Trojaner-Board
Seite 2 von 3 1 2 3
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   iexplorer startet automatisch mehrere Prozesse im Hintergrund (https://www.trojaner-board.de/96795-iexplorer-startet-automatisch-mehrere-prozesse-hintergrund.html)

b_kannter 29.03.2011 18:08
So, hier das neue Log:

Code:
ComboFix 11-03-28.05 - xxx 29.03.2011  17:54:32.2.2 - x64
Microsoft Windows 7 Professional  6.1.7601.1.1252.49.1031.18.6078.3828 [GMT 2:00]
ausgeführt von:: c:\users\xxx\Desktop\CoFi.exe
Benutzte Befehlsschalter :: c:\users\xxx\Desktop\CFScript.txt
AV: Norton 360 Online *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Norton 360 Online *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: Norton 360 Online *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\drivers\tsusbflt.sys"
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\1C4551A64743409391E41477CD655043.TMP
c:\windows\1C4551A64743409391E41477CD655043.TMP\WiseCustomCalla.dll
.
.
(((((((((((((((((((((((((((((((((((((((  Treiber/Dienste  )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_TsUsbFlt
.
.
(((((((((((((((((((((((  Dateien erstellt von 2011-02-28 bis 2011-03-29  ))))))))))))))))))))))))))))))
.
.
2011-03-29 16:27 . 2011-03-29 16:27        --------        d-----w-        c:\users\Default\AppData\Local\temp
2011-03-27 09:41 . 2011-03-27 09:41        --------        d-----w-        c:\program files\CCleaner
2011-03-26 17:08 . 2010-06-02 03:55        77656        ----a-w-        c:\windows\system32\XAPOFX1_5.dll
2011-03-26 17:08 . 2010-06-02 03:55        74072        ----a-w-        c:\windows\SysWow64\XAPOFX1_5.dll
2011-03-26 17:08 . 2010-06-02 03:55        527192        ----a-w-        c:\windows\SysWow64\XAudio2_7.dll
2011-03-26 17:08 . 2010-06-02 03:55        518488        ----a-w-        c:\windows\system32\XAudio2_7.dll
2011-03-26 17:08 . 2010-05-26 10:41        1998168        ----a-w-        c:\windows\SysWow64\D3DX9_43.dll
2011-03-26 17:08 . 2010-05-26 10:41        2401112        ----a-w-        c:\windows\system32\D3DX9_43.dll
2011-03-26 17:06 . 2011-03-26 17:41        --------        d-----w-        c:\program files (x86)\Woodcutter Simulator 2011
2011-03-26 16:29 . 2011-03-26 16:29        --------        d-----w-        c:\users\xxx\AppData\Roaming\Rondomedia
2011-03-26 16:27 . 2011-03-26 16:27        --------        d-----w-        c:\program files (x86)\Rondomedia
2011-03-26 08:38 . 2011-03-26 08:38        --------        d-----w-        C:\_OTL
2011-03-23 18:02 . 2011-03-23 18:02        388096        ----a-r-        c:\users\xxx\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-03-23 18:02 . 2011-03-23 18:02        --------        d-----w-        c:\program files (x86)\Trend Micro
2011-03-23 05:11 . 2011-03-23 05:11        --------        d-----w-        c:\program files (x86)\Common Files\Java
2011-03-22 20:53 . 2011-03-22 20:53        521448        ----a-w-        c:\windows\system32\deployJava1.dll
2011-03-22 20:52 . 2011-03-22 20:52        --------        d-----w-        c:\program files\Java
2011-03-21 07:22 . 2011-03-21 07:22        --------        d-----w-        c:\windows\SysWow64\wbem\en-US
2011-03-21 07:22 . 2011-03-21 07:22        --------        d-----w-        c:\windows\system32\wbem\en-US
2011-03-20 17:51 . 2011-03-20 17:51        --------        d-----w-        c:\programdata\Deutsche Post AG
2011-03-20 17:51 . 2011-03-20 17:51        --------        d-----w-        c:\program files (x86)\Deutsche Post AG
2011-03-09 18:20 . 2011-03-09 18:20        --------        d-----w-        c:\program files\iTunes
2011-03-09 18:20 . 2011-03-09 18:20        --------        d-----w-        c:\program files (x86)\iTunes
2011-03-09 18:20 . 2011-03-09 18:20        --------        d-----w-        c:\program files\iPod
2011-03-08 16:44 . 2011-03-08 16:44        --------        d-----w-        c:\programdata\ATI
2011-03-08 16:34 . 2011-03-08 16:34        --------        d-----w-        c:\program files\Common Files\ATI Technologies
2011-03-08 16:34 . 2011-03-08 16:34        --------        d-----w-        c:\program files (x86)\Common Files\ATI Technologies
2011-03-08 16:34 . 2011-03-08 16:34        --------        d-----w-        c:\program files (x86)\ATI Stream
2011-03-08 16:34 . 2011-03-08 16:34        --------        d-----w-        c:\program files (x86)\ATI
2011-03-07 10:48 . 2011-03-07 10:48        --------        d-----w-        c:\users\xxx\AppData\Roaming\ATI
2011-03-07 10:48 . 2011-03-07 10:48        --------        d-----w-        c:\users\xxx\AppData\Local\ATI
2011-03-07 10:44 . 2011-03-08 16:39        --------        d-----w-        c:\program files (x86)\ATI Technologies
2011-03-07 10:43 . 2011-03-08 16:34        --------        d-----w-        c:\program files\ATI Technologies
2011-03-07 10:43 . 2011-03-07 10:43        --------        d-----w-        c:\program files\ATI
2011-03-07 10:42 . 2011-03-07 10:42        --------        d-----w-        C:\ATI
2011-03-07 10:19 . 2011-03-08 17:13        --------        d-----w-        c:\program files (x86)\Landwirtschafts Simulator 2011
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-23 04:54 . 2010-12-20 14:01        472808        ----a-w-        c:\windows\SysWow64\deployJava1.dll
2011-02-23 21:44 . 2009-07-14 02:36        175616        ----a-w-        c:\windows\system32\msclmd.dll
2011-02-23 21:44 . 2009-07-14 02:36        152576        ----a-w-        c:\windows\SysWow64\msclmd.dll
2011-02-20 13:55 . 2011-02-20 13:55        455680        ----a-w-        c:\windows\SetACL.exe
2011-02-18 15:36 . 2011-02-18 15:36        51712        ----a-w-        c:\windows\system32\drivers\usbaapl64.sys
2011-02-18 15:36 . 2011-02-18 15:36        4184352        ----a-w-        c:\windows\system32\usbaaplrc.dll
2011-01-26 23:37 . 2011-01-26 23:37        9085952        ----a-w-        c:\windows\system32\drivers\atikmdag.sys
2011-01-26 23:22 . 2011-01-26 23:22        22295040        ----a-w-        c:\windows\system32\atio6axx.dll
2011-01-26 23:00 . 2011-01-26 23:00        143360        ----a-w-        c:\windows\system32\atiapfxx.exe
2011-01-26 23:00 . 2011-01-26 23:00        596480        ----a-w-        c:\windows\SysWow64\aticfx32.dll
2011-01-26 22:59 . 2011-01-26 22:59        17204736        ----a-w-        c:\windows\SysWow64\atioglxx.dll
2011-01-26 22:59 . 2011-01-26 22:59        708608        ----a-w-        c:\windows\system32\aticfx64.dll
2011-01-26 22:56 . 2010-02-11 05:32        462848        ----a-w-        c:\windows\system32\ATIDEMGX.dll
2011-01-26 22:56 . 2011-01-26 22:56        479232        ----a-w-        c:\windows\system32\atieclxx.exe
2011-01-26 22:55 . 2011-01-26 22:55        203776        ----a-w-        c:\windows\system32\atiesrxx.exe
2011-01-26 22:54 . 2011-01-26 22:54        120320        ----a-w-        c:\windows\system32\atitmm64.dll
2011-01-26 22:54 . 2011-01-26 22:54        423424        ----a-w-        c:\windows\system32\atipdl64.dll
2011-01-26 22:53 . 2011-01-26 22:53        356352        ----a-w-        c:\windows\SysWow64\atipdlxx.dll
2011-01-26 22:53 . 2011-01-26 22:53        278528        ----a-w-        c:\windows\SysWow64\Oemdspif.dll
2011-01-26 22:53 . 2011-01-26 22:53        16384        ----a-w-        c:\windows\system32\atimuixx.dll
2011-01-26 22:53 . 2011-01-26 22:53        59392        ----a-w-        c:\windows\system32\atiedu64.dll
2011-01-26 22:53 . 2011-01-26 22:53        43520        ----a-w-        c:\windows\SysWow64\ati2edxx.dll
2011-01-26 22:49 . 2011-01-26 22:49        4105728        ----a-w-        c:\windows\SysWow64\atidxx32.dll
2011-01-26 22:40 . 2011-01-26 22:40        4847616        ----a-w-        c:\windows\system32\atidxx64.dll
2011-01-26 22:32 . 2011-01-26 22:32        1208320        ----a-w-        c:\windows\system32\atiumd6v.dll
2011-01-26 22:32 . 2011-01-26 22:32        1912832        ----a-w-        c:\windows\SysWow64\atiumdmv.dll
2011-01-26 22:32 . 2011-01-26 22:32        3222016        ----a-w-        c:\windows\system32\atiumd6a.dll
2011-01-26 22:28 . 2011-01-26 22:28        4170752        ----a-w-        c:\windows\SysWow64\atiumdag.dll
2011-01-26 22:27 . 2011-01-26 22:27        51200        ----a-w-        c:\windows\system32\aticalrt64.dll
2011-01-26 22:27 . 2011-01-26 22:27        46080        ----a-w-        c:\windows\SysWow64\aticalrt.dll
2011-01-26 22:27 . 2011-01-26 22:27        44544        ----a-w-        c:\windows\system32\aticalcl64.dll
2011-01-26 22:27 . 2011-01-26 22:27        44032        ----a-w-        c:\windows\SysWow64\aticalcl.dll
2011-01-26 22:27 . 2011-01-26 22:27        6982144        ----a-w-        c:\windows\system32\aticaldd64.dll
2011-01-26 22:25 . 2011-01-26 22:25        5580800        ----a-w-        c:\windows\SysWow64\aticaldd.dll
2011-01-26 22:24 . 2011-01-26 22:24        3463680        ----a-w-        c:\windows\SysWow64\atiumdva.dll
2011-01-26 22:21 . 2011-01-26 22:21        5316096        ----a-w-        c:\windows\system32\atiumd64.dll
2011-01-26 22:20 . 2011-01-26 22:20        58880        ----a-w-        c:\windows\system32\coinst.dll
2011-01-26 22:14 . 2010-02-11 04:48        354304        ----a-w-        c:\windows\system32\atiadlxx.dll
2011-01-26 22:14 . 2011-01-26 22:14        249856        ----a-w-        c:\windows\SysWow64\atiadlxy.dll
2011-01-26 22:13 . 2011-01-26 22:13        14848        ----a-w-        c:\windows\system32\atig6pxx.dll
2011-01-26 22:13 . 2011-01-26 22:13        12800        ----a-w-        c:\windows\SysWow64\atiglpxx.dll
2011-01-26 22:13 . 2011-01-26 22:13        12800        ----a-w-        c:\windows\system32\atiglpxx.dll
2011-01-26 22:13 . 2011-01-26 22:13        39936        ----a-w-        c:\windows\system32\atig6txx.dll
2011-01-26 22:13 . 2011-01-26 22:13        32768        ----a-w-        c:\windows\SysWow64\atigktxx.dll
2011-01-26 22:13 . 2011-01-26 22:13        299520        ----a-w-        c:\windows\system32\drivers\atikmpag.sys
2011-01-26 22:12 . 2011-01-26 22:12        39936        ----a-w-        c:\windows\system32\atiuxp64.dll
2011-01-26 22:12 . 2011-01-26 22:12        30720        ----a-w-        c:\windows\SysWow64\atiuxpag.dll
2011-01-26 22:12 . 2011-01-26 22:12        38400        ----a-w-        c:\windows\system32\atiu9p64.dll
2011-01-26 22:12 . 2011-01-26 22:12        28672        ----a-w-        c:\windows\SysWow64\atiu9pag.dll
2011-01-26 22:11 . 2011-01-26 22:11        53248        ----a-w-        c:\windows\system32\drivers\ati2erec.dll
2011-01-26 22:08 . 2011-01-26 22:08        53760        ----a-w-        c:\windows\system32\atimpc64.dll
2011-01-26 22:08 . 2011-01-26 22:08        53760        ----a-w-        c:\windows\system32\amdpcom64.dll
2011-01-26 22:08 . 2011-01-26 22:08        52736        ----a-w-        c:\windows\SysWow64\atimpc32.dll
2011-01-26 22:08 . 2011-01-26 22:08        52736        ----a-w-        c:\windows\SysWow64\amdpcom32.dll
2011-01-23 17:46 . 2011-01-23 17:46        230352        ----a-w-        c:\windows\system32\drivers\truecrypt.sys
2011-01-17 11:09 . 2011-02-23 18:08        197120        ----a-w-        c:\windows\system32\d3d10_1.dll
2011-01-17 05:47 . 2011-02-23 18:08        161792        ----a-w-        c:\windows\SysWow64\d3d10_1.dll
2011-01-07 15:02 . 2011-01-07 15:02        45408        ----a-w-        c:\windows\system32\drivers\point64.sys
2011-01-07 12:17 . 2011-02-22 22:54        475648        ----a-w-        c:\windows\system32\XpsGdiConverter.dll
2011-01-07 12:17 . 2011-02-22 22:54        1465344        ----a-w-        c:\windows\system32\XpsPrint.dll
2011-01-07 12:14 . 2011-02-10 00:58        46080        ----a-w-        c:\windows\system32\atmlib.dll
2011-01-07 09:20 . 2011-02-10 00:58        366592        ----a-w-        c:\windows\system32\atmfd.dll
2011-01-07 07:46 . 2011-02-22 22:54        870912        ----a-w-        c:\windows\SysWow64\XpsPrint.dll
2011-01-07 07:46 . 2011-02-22 22:54        288256        ----a-w-        c:\windows\SysWow64\XpsGdiConverter.dll
2011-01-07 07:45 . 2011-02-10 00:58        34304        ----a-w-        c:\windows\SysWow64\atmlib.dll
2011-01-07 05:43 . 2011-02-10 00:58        294400        ----a-w-        c:\windows\SysWow64\atmfd.dll
2011-01-05 06:56 . 2011-02-10 00:58        3129344        ----a-w-        c:\windows\system32\win32k.sys
2009-09-24 12:30 . 2010-12-22 13:21        1456640        ----a-w-        c:\program files (x86)\Common Files\Falk Navi-Manager.msi
.
.
(((((((((((((((((((((((((((((  SnapShot@2011-03-27_09.57.32  )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:54 . 2011-03-29 16:31        16384              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-03-26 13:12        16384              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-03-26 13:12        32768              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-03-29 16:31        32768              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-03-26 13:12        16384              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-03-29 16:31        16384              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-12-21 08:41 . 2011-03-27 10:06        43048              c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:10 . 2011-03-26 13:14        39860              c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-03-29 16:33        39860              c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-12-20 13:48 . 2011-03-29 16:33        11900              c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4118024604-1245328209-3187949103-1001_UserData.bin
+ 2010-12-20 13:38 . 2011-03-28 20:50        16384              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-12-20 13:38 . 2011-03-27 09:41        16384              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-03-26 15:54 . 2011-03-28 20:50        32768              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-03-26 15:54 . 2011-03-27 09:41        32768              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-03-28 20:50        16384              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-03-27 09:41        16384              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-03-29 16:30 . 2011-03-29 16:30        2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-03-26 13:11 . 2011-03-26 13:11        2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-03-29 16:30 . 2011-03-29 16:30        2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-03-26 13:11 . 2011-03-26 13:11        2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 02:36 . 2011-02-28 17:09        615810              c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-03-27 10:08        615810              c:\windows\system32\perfh009.dat
+ 2009-07-14 17:58 . 2011-03-27 10:08        653928              c:\windows\system32\perfh007.dat
- 2009-07-14 17:58 . 2011-02-28 17:09        653928              c:\windows\system32\perfh007.dat
+ 2009-07-14 02:36 . 2011-03-27 10:08        106190              c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2011-02-28 17:09        106190              c:\windows\system32\perfc009.dat
- 2009-07-14 17:58 . 2011-02-28 17:09        129800              c:\windows\system32\perfc007.dat
+ 2009-07-14 17:58 . 2011-03-27 10:08        129800              c:\windows\system32\perfc007.dat
- 2011-03-13 09:17 . 2011-03-26 13:09        618984              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-03-13 09:17 . 2011-03-29 16:29        618984              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2009-07-14 05:01 . 2011-03-26 13:09        503960              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-03-29 16:29        503960              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-03-27 10:02 . 2011-03-27 10:02        504728              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4118024604-1245328209-3187949103-1001-12288.dat
- 2011-01-28 05:00 . 2011-03-26 13:09        7711124              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4118024604-1245328209-3187949103-1001-8192.dat
+ 2011-01-28 05:00 . 2011-03-29 16:29        7711124              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4118024604-1245328209-3187949103-1001-8192.dat
+ 2011-03-22 04:54 . 2011-03-29 16:29        1181224              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4118024604-1245328209-3187949103-1001-4096.dat
- 2011-03-22 04:54 . 2011-03-26 13:09        1181224              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4118024604-1245328209-3187949103-1001-4096.dat
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36        94208        ----a-w-        c:\users\xxx\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36        94208        ----a-w-        c:\users\xxx\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36        94208        ----a-w-        c:\users\xxx\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Growl"="c:\program files (x86)\Growl for Windows\Growl.exe" [2010-11-30 1024000]
"F.lux"="c:\users\xxx\Local Settings\Apps\F.lux\flux.exe" [2009-08-29 966656]
"Sidebar"="c:\program files (x86)\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\ssmmgr.exe" [2009-10-13 606208]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-01-26 336384]
"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-03-07 421160]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2011-01-30 36760]
.
c:\users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\xxx\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-3-1 24850272]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-14 136176]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe [2009-07-14 9728]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R4 GenericMount Helper Service;GenericMount Helper Service;c:\program files (x86)\Norton Ghost\Shared\Drivers\GenericMountHelper.exe [2009-09-21 1571336]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0403000.005\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0403000.005\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20110309.001\BHDrvx64.sys [2011-02-25 1124472]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360x64\0403000.005\ccHPx64.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20110325.002\IDSvia64.sys [2011-03-14 476792]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0403000.005\Ironx64.SYS [x]
S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\N360x64\0403000.005\SYMTDIV.SYS [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 Apache2.2;Apache2.2;c:\xampp\apache\bin\httpd.exe [2009-12-19 29416]
S2 DragonSvc;Dragon Service;c:\program files (x86)\Common Files\Nuance\dgnsvc.exe [2010-08-12 296808]
S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\4.3.0.5\ccSvcHst.exe [2010-02-26 126392]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [x]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2010-12-07 2228008]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-12-20 132656]
S3 GenericMount;Generic Mount Driver;c:\windows\system32\DRIVERS\GenericMount.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
S3 SymSnapService;SymSnapService;c:\program files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe [2009-09-21 2963960]
.
.
Inhalt des "geplante Tasks" Ordners
.
2011-03-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-14 08:18]
.
2011-03-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-14 08:18]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36        97792        ----a-w-        c:\users\xxx\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36        97792        ----a-w-        c:\users\xxx\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36        97792        ----a-w-        c:\users\xxx\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36        97792        ----a-w-        c:\users\xxx\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"="c:\cofi\CF24674.cfxxe" [X]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-01-07 2328944]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: An vorhandene PDF-Datei anfügen - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: In Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
FF - ProfilePath - c:\users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\x4ooj935.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:home
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\4.3.0.5\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\4.3.0.5\diMaster.dll\" /prefetch:1"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
  00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\xampp\mysql\bin\mysqld.exe
c:\program files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files (x86)\Norton Ghost\Agent\VProSvc.exe
c:\program files (x86)\Nero\Nero BackItUp 4\IoctlSvc.exe
c:\program files (x86)\TeamViewer\Version6\TeamViewer.exe
c:\program files (x86)\TeamViewer\Version6\tv_w32.exe
c:\program files (x86)\Internet Explorer\IELowutil.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-03-29  18:54:34 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2011-03-29 16:54
ComboFix2.txt  2011-03-27 10:00
.
Vor Suchlauf: 19 Verzeichnis(se), 152.417.775.616 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 152.297.111.552 Bytes frei
.
- - End Of File - - F88B026213C530D7ACA890D32CABA648

cosinus 29.03.2011 19:19
Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

b_kannter 29.03.2011 19:26
Code:
2011/03/29 20:24:03.0660 3804        TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/03/29 20:24:05.0662 3804        ================================================================================
2011/03/29 20:24:05.0662 3804        SystemInfo:
2011/03/29 20:24:05.0662 3804       
2011/03/29 20:24:05.0662 3804        OS Version: 6.1.7601 ServicePack: 1.0
2011/03/29 20:24:05.0662 3804        Product type: Workstation
2011/03/29 20:24:05.0662 3804        ComputerName: xxx-PC
2011/03/29 20:24:05.0662 3804        UserName: xxx
2011/03/29 20:24:05.0662 3804        Windows directory: C:\Windows
2011/03/29 20:24:05.0662 3804        System windows directory: C:\Windows
2011/03/29 20:24:05.0662 3804        Running under WOW64
2011/03/29 20:24:05.0662 3804        Processor architecture: Intel x64
2011/03/29 20:24:05.0662 3804        Number of processors: 2
2011/03/29 20:24:05.0662 3804        Page size: 0x1000
2011/03/29 20:24:05.0662 3804        Boot type: Normal boot
2011/03/29 20:24:05.0662 3804        ================================================================================
2011/03/29 20:24:06.0600 3804        Initialize success
2011/03/29 20:24:16.0464 2192        ================================================================================
2011/03/29 20:24:16.0464 2192        Scan started
2011/03/29 20:24:16.0464 2192        Mode: Manual;
2011/03/29 20:24:16.0464 2192        ================================================================================
2011/03/29 20:24:17.0671 2192        1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
2011/03/29 20:24:17.0740 2192        ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
2011/03/29 20:24:17.0801 2192        AcpiPmi        (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
2011/03/29 20:24:17.0886 2192        adp94xx        (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/03/29 20:24:17.0970 2192        adpahci        (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/03/29 20:24:18.0049 2192        adpu320        (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/03/29 20:24:18.0156 2192        AFD            (d31dc7a16dea4a9baf179f3d6fbdb38c) C:\Windows\system32\drivers\afd.sys
2011/03/29 20:24:18.0232 2192        agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
2011/03/29 20:24:18.0397 2192        aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
2011/03/29 20:24:18.0463 2192        amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
2011/03/29 20:24:18.0542 2192        AmdK8          (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/03/29 20:24:18.0824 2192        amdkmdag        (dcc8177244fe79c61c4e73c65e63922a) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/03/29 20:24:19.0348 2192        amdkmdap        (7fe67d107329dc2cf89136a8e19bceb7) C:\Windows\system32\DRIVERS\atikmpag.sys
2011/03/29 20:24:19.0500 2192        AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/03/29 20:24:19.0572 2192        amdsata        (6ec6d772eae38dc17c14aed9b178d24b) C:\Windows\system32\drivers\amdsata.sys
2011/03/29 20:24:19.0637 2192        amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/03/29 20:24:19.0676 2192        amdxata        (1142a21db581a84ea5597b03a26ebaa0) C:\Windows\system32\drivers\amdxata.sys
2011/03/29 20:24:19.0769 2192        AppID          (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
2011/03/29 20:24:19.0937 2192        arc            (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/03/29 20:24:19.0982 2192        arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/03/29 20:24:20.0064 2192        AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/03/29 20:24:20.0128 2192        atapi          (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
2011/03/29 20:24:20.0293 2192        AtiHDAudioService (4bf5bca6e2608cd8a00bc4a6673a9f47) C:\Windows\system32\drivers\AtihdW76.sys
2011/03/29 20:24:20.0607 2192        atikmdag        (dcc8177244fe79c61c4e73c65e63922a) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/03/29 20:24:20.0848 2192        b06bdrv        (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/03/29 20:24:20.0926 2192        b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/03/29 20:24:20.0984 2192        Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/03/29 20:24:21.0162 2192        BHDrvx64        (0163c18a9ebc4a76542790cec49f5120) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20110309.001\BHDrvx64.sys
2011/03/29 20:24:21.0349 2192        blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/03/29 20:24:21.0417 2192        bowser          (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
2011/03/29 20:24:21.0487 2192        BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/03/29 20:24:21.0526 2192        BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/03/29 20:24:21.0593 2192        Brserid        (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/03/29 20:24:21.0630 2192        BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/03/29 20:24:21.0685 2192        BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/03/29 20:24:21.0708 2192        BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/03/29 20:24:21.0773 2192        BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/03/29 20:24:21.0939 2192        ccHP            (da66e851e76766d2c84502fe682ab175) C:\Windows\system32\drivers\N360x64\0403000.005\ccHPx64.sys
2011/03/29 20:24:22.0034 2192        cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/03/29 20:24:22.0132 2192        cdrom          (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
2011/03/29 20:24:22.0220 2192        circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/03/29 20:24:22.0270 2192        CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/03/29 20:24:22.0434 2192        CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/03/29 20:24:22.0472 2192        cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
2011/03/29 20:24:22.0519 2192        CNG            (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
2011/03/29 20:24:22.0621 2192        Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/03/29 20:24:22.0673 2192        CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
2011/03/29 20:24:22.0773 2192        crcdisk        (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/03/29 20:24:22.0881 2192        CSC            (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
2011/03/29 20:24:23.0040 2192        DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
2011/03/29 20:24:23.0116 2192        DgiVecp        (2d589a2c024b2fb238535db9f7b3597d) C:\Windows\system32\Drivers\DgiVecp.sys
2011/03/29 20:24:23.0165 2192        discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/03/29 20:24:23.0224 2192        Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/03/29 20:24:23.0384 2192        drmkaud        (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/03/29 20:24:23.0445 2192        DXGKrnl        (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
2011/03/29 20:24:23.0567 2192        e1express      (099e01a94167ca8bda2cf72037ad0e28) C:\Windows\system32\DRIVERS\e1e6232e.sys
2011/03/29 20:24:23.0690 2192        ebdrv          (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/03/29 20:24:23.0877 2192        eeCtrl          (066108ae4c35835081598827a1a7d08d) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
2011/03/29 20:24:24.0024 2192        ElbyCDIO        (9a47ac3dfcf81d30922cdaaf1c2d579f) C:\Windows\system32\Drivers\ElbyCDIO.sys
2011/03/29 20:24:24.0086 2192        elxstor        (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/03/29 20:24:24.0184 2192        EraserUtilRebootDrv (12866876e3851f1e5d462b2a83e25578) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2011/03/29 20:24:24.0312 2192        ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
2011/03/29 20:24:24.0400 2192        exfat          (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/03/29 20:24:24.0429 2192        fastfat        (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/03/29 20:24:24.0627 2192        fdc            (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/03/29 20:24:24.0696 2192        FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/03/29 20:24:24.0729 2192        Filetrace      (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/03/29 20:24:24.0775 2192        flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/03/29 20:24:24.0841 2192        FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
2011/03/29 20:24:24.0955 2192        FsDepends      (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/03/29 20:24:24.0987 2192        Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/03/29 20:24:25.0081 2192        fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
2011/03/29 20:24:25.0124 2192        gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/03/29 20:24:25.0203 2192        GEARAspiWDM    (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/03/29 20:24:25.0274 2192        GenericMount    (022807b149127b8faa3dbeb13a7d9b41) C:\Windows\system32\DRIVERS\GenericMount.sys
2011/03/29 20:24:25.0362 2192        hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/03/29 20:24:25.0424 2192        HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
2011/03/29 20:24:25.0470 2192        HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/03/29 20:24:25.0512 2192        HidBatt        (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/03/29 20:24:25.0544 2192        HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/03/29 20:24:25.0572 2192        HidIr          (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/03/29 20:24:25.0638 2192        HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
2011/03/29 20:24:25.0700 2192        HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
2011/03/29 20:24:25.0779 2192        HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
2011/03/29 20:24:25.0846 2192        hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
2011/03/29 20:24:25.0906 2192        i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
2011/03/29 20:24:25.0970 2192        iaStorV        (3df4395a7cf8b7a72a5f4606366b8c2d) C:\Windows\system32\drivers\iaStorV.sys
2011/03/29 20:24:26.0113 2192        IDSVia64        (8f9faa4583e634a1505bad8d0c04c5c9) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20110325.002\IDSvia64.sys
2011/03/29 20:24:26.0245 2192        iirsp          (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/03/29 20:24:26.0314 2192        intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
2011/03/29 20:24:26.0396 2192        intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/03/29 20:24:26.0451 2192        IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/03/29 20:24:26.0511 2192        IPMIDRV        (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
2011/03/29 20:24:26.0563 2192        IPNAT          (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/03/29 20:24:26.0655 2192        IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/03/29 20:24:26.0712 2192        isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
2011/03/29 20:24:26.0745 2192        iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
2011/03/29 20:24:26.0844 2192        kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
2011/03/29 20:24:26.0903 2192        kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
2011/03/29 20:24:26.0966 2192        KSecDD          (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
2011/03/29 20:24:27.0047 2192        KSecPkg        (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
2011/03/29 20:24:27.0142 2192        ksthunk        (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/03/29 20:24:27.0350 2192        lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/03/29 20:24:27.0416 2192        LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/03/29 20:24:27.0453 2192        LSI_SAS        (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/03/29 20:24:27.0508 2192        LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/03/29 20:24:27.0545 2192        LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/03/29 20:24:27.0599 2192        luafv          (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/03/29 20:24:27.0641 2192        megasas        (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/03/29 20:24:27.0697 2192        MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/03/29 20:24:27.0764 2192        Modem          (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/03/29 20:24:27.0831 2192        monitor        (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/03/29 20:24:27.0907 2192        mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
2011/03/29 20:24:27.0985 2192        mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/03/29 20:24:28.0036 2192        mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
2011/03/29 20:24:28.0088 2192        mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
2011/03/29 20:24:28.0141 2192        mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/03/29 20:24:28.0190 2192        MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
2011/03/29 20:24:28.0234 2192        mrxsmb          (faf015b07e3a2874a790a39b7d2c579f) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/03/29 20:24:28.0265 2192        mrxsmb10        (08e2345df129082bcdffdc1440f9c00d) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/03/29 20:24:28.0338 2192        mrxsmb20        (108d87409c5812ef47d81e22843e8c9d) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/03/29 20:24:28.0384 2192        msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
2011/03/29 20:24:28.0410 2192        msdsm          (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
2011/03/29 20:24:28.0503 2192        Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/03/29 20:24:28.0532 2192        mshidkmdf      (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/03/29 20:24:28.0592 2192        msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
2011/03/29 20:24:28.0676 2192        MSKSSRV        (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/03/29 20:24:28.0712 2192        MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/03/29 20:24:28.0740 2192        MSPQM          (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/03/29 20:24:28.0780 2192        MsRPC          (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
2011/03/29 20:24:28.0835 2192        mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
2011/03/29 20:24:28.0917 2192        MSTEE          (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/03/29 20:24:28.0958 2192        MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/03/29 20:24:29.0011 2192        Mup            (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/03/29 20:24:29.0186 2192        NativeWifiP    (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/03/29 20:24:29.0297 2192        NAVENG          (7be93dbb02b66e72872ff76d8a92e662) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20110329.005\ENG64.SYS
2011/03/29 20:24:29.0367 2192        NAVEX15        (be99edbba322ca59b3f2fe17b9bf987a) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20110329.005\EX64.SYS
2011/03/29 20:24:29.0551 2192        NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
2011/03/29 20:24:29.0651 2192        NdisCap        (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/03/29 20:24:29.0711 2192        NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/03/29 20:24:29.0759 2192        Ndisuio        (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/03/29 20:24:29.0806 2192        NdisWan        (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/03/29 20:24:29.0846 2192        NDProxy        (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
2011/03/29 20:24:29.0968 2192        NetBIOS        (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/03/29 20:24:30.0007 2192        NetBT          (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
2011/03/29 20:24:30.0114 2192        nfrd960        (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/03/29 20:24:30.0210 2192        Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/03/29 20:24:30.0265 2192        nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/03/29 20:24:30.0345 2192        Ntfs            (05d78aa5cb5f3f5c31160bdb955d0b7c) C:\Windows\system32\drivers\Ntfs.sys
2011/03/29 20:24:30.0443 2192        Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/03/29 20:24:30.0494 2192        nvraid          (5d9fd91f3d38dc9da01e3cb5fa89cd48) C:\Windows\system32\drivers\nvraid.sys
2011/03/29 20:24:30.0564 2192        nvstor          (f7cd50fe7139f07e77da8ac8033d1832) C:\Windows\system32\drivers\nvstor.sys
2011/03/29 20:24:30.0626 2192        nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
2011/03/29 20:24:30.0679 2192        ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
2011/03/29 20:24:30.0808 2192        Parport        (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/03/29 20:24:30.0863 2192        partmgr        (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
2011/03/29 20:24:30.0939 2192        pci            (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
2011/03/29 20:24:30.0981 2192        pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
2011/03/29 20:24:31.0071 2192        pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/03/29 20:24:31.0100 2192        pcw            (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/03/29 20:24:31.0145 2192        PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/03/29 20:24:31.0348 2192        Point64        (b23f79e41e30ed500586151a9ef27d8f) C:\Windows\system32\DRIVERS\point64.sys
2011/03/29 20:24:31.0433 2192        PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
2011/03/29 20:24:31.0471 2192        Processor      (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/03/29 20:24:31.0600 2192        Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
2011/03/29 20:24:31.0682 2192        ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/03/29 20:24:31.0779 2192        ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/03/29 20:24:31.0830 2192        QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/03/29 20:24:31.0913 2192        RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/03/29 20:24:31.0998 2192        RasAgileVpn    (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/03/29 20:24:32.0100 2192        Rasl2tp        (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/03/29 20:24:32.0157 2192        RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/03/29 20:24:32.0186 2192        RasSstp        (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/03/29 20:24:32.0239 2192        rdbss          (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
2011/03/29 20:24:32.0283 2192        rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/03/29 20:24:32.0304 2192        RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/03/29 20:24:32.0377 2192        RDPDR          (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
2011/03/29 20:24:32.0483 2192        RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/03/29 20:24:32.0522 2192        RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/03/29 20:24:32.0579 2192        RDPWD          (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
2011/03/29 20:24:32.0679 2192        rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
2011/03/29 20:24:32.0806 2192        rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/03/29 20:24:32.0874 2192        s3cap          (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
2011/03/29 20:24:32.0925 2192        sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
2011/03/29 20:24:33.0008 2192        scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
2011/03/29 20:24:33.0132 2192        secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/03/29 20:24:33.0203 2192        Serenum        (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/03/29 20:24:33.0228 2192        Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/03/29 20:24:33.0304 2192        sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/03/29 20:24:33.0396 2192        sffdisk        (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
2011/03/29 20:24:33.0418 2192        sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
2011/03/29 20:24:33.0448 2192        sffp_sd        (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
2011/03/29 20:24:33.0513 2192        sfloppy        (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/03/29 20:24:33.0615 2192        SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/03/29 20:24:33.0664 2192        SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/03/29 20:24:33.0710 2192        Smb            (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/03/29 20:24:33.0767 2192        spldr          (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/03/29 20:24:33.0869 2192        SRTSP          (96babc4906ecdb1c69d1176f8647ad8e) C:\Windows\System32\Drivers\N360x64\0403000.005\SRTSP64.SYS
2011/03/29 20:24:34.0011 2192        SRTSPX          (c7f491a290e0e4222f5cdcd50eeb8167) C:\Windows\system32\drivers\N360x64\0403000.005\SRTSPX64.SYS
2011/03/29 20:24:34.0101 2192        srv            (2098b8556d1cec2aca9a29cd479e3692) C:\Windows\system32\DRIVERS\srv.sys
2011/03/29 20:24:34.0158 2192        srv2            (d0f73a42040f21f92fd314b42ac5c9e7) C:\Windows\system32\DRIVERS\srv2.sys
2011/03/29 20:24:34.0229 2192        srvnet          (2ba8f3250828ccdb4204ecf2c6f40b6a) C:\Windows\system32\DRIVERS\srvnet.sys
2011/03/29 20:24:34.0321 2192        SSPORT          (0211ab46b73a2623b86c1cfcb30579ab) C:\Windows\system32\Drivers\SSPORT.sys
2011/03/29 20:24:34.0374 2192        stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/03/29 20:24:34.0439 2192        storflt        (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
2011/03/29 20:24:34.0517 2192        storvsc        (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
2011/03/29 20:24:34.0581 2192        swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
2011/03/29 20:24:34.0717 2192        SymDS          (659b227a72b76115975a6a9491b2fe1f) C:\Windows\system32\drivers\N360x64\0403000.005\SYMDS64.SYS
2011/03/29 20:24:34.0834 2192        SymEFA          (42c952d131eff724a9959bb6d78c1b63) C:\Windows\system32\drivers\N360x64\0403000.005\SYMEFA64.SYS
2011/03/29 20:24:34.0917 2192        SymEvent        (3f9d5fe52585e2653e59fdbfdf09a94c) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2011/03/29 20:24:35.0020 2192        SymIRON        (f57588546e738db1583981d8f44e9bc2) C:\Windows\system32\drivers\N360x64\0403000.005\Ironx64.SYS
2011/03/29 20:24:35.0055 2192        symsnap        (2d9b2746f7dea46d1572b84a06311566) C:\Windows\system32\DRIVERS\symsnap.sys
2011/03/29 20:24:35.0185 2192        SYMTDIv        (8abb6e5b7d75cd3f0a988695d0d9186a) C:\Windows\System32\Drivers\N360x64\0403000.005\SYMTDIV.SYS
2011/03/29 20:24:35.0400 2192        Tcpip          (509383e505c973ed7534a06b3d19688d) C:\Windows\system32\drivers\tcpip.sys
2011/03/29 20:24:35.0574 2192        TCPIP6          (509383e505c973ed7534a06b3d19688d) C:\Windows\system32\DRIVERS\tcpip.sys
2011/03/29 20:24:35.0664 2192        tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
2011/03/29 20:24:35.0722 2192        TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/03/29 20:24:35.0779 2192        TDTCP          (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/03/29 20:24:35.0866 2192        tdx            (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
2011/03/29 20:24:35.0964 2192        TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
2011/03/29 20:24:36.0137 2192        truecrypt      (ea43de1743c1ba0d2d17b8db90c91d88) C:\Windows\system32\drivers\truecrypt.sys
2011/03/29 20:24:36.0221 2192        tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/03/29 20:24:36.0363 2192        tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
2011/03/29 20:24:36.0408 2192        uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/03/29 20:24:36.0459 2192        udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
2011/03/29 20:24:36.0558 2192        uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
2011/03/29 20:24:36.0609 2192        umbus          (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
2011/03/29 20:24:36.0660 2192        UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/03/29 20:24:36.0707 2192        USBAAPL64      (54d4b48d443e7228bf64cf7cdc3118ac) C:\Windows\system32\Drivers\usbaapl64.sys
2011/03/29 20:24:36.0793 2192        usbccgp        (481dff26b4dca8f4cbac1f7dce1d6829) C:\Windows\system32\drivers\usbccgp.sys
2011/03/29 20:24:36.0864 2192        usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
2011/03/29 20:24:36.0920 2192        usbehci        (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
2011/03/29 20:24:37.0057 2192        usbhub          (dc96bd9ccb8403251bcf25047573558e) C:\Windows\system32\drivers\usbhub.sys
2011/03/29 20:24:37.0120 2192        usbohci        (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
2011/03/29 20:24:37.0174 2192        usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/03/29 20:24:37.0264 2192        usbscan        (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
2011/03/29 20:24:37.0346 2192        USBSTOR        (d76510cfa0fc09023077f22c2f979d86) C:\Windows\system32\drivers\USBSTOR.SYS
2011/03/29 20:24:37.0409 2192        usbuhci        (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/03/29 20:24:37.0491 2192        VClone          (84bb306b7863883018d7f3eb0c453bd5) C:\Windows\system32\DRIVERS\VClone.sys
2011/03/29 20:24:37.0590 2192        vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
2011/03/29 20:24:37.0706 2192        vga            (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/03/29 20:24:37.0764 2192        VgaSave        (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/03/29 20:24:37.0813 2192        vhdmp          (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
2011/03/29 20:24:37.0878 2192        viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
2011/03/29 20:24:37.0935 2192        vmbus          (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
2011/03/29 20:24:37.0961 2192        VMBusHID        (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
2011/03/29 20:24:38.0003 2192        volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
2011/03/29 20:24:38.0094 2192        volmgrx        (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
2011/03/29 20:24:38.0161 2192        volsnap        (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
2011/03/29 20:24:38.0246 2192        VProEventMonitor (8b7454930230db4bc4ba35a467be09aa) C:\Windows\system32\DRIVERS\vproeventmonitor.sys
2011/03/29 20:24:38.0547 2192        vsmraid        (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/03/29 20:24:38.0671 2192        vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
2011/03/29 20:24:38.0720 2192        WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/03/29 20:24:38.0783 2192        WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
2011/03/29 20:24:38.0808 2192        Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
2011/03/29 20:24:38.0956 2192        Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/03/29 20:24:39.0043 2192        Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/03/29 20:24:39.0149 2192        WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/03/29 20:24:39.0208 2192        WimFltr        (52ded146e4797e6ccf94799e8e22bb2a) C:\Windows\system32\DRIVERS\wimfltr.sys
2011/03/29 20:24:39.0255 2192        WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/03/29 20:24:39.0440 2192        WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/03/29 20:24:39.0470 2192        WmiAcpi        (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
2011/03/29 20:24:39.0656 2192        ws2ifsl        (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/03/29 20:24:39.0754 2192        WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
2011/03/29 20:24:39.0798 2192        WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/03/29 20:24:39.0881 2192        ================================================================================
2011/03/29 20:24:39.0881 2192        Scan finished
2011/03/29 20:24:39.0881 2192        ================================================================================

cosinus 29.03.2011 19:40
Bitte nun Logs mit GMER und mbrcheck erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg

Anleitung zu mbrcheck:
Downloade Dir MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur wenige Sekunden.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes

b_kannter 29.03.2011 20:21
Hier das Ergebnis von MBRCheck:
Code:
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:                       
Windows Version:                Windows 7 Professional
Windows Information:                Service Pack 1 (build 7601), 64-bit
Base Board Manufacturer:        Dell Inc.
BIOS Manufacturer:                Dell Inc.
System Manufacturer:                Dell Inc.
System Product Name:                Dell DM061
Logical Drives Mask:                0x0000f7fc

Kernel Drivers (total 203):
  0x02C1B000 \SystemRoot\system32\ntoskrnl.exe
  0x03205000 \SystemRoot\system32\hal.dll
  0x00BCB000 \SystemRoot\system32\kdcom.dll
  0x00CB5000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
  0x00D04000 \SystemRoot\system32\PSHED.dll
  0x00D18000 \SystemRoot\system32\CLFS.SYS
  0x00ED0000 \SystemRoot\system32\CI.dll
  0x00E00000 \SystemRoot\system32\drivers\Wdf01000.sys
  0x00EA4000 \SystemRoot\system32\drivers\WDFLDR.SYS
  0x00F90000 \SystemRoot\system32\drivers\ACPI.sys
  0x00FE7000 \SystemRoot\system32\drivers\WMILIB.SYS
  0x00FF0000 \SystemRoot\system32\drivers\msisadrv.sys
  0x00D76000 \SystemRoot\system32\drivers\pci.sys
  0x00EB3000 \SystemRoot\system32\drivers\vdrvroot.sys
  0x00DA9000 \SystemRoot\System32\drivers\partmgr.sys
  0x00DBE000 \SystemRoot\system32\drivers\volmgr.sys
  0x00C00000 \SystemRoot\System32\drivers\volmgrx.sys
  0x00C5C000 \SystemRoot\System32\drivers\mountmgr.sys
  0x00C76000 \SystemRoot\system32\drivers\vmbus.sys
  0x00DD3000 \SystemRoot\system32\drivers\winhv.sys
  0x0103C000 \SystemRoot\system32\drivers\iaStorV.sys
  0x0115A000 \SystemRoot\system32\drivers\amdxata.sys
  0x01165000 \SystemRoot\system32\drivers\fltmgr.sys
  0x012F2000 \SystemRoot\system32\drivers\N360x64\0403000.005\SYMDS64.SYS
  0x01360000 \SystemRoot\system32\drivers\fileinfo.sys
  0x01374000 \SystemRoot\system32\drivers\N360x64\0403000.005\SYMEFA64.SYS
  0x013AF000 \SystemRoot\system32\DRIVERS\symsnap.sys
  0x01455000 \SystemRoot\System32\Drivers\Ntfs.sys
  0x01200000 \SystemRoot\System32\Drivers\msrpc.sys
  0x01400000 \SystemRoot\System32\Drivers\ksecdd.sys
  0x0125E000 \SystemRoot\System32\Drivers\cng.sys
  0x0141B000 \SystemRoot\System32\drivers\pcw.sys
  0x0142C000 \SystemRoot\System32\Drivers\Fs_Rec.sys
  0x01633000 \SystemRoot\system32\drivers\ndis.sys
  0x01726000 \SystemRoot\system32\drivers\NETIO.SYS
  0x01786000 \SystemRoot\System32\Drivers\ksecpkg.sys
  0x018A3000 \SystemRoot\System32\drivers\tcpip.sys
  0x01AA7000 \SystemRoot\System32\drivers\fwpkclnt.sys
  0x01AF1000 \SystemRoot\system32\drivers\vmstorfl.sys
  0x01B01000 \SystemRoot\system32\drivers\volsnap.sys
  0x01B4D000 \SystemRoot\System32\Drivers\spldr.sys
  0x01B55000 \SystemRoot\System32\drivers\rdyboost.sys
  0x01B8F000 \SystemRoot\System32\Drivers\mup.sys
  0x01BA1000 \SystemRoot\System32\drivers\hwpolicy.sys
  0x01BAA000 \SystemRoot\System32\DRIVERS\fvevol.sys
  0x01BE4000 \SystemRoot\system32\DRIVERS\disk.sys
  0x01800000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
  0x02FC7000 \SystemRoot\system32\drivers\cdrom.sys
  0x02E00000 \SystemRoot\System32\Drivers\N360x64\0403000.005\SRTSP64.SYS
  0x0183E000 \SystemRoot\system32\drivers\N360x64\0403000.005\Ironx64.SYS
  0x01865000 \SystemRoot\system32\drivers\N360x64\0403000.005\SRTSPX64.SYS
  0x03C00000 \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
  0x03C36000 \SystemRoot\System32\Drivers\Null.SYS
  0x03DF9000 \SystemRoot\System32\Drivers\Beep.SYS
  0x02E86000 \SystemRoot\System32\drivers\vga.sys
  0x017B1000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
  0x017D6000 \SystemRoot\System32\drivers\watchdog.sys
  0x02FF1000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0x01899000 \SystemRoot\system32\drivers\rdpencdd.sys
  0x017E6000 \SystemRoot\system32\drivers\rdprefmp.sys
  0x017EF000 \SystemRoot\System32\Drivers\Msfs.SYS
  0x01600000 \SystemRoot\System32\Drivers\Npfs.SYS
  0x01611000 \SystemRoot\system32\DRIVERS\tdx.sys
  0x01436000 \SystemRoot\system32\DRIVERS\TDI.SYS
  0x03E95000 \SystemRoot\System32\Drivers\N360x64\0403000.005\SYMTDIV.SYS
  0x03F0B000 \SystemRoot\system32\drivers\afd.sys
  0x03F94000 \SystemRoot\System32\DRIVERS\netbt.sys
  0x03FD9000 \SystemRoot\system32\DRIVERS\wfplwf.sys
  0x03E00000 \SystemRoot\system32\DRIVERS\pacer.sys
  0x03E26000 \SystemRoot\system32\DRIVERS\netbios.sys
  0x03E35000 \SystemRoot\system32\DRIVERS\wanarp.sys
  0x03E50000 \SystemRoot\System32\drivers\truecrypt.sys
  0x03FE2000 \SystemRoot\system32\drivers\termdd.sys
  0x04021000 \SystemRoot\system32\DRIVERS\rdbss.sys
  0x04072000 \SystemRoot\system32\drivers\nsiproxy.sys
  0x0407E000 \SystemRoot\system32\drivers\mssmbios.sys
  0x04089000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20110325.002\IDSvia64.sys
  0x04104000 \SystemRoot\System32\Drivers\ElbyCDIO.sys
  0x0410F000 \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
  0x04185000 \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
  0x041AA000 \SystemRoot\System32\drivers\discache.sys
  0x042EF000 \SystemRoot\system32\drivers\csc.sys
  0x04372000 \SystemRoot\System32\Drivers\dfsc.sys
  0x04200000 \SystemRoot\system32\drivers\N360x64\0403000.005\ccHPx64.sys
  0x0429C000 \SystemRoot\system32\DRIVERS\blbdrive.sys
  0x0442E000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20110309.001\BHDrvx64.sys
  0x04544000 \SystemRoot\system32\DRIVERS\tunnel.sys
  0x0456A000 \SystemRoot\system32\DRIVERS\intelppm.sys
  0x04580000 \SystemRoot\system32\DRIVERS\atikmpag.sys
  0x04A85000 \SystemRoot\system32\DRIVERS\atikmdag.sys
  0x0463B000 \SystemRoot\System32\drivers\dxgkrnl.sys
  0x0472F000 \SystemRoot\System32\drivers\dxgmms1.sys
  0x04775000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
  0x04799000 \SystemRoot\system32\DRIVERS\e1e6232e.sys
  0x047E2000 \SystemRoot\system32\DRIVERS\usbuhci.sys
  0x05381000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
  0x047EF000 \SystemRoot\system32\DRIVERS\usbehci.sys
  0x04600000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
  0x0460D000 \SystemRoot\system32\drivers\CompositeBus.sys
  0x0461D000 \SystemRoot\system32\DRIVERS\GenericMount.sys
  0x053D7000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
  0x04A00000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
  0x04A24000 \SystemRoot\system32\DRIVERS\ndistapi.sys
  0x04A30000 \SystemRoot\system32\DRIVERS\ndiswan.sys
  0x04A5F000 \SystemRoot\system32\DRIVERS\raspppoe.sys
  0x045CE000 \SystemRoot\system32\DRIVERS\raspptp.sys
  0x04400000 \SystemRoot\system32\DRIVERS\rassstp.sys
  0x04630000 \SystemRoot\system32\DRIVERS\rdpbus.sys
  0x053ED000 \SystemRoot\system32\drivers\kbdclass.sys
  0x0441A000 \SystemRoot\system32\drivers\mouclass.sys
  0x045EF000 \SystemRoot\system32\DRIVERS\VClone.sys
  0x042AD000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
  0x053FC000 \SystemRoot\system32\drivers\swenum.sys
  0x04390000 \SystemRoot\system32\drivers\ks.sys
  0x043D3000 \SystemRoot\system32\drivers\umbus.sys
  0x058C5000 \SystemRoot\system32\drivers\usbhub.sys
  0x0591F000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0x05934000 \SystemRoot\system32\drivers\AtihdW76.sys
  0x05954000 \SystemRoot\system32\drivers\portcls.sys
  0x05991000 \SystemRoot\system32\drivers\drmk.sys
  0x059B3000 \SystemRoot\system32\drivers\ksthunk.sys
  0x05800000 \SystemRoot\system32\drivers\HdAudio.sys
  0x0585C000 \SystemRoot\System32\Drivers\crashdmp.sys
  0x02E94000 \SystemRoot\System32\Drivers\dump_iaStorV.sys
  0x0586A000 \SystemRoot\system32\drivers\usbccgp.sys
  0x05887000 \SystemRoot\system32\drivers\USBD.SYS
  0x05889000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
  0x0589C000 \SystemRoot\system32\DRIVERS\usbscan.sys
  0x058AD000 \SystemRoot\system32\DRIVERS\usbprint.sys
  0x059B9000 \SystemRoot\system32\drivers\USBSTOR.SYS
  0x000A0000 \SystemRoot\System32\win32k.sys
  0x059D4000 \SystemRoot\System32\drivers\Dxapi.sys
  0x059E0000 \SystemRoot\system32\drivers\hidusb.sys
  0x043E5000 \SystemRoot\system32\drivers\HIDCLASS.SYS
  0x059EE000 \SystemRoot\system32\drivers\HIDPARSE.SYS
  0x042DC000 \SystemRoot\system32\drivers\kbdhid.sys
  0x041B9000 \SystemRoot\system32\DRIVERS\monitor.sys
  0x004F0000 \SystemRoot\System32\TSDDD.dll
  0x006F0000 \SystemRoot\System32\cdd.dll
  0x041C7000 \SystemRoot\system32\DRIVERS\mouhid.sys
  0x041D4000 \SystemRoot\system32\DRIVERS\point64.sys
  0x00870000 \SystemRoot\System32\ATMFD.DLL
  0x013DD000 \SystemRoot\system32\drivers\luafv.sys
  0x04000000 \SystemRoot\system32\drivers\WudfPf.sys
  0x041E4000 \SystemRoot\system32\DRIVERS\lltdio.sys
  0x012D0000 \SystemRoot\system32\DRIVERS\rspndr.sys
  0x062A5000 \SystemRoot\system32\drivers\HTTP.sys
  0x0636E000 \SystemRoot\system32\DRIVERS\bowser.sys
  0x0638C000 \SystemRoot\System32\drivers\mpsdrv.sys
  0x063A4000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  0x06200000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
  0x0624D000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
  0x088A7000 \SystemRoot\system32\drivers\peauth.sys
  0x0894D000 \SystemRoot\System32\Drivers\secdrv.SYS
  0x08958000 \SystemRoot\System32\DRIVERS\srvnet.sys
  0x08989000 \??\C:\Windows\system32\Drivers\SSPORT.sys
  0x08991000 \SystemRoot\System32\drivers\tcpipreg.sys
  0x08800000 \SystemRoot\System32\DRIVERS\srv2.sys
  0x0909F000 \SystemRoot\System32\DRIVERS\srv.sys
  0x09138000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
  0x09000000 \SystemRoot\system32\DRIVERS\asyncmac.sys
  0x03C3F000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20110329.005\EX64.SYS
  0x0900B000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20110329.005\ENG64.SYS
  0x77590000 \Windows\System32\ntdll.dll
  0x482F0000 \Windows\System32\smss.exe
  0xFF8B0000 \Windows\System32\apisetschema.dll
  0xFFA80000 \Windows\System32\autochk.exe
  0xFF800000 \Windows\System32\msvcrt.dll
  0x77380000 \Windows\System32\iertutil.dll
  0xFF790000 \Windows\System32\gdi32.dll
  0xFF760000 \Windows\System32\imm32.dll
  0xFF680000 \Windows\System32\oleaut32.dll
  0xFF5E0000 \Windows\System32\clbcatq.dll
  0x77230000 \Windows\System32\urlmon.dll
  0xFF4D0000 \Windows\System32\msctf.dll
  0xFF450000 \Windows\System32\difxapi.dll
  0xFF240000 \Windows\System32\ole32.dll
  0xFF1F0000 \Windows\System32\ws2_32.dll
  0xFF170000 \Windows\System32\shlwapi.dll
  0xFF0D0000 \Windows\System32\comdlg32.dll
  0xFE340000 \Windows\System32\shell32.dll
  0xFE330000 \Windows\System32\lpk.dll
  0x77130000 \Windows\System32\user32.dll
  0xFE310000 \Windows\System32\imagehlp.dll
  0x77760000 \Windows\System32\normaliz.dll
  0xFE300000 \Windows\System32\nsi.dll
  0xFE2A0000 \Windows\System32\Wldap32.dll
  0x76FD0000 \Windows\System32\wininet.dll
  0xFE1C0000 \Windows\System32\advapi32.dll
  0xFE090000 \Windows\System32\rpcrt4.dll
  0xFDFC0000 \Windows\System32\usp10.dll
  0x76EB0000 \Windows\System32\kernel32.dll
  0xFDFA0000 \Windows\System32\sechost.dll
  0xFDDC0000 \Windows\System32\setupapi.dll
  0x77750000 \Windows\System32\psapi.dll
  0xFDDA0000 \Windows\System32\devobj.dll
  0xFDC30000 \Windows\System32\crypt32.dll
  0xFDB90000 \Windows\System32\comctl32.dll
  0xFDB50000 \Windows\System32\cfgmgr32.dll
  0xFDB10000 \Windows\System32\wintrust.dll
  0xFDAA0000 \Windows\System32\KernelBase.dll
  0xFDA90000 \Windows\System32\msasn1.dll
  0x75C90000 \Windows\SysWOW64\normaliz.dll

Processes (total 61):
      0 System Idle Process
      4 System
    348 C:\Windows\System32\smss.exe
    488 csrss.exe
    568 csrss.exe
    576 C:\Windows\System32\wininit.exe
    624 C:\Windows\System32\winlogon.exe
    672 C:\Windows\System32\services.exe
    680 C:\Windows\System32\lsass.exe
    688 C:\Windows\System32\lsm.exe
    780 C:\Windows\System32\svchost.exe
    864 C:\Windows\System32\svchost.exe
    952 C:\Windows\System32\atiesrxx.exe
    1004 C:\Windows\System32\svchost.exe
    288 C:\Windows\System32\svchost.exe
    384 C:\Windows\System32\svchost.exe
    1084 C:\Windows\System32\svchost.exe
    1156 C:\Windows\System32\atieclxx.exe
    1212 C:\Windows\System32\svchost.exe
    1344 C:\Windows\System32\spoolsv.exe
    1412 C:\Windows\System32\svchost.exe
    1512 C:\xampp\apache\bin\httpd.exe
    1556 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    1688 C:\Windows\System32\taskhost.exe
    1780 C:\Windows\System32\dwm.exe
    1836 C:\Windows\explorer.exe
    1528 C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
    1260 C:\Windows\System32\svchost.exe
    1696 C:\xampp\mysql\bin\mysqld.exe
    1652 C:\Program Files (x86)\Norton 360\Engine\4.3.0.5\ccsvchst.exe
    2088 C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
    2156 C:\Windows\WindowsMobile\wmdc.exe
    2204 C:\Program Files (x86)\Norton Ghost\Agent\VProSvc.exe
    2236 C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    2472 C:\Program Files (x86)\Windows Sidebar\sidebar.exe
    2748 C:\xampp\apache\bin\httpd.exe
    2756 C:\Program Files (x86)\Nero\Nero BackItUp 4\IoctlSvc.exe
    2840 C:\Windows\System32\svchost.exe
    3300 C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
    3580 C:\Program Files (x86)\iTunes\iTunesHelper.exe
    3628 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    3636 C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    4208 WmiPrvSE.exe
    4352 C:\Windows\System32\SearchIndexer.exe
    4704 C:\Program Files (x86)\Norton 360\Engine\4.3.0.5\ccsvchst.exe
    4732 C:\Windows\System32\svchost.exe
    4772 C:\Windows\System32\svchost.exe
    4104 WUDFHost.exe
    3644 C:\Program Files\Windows Media Player\wmpnetwk.exe
    5424 C:\Program Files\iPod\bin\iPodService.exe
    5868 C:\Program Files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe
    4324 C:\Windows\System32\svchost.exe
    4384 C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    5832 C:\Program Files (x86)\Norton Ghost\Agent\VProTray.exe
    5852 C:\Windows\System32\taskmgr.exe
    5764 C:\Windows\System32\SearchProtocolHost.exe
    1996 C:\Windows\System32\SearchFilterHost.exe
    4056 C:\Windows\System32\dllhost.exe
    6084 C:\Windows\System32\audiodg.exe
    3388 C:\Users\xxx\Downloads\MBRCheck.exe
    1816 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00  (NTFS)
\\.\D: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00  (NTFS)

PhysicalDrive0 Model Number: ST3250820AS, Rev: 3.ADG 
PhysicalDrive1 Model Number: ST3250820AS, Rev: 3.ADG 

      Size  Device Name          MBR Status
  --------------------------------------------
    232 GB  \\.\PhysicalDrive0  Windows 7 MBR code detected
            SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
    232 GB  \\.\PhysicalDrive1  Windows 2008 MBR code detected
            SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


Done!
GMER ist gelaufen, sagte, es hätte nichts gefunden, spuckte jedoch keinen Inhalt ins Logfile.

cosinus 29.03.2011 20:22
Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

b_kannter 30.03.2011 17:18
Okay. Schon mal besten Dank. Hier die Logs:
Code:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6206

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

30.03.2011 07:32:41
mbam-log-2011-03-30 (07-32-41).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 468625
Laufzeit: 1 Stunde(n), 27 Minute(n), 39 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Code:
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 03/29/2011 at 10:49 PM

Application Version : 4.50.1002

Core Rules Database Version : 6702
Trace Rules Database Version: 4514

Scan type      : Complete Scan
Total Scan Time : 00:55:58

Memory items scanned      : 640
Memory threats detected  : 0
Registry items scanned    : 16031
Registry threats detected : 0
File items scanned        : 50096
File threats detected    : 4

Adware.Tracking Cookie
        C:\Users\Simon Zens\AppData\Roaming\Microsoft\Windows\Cookies\simon_zens@msnportal.112.2o7[1].txt
        C:\Users\Simon Zens\AppData\Roaming\Microsoft\Windows\Cookies\simon_zens@atdmt[1].txt
        C:\Users\Simon Zens\AppData\Roaming\Microsoft\Windows\Cookies\Low\simon_zens@atdmt[1].txt
        C:\Users\Simon Zens\AppData\Roaming\Microsoft\Windows\Cookies\Low\simon_zens@msnportal.112.2o7[1].txt
So weit, so gut. Leider ist mein Problem immer noch vorhanden :headbang:
Gerade liefen wieder 6 Prozesse iexplore.exe

cosinus 30.03.2011 19:30
Da wurden nur Cookies gefunden.

Zitat:
Gerade liefen wieder 6 Prozesse iexplore.exe
Wieviele Tabs hattest du auf? Oder den IE garnicht?

b_kannter 30.03.2011 20:48
Zitat:
Zitat von cosinus (Beitrag 634639)
Oder den IE garnicht?
Gar keinen IE. Die Prozesse starten automatisch, selbst wenn ich kein Programm offen habe.

cosinus 31.03.2011 12:03
Deinstallier Norton mal bitte komplett. Ich will nicht ausschließen, dass Norton damit irgendwas zu tun.

b_kannter 01.04.2011 17:28
Zitat:
Zitat von cosinus (Beitrag 634755)
Deinstallier Norton mal bitte komplett. Ich will nicht ausschließen, dass Norton damit irgendwas zu tun.
Norton Internet Security ist deinstalliert, die Prozesse öffnen sich dennoch. Nach etwa 1 Stunde haben sich bis jetzt 3 Prozesse gestartet.

cosinus 01.04.2011 18:57
POste bitte mal frische OTL-Logs.

b_kannter 02.04.2011 08:19
Liste der Anhänge anzeigen (Anzahl: 1)
Zitat:
Zitat von cosinus (Beitrag 635198)
POste bitte mal frische OTL-Logs.
Code:
OTL logfile created on: 01.04.2011 22:08:54 - Run 3
OTL by OldTimer - Version 3.2.22.3    Folder = C:\Users\xxx\Downloads
64bit- An unknown product Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
6,00 Gb Total Physical Memory | 4,00 Gb Available Physical Memory | 69,00% Memory free
12,00 Gb Paging File | 10,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232,83 Gb Total Space | 140,04 Gb Free Space | 60,15% Space Free | Partition Type: NTFS
Drive D: | 232,83 Gb Total Space | 111,10 Gb Free Space | 47,72% Space Free | Partition Type: NTFS
 
Computer Name: xxx-PC | User Name: xxx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\xxx\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 8\firefox.exe (Mozilla Corporation)
PRC - C:\Users\xxx\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\TeamViewer\Version6\tv_w32.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\Growl for Windows\Growl.exe (element code project)
PRC - C:\Program Files (x86)\Norton 360\Engine\5.0.0.125\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe (Nuance Communications, Inc.)
PRC - C:\xampp\mysql\bin\mysqld.exe (MySQL AB)
PRC - C:\xampp\apache\bin\httpd.exe (Apache Software Foundation)
PRC - C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()
PRC - C:\Program Files (x86)\Norton Ghost\Agent\VProSvc.exe (Symantec Corporation)
PRC - C:\Users\xxx\Local Settings\Apps\F.lux\flux.exe ()
PRC - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
PRC - C:\Program Files (x86)\Nero\Nero BackItUp 4\IoctlSvc.exe (Prolific Technology Inc.)
PRC - C:\Program Files (x86)\Heirue-Soft\FMS32-PRO\fms32pro.exe (HeiRue-Soft)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\xxx\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (KMService) -- C:\Windows\SysWOW64\srvany.exe ()
SRV - (TeamViewer6) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (N360) -- C:\Program Files (x86)\Norton 360\Engine\5.0.0.125\ccSvcHst.exe (Symantec Corporation)
SRV - (DragonSvc) -- C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe (Nuance Communications, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (MySQL) -- C:\xampp\mysql\bin\mysqld.exe (MySQL AB)
SRV - (Apache2.2) -- C:\xampp\apache\bin\httpd.exe (Apache Software Foundation)
SRV - (Norton Ghost) -- C:\Program Files (x86)\Norton Ghost\Agent\VProSvc.exe (Symantec Corporation)
SRV - (GenericMount Helper Service) -- C:\Program Files (x86)\Norton Ghost\Shared\Drivers\GenericMountHelper.exe (Symantec)
SRV - (SymSnapService) -- C:\Program Files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe (Symantec)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (PLFlash DeviceIoControl Service) -- C:\Program Files (x86)\Nero\Nero BackItUp 4\IoctlSvc.exe (Prolific Technology Inc.)
SRV - (LiveUpdate) -- C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE (Symantec Corporation)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (SMR162) -- C:\Windows\SysNative\drivers\SMR162.SYS (Symantec Corporation)
DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (truecrypt) -- C:\Windows\SysNative\drivers\truecrypt.sys (TrueCrypt Foundation)
DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)
DRV:64bit: - (SymNetS) -- C:\Windows\SysNative\drivers\N360x64\0500000.07D\symnets.sys (Symantec Corporation)
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\N360x64\0500000.07D\srtsp64.sys (Symantec Corporation)
DRV:64bit: - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\SysNative\drivers\N360x64\0500000.07D\srtspx64.sys (Symantec Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\N360x64\0500000.07D\SymEFA64.sys (Symantec Corporation)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\N360x64\0500000.07D\Ironx64.sys (Symantec Corporation)
DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\N360x64\0500000.07D\SymDS64.sys (Symantec Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV:64bit: - (VProEventMonitor) -- C:\Windows\SysNative\drivers\vproeventmonitor.sys (Symantec Corporation)
DRV:64bit: - (GenericMount) -- C:\Windows\SysNative\drivers\GenericMount.sys (Symantec Corporation)
DRV:64bit: - (symsnap) -- C:\Windows\SysNative\drivers\symsnap.sys (StorageCraft)
DRV:64bit: - (VClone) -- C:\Windows\SysNative\drivers\VClone.sys (Elaborate Bytes AG)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (e1express) Intel(R) -- C:\Windows\SysNative\drivers\e1e6232e.sys (Intel Corporation)
DRV:64bit: - (DgiVecp) -- C:\Windows\SysNative\drivers\DgivEcp.sys (Samsung Electronics Co., Ltd.)
DRV:64bit: - (SSPORT) -- C:\Windows\SysNative\drivers\SSPORT.SYS (Samsung Electronics)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20110401.002\ex64.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20110401.002\eng64.sys (Symantec Corporation)
DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20110330.001\IDSviA64.sys (Symantec Corporation)
DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20110309.001\BHDrvx64.sys (Symantec Corporation)
DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 7B 16 F6 81 CA DE CB 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Web Search..."
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
 
FF - HKLM\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2010.12.22 16:20:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\ [2011.04.01 18:53:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn\ [2011.04.01 18:52:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 8\components [2011.03.20 20:11:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 8\plugins [2011.03.27 09:59:02 | 000,000,000 | ---D | M]
 
[2010.12.20 15:54:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxx\AppData\Roaming\mozilla\Extensions
[2011.03.27 11:43:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\x4ooj935.default\extensions
[2011.03.13 17:38:23 | 000,001,583 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\x4ooj935.default\searchplugins\web-search.xml
File not found (No name found) --
[2011.03.10 07:14:00 | 000,000,000 | ---D | M] (1Password) -- C:\PROGRAM FILES (X86)\1PASSWORD\FIREFOX@1PASSWD.COM
[2011.03.23 06:54:32 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES (X86)\MOZILLA FIREFOX 4.0 BETA 8\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.04.01 18:53:32 | 000,000,000 | ---D | M] (Norton IPS) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPLGN
() (No name found) -- C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X4OOJ935.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X4OOJ935.DEFAULT\EXTENSIONS\ISREADITLATER@IDEASHOWER.COM.XPI
() (No name found) -- C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X4OOJ935.DEFAULT\EXTENSIONS\TESTPILOT@LABS.MOZILLA.COM.XPI
 
O1 HOSTS File: ([2011.03.29 18:33:25 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\5.0.0.125\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\5.0.0.125\IPS\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\5.0.0.125\coIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\ssmmgr.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [F.lux] C:\Users\xxx\Local Settings\Apps\F.lux\flux.exe ()
O4 - HKCU..\Run: [Growl] C:\Program Files (x86)\Growl for Windows\Growl.exe (element code project)
O4 - HKCU..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\xxx\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...com [@ = ComFile] -- Reg Error: Key error. File not found
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.04.01 21:36:23 | 000,090,232 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SMR162.SYS
[2011.04.01 21:35:33 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\NPE
[2011.04.01 18:53:24 | 000,174,640 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2011.04.01 18:53:24 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Symantec Shared
[2011.04.01 18:53:24 | 000,000,000 | ---D | C] -- C:\Programme\Symantec
[2011.04.01 18:53:07 | 000,382,072 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0500000.07D\symnets.sys
[2011.04.01 18:53:06 | 000,802,864 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0500000.07D\SymEFA64.sys
[2011.04.01 18:53:06 | 000,735,864 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0500000.07D\srtsp64.sys
[2011.04.01 18:53:06 | 000,450,608 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0500000.07D\SymDS64.sys
[2011.04.01 18:53:06 | 000,171,128 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0500000.07D\Ironx64.sys
[2011.04.01 18:53:06 | 000,040,568 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0500000.07D\srtspx64.sys
[2011.04.01 18:52:52 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360x64
[2011.04.01 18:52:52 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360x64\0500000.07D
[2011.04.01 18:52:50 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
[2011.04.01 18:52:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton 360
[2011.04.01 18:52:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller
[2011.03.29 21:53:27 | 000,034,152 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys
[2011.03.29 21:50:03 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\SUPERAntiSpyware.com
[2011.03.29 21:50:03 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011.03.29 21:50:00 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE
[2011.03.29 21:49:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011.03.29 21:49:57 | 000,000,000 | ---D | C] -- C:\Programme\SUPERAntiSpyware
[2011.03.29 18:54:57 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011.03.29 18:34:15 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2011.03.29 17:52:26 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011.03.27 11:46:53 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011.03.27 11:46:53 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011.03.27 11:46:53 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011.03.27 11:46:43 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011.03.27 11:45:10 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011.03.27 11:41:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011.03.27 11:41:23 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner
[2011.03.26 19:08:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Holzfäller Simulator 2011
[2011.03.26 19:08:24 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_7.dll
[2011.03.26 19:08:24 | 000,518,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_7.dll
[2011.03.26 19:08:24 | 000,077,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_5.dll
[2011.03.26 19:08:24 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_5.dll
[2011.03.26 19:08:23 | 002,401,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_43.dll
[2011.03.26 19:08:23 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_43.dll
[2011.03.26 19:06:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Woodcutter Simulator 2011
[2011.03.26 18:29:00 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Rondomedia
[2011.03.26 18:28:20 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rondomedia
[2011.03.26 18:27:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Rondomedia
[2011.03.26 10:38:43 | 000,000,000 | ---D | C] -- C:\_OTL
[2011.03.23 20:02:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2011.03.23 20:02:46 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011.03.23 07:11:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011.03.23 06:54:26 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011.03.23 06:54:26 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011.03.23 06:54:26 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011.03.22 22:53:18 | 000,521,448 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\deployJava1.dll
[2011.03.22 22:53:18 | 000,189,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaws.exe
[2011.03.22 22:53:18 | 000,171,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaw.exe
[2011.03.22 22:53:18 | 000,171,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\java.exe
[2011.03.22 22:52:59 | 000,000,000 | ---D | C] -- C:\Programme\Java
[2011.03.21 09:02:47 | 001,797,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9.dll
[2011.03.21 09:02:47 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011.03.21 09:02:47 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011.03.21 09:02:47 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2011.03.21 09:02:47 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msls31.dll
[2011.03.21 09:02:47 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2011.03.21 09:02:47 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2011.03.21 09:02:47 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2011.03.21 09:02:47 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2011.03.21 09:02:47 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2011.03.21 09:02:47 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2011.03.21 09:02:47 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2011.03.21 09:02:47 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2011.03.21 09:02:46 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2011.03.21 09:02:46 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2011.03.21 09:02:46 | 000,580,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2011.03.21 09:02:46 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2011.03.21 09:02:46 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2011.03.21 09:02:46 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxtmsft.dll
[2011.03.21 09:02:46 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011.03.21 09:02:46 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxtrans.dll
[2011.03.21 09:02:46 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2011.03.21 09:02:46 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2011.03.21 09:02:46 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2011.03.21 09:02:46 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2011.03.21 09:02:46 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2011.03.21 09:02:46 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011.03.21 09:02:46 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2011.03.21 09:02:46 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2011.03.21 09:02:46 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2011.03.21 09:02:46 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2011.03.21 09:02:46 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2011.03.21 09:02:45 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2011.03.21 09:02:45 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2011.03.21 09:02:45 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2011.03.21 09:02:45 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2011.03.21 09:02:45 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2011.03.21 09:02:45 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\imgutil.dll
[2011.03.21 09:02:44 | 002,303,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2011.03.21 09:02:44 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2011.03.21 09:02:44 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2011.03.21 09:02:44 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2011.03.21 09:02:44 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2011.03.21 09:02:44 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2011.03.21 09:02:44 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2011.03.21 09:02:44 | 000,114,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2011.03.21 09:02:44 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2011.03.21 09:02:44 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2011.03.21 09:02:44 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2011.03.21 09:02:43 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2011.03.21 09:02:43 | 000,818,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011.03.21 09:02:43 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2011.03.21 09:02:43 | 000,452,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2011.03.21 09:02:43 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2011.03.21 09:02:43 | 000,282,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2011.03.21 09:02:43 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011.03.21 09:02:43 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2011.03.21 09:02:43 | 000,145,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2011.03.21 09:02:43 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2011.03.21 09:02:43 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2011.03.21 09:02:43 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2011.03.21 09:02:43 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2011.03.21 09:02:43 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2011.03.21 09:02:43 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2011.03.21 09:02:43 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2011.03.21 09:02:43 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2011.03.21 09:02:43 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2011.03.21 09:02:42 | 001,492,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2011.03.21 09:02:42 | 000,697,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011.03.21 09:02:42 | 000,603,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2011.03.21 09:02:42 | 000,236,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011.03.21 09:02:42 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2011.03.21 09:02:42 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2011.03.21 09:02:42 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2011.03.21 09:02:42 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011.03.21 09:02:42 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2011.03.21 09:02:42 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2011.03.21 09:02:42 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2011.03.20 20:02:49 | 000,000,000 | ---D | C] -- C:\Users\xxx\Dropbox\Privat\Dokumente\Deutsche Post AG
[2011.03.20 19:51:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Deutsche Post AG
[2011.03.20 19:51:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Deutsche Post AG
[2011.03.09 20:20:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011.03.09 20:20:10 | 000,000,000 | ---D | C] -- C:\Programme\iTunes
[2011.03.09 20:20:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2011.03.09 20:20:10 | 000,000,000 | ---D | C] -- C:\Programme\iPod
[2011.03.09 15:33:21 | 001,076,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DWrite.dll
[2011.03.09 15:33:21 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2011.03.09 15:33:20 | 001,544,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2011.03.09 15:33:20 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d2d1.dll
[2011.03.09 15:33:19 | 001,118,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sbe.dll
[2011.03.09 15:33:19 | 000,961,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll
[2011.03.09 15:33:19 | 000,850,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sbe.dll
[2011.03.09 15:33:19 | 000,723,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll
[2011.03.09 15:33:19 | 000,642,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll
[2011.03.09 15:33:19 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
[2011.03.09 15:33:19 | 000,259,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax
[2011.03.09 15:33:19 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax
[2011.03.08 18:44:41 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2011.03.08 18:34:38 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\ATI Technologies
[2011.03.08 18:34:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies
[2011.03.08 18:34:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ATI Stream SDK v2
[2011.03.08 18:34:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Stream
[2011.03.08 18:34:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI
[2011.03.08 18:34:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2011.03.07 12:48:51 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\ATI
[2011.03.07 12:48:51 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\ATI
[2011.03.07 12:44:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies
[2011.03.07 12:43:46 | 000,000,000 | ---D | C] -- C:\Programme\ATI Technologies
[2011.03.07 12:43:45 | 000,000,000 | ---D | C] -- C:\Programme\ATI
[2011.03.07 12:42:32 | 000,000,000 | ---D | C] -- C:\ATI
[2011.03.07 12:32:36 | 000,000,000 | ---D | C] -- C:\Users\xxx\Dropbox\Privat\Dokumente\My Games
[2011.03.07 12:21:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Landwirtschafts Simulator 2011
[2011.03.07 12:19:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Landwirtschafts Simulator 2011
 
========== Files - Modified Within 30 Days ==========
 
[2011.04.01 21:55:28 | 000,013,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.04.01 21:55:28 | 000,013,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.04.01 21:45:17 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.04.01 21:45:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.04.01 21:44:40 | 484,900,863 | -HS- | M] () -- C:\hiberfil.sys
[2011.04.01 21:43:53 | 000,004,096 | -HS- | M] () -- C:\VSNAP.IDX
[2011.04.01 21:43:27 | 000,000,749 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\SMRBackup162.dat
[2011.04.01 21:36:23 | 000,090,232 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SMR162.SYS
[2011.04.01 21:23:12 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.04.01 18:53:35 | 001,521,178 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\0500000.07D\Cat.DB
[2011.04.01 18:53:24 | 000,174,640 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2011.04.01 18:53:24 | 000,007,440 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2011.04.01 18:53:24 | 000,000,854 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2011.04.01 18:53:20 | 000,002,479 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2011.03.29 21:49:59 | 000,001,814 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011.03.29 21:35:31 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.03.29 21:35:31 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.03.29 21:35:31 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.03.29 21:35:31 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.03.29 21:35:31 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.03.29 18:33:25 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011.03.29 17:52:15 | 004,305,591 | R--- | M] () -- C:\Users\xxx\Desktop\CoFi.exe
[2011.03.27 11:41:25 | 000,000,828 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.03.26 19:08:37 | 000,002,090 | ---- | M] () -- C:\Users\xxx\Desktop\Holzfäller Simulator 2011.lnk
[2011.03.26 18:28:29 | 000,002,129 | ---- | M] () -- C:\Users\xxx\Desktop\Weinanbau-Simulator.lnk
[2011.03.23 20:02:46 | 000,002,999 | ---- | M] () -- C:\Users\xxx\Desktop\HiJackThis.lnk
[2011.03.23 06:54:10 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2011.03.23 06:54:10 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011.03.23 06:54:10 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011.03.23 06:54:10 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011.03.22 22:53:01 | 000,189,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaws.exe
[2011.03.22 22:53:01 | 000,171,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaw.exe
[2011.03.22 22:53:01 | 000,171,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\java.exe
[2011.03.22 22:53:00 | 000,521,448 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\deployJava1.dll
[2011.03.21 09:02:47 | 001,797,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9.dll
[2011.03.21 09:02:47 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011.03.21 09:02:47 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011.03.21 09:02:47 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2011.03.21 09:02:47 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msls31.dll
[2011.03.21 09:02:47 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2011.03.21 09:02:47 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2011.03.21 09:02:47 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2011.03.21 09:02:47 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2011.03.21 09:02:47 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2011.03.21 09:02:47 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2011.03.21 09:02:47 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2011.03.21 09:02:47 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2011.03.21 09:02:46 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2011.03.21 09:02:46 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2011.03.21 09:02:46 | 000,580,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2011.03.21 09:02:46 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2011.03.21 09:02:46 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2011.03.21 09:02:46 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\dxtmsft.dll
[2011.03.21 09:02:46 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011.03.21 09:02:46 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\dxtrans.dll
[2011.03.21 09:02:46 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2011.03.21 09:02:46 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2011.03.21 09:02:46 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2011.03.21 09:02:46 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2011.03.21 09:02:46 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2011.03.21 09:02:46 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2011.03.21 09:02:46 | 000,072,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011.03.21 09:02:46 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2011.03.21 09:02:46 | 000,063,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2011.03.21 09:02:46 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2011.03.21 09:02:46 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2011.03.21 09:02:46 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2011.03.21 09:02:45 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2011.03.21 09:02:45 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2011.03.21 09:02:45 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2011.03.21 09:02:45 | 000,123,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2011.03.21 09:02:45 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2011.03.21 09:02:45 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\imgutil.dll
[2011.03.21 09:02:44 | 002,303,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2011.03.21 09:02:44 | 000,267,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2011.03.21 09:02:44 | 000,222,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2011.03.21 09:02:44 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2011.03.21 09:02:44 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2011.03.21 09:02:44 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2011.03.21 09:02:44 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2011.03.21 09:02:44 | 000,114,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2011.03.21 09:02:44 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2011.03.21 09:02:44 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2011.03.21 09:02:44 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2011.03.21 09:02:43 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2011.03.21 09:02:43 | 000,818,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011.03.21 09:02:43 | 000,534,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2011.03.21 09:02:43 | 000,452,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2011.03.21 09:02:43 | 000,448,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2011.03.21 09:02:43 | 000,282,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2011.03.21 09:02:43 | 000,248,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011.03.21 09:02:43 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2011.03.21 09:02:43 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2011.03.21 09:02:43 | 000,135,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2011.03.21 09:02:43 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2011.03.21 09:02:43 | 000,091,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2011.03.21 09:02:43 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2011.03.21 09:02:43 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2011.03.21 09:02:43 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2011.03.21 09:02:43 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2011.03.21 09:02:43 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2011.03.21 09:02:43 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2011.03.21 09:02:42 | 001,492,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2011.03.21 09:02:42 | 000,697,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011.03.21 09:02:42 | 000,603,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2011.03.21 09:02:42 | 000,236,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011.03.21 09:02:42 | 000,165,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2011.03.21 09:02:42 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2011.03.21 09:02:42 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2011.03.21 09:02:42 | 000,096,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011.03.21 09:02:42 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2011.03.21 09:02:42 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2011.03.21 09:02:42 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2011.03.21 09:02:42 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2011.03.16 17:23:57 | 000,002,491 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2011.03.09 20:20:52 | 000,001,789 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011.03.08 19:06:27 | 000,001,293 | ---- | M] () -- C:\Users\xxx\Desktop\Landwirtschafts Simulator 2011 .lnk
[2011.03.03 13:49:19 | 000,001,024 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2011.03.03 13:49:18 | 000,001,044 | ---- | M] () -- C:\Users\xxx\Desktop\Dropbox.lnk
[2011.03.03 10:52:08 | 000,430,232 | ---- | M] () -- C:\Users\xxx\Desktop\Holzfaeller Simulator 2011 Tastenbelegung.jpg
 
========== Files Created - No Company Name ==========
 
[2011.04.01 21:43:27 | 000,000,749 | ---- | C] () -- C:\Users\xxx\AppData\Roaming\SMRBackup162.dat
[2011.04.01 18:53:28 | 001,521,178 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0500000.07D\Cat.DB
[2011.04.01 18:53:24 | 000,007,440 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2011.04.01 18:53:24 | 000,000,854 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2011.04.01 18:53:20 | 000,002,479 | ---- | C] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2011.04.01 18:53:00 | 000,003,374 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0500000.07D\SymEFA.inf
[2011.04.01 18:53:00 | 000,002,792 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0500000.07D\SymDS.inf
[2011.04.01 18:53:00 | 000,001,446 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0500000.07D\SymNet.inf
[2011.04.01 18:53:00 | 000,001,438 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0500000.07D\srtsp64.inf
[2011.04.01 18:53:00 | 000,001,422 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0500000.07D\srtspx64.inf
[2011.04.01 18:53:00 | 000,000,772 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0500000.07D\Iron.inf
[2011.04.01 18:52:52 | 000,007,492 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0500000.07D\iron.cat
[2011.04.01 18:52:52 | 000,007,462 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0500000.07D\srtspx64.cat
[2011.04.01 18:52:52 | 000,007,460 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0500000.07D\SymEFA64.cat
[2011.04.01 18:52:52 | 000,007,458 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0500000.07D\symnet64.cat
[2011.04.01 18:52:52 | 000,007,458 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0500000.07D\srtsp64.cat
[2011.04.01 18:52:52 | 000,007,454 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0500000.07D\SymDS64.cat
[2011.04.01 18:52:52 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0500000.07D\isolate.ini
[2011.03.29 21:49:59 | 000,001,814 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011.03.27 17:07:42 | 000,430,232 | ---- | C] () -- C:\Users\xxx\Desktop\Holzfaeller Simulator 2011 Tastenbelegung.jpg
[2011.03.27 11:46:53 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011.03.27 11:46:53 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011.03.27 11:46:53 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011.03.27 11:46:53 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011.03.27 11:46:53 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011.03.27 11:41:25 | 000,000,828 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.03.27 11:39:12 | 004,305,591 | R--- | C] () -- C:\Users\xxx\Desktop\CoFi.exe
[2011.03.26 19:08:37 | 000,002,090 | ---- | C] () -- C:\Users\xxx\Desktop\Holzfäller Simulator 2011.lnk
[2011.03.26 18:28:27 | 000,002,129 | ---- | C] () -- C:\Users\xxx\Desktop\Weinanbau-Simulator.lnk
[2011.03.23 20:02:46 | 000,002,999 | ---- | C] () -- C:\Users\xxx\Desktop\HiJackThis.lnk
[2011.03.21 09:02:46 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2011.03.21 09:02:42 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2011.03.16 17:23:57 | 000,002,491 | ---- | C] () -- C:\Users\Public\Desktop\Safari.lnk
[2011.03.09 20:20:52 | 000,001,789 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011.03.07 12:21:15 | 000,001,293 | ---- | C] () -- C:\Users\xxx\Desktop\Landwirtschafts Simulator 2011 .lnk
[2011.02.20 15:55:04 | 000,455,680 | ---- | C] () -- C:\Windows\SetACL.exe
[2011.02.13 19:01:41 | 000,011,397 | ---- | C] () -- C:\Users\xxx\AppData\Roaming\SmarThruOptions.xml
[2011.02.13 19:01:17 | 000,172,032 | ---- | C] () -- C:\Windows\SysWow64\SecSNMP.dll
[2011.02.13 19:00:58 | 000,000,136 | ---- | C] () -- C:\Windows\Readiris.ini
[2011.02.13 19:00:55 | 000,023,040 | ---- | C] () -- C:\Windows\SysWow64\irisco32.dll
[2011.01.29 19:20:08 | 000,000,562 | ---- | C] () -- C:\Windows\wiso.ini
[2011.01.24 18:26:30 | 000,000,010 | ---- | C] () -- C:\Windows\WININIT.INI
[2011.01.23 18:12:28 | 004,223,268 | ---- | C] () -- C:\ProgramData\SamPCFax000008940000
[2011.01.08 10:08:56 | 000,000,600 | ---- | C] () -- C:\Users\xxx\AppData\Local\PUTTY.RND
[2010.12.27 17:48:09 | 000,001,456 | ---- | C] () -- C:\Users\xxx\AppData\Local\Adobe Für Web speichern 12.0 Prefs
[2010.12.22 15:21:23 | 001,456,640 | ---- | C] () -- C:\Program Files (x86)\Common Files\Falk Navi-Manager.msi
[2010.12.22 13:10:17 | 000,482,408 | ---- | C] () -- C:\Windows\ssndii.exe
[2010.12.22 13:08:41 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\SvcMan.exe
[2010.12.22 13:00:26 | 000,113,768 | R--- | C] () -- C:\Windows\Wiainst.exe
[2010.12.21 10:32:42 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe
[2010.12.21 04:27:20 | 000,003,113 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010.12.20 15:18:11 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010.03.03 19:48:14 | 000,215,144 | R--- | C] () -- C:\Windows\pw32a.dll
[2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
 
========== LOP Check ==========
 
[2010.12.29 21:39:17 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\AceBIT
[2011.02.17 21:29:13 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Agile Web Solutions
[2010.12.21 16:48:07 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Buhl Data Service
[2010.12.21 16:48:03 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Buhl Data Service GmbH
[2011.04.01 21:49:38 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Dropbox
[2011.02.20 17:28:51 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\FileZilla
[2011.01.19 22:17:16 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\ISAKS
[2011.01.19 23:04:33 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Nuance
[2011.03.26 18:29:00 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Rondomedia
[2011.02.13 19:01:44 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\SmarThru4
[2010.12.22 16:48:18 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2010.12.29 21:32:20 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Steganos
[2011.02.03 21:31:10 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\TrueCrypt
[2011.02.25 23:41:05 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
[2009.07.14 07:08:49 | 000,018,522 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:7FFED16F

< End of report >
Code:
OTL Extras logfile created on: 01.04.2011 22:08:54 - Run 3
OTL by OldTimer - Version 3.2.22.3    Folder = C:\Users\xxx\Downloads
64bit- An unknown product Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
6,00 Gb Total Physical Memory | 4,00 Gb Available Physical Memory | 69,00% Memory free
12,00 Gb Paging File | 10,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232,83 Gb Total Space | 140,04 Gb Free Space | 60,15% Space Free | Partition Type: NTFS
Drive D: | 232,83 Gb Total Space | 111,10 Gb Free Space | 47,72% Space Free | Partition Type: NTFS
 
Computer Name: xxx-PC | User Name: xxx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- Reg Error: Key error. File not found
.cmd [@ = cmdfile] -- Reg Error: Key error. File not found
.com [@ = ComFile] -- Reg Error: Key error. File not found
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 8\firefox.exe (Mozilla Corporation)
.vbs [@ = VBSFile] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{22441735-5983-AD2A-5CC5-FA2CCD7EF732}" = ATI Stream SDK v2 Developer
"{26A24AE4-039D-4CA4-87B4-2F86416024FF}" = Java(TM) 6 Update 24 (64-bit)
"{2BF35D84-6377-4F70-9F39-97CF67E67FFF}" = Microsoft IntelliPoint 8.0
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4A5A427F-BA39-4BF0-7777-9A47FBE60C9F}" = Visual C++ 9.0 Runtime for Dragon NaturallySpeaking 64bit (x64)
"{5E2BDF97-E0C7-75AE-29E1-5EA9DA262F2F}" = WMV9/VC-1 Video Playback
"{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile-Gerätecenter
"{6A9B5F9E-CAF3-2264-9DA0-E374F9A34279}" = AMD Drag and Drop Transcoding
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{8F473675-D702-45F9-8EBC-342B40C17BF5}" = Apple Mobile Device Support
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{92DBCA36-9B41-4DD1-941A-AED149DD37F0}" = Windows Mobile-Gerätecenter: Treiberupdate
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9545E9DB-6F4C-4404-BF25-E221BE8B44C5}" = iTunes
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{AE57C044-8912-A181-A0E4-BC2DAB3A092A}" = ATI Catalyst Install Manager
"{B2C5B378-546F-75A7-7757-C1EAAFAF9E33}" = ccc-utility64
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CFFF260C-F510-45BB-8F8E-1D4AC1232786}" = Adobe Photoshop Lightroom 3.3 64-bit
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}" = Bonjour
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Canon SELPHY CP760" = Canon SELPHY CP760
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"WinRAR archiver" = WinRAR
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02F0B8AE-7501-4333-AFBE-6BAABFEC7637}" = WISO Steuer-Sparbuch 2011
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
"{11FCA050-2066-4351-A336-748D838C049C}" = Adobe Creative Suite 5 Web Premium
"{14D08502-FEE4-40E5-90D3-8A967A1D8BA2}" = Readiris Pro 10
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 24
"{26A87AFB-B337-42C2-BEDF-D4A51F1A5F10}" = Falk Navi-Manager
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{316B3C3F-6B5A-DBC3-1398-FBE614ECCAA7}" = TweetDeck
"{3222B0CE-59C5-4CA0-B545-2B88F200756B}" = Falk Navi-Manager
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{557090F6-9174-B562-71CF-70FD6C7F9895}" = Application Profiles
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5FD89EA1-99C2-40EE-BBF5-20F8991ED756}" = Catalyst Control Center - Branding
"{61AF34EF-B0A4-4664-975B-81904824EB1C}" = WISO Mein Geld 2011 Professional
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{65883ddf-2152-4cb7-8e13-b99194b13498}" = Nero BackItUp
"{664D6E1D-2A6C-D54D-31A5-B6BC30CEB0C6}" = CCC Help English
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75c53f52-398b-4d66-b28a-f9ef170b3b34}" = Nero BackItUp
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B9F5775-8C8C-2A4E-0CAB-74EA7AF5CB09}" = ccc-core-static
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90F1943D-EA4A-4460-B59F-30023F3BA69A}" = SmarThru 4
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA945C94-285E-DE48-A30F-70105C6580DE}" = Catalyst Control Center Graphics Previews Common
"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1 - Deutsch
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B0255743-165B-4BD5-8DA8-37DFB9930015}" = Norton Ghost
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{C22B83AB-0161-4C80-A9E9-1446DEA72780}" = Deutsche Post E-Porto
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C73F2967-062E-48F2-A462-D335B8950183}" = Safari
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{dba84796-8503-4ff0-af57-1747dd9a166d}" = Nero Online Upgrade
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E71925D5-E55D-4B7C-B883-6726FA428950}" = Growl for Windows
"{EFFA53BC-8C04-2E21-3D90-A13B1697B0CA}" = Dragon NaturallySpeaking 11
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"1Password_is1" = 1Password 1.0.4.173
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"EOS Utility" = Canon Utilities EOS Utility
"FarmingSimulator2011DE_is1" = Landwirtschafts Simulator 2011
"JDownloader" = JDownloader
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox 4.0 (x86 de)" = Mozilla Firefox 4.0 (x86 de)
"N360" = Norton 360
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"PhotoStitch" = Canon Utilities PhotoStitch
"PSPad editor_is1" = PSPad editor
"Samsung CLX-3170 Series" = Samsung CLX-3170 Series
"SmarThru PC Fax" = SmarThru PC Fax
"ST6UNST #1" = FMS32-PRO Version 3.2.2
"TeamViewer 6" = TeamViewer 6
"TrueCrypt" = TrueCrypt
"TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1" = TweetDeck
"Veetle TV" = Veetle TV 0.9.18
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 1.1.7
"Weinanbau-Simulator" = Weinanbau-Simulator
"WISO Mein Geld 2011 Professional" = WISO Mein Geld 2011 Professional
"Woodcutter Simulator 2011" = Holzfäller Simulator 2011
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Flux" = F.lux
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 22.03.2011 16:52:15 | Computer Name = xxx-PC | Source = Microsoft-Windows-RestartManager | ID = 10007
Description = Die Anwendung oder der Dienst "isaks Previewgenerator" konnte nicht
 neu gestartet werden.
 
Error - 22.03.2011 16:52:35 | Computer Name = xxx-PC | Source = MsiInstaller | ID = 11500
Description =
 
Error - 23.03.2011 14:03:10 | Computer Name = xxx-PC | Source = Application Hang | ID = 1002
Description = Programm OUTLOOK.EXE, Version 14.0.4760.1000 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 70c    Startzeit: 01cbe84fae3095ed    Endzeit: 70    Anwendungspfad:
C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE    Berichts-ID: c846aa6f-5577-11e0-b417-0019d1e81edf

 
Error - 26.03.2011 13:08:30 | Computer Name = xxx-PC | Source = MsiInstaller | ID = 1013
Description =
 
Error - 27.03.2011 12:41:45 | Computer Name = xxx-PC | Source = Application Hang | ID = 1002
Description = Programm game.exe, Version 4.1.7.1 kann nicht mehr unter Windows ausgeführt
 werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 16ec    Startzeit:
 01cbec9dc9d396cc    Endzeit: 37    Anwendungspfad: C:\Program Files (x86)\Landwirtschafts
 Simulator 2011\game.exe    Berichts-ID: 0e6917bd-5891-11e0-a424-0019d1e81edf 
 
Error - 29.03.2011 15:49:32 | Computer Name = xxx-PC | Source = Application Hang | ID = 1002
Description = Programm ccSvcHst.exe, Version 109.0.3.4 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 103c    Startzeit:
 01cbee47e200cac1    Endzeit: 45    Anwendungspfad: C:\Program Files (x86)\Norton 360\Engine\4.3.0.5\ccSvcHst.exe

Berichts-ID:
 a5b63eef-5a3d-11e0-8cf3-0019d1e81edf 
 
Error - 29.03.2011 15:53:16 | Computer Name = xxx-PC | Source = Norton Ghost | ID = 100
Description = Fehler EC8F1780: Die Änderungen seit der letzten Sitzung können nicht
 ordnungsgemäß abgestimmt werden.  Fehler EC8F1771: Die aktuellen Laufwerke auf diesem
 System können nicht aufgelistet werden.  Fehler E0BB0147: Operation 'Snap Volume'
 ist derzeit nicht für Volume aktiviert. Fehler E0BB0147: Operation '%1' ist derzeit
 nicht für %2 aktiviert.  Details:  Quelle: Norton Ghost
 
Error - 29.03.2011 15:53:17 | Computer Name = xxx-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: VProSvc.exe, Version: 15.0.0.35659,
 Zeitstempel: 0x4ac570c0  Name des fehlerhaften Moduls: VProSvc.exe, Version: 15.0.0.35659,
 Zeitstempel: 0x4ac570c0  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00061c1b  ID des fehlerhaften
 Prozesses: 0x874  Startzeit der fehlerhaften Anwendung: 0x01cbee47d9027596  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Norton Ghost\Agent\VProSvc.exe  Pfad
 des fehlerhaften Moduls: C:\Program Files (x86)\Norton Ghost\Agent\VProSvc.exe  Berichtskennung:
 2ff4e952-5a3e-11e0-8cf3-0019d1e81edf
 
Error - 31.03.2011 11:00:16 | Computer Name = xxx-PC | Source = Norton Ghost | ID = 100
Description = Fehler EC8F17B7: Wiederherstellungspunkte können nicht erstellt werden
 für Auftrag: Laufwerk-Backup von Eigene Dateien (D:\).  Fehler EC8F03FE: Die Eigenschaften
 des Auftrags können nicht gelesen werden.  Fehler EC8F1F62: Externes Gerät "VERBATIM"
 nicht gefunden. Fehler EBAB03F1: Das System kann den angegebenen Pfad nicht finden.
Details:
  Quelle: Norton Ghost
 
Error - 31.03.2011 11:09:56 | Computer Name = xxx-PC | Source = Norton Ghost | ID = 100
Description = Fehler EC8F17B7: Wiederherstellungspunkte können nicht erstellt werden
 für Auftrag: Laufwerk-Backup von Volume (C:\).  Fehler EC8F03FE: Die Eigenschaften
 des Auftrags können nicht gelesen werden.  Fehler EC8F1F62: Externes Gerät "VERBATIM"
 nicht gefunden. Fehler EBAB03F1: Das System kann den angegebenen Pfad nicht finden.
Details:
  Quelle: Norton Ghost
 
[ System Events ]
Error - 01.04.2011 15:47:44 | Computer Name = xxx-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Anwendungsinformationen" wurde aufgrund folgenden Fehlers
 nicht gestartet:  %%1053
 
Error - 01.04.2011 15:48:14 | Computer Name = xxx-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst LanmanServer erreicht.
 
Error - 01.04.2011 15:48:44 | Computer Name = xxx-PC | Source = DCOM | ID = 10005
Description =
 
Error - 01.04.2011 15:48:44 | Computer Name = xxx-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst BITS erreicht.
 
Error - 01.04.2011 15:48:44 | Computer Name = xxx-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Intelligenter Hintergrundübertragungsdienst" wurde aufgrund
 folgenden Fehlers nicht gestartet:  %%1053
 
Error - 01.04.2011 15:50:20 | Computer Name = xxx-PC | Source = VDS Basic Provider | ID = 33554433
Description =
 
Error - 01.04.2011 15:50:26 | Computer Name = xxx-PC | Source = VDS Basic Provider | ID = 33554433
Description =
 
Error - 01.04.2011 15:50:27 | Computer Name = xxx-PC | Source = VDS Basic Provider | ID = 33554433
Description =
 
Error - 01.04.2011 15:50:27 | Computer Name = xxx-PC | Source = VDS Basic Provider | ID = 33554433
Description =
 
Error - 01.04.2011 15:50:27 | Computer Name = xxx-PC | Source = VDS Basic Provider | ID = 33554433
Description =
 
 
< End of report >
Komischerweise werden die prozesse im Scan nicht aufgeführt :confused:

Ich habe mal einen aktuellen Screenshot des Task Managers beigefügt. Hinweis: der Zeitpunkt von OTL-Scan und Screenshot ist nicht der gleiche!

cosinus 02.04.2011 13:57
Zitat:
PRC - C:\Program Files (x86)\Norton 360\Engine\5.0.0.125\ccSvcHst.exe (Symantec Corporation)
hast du Norton wieder installiert?

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)


Code:
:OTL
SRV - (KMService) -- C:\Windows\SysWOW64\srvany.exe ()
[2010.12.22 13:10:17 | 000,482,408 | ---- | C] () -- C:\Windows\ssndii.exe
[2010.12.22 13:08:41 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\SvcMan.exe
[2010.12.22 13:00:26 | 000,113,768 | R--- | C] () -- C:\Windows\Wiainst.exe
[2010.12.21 10:32:42 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:7FFED16F
:Commands
[purity]
[resethosts]
[emptytemp]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

b_kannter 02.04.2011 14:12
Zitat:
Zitat von cosinus (Beitrag 635342)
hast du Norton wieder installiert?
Ja, ich hatte Norton wieder installiert. Ich hatte die Hoffnung, nach dem Update auf Version 5 vielleicht eine Lösung zu finden...

Hier das Ergebnis des Fix:
Code:
All processes killed
========== OTL ==========
Service KMService stopped successfully!
Service KMService deleted successfully!
C:\Windows\SysWOW64\srvany.exe moved successfully.
C:\Windows\ssndii.exe moved successfully.
C:\Windows\SysWOW64\SvcMan.exe moved successfully.
C:\Windows\Wiainst.exe moved successfully.
File C:\Windows\SysWow64\srvany.exe not found.
ADS C:\ProgramData\TEMP:7FFED16F deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56466 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
User: xxx
->Temp folder emptied: 3285269 bytes
->Temporary Internet Files folder emptied: 9004118 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 202060874 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 58945 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2583104 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 4117 bytes
 
Total Files Cleaned = 207,00 mb
 
 
OTL by OldTimer - Version 3.2.22.3 log created on 04022011_150425

Files\Folders moved on Reboot...
C:\Users\xxx\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\xxx\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\xxx\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\SuggestedSites.dat moved successfully.
C:\Users\xxx\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X27OW3B7\iframe[1].htm moved successfully.
C:\Users\xxx\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\68S6QAZX\01[9].htm moved successfully.
C:\Users\xxx\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\68S6QAZX\blank[1].htm moved successfully.
C:\Users\xxx\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\68S6QAZX\LiveItemDetail[3].htm moved successfully.

Registry entries deleted on Reboot...


Alle Zeitangaben in WEZ +1. Es ist jetzt 20:33 Uhr.
Seite 2 von 3 1 2 3
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27