRIVERS\wfplwf.sys 0x019A9000 \SystemRoot\system32\DRIVERS\pacer.sys 0x030C6000 \SystemRoot\system32\DRIVERS\vwififlt.sys 0x041F2000 \SystemRoot\system32\DRIVERS\SymIMv.sys 0x01DE7000 \SystemRoot\system32\DRIVERS\netbios.sys 0x019CF000 \SystemRoot\system32\DRIVERS\wanarp.sys 0x019EA000 \SystemRoot\system32\drivers\termdd.sys 0x01200000 \SystemRoot\System32\Drivers\NISx64\1206000.01D\SYMNETS.SYS 0x01DF6000 \??\C:\Windows\system32\Drivers\SABI.sys 0x01400000 \SystemRoot\system32\DRIVERS\rdbss.sys 0x01AD3000 \SystemRoot\system32\drivers\nsiproxy.sys 0x01800000 \SystemRoot\system32\drivers\mssmbios.sys 0x03EA9000 \SystemRoot\System32\Drivers\ElbyCDIO.sys 0x03EB5000 \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys 0x03F2E000 \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 0x03F54000 \SystemRoot\System32\drivers\discache.sys 0x03F63000 \SystemRoot\system32\drivers\csc.sys 0x03E00000 \SystemRoot\System32\Drivers\dfsc.sys 0x03FE6000 \SystemRoot\system32\DRIVERS\blbdrive.sys 0x046C6000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20110430.001\BHDrvx64.sys 0x04600000 \??\C:\Program Files\BitDefender\TrafficLight\bdfwfpf.sys 0x04628000 \SystemRoot\system32\DRIVERS\tunnel.sys 0x04C7D000 \SystemRoot\system32\DRIVERS\igdkmd64.sys 0x056A0000 \SystemRoot\System32\drivers\dxgkrnl.sys 0x05794000 \SystemRoot\System32\drivers\dxgmms1.sys 0x04C00000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0x0464E000 \SystemRoot\system32\drivers\HDAudBus.sys 0x04268000 \SystemRoot\system32\DRIVERS\athrx.sys 0x043F3000 \SystemRoot\system32\DRIVERS\vwifibus.sys 0x04200000 \SystemRoot\system32\DRIVERS\yk62x64.sys 0x04C67000 \SystemRoot\system32\DRIVERS\CmBatt.sys 0x04672000 \SystemRoot\system32\drivers\i8042prt.sys 0x04C6C000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0x057E7000 \??\C:\Windows\system32\drivers\VMkbd.sys 0x01266000 \SystemRoot\system32\DRIVERS\SynTP.sys 0x04265000 \SystemRoot\system32\DRIVERS\USBD.SYS 0x04690000 \SystemRoot\system32\DRIVERS\mouclass.sys 0x057F2000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys 0x0469F000 \SystemRoot\system32\DRIVERS\intelppm.sys 0x046B5000 \SystemRoot\system32\drivers\CompositeBus.sys 0x047DE000 \SystemRoot\system32\DRIVERS\serscan.sys 0x047E6000 \SystemRoot\system32\drivers\ksthunk.sys 0x013AB000 \SystemRoot\system32\drivers\ks.sys 0x0180B000 \SystemRoot\system32\DRIVERS\AgileVpn.sys 0x0161B000 \SystemRoot\system32\DRIVERS\HssDrv.sys 0x015CB000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0x047EC000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0x0104C000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0x05C48000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0x05C63000 \SystemRoot\system32\DRIVERS\raspptp.sys 0x05C84000 \SystemRoot\system32\DRIVERS\rassstp.sys 0x05C9E000 \SystemRoot\system32\DRIVERS\taphss.sys 0x05CAB000 \SystemRoot\system32\DRIVERS\rdpbus.sys 0x05CB6000 \SystemRoot\system32\DRIVERS\VClone.sys 0x05CC5000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS 0x05CF4000 \SystemRoot\system32\drivers\swenum.sys 0x05CF6000 \SystemRoot\system32\DRIVERS\umbus.sys 0x05D08000 \SystemRoot\system32\drivers\usbhub.sys 0x05D62000 \SystemRoot\System32\Drivers\NDProxy.SYS 0x06803000 \SystemRoot\system32\drivers\RTKVHD64.sys 0x05D77000 \SystemRoot\system32\drivers\portcls.sys 0x05DB4000 \SystemRoot\system32\drivers\drmk.sys 0x069F5000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS 0x030F7000 \SystemRoot\System32\Drivers\crashdmp.sys 0x06E5E000 \SystemRoot\System32\Drivers\dump_iaStor.sys 0x06F7A000 \SystemRoot\System32\Drivers\dump_dumpfve.sys 0x00020000 \SystemRoot\System32\win32k.sys 0x06FA5000 \SystemRoot\System32\drivers\Dxapi.sys 0x00410000 \SystemRoot\System32\TSDDD.dll 0x00650000 \SystemRoot\System32\cdd.dll 0x02F87000 \SystemRoot\system32\drivers\luafv.sys 0x02FAA000 \SystemRoot\system32\drivers\WudfPf.sys 0x02FCB000 \SystemRoot\system32\DRIVERS\vmnetbridge.sys 0x02FDB000 \SystemRoot\system32\DRIVERS\VMNET.SYS 0x02FE5000 \SystemRoot\system32\DRIVERS\lltdio.sys 0x02400000 \SystemRoot\system32\DRIVERS\nwifi.sys 0x02453000 \SystemRoot\system32\DRIVERS\ndisuio.sys 0x02466000 \SystemRoot\system32\DRIVERS\rspndr.sys 0x0247E000 \SystemRoot\system32\DRIVERS\vwifimp.sys 0x072F4000 \SystemRoot\system32\drivers\HTTP.sys 0x073BD000 \SystemRoot\system32\DRIVERS\bowser.sys 0x073DB000 \SystemRoot\System32\drivers\mpsdrv.sys 0x07200000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0x0722D000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys 0x0727A000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys 0x0729E000 \??\C:\Windows\system32\drivers\hcmon.sys 0x072AA000 \??\C:\Windows\system32\drivers\vmci.sys 0x07668000 \??\C:\Windows\system32\drivers\vmx86.sys 0x0773E000 \SystemRoot\system32\DRIVERS\cdfs.sys 0x07A49000 \SystemRoot\system32\drivers\peauth.sys 0x07AEF000 \SystemRoot\System32\Drivers\secdrv.SYS 0x07AFA000 \SystemRoot\System32\DRIVERS\srvnet.sys 0x07B2B000 \SystemRoot\System32\drivers\tcpipreg.sys 0x07B3D000 \??\C:\Windows\system32\drivers\vmnetuserif.sys 0x07B47000 \??\C:\Program Files (x86)\VMware\VMware Player\vstor2-ws60.sys 0x07B53000 \SystemRoot\System32\DRIVERS\srv2.sys 0x0775B000 \SystemRoot\System32\DRIVERS\srv.sys 0x07BBD000 \??\C:\Windows\system32\drivers\SymDSMon.sys 0x07A00000 \??\C:\Windows\system32\drivers\SymSpeedDisk.sys 0x07A26000 \??\C:\Windows\system32\drivers\TfNetMon.sys 0x07600000 \SystemRoot\System32\drivers\rdpdr.sys 0x07A34000 \SystemRoot\system32\drivers\tdtcp.sys 0x07BEA000 \SystemRoot\System32\DRIVERS\tssecsrv.sys 0x06FB1000 \SystemRoot\System32\Drivers\RDPWD.SYS 0x077F3000 \SystemRoot\system32\DRIVERS\usbuhci.sys 0x08E71000 \SystemRoot\system32\DRIVERS\usbehci.sys 0x0A914000 \SystemRoot\system32\DRIVERS\asyncmac.sys 0x08FA6000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20110513.002\EX64.SYS 0x0A91F000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20110513.002\ENG64.SYS 0x0A93F000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20110512.001\IDSvia64.sys 0x0A9BA000 \SystemRoot\system32\DRIVERS\monitor.sys 0x77300000 \Windows\System32\ntdll.dll 0x47BF0000 \Windows\System32\smss.exe 0xFF620000 \Windows\System32\apisetschema.dll Processes (total 70): 0 System Idle Process 4 System 332 C:\Windows\System32\smss.exe 536 csrss.exe 608 C:\Windows\System32\wininit.exe 620 csrss.exe 668 C:\Windows\System32\services.exe 676 C:\Windows\System32\lsass.exe 684 C:\Windows\System32\lsm.exe 804 C:\Windows\System32\svchost.exe 876 C:\Windows\System32\winlogon.exe 912 C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe 1000 C:\Windows\System32\svchost.exe 552 C:\Windows\System32\svchost.exe 624 C:\Windows\System32\svchost.exe 1016 C:\Windows\System32\svchost.exe 1220 C:\Windows\System32\svchost.exe 1392 C:\Windows\System32\svchost.exe 1524 C:\Windows\System32\spoolsv.exe 1576 C:\Windows\System32\svchost.exe 1712 C:\Windows\SysWOW64\svchost.exe 1736 C:\Program Files\BitDefender\TrafficLight\bsserv.exe 1776 C:\Program Files (x86)\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrv.exe 1832 C:\Windows\System32\svchost.exe 1976 C:\Program Files\T-Mobile\GlobeTrotter Connect\GtDetectSc.exe 2016 C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe 1092 C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccsvchst.exe 1132 C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.4.155\SymcPCCULaunchSvc.exe 1948 C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.4.155\ccSvcHst.exe 1984 C:\Windows\SysWOW64\PSIService.exe 2116 C:\Program Files (x86)\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrv.exe 2312 C:\Program Files (x86)\ThreatFire\TFService.exe 2924 C:\Windows\System32\svchost.exe 3128 C:\Windows\System32\svchost.exe 1760 C:\Windows\System32\svchost.exe 3648 C:\Program Files\Windows Media Player\wmpnetwk.exe 3380 C:\Windows\System32\SearchIndexer.exe 2988 C:\Windows\System32\taskhost.exe 3032 C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccsvchst.exe 3352 C:\Windows\System32\dwm.exe 4048 C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.4.155\ccSvcHst.exe 3520 C:\Windows\explorer.exe 2164 C:\Program Files (x86)\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrvProxy.exe 3148 C:\Program Files (x86)\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrvProxy.exe 4120 C:\Windows\System32\taskeng.exe 4368 C:\Program Files (x86)\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe 4384 C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe 4424 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe 4432 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe 4464 C:\Windows\System32\hkcmd.exe 4484 C:\Windows\System32\igfxpers.exe 4492 C:\Program Files\Windows Sidebar\sidebar.exe 4928 C:\Program Files (x86)\ThreatFire\TFTray.exe 4996 C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe 3364 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe 2336 C:\Windows\System32\svchost.exe 5416 C:\Windows\System32\igfxext.exe 5484 C:\Windows\System32\igfxsrvc.exe 5276 C:\Windows\explorer.exe 5840 C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE 4328 C:\Windows\SysWOW64\SearchProtocolHost.exe 5948 C:\Windows\System32\SearchFilterHost.exe 3120 C:\Program Files (x86)\Mozilla Firefox\firefox.exe 5672 C:\Windows\System32\SearchProtocolHost.exe 4840 C:\Windows\explorer.exe 1316 C:\Windows\System32\audiodg.exe 4516 <unknown> 3960 dllhost.exe 4416 C:\Users\***\Downloads\MBRCheck.exe 5756 C:\Windows\System32\conhost.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000 (NTFS) \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000014`571a7a00 (NTFS) PhysicalDrive0 Model Number: HitachiHTS543225L9A300, Rev: FBEOC4CC Size Device Name MBR Status -------------------------------------------- 232 GB \\.\PhysicalDrive0 Windows 7 MBR code detected SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79 Done! |
Themen zu Backdoor.Tidserv auf dem Rechner - vollständig entfernt? |
anti-malware, avira, avira rescue, backdoor, backdoor.tidserv, benutzer, browser, code, computer, computern, dateien, desktop, emsisoft, entfernt, entfernt?, folge, gelöscht, geändert, hartnäckigen, neu, nicht mehr, norton, problem, programme, rechner, relativ, rootkit, system, tidserv, unbekannte, verlauf, virus |