Postbank 20 Tans-Phishing-Overlay

habe · 18.04.2011, 18:54

Hallo TB-Team!
Nach über zwei Jahrzehnten ohne Probleme hat es mich jetzt auch mal erwischt. Nach dem Öffnen einer PDF vor ein paar Tagen ist der Explorer abgeschmiert, nach einem Systemneustart war das System plötzlich langsamer als sonst. Heute kam beim Einloggen auf der Postbank Onlinebankingseite plötzlich ein Overlay mit der 20 Tans-Aufforderung, sowohl im IE als auch im Firefox auf meiner Workstation. Auf meinem Laptop tritt das Problem nicht auf, also schließe ich einen gecrackten Router schonmal weitesgehend aus.

Bevor ich die Anleitung mit load.exe befolgt habe, hatte ich schonmal mit Malwarebytes und SUPERAntiSpyware gescannt, hier zunächst deren Logs.

Malwarebytes

Zitat:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6388

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

18.04.2011 11:48:26
mbam-log-2011-04-18 (11-48-26).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 198880
Laufzeit: 10 Minute(n), 31 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\Heiko\AppData\Local\Temp\CSM35B.tmp (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
c:\Users\Heiko\AppData\Local\Temp\temp1_fp2006-final-3.00-setup.zip\fp2006-final-3.00-setup.exe (BadJoke.KillFiles) -> Quarantined and deleted successfully.

SuperAntiSpyware (Kompletter Scan)

Zitat:

SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 04/18/2011 at 02:33 PM

Application Version : 4.50.1002

Core Rules Database Version : 6860
Trace Rules Database Version: 4672

Scan type : Complete Scan
Total Scan Time : 01:14:51

Memory items scanned : 586
Memory threats detected : 0
Registry items scanned : 10731
Registry threats detected : 0
File items scanned : 79825
File threats detected : 292

Adware.Tracking Cookie
[...] Cookies entfernt [...]

Trojan.Agent/Gen-Bancos
C:\USERS\HEIKO\APPDATA\ROAMING\WEBOCTON - SCRIPTLY\PLUGINS\WYSIWYG_EDITOR.DLL
E:\WEBOCTON - SCRIPTLY\ORIGINALS\PLUGINS\WYSIWYG_EDITOR.DLL

Trojan.Unclassified/RegSVR-Fake
C:\WINDOWS\SYSTEM32\EMBEDDED\REGSVR.EXE

Die in die Quarantäne verschobenen Dateien scheinen aber nicht für das Problem verantwortlich gewesen zu sein. Danach habe ich im Zuge der Problembekämpfung einiges an Software deinstalliert, die ich nicht mehr brauchte bzw. die mir unbekannt vorkam oder um zu sehen, ob das Problem danach weiterhin besteht (z.B. Java).

Dann habe ich eure Seite gefunden und load.exe ausgeführt und die Anleitung befolgt. Dabei ist tfc.exe beim ersten mal abgestürzt, hat die Arbeit beim zweiten mal starten aber erfolgreich beendet. Die Logs befinden sich aus Platzgründen im Anhang.

Ich hoffe ihr könnt mir weiterhelfen. Danke für jegliche Mühe im Voraus!

Gruß Heiko

cosinus · 18.04.2011, 20:43

Zitat:

Art des Suchlaufs: Quick-Scan

Hallo und

Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

habe · 18.04.2011, 21:09

Hallo und danke. ^^

Ich habe noch zwei Vollscans, einer von heute Mittag, und einer von gerade ebenn ach erneutem Update. Erstaunlicherweise hat der erste Vollscan sehr viel weniger Objekte untersucht ?!

Zitat:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6388

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

18.04.2011 12:15:26
mbam-log-2011-04-18 (12-15-26).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|F:\|G:\|H:\|)
Durchsuchte Objekte: 76342
Laufzeit: 19 Minute(n), 36 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Zitat:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6390

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

18.04.2011 21:48:25
mbam-log-2011-04-18 (21-48-25).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|F:\|G:\|H:\|)
Durchsuchte Objekte: 591876
Laufzeit: 1 Stunde(n), 33 Minute(n), 2 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

cosinus · 18.04.2011, 21:35

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{2fc69bde-0b18-11dd-abdd-001bfcc30921}\Shell\´ò¿ª(&O)\command - "" = I:\RECYCLER\UcHelp.exe
O33 - MountPoints2\{459e52ab-46a4-11dc-82c3-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{459e52ab-46a4-11dc-82c3-806e6f6e6963}\Shell\AutoRun\command - "" = D:\arun.exe
O33 - MountPoints2\{bd98ad69-77cd-11df-8a25-001bfcc30921}\Shell\´ò¿ª(&O)\command - "" = J:\RECYCLER\UcHelp.exe
[2008.08.11 11:03:10 | 000,047,616 | ---- | C] () -- C:\Windows\System32\zmhhpaso.dll
[2008.08.11 11:03:08 | 000,081,920 | ---- | C] () -- C:\Windows\System32\zmhhpaudcp.exe
[2009.05.27 11:48:08 | 000,094,208 | ---- | C] () -- C:\Windows\System32\zmbv.dll
[2009.07.03 17:27:02 | 000,123,024 | ---- | C] () -- C:\Users\Heiko\AppData\Local\debuggee.mdmp
@Alternate Data Stream - 55920 bytes -> C:\ProgramData:$SS_DESCRIPTOR_LVVWVBGV0VFBTLX4D06YH7LVUTPXGJMBKE1R0WT1VH7E24F7PHCTVF4VMVFVVX4VM
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:FD19413D
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:638E6F6B
:Commands
[purity]
[resethosts]
[emptytemp]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

habe · 18.04.2011, 21:49

OTL ist durch, mit folgendem Output nach dem Neustart:

Zitat:

All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2fc69bde-0b18-11dd-abdd-001bfcc30921}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2fc69bde-0b18-11dd-abdd-001bfcc30921}\ not found.
File I:\RECYCLER\UcHelp.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{459e52ab-46a4-11dc-82c3-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{459e52ab-46a4-11dc-82c3-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{459e52ab-46a4-11dc-82c3-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{459e52ab-46a4-11dc-82c3-806e6f6e6963}\ not found.
File D:\arun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bd98ad69-77cd-11df-8a25-001bfcc30921}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bd98ad69-77cd-11df-8a25-001bfcc30921}\ not found.
File J:\RECYCLER\UcHelp.exe not found.
C:\Windows\System32\zmhhpaso.dll moved successfully.
C:\Windows\System32\zmhhpaudcp.exe moved successfully.
C:\Windows\System32\zmbv.dll moved successfully.
C:\Users\Heiko\AppData\Local\debuggee.mdmp moved successfully.
ADS C:\ProgramData:$SS_DESCRIPTOR_LVVWVBGV0VFBTLX4D06YH7LVUTPXGJMBKE1R0WT1VH7E24F7PHCTVF4VMVFVVX4VM deleted successfully.
ADS C:\ProgramData\TEMP:FD19413D deleted successfully.
ADS C:\ProgramData\TEMP:638E6F6B deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Heiko
->Temp folder emptied: 1033817 bytes
->Temporary Internet Files folder emptied: 226410612 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 456 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4802 bytes
RecycleBin emptied: 1264289 bytes

Total Files Cleaned = 218,00 mb

OTL by OldTimer - Version 3.2.22.3 log created on 04182011_224015

Files\Folders moved on Reboot...
C:\Users\Heiko\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XPI5SFBI\ads[1].htm moved successfully.
C:\Users\Heiko\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\G3QU3C2G\ads[1].htm moved successfully.
C:\Users\Heiko\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\A0AB7674-8D67-4F4D-B5E1-96FAEADFB79D.dat moved successfully.
C:\Users\Heiko\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.

Registry entries deleted on Reboot...

cosinus · 18.04.2011, 21:55

Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )

Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen!

habe · 18.04.2011, 22:03

Unhide war nicht nötig.
Den TDSSKiller hatte ich heute schonmal laufen, hier das Log vom ersten Durchlauf:

Zitat:

2011/04/18 21:54:14.0526 3504 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/18 21:54:14.0979 3504 ================================================================================
2011/04/18 21:54:14.0979 3504 SystemInfo:
2011/04/18 21:54:14.0979 3504
2011/04/18 21:54:14.0979 3504 OS Version: 6.0.6002 ServicePack: 2.0
2011/04/18 21:54:15.0057 3504 Product type: Workstation
2011/04/18 21:54:15.0197 3504 ComputerName: VISTA
2011/04/18 21:54:15.0275 3504 UserName: Heiko
2011/04/18 21:54:15.0353 3504 Windows directory: C:\Windows
2011/04/18 21:54:15.0493 3504 System windows directory: C:\Windows
2011/04/18 21:54:15.0571 3504 Processor architecture: Intel x86
2011/04/18 21:54:15.0649 3504 Number of processors: 2
2011/04/18 21:54:15.0727 3504 Page size: 0x1000
2011/04/18 21:54:15.0805 3504 Boot type: Normal boot
2011/04/18 21:54:15.0883 3504 ================================================================================
2011/04/18 21:54:20.0860 3504 Initialize success
2011/04/18 21:54:28.0285 2944 ================================================================================
2011/04/18 21:54:28.0363 2944 Scan started
2011/04/18 21:54:28.0441 2944 Mode: Manual;
2011/04/18 21:54:28.0519 2944 ================================================================================
2011/04/18 21:54:29.0799 2944 acedrv01 (9ad3ac19f5a9968db4297c4319d7cddb) C:\Windows\system32\drivers\acedrv01.sys
2011/04/18 21:54:29.0892 2944 acedrv02 (e00a398c09a6515769a4bc39e91064eb) C:\Windows\system32\drivers\acedrv02.sys
2011/04/18 21:54:29.0986 2944 acedrv03 (903de75450a5cc4b26c3d33e3a64fc58) C:\Windows\system32\drivers\acedrv03.sys
2011/04/18 21:54:30.0079 2944 acedrv04 (2d838d7ce9b7cdafdec7ed43cc99fa1e) C:\Windows\system32\drivers\acedrv04.sys
2011/04/18 21:54:30.0173 2944 acedrv05 (0a1e97197609f92d2425b67da0bb0a7f) C:\Windows\system32\drivers\acedrv05.sys
2011/04/18 21:54:30.0267 2944 acedrv06 (44010948bde6ade50dd1386657c73e83) C:\Windows\system32\drivers\acedrv06.sys
2011/04/18 21:54:30.0282 2944 acedrv07 (4e5451dd0aec8504d7f8030dd2d4c416) C:\Windows\system32\drivers\acedrv07.sys
2011/04/18 21:54:30.0423 2944 ACEDRV09 (ec818aed40e3359fe49ddb1700151e56) C:\Windows\system32\drivers\ACEDRV09.sys
2011/04/18 21:54:30.0532 2944 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/04/18 21:54:30.0672 2944 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2011/04/18 21:54:30.0766 2944 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2011/04/18 21:54:30.0859 2944 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2011/04/18 21:54:30.0953 2944 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2011/04/18 21:54:31.0093 2944 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2011/04/18 21:54:31.0218 2944 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
2011/04/18 21:54:31.0312 2944 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/04/18 21:54:31.0405 2944 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
2011/04/18 21:54:31.0499 2944 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
2011/04/18 21:54:31.0593 2944 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
2011/04/18 21:54:31.0686 2944 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2011/04/18 21:54:31.0936 2944 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
2011/04/18 21:54:32.0029 2944 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2011/04/18 21:54:32.0107 2944 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2011/04/18 21:54:32.0154 2944 AsIO (663f2fb92608073824ee3106886120f3) C:\Windows\system32\drivers\AsIO.sys
2011/04/18 21:54:32.0279 2944 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/04/18 21:54:32.0388 2944 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/04/18 21:54:32.0497 2944 AtcL001 (55907c61656449ca8534c323d6eabc89) C:\Windows\system32\DRIVERS\l160x86.sys
2011/04/18 21:54:32.0638 2944 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/04/18 21:54:32.0778 2944 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
2011/04/18 21:54:32.0872 2944 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/04/18 21:54:32.0965 2944 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/04/18 21:54:33.0059 2944 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/04/18 21:54:33.0153 2944 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/04/18 21:54:33.0246 2944 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/04/18 21:54:33.0340 2944 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/04/18 21:54:33.0433 2944 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/04/18 21:54:33.0574 2944 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/04/18 21:54:33.0699 2944 cdrbsdrv (e0042bd5bef17a6a3ef1df576bde24d1) C:\Windows\system32\drivers\cdrbsdrv.sys
2011/04/18 21:54:33.0808 2944 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/04/18 21:54:33.0901 2944 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2011/04/18 21:54:34.0011 2944 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/04/18 21:54:34.0120 2944 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
2011/04/18 21:54:34.0198 2944 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
2011/04/18 21:54:34.0291 2944 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2011/04/18 21:54:34.0385 2944 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2011/04/18 21:54:34.0494 2944 CSC (9bdb2e89be8d0ef37b1f25c3d3fc192c) C:\Windows\system32\drivers\csc.sys
2011/04/18 21:54:34.0603 2944 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2011/04/18 21:54:34.0728 2944 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/04/18 21:54:34.0853 2944 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/04/18 21:54:34.0978 2944 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/04/18 21:54:35.0071 2944 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/04/18 21:54:35.0181 2944 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/04/18 21:54:35.0290 2944 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2011/04/18 21:54:35.0415 2944 ENTECH (16ebd8bf1d5090923694cc972c7ce1b4) C:\Windows\system32\DRIVERS\ENTECH.sys
2011/04/18 21:54:35.0524 2944 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/04/18 21:54:35.0617 2944 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/04/18 21:54:35.0727 2944 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/04/18 21:54:35.0789 2944 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/04/18 21:54:35.0883 2944 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/04/18 21:54:36.0039 2944 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/04/18 21:54:36.0148 2944 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/04/18 21:54:36.0273 2944 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/04/18 21:54:36.0382 2944 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2011/04/18 21:54:36.0507 2944 giveio (77ebf3e9386daa51551af429052d88d0) C:\Windows\system32\giveio.sys
2011/04/18 21:54:36.0616 2944 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/04/18 21:54:36.0725 2944 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/04/18 21:54:36.0834 2944 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/04/18 21:54:37.0068 2944 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/04/18 21:54:37.0193 2944 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/04/18 21:54:37.0302 2944 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2011/04/18 21:54:37.0474 2944 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/04/18 21:54:37.0599 2944 hwinterface (448bb2fe30f1dde9eaa4f0e87b52b687) C:\Windows\system32\Drivers\hwinterface.sys
2011/04/18 21:54:37.0692 2944 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2011/04/18 21:54:37.0817 2944 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/04/18 21:54:37.0926 2944 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2011/04/18 21:54:38.0051 2944 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/04/18 21:54:38.0223 2944 IntcAzAudAddService (c3c499a704a2d7958d9d7e5a9db60ce4) C:\Windows\system32\drivers\RTKVHDA.sys
2011/04/18 21:54:38.0316 2944 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
2011/04/18 21:54:38.0410 2944 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/04/18 21:54:38.0535 2944 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/04/18 21:54:38.0644 2944 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2011/04/18 21:54:38.0753 2944 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/04/18 21:54:38.0862 2944 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/04/18 21:54:38.0956 2944 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
2011/04/18 21:54:39.0049 2944 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/04/18 21:54:39.0143 2944 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/04/18 21:54:39.0252 2944 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/04/18 21:54:39.0346 2944 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/04/18 21:54:39.0455 2944 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/04/18 21:54:39.0564 2944 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/04/18 21:54:39.0689 2944 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/04/18 21:54:39.0798 2944 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2011/04/18 21:54:39.0892 2944 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2011/04/18 21:54:40.0001 2944 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2011/04/18 21:54:40.0110 2944 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/04/18 21:54:40.0251 2944 LVcKap (fb548ff809634bfa866312b37d8a18ae) C:\Windows\system32\DRIVERS\LVcKap.sys
2011/04/18 21:54:40.0438 2944 MA_CMIDI (6d03a526eeded908759ca8c0e581494d) C:\Windows\system32\drivers\ma_cmidi.sys
2011/04/18 21:54:40.0547 2944 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2011/04/18 21:54:40.0641 2944 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/04/18 21:54:40.0750 2944 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/04/18 21:54:40.0859 2944 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/04/18 21:54:40.0953 2944 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/04/18 21:54:41.0062 2944 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/04/18 21:54:41.0187 2944 MpFilter (7e34bfa1a7b60bba1da03d677f16cd63) C:\Windows\system32\DRIVERS\MpFilter.sys
2011/04/18 21:54:41.0296 2944 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2011/04/18 21:54:41.0514 2944 MpKsl468d1c93 (5f53edfead46fa7adb78eee9ecce8fdf) C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{28362D98-116C-4D55-972A-0C80168712ED}\MpKsl468d1c93.sys
2011/04/18 21:54:41.0623 2944 MpNWMon (f32e2d6a1640a469a9ed4f1929a4a861) C:\Windows\system32\DRIVERS\MpNWMon.sys
2011/04/18 21:54:41.0733 2944 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/04/18 21:54:41.0826 2944 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/04/18 21:54:41.0998 2944 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/04/18 21:54:42.0107 2944 mrxsmb (5fe5cf325f5b02ebc60832d3440cb414) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/04/18 21:54:42.0201 2944 mrxsmb10 (30b9c769446af379a2afb72b0392604d) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/04/18 21:54:42.0294 2944 mrxsmb20 (fea239b3ec4877e2b7e23204af589ddf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/04/18 21:54:42.0388 2944 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
2011/04/18 21:54:42.0466 2944 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2011/04/18 21:54:42.0700 2944 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/04/18 21:54:42.0809 2944 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/04/18 21:54:42.0918 2944 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/04/18 21:54:43.0059 2944 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/04/18 21:54:43.0152 2944 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/04/18 21:54:43.0261 2944 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/04/18 21:54:43.0355 2944 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/04/18 21:54:43.0449 2944 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/04/18 21:54:43.0558 2944 MTsensor (dcdaab8697a47894a554050ce18d0b56) C:\Windows\system32\DRIVERS\ASACPI.sys
2011/04/18 21:54:43.0683 2944 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/04/18 21:54:43.0792 2944 mv61xx (a83992c275b745b58fa1fa69847fa446) C:\Windows\system32\DRIVERS\mv61xx.sys
2011/04/18 21:54:43.0917 2944 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/04/18 21:54:44.0057 2944 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/04/18 21:54:44.0197 2944 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/04/18 21:54:44.0291 2944 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/04/18 21:54:44.0385 2944 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/04/18 21:54:44.0494 2944 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/04/18 21:54:44.0572 2944 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/04/18 21:54:44.0681 2944 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/04/18 21:54:44.0806 2944 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/04/18 21:54:44.0915 2944 NisDrv (17e2c08c5ecfbe94a7c67b1c275ee9d9) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
2011/04/18 21:54:45.0040 2944 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/04/18 21:54:45.0133 2944 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/04/18 21:54:45.0274 2944 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/04/18 21:54:45.0383 2944 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/04/18 21:54:45.0477 2944 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/04/18 21:54:45.0757 2944 nvlddmkm (bd409de5681c74c1de51d72427dc202d) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/04/18 21:54:46.0023 2944 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
2011/04/18 21:54:46.0179 2944 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
2011/04/18 21:54:46.0288 2944 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
2011/04/18 21:54:46.0428 2944 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
2011/04/18 21:54:46.0537 2944 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/04/18 21:54:46.0647 2944 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/04/18 21:54:46.0740 2944 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/04/18 21:54:46.0849 2944 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/04/18 21:54:47.0021 2944 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
2011/04/18 21:54:47.0115 2944 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/04/18 21:54:47.0239 2944 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/04/18 21:54:47.0364 2944 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/04/18 21:54:47.0442 2944 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2011/04/18 21:54:47.0551 2944 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/04/18 21:54:47.0661 2944 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2011/04/18 21:54:47.0754 2944 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/04/18 21:54:47.0941 2944 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/04/18 21:54:48.0066 2944 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/04/18 21:54:48.0238 2944 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/04/18 21:54:48.0331 2944 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/04/18 21:54:48.0425 2944 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/04/18 21:54:48.0550 2944 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/04/18 21:54:48.0706 2944 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/04/18 21:54:48.0831 2944 rdpdr (943b18305eae3935598a9b4a3d560b4c) C:\Windows\system32\DRIVERS\rdpdr.sys
2011/04/18 21:54:48.0909 2944 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/04/18 21:54:49.0002 2944 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/04/18 21:54:49.0111 2944 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/04/18 21:54:49.0236 2944 SaiH0BAC (3252d5571633e0b244541615d6252358) C:\Windows\system32\DRIVERS\SaiH0BAC.sys
2011/04/18 21:54:49.0345 2944 SaiMini (191b8f3b3dfa1e199d398dbc0c09544e) C:\Windows\system32\DRIVERS\SaiMini.sys
2011/04/18 21:54:49.0439 2944 SaiNtBus (534161d0a07014a7d81c6721a7ae6c08) C:\Windows\system32\drivers\SaiBus.sys
2011/04/18 21:54:49.0564 2944 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) E:\superantispyware\SASDIFSV.SYS
2011/04/18 21:54:49.0657 2944 SASKUTIL (61db0d0756a99506207fd724e3692b25) E:\superantispyware\SASKUTIL.SYS
2011/04/18 21:54:49.0782 2944 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/04/18 21:54:49.0907 2944 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/04/18 21:54:50.0032 2944 Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
2011/04/18 21:54:50.0125 2944 Serial (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
2011/04/18 21:54:50.0235 2944 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/04/18 21:54:50.0359 2944 sfdrv01 (aad95fe3e005489c7156fa111f744eaf) C:\Windows\system32\drivers\sfdrv01.sys
2011/04/18 21:54:50.0453 2944 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
2011/04/18 21:54:50.0547 2944 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
2011/04/18 21:54:50.0640 2944 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
2011/04/18 21:54:50.0734 2944 sfhlp02 (daad4c099ebf5094d32c373ac1ac0f3c) C:\Windows\system32\drivers\sfhlp02.sys
2011/04/18 21:54:50.0827 2944 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/04/18 21:54:50.0937 2944 sfsync02 (6dc03269f4c71e4ab313c3597f42a340) C:\Windows\system32\drivers\sfsync02.sys
2011/04/18 21:54:51.0030 2944 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
2011/04/18 21:54:51.0124 2944 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2011/04/18 21:54:51.0202 2944 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2011/04/18 21:54:51.0311 2944 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/04/18 21:54:51.0436 2944 snapman (e78c98378a071ce4d48a7c514fa98fa1) C:\Windows\system32\DRIVERS\snapman.sys
2011/04/18 21:54:51.0545 2944 speedfan (5d6401db90ec81b71f8e2c5c8f0fef23) C:\Windows\system32\speedfan.sys
2011/04/18 21:54:51.0639 2944 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/04/18 21:54:51.0748 2944 sptd (d390675b8ce45e5fb359338e5e649329) C:\Windows\system32\Drivers\sptd.sys
2011/04/18 21:54:51.0826 2944 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: d390675b8ce45e5fb359338e5e649329
2011/04/18 21:54:51.0904 2944 sptd - detected Locked file (1)
2011/04/18 21:54:51.0997 2944 Spyder3 (1c63fe706ab797bc3c24813ff969b4de) C:\Windows\system32\DRIVERS\Spyder3.sys
2011/04/18 21:54:52.0122 2944 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
2011/04/18 21:54:52.0231 2944 srv2 (a5940ca32ed206f90be9fabdf6e92de4) C:\Windows\system32\DRIVERS\srv2.sys
2011/04/18 21:54:52.0356 2944 srvnet (37aa1d560d5fa486c4b11c2f276ada61) C:\Windows\system32\DRIVERS\srvnet.sys
2011/04/18 21:54:52.0481 2944 StillCam (ef70b3d22b4bffda6ea851ecb063efaa) C:\Windows\system32\DRIVERS\serscan.sys
2011/04/18 21:54:52.0590 2944 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/04/18 21:54:52.0699 2944 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/04/18 21:54:52.0793 2944 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/04/18 21:54:52.0871 2944 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/04/18 21:54:52.0996 2944 SynasUSB (418bd80a7fefaa3fcbd3dcfc021cb294) C:\Windows\system32\drivers\SynasUSB.sys
2011/04/18 21:54:53.0121 2944 tapoas (e0852664bc1c525d93d77ecaa7f5a9a6) C:\Windows\system32\DRIVERS\tapoas.sys
2011/04/18 21:54:53.0323 2944 Tcpip (6a10afce0b38371064be41c1fbfd3c6b) C:\Windows\system32\drivers\tcpip.sys
2011/04/18 21:54:53.0417 2944 Tcpip6 (6a10afce0b38371064be41c1fbfd3c6b) C:\Windows\system32\DRIVERS\tcpip.sys
2011/04/18 21:54:53.0526 2944 tcpipreg (9bf343f4c878d6ad6922b2c5a4fefe0d) C:\Windows\system32\drivers\tcpipreg.sys
2011/04/18 21:54:53.0635 2944 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/04/18 21:54:53.0713 2944 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/04/18 21:54:53.0823 2944 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/04/18 21:54:53.0932 2944 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/04/18 21:54:54.0057 2944 tifsfilter (b84b82c0cbeb1b0d7eb7a946bade5830) C:\Windows\system32\DRIVERS\tifsfilt.sys
2011/04/18 21:54:54.0181 2944 timounter (74711884439bdf9ccf446c79cb05fac0) C:\Windows\system32\DRIVERS\timntr.sys
2011/04/18 21:54:54.0291 2944 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/04/18 21:54:54.0400 2944 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/04/18 21:54:54.0525 2944 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/04/18 21:54:54.0727 2944 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2011/04/18 21:54:54.0837 2944 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/04/18 21:54:54.0946 2944 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
2011/04/18 21:54:55.0039 2944 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2011/04/18 21:54:55.0133 2944 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/04/18 21:54:55.0227 2944 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/04/18 21:54:55.0320 2944 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/04/18 21:54:55.0523 2944 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
2011/04/18 21:54:55.0648 2944 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/04/18 21:54:55.0757 2944 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/04/18 21:54:55.0851 2944 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/04/18 21:54:55.0960 2944 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/04/18 21:54:56.0053 2944 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/04/18 21:54:56.0131 2944 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
2011/04/18 21:54:56.0319 2944 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2011/04/18 21:54:56.0412 2944 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/04/18 21:54:56.0521 2944 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/04/18 21:54:56.0631 2944 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
2011/04/18 21:54:56.0755 2944 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/04/18 21:54:56.0865 2944 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/04/18 21:54:57.0021 2944 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
2011/04/18 21:54:57.0114 2944 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2011/04/18 21:54:57.0208 2944 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
2011/04/18 21:54:57.0301 2944 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/04/18 21:54:57.0411 2944 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/04/18 21:54:57.0504 2944 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/04/18 21:54:57.0598 2944 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2011/04/18 21:54:57.0707 2944 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/04/18 21:54:57.0832 2944 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/18 21:54:57.0925 2944 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/18 21:54:58.0019 2944 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2011/04/18 21:54:58.0144 2944 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/04/18 21:54:58.0269 2944 winusb (676f4b665bdd8053eaa53ac1695b8074) C:\Windows\system32\DRIVERS\winusb.sys
2011/04/18 21:54:58.0393 2944 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
2011/04/18 21:54:58.0534 2944 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/04/18 21:54:58.0643 2944 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/04/18 21:54:58.0768 2944 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/04/18 21:54:58.0893 2944 ZMHHPAudioSrv (95a32e8dc49aef99a10502df85e473f7) C:\Windows\system32\drivers\zmhhpau.sys
2011/04/18 21:54:59.0002 2944 ================================================================================
2011/04/18 21:54:59.0080 2944 Scan finished
2011/04/18 21:54:59.0158 2944 ================================================================================
2011/04/18 21:54:59.0236 3816 Detected object count: 1
2011/04/18 21:55:13.0775 3816 Locked file(sptd) - User select action: Skip
2011/04/18 21:55:21.0169 1012 ================================================================================
2011/04/18 21:55:21.0247 1012 Scan started
2011/04/18 21:55:21.0325 1012 Mode: Manual;
2011/04/18 21:55:21.0403 1012 ================================================================================
2011/04/18 21:55:21.0840 1012 acedrv01 (9ad3ac19f5a9968db4297c4319d7cddb) C:\Windows\system32\drivers\acedrv01.sys
2011/04/18 21:55:21.0918 1012 acedrv02 (e00a398c09a6515769a4bc39e91064eb) C:\Windows\system32\drivers\acedrv02.sys
2011/04/18 21:55:22.0074 1012 acedrv03 (903de75450a5cc4b26c3d33e3a64fc58) C:\Windows\system32\drivers\acedrv03.sys
2011/04/18 21:55:22.0168 1012 acedrv04 (2d838d7ce9b7cdafdec7ed43cc99fa1e) C:\Windows\system32\drivers\acedrv04.sys
2011/04/18 21:55:22.0261 1012 acedrv05 (0a1e97197609f92d2425b67da0bb0a7f) C:\Windows\system32\drivers\acedrv05.sys
2011/04/18 21:55:22.0355 1012 acedrv06 (44010948bde6ade50dd1386657c73e83) C:\Windows\system32\drivers\acedrv06.sys
2011/04/18 21:55:22.0449 1012 acedrv07 (4e5451dd0aec8504d7f8030dd2d4c416) C:\Windows\system32\drivers\acedrv07.sys
2011/04/18 21:55:22.0573 1012 ACEDRV09 (ec818aed40e3359fe49ddb1700151e56) C:\Windows\system32\drivers\ACEDRV09.sys
2011/04/18 21:55:22.0683 1012 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/04/18 21:55:22.0792 1012 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2011/04/18 21:55:22.0901 1012 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2011/04/18 21:55:22.0995 1012 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2011/04/18 21:55:23.0088 1012 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2011/04/18 21:55:23.0197 1012 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2011/04/18 21:55:23.0291 1012 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
2011/04/18 21:55:23.0385 1012 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/04/18 21:55:23.0494 1012 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
2011/04/18 21:55:23.0587 1012 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
2011/04/18 21:55:23.0681 1012 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
2011/04/18 21:55:23.0775 1012 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2011/04/18 21:55:23.0868 1012 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
2011/04/18 21:55:23.0962 1012 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2011/04/18 21:55:24.0055 1012 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2011/04/18 21:55:24.0165 1012 AsIO (663f2fb92608073824ee3106886120f3) C:\Windows\system32\drivers\AsIO.sys
2011/04/18 21:55:24.0258 1012 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/04/18 21:55:24.0352 1012 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/04/18 21:55:24.0477 1012 AtcL001 (55907c61656449ca8534c323d6eabc89) C:\Windows\system32\DRIVERS\l160x86.sys
2011/04/18 21:55:24.0586 1012 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/04/18 21:55:24.0711 1012 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
2011/04/18 21:55:24.0960 1012 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/04/18 21:55:25.0054 1012 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/04/18 21:55:25.0147 1012 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/04/18 21:55:25.0241 1012 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/04/18 21:55:25.0350 1012 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/04/18 21:55:25.0459 1012 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/04/18 21:55:25.0553 1012 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/04/18 21:55:25.0678 1012 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/04/18 21:55:25.0803 1012 cdrbsdrv (e0042bd5bef17a6a3ef1df576bde24d1) C:\Windows\system32\drivers\cdrbsdrv.sys
2011/04/18 21:55:25.0912 1012 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/04/18 21:55:26.0005 1012 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2011/04/18 21:55:26.0099 1012 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/04/18 21:55:26.0193 1012 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
2011/04/18 21:55:26.0271 1012 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
2011/04/18 21:55:26.0364 1012 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2011/04/18 21:55:26.0458 1012 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2011/04/18 21:55:26.0567 1012 CSC (9bdb2e89be8d0ef37b1f25c3d3fc192c) C:\Windows\system32\drivers\csc.sys
2011/04/18 21:55:26.0739 1012 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2011/04/18 21:55:26.0832 1012 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/04/18 21:55:26.0957 1012 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/04/18 21:55:27.0082 1012 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/04/18 21:55:27.0175 1012 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/04/18 21:55:27.0285 1012 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/04/18 21:55:27.0394 1012 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2011/04/18 21:55:27.0503 1012 ENTECH (16ebd8bf1d5090923694cc972c7ce1b4) C:\Windows\system32\DRIVERS\ENTECH.sys
2011/04/18 21:55:27.0612 1012 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/04/18 21:55:27.0721 1012 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/04/18 21:55:27.0831 1012 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/04/18 21:55:27.0940 1012 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/04/18 21:55:28.0049 1012 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/04/18 21:55:28.0143 1012 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/04/18 21:55:28.0236 1012 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/04/18 21:55:28.0330 1012 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/04/18 21:55:28.0423 1012 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2011/04/18 21:55:28.0517 1012 giveio (77ebf3e9386daa51551af429052d88d0) C:\Windows\system32\giveio.sys
2011/04/18 21:55:28.0704 1012 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/04/18 21:55:28.0876 1012 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/04/18 21:55:28.0969 1012 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/04/18 21:55:29.0063 1012 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/04/18 21:55:29.0172 1012 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/04/18 21:55:29.0281 1012 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2011/04/18 21:55:29.0437 1012 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/04/18 21:55:29.0547 1012 hwinterface (448bb2fe30f1dde9eaa4f0e87b52b687) C:\Windows\system32\Drivers\hwinterface.sys
2011/04/18 21:55:29.0640 1012 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2011/04/18 21:55:29.0749 1012 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/04/18 21:55:29.0859 1012 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2011/04/18 21:55:29.0952 1012 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/04/18 21:55:30.0108 1012 IntcAzAudAddService (c3c499a704a2d7958d9d7e5a9db60ce4) C:\Windows\system32\drivers\RTKVHDA.sys
2011/04/18 21:55:30.0202 1012 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
2011/04/18 21:55:30.0295 1012 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/04/18 21:55:30.0405 1012 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/04/18 21:55:30.0514 1012 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2011/04/18 21:55:30.0623 1012 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/04/18 21:55:30.0732 1012 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/04/18 21:55:30.0919 1012 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
2011/04/18 21:55:31.0013 1012 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/04/18 21:55:31.0122 1012 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/04/18 21:55:31.0216 1012 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/04/18 21:55:31.0309 1012 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/04/18 21:55:31.0419 1012 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/04/18 21:55:31.0543 1012 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/04/18 21:55:31.0637 1012 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/04/18 21:55:31.0731 1012 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2011/04/18 21:55:31.0887 1012 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2011/04/18 21:55:31.0980 1012 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2011/04/18 21:55:32.0105 1012 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/04/18 21:55:32.0230 1012 LVcKap (fb548ff809634bfa866312b37d8a18ae) C:\Windows\system32\DRIVERS\LVcKap.sys
2011/04/18 21:55:32.0370 1012 MA_CMIDI (6d03a526eeded908759ca8c0e581494d) C:\Windows\system32\drivers\ma_cmidi.sys
2011/04/18 21:55:32.0464 1012 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2011/04/18 21:55:32.0557 1012 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/04/18 21:55:32.0651 1012 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/04/18 21:55:32.0823 1012 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/04/18 21:55:32.0901 1012 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/04/18 21:55:32.0994 1012 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/04/18 21:55:33.0088 1012 MpFilter (7e34bfa1a7b60bba1da03d677f16cd63) C:\Windows\system32\DRIVERS\MpFilter.sys
2011/04/18 21:55:33.0181 1012 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2011/04/18 21:55:33.0337 1012 MpKsl468d1c93 (5f53edfead46fa7adb78eee9ecce8fdf) C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{28362D98-116C-4D55-972A-0C80168712ED}\MpKsl468d1c93.sys
2011/04/18 21:55:33.0431 1012 MpNWMon (f32e2d6a1640a469a9ed4f1929a4a861) C:\Windows\system32\DRIVERS\MpNWMon.sys
2011/04/18 21:55:33.0525 1012 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/04/18 21:55:33.0634 1012 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/04/18 21:55:33.0743 1012 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/04/18 21:55:33.0930 1012 mrxsmb (5fe5cf325f5b02ebc60832d3440cb414) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/04/18 21:55:34.0024 1012 mrxsmb10 (30b9c769446af379a2afb72b0392604d) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/04/18 21:55:34.0117 1012 mrxsmb20 (fea239b3ec4877e2b7e23204af589ddf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/04/18 21:55:34.0195 1012 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
2011/04/18 21:55:34.0289 1012 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2011/04/18 21:55:34.0414 1012 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/04/18 21:55:34.0523 1012 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/04/18 21:55:34.0663 1012 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/04/18 21:55:34.0757 1012 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/04/18 21:55:34.0913 1012 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/04/18 21:55:35.0007 1012 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/04/18 21:55:35.0100 1012 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/04/18 21:55:35.0194 1012 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/04/18 21:55:35.0287 1012 MTsensor (dcdaab8697a47894a554050ce18d0b56) C:\Windows\system32\DRIVERS\ASACPI.sys
2011/04/18 21:55:35.0381 1012 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/04/18 21:55:35.0490 1012 mv61xx (a83992c275b745b58fa1fa69847fa446) C:\Windows\system32\DRIVERS\mv61xx.sys
2011/04/18 21:55:35.0599 1012 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/04/18 21:55:35.0724 1012 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/04/18 21:55:35.0849 1012 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/04/18 21:55:35.0943 1012 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/04/18 21:55:36.0036 1012 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/04/18 21:55:36.0192 1012 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/04/18 21:55:36.0270 1012 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/04/18 21:55:36.0364 1012 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/04/18 21:55:36.0489 1012 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/04/18 21:55:36.0598 1012 NisDrv (17e2c08c5ecfbe94a7c67b1c275ee9d9) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
2011/04/18 21:55:36.0707 1012 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/04/18 21:55:37.0035 1012 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/04/18 21:55:37.0159 1012 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/04/18 21:55:37.0253 1012 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/04/18 21:55:37.0347 1012 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/04/18 21:55:37.0612 1012 nvlddmkm (bd409de5681c74c1de51d72427dc202d) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/04/18 21:55:37.0830 1012 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
2011/04/18 21:55:37.0986 1012 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
2011/04/18 21:55:38.0080 1012 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
2011/04/18 21:55:38.0189 1012 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
2011/04/18 21:55:38.0283 1012 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/04/18 21:55:38.0392 1012 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/04/18 21:55:38.0485 1012 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/04/18 21:55:38.0595 1012 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/04/18 21:55:38.0688 1012 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
2011/04/18 21:55:38.0782 1012 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/04/18 21:55:38.0891 1012 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/04/18 21:55:39.0031 1012 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/04/18 21:55:39.0109 1012 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2011/04/18 21:55:39.0219 1012 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/04/18 21:55:39.0328 1012 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2011/04/18 21:55:39.0421 1012 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/04/18 21:55:39.0531 1012 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/04/18 21:55:39.0655 1012 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/04/18 21:55:39.0749 1012 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/04/18 21:55:39.0905 1012 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/04/18 21:55:39.0999 1012 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/04/18 21:55:40.0108 1012 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/04/18 21:55:40.0217 1012 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/04/18 21:55:40.0326 1012 rdpdr (943b18305eae3935598a9b4a3d560b4c) C:\Windows\system32\DRIVERS\rdpdr.sys
2011/04/18 21:55:40.0404 1012 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/04/18 21:55:40.0498 1012 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/04/18 21:55:40.0607 1012 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/04/18 21:55:40.0716 1012 SaiH0BAC (3252d5571633e0b244541615d6252358) C:\Windows\system32\DRIVERS\SaiH0BAC.sys
2011/04/18 21:55:40.0825 1012 SaiMini (191b8f3b3dfa1e199d398dbc0c09544e) C:\Windows\system32\DRIVERS\SaiMini.sys
2011/04/18 21:55:40.0997 1012 SaiNtBus (534161d0a07014a7d81c6721a7ae6c08) C:\Windows\system32\drivers\SaiBus.sys
2011/04/18 21:55:41.0106 1012 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) E:\superantispyware\SASDIFSV.SYS
2011/04/18 21:55:41.0200 1012 SASKUTIL (61db0d0756a99506207fd724e3692b25) E:\superantispyware\SASKUTIL.SYS
2011/04/18 21:55:41.0309 1012 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/04/18 21:55:41.0418 1012 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/04/18 21:55:41.0512 1012 Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
2011/04/18 21:55:41.0605 1012 Serial (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
2011/04/18 21:55:41.0715 1012 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/04/18 21:55:41.0824 1012 sfdrv01 (aad95fe3e005489c7156fa111f744eaf) C:\Windows\system32\drivers\sfdrv01.sys
2011/04/18 21:55:41.0917 1012 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
2011/04/18 21:55:42.0011 1012 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
2011/04/18 21:55:42.0105 1012 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
2011/04/18 21:55:42.0198 1012 sfhlp02 (daad4c099ebf5094d32c373ac1ac0f3c) C:\Windows\system32\drivers\sfhlp02.sys
2011/04/18 21:55:42.0292 1012 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/04/18 21:55:42.0385 1012 sfsync02 (6dc03269f4c71e4ab313c3597f42a340) C:\Windows\system32\drivers\sfsync02.sys
2011/04/18 21:55:42.0495 1012 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
2011/04/18 21:55:42.0588 1012 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2011/04/18 21:55:42.0666 1012 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2011/04/18 21:55:42.0775 1012 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/04/18 21:55:42.0885 1012 snapman (e78c98378a071ce4d48a7c514fa98fa1) C:\Windows\system32\DRIVERS\snapman.sys
2011/04/18 21:55:43.0041 1012 speedfan (5d6401db90ec81b71f8e2c5c8f0fef23) C:\Windows\system32\speedfan.sys
2011/04/18 21:55:43.0134 1012 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/04/18 21:55:43.0243 1012 sptd (d390675b8ce45e5fb359338e5e649329) C:\Windows\system32\Drivers\sptd.sys
2011/04/18 21:55:43.0321 1012 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: d390675b8ce45e5fb359338e5e649329
2011/04/18 21:55:43.0399 1012 sptd - detected Locked file (1)
2011/04/18 21:55:43.0493 1012 Spyder3 (1c63fe706ab797bc3c24813ff969b4de) C:\Windows\system32\DRIVERS\Spyder3.sys
2011/04/18 21:55:43.0618 1012 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
2011/04/18 21:55:43.0727 1012 srv2 (a5940ca32ed206f90be9fabdf6e92de4) C:\Windows\system32\DRIVERS\srv2.sys
2011/04/18 21:55:43.0914 1012 srvnet (37aa1d560d5fa486c4b11c2f276ada61) C:\Windows\system32\DRIVERS\srvnet.sys
2011/04/18 21:55:44.0086 1012 StillCam (ef70b3d22b4bffda6ea851ecb063efaa) C:\Windows\system32\DRIVERS\serscan.sys
2011/04/18 21:55:44.0179 1012 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/04/18 21:55:44.0273 1012 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/04/18 21:55:44.0367 1012 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/04/18 21:55:44.0445 1012 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/04/18 21:55:44.0538 1012 SynasUSB (418bd80a7fefaa3fcbd3dcfc021cb294) C:\Windows\system32\drivers\SynasUSB.sys
2011/04/18 21:55:44.0647 1012 tapoas (e0852664bc1c525d93d77ecaa7f5a9a6) C:\Windows\system32\DRIVERS\tapoas.sys
2011/04/18 21:55:44.0772 1012 Tcpip (6a10afce0b38371064be41c1fbfd3c6b) C:\Windows\system32\drivers\tcpip.sys
2011/04/18 21:55:44.0866 1012 Tcpip6 (6a10afce0b38371064be41c1fbfd3c6b) C:\Windows\system32\DRIVERS\tcpip.sys
2011/04/18 21:55:44.0975 1012 tcpipreg (9bf343f4c878d6ad6922b2c5a4fefe0d) C:\Windows\system32\drivers\tcpipreg.sys
2011/04/18 21:55:45.0084 1012 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/04/18 21:55:45.0162 1012 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/04/18 21:55:45.0256 1012 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/04/18 21:55:45.0365 1012 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/04/18 21:55:45.0474 1012 tifsfilter (b84b82c0cbeb1b0d7eb7a946bade5830) C:\Windows\system32\DRIVERS\tifsfilt.sys
2011/04/18 21:55:45.0568 1012 timounter (74711884439bdf9ccf446c79cb05fac0) C:\Windows\system32\DRIVERS\timntr.sys
2011/04/18 21:55:45.0677 1012 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/04/18 21:55:45.0786 1012 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/04/18 21:55:45.0895 1012 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/04/18 21:55:46.0005 1012 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2011/04/18 21:55:46.0098 1012 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/04/18 21:55:46.0207 1012 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
2011/04/18 21:55:46.0301 1012 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2011/04/18 21:55:46.0395 1012 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/04/18 21:55:46.0488 1012 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/04/18 21:55:46.0597 1012 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/04/18 21:55:46.0691 1012 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
2011/04/18 21:55:46.0800 1012 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/04/18 21:55:46.0894 1012 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/04/18 21:55:46.0987 1012 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/04/18 21:55:47.0097 1012 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/04/18 21:55:47.0206 1012 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/04/18 21:55:47.0284 1012 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
2011/04/18 21:55:47.0393 1012 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2011/04/18 21:55:47.0487 1012 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/04/18 21:55:47.0596 1012 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/04/18 21:55:47.0689 1012 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
2011/04/18 21:55:47.0799 1012 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/04/18 21:55:47.0923 1012 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/04/18 21:55:48.0173 1012 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
2011/04/18 21:55:48.0267 1012 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2011/04/18 21:55:48.0360 1012 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
2011/04/18 21:55:48.0454 1012 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/04/18 21:55:48.0563 1012 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/04/18 21:55:48.0657 1012 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/04/18 21:55:48.0750 1012 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2011/04/18 21:55:48.0859 1012 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/04/18 21:55:48.0953 1012 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/18 21:55:49.0093 1012 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/18 21:55:49.0203 1012 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2011/04/18 21:55:49.0312 1012 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/04/18 21:55:49.0437 1012 winusb (676f4b665bdd8053eaa53ac1695b8074) C:\Windows\system32\DRIVERS\winusb.sys
2011/04/18 21:55:49.0530 1012 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
2011/04/18 21:55:49.0639 1012 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/04/18 21:55:49.0733 1012 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/04/18 21:55:49.0905 1012 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/04/18 21:55:50.0014 1012 ZMHHPAudioSrv (95a32e8dc49aef99a10502df85e473f7) C:\Windows\system32\drivers\zmhhpau.sys
2011/04/18 21:55:50.0123 1012 ================================================================================
2011/04/18 21:55:50.0201 1012 Scan finished
2011/04/18 21:55:50.0279 1012 ================================================================================
2011/04/18 21:55:50.0357 3992 Detected object count: 1
2011/04/18 21:56:02.0416 3992 HKLM\SYSTEM\ControlSet001\services\sptd - will be deleted after reboot
2011/04/18 21:56:02.0525 3992 HKLM\SYSTEM\ControlSet003\services\sptd - will be deleted after reboot
2011/04/18 21:56:02.0603 3992 C:\Windows\system32\Drivers\sptd.sys - will be deleted after reboot
2011/04/18 21:56:02.0681 3992 Locked file(sptd) - User select action: Delete
2011/04/18 21:56:11.0089 3412 Deinitialize success

Der Scan von soeben hat nichts gefunden:

Zitat:

2011/04/18 22:58:12.0844 2856 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/18 22:58:13.0109 2856 ================================================================================
2011/04/18 22:58:13.0109 2856 SystemInfo:
2011/04/18 22:58:13.0109 2856
2011/04/18 22:58:13.0109 2856 OS Version: 6.0.6002 ServicePack: 2.0
2011/04/18 22:58:13.0187 2856 Product type: Workstation
2011/04/18 22:58:13.0265 2856 ComputerName: VISTA
2011/04/18 22:58:13.0343 2856 UserName: Heiko
2011/04/18 22:58:13.0452 2856 Windows directory: C:\Windows
2011/04/18 22:58:13.0530 2856 System windows directory: C:\Windows
2011/04/18 22:58:13.0608 2856 Processor architecture: Intel x86
2011/04/18 22:58:13.0686 2856 Number of processors: 2
2011/04/18 22:58:13.0764 2856 Page size: 0x1000
2011/04/18 22:58:13.0874 2856 Boot type: Normal boot
2011/04/18 22:58:13.0952 2856 ================================================================================
2011/04/18 22:58:15.0402 2856 Initialize success
2011/04/18 22:58:18.0413 2724 ================================================================================
2011/04/18 22:58:18.0491 2724 Scan started
2011/04/18 22:58:18.0569 2724 Mode: Manual;
2011/04/18 22:58:18.0647 2724 ================================================================================
2011/04/18 22:58:19.0708 2724 acedrv01 (9ad3ac19f5a9968db4297c4319d7cddb) C:\Windows\system32\drivers\acedrv01.sys
2011/04/18 22:58:19.0802 2724 acedrv02 (e00a398c09a6515769a4bc39e91064eb) C:\Windows\system32\drivers\acedrv02.sys
2011/04/18 22:58:19.0895 2724 acedrv03 (903de75450a5cc4b26c3d33e3a64fc58) C:\Windows\system32\drivers\acedrv03.sys
2011/04/18 22:58:19.0989 2724 acedrv04 (2d838d7ce9b7cdafdec7ed43cc99fa1e) C:\Windows\system32\drivers\acedrv04.sys
2011/04/18 22:58:20.0082 2724 acedrv05 (0a1e97197609f92d2425b67da0bb0a7f) C:\Windows\system32\drivers\acedrv05.sys
2011/04/18 22:58:20.0176 2724 acedrv06 (44010948bde6ade50dd1386657c73e83) C:\Windows\system32\drivers\acedrv06.sys
2011/04/18 22:58:20.0192 2724 acedrv07 (4e5451dd0aec8504d7f8030dd2d4c416) C:\Windows\system32\drivers\acedrv07.sys
2011/04/18 22:58:20.0316 2724 ACEDRV09 (ec818aed40e3359fe49ddb1700151e56) C:\Windows\system32\drivers\ACEDRV09.sys
2011/04/18 22:58:20.0426 2724 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/04/18 22:58:20.0566 2724 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2011/04/18 22:58:20.0675 2724 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2011/04/18 22:58:20.0769 2724 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2011/04/18 22:58:20.0862 2724 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2011/04/18 22:58:21.0003 2724 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2011/04/18 22:58:21.0112 2724 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
2011/04/18 22:58:21.0221 2724 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/04/18 22:58:21.0315 2724 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
2011/04/18 22:58:21.0408 2724 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
2011/04/18 22:58:21.0502 2724 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
2011/04/18 22:58:21.0596 2724 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2011/04/18 22:58:21.0689 2724 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
2011/04/18 22:58:21.0783 2724 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2011/04/18 22:58:21.0861 2724 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2011/04/18 22:58:21.0923 2724 AsIO (663f2fb92608073824ee3106886120f3) C:\Windows\system32\drivers\AsIO.sys
2011/04/18 22:58:22.0032 2724 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/04/18 22:58:22.0142 2724 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/04/18 22:58:22.0266 2724 AtcL001 (55907c61656449ca8534c323d6eabc89) C:\Windows\system32\DRIVERS\l160x86.sys
2011/04/18 22:58:22.0438 2724 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/04/18 22:58:22.0578 2724 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
2011/04/18 22:58:22.0672 2724 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/04/18 22:58:22.0766 2724 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/04/18 22:58:22.0859 2724 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/04/18 22:58:22.0953 2724 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/04/18 22:58:23.0046 2724 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/04/18 22:58:23.0140 2724 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/04/18 22:58:23.0234 2724 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/04/18 22:58:23.0374 2724 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/04/18 22:58:23.0483 2724 cdrbsdrv (e0042bd5bef17a6a3ef1df576bde24d1) C:\Windows\system32\drivers\cdrbsdrv.sys
2011/04/18 22:58:23.0592 2724 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/04/18 22:58:23.0702 2724 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2011/04/18 22:58:23.0811 2724 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/04/18 22:58:23.0920 2724 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
2011/04/18 22:58:23.0998 2724 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
2011/04/18 22:58:24.0092 2724 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2011/04/18 22:58:24.0185 2724 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2011/04/18 22:58:24.0294 2724 CSC (9bdb2e89be8d0ef37b1f25c3d3fc192c) C:\Windows\system32\drivers\csc.sys
2011/04/18 22:58:24.0404 2724 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2011/04/18 22:58:24.0622 2724 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/04/18 22:58:24.0747 2724 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/04/18 22:58:24.0856 2724 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/04/18 22:58:24.0965 2724 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/04/18 22:58:25.0074 2724 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/04/18 22:58:25.0184 2724 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2011/04/18 22:58:25.0308 2724 ENTECH (16ebd8bf1d5090923694cc972c7ce1b4) C:\Windows\system32\DRIVERS\ENTECH.sys
2011/04/18 22:58:25.0449 2724 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/04/18 22:58:25.0542 2724 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/04/18 22:58:25.0652 2724 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/04/18 22:58:25.0714 2724 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/04/18 22:58:25.0823 2724 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/04/18 22:58:25.0901 2724 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/04/18 22:58:26.0010 2724 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/04/18 22:58:26.0135 2724 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/04/18 22:58:26.0229 2724 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2011/04/18 22:58:26.0338 2724 giveio (77ebf3e9386daa51551af429052d88d0) C:\Windows\system32\giveio.sys
2011/04/18 22:58:26.0478 2724 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/04/18 22:58:26.0588 2724 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/04/18 22:58:26.0681 2724 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/04/18 22:58:26.0775 2724 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/04/18 22:58:26.0868 2724 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/04/18 22:58:26.0978 2724 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2011/04/18 22:58:27.0165 2724 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/04/18 22:58:27.0274 2724 hwinterface (448bb2fe30f1dde9eaa4f0e87b52b687) C:\Windows\system32\Drivers\hwinterface.sys
2011/04/18 22:58:27.0368 2724 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2011/04/18 22:58:27.0477 2724 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/04/18 22:58:27.0586 2724 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2011/04/18 22:58:27.0695 2724 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/04/18 22:58:27.0882 2724 IntcAzAudAddService (c3c499a704a2d7958d9d7e5a9db60ce4) C:\Windows\system32\drivers\RTKVHDA.sys
2011/04/18 22:58:27.0992 2724 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
2011/04/18 22:58:28.0070 2724 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/04/18 22:58:28.0194 2724 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/04/18 22:58:28.0350 2724 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2011/04/18 22:58:28.0460 2724 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/04/18 22:58:28.0569 2724 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/04/18 22:58:28.0662 2724 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
2011/04/18 22:58:28.0756 2724 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/04/18 22:58:28.0850 2724 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/04/18 22:58:28.0959 2724 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/04/18 22:58:29.0068 2724 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/04/18 22:58:29.0177 2724 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/04/18 22:58:29.0364 2724 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/04/18 22:58:29.0489 2724 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/04/18 22:58:29.0661 2724 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2011/04/18 22:58:29.0754 2724 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2011/04/18 22:58:29.0864 2724 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2011/04/18 22:58:29.0973 2724 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/04/18 22:58:30.0129 2724 LVcKap (fb548ff809634bfa866312b37d8a18ae) C:\Windows\system32\DRIVERS\LVcKap.sys
2011/04/18 22:58:30.0300 2724 MA_CMIDI (6d03a526eeded908759ca8c0e581494d) C:\Windows\system32\drivers\ma_cmidi.sys
2011/04/18 22:58:30.0425 2724 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2011/04/18 22:58:30.0534 2724 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/04/18 22:58:30.0644 2724 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/04/18 22:58:30.0753 2724 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/04/18 22:58:30.0846 2724 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/04/18 22:58:30.0956 2724 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/04/18 22:58:31.0065 2724 MpFilter (7e34bfa1a7b60bba1da03d677f16cd63) C:\Windows\system32\DRIVERS\MpFilter.sys
2011/04/18 22:58:31.0174 2724 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2011/04/18 22:58:31.0283 2724 MpNWMon (f32e2d6a1640a469a9ed4f1929a4a861) C:\Windows\system32\DRIVERS\MpNWMon.sys
2011/04/18 22:58:31.0377 2724 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/04/18 22:58:31.0486 2724 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/04/18 22:58:31.0595 2724 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/04/18 22:58:31.0704 2724 mrxsmb (5fe5cf325f5b02ebc60832d3440cb414) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/04/18 22:58:31.0814 2724 mrxsmb10 (30b9c769446af379a2afb72b0392604d) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/04/18 22:58:31.0907 2724 mrxsmb20 (fea239b3ec4877e2b7e23204af589ddf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/04/18 22:58:32.0001 2724 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
2011/04/18 22:58:32.0094 2724 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2011/04/18 22:58:32.0204 2724 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/04/18 22:58:32.0328 2724 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/04/18 22:58:32.0531 2724 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/04/18 22:58:32.0656 2724 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/04/18 22:58:32.0750 2724 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/04/18 22:58:32.0843 2724 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/04/18 22:58:32.0937 2724 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/04/18 22:58:33.0046 2724 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/04/18 22:58:33.0155 2724 MTsensor (dcdaab8697a47894a554050ce18d0b56) C:\Windows\system32\DRIVERS\ASACPI.sys
2011/04/18 22:58:33.0233 2724 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/04/18 22:58:33.0342 2724 mv61xx (a83992c275b745b58fa1fa69847fa446) C:\Windows\system32\DRIVERS\mv61xx.sys
2011/04/18 22:58:33.0389 2724 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/04/18 22:58:33.0545 2724 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/04/18 22:58:33.0670 2724 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/04/18 22:58:33.0764 2724 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/04/18 22:58:33.0857 2724 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/04/18 22:58:33.0982 2724 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/04/18 22:58:34.0060 2724 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/04/18 22:58:34.0154 2724 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/04/18 22:58:34.0263 2724 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/04/18 22:58:34.0434 2724 NisDrv (17e2c08c5ecfbe94a7c67b1c275ee9d9) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
2011/04/18 22:58:34.0559 2724 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/04/18 22:58:34.0684 2724 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/04/18 22:58:34.0809 2724 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/04/18 22:58:34.0918 2724 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/04/18 22:58:35.0027 2724 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/04/18 22:58:35.0292 2724 nvlddmkm (bd409de5681c74c1de51d72427dc202d) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/04/18 22:58:35.0480 2724 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
2011/04/18 22:58:35.0573 2724 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
2011/04/18 22:58:35.0682 2724 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
2011/04/18 22:58:35.0807 2724 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
2011/04/18 22:58:35.0916 2724 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/04/18 22:58:36.0026 2724 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/04/18 22:58:36.0119 2724 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/04/18 22:58:36.0228 2724 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/04/18 22:58:36.0338 2724 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
2011/04/18 22:58:36.0431 2724 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/04/18 22:58:36.0556 2724 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/04/18 22:58:36.0681 2724 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/04/18 22:58:36.0790 2724 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2011/04/18 22:58:36.0899 2724 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/04/18 22:58:37.0024 2724 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2011/04/18 22:58:37.0118 2724 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/04/18 22:58:37.0242 2724 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/04/18 22:58:37.0383 2724 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/04/18 22:58:37.0492 2724 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/04/18 22:58:37.0586 2724 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/04/18 22:58:37.0679 2724 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/04/18 22:58:37.0788 2724 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/04/18 22:58:37.0882 2724 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/04/18 22:58:37.0991 2724 rdpdr (943b18305eae3935598a9b4a3d560b4c) C:\Windows\system32\DRIVERS\rdpdr.sys
2011/04/18 22:58:38.0069 2724 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/04/18 22:58:38.0163 2724 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/04/18 22:58:38.0272 2724 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/04/18 22:58:38.0397 2724 SaiH0BAC (3252d5571633e0b244541615d6252358) C:\Windows\system32\DRIVERS\SaiH0BAC.sys
2011/04/18 22:58:38.0506 2724 SaiMini (191b8f3b3dfa1e199d398dbc0c09544e) C:\Windows\system32\DRIVERS\SaiMini.sys
2011/04/18 22:58:38.0600 2724 SaiNtBus (534161d0a07014a7d81c6721a7ae6c08) C:\Windows\system32\drivers\SaiBus.sys
2011/04/18 22:58:38.0724 2724 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) E:\superantispyware\SASDIFSV.SYS
2011/04/18 22:58:38.0818 2724 SASKUTIL (61db0d0756a99506207fd724e3692b25) E:\superantispyware\SASKUTIL.SYS
2011/04/18 22:58:38.0927 2724 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/04/18 22:58:39.0052 2724 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/04/18 22:58:39.0161 2724 Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
2011/04/18 22:58:39.0239 2724 Serial (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
2011/04/18 22:58:39.0364 2724 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/04/18 22:58:39.0504 2724 sfdrv01 (aad95fe3e005489c7156fa111f744eaf) C:\Windows\system32\drivers\sfdrv01.sys
2011/04/18 22:58:39.0598 2724 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
2011/04/18 22:58:39.0692 2724 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
2011/04/18 22:58:39.0910 2724 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
2011/04/18 22:58:40.0004 2724 sfhlp02 (daad4c099ebf5094d32c373ac1ac0f3c) C:\Windows\system32\drivers\sfhlp02.sys
2011/04/18 22:58:40.0097 2724 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/04/18 22:58:40.0206 2724 sfsync02 (6dc03269f4c71e4ab313c3597f42a340) C:\Windows\system32\drivers\sfsync02.sys
2011/04/18 22:58:40.0300 2724 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
2011/04/18 22:58:40.0394 2724 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2011/04/18 22:58:40.0487 2724 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2011/04/18 22:58:40.0596 2724 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/04/18 22:58:40.0721 2724 snapman (e78c98378a071ce4d48a7c514fa98fa1) C:\Windows\system32\DRIVERS\snapman.sys
2011/04/18 22:58:40.0846 2724 speedfan (5d6401db90ec81b71f8e2c5c8f0fef23) C:\Windows\system32\speedfan.sys
2011/04/18 22:58:40.0940 2724 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/04/18 22:58:41.0033 2724 Spyder3 (1c63fe706ab797bc3c24813ff969b4de) C:\Windows\system32\DRIVERS\Spyder3.sys
2011/04/18 22:58:41.0158 2724 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
2011/04/18 22:58:41.0267 2724 srv2 (a5940ca32ed206f90be9fabdf6e92de4) C:\Windows\system32\DRIVERS\srv2.sys
2011/04/18 22:58:41.0376 2724 srvnet (37aa1d560d5fa486c4b11c2f276ada61) C:\Windows\system32\DRIVERS\srvnet.sys
2011/04/18 22:58:41.0579 2724 StillCam (ef70b3d22b4bffda6ea851ecb063efaa) C:\Windows\system32\DRIVERS\serscan.sys
2011/04/18 22:58:41.0688 2724 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/04/18 22:58:41.0798 2724 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/04/18 22:58:41.0907 2724 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/04/18 22:58:41.0985 2724 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/04/18 22:58:42.0094 2724 SynasUSB (418bd80a7fefaa3fcbd3dcfc021cb294) C:\Windows\system32\drivers\SynasUSB.sys
2011/04/18 22:58:42.0219 2724 tapoas (e0852664bc1c525d93d77ecaa7f5a9a6) C:\Windows\system32\DRIVERS\tapoas.sys
2011/04/18 22:58:42.0359 2724 Tcpip (6a10afce0b38371064be41c1fbfd3c6b) C:\Windows\system32\drivers\tcpip.sys
2011/04/18 22:58:42.0515 2724 Tcpip6 (6a10afce0b38371064be41c1fbfd3c6b) C:\Windows\system32\DRIVERS\tcpip.sys
2011/04/18 22:58:42.0624 2724 tcpipreg (9bf343f4c878d6ad6922b2c5a4fefe0d) C:\Windows\system32\drivers\tcpipreg.sys
2011/04/18 22:58:42.0734 2724 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/04/18 22:58:42.0827 2724 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/04/18 22:58:42.0921 2724 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/04/18 22:58:43.0030 2724 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/04/18 22:58:43.0155 2724 tifsfilter (b84b82c0cbeb1b0d7eb7a946bade5830) C:\Windows\system32\DRIVERS\tifsfilt.sys
2011/04/18 22:58:43.0248 2724 timounter (74711884439bdf9ccf446c79cb05fac0) C:\Windows\system32\DRIVERS\timntr.sys
2011/04/18 22:58:43.0358 2724 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/04/18 22:58:43.0467 2724 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/04/18 22:58:43.0592 2724 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/04/18 22:58:43.0701 2724 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2011/04/18 22:58:43.0810 2724 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/04/18 22:58:43.0919 2724 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
2011/04/18 22:58:44.0013 2724 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2011/04/18 22:58:44.0122 2724 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/04/18 22:58:44.0216 2724 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/04/18 22:58:44.0325 2724 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/04/18 22:58:44.0450 2724 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
2011/04/18 22:58:44.0574 2724 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/04/18 22:58:44.0668 2724 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/04/18 22:58:44.0762 2724 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/04/18 22:58:44.0871 2724 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/04/18 22:58:44.0964 2724 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/04/18 22:58:45.0042 2724 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
2011/04/18 22:58:45.0167 2724 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2011/04/18 22:58:45.0261 2724 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/04/18 22:58:45.0370 2724 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/04/18 22:58:45.0479 2724 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
2011/04/18 22:58:45.0620 2724 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/04/18 22:58:45.0744 2724 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/04/18 22:58:45.0838 2724 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
2011/04/18 22:58:45.0932 2724 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2011/04/18 22:58:46.0025 2724 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
2011/04/18 22:58:46.0119 2724 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/04/18 22:58:46.0228 2724 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/04/18 22:58:46.0322 2724 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/04/18 22:58:46.0431 2724 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2011/04/18 22:58:46.0556 2724 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/04/18 22:58:46.0665 2724 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/18 22:58:46.0743 2724 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/18 22:58:46.0852 2724 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2011/04/18 22:58:46.0977 2724 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/04/18 22:58:47.0102 2724 winusb (676f4b665bdd8053eaa53ac1695b8074) C:\Windows\system32\DRIVERS\winusb.sys
2011/04/18 22:58:47.0226 2724 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
2011/04/18 22:58:47.0336 2724 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/04/18 22:58:47.0492 2724 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/04/18 22:58:47.0601 2724 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/04/18 22:58:47.0726 2724 ZMHHPAudioSrv (95a32e8dc49aef99a10502df85e473f7) C:\Windows\system32\drivers\zmhhpau.sys
2011/04/18 22:58:47.0835 2724 ================================================================================
2011/04/18 22:58:47.0913 2724 Scan finished
2011/04/18 22:58:47.0991 2724 ================================================================================

cosinus · 19.04.2011, 10:40

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.

Dann folgende Anleitung durchlesen und abarbeiten -> CCleaner Systembereinigung

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

habe · 19.04.2011, 18:35

Guten Abend!

Ich habe das Gefühl, ComboFix läuft nicht durch. Ich habs gegen 15:00 Uhr gestartet, bis jetzt sind nur zwei Fertiggestellt-Meldungen aufgetaucht (Stufe 1 und 2) ... wie lange kann sowas dauern?

Ist schon der zweite Versuch, das Programm laufen zu lassen, beim ersten Mal dachte ich, es hat sich weggehängt, weil nach über 2 Stunden überhaupt nichts kam, und der Prozessor und sämtliche Ressourcen waren komplett "still", genauso wie jetzt wieder.

Was soll ich tun?

habe · 19.04.2011, 19:28

Das Problem saß wie so oft vor dem Bildschirm, hab an alles gedacht, außer das Deaktivieren der Firewall...

Hier das ComboFix-Log:

Zitat:

Combofix Logfile:

Code:

ATTFilter

ComboFix 11-04-18.02 - Heiko 19.04.2011  20:09:09.2.2 - x86
Microsoft® Windows Vista™ Business   6.0.6002.2.1252.49.1031.18.3326.1878 [GMT 2:00]
ausgeführt von:: c:\users\Heiko\Desktop\cofi.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Adobe Systems
c:\programdata\Adobe Systems\Product licenses\B2C03000.dat
c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
c:\programdata\Microsoft\Network\Downloader\qmgr1.dat
c:\users\Heiko\AppData\Local\Temp\sfamcc00001.dll
c:\users\Heiko\AppData\Local\Temp\sfareca00001.dll
c:\users\Heiko\EULA.txt
c:\windows\system32\drivers\hwinterface.sys
c:\windows\system32\html
c:\windows\system32\html\calendar.html
c:\windows\system32\html\calendarbottom.html
c:\windows\system32\html\calendartop.html
c:\windows\system32\html\crystalexportdialog.htm
c:\windows\system32\html\crystalprinthost.html
c:\windows\system32\images
c:\windows\system32\images\toolbar\calendar.gif
c:\windows\system32\images\toolbar\crlogo.gif
c:\windows\system32\images\toolbar\export.gif
c:\windows\system32\images\toolbar\export_over.gif
c:\windows\system32\images\toolbar\exportd.gif
c:\windows\system32\images\toolbar\First.gif
c:\windows\system32\images\toolbar\first_over.gif
c:\windows\system32\images\toolbar\Firstd.gif
c:\windows\system32\images\toolbar\gotopage.gif
c:\windows\system32\images\toolbar\gotopage_over.gif
c:\windows\system32\images\toolbar\gotopaged.gif
c:\windows\system32\images\toolbar\grouptree.gif
c:\windows\system32\images\toolbar\grouptree_over.gif
c:\windows\system32\images\toolbar\grouptreed.gif
c:\windows\system32\images\toolbar\grouptreepressed.gif
c:\windows\system32\images\toolbar\Last.gif
c:\windows\system32\images\toolbar\last_over.gif
c:\windows\system32\images\toolbar\Lastd.gif
c:\windows\system32\images\toolbar\Next.gif
c:\windows\system32\images\toolbar\next_over.gif
c:\windows\system32\images\toolbar\Nextd.gif
c:\windows\system32\images\toolbar\Prev.gif
c:\windows\system32\images\toolbar\prev_over.gif
c:\windows\system32\images\toolbar\Prevd.gif
c:\windows\system32\images\toolbar\print.gif
c:\windows\system32\images\toolbar\print_over.gif
c:\windows\system32\images\toolbar\printd.gif
c:\windows\system32\images\toolbar\Refresh.gif
c:\windows\system32\images\toolbar\refresh_over.gif
c:\windows\system32\images\toolbar\refreshd.gif
c:\windows\system32\images\toolbar\Search.gif
c:\windows\system32\images\toolbar\search_over.gif
c:\windows\system32\images\toolbar\searchd.gif
c:\windows\system32\images\toolbar\up.gif
c:\windows\system32\images\toolbar\up_over.gif
c:\windows\system32\images\toolbar\upd.gif
c:\windows\system32\images\tree\begindots.gif
c:\windows\system32\images\tree\beginminus.gif
c:\windows\system32\images\tree\beginplus.gif
c:\windows\system32\images\tree\blank.gif
c:\windows\system32\images\tree\blankdots.gif
c:\windows\system32\images\tree\dots.gif
c:\windows\system32\images\tree\lastdots.gif
c:\windows\system32\images\tree\lastminus.gif
c:\windows\system32\images\tree\lastplus.gif
c:\windows\system32\images\tree\Magnify.gif
c:\windows\system32\images\tree\minus.gif
c:\windows\system32\images\tree\minusbox.gif
c:\windows\system32\images\tree\plus.gif
c:\windows\system32\images\tree\plusbox.gif
c:\windows\system32\images\tree\singleminus.gif
c:\windows\system32\images\tree\singleplus.gif
.
----- BITS: Eventuell infizierte Webseiten -----
.
hxxp://www.hhdsoftware.com
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_usnjsvc
-------\Legacy_hwinterface
-------\Service_hwinterface
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-03-19 bis 2011-04-19  ))))))))))))))))))))))))))))))
.
.
2011-04-19 18:13 . 2011-04-19 18:16	--------	d-----w-	c:\users\Heiko\AppData\Local\temp
2011-04-19 18:13 . 2011-04-19 18:13	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-04-19 18:13 . 2011-04-19 18:13	--------	d-----w-	c:\users\Administrator\AppData\Local\temp
2011-04-19 10:11 . 2011-04-19 10:11	--------	d-----w-	c:\program files\CCleaner
2011-04-19 09:53 . 2011-04-11 07:04	7071056	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A308A4AE-2FC1-4156-A5D9-8B76C067CCE8}\mpengine.dll
2011-04-18 20:40 . 2011-04-18 20:40	--------	d-----w-	C:\_OTL
2011-04-18 15:47 . 2011-04-18 15:47	--------	d-----w-	c:\program files\ERUNT
2011-04-18 11:49 . 2011-04-19 10:16	--------	d-----w-	c:\programdata\Spybot - Search & Destroy
2011-04-18 11:37 . 2011-04-18 13:07	--------	dc----w-	c:\windows\system32\DRVSTORE
2011-04-18 11:37 . 2011-04-18 11:37	98392	----a-w-	c:\windows\system32\drivers\SBREDrv.sys
2011-04-18 11:37 . 2011-04-18 11:37	--------	d-----w-	c:\users\Heiko\AppData\Local\Sunbelt Software
2011-04-18 11:35 . 2011-04-18 13:07	--------	d-----w-	c:\programdata\Lavasoft
2011-04-18 10:11 . 2011-04-18 10:11	--------	d-----w-	c:\users\Heiko\AppData\Roaming\SUPERAntiSpyware.com
2011-04-18 10:11 . 2011-04-18 10:11	--------	d-----w-	c:\programdata\SUPERAntiSpyware.com
2011-04-18 09:35 . 2011-04-18 09:35	--------	d-----w-	c:\users\Heiko\AppData\Roaming\Malwarebytes
2011-04-18 09:33 . 2010-12-20 16:09	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-18 09:33 . 2011-04-18 09:33	--------	d-----w-	c:\programdata\Malwarebytes
2011-04-18 09:33 . 2010-12-20 16:08	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-04-16 16:56 . 2011-04-14 14:30	6792528	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-04-15 08:13 . 2010-11-30 09:43	439632	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1B96742A-E222-4634-98C1-6BD14E84A671}\gapaengine.dll
2011-04-15 08:06 . 2011-04-15 08:07	--------	d-----w-	c:\program files\Microsoft Security Client
2011-04-15 08:06 . 2010-04-05 20:00	221568	----a-w-	c:\windows\system32\drivers\netio.sys
2011-04-15 08:01 . 2011-03-03 13:25	2041856	----a-w-	c:\windows\system32\win32k.sys
2011-04-15 08:01 . 2011-02-18 14:03	305152	----a-w-	c:\windows\system32\drivers\srv.sys
2011-04-15 08:01 . 2011-02-18 14:03	146432	----a-w-	c:\windows\system32\drivers\srv2.sys
2011-04-15 08:01 . 2011-02-18 14:03	102400	----a-w-	c:\windows\system32\drivers\srvnet.sys
2011-04-15 08:01 . 2011-02-16 14:02	292864	----a-w-	c:\windows\system32\atmfd.dll
2011-04-15 08:01 . 2011-02-16 16:16	34304	----a-w-	c:\windows\system32\atmlib.dll
2011-04-15 08:01 . 2011-02-16 16:21	430080	----a-w-	c:\windows\system32\vbscript.dll
2011-04-15 07:58 . 2011-02-12 08:39	191488	----a-w-	c:\windows\system32\FXSCOVER.exe
2011-04-14 12:19 . 2011-04-14 12:19	--------	d-----w-	c:\users\Heiko\AppData\Roaming\Blender Foundation
2011-04-14 10:06 . 2011-03-15 04:05	6792528	------w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{0BCF6086-62FA-4D8C-A170-2461F6DE64F7}\mpengine.dll
2011-04-14 10:02 . 2011-04-14 10:02	--------	d-----w-	c:\users\Heiko\AppData\Roaming\Dvdpack
2011-04-04 18:23 . 2011-04-04 18:23	--------	d-----w-	c:\users\Heiko\AppData\Roaming\SmartFTP
2011-04-04 18:21 . 2011-04-04 18:21	--------	d-----w-	c:\program files\SmartFTP Client 4.0 Setup Files
2011-03-26 09:17 . 2011-02-22 14:13	288768	----a-w-	c:\windows\system32\XpsGdiConverter.dll
2011-03-26 09:17 . 2011-02-22 13:33	1068544	----a-w-	c:\windows\system32\DWrite.dll
2011-03-26 09:17 . 2011-02-22 13:33	797696	----a-w-	c:\windows\system32\FntCache.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-28 17:11 . 2011-02-28 17:11	69632	----a-w-	c:\windows\system32\PXTTool80VC8.dll
2011-02-28 17:11 . 2011-02-28 17:11	4648960	----a-w-	c:\windows\system32\LxXtreme70VC8.dll
2011-02-28 17:11 . 2011-02-28 17:11	27648	----a-w-	c:\windows\system32\LXTPSW20VC8.dll
2011-02-28 17:11 . 2011-02-28 17:11	135168	----a-w-	c:\windows\system32\LxMail30VC8.dll
2011-02-28 17:11 . 2011-02-28 17:11	1335296	----a-w-	c:\windows\system32\LXTool91VC8.dll
2011-02-28 17:11 . 2011-02-28 17:11	110592	----a-w-	c:\windows\system32\LxUISettings20Native.dll
2011-02-28 17:11 . 2011-02-28 17:11	196608	----a-w-	c:\windows\system32\LxBasics91VC8.dll
2011-02-23 16:36 . 2010-09-25 21:30	472808	----a-w-	c:\windows\system32\deployJava1.dll
2011-02-19 22:03 . 2011-02-19 22:03	4422992	----a-w-	c:\windows\mfc100u.dll
2011-02-19 21:03 . 2011-02-19 21:03	64336	----a-w-	c:\windows\system32\mfc100fra.dll
2011-02-19 21:03 . 2011-02-19 21:03	64336	----a-w-	c:\windows\system32\mfc100deu.dll
2011-02-19 21:03 . 2011-02-19 21:03	63824	----a-w-	c:\windows\system32\mfc100esn.dll
2011-02-19 21:03 . 2011-02-19 21:03	62288	----a-w-	c:\windows\system32\mfc100ita.dll
2011-02-19 21:03 . 2011-02-19 21:03	60752	----a-w-	c:\windows\system32\mfc100rus.dll
2011-02-19 21:03 . 2011-02-19 21:03	55120	----a-w-	c:\windows\system32\mfc100enu.dll
2011-02-19 21:03 . 2011-02-19 21:03	43856	----a-w-	c:\windows\system32\mfc100jpn.dll
2011-02-19 21:03 . 2011-02-19 21:03	43344	----a-w-	c:\windows\system32\mfc100kor.dll
2011-02-19 21:03 . 2011-02-19 21:03	421200	----a-w-	c:\windows\system32\msvcp100.dll
2011-02-19 21:03 . 2011-02-19 21:03	36176	----a-w-	c:\windows\system32\mfc100cht.dll
2011-02-19 21:03 . 2011-02-19 21:03	36176	----a-w-	c:\windows\system32\mfc100chs.dll
2011-02-18 22:40 . 2011-02-18 22:40	773968	----a-w-	c:\windows\system32\msvcr100.dll
2011-02-07 16:02 . 2011-02-07 16:02	1425408	----a-w-	c:\windows\system32\FormAssi80.dll
2011-02-05 15:25 . 2011-02-05 15:25	57344	----a-w-	c:\windows\system32\FKStampPainter20.dll
2011-02-02 17:43 . 2011-02-02 17:43	81920	----a-w-	c:\windows\system32\LxCI12.dll
2011-02-02 17:43 . 2011-02-02 17:43	61440	----a-w-	c:\windows\system32\LXCurr12VC8.dll
2011-01-20 16:37 . 2011-02-22 08:48	638336	----a-w-	c:\windows\system32\drivers\dxgkrnl.sys
2011-01-20 16:08 . 2011-02-22 08:48	478720	----a-w-	c:\windows\system32\dxgi.dll
2011-01-20 16:08 . 2011-02-22 08:48	219648	----a-w-	c:\windows\system32\d3d10_1core.dll
2011-01-20 16:08 . 2011-02-22 08:48	189952	----a-w-	c:\windows\system32\d3d10core.dll
2011-01-20 16:08 . 2011-02-22 08:48	160768	----a-w-	c:\windows\system32\d3d10_1.dll
2011-01-20 16:08 . 2011-02-22 08:48	1029120	----a-w-	c:\windows\system32\d3d10.dll
2011-01-20 16:07 . 2011-02-22 08:48	37376	----a-w-	c:\windows\system32\cdd.dll
2011-01-20 16:07 . 2011-02-22 08:48	258048	----a-w-	c:\windows\system32\winspool.drv
2011-01-20 16:07 . 2011-02-22 08:48	586240	----a-w-	c:\windows\system32\stobject.dll
2011-01-20 16:06 . 2011-02-22 08:48	2873344	----a-w-	c:\windows\system32\mf.dll
2011-01-20 16:06 . 2011-02-22 08:48	26112	----a-w-	c:\windows\system32\printfilterpipelineprxy.dll
2011-01-20 16:04 . 2011-02-22 08:48	209920	----a-w-	c:\windows\system32\mfplat.dll
2011-01-20 16:04 . 2011-02-22 08:48	98816	----a-w-	c:\windows\system32\mfps.dll
2011-01-20 14:28 . 2011-02-22 08:48	1554432	----a-w-	c:\windows\system32\xpsservices.dll
2011-01-20 14:27 . 2011-02-22 08:48	876032	----a-w-	c:\windows\system32\XpsPrint.dll
2011-01-20 14:26 . 2011-02-22 08:48	667648	----a-w-	c:\windows\system32\printfilterpipelinesvc.exe
2011-01-20 14:25 . 2011-02-22 08:48	847360	----a-w-	c:\windows\system32\OpcServices.dll
2011-01-20 14:24 . 2011-02-22 08:48	135680	----a-w-	c:\windows\system32\XpsRasterService.dll
2011-01-20 14:15 . 2011-02-22 08:48	979456	----a-w-	c:\windows\system32\MFH264Dec.dll
2011-01-20 14:14 . 2011-02-22 08:48	357376	----a-w-	c:\windows\system32\MFHEAACdec.dll
2011-01-20 14:14 . 2011-02-22 08:48	302592	----a-w-	c:\windows\system32\mfmp4src.dll
2011-01-20 14:14 . 2011-02-22 08:48	261632	----a-w-	c:\windows\system32\mfreadwrite.dll
2011-01-20 14:12 . 2011-02-22 08:48	1172480	----a-w-	c:\windows\system32\d3d10warp.dll
2011-01-20 14:11 . 2011-02-22 08:48	486400	----a-w-	c:\windows\system32\d3d10level9.dll
2011-01-20 13:47 . 2011-02-22 08:48	683008	----a-w-	c:\windows\system32\d2d1.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36	94208	----a-w-	c:\users\Heiko\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36	94208	----a-w-	c:\users\Heiko\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36	94208	----a-w-	c:\users\Heiko\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36	94208	----a-w-	c:\users\Heiko\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="e:\spybot - search & destroy\TeaTimer.exe" [2009-03-05 2260480]
"Advlib"="c:\users\Heiko\AppData\Roaming\Dvdpack\modfree.exe" [2011-04-18 618496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-07-24 6265376]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
.
c:\users\Heiko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Heiko\AppData\Roaming\Dropbox\bin\Dropbox.exe [2010-12-17 23343848]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
SpeedFan.lnk - e:\speedfan\speedfan.exe [2008-11-21 3835904]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
backup=c:\windows\pss\Adobe Gamma Loader.exe.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^OpenVPN Client.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\OpenVPN Client.lnk
backup=c:\windows\pss\OpenVPN Client.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Heiko^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\users\Heiko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
2007-02-16 16:49	149024	----a-w-	c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]
2007-02-17 11:35	1966928	----a-w-	e:\trueimage\TimounterMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
2007-09-18 14:16	171464	----a-w-	e:\daemon tools\daemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LexwareInfoService]
2010-09-15 09:11	339312	----a-w-	c:\program files\Common Files\Lexware\Update Manager\LxUpdateManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2010-10-16 11:42	110696	----a-w-	c:\windows\System32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
2007-02-17 11:31	1194728	----a-w-	e:\trueimage\TrueImageMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS12 Preload]
2008-06-09 10:03	397456	----a-w-	e:\videostudio x2\uvPL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-19 07:33	202240	----a-w-	c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1337033556-2995852477-1096511876-1000]
"EnableNotificationsRef"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 acedrv01;acedrv01;c:\windows\system32\drivers\acedrv01.sys [2007-10-19 93696]
S2 acedrv02;acedrv02;c:\windows\system32\drivers\acedrv02.sys [2007-10-19 97280]
S2 acedrv03;acedrv03;c:\windows\system32\drivers\acedrv03.sys [2007-10-19 97280]
S2 acedrv04;acedrv04;c:\windows\system32\drivers\acedrv04.sys [2007-10-19 97280]
S2 acedrv06;acedrv06;c:\windows\system32\drivers\acedrv06.sys [2007-10-19 99840]
S2 ACEDRV09;ACEDRV09;c:\windows\system32\drivers\ACEDRV09.sys [2007-12-03 110304]
S3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\DRIVERS\l160x86.sys [2008-11-12 46592]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork	REG_MULTI_SZ   	PLA DPS BFE mpssvc
WindowsMobile	REG_MULTI_SZ   	wcescomm rapimgr
LocalServiceRestricted	REG_MULTI_SZ   	WcesComm RapiMgr
getPlusHelper	REG_MULTI_SZ   	getPlusHelper
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - e:\icq7.4\ICQ.exe
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
SafeBoot-klmdb.sys
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
MSConfigStartUp-Ai Nap - c:\program files\ASUS\AI Suite\AiNap\AiNap.exe
MSConfigStartUp-BitTorrent DNA - c:\users\Heiko\Program Files\DNA\btdna.exe
MSConfigStartUp-Cpu Level Up help - c:\program files\ASUS\AI Suite\CpuLevelUpHelp.exe
MSConfigStartUp-CPU Power Monitor - c:\program files\ASUS\AI Suite\AiGear3\CpuPowerMonitor.exe
MSConfigStartUp-DivXUpdate - c:\program files\DivX\DivX Update\DivXUpdate.exe
MSConfigStartUp-LogitechCommunicationsManager - c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
MSConfigStartUp-LogitechQuickCamRibbon - c:\program files\Logitech\QuickCam\Quickcam.exe
MSConfigStartUp-ProfilerU - c:\program files\Saitek\SD6\Software\ProfilerU.exe
MSConfigStartUp-QuickTime Task - e:\quicktime\QTTask.exe
MSConfigStartUp-RemoteControl - e:\powerdvd\PDVDServ.exe
MSConfigStartUp-SaiMfd - c:\program files\Saitek\SD6\Software\SaiMfd.exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Common Files\Java\Java Update\jusched.exe
MSConfigStartUp-Windows Mobile Device Center - c:\windows\WindowsMobile\wmdc.exe
MSConfigStartUp-ZoneAlarm Client - e:\zonealarm\zlclient.exe
AddRemove-EADM - c:\program files\Electronic Arts\EADM\Uninstall.exe
AddRemove-Heroes of Might and Magic® III - g:\gog.com\Heroes of Might and Magic 3 Complete\unins000.exe
AddRemove-EA Mobile Games - c:\windows\system32\javaws.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-04-19 20:18
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1337033556-2995852477-1096511876-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:25,66,9e,11,bc,36,c0,c8,d6,53,f5,e2,5c,2e,29,bd,f6,6f,eb,74,17,eb,68,
   02,e5,8c,53,83,33,a4,9c,47,d2,81,7c,a9,7a,6c,76,21,84,00,59,2c,14,65,17,32,\
"??"=hex:67,0e,bb,7d,ca,59,ba,18,6c,54,66,81,27,81,03,7d
.
[HKEY_USERS\S-1-5-21-1337033556-2995852477-1096511876-1000\Software\SecuROM\License information*]
"datasecu"=hex:a8,0e,5f,f7,85,e3,5d,b0,87,00,f5,78,d5,cb,f1,dd,8d,ee,c8,a7,5d,
   8f,63,c0,d2,d7,e1,64,c4,6b,d5,be,7e,a0,70,3e,af,ca,60,cf,86,f3,db,0f,31,77,\
"rkeysecu"=hex:ff,64,c3,ef,c6,9f,ac,aa,6d,5e,8b,f7,0b,34,3b,91
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(3280)
c:\users\Heiko\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\program files\NVIDIA Corporation\Display\NvXDSync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\ASUS\AASP\1.00.40\aaCenter.exe
c:\windows\System32\bgsvcgen.exe
c:\program files\Canon\DIAS\CnxDIAS.exe
e:\spybot - search & destroy\SDWinSec.exe
c:\windows\system32\conime.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-04-19  20:22:31 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2011-04-19 18:22
.
Vor Suchlauf: 14 Verzeichnis(se), 40.712.830.976 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 40.566.697.984 Bytes frei
.
- - End Of File - - AE3328B683EBAE2F3390827A18436E8D

--- --- ---

cosinus · 19.04.2011, 20:19

Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.

Doppelklick auf die MBRCheck.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Das Tool braucht nur wenige Sekunden.
Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.

Poste mir bitte den Inhalt des .txt Dokumentes

habe · 19.04.2011, 22:27

Hier die Logs von GMER und OSAM:

GMER Logfile:

Code:

ATTFilter

GMER 1.0.15.15570 - hxxp://www.gmer.net
Rootkit scan 2011-04-19 22:15:05
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 SAMSUNG_HD501LJ rev.CR100-10
Running: g2m3e4r.exe; Driver: C:\Users\Heiko\AppData\Local\Temp\uxldypow.sys


---- Kernel code sections - GMER 1.0.15 ----

.text           C:\Windows\system32\drivers\acedrv01.sys                                                             section is writeable [0x9191B000, 0x2E0F4, 0xE8000020]
.pklstb         C:\Windows\system32\drivers\acedrv01.sys                                                             entry point in ".pklstb" section [0x9195A000]
.relo2          C:\Windows\system32\drivers\acedrv01.sys                                                             unknown last section [0x91974000, 0x8E, 0x42000040]
.text           C:\Windows\system32\drivers\acedrv02.sys                                                             section is writeable [0x91976000, 0x303A4, 0xE8000020]
.pklstb         C:\Windows\system32\drivers\acedrv02.sys                                                             entry point in ".pklstb" section [0x919B8000]
.relo2          C:\Windows\system32\drivers\acedrv02.sys                                                             unknown last section [0x919D3000, 0x8E, 0x42000040]
.text           C:\Windows\system32\drivers\acedrv03.sys                                                             section is writeable [0x80C0A000, 0x303A4, 0xE8000020]
.pklstb         C:\Windows\system32\drivers\acedrv03.sys                                                             entry point in ".pklstb" section [0x80C4C000]
.relo2          C:\Windows\system32\drivers\acedrv03.sys                                                             unknown last section [0x80C67000, 0x8E, 0x42000040]
.text           C:\Windows\system32\drivers\acedrv04.sys                                                             section is writeable [0x80C69000, 0x303A4, 0xE8000020]
.pklstb         C:\Windows\system32\drivers\acedrv04.sys                                                             entry point in ".pklstb" section [0x80CAB000]
.relo2          C:\Windows\system32\drivers\acedrv04.sys                                                             unknown last section [0x80CC6000, 0x8E, 0x42000040]
.text           C:\Windows\system32\drivers\acedrv05.sys                                                             section is writeable [0x80CC8000, 0x30A4A, 0xE8000020]
.pklstb         C:\Windows\system32\drivers\acedrv05.sys                                                             entry point in ".pklstb" section [0x80D0A000]
.relo2          C:\Windows\system32\drivers\acedrv05.sys                                                             unknown last section [0x80D25000, 0x8E, 0x42000040]
.text           C:\Windows\system32\drivers\acedrv06.sys                                                             section is writeable [0x80D27000, 0x319AA, 0xE8000020]
.pklstb         C:\Windows\system32\drivers\acedrv06.sys                                                             entry point in ".pklstb" section [0x80D6A000]
.relo2          C:\Windows\system32\drivers\acedrv06.sys                                                             unknown last section [0x80D85000, 0x8E, 0x42000040]
.text           C:\Windows\system32\drivers\acedrv07.sys                                                             section is writeable [0x80D87000, 0x328BA, 0xE8000020]
.pklstb         C:\Windows\system32\drivers\acedrv07.sys                                                             entry point in ".pklstb" section [0x80DCB000]
.relo2          C:\Windows\system32\drivers\acedrv07.sys                                                             unknown last section [0x80DE7000, 0x8E, 0x42000040]
.text           C:\Windows\system32\drivers\ACEDRV09.sys                                                             section is writeable [0x80E0E000, 0x3326E, 0xE8000020]
.pklstb         C:\Windows\system32\drivers\ACEDRV09.sys                                                             entry point in ".pklstb" section [0x80E53000]
.relo2          C:\Windows\system32\drivers\ACEDRV09.sys                                                             unknown last section [0x80E6F000, 0x8E, 0x42000040]

---- User code sections - GMER 1.0.15 ----

.text           C:\Windows\explorer.exe[2600] ntdll.dll!NtCreateThread                                               779E4344 5 Bytes  CALL 01730000 
.text           C:\Windows\explorer.exe[2600] ntdll.dll!NtProtectVirtualMemory                                       779E4B84 5 Bytes  CALL 01710000 
.text           C:\Windows\explorer.exe[2600] ntdll.dll!NtCreateUserProcess                                          779E5654 5 Bytes  CALL 01790000 
.text           C:\Windows\explorer.exe[2600] kernel32.dll!ExitProcess                                               76C241D8 5 Bytes  CALL 017B0000 
.text           C:\Program Files\Internet Explorer\ieuser.exe[4064] ntdll.dll!NtCreateThread                         779E4344 5 Bytes  CALL 003B0000 
.text           C:\Program Files\Internet Explorer\ieuser.exe[4064] ntdll.dll!NtProtectVirtualMemory                 779E4B84 5 Bytes  CALL 00390000 
.text           C:\Program Files\Internet Explorer\ieuser.exe[4064] ntdll.dll!NtCreateUserProcess                    779E5654 5 Bytes  CALL 00950000 
.text           C:\Program Files\Internet Explorer\ieuser.exe[4064] kernel32.dll!ExitProcess                         76C241D8 5 Bytes  CALL 00D00000 
.text           C:\Program Files\Internet Explorer\ieuser.exe[4064] ADVAPI32.dll!CryptGenKey                         7661553E 5 Bytes  CALL 01EF0000 
.text           C:\Program Files\Internet Explorer\ieuser.exe[4064] ADVAPI32.dll!CryptDeriveKey                      7661FCAE 5 Bytes  CALL 01F10000 
.text           C:\Program Files\Internet Explorer\ieuser.exe[4064] ADVAPI32.dll!CryptImportKey                      76636649 5 Bytes  CALL 01ED0000 
.text           C:\Program Files\Internet Explorer\ieuser.exe[4064] ws2_32.dll!send                                  7650659B 5 Bytes  CALL 01E90000 
.text           C:\Program Files\Internet Explorer\ieuser.exe[4064] wininet.dll!HttpOpenRequestA                     7653FBBC 5 Bytes  CALL 01E30000 
.text           C:\Program Files\Internet Explorer\ieuser.exe[4064] wininet.dll!InternetConnectA                     76540692 5 Bytes  CALL 00D40000 
.text           C:\Program Files\Internet Explorer\ieuser.exe[4064] wininet.dll!HttpAddRequestHeadersA               76541A68 5 Bytes  CALL 01CF0000 
.text           C:\Program Files\Internet Explorer\ieuser.exe[4064] wininet.dll!InternetCloseHandle                  76542DB8 5 Bytes  CALL 01E70000 
.text           C:\Program Files\Internet Explorer\ieuser.exe[4064] wininet.dll!InternetReadFile                     765474B9 5 Bytes  CALL 00D20000 
.text           C:\Program Files\Internet Explorer\ieuser.exe[4064] wininet.dll!HttpOpenRequestW                     76547ECA 5 Bytes  CALL 01E50000 
.text           C:\Program Files\Internet Explorer\ieuser.exe[4064] wininet.dll!InternetQueryDataAvailable           76548228 5 Bytes  CALL 019F0000 
.text           C:\Program Files\Internet Explorer\ieuser.exe[4064] wininet.dll!HttpSendRequestA                     7654D3A0 5 Bytes  CALL 01CB0000 
.text           C:\Program Files\Internet Explorer\ieuser.exe[4064] wininet.dll!HttpSendRequestW                     7655E1C9 5 Bytes  CALL 01CD0000 
.text           C:\Program Files\Internet Explorer\ieuser.exe[4064] wininet.dll!InternetReadFileExW                  765617CA 5 Bytes  CALL 019D0000 
.text           C:\Program Files\Internet Explorer\ieuser.exe[4064] wininet.dll!InternetReadFileExA                  76561802 5 Bytes  CALL 019B0000 
.text           C:\Program Files\Internet Explorer\ieuser.exe[4064] wininet.dll!HttpAddRequestHeadersW               765AB901 5 Bytes  CALL 01D10000 

---- User IAT/EAT - GMER 1.0.15 ----

IAT             C:\Windows\explorer.exe[2600] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusShutdown]                [74AA7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\explorer.exe[2600] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCloneImage]                 [74AFA86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\explorer.exe[2600] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDrawImageRectI]             [74AABB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\explorer.exe[2600] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetInterpolationMode]       [74A9F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\explorer.exe[2600] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusStartup]                 [74AA75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\explorer.exe[2600] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateFromHDC]              [74A9E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\explorer.exe[2600] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateBitmapFromStreamICM]  [74AD8395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\explorer.exe[2600] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateBitmapFromStream]     [74AADA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\explorer.exe[2600] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageHeight]             [74A9FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\explorer.exe[2600] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageWidth]              [74A9FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\explorer.exe[2600] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDisposeImage]               [74A971CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\explorer.exe[2600] @ C:\Windows\explorer.exe [gdiplus.dll!GdipLoadImageFromFileICM]       [74B2CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\explorer.exe[2600] @ C:\Windows\explorer.exe [gdiplus.dll!GdipLoadImageFromFile]          [74ACC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\explorer.exe[2600] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDeleteGraphics]             [74A9D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\explorer.exe[2600] @ C:\Windows\explorer.exe [gdiplus.dll!GdipFree]                       [74A96853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\explorer.exe[2600] @ C:\Windows\explorer.exe [gdiplus.dll!GdipAlloc]                      [74A9687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\explorer.exe[2600] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetCompositingMode]         [74AA2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                               snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                               timntr.sys (Acronis True Image Backup Archive Explorer/Acronis)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                               snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                               timntr.sys (Acronis True Image Backup Archive Explorer/Acronis)

Device          \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0                                                          sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device          \Driver\atapi \Device\Ide\IdePort0                                                                   sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device          \Driver\atapi \Device\Ide\IdePort1                                                                   sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device          \Driver\atapi \Device\Ide\IdePort2                                                                   sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device          \Driver\atapi \Device\Ide\IdePort3                                                                   sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                               snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                               timntr.sys (Acronis True Image Backup Archive Explorer/Acronis)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4                                                               snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4                                                               timntr.sys (Acronis True Image Backup Archive Explorer/Acronis)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume5                                                               snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume5                                                               timntr.sys (Acronis True Image Backup Archive Explorer/Acronis)

Device          \Driver\mv61xx \Device\Scsi\mv61xx1                                                                  sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device          \Driver\mv61xx \Device\Scsi\mv61xx1Port4Path0Target0Lun0                                             sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device          \Driver\mv61xx \Device\Scsi\mv61xx1Port4Path0Target19Lun0                                            sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)

---- EOF - GMER 1.0.15 ----

--- --- ---
OSAM Logfile:

Code:

ATTFilter

Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 23:30:03 on 19.04.2011

OS: Windows Vista Business Edition Service Pack 2 (Build 6002), 32-bit
Default Browser: Microsoft Corporation Internet Explorer 7.00.6000.16386

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"nvcpl.cpl" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.cpl
"zmhhpaudio.cpl" - "ZOOM" - C:\Windows\system32\zmhhpaudio.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Adobe Gamma" - ? - C:\Program
"Wacom Tablett" - ? - C:\Windows\system32\WacomTablet.cpl  (File not found)

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"acedrv01" (acedrv01) - "ACE GmbH" - C:\Windows\system32\drivers\acedrv01.sys
"acedrv02" (acedrv02) - "ACE GmbH" - C:\Windows\system32\drivers\acedrv02.sys
"acedrv03" (acedrv03) - "ACE GmbH" - C:\Windows\system32\drivers\acedrv03.sys
"acedrv04" (acedrv04) - "Protect Software GmbH" - C:\Windows\system32\drivers\acedrv04.sys
"acedrv05" (acedrv05) - "Protect Software GmbH" - C:\Windows\system32\drivers\acedrv05.sys
"acedrv06" (acedrv06) - "Protect Software GmbH" - C:\Windows\system32\drivers\acedrv06.sys
"acedrv07" (acedrv07) - "Protect Software GmbH" - C:\Windows\system32\drivers\acedrv07.sys
"ACEDRV09" (ACEDRV09) - "Protect Software GmbH" - C:\Windows\system32\drivers\ACEDRV09.sys
"Acronis Snapshots Manager" (snapman) - "Acronis" - C:\Windows\System32\DRIVERS\snapman.sys
"Acronis True Image Backup Archive Explorer" (timounter) - "Acronis" - C:\Windows\System32\DRIVERS\timntr.sys
"Acronis True Image FS Filter" (tifsfilter) - "Acronis" - C:\Windows\System32\DRIVERS\tifsfilt.sys
"AsIO" (AsIO) - ? - C:\Windows\System32\drivers\AsIO.sys  (File found, but it contains no detailed information)
"catchme" (catchme) - ? - C:\cofi\catchme.sys  (File not found)
"cdrbsdrv" (cdrbsdrv) - "B.H.A Corporation" - C:\Windows\system32\drivers\cdrbsdrv.sys
"ENTECH" (ENTECH) - "EnTech Taiwan" - C:\Windows\system32\DRIVERS\ENTECH.sys
"giveio" (giveio) - ? - C:\Windows\System32\giveio.sys  (File found, but it contains no detailed information)
"hSONYPVh" (hSONYPVh) - ? - C:\Users\Heiko\AppData\Local\Temp\hSONYPVh.sys  (File not found)
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"LANCOM Secure Client NDIS6 Driver" (ncplelhp) - ? - C:\Windows\System32\DRIVERS\ncplelhp.sys  (File not found)
"Logitech POP Suppression Filter" (lvpopflt) - ? - C:\Windows\System32\DRIVERS\lvpopflt.sys  (File not found)
"Logitech USB Monitor Filter" (LVUSBSta) - ? - C:\Windows\System32\drivers\LVUSBSta.sys  (File not found)
"MpKsl1d162cca" (MpKsl1d162cca) - "Microsoft Corporation" - C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D466CA8F-55D8-4E08-AAB7-DDF418803F41}\MpKsl1d162cca.sys
"MpKsl47c56faf" (MpKsl47c56faf) - ? - C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A308A4AE-2FC1-4156-A5D9-8B76C067CCE8}\MpKsl47c56faf.sys  (File not found)
"QuickCam Pro for Notebooks(UVC)" (LVUVC) - ? - C:\Windows\System32\DRIVERS\lvuvc.sys  (File not found)
"SASDIFSV" (SASDIFSV) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - E:\superantispyware\SASDIFSV.SYS
"SASKUTIL" (SASKUTIL) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - E:\superantispyware\SASKUTIL.SYS
"speedfan" (speedfan) - "Windows (R) 2000 DDK provider" - C:\Windows\System32\speedfan.sys
"StarForce Protection Environment Driver (version 1.x)" (sfdrv01) - "Protection Technology (StarForce)" - C:\Windows\System32\drivers\sfdrv01.sys
"StarForce Protection Helper Driver (version 2.x)" (sfhlp02) - "Protection Technology (StarForce)" - C:\Windows\System32\drivers\sfhlp02.sys
"StarForce Protection Synchronization Driver (version 2.x)" (sfsync02) - "Protection Technology" - C:\Windows\System32\drivers\sfsync02.sys
"SynasUSB" (SynasUSB) - "SIA Syncrosoft" - C:\Windows\System32\drivers\SynasUSB.sys
"uxldypow" (uxldypow) - ? - C:\Users\Heiko\AppData\Local\Temp\uxldypow.sys  (Hidden registry entry, rootkit activity | File not found)
"ZOOM H Series High Performance Audio Driver Service" (ZMHHPAudioSrv) - "ZOOM" - C:\Windows\System32\drivers\zmhhpau.sys

[Explorer]
-----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - ? - C:\Program
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - E:\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - ? - C:\Program
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -   (File not found | COM-object registry key not found)
{CF67796C-F57F-45F8-92FB-AD698826C602} ".contact shell context menu" - ? - C:\Program
{8082C5E6-4C27-48ec-A809-B8E1122E8F97} ".contact shell extension handler" - ? - C:\Program
{16C2C29D-0E5F-45f3-A445-03E03F587B7D} ".group shell context menu" - ? - C:\Program
{4F58F63F-244B-4c07-B29F-210BE59BE9B4} ".group shell extension handler" - ? - C:\Program
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - ? - E:\7-Zip\7-zip.dll
{C539A15A-3AF9-4c92-B771-50CB78F5C751} "Acronis True Image Shell Context Menu Extension" - "Acronis" - E:\TrueImage\tishell.dll
{C539A15B-3AF9-4c92-B771-50CB78F5C751} "Acronis True Image Shell Extension" - "Acronis" - E:\TrueImage\tishell.dll
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{13D3C4B8-B179-4ebb-BF62-F704173E7448} "CLSID_ContactReadingPane" - ? - C:\Program
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -   (File not found | COM-object registry key not found)
{3B52CC4A-19E9-43F5-A626-F89267A5E43F} "ddsExtractor Class" - ? - C:\Program
{A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - ? - C:\Program
{AE1514A4-5D7D-4D1B-BC7F-320E6962B0DD} "DropTarget Class" - "HHD Software Ltd." - E:\HexEditorNeo\FileDocument.dll
{09A47860-11B0-4DA5-AFA5-26D86198A780} "EPP" - "Microsoft Corporation" - C:\PROGRA~1\MI239C~1\shellext.dll
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -   (File not found | COM-object registry key not found)
{32714800-2E5F-11d0-8B85-00AA0044F941} "For &People..." - ? - C:\Program
{00020d75-0000-0000-c000-000000000046} "lnkfile" - ? -   (File not found | COM-object registry key not found)
{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} "Meine freigegebenen Ordner" - ? - C:\Program
{2206CDB2-19C1-11D1-89E0-00C04FD7A829} "Microsoft OLE DB Service Component Data Links" - ? - C:\Program
{3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} "NVIDIA CPL Context Menu Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvshext.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - E:\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - E:\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - E:\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - E:\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{00f20eb5-8fd6-4d9d-b75e-36801766c8f1} "PhotoAcqDropTarget" - ? - C:\Program
{82AA9188-44E0-40B9-B956-43A10C315B4F} "RootShellFolder Class" - "SmartSoft Ltd." - E:\SmartFTP Client\sfFTPShellExtension.dll
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{2ED7FD81-CBA6-45E5-A49A-5E84889A94E2} "ShellDragDropHandler Class" - "SmartSoft Ltd." - E:\SmartFTP Client\sfShellTools.dll
{7568C3F3-DF7E-436A-95C2-772819DF58B4} "ShellFolderExternal Class" - "SmartSoft Ltd." - E:\SmartFTP Client\sfFavoritesShellExtension.dll
{119310E6-5FB7-4eeb-BEDB-9E229E76B9B4} "ShellFolderMultiUploadDestination Class" - "SmartSoft Ltd." - E:\SmartFTP Client\sfFTPShellExtension.dll
{3B164627-7060-47BB-A1BE-DF5540B02821} "ShellFolderMultiUploadSource Class" - "SmartSoft Ltd." - E:\SmartFTP Client\sfFTPShellExtension.dll
{6E0A0931-B89D-45B7-8BF0-F221A6D67257} "ShellFolderRoot Class" - "SmartSoft Ltd." - E:\SmartFTP Client\sfFavoritesShellExtension.dll
{EB5EE1F3-041A-4c03-9D51-2BEC6715FB00} "ShellFolderSearchRoot Class" - "SmartSoft Ltd." - E:\SmartFTP Client\sfFTPShellExtension.dll
{F87DED31-303F-4ED1-9BCE-D360FBC74E0A} "SmartFTP ContextMenu Shell Extension" - "SmartSoft Ltd." - E:\SmartFTP Client\sfShellTools.dll
{EA5A76F7-8138-4B53-B0F5-ADCC730CAFBD} "SmartFTP Drop ShellIconOverlayHandler" - "SmartSoft Ltd." - E:\SmartFTP Client\sfShellTools.dll
{FD504287-1372-40d2-ACA6-216A8FCC243D} "SmartFTP FavoritesShellFolder Class" - "SmartSoft Ltd." - E:\SmartFTP Client\sfFavoritesShellExtension.dll
{0848278D-D88B-445b-BEDC-7DFBDB061F5F} "SmartFTP FavoritesShellFolderDesktop class" - "SmartSoft Ltd." - E:\SmartFTP Client\sfFavoritesShellExtension.dll
{40FDFA48-5F4E-4627-A78E-6A49A3D4492F} "SmartFTP ShellDropHandler Class" - "SmartSoft Ltd." - E:\SmartFTP Client\sfShellTools.dll
{15D633E2-AD00-465b-9EC7-F56B7CDF8E27} "Tablet PC Input Panel" - ? - C:\Program
{DBD8E168-244D-448C-9922-25508950D1DC} "USIShellExt Class" - ? - C:\Program
{d8559eb9-20c0-410e-beda-7ed416aecc2a} "Windows Defender" - ? - C:\Program
{2781761E-28E0-4109-99FE-B9D127C57AFE} "Windows Defender IOfficeAntiVirus implementation" - ? - C:\Program
{6b9228da-9c15-419e-856c-19e768a13bdc} "Windows gadget DropTarget" - ? - C:\Program
{FFE2A43C-56B9-4bf5-9A79-CC6D4285608A} "Windows Photo Gallery Viewer Image Verbs" - ? - C:\Program
{E598560B-28D5-46aa-A14A-8A3BEA34B576} "Windows Photo Gallery Viewer Video Verbs" - ? - C:\Program
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)
{37efd44d-ef8d-41b1-940d-96973a50e9e0} "Windows Sidebar Properties" - ? - C:\Program

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{53707962-6F74-2D53-2644-206D7942484F} "ClsidExtension" - "Safer Networking Limited" - E:\SPYBOT~1\SDHelper.dll
"ICQ7.4" - "ICQ, LLC." - E:\ICQ7.4\ICQ.exe
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - ? - C:\Program
{53707962-6F74-2D53-2644-206D7942484F} "Spybot-S&D IE Protection" - "Safer Networking Limited" - E:\SPYBOT~1\SDHelper.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID Sign-in Helper" - ? - C:\Program

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Heiko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"Dropbox.lnk" - "Dropbox, Inc." - C:\Users\Heiko\AppData\Roaming\Dropbox\bin\Dropbox.exe  (Shortcut exists | File exists)
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"SpeedFan.lnk" - "Almico Software (www.almico.com)" - E:\SpeedFan\speedfan.exe  (Shortcut exists | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"Advlib" - ? - C:\Users\Heiko\AppData\Roaming\Dvdpack\modfree.exe  (File found, but it contains no detailed information)
"SpybotSD TeaTimer" - "Safer-Networking Ltd." - E:\Spybot - Search & Destroy\TeaTimer.exe
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
"MSC" - "Microsoft Corporation" - "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"avm:" - "AVM Berlin GmbH" - C:\Windows\system32\avmprmon.dll
"Canon MFNP Port" - "CANON INC." - C:\Windows\system32\CNCENPM.dll
"CPCA Language Monitor3b" - "CANON INC." - C:\Windows\system32\CNAS0MOK.DLL
"PDFCreator" - ? - C:\Windows\system32\pdfcmnnt.dll  (File found, but it contains no detailed information)

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@%ProgramFiles%\Windows Defender\MsMpRes.dll,-103" (WinDefend) - ? - C:\Program
"@C:\Program Files\Microsoft Security Client\Antimalware\MpAsDesc.dll,-243" (NisSrv) - "Microsoft Corporation" - C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
"@C:\Program Files\NOS\bin\getPlus_Helper.dll,-101" (getPlusHelper) - ? - C:\Program
"@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
"Adobe LM Service" (Adobe LM Service) - "Adobe Systems" - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
"B's Recorder GOLD Library General Service" (bgsvcgen) - "B.H.A Corporation" - C:\Windows\System32\bgsvcgen.exe
"Canon Driver Information Assist Service" (Canon Driver Information Assist Service) - "CANON INC." - C:\Program Files\Canon\DIAS\CnxDIAS.exe
"Google Updater Service" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
"M-Audio Series II MIDI Installer" (MA_CMIDI_InstallerService) - ? - C:\Program
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Antimalware Service" (MsMpSvc) - "Microsoft Corporation" - C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
"NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"SBSD Security Center Service" (SBSDWSCService) - "Safer Networking Ltd." - E:\Spybot - Search & Destroy\SDWinSec.exe
"SQL Server (SQLEXPRESS)" (MSSQL$SQLEXPRESS) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
"SQL Server VSS Writer" (SQLWriter) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
"SQL Server-Browser" (SQLBrowser) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
"Ulead Burning Helper" (UleadBurningHelper) - ? - C:\Program
"Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

===[ Logfile end ]=========================================[ Logfile end ]===

--- --- ---

habe · 19.04.2011, 22:38

... und hier das Log von MBRCheck:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Business Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: ASUSTeK Computer INC.
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: System manufacturer
System Product Name: P5K SE
Logical Drives Mask: 0x000000fc

Kernel Drivers (total 157):
0x82650000 \SystemRoot\system32\ntkrnlpa.exe
0x8261D000 \SystemRoot\system32\hal.dll
0x80403000 \SystemRoot\system32\kdcom.dll
0x8040A000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8047A000 \SystemRoot\system32\PSHED.dll
0x8048B000 \SystemRoot\system32\BOOTVID.dll
0x80493000 \SystemRoot\system32\CLFS.SYS
0x804D4000 \SystemRoot\system32\CI.dll
0x80606000 \SystemRoot\system32\drivers\Wdf01000.sys
0x80682000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8068F000 \SystemRoot\system32\drivers\acpi.sys
0x806D5000 \SystemRoot\system32\drivers\WMILIB.SYS
0x806DE000 \SystemRoot\system32\drivers\msisadrv.sys
0x806E6000 \SystemRoot\system32\drivers\pci.sys
0x8070D000 \SystemRoot\System32\drivers\partmgr.sys
0x8071C000 \SystemRoot\system32\drivers\volmgr.sys
0x8072B000 \SystemRoot\System32\drivers\volmgrx.sys
0x80775000 \SystemRoot\system32\drivers\pciide.sys
0x8077C000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x8078A000 \SystemRoot\System32\drivers\mountmgr.sys
0x8079A000 \SystemRoot\System32\drivers\sfsync02.sys
0x807A3000 \SystemRoot\system32\drivers\atapi.sys
0x807AB000 \SystemRoot\system32\drivers\ataport.SYS
0x807C9000 \SystemRoot\system32\DRIVERS\mv61xx.sys
0x805B4000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
0x83004000 \SystemRoot\system32\drivers\fltmgr.sys
0x83036000 \SystemRoot\system32\drivers\fileinfo.sys
0x83046000 \SystemRoot\System32\Drivers\ksecdd.sys
0x830B7000 \SystemRoot\system32\drivers\ndis.sys
0x831C2000 \SystemRoot\system32\drivers\msrpc.sys
0x83208000 \SystemRoot\system32\drivers\NETIO.SYS
0x83243000 \SystemRoot\System32\drivers\tcpip.sys
0x83330000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8334B000 \SystemRoot\system32\DRIVERS\timntr.sys
0x8B40B000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8B51B000 \SystemRoot\system32\drivers\volsnap.sys
0x8B554000 \SystemRoot\System32\Drivers\spldr.sys
0x8B55C000 \SystemRoot\system32\speedfan.sys
0x8B55E000 \SystemRoot\system32\DRIVERS\snapman.sys
0x8B579000 \SystemRoot\System32\drivers\sfhlp02.sys
0x8B581000 \SystemRoot\System32\drivers\sfdrv01.sys
0x8B594000 \SystemRoot\System32\Drivers\mup.sys
0x8B5A3000 \SystemRoot\system32\giveio.sys
0x8B5A4000 \SystemRoot\System32\drivers\ecache.sys
0x8B5CB000 \SystemRoot\system32\drivers\disk.sys
0x8B5DC000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x8B400000 \SystemRoot\system32\drivers\crcdisk.sys
0x833CB000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x833D4000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8FE0B000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x907A8000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x8FA01000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8FAA1000 \SystemRoot\System32\drivers\watchdog.sys
0x8FAAD000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8FAB8000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8FAF6000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8FB05000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8FB92000 \SystemRoot\System32\Drivers\cdrbsdrv.SYS
0x8FB9B000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8FBB3000 \SystemRoot\system32\DRIVERS\l160x86.sys
0x8FBC2000 \SystemRoot\system32\DRIVERS\ASACPI.sys
0x8FBCA000 \SystemRoot\system32\DRIVERS\serial.sys
0x8FBE4000 \SystemRoot\system32\DRIVERS\serenum.sys
0x907AA000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8FBEE000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x907BD000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x90C07000 \SystemRoot\system32\DRIVERS\storport.sys
0x90C48000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x90C53000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x90C6A000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x90C75000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x90C98000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x90CA7000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x90CBB000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x90CD0000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0x90D59000 \SystemRoot\system32\DRIVERS\termdd.sys
0x90D69000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x90D74000 \SystemRoot\system32\DRIVERS\swenum.sys
0x90D76000 \SystemRoot\system32\DRIVERS\ks.sys
0x90DA0000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x90DAA000 \SystemRoot\system32\DRIVERS\umbus.sys
0x90DB7000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x90DEC000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x90E01000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x9100F000 \SystemRoot\system32\drivers\portcls.sys
0x9103C000 \SystemRoot\system32\drivers\drmk.sys
0x91061000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0x91088000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x91091000 \SystemRoot\System32\Drivers\Null.SYS
0x91098000 \SystemRoot\System32\Drivers\Beep.SYS
0x910A8000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x910AF000 \SystemRoot\System32\drivers\vga.sys
0x910BB000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x910DC000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x910E4000 \SystemRoot\system32\drivers\rdpencdd.sys
0x910EC000 \SystemRoot\System32\Drivers\Msfs.SYS
0x910F7000 \SystemRoot\System32\Drivers\Npfs.SYS
0x91105000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x9110E000 \SystemRoot\system32\DRIVERS\tdx.sys
0x91124000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x9112D000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x9113D000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x9113F000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x91147000 \SystemRoot\system32\DRIVERS\smb.sys
0x9115B000 \SystemRoot\system32\drivers\afd.sys
0x911A3000 \SystemRoot\System32\DRIVERS\netbt.sys
0x911D5000 \SystemRoot\system32\DRIVERS\pacer.sys
0x911EB000 \SystemRoot\system32\DRIVERS\netbios.sys
0x907EC000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x805DA000 \??\E:\superantispyware\SASKUTIL.SYS
0x911F9000 \??\E:\superantispyware\SASDIFSV.SYS
0x9180C000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x91848000 \SystemRoot\system32\drivers\nsiproxy.sys
0x91852000 \SystemRoot\system32\drivers\csc.sys
0x918AD000 \SystemRoot\System32\Drivers\dfsc.sys
0x918C4000 \SystemRoot\system32\drivers\AsIO.sys
0x918C6000 \SystemRoot\System32\Drivers\crashdmp.sys
0x918D3000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x918DE000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x9D0D0000 \SystemRoot\System32\win32k.sys
0x918E6000 \SystemRoot\System32\drivers\Dxapi.sys
0x918F0000 \SystemRoot\system32\DRIVERS\monitor.sys
0x9D2F0000 \SystemRoot\System32\TSDDD.dll
0x9D310000 \SystemRoot\System32\cdd.dll
0x9D320000 \SystemRoot\System32\ATMFD.DLL
0x918FF000 \SystemRoot\system32\drivers\luafv.sys
0x9191A000 \??\C:\Windows\system32\drivers\acedrv01.sys
0x91975000 \??\C:\Windows\system32\drivers\acedrv02.sys
0x80C09000 \??\C:\Windows\system32\drivers\acedrv03.sys
0x80C68000 \??\C:\Windows\system32\drivers\acedrv04.sys
0x80CC7000 \??\C:\Windows\system32\drivers\acedrv05.sys
0x80D26000 \??\C:\Windows\system32\drivers\acedrv06.sys
0x80D86000 \??\C:\Windows\system32\drivers\acedrv07.sys
0x80E0D000 \??\C:\Windows\system32\drivers\ACEDRV09.sys
0x80E70000 \SystemRoot\system32\DRIVERS\tifsfilt.sys
0x80E80000 \SystemRoot\system32\drivers\spsys.sys
0x80F30000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x80F40000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x80F53000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x80F5C000 \SystemRoot\system32\drivers\HTTP.sys
0x80FC9000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x80FE6000 \SystemRoot\system32\DRIVERS\bowser.sys
0x80DE8000 \SystemRoot\System32\drivers\mpsdrv.sys
0x919D4000 \SystemRoot\system32\drivers\mrxdav.sys
0x833AB000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xA4A0C000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xA4A45000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xA4A5D000 \SystemRoot\System32\DRIVERS\srv2.sys
0xA4A85000 \SystemRoot\System32\DRIVERS\srv.sys
0xA4AD4000 \SystemRoot\system32\drivers\peauth.sys
0xA4BB2000 \SystemRoot\System32\Drivers\secdrv.SYS
0xA4BBC000 \SystemRoot\System32\drivers\tcpipreg.sys
0xA4BC8000 \SystemRoot\system32\DRIVERS\cdfs.sys
0xA4BDE000 \SystemRoot\system32\DRIVERS\MpNWMon.sys
0xA4BFA000 \??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D466CA8F-55D8-4E08-AAB7-DDF418803F41}\MpKsl1d162cca.sys
0x833E3000 \??\C:\Users\Heiko\AppData\Local\Temp\uxldypow.sys
0x77980000 \Windows\System32\ntdll.dll

Processes (total 50):
0 System Idle Process
4 System
568 C:\Windows\System32\smss.exe
700 csrss.exe
748 C:\Windows\System32\wininit.exe
760 csrss.exe
792 C:\Windows\System32\services.exe
808 C:\Windows\System32\lsass.exe
816 C:\Windows\System32\lsm.exe
984 C:\Windows\System32\winlogon.exe
1012 C:\Windows\System32\svchost.exe
1056 C:\Windows\System32\nvvsvc.exe
1084 C:\Windows\System32\svchost.exe
1136 C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
1276 C:\Windows\System32\svchost.exe
1304 C:\Windows\System32\svchost.exe
1364 C:\Windows\System32\svchost.exe
1468 C:\Windows\System32\audiodg.exe
1496 C:\Windows\System32\svchost.exe
1548 C:\Windows\System32\SLsvc.exe
1604 C:\Windows\System32\svchost.exe
1692 C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
1704 C:\Windows\System32\nvvsvc.exe
1836 C:\Windows\System32\svchost.exe
424 C:\Windows\System32\spoolsv.exe
656 C:\Windows\System32\svchost.exe
1584 C:\Windows\System32\taskeng.exe
2052 C:\Windows\System32\dwm.exe
2116 C:\Windows\System32\taskeng.exe
2248 C:\Program Files\ASUS\AASP\1.00.40\aaCenter.exe
2360 C:\Windows\RtHDVCpl.exe
2392 C:\Program Files\Microsoft Security Client\msseces.exe
2600 C:\Windows\explorer.exe
2628 C:\Windows\System32\bgsvcgen.exe
2676 C:\Program Files\Canon\DIAS\CnxDIAS.exe
2888 C:\Windows\System32\svchost.exe
2960 C:\Windows\System32\svchost.exe
2992 C:\Windows\System32\SearchIndexer.exe
3176 E:\Spybot - Search & Destroy\SDWinSec.exe
3448 C:\Windows\System32\taskeng.exe
3800 C:\Windows\System32\wbem\unsecapp.exe
3820 WmiPrvSE.exe
3116 C:\Windows\System32\svchost.exe
2820 C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
3924 C:\Program Files\Internet Explorer\ieuser.exe
3228 C:\Program Files\Internet Explorer\iexplore.exe
2492 C:\Windows\System32\Macromed\Flash\FlashUtil10i_ActiveX.exe
1940 C:\Windows\System32\SearchProtocolHost.exe
2228 C:\Windows\System32\SearchFilterHost.exe
4028 C:\Users\Heiko\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x00000019`00100000 (NTFS)
\\.\F: --> \\.\PhysicalDrive0 at offset 0x00000032`00100000 (NTFS)
\\.\G: --> \\.\PhysicalDrive0 at offset 0x0000004b`00200000 (NTFS)
\\.\H: --> \\.\PhysicalDrive0 at offset 0x00000069`00300000 (NTFS)

PhysicalDrive0 Model Number: SAMSUNGHD501LJ, Rev: CR100-10

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979

Done!

cosinus · 20.04.2011, 17:14

Zitat:

"hSONYPVh" (hSONYPVh) - ? - C:\Users\Heiko\AppData\Local\Temp\hSONYPVh.sys (File not found)

Bitte mit OSAM deaktivieren und löschen

habe · 20.04.2011, 18:13

Der Treiber ist laut OSAM runter vom System, das Overlay kommt noch immer.
Hier das Log nach dem Neustart:

OSAM Logfile:

Code:

ATTFilter

Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 19:04:37 on 20.04.2011

OS: Windows Vista Business Edition Service Pack 2 (Build 6002), 32-bit
Default Browser: Microsoft Corporation Internet Explorer 7.00.6000.16386

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"nvcpl.cpl" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.cpl
"zmhhpaudio.cpl" - "ZOOM" - C:\Windows\system32\zmhhpaudio.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Adobe Gamma" - ? - C:\Program
"Wacom Tablett" - ? - C:\Windows\system32\WacomTablet.cpl  (File not found)

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"acedrv01" (acedrv01) - "ACE GmbH" - C:\Windows\system32\drivers\acedrv01.sys
"acedrv02" (acedrv02) - "ACE GmbH" - C:\Windows\system32\drivers\acedrv02.sys
"acedrv03" (acedrv03) - "ACE GmbH" - C:\Windows\system32\drivers\acedrv03.sys
"acedrv04" (acedrv04) - "Protect Software GmbH" - C:\Windows\system32\drivers\acedrv04.sys
"acedrv05" (acedrv05) - "Protect Software GmbH" - C:\Windows\system32\drivers\acedrv05.sys
"acedrv06" (acedrv06) - "Protect Software GmbH" - C:\Windows\system32\drivers\acedrv06.sys
"acedrv07" (acedrv07) - "Protect Software GmbH" - C:\Windows\system32\drivers\acedrv07.sys
"ACEDRV09" (ACEDRV09) - "Protect Software GmbH" - C:\Windows\system32\drivers\ACEDRV09.sys
"Acronis Snapshots Manager" (snapman) - "Acronis" - C:\Windows\System32\DRIVERS\snapman.sys
"Acronis True Image Backup Archive Explorer" (timounter) - "Acronis" - C:\Windows\System32\DRIVERS\timntr.sys
"Acronis True Image FS Filter" (tifsfilter) - "Acronis" - C:\Windows\System32\DRIVERS\tifsfilt.sys
"AsIO" (AsIO) - ? - C:\Windows\System32\drivers\AsIO.sys  (File found, but it contains no detailed information)
"catchme" (catchme) - ? - C:\cofi\catchme.sys  (File not found)
"cdrbsdrv" (cdrbsdrv) - "B.H.A Corporation" - C:\Windows\system32\drivers\cdrbsdrv.sys
"ENTECH" (ENTECH) - "EnTech Taiwan" - C:\Windows\system32\DRIVERS\ENTECH.sys
"giveio" (giveio) - ? - C:\Windows\System32\giveio.sys  (File found, but it contains no detailed information)
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"LANCOM Secure Client NDIS6 Driver" (ncplelhp) - ? - C:\Windows\System32\DRIVERS\ncplelhp.sys  (File not found)
"Logitech POP Suppression Filter" (lvpopflt) - ? - C:\Windows\System32\DRIVERS\lvpopflt.sys  (File not found)
"Logitech USB Monitor Filter" (LVUSBSta) - ? - C:\Windows\System32\drivers\LVUSBSta.sys  (File not found)
"MpKsl11745789" (MpKsl11745789) - "Microsoft Corporation" - C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C2CDA158-138D-48C8-9849-C6BD75026180}\MpKsl11745789.sys
"MpKsl47c56faf" (MpKsl47c56faf) - ? - C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A308A4AE-2FC1-4156-A5D9-8B76C067CCE8}\MpKsl47c56faf.sys  (File not found)
"QuickCam Pro for Notebooks(UVC)" (LVUVC) - ? - C:\Windows\System32\DRIVERS\lvuvc.sys  (File not found)
"SASDIFSV" (SASDIFSV) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - E:\superantispyware\SASDIFSV.SYS
"SASKUTIL" (SASKUTIL) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - E:\superantispyware\SASKUTIL.SYS
"speedfan" (speedfan) - "Windows (R) 2000 DDK provider" - C:\Windows\System32\speedfan.sys
"StarForce Protection Environment Driver (version 1.x)" (sfdrv01) - "Protection Technology (StarForce)" - C:\Windows\System32\drivers\sfdrv01.sys
"StarForce Protection Helper Driver (version 2.x)" (sfhlp02) - "Protection Technology (StarForce)" - C:\Windows\System32\drivers\sfhlp02.sys
"StarForce Protection Synchronization Driver (version 2.x)" (sfsync02) - "Protection Technology" - C:\Windows\System32\drivers\sfsync02.sys
"SynasUSB" (SynasUSB) - "SIA Syncrosoft" - C:\Windows\System32\drivers\SynasUSB.sys
"ZOOM H Series High Performance Audio Driver Service" (ZMHHPAudioSrv) - "ZOOM" - C:\Windows\System32\drivers\zmhhpau.sys

[Explorer]
-----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - ? - C:\Program
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - E:\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - ? - C:\Program
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -   (File not found | COM-object registry key not found)
{CF67796C-F57F-45F8-92FB-AD698826C602} ".contact shell context menu" - ? - C:\Program
{8082C5E6-4C27-48ec-A809-B8E1122E8F97} ".contact shell extension handler" - ? - C:\Program
{16C2C29D-0E5F-45f3-A445-03E03F587B7D} ".group shell context menu" - ? - C:\Program
{4F58F63F-244B-4c07-B29F-210BE59BE9B4} ".group shell extension handler" - ? - C:\Program
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - ? - E:\7-Zip\7-zip.dll
{C539A15A-3AF9-4c92-B771-50CB78F5C751} "Acronis True Image Shell Context Menu Extension" - "Acronis" - E:\TrueImage\tishell.dll
{C539A15B-3AF9-4c92-B771-50CB78F5C751} "Acronis True Image Shell Extension" - "Acronis" - E:\TrueImage\tishell.dll
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{13D3C4B8-B179-4ebb-BF62-F704173E7448} "CLSID_ContactReadingPane" - ? - C:\Program
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -   (File not found | COM-object registry key not found)
{3B52CC4A-19E9-43F5-A626-F89267A5E43F} "ddsExtractor Class" - ? - C:\Program
{A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - ? - C:\Program
{AE1514A4-5D7D-4D1B-BC7F-320E6962B0DD} "DropTarget Class" - "HHD Software Ltd." - E:\HexEditorNeo\FileDocument.dll
{09A47860-11B0-4DA5-AFA5-26D86198A780} "EPP" - "Microsoft Corporation" - C:\PROGRA~1\MI239C~1\shellext.dll
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -   (File not found | COM-object registry key not found)
{32714800-2E5F-11d0-8B85-00AA0044F941} "For &People..." - ? - C:\Program
{00020d75-0000-0000-c000-000000000046} "lnkfile" - ? -   (File not found | COM-object registry key not found)
{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} "Meine freigegebenen Ordner" - ? - C:\Program
{2206CDB2-19C1-11D1-89E0-00C04FD7A829} "Microsoft OLE DB Service Component Data Links" - ? - C:\Program
{3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} "NVIDIA CPL Context Menu Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvshext.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - E:\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - E:\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - E:\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - E:\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{00f20eb5-8fd6-4d9d-b75e-36801766c8f1} "PhotoAcqDropTarget" - ? - C:\Program
{82AA9188-44E0-40B9-B956-43A10C315B4F} "RootShellFolder Class" - "SmartSoft Ltd." - E:\SmartFTP Client\sfFTPShellExtension.dll
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{2ED7FD81-CBA6-45E5-A49A-5E84889A94E2} "ShellDragDropHandler Class" - "SmartSoft Ltd." - E:\SmartFTP Client\sfShellTools.dll
{7568C3F3-DF7E-436A-95C2-772819DF58B4} "ShellFolderExternal Class" - "SmartSoft Ltd." - E:\SmartFTP Client\sfFavoritesShellExtension.dll
{119310E6-5FB7-4eeb-BEDB-9E229E76B9B4} "ShellFolderMultiUploadDestination Class" - "SmartSoft Ltd." - E:\SmartFTP Client\sfFTPShellExtension.dll
{3B164627-7060-47BB-A1BE-DF5540B02821} "ShellFolderMultiUploadSource Class" - "SmartSoft Ltd." - E:\SmartFTP Client\sfFTPShellExtension.dll
{6E0A0931-B89D-45B7-8BF0-F221A6D67257} "ShellFolderRoot Class" - "SmartSoft Ltd." - E:\SmartFTP Client\sfFavoritesShellExtension.dll
{EB5EE1F3-041A-4c03-9D51-2BEC6715FB00} "ShellFolderSearchRoot Class" - "SmartSoft Ltd." - E:\SmartFTP Client\sfFTPShellExtension.dll
{F87DED31-303F-4ED1-9BCE-D360FBC74E0A} "SmartFTP ContextMenu Shell Extension" - "SmartSoft Ltd." - E:\SmartFTP Client\sfShellTools.dll
{EA5A76F7-8138-4B53-B0F5-ADCC730CAFBD} "SmartFTP Drop ShellIconOverlayHandler" - "SmartSoft Ltd." - E:\SmartFTP Client\sfShellTools.dll
{FD504287-1372-40d2-ACA6-216A8FCC243D} "SmartFTP FavoritesShellFolder Class" - "SmartSoft Ltd." - E:\SmartFTP Client\sfFavoritesShellExtension.dll
{0848278D-D88B-445b-BEDC-7DFBDB061F5F} "SmartFTP FavoritesShellFolderDesktop class" - "SmartSoft Ltd." - E:\SmartFTP Client\sfFavoritesShellExtension.dll
{40FDFA48-5F4E-4627-A78E-6A49A3D4492F} "SmartFTP ShellDropHandler Class" - "SmartSoft Ltd." - E:\SmartFTP Client\sfShellTools.dll
{15D633E2-AD00-465b-9EC7-F56B7CDF8E27} "Tablet PC Input Panel" - ? - C:\Program
{DBD8E168-244D-448C-9922-25508950D1DC} "USIShellExt Class" - ? - C:\Program
{d8559eb9-20c0-410e-beda-7ed416aecc2a} "Windows Defender" - ? - C:\Program
{2781761E-28E0-4109-99FE-B9D127C57AFE} "Windows Defender IOfficeAntiVirus implementation" - ? - C:\Program
{6b9228da-9c15-419e-856c-19e768a13bdc} "Windows gadget DropTarget" - ? - C:\Program
{FFE2A43C-56B9-4bf5-9A79-CC6D4285608A} "Windows Photo Gallery Viewer Image Verbs" - ? - C:\Program
{E598560B-28D5-46aa-A14A-8A3BEA34B576} "Windows Photo Gallery Viewer Video Verbs" - ? - C:\Program
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)
{37efd44d-ef8d-41b1-940d-96973a50e9e0} "Windows Sidebar Properties" - ? - C:\Program

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{53707962-6F74-2D53-2644-206D7942484F} "ClsidExtension" - "Safer Networking Limited" - E:\SPYBOT~1\SDHelper.dll
"ICQ7.4" - "ICQ, LLC." - E:\ICQ7.4\ICQ.exe
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - ? - C:\Program
{53707962-6F74-2D53-2644-206D7942484F} "Spybot-S&D IE Protection" - "Safer Networking Limited" - E:\SPYBOT~1\SDHelper.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID Sign-in Helper" - ? - C:\Program

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Heiko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"Dropbox.lnk" - "Dropbox, Inc." - C:\Users\Heiko\AppData\Roaming\Dropbox\bin\Dropbox.exe  (Shortcut exists | File exists)
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"SpeedFan.lnk" - "Almico Software (www.almico.com)" - E:\SpeedFan\speedfan.exe  (Shortcut exists | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"Advlib" - ? - C:\Users\Heiko\AppData\Roaming\Dvdpack\modfree.exe  (File found, but it contains no detailed information)
"SpybotSD TeaTimer" - "Safer-Networking Ltd." - E:\Spybot - Search & Destroy\TeaTimer.exe
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
"MSC" - "Microsoft Corporation" - "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"avm:" - "AVM Berlin GmbH" - C:\Windows\system32\avmprmon.dll
"Canon MFNP Port" - "CANON INC." - C:\Windows\system32\CNCENPM.dll
"CPCA Language Monitor3b" - "CANON INC." - C:\Windows\system32\CNAS0MOK.DLL
"PDFCreator" - ? - C:\Windows\system32\pdfcmnnt.dll  (File found, but it contains no detailed information)

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@%ProgramFiles%\Windows Defender\MsMpRes.dll,-103" (WinDefend) - ? - C:\Program
"@C:\Program Files\Microsoft Security Client\Antimalware\MpAsDesc.dll,-243" (NisSrv) - "Microsoft Corporation" - C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
"@C:\Program Files\NOS\bin\getPlus_Helper.dll,-101" (getPlusHelper) - ? - C:\Program
"@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
"Adobe LM Service" (Adobe LM Service) - "Adobe Systems" - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
"B's Recorder GOLD Library General Service" (bgsvcgen) - "B.H.A Corporation" - C:\Windows\System32\bgsvcgen.exe
"Canon Driver Information Assist Service" (Canon Driver Information Assist Service) - "CANON INC." - C:\Program Files\Canon\DIAS\CnxDIAS.exe
"Google Updater Service" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
"M-Audio Series II MIDI Installer" (MA_CMIDI_InstallerService) - ? - C:\Program
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Antimalware Service" (MsMpSvc) - "Microsoft Corporation" - C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
"NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"SBSD Security Center Service" (SBSDWSCService) - "Safer Networking Ltd." - E:\Spybot - Search & Destroy\SDWinSec.exe
"SQL Server (SQLEXPRESS)" (MSSQL$SQLEXPRESS) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
"SQL Server VSS Writer" (SQLWriter) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
"SQL Server-Browser" (SQLBrowser) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
"Ulead Burning Helper" (UleadBurningHelper) - ? - C:\Program
"Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

===[ Logfile end ]=========================================[ Logfile end ]===

--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru