Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Windows Recovery Problem: Nach Problembehebung zeigt Festplatte keine Ordner an (https://www.trojaner-board.de/97245-windows-recovery-problem-problembehebung-zeigt-festplatte-keine-ordner.html)

SharKING 07.04.2011 22:20
Windows Recovery Problem: Nach Problembehebung zeigt Festplatte keine Ordner an
 
Guten Abend liebes Trojaner-Board Team.

Ich habe mit vor einiger Zeit den "Windows Recovery Virus" eingefangen und hab es heute geschafft mich darum zu kümmern.

Ich habe euer Windows Recovery entfernen Tool benutzt und denke es war einigermaßen erfolgreich (http://www.trojaner-board.de/96741-w...entfernen.html).

Schon einmal danke dazu.
Jetzt jedoch zeigt "nur" eine meiner Partitionen der Festplatte keine Ordner mehr an und bin mit meinen Fähigkeiten am Ende.

Ich bitte euch hiermit um Hilfe (:
(OTL hat mir noch eine Logdatei ausgespuckt die "Extras.Txt heißt. Kenn mich mit dem nicht so aus & hab es mal mit angehangen)

Malwarebytes:
HTML-Code:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6304

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

07.04.2011 22:16:29
mbam-log-2011-04-07 (22-16-29).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|F:\|)
Durchsuchte Objekte: 360948
Laufzeit: 56 Minute(n), 50 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 3

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\programdata\45539080.exe (Rogue.FakeHDD) -> Quarantined and deleted successfully.
c:\Users\slo\AppData\Local\Temp\0.1830173790576951.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Users\slo\AppData\Local\Temp\internetexplorerupdate.exe (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.
OTL:
HTML-Code:
OTL logfile created on: 07.04.2011 23:00:12 - Run 1
OTL by OldTimer - Version 3.2.22.3    Folder = C:\Users\slo\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 45,00% Memory free
4,00 Gb Paging File | 2,00 Gb Available in Paging File | 54,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 63,48 Gb Total Space | 2,15 Gb Free Space | 3,38% Space Free | Partition Type: NTFS
Drive E: | 71,75 Gb Total Space | 9,56 Gb Free Space | 13,32% Space Free | Partition Type: NTFS
Drive F: | 97,66 Gb Total Space | 53,79 Gb Free Space | 55,08% Space Free | Partition Type: NTFS
Drive G: | 978,07 Mb Total Space | 968,50 Mb Free Space | 99,02% Space Free | Partition Type: FAT32
 
Computer Name: SLO-PC | User Name: slo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - C:\Users\slo\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Logitech\Vid HD\Vid.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe ()
PRC - C:\Program Files (x86)\Common Files\Logishrd\LVMVFM\LVPrS64H.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe ()
PRC - C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe ()
PRC - C:\Program Files (x86)\phonostar-Player\phonostarTimer.exe ()
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
 
 
[color=#E56717]========== Modules (SafeList) ==========[/color]
 
MOD - C:\Users\slo\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV:[b]64bit:[/b] - (LVPrcS64) -- C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (ICQ Service) -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe ()
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV:[b]64bit:[/b] - (avgntflt) -- C:\Windows\SysNative\DRIVERS\avgntflt.sys (Avira GmbH)
DRV:[b]64bit:[/b] - (LVUVC64) Logitech Webcam C160(UVC) -- C:\Windows\SysNative\DRIVERS\lvuvc64.sys (Logitech Inc.)
DRV:[b]64bit:[/b] - (LVRS64) -- C:\Windows\SysNative\DRIVERS\lvrs64.sys (Logitech Inc.)
DRV:[b]64bit:[/b] - (LVPr2Mon) -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys ()
DRV:[b]64bit:[/b] - (LVPr2M64) -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys ()
DRV:[b]64bit:[/b] - (avipbb) -- C:\Windows\SysNative\DRIVERS\avipbb.sys (Avira GmbH)
DRV:[b]64bit:[/b] - (atksgt) -- C:\Windows\SysNative\DRIVERS\atksgt.sys ()
DRV:[b]64bit:[/b] - (lirsgt) -- C:\Windows\SysNative\DRIVERS\lirsgt.sys ()
DRV:[b]64bit:[/b] - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:[b]64bit:[/b] - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys (Realtek                                            )
DRV:[b]64bit:[/b] - (3xHybr64) -- C:\Windows\SysNative\DRIVERS\3xHybr64.sys (Philips Semiconductors GmbH)
DRV:[b]64bit:[/b] - (MTsensor) -- C:\Windows\SysNative\DRIVERS\ASACPI.sys ()
DRV:[b]64bit:[/b] - (Ntfs) -- C:\Windows\SysNative\Wbem\ntfs.mof ()
DRV:[b]64bit:[/b] - (FET5A64) -- C:\Windows\SysNative\DRIVERS\fet5a64.sys (VIA Technologies, Inc.              )
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "google.de"
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.10
FF - prefs.js..extensions.enabledItems: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f}:2.5.8.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0
FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:5.0.31.0
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q="
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "chrome://browser-region/locale/region.properties"
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.03.06 23:27:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.04.07 22:26:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.22\extensions\\Components: K:\Portables Extern\ThunderbirdPortable\App\Thunderbird\components
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.22\extensions\\Plugins: K:\Portables Extern\ThunderbirdPortable\App\Thunderbird\plugins
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.03.21 21:52:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2011.04.07 22:26:10 | 000,000,000 | ---D | M]
 
[2010.05.19 15:03:58 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\slo\AppData\Roaming\mozilla\Extensions
[2010.05.19 15:03:58 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\slo\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.04.07 22:59:44 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\slo\AppData\Roaming\mozilla\Firefox\Profiles\w59t2voi.default\extensions
[2010.06.28 23:36:23 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Users\slo\AppData\Roaming\mozilla\Firefox\Profiles\w59t2voi.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.09.04 16:20:30 | 000,000,000 | -H-D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\slo\AppData\Roaming\mozilla\Firefox\Profiles\w59t2voi.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010.06.23 16:36:07 | 000,000,000 | -H-D | M] ("DVDVideoSoft Menu") -- C:\Users\slo\AppData\Roaming\mozilla\Firefox\Profiles\w59t2voi.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.06.28 23:36:23 | 000,000,000 | -H-D | M] (DownThemAll!) -- C:\Users\slo\AppData\Roaming\mozilla\Firefox\Profiles\w59t2voi.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2010.04.11 05:32:35 | 000,000,000 | -H-D | M] (DVDVideoSoft Toolbar) -- C:\Users\slo\AppData\Roaming\mozilla\Firefox\Profiles\w59t2voi.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}
[2010.12.26 17:49:36 | 000,000,000 | -H-D | M] (Battlefield Heroes Updater) -- C:\Users\slo\AppData\Roaming\mozilla\Firefox\Profiles\w59t2voi.default\extensions\battlefieldheroespatcher@ea.com
[2010.04.11 11:59:14 | 000,000,873 | -H-- | M] () -- C:\Users\slo\AppData\Roaming\Mozilla\Firefox\Profiles\w59t2voi.default\searchplugins\conduit.xml
[2011.04.07 22:59:44 | 000,001,056 | ---- | M] () -- C:\Users\slo\AppData\Roaming\Mozilla\Firefox\Profiles\w59t2voi.default\searchplugins\icqplugin.xml
[2009.09.22 19:08:36 | 000,003,915 | -H-- | M] () -- C:\Users\slo\AppData\Roaming\Mozilla\Firefox\Profiles\w59t2voi.default\searchplugins\sweetim.xml
[2011.02.01 20:41:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.05.17 08:28:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.04.12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010.12.09 12:47:06 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2011.03.06 23:27:06 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.03.06 23:27:06 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.03.06 23:27:06 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.03.06 23:27:07 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.03.06 23:27:07 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O4:[b]64bit:[/b] - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:[b]64bit:[/b] - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files (x86)\QuickTime Alternative\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [ISUSPM Startup]  File not found
O4 - HKCU..\Run: [Logitech Vid] C:\Program Files (x86)\Logitech\Vid HD\Vid.exe (Logitech Inc.)
O4 - HKCU..\Run: [phonostarTimer] C:\Program Files (x86)\phonostar-Player\phonostarTimer.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O8:[b]64bit:[/b] - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\slo\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8:[b]64bit:[/b] - Extra context menu item: Save YouTube Video as MP3 - C:\Program Files (x86)\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll (DVSTeam)
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\slo\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Save YouTube Video as MP3 - C:\Program Files (x86)\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll (DVSTeam)
O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files (x86)\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files (x86)\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18:[b]64bit:[/b] - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:[b]64bit:[/b] - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\slo\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\slo\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O29:[b]64bit:[/b] - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{4781247b-290c-11df-ba2b-00261836c606}\Shell - "" = AutoRun
O33 - MountPoints2\{4781247b-290c-11df-ba2b-00261836c606}\Shell\AutoRun\command - "" = L:\LaunchU3.exe -a
O33 - MountPoints2\{ada11677-82a9-11de-87e6-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{ada11677-82a9-11de-87e6-806e6f6e6963}\Shell\AutoRun\command - "" = G:\.\Bin\Assetup.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2011.04.07 22:59:24 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\slo\Desktop\OTL.exe
[2011.04.07 21:18:58 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DWrite.dll
[2011.04.07 21:18:57 | 001,555,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2011.04.07 21:18:57 | 000,479,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2011.04.07 21:18:57 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2011.03.22 23:37:36 | 000,000,000 | -H-D | C] -- C:\Users\slo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Recovery
[2011.03.21 21:55:08 | 000,000,000 | -H-D | C] -- C:\Users\slo\AppData\Local\Apple Computer
[2011.03.21 21:55:07 | 000,000,000 | -H-D | C] -- C:\Users\slo\AppData\Roaming\Apple Computer
[2011.03.21 21:54:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011.03.21 21:54:44 | 000,126,312 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\GEARAspi64.dll
[2011.03.21 21:54:44 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysWow64\GEARAspi.dll
[2011.03.21 21:54:44 | 000,034,152 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys
[2011.03.21 21:54:44 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2011.03.21 21:54:04 | 000,000,000 | ---D | C] -- C:\Programme\iPod
[2011.03.21 21:54:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2011.03.21 21:54:03 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2011.03.21 21:54:02 | 000,000,000 | ---D | C] -- C:\Programme\iTunes
[2011.03.21 21:52:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011.03.21 21:51:53 | 000,000,000 | -H-D | C] -- C:\Users\slo\AppData\Local\Apple
[2011.03.21 21:51:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2011.03.21 21:49:58 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Apple
[2011.03.21 21:49:39 | 000,000,000 | ---D | C] -- C:\Programme\Bonjour
[2011.03.21 21:49:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2011.03.21 21:49:20 | 000,000,000 | -H-D | C] -- C:\ProgramData\Apple
[2011.03.21 21:49:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2011.03.18 20:09:04 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallJammer Registry
[2011.03.18 20:08:56 | 000,000,000 | -H-D | C] -- C:\Users\slo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ButtonBeats.com Virtual Piano
[2011.03.18 20:08:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ButtonBeats.com Virtual Piano
[2011.03.18 20:04:09 | 000,000,000 | -H-D | C] -- C:\Users\slo\AppData\Roaming\Synthesia
[2011.03.13 19:24:27 | 000,000,000 | -H-D | C] -- C:\Users\slo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Winamp Erkennungs-Plug-in
[2011.03.13 19:24:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Winamp Detect
[2011.03.13 19:24:11 | 000,000,000 | -H-D | C] -- C:\Users\slo\AppData\Roaming\Winamp
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2011.04.07 22:59:59 | 000,000,426 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{A08E459A-0FF6-4E1B-9C06-B91F4E4BDE12}.job
[2011.04.07 22:59:27 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\slo\Desktop\OTL.exe
[2011.04.07 22:39:30 | 001,445,116 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.04.07 22:39:30 | 000,628,504 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.04.07 22:39:30 | 000,595,798 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.04.07 22:39:30 | 000,126,054 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.04.07 22:39:30 | 000,103,872 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.04.07 22:33:49 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.04.07 22:33:07 | 000,004,784 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.04.07 22:33:06 | 000,004,784 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.04.07 22:32:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.04.07 22:32:40 | 2146,623,488 | -HS- | M] () -- C:\hiberfil.sys
[2011.04.07 22:32:09 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs
[2011.04.07 22:26:10 | 000,001,917 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011.04.07 22:19:02 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.04.07 21:03:49 | 000,000,948 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.03.22 23:39:52 | 000,000,400 | -H-- | M] () -- C:\ProgramData\45539080
[2011.03.22 23:37:38 | 000,000,583 | -H-- | M] () -- C:\Users\slo\Desktop\Windows Recovery.lnk
[2011.03.22 23:37:37 | 000,000,128 | -H-- | M] () -- C:\ProgramData\~45539080r
[2011.03.22 23:37:37 | 000,000,096 | -H-- | M] () -- C:\ProgramData\~45539080
[2011.03.22 23:37:16 | 000,095,549 | -H-- | M] () -- C:\ProgramData\nvModes.001
[2011.03.22 19:26:57 | 000,095,549 | -H-- | M] () -- C:\ProgramData\nvModes.dat
[2011.03.21 21:54:53 | 000,001,694 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011.03.21 21:52:33 | 000,001,816 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011.03.18 20:09:04 | 000,000,966 | -H-- | M] () -- C:\Users\slo\Desktop\ButtonBeats.com Virtual Piano.lnk
[2011.03.18 19:54:39 | 000,016,751 | -H-- | M] () -- C:\Users\slo\Desktop\censored.jpg
[2011.03.14 21:33:26 | 000,007,168 | -H-- | M] () -- C:\Users\slo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.03.13 19:24:27 | 000,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Winamp.lnk
[2011.03.13 19:20:16 | 000,013,532 | -H-- | M] () -- C:\Users\slo\Documents\cc_20110313_182013.reg
[2011.03.13 19:20:01 | 000,109,416 | -H-- | M] () -- C:\Users\slo\Documents\cc_20110313_181955.reg
[2011.03.13 14:22:48 | 000,037,952 | -H-- | M] () -- C:\Users\slo\Desktop\b5ebf973b1.jpeg
[2011.03.13 14:22:25 | 000,039,550 | -H-- | M] () -- C:\Users\slo\Desktop\17417caf3e.jpeg
[2011.03.13 14:21:51 | 000,023,383 | -H-- | M] () -- C:\Users\slo\Desktop\Unbenannt.jpg
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2011.04.07 22:26:10 | 000,001,917 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011.04.07 21:03:49 | 000,000,948 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.03.22 23:37:38 | 000,000,583 | -H-- | C] () -- C:\Users\slo\Desktop\Windows Recovery.lnk
[2011.03.22 23:37:37 | 000,000,128 | -H-- | C] () -- C:\ProgramData\~45539080r
[2011.03.22 23:37:37 | 000,000,096 | -H-- | C] () -- C:\ProgramData\~45539080
[2011.03.22 23:37:29 | 000,000,400 | -H-- | C] () -- C:\ProgramData\45539080
[2011.03.21 21:54:53 | 000,001,694 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011.03.21 21:52:33 | 000,001,816 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011.03.21 21:51:47 | 000,001,830 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2011.03.18 20:09:04 | 000,000,966 | -H-- | C] () -- C:\Users\slo\Desktop\ButtonBeats.com Virtual Piano.lnk
[2011.03.18 19:53:56 | 000,016,751 | -H-- | C] () -- C:\Users\slo\Desktop\censored.jpg
[2011.03.13 19:24:27 | 000,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Winamp.lnk
[2011.03.13 19:20:14 | 000,013,532 | -H-- | C] () -- C:\Users\slo\Documents\cc_20110313_182013.reg
[2011.03.13 19:19:57 | 000,109,416 | -H-- | C] () -- C:\Users\slo\Documents\cc_20110313_181955.reg
[2011.03.13 14:22:48 | 000,037,952 | -H-- | C] () -- C:\Users\slo\Desktop\b5ebf973b1.jpeg
[2011.03.13 14:22:23 | 000,039,550 | -H-- | C] () -- C:\Users\slo\Desktop\17417caf3e.jpeg
[2011.03.13 14:21:51 | 000,023,383 | -H-- | C] () -- C:\Users\slo\Desktop\Unbenannt.jpg
[2011.02.25 21:32:05 | 000,019,456 | -H-- | C] () -- C:\Users\slo\AppData\Local\WebpageIcons.db
[2011.01.30 18:39:08 | 000,007,168 | -H-- | C] () -- C:\Users\slo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.11.10 04:45:32 | 000,102,744 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2010.11.10 04:45:30 | 010,871,128 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2010.11.10 04:45:20 | 000,316,248 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2010.09.01 17:48:03 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.07.31 15:36:48 | 000,110,080 | ---- | C] () -- C:\Windows\SysWow64\advd.dll
[2010.07.31 15:36:48 | 000,023,040 | ---- | C] () -- C:\Windows\SysWow64\auth.dll
[2009.10.23 15:42:15 | 002,407,792 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_heroes.exe
[2009.09.24 15:43:37 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009.09.24 15:43:04 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009.09.24 15:42:36 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.09.01 22:10:45 | 000,484,352 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll
[2009.08.26 21:32:03 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2009.08.23 14:00:23 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2009.08.20 15:19:11 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009.08.18 19:17:29 | 000,270,240 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2009.08.18 19:17:27 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2009.08.18 19:17:25 | 000,000,331 | ---- | C] () -- C:\Windows\game.ini
[2009.08.06 20:50:58 | 000,095,549 | -H-- | C] () -- C:\ProgramData\nvModes.dat
[2009.08.06 20:50:58 | 000,095,549 | -H-- | C] () -- C:\ProgramData\nvModes.001
[2009.08.06 20:39:27 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009.08.06 19:45:49 | 000,168,448 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2009.08.06 19:45:49 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2009.08.06 19:45:47 | 002,402,304 | ---- | C] () -- C:\Windows\SysWow64\x264vfw.dll
[2009.08.06 19:45:47 | 000,881,664 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2009.08.06 19:45:47 | 000,205,824 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009.08.06 19:45:45 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2009.08.06 19:13:00 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2009.08.06 19:12:46 | 000,014,668 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2009.08.06 19:12:46 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2006.11.02 17:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006.11.02 14:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006.11.02 14:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006.11.02 11:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

< End of report >
Extras:
HTML-Code:
OTL Extras logfile created on: 07.04.2011 23:00:12 - Run 1
OTL by OldTimer - Version 3.2.22.3    Folder = C:\Users\slo\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 45,00% Memory free
4,00 Gb Paging File | 2,00 Gb Available in Paging File | 54,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 63,48 Gb Total Space | 2,15 Gb Free Space | 3,38% Space Free | Partition Type: NTFS
Drive E: | 71,75 Gb Total Space | 9,56 Gb Free Space | 13,32% Space Free | Partition Type: NTFS
Drive F: | 97,66 Gb Total Space | 53,79 Gb Free Space | 55,08% Space Free | Partition Type: NTFS
Drive G: | 978,07 Mb Total Space | 968,50 Mb Free Space | 99,02% Space Free | Partition Type: FAT32
 
Computer Name: SLO-PC | User Name: slo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== File Associations ==========[/color]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[color=#E56717]========== Shell Spawning ==========[/color]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l File not found
InternetShortcut [print] -- rundll32.exe C:\Windows\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[color=#E56717]========== Security Center Settings ==========[/color]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 63 C7 55 5F E5 24 CA 01  [binary data]
"VistaSp2" = 14 8F 26 22 60 3D CA 01  [binary data]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
 
[color=#E56717]========== System Restore Settings ==========[/color]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
 
[color=#E56717]========== Firewall Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[color=#E56717]========== Authorized Applications List ==========[/color]
 
 
[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
[color=#E56717]========== Vista Active Application Exception List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03ECA569-8865-4C46-B998-BD19A4A793BE}" = protocol=6 | dir=in | app=e:\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
"{0B22E10D-79AD-415A-BDEC-2ADD26282382}" = protocol=17 | dir=in | app=e:\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
"{18016EDB-DAA6-4A13-A24E-651C0C1FABCA}" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe |
"{38F47087-CA6E-46DA-95AE-317B04E9478F}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.4\icq.exe |
"{3DA2A22A-F16A-4770-8194-CC266D4F4242}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead\srcds.exe |
"{46E77B63-0C2E-4030-B6C7-6E9D8F418452}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{4788CFAE-419D-43BE-8EF6-F5820E83D59C}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.4\icq.exe |
"{4886136E-1958-4E75-A2D6-3E8AE9355AC2}" = protocol=17 | dir=in | app=e:\ea games\battlefield ii\bf2.exe |
"{522CD532-C883-4115-8F7A-5FA2E8F6A7BD}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.4\icq.exe |
"{5543B7B1-15D9-4380-AAA2-F2D2B23AD309}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{568FFE77-7AD6-42D8-BDF8-66ADF904BA50}" = protocol=6 | dir=in | app=e:\world of warcraft\wow-3.2.0-dede-downloader.exe |
"{592A2239-755D-4680-9AD6-5DDFA83FF024}" = protocol=6 | dir=in | app=e:\steam.exe |
"{607B11C6-BB5A-424B-89C6-ED0E395AA3CF}" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe |
"{71D2FF23-D0EF-432B-898E-AD1DDD31478C}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_dx10.exe |
"{764E2297-577C-48FC-8E87-73DD88C1A835}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.4\icq.exe |
"{7C94BEFE-44C3-43C4-BC43-E3E66CE3FA92}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{904D8417-AF03-4B62-99DF-00DD4005E918}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_dx9.exe |
"{980CAAE7-3D0A-4096-91E5-EE72E893B248}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{9FC9658B-0002-4FA8-AE55-317B57E33077}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead\srcds.exe |
"{A342370B-38C5-4D82-984B-B424CD3A1E30}" = protocol=17 | dir=in | app=e:\steam.exe |
"{A58C0379-BF44-46DB-8DBC-CFDDD5901843}" = protocol=6 | dir=in | app=c:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe |
"{A72F83F5-7D10-4B2C-B2E4-E70C69FE4F82}" = protocol=6 | dir=in | app=e:\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
"{B39ED5D5-6CF8-4D2E-B1B6-B81CE7BF32B2}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{B4E0F196-DF85-464C-A5B2-0F84B315497A}" = protocol=17 | dir=in | app=c:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe |
"{B776A719-ED28-48F8-9778-C24E008FD26E}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{BBDB4B0C-D5BD-421E-90C9-2AFF685D7885}" = protocol=17 | dir=in | app=e:\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
"{BCB84077-47CB-4C96-9351-841E1375BAB6}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_launcher.exe |
"{CEBAA428-8C40-4E1D-A5E2-6D03B376E73D}" = protocol=6 | dir=in | app=e:\ea games\battlefield ii\bf2.exe |
"{E7665D2B-97E3-4055-8449-1E5388922266}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_dx10.exe |
"{E8113F07-2D1B-43C6-AA74-D3B658284F7F}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{F5B68E2F-5CAD-415D-A1D1-F31444DA85E8}" = protocol=17 | dir=in | app=e:\world of warcraft\wow-3.2.0-dede-downloader.exe |
"{F60E1528-FC23-4B55-A6E0-BBC8ADDFEE35}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{F94C4AA4-DF08-411B-9F46-6723AC0AE57A}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_launcher.exe |
"{FA83059E-8E24-4C7B-BBC3-CA1DE2763E71}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_dx9.exe |
"TCP Query User{1950B244-EA21-4C70-9B0F-14321A5AD8B6}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"TCP Query User{1EF3463E-BE86-4CC0-AD2D-2935856652F5}E:\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=e:\world of warcraft\launcher.exe |
"TCP Query User{423EFC92-6559-450E-890E-9E7FD7CEB68B}E:\clients\icq6.5\icq.exe" = protocol=6 | dir=in | app=e:\clients\icq6.5\icq.exe |
"TCP Query User{44E0D118-89DB-4D75-B5BA-7BA208ED00DF}C:\dvdvideosoft\sega\wf.exe" = protocol=6 | dir=in | app=c:\dvdvideosoft\sega\wf.exe |
"TCP Query User{59A8C978-112F-4607-8016-614934E03A83}C:\windows\syswow64\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dplaysvr.exe |
"TCP Query User{8B10F7DF-78EA-40FA-8E9B-A56205B3891F}E:\activision\call of duty 4 - modern warfare\iw3mp.exe" = protocol=6 | dir=in | app=e:\activision\call of duty 4 - modern warfare\iw3mp.exe |
"TCP Query User{95CF6BAB-86B8-47D1-B81F-FB4E5C774329}C:\users\slo\desktop\games\stronghold crusader\stronghold crusader.exe" = protocol=6 | dir=in | app=c:\users\slo\desktop\games\stronghold crusader\stronghold crusader.exe |
"TCP Query User{A80A25EE-B827-404F-978E-A97EEF66665F}C:\program files (x86)\phonostar\ps_olect.exe" = protocol=6 | dir=in | app=c:\program files (x86)\phonostar\ps_olect.exe |
"TCP Query User{AC4FAA59-DFB8-48C3-83DD-22DB54B49DF1}C:\program files (x86)\icq7.0\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.0\icq.exe |
"TCP Query User{EBCB900F-3C50-4C84-AEE2-80C7DE67A638}C:\program files (x86)\logitech\vid hd\vid.exe" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe |
"UDP Query User{1949A2FA-5DC0-43E1-A6EB-05BFC7ACC19B}C:\program files (x86)\icq7.0\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.0\icq.exe |
"UDP Query User{285D7525-33C1-4912-AB76-B5DC6A108ED2}E:\activision\call of duty 4 - modern warfare\iw3mp.exe" = protocol=17 | dir=in | app=e:\activision\call of duty 4 - modern warfare\iw3mp.exe |
"UDP Query User{3B5DA52D-D280-4CFD-A54B-AA1A2FEAAF28}C:\program files (x86)\phonostar\ps_olect.exe" = protocol=17 | dir=in | app=c:\program files (x86)\phonostar\ps_olect.exe |
"UDP Query User{40AC65BE-8751-4284-8E48-9FDC212A7807}E:\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=e:\world of warcraft\launcher.exe |
"UDP Query User{6703F631-B918-479E-BDF9-6E7C73DEECD3}C:\dvdvideosoft\sega\wf.exe" = protocol=17 | dir=in | app=c:\dvdvideosoft\sega\wf.exe |
"UDP Query User{8F64A2FF-2381-4AD3-ABBF-770B00BDA8A8}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"UDP Query User{A2F6C4DB-8D45-4765-99C8-6334EB8B765D}C:\users\slo\desktop\games\stronghold crusader\stronghold crusader.exe" = protocol=17 | dir=in | app=c:\users\slo\desktop\games\stronghold crusader\stronghold crusader.exe |
"UDP Query User{BEFA60A7-6B43-416D-A580-2A306993664B}C:\program files (x86)\logitech\vid hd\vid.exe" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe |
"UDP Query User{DDB45983-8CA6-416E-83B4-40D71BC1B0BA}C:\windows\syswow64\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dplaysvr.exe |
"UDP Query User{FC59A852-40C6-46E9-8DD3-CC4B9FCB012B}E:\clients\icq6.5\icq.exe" = protocol=17 | dir=in | app=e:\clients\icq6.5\icq.exe |
 
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{8F473675-D702-45F9-8EBC-342B40C17BF5}" = Apple Mobile Device Support
"{9545E9DB-6F4C-4404-BF25-E221BE8B44C5}" = iTunes
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}" = Bonjour
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Drivers" = NVIDIA Drivers
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0138F525-6C8A-333F-A105-14AE030B9A54}" = Visual C++ 9.0 CRT (x86) WinSXS MSM
"{02B244A2-7F6A-42E8-A36F-8C385D7A1625}" = Gothic III
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2(TM)
"{050C1C8E-4A4D-4C2F-B9AE-67E60EE91B7F}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.3 Patch
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 20
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50D4CB89-AF34-4978-96DC-C3034062E901}" = Battlefield 2: Special Forces
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5D7767FA-7FE8-4627-9F09-AEF7A25F1E07}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.1 Patch
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37}" = ICQ7.4
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{8503C901-85D7-4262-88D2-8D8B2A7B08B8}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Patch
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"{8CFA9151-6404-409A-AF22-4632D04582FD}" = Assassin's Creed
"{8F50EC3D-C482-4445-9E4B-991A766047D5}_is1" = MAESTIA Version 201101
"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.3 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{E5141379-B2D9-4BBC-BB2A-5805541571DD}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.2 Patch
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"5E025EFD-B619-4240-9C87-818E1CDEE2C1" = ButtonBeats.com Virtual Piano
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner (remove only)
"Euro Truck Simulator" = Euro Truck Simulator 1.00
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v4.50
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.1
"Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 1.8.0
"Free Studio_is1" = Free Studio version 4.3
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8
"HijackThis" = HijackThis 2.0.2
"ICQToolbar" = ICQ Toolbar
"InstallShield_{050C1C8E-4A4D-4C2F-B9AE-67E60EE91B7F}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.3 Patch
"InstallShield_{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
"InstallShield_{5D7767FA-7FE8-4627-9F09-AEF7A25F1E07}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.1 Patch
"InstallShield_{8503C901-85D7-4262-88D2-8D8B2A7B08B8}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Multiplayer Patch
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"InstallShield_{E5141379-B2D9-4BBC-BB2A-5805541571DD}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.2 Patch
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 5.0.0
"LemmingballZ_0" = LemmingballZ 3D 8460
"Logitech Vid" = Logitech Vid HD
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.15)" = Mozilla Firefox (3.6.15)
"Mozilla Thunderbird (2.0.0.22)" = Mozilla Thunderbird (2.0.0.22)
"Mozilla Thunderbird (3.0.4)" = Mozilla Thunderbird (3.0.4)
"NosTale_is1" = Nostale(DE)
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"phonostar3RadioPlayer_is1" = phonostar-Player Version 3.01.7
"PhotoScape" = PhotoScape
"PunkBusterSvc" = PunkBuster Services
"QuicktimeAlt_is1" = QuickTime Alternative 2.8.0
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.0.5
"Winamp" = Winamp
"WinRAR archiver" = WinRAR
 
[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}" = Battlefield Heroes
"UnityWebPlayer" = Unity Web Player
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
[color=#E56717]========== Last 10 Event Log Errors ==========[/color]
 
[ Application Events ]
Error - 21.03.2011 13:23:28 | Computer Name = slo-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 21.03.2011 15:41:47 | Computer Name = slo-PC | Source = MsiInstaller | ID = 10005
Description =
 
Error - 22.03.2011 13:26:27 | Computer Name = slo-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 22.03.2011 13:26:27 | Computer Name = slo-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 22.03.2011 17:47:31 | Computer Name = slo-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 22.03.2011 17:47:31 | Computer Name = slo-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 07.04.2011 14:57:14 | Computer Name = slo-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 07.04.2011 14:57:14 | Computer Name = slo-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 07.04.2011 16:19:03 | Computer Name = slo-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 07.04.2011 16:19:03 | Computer Name = slo-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
[ Media Center Events ]
Error - 02.03.2010 15:36:59 | Computer Name = slo-PC | Source = ehRecvr | ID = 4
Description =
 
[ System Events ]
Error - 07.04.2011 14:57:14 | Computer Name = slo-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 07.04.2011 15:03:47 | Computer Name = slo-PC | Source = Service Control Manager | ID = 7022
Description =
 
Error - 07.04.2011 16:18:52 | Computer Name = slo-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 07.04.2011 16:18:52 | Computer Name = slo-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 07.04.2011 16:26:09 | Computer Name = slo-PC | Source = DCOM | ID = 10005
Description =
 
Error - 07.04.2011 16:26:09 | Computer Name = slo-PC | Source = Service Control Manager | ID = 7009
Description =
 
Error - 07.04.2011 16:26:09 | Computer Name = slo-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 07.04.2011 16:32:53 | Computer Name = slo-PC | Source = volsnap | ID = 393229
Description = Die Schattenkopie von Volume "E:" konnte seinen Schattenkopiespeicher
 auf Volume "E:" nicht vergrößern.
 
Error - 07.04.2011 16:33:26 | Computer Name = slo-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 07.04.2011 16:33:26 | Computer Name = slo-PC | Source = Service Control Manager | ID = 7000
Description =
 
 
< End of report >

cosinus 08.04.2011 05:38
Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.

SharKING 08.04.2011 21:29
Ja, gibt es. Diese sind jedoch um einiges älter und sind deshalb auch vor dem "Vorfall" entstanden.

Dennoch die letzteren:

HTML-Code:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4149

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

03.10.2010 09:33:59
mbam-log-2010-10-03 (09-33-59).txt


Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|F:\|)
Durchsuchte Objekte: 297632
Laufzeit: 1 Stunde(n), 2 Minute(n), 49 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
HTML-Code:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4149

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

16.06.2010 20:17:37
mbam-log-2010-06-16 (20-17-37).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|F:\|)
Durchsuchte Objekte: 266734
Laufzeit: 59 Minute(n), 53 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

cosinus 09.04.2011 14:12
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
[2011.03.22 23:37:38 | 000,000,583 | -H-- | C] () -- C:\Users\slo\Desktop\Windows Recovery.lnk
[2011.03.22 23:37:37 | 000,000,128 | -H-- | C] () -- C:\ProgramData\~45539080r
[2011.03.22 23:37:37 | 000,000,096 | -H-- | C] () -- C:\ProgramData\~45539080
[2011.03.22 23:37:29 | 000,000,400 | -H-- | C] () -- C:\ProgramData\45539080
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{4781247b-290c-11df-ba2b-00261836c606}\Shell - "" = AutoRun
O33 - MountPoints2\{4781247b-290c-11df-ba2b-00261836c606}\Shell\AutoRun\command - "" = L:\LaunchU3.exe -a
O33 - MountPoints2\{ada11677-82a9-11de-87e6-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{ada11677-82a9-11de-87e6-806e6f6e6963}\Shell\AutoRun\command - "" = G:\.\Bin\Assetup.exe
:Commands
[purity]
[resethosts]
[emptytemp]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.


Downloade dir danach bitte unhide.exe und speichere diese Datei auf deinem Desktop.

Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern)

SharKING 10.04.2011 10:40
HTML-Code:
All processes killed
========== OTL ==========
C:\Users\slo\Desktop\Windows Recovery.lnk moved successfully.
C:\ProgramData\~45539080r moved successfully.
C:\ProgramData\~45539080 moved successfully.
C:\ProgramData\45539080 moved successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4781247b-290c-11df-ba2b-00261836c606}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4781247b-290c-11df-ba2b-00261836c606}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4781247b-290c-11df-ba2b-00261836c606}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4781247b-290c-11df-ba2b-00261836c606}\ not found.
File L:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ada11677-82a9-11de-87e6-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ada11677-82a9-11de-87e6-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ada11677-82a9-11de-87e6-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ada11677-82a9-11de-87e6-806e6f6e6963}\ not found.
File G:\.\Bin\Assetup.exe not found.
========== COMMANDS ==========
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
HOSTS file reset successfully
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Gast
->Temp folder emptied: 52023 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 34778137 bytes
->Flash cache emptied: 649 bytes
 
User: Mum & Dad
->Temp folder emptied: 6379809 bytes
->Temporary Internet Files folder emptied: 1674979 bytes
->Java cache emptied: 39751 bytes
->FireFox cache emptied: 97618078 bytes
->Flash cache emptied: 43818 bytes
 
User: Public
 
User: slo
->Temp folder emptied: 12054487 bytes
->Temporary Internet Files folder emptied: 5448848 bytes
->Java cache emptied: 18299022 bytes
->FireFox cache emptied: 52887194 bytes
->Flash cache emptied: 5433 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 548006 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33109 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 37606146 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 184112599 bytes
 
Total Files Cleaned = 431,00 mb
 
 
OTL by OldTimer - Version 3.2.22.3 log created on 04102011_112402

Files\Folders moved on Reboot...
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.

Registry entries deleted on Reboot...
ich hab die unhide.exe durchlaufen lassen und es ist wieder alles sichtbar :)
Vielen dank!
darf ich jetzt sicher sein das der Virus "komplett" weg ist?

cosinus 10.04.2011 19:17
Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

SharKING 10.04.2011 20:12
HTML-Code:
2011/04/10 21:10:24.0629 3884        TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/10 21:10:24.0950 3884        ================================================================================
2011/04/10 21:10:24.0950 3884        SystemInfo:
2011/04/10 21:10:24.0950 3884       
2011/04/10 21:10:24.0950 3884        OS Version: 6.0.6002 ServicePack: 2.0
2011/04/10 21:10:24.0950 3884        Product type: Workstation
2011/04/10 21:10:24.0950 3884        ComputerName: SLO-PC
2011/04/10 21:10:24.0950 3884        UserName: slo
2011/04/10 21:10:24.0950 3884        Windows directory: C:\Windows
2011/04/10 21:10:24.0950 3884        System windows directory: C:\Windows
2011/04/10 21:10:24.0950 3884        Running under WOW64
2011/04/10 21:10:24.0950 3884        Processor architecture: Intel x64
2011/04/10 21:10:24.0950 3884        Number of processors: 2
2011/04/10 21:10:24.0950 3884        Page size: 0x1000
2011/04/10 21:10:24.0950 3884        Boot type: Normal boot
2011/04/10 21:10:24.0950 3884        ================================================================================
2011/04/10 21:10:25.0313 3884        Initialize success
2011/04/10 21:10:30.0347 3112        ================================================================================
2011/04/10 21:10:30.0347 3112        Scan started
2011/04/10 21:10:30.0347 3112        Mode: Manual;
2011/04/10 21:10:30.0347 3112        ================================================================================
2011/04/10 21:10:31.0105 3112        3xHybr64        (09c3c8be1385df671dcab548bee7f745) C:\Windows\system32\DRIVERS\3xHybr64.sys
2011/04/10 21:10:31.0189 3112        ACPI            (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
2011/04/10 21:10:31.0258 3112        adp94xx        (9137451d37ba1c325cd6c2def3d2d692) C:\Windows\system32\drivers\adp94xx.sys
2011/04/10 21:10:31.0325 3112        adpahci        (01f80898df5cc7df19b3b11351846263) C:\Windows\system32\drivers\adpahci.sys
2011/04/10 21:10:31.0372 3112        adpu160m        (da001db13fff45dfe9109936e265b7cc) C:\Windows\system32\drivers\adpu160m.sys
2011/04/10 21:10:31.0416 3112        adpu320        (2b10c35c5b7c5c0c28f572e035319602) C:\Windows\system32\drivers\adpu320.sys
2011/04/10 21:10:31.0480 3112        AFD            (12415ccfd3e7cec55b5184e67b039fe4) C:\Windows\system32\drivers\afd.sys
2011/04/10 21:10:31.0557 3112        aic78xx        (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
2011/04/10 21:10:31.0592 3112        aliide          (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
2011/04/10 21:10:31.0612 3112        amdide          (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
2011/04/10 21:10:31.0658 3112        AmdK8          (de55dc52f7ceb89a967572d6b491ada2) C:\Windows\system32\drivers\amdk8.sys
2011/04/10 21:10:31.0751 3112        arc            (2e8623f2fed998a97129a3db919551c8) C:\Windows\system32\drivers\arc.sys
2011/04/10 21:10:31.0780 3112        arcsas          (741a003c041a3ec480a2e71af71e9654) C:\Windows\system32\drivers\arcsas.sys
2011/04/10 21:10:31.0822 3112        AsyncMac        (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/04/10 21:10:31.0857 3112        atapi          (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
2011/04/10 21:10:31.0902 3112        atksgt          (4aef9ec86818375495fb78ca58df4e18) C:\Windows\system32\DRIVERS\atksgt.sys
2011/04/10 21:10:31.0954 3112        avgntflt        (39c2e2870fc0c2ae0595b883cbe716b4) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/04/10 21:10:32.0018 3112        avipbb          (c98fa6e5ad0e857d22716bd2b8b1f399) C:\Windows\system32\DRIVERS\avipbb.sys
2011/04/10 21:10:32.0115 3112        bowser          (8b2b19031d0aeade6e1b933df1acba7e) C:\Windows\system32\DRIVERS\bowser.sys
2011/04/10 21:10:32.0167 3112        BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
2011/04/10 21:10:32.0187 3112        BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
2011/04/10 21:10:32.0230 3112        Brserid        (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
2011/04/10 21:10:32.0262 3112        BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
2011/04/10 21:10:32.0284 3112        BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
2011/04/10 21:10:32.0313 3112        BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
2011/04/10 21:10:32.0348 3112        BTHMODEM        (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
2011/04/10 21:10:32.0376 3112        cdfs            (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
2011/04/10 21:10:32.0425 3112        cdrom          (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
2011/04/10 21:10:32.0457 3112        circlass        (f28f00596824058bc61d5edf434c9b82) C:\Windows\system32\drivers\circlass.sys
2011/04/10 21:10:32.0500 3112        CLFS            (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
2011/04/10 21:10:32.0566 3112        cmdide          (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
2011/04/10 21:10:32.0591 3112        Compbatt        (0e77a445640bf310817f60941c50560c) C:\Windows\system32\drivers\compbatt.sys
2011/04/10 21:10:32.0624 3112        crcdisk        (b1192dcd5b9cf46beed0e2a9e5bcf59a) C:\Windows\system32\drivers\crcdisk.sys
2011/04/10 21:10:32.0691 3112        DfsC            (36cd31121f228e7e79bae60aa45764c6) C:\Windows\system32\Drivers\dfsc.sys
2011/04/10 21:10:32.0778 3112        disk            (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
2011/04/10 21:10:32.0830 3112        drmkaud        (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
2011/04/10 21:10:32.0896 3112        DXGKrnl        (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
2011/04/10 21:10:32.0983 3112        E1G60          (d57fe09b575545738a73a0c193d0616a) C:\Windows\system32\DRIVERS\E1G6032E.sys
2011/04/10 21:10:33.0040 3112        Ecache          (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
2011/04/10 21:10:33.0091 3112        elxstor        (3d6298aff3fe06c0616ce5d090a3eeaa) C:\Windows\system32\drivers\elxstor.sys
2011/04/10 21:10:33.0185 3112        exfat          (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
2011/04/10 21:10:33.0225 3112        fastfat        (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
2011/04/10 21:10:33.0257 3112        fdc            (61b6dbd1ad1143f008364d4e9a96b224) C:\Windows\system32\DRIVERS\fdc.sys
2011/04/10 21:10:33.0326 3112        FET5A64        (024f983c976e5d5ce79eb403058899f8) C:\Windows\system32\DRIVERS\fet5a64.sys
2011/04/10 21:10:33.0355 3112        FileInfo        (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
2011/04/10 21:10:33.0387 3112        Filetrace      (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
2011/04/10 21:10:33.0430 3112        flpydisk        (12c3d1b4d0ce49e1ce343ba2f22f15e0) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/04/10 21:10:33.0614 3112        FltMgr          (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
2011/04/10 21:10:33.0741 3112        Fs_Rec          (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
2011/04/10 21:10:33.0847 3112        gagp30kx        (b54520cc7b4b55134d7527b1cd3fc1f2) C:\Windows\system32\drivers\gagp30kx.sys
2011/04/10 21:10:33.0944 3112        GEARAspiWDM    (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/04/10 21:10:34.0238 3112        HdAudAddService (df45f8142dc6df9d18c39b3effbd0409) C:\Windows\system32\drivers\HdAudio.sys
2011/04/10 21:10:34.0507 3112        HDAudBus        (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/04/10 21:10:35.0338 3112        HidBth          (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
2011/04/10 21:10:35.0395 3112        HidIr          (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
2011/04/10 21:10:35.0433 3112        HidUsb          (d02c82cb3a20f391c8aeff94e8e0baa1) C:\Windows\system32\DRIVERS\hidusb.sys
2011/04/10 21:10:35.0476 3112        HpCISSs        (8edc820115df1e04763b2923676ea5b2) C:\Windows\system32\drivers\hpcisss.sys
2011/04/10 21:10:35.0525 3112        HTTP            (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
2011/04/10 21:10:35.0579 3112        i2omp          (f2901763845570ecac48e6a50ec50812) C:\Windows\system32\drivers\i2omp.sys
2011/04/10 21:10:35.0629 3112        i8042prt        (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/04/10 21:10:35.0657 3112        iaStorV        (72c3ee7ea3cd75a772e62ae0e5df8b8c) C:\Windows\system32\drivers\iastorv.sys
2011/04/10 21:10:35.0707 3112        iirsp          (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
2011/04/10 21:10:35.0824 3112        IntcAzAudAddService (627c6b352718e59df08f02c536e2e0ed) C:\Windows\system32\drivers\RTKVHD64.sys
2011/04/10 21:10:35.0929 3112        intelide        (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
2011/04/10 21:10:35.0956 3112        intelppm        (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
2011/04/10 21:10:36.0015 3112        IpFilterDriver  (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/04/10 21:10:36.0089 3112        IPMIDRV        (eacdbbe429c6d170bdeee0effcbc317b) C:\Windows\system32\drivers\ipmidrv.sys
2011/04/10 21:10:36.0138 3112        IPNAT          (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
2011/04/10 21:10:36.0176 3112        IRENUM          (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
2011/04/10 21:10:36.0216 3112        isapnp          (d3bb520b31f28c1a065cd058e762ee73) C:\Windows\system32\drivers\isapnp.sys
2011/04/10 21:10:36.0267 3112        iScsiPrt        (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/04/10 21:10:36.0291 3112        iteatapi        (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
2011/04/10 21:10:36.0356 3112        iteraid        (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
2011/04/10 21:10:36.0383 3112        kbdclass        (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/04/10 21:10:36.0422 3112        kbdhid          (2b08052372c1f0dffc31cdd6e5abc4b5) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/04/10 21:10:36.0472 3112        KSecDD          (476e2c1dcea45895994bef11c2a98715) C:\Windows\system32\Drivers\ksecdd.sys
2011/04/10 21:10:36.0574 3112        ksthunk        (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
2011/04/10 21:10:36.0677 3112        lirsgt          (b658b7076b1acaa5876524595630f183) C:\Windows\system32\DRIVERS\lirsgt.sys
2011/04/10 21:10:36.0725 3112        lltdio          (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
2011/04/10 21:10:36.0775 3112        LSI_FC          (1572f8d999c0ab4376afdce058a78df9) C:\Windows\system32\drivers\lsi_fc.sys
2011/04/10 21:10:36.0806 3112        LSI_SAS        (64470979c3e3c9ff60edfb5230c56e0e) C:\Windows\system32\drivers\lsi_sas.sys
2011/04/10 21:10:36.0829 3112        LSI_SCSI        (4ced7d3b54bfc5bbae75c4a73c7f7428) C:\Windows\system32\drivers\lsi_scsi.sys
2011/04/10 21:10:36.0859 3112        luafv          (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
2011/04/10 21:10:36.0897 3112        LVPr2M64        (b3944d06eb4b64d57bd7e5fe89415f58) C:\Windows\system32\DRIVERS\LVPr2M64.sys
2011/04/10 21:10:36.0918 3112        LVPr2Mon        (b3944d06eb4b64d57bd7e5fe89415f58) C:\Windows\system32\DRIVERS\LVPr2M64.sys
2011/04/10 21:10:36.0993 3112        LVRS64          (803085f59ec92b3827cc4d90fcbfd335) C:\Windows\system32\DRIVERS\lvrs64.sys
2011/04/10 21:10:37.0137 3112        LVUVC64        (a8d7c97016e6b76ef472a4c7ab357ee3) C:\Windows\system32\DRIVERS\lvuvc64.sys
2011/04/10 21:10:37.0302 3112        megasas        (2f631c2939d5f2e8958935ee701d70d7) C:\Windows\system32\drivers\megasas.sys
2011/04/10 21:10:37.0343 3112        Modem          (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
2011/04/10 21:10:37.0402 3112        monitor        (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
2011/04/10 21:10:37.0422 3112        mouclass        (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
2011/04/10 21:10:37.0449 3112        mouhid          (8b723ed4d5dbbc47a5f54af0515bc245) C:\Windows\system32\DRIVERS\mouhid.sys
2011/04/10 21:10:37.0486 3112        MountMgr        (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
2011/04/10 21:10:37.0531 3112        mpio            (ed48eac719ee28db773359eb1b06e2b5) C:\Windows\system32\drivers\mpio.sys
2011/04/10 21:10:37.0568 3112        mpsdrv          (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
2011/04/10 21:10:37.0621 3112        Mraid35x        (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
2011/04/10 21:10:37.0657 3112        MRxDAV          (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
2011/04/10 21:10:37.0690 3112        mrxsmb          (d58d129e26705e83a4deba7177eb7972) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/04/10 21:10:37.0711 3112        mrxsmb10        (d5be5c14e0f1dc489f5bb2a67983f630) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/04/10 21:10:37.0740 3112        mrxsmb20        (09a2990c3b293c212816c9bc0d7c200e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/04/10 21:10:37.0796 3112        msahci          (eeadf970795148bfbb1db3abcc89c16b) C:\Windows\system32\drivers\msahci.sys
2011/04/10 21:10:37.0819 3112        msdsm          (96d7c0a1b98434c6e4ff0c2e26a0e20a) C:\Windows\system32\drivers\msdsm.sys
2011/04/10 21:10:37.0874 3112        Msfs            (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
2011/04/10 21:10:37.0923 3112        msisadrv        (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
2011/04/10 21:10:37.0963 3112        MSKSSRV        (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
2011/04/10 21:10:37.0995 3112        MSPCLOCK        (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/04/10 21:10:38.0027 3112        MSPQM          (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
2011/04/10 21:10:38.0062 3112        MsRPC          (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
2011/04/10 21:10:38.0117 3112        mssmbios        (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/04/10 21:10:38.0143 3112        MSTEE          (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
2011/04/10 21:10:38.0183 3112        MTsensor        (6936198f2cc25b39cf5262436c80df46) C:\Windows\system32\DRIVERS\ASACPI.sys
2011/04/10 21:10:38.0204 3112        Mup            (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
2011/04/10 21:10:38.0282 3112        NativeWifiP    (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
2011/04/10 21:10:38.0360 3112        NDIS            (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
2011/04/10 21:10:38.0420 3112        NdisTapi        (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/04/10 21:10:38.0452 3112        Ndisuio        (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/04/10 21:10:38.0499 3112        NdisWan        (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/04/10 21:10:38.0547 3112        NDProxy        (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
2011/04/10 21:10:38.0606 3112        NetBIOS        (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
2011/04/10 21:10:38.0657 3112        netbt          (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
2011/04/10 21:10:38.0726 3112        nfrd960        (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
2011/04/10 21:10:38.0789 3112        Npfs            (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
2011/04/10 21:10:38.0844 3112        nsiproxy        (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
2011/04/10 21:10:38.0917 3112        Ntfs            (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
2011/04/10 21:10:38.0980 3112        Null            (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
2011/04/10 21:10:39.0333 3112        nvlddmkm        (aa0828f3223e1a2952f80a8d2047dd40) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/04/10 21:10:39.0665 3112        nvraid          (840eeb44dc49317a6161961f7682cd99) C:\Windows\system32\drivers\nvraid.sys
2011/04/10 21:10:39.0710 3112        nvstor          (94c5334040a5d500897f4c5fd12aeede) C:\Windows\system32\drivers\nvstor.sys
2011/04/10 21:10:39.0759 3112        nv_agp          (aa1b6c86a4763502e20b65c025f39bad) C:\Windows\system32\drivers\nv_agp.sys
2011/04/10 21:10:39.0826 3112        ohci1394        (7b58953e2f263421fdbb09a192712a85) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/04/10 21:10:39.0887 3112        Parport        (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\DRIVERS\parport.sys
2011/04/10 21:10:39.0930 3112        partmgr        (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
2011/04/10 21:10:39.0964 3112        pci            (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
2011/04/10 21:10:39.0991 3112        pciide          (8d618c829034479985a9ed56106cc732) C:\Windows\system32\drivers\pciide.sys
2011/04/10 21:10:40.0014 3112        pcmcia          (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
2011/04/10 21:10:40.0047 3112        PEAUTH          (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
2011/04/10 21:10:40.0150 3112        PptpMiniport    (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
2011/04/10 21:10:40.0212 3112        Processor      (6bc78e5f12cbb74e7930aaaa4a0db387) C:\Windows\system32\drivers\processr.sys
2011/04/10 21:10:40.0297 3112        PSched          (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
2011/04/10 21:10:40.0373 3112        ql2300          (4a29d25704917161bad9b4659a248dfd) C:\Windows\system32\drivers\ql2300.sys
2011/04/10 21:10:40.0459 3112        ql40xx          (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
2011/04/10 21:10:40.0505 3112        QWAVEdrv        (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
2011/04/10 21:10:40.0538 3112        RasAcd          (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
2011/04/10 21:10:40.0581 3112        Rasl2tp        (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/04/10 21:10:40.0623 3112        RasPppoe        (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/04/10 21:10:40.0662 3112        RasSstp        (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
2011/04/10 21:10:40.0744 3112        rdbss          (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
2011/04/10 21:10:40.0780 3112        RDPCDD          (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/04/10 21:10:40.0850 3112        rdpdr          (2d98dda8edce73df99854bf3692ccc87) C:\Windows\system32\drivers\rdpdr.sys
2011/04/10 21:10:40.0880 3112        RDPENCDD        (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
2011/04/10 21:10:40.0936 3112        RDPWD          (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys
2011/04/10 21:10:41.0024 3112        rspndr          (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
2011/04/10 21:10:41.0066 3112        RTL8169        (f657766cdc5e66ab60cb8a7d78526bb5) C:\Windows\system32\DRIVERS\Rtlh64.sys
2011/04/10 21:10:41.0103 3112        sbp2port        (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
2011/04/10 21:10:41.0174 3112        secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/04/10 21:10:41.0217 3112        Serenum        (2449316316411d65bd2c761a6ffb2ce2) C:\Windows\system32\DRIVERS\serenum.sys
2011/04/10 21:10:41.0246 3112        Serial          (4b438170be2fc8e0bd35ee87a960f84f) C:\Windows\system32\DRIVERS\serial.sys
2011/04/10 21:10:41.0329 3112        sermouse        (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
2011/04/10 21:10:41.0379 3112        sffdisk        (541b32f8d6b2dcb92ec43bab267e79ea) C:\Windows\system32\drivers\sffdisk.sys
2011/04/10 21:10:41.0409 3112        sffp_mmc        (446e7cca3325c7e0ae0fde7f73cdd9c2) C:\Windows\system32\drivers\sffp_mmc.sys
2011/04/10 21:10:41.0454 3112        sffp_sd        (67edc221348911e895af51c57d9a3725) C:\Windows\system32\drivers\sffp_sd.sys
2011/04/10 21:10:41.0504 3112        sfloppy        (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
2011/04/10 21:10:41.0551 3112        SiSRaid2        (08dda16573fa44f8b13afe74597ad2e5) C:\Windows\system32\drivers\sisraid2.sys
2011/04/10 21:10:41.0579 3112        SiSRaid4        (c52259e9daaf3890d572d87ffee0979e) C:\Windows\system32\drivers\sisraid4.sys
2011/04/10 21:10:41.0627 3112        Smb            (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
2011/04/10 21:10:41.0697 3112        spldr          (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
2011/04/10 21:10:41.0750 3112        srv            (8cd33a47ca02c79038b669f31f95bdac) C:\Windows\system32\DRIVERS\srv.sys
2011/04/10 21:10:41.0809 3112        srv2            (1bedf533096c56e70f87e3e3ee02caf5) C:\Windows\system32\DRIVERS\srv2.sys
2011/04/10 21:10:41.0830 3112        srvnet          (2b8c340f830c465f514d966f7e6a822f) C:\Windows\system32\DRIVERS\srvnet.sys
2011/04/10 21:10:41.0917 3112        swenum          (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
2011/04/10 21:10:41.0951 3112        Symc8xx        (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
2011/04/10 21:10:41.0974 3112        Sym_hi          (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
2011/04/10 21:10:42.0011 3112        Sym_u3          (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
2011/04/10 21:10:42.0127 3112        Tcpip          (973658a2ea9c06b2976884b9046dfc6c) C:\Windows\system32\drivers\tcpip.sys
2011/04/10 21:10:42.0223 3112        Tcpip6          (973658a2ea9c06b2976884b9046dfc6c) C:\Windows\system32\DRIVERS\tcpip.sys
2011/04/10 21:10:42.0257 3112        tcpipreg        (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
2011/04/10 21:10:42.0298 3112        TDPIPE          (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
2011/04/10 21:10:42.0326 3112        TDTCP          (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
2011/04/10 21:10:42.0369 3112        tdx            (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
2011/04/10 21:10:42.0400 3112        TermDD          (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
2011/04/10 21:10:42.0475 3112        tssecsrv        (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/04/10 21:10:42.0510 3112        tunmp          (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
2011/04/10 21:10:42.0548 3112        tunnel          (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
2011/04/10 21:10:42.0594 3112        uagp35          (e4722dfbd6232acf17543ef2c2dce8d2) C:\Windows\system32\DRIVERS\uagp35.sys
2011/04/10 21:10:42.0635 3112        udfs            (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
2011/04/10 21:10:42.0727 3112        uliagpkx        (5663d7696abbe71f8c9d915c5374118a) C:\Windows\system32\drivers\uliagpkx.sys
2011/04/10 21:10:42.0767 3112        uliahci        (6030b68e86a30d1b315b51c4d7778b16) C:\Windows\system32\drivers\uliahci.sys
2011/04/10 21:10:42.0795 3112        UlSata          (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
2011/04/10 21:10:42.0822 3112        ulsata2        (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
2011/04/10 21:10:42.0865 3112        umbus          (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
2011/04/10 21:10:42.0907 3112        usbaudio        (c6ba890de6e41857fbe84175519cae7d) C:\Windows\system32\drivers\usbaudio.sys
2011/04/10 21:10:42.0965 3112        usbccgp        (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/04/10 21:10:42.0992 3112        usbcir          (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
2011/04/10 21:10:43.0031 3112        usbehci        (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
2011/04/10 21:10:43.0059 3112        usbhub          (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
2011/04/10 21:10:43.0099 3112        usbohci        (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
2011/04/10 21:10:43.0138 3112        usbprint        (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
2011/04/10 21:10:43.0193 3112        usbscan        (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys
2011/04/10 21:10:43.0223 3112        USBSTOR        (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/04/10 21:10:43.0245 3112        usbuhci        (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/04/10 21:10:43.0275 3112        usbvideo        (fc33099877790d51b0927b7039059855) C:\Windows\system32\Drivers\usbvideo.sys
2011/04/10 21:10:43.0382 3112        vga            (2998dc48905e9b4821ad8fd75b3e070c) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/04/10 21:10:43.0425 3112        VgaSave        (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
2011/04/10 21:10:43.0460 3112        viaide          (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
2011/04/10 21:10:43.0507 3112        volmgr          (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
2011/04/10 21:10:43.0553 3112        volmgrx        (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
2011/04/10 21:10:43.0622 3112        volsnap        (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
2011/04/10 21:10:43.0647 3112        vsmraid        (410ae2c141142c58bc617fc2c677f8b0) C:\Windows\system32\drivers\vsmraid.sys
2011/04/10 21:10:43.0681 3112        WacomPen        (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
2011/04/10 21:10:43.0729 3112        Wanarp          (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/10 21:10:43.0740 3112        Wanarpv6        (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/10 21:10:43.0773 3112        Wd              (59b501b0a04c9672142b7ffa2bdbf663) C:\Windows\system32\drivers\wd.sys
2011/04/10 21:10:43.0825 3112        Wdf01000        (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
2011/04/10 21:10:44.0011 3112        WmiAcpi        (ae34218455d5dc12d1e45de85f160346) C:\Windows\system32\drivers\wmiacpi.sys
2011/04/10 21:10:44.0075 3112        WpdUsb          (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/04/10 21:10:44.0128 3112        ws2ifsl        (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
2011/04/10 21:10:44.0222 3112        WUDFRd          (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/04/10 21:10:44.0260 3112        ================================================================================
2011/04/10 21:10:44.0260 3112        Scan finished
2011/04/10 21:10:44.0260 3112        ================================================================================

cosinus 10.04.2011 20:14
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
http://saved.im/mtm0nzyzmzd5/cofi.jpg
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

SharKING 11.04.2011 18:12
Combofix Logfile:
Code:
ComboFix 11-04-10.04 - slo 11.04.2011  18:50:26.1.2 - x64
Microsoft® Windows Vista™ Home Premium  6.0.6002.2.1252.49.1031.18.2046.1118 [GMT 2:00]
ausgeführt von:: c:\users\slo\Desktop\cofi.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((  Dateien erstellt von 2011-03-11 bis 2011-04-11  ))))))))))))))))))))))))))))))
.
.
2011-04-10 09:24 . 2011-04-10 09:24        --------        d-----w-        C:\_OTL
2011-04-08 20:00 . 2011-03-18 17:56        142296        ----a-w-        c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll
2011-04-08 20:00 . 2011-03-18 17:56        781272        ----a-w-        c:\program files (x86)\Mozilla Firefox\mozsqlite3.dll
2011-04-08 20:00 . 2011-03-18 17:56        728024        ----a-w-        c:\program files (x86)\Mozilla Firefox\libGLESv2.dll
2011-04-08 20:00 . 2011-03-18 17:56        1975768        ----a-w-        c:\program files (x86)\Mozilla Firefox\D3DCompiler_42.dll
2011-04-08 20:00 . 2011-03-18 17:56        1893336        ----a-w-        c:\program files (x86)\Mozilla Firefox\d3dx9_42.dll
2011-04-08 20:00 . 2011-03-18 17:56        1874904        ----a-w-        c:\program files (x86)\Mozilla Firefox\mozjs.dll
2011-04-08 20:00 . 2011-03-18 17:56        15832        ----a-w-        c:\program files (x86)\Mozilla Firefox\mozalloc.dll
2011-04-08 20:00 . 2011-03-18 17:56        142296        ----a-w-        c:\program files (x86)\Mozilla Firefox\libEGL.dll
2011-04-08 18:47 . 2011-03-15 05:17        8424784        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{B6FAE8F3-BE11-473D-A9AF-92CE2DB43577}\mpengine.dll
2011-04-07 19:18 . 2011-02-22 13:53        1149440        ----a-w-        c:\windows\system32\FntCache.dll
2011-04-07 19:18 . 2011-02-22 13:33        1068544        ----a-w-        c:\windows\SysWow64\DWrite.dll
2011-04-07 19:18 . 2011-02-22 14:47        479744        ----a-w-        c:\windows\system32\XpsGdiConverter.dll
2011-04-07 19:18 . 2011-02-22 14:13        288768        ----a-w-        c:\windows\SysWow64\XpsGdiConverter.dll
2011-04-07 19:18 . 2011-02-22 13:53        1555968        ----a-w-        c:\windows\system32\DWrite.dll
2011-03-21 19:55 . 2011-03-21 19:55        --------        d-----w-        c:\users\slo\AppData\Local\Apple Computer
2011-03-21 19:55 . 2011-03-21 19:55        --------        d-----w-        c:\users\slo\AppData\Roaming\Apple Computer
2011-03-21 19:54 . 2011-03-21 19:54        --------        dc----w-        c:\windows\system32\DRVSTORE
2011-03-21 19:54 . 2009-05-18 12:17        34152        ----a-w-        c:\windows\system32\drivers\GEARAspiWDM.sys
2011-03-21 19:54 . 2008-04-17 11:12        126312        ----a-w-        c:\windows\system32\GEARAspi64.dll
2011-03-21 19:54 . 2008-04-17 11:12        107368        ----a-w-        c:\windows\SysWow64\GEARAspi.dll
2011-03-21 19:54 . 2011-03-21 19:54        --------        d-----w-        c:\program files\iPod
2011-03-21 19:54 . 2011-03-21 19:54        --------        d-----w-        c:\programdata\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2011-03-21 19:54 . 2011-03-21 19:54        --------        d-----w-        c:\program files (x86)\iTunes
2011-03-21 19:54 . 2011-03-21 19:54        --------        d-----w-        c:\program files\iTunes
2011-03-21 19:52 . 2011-03-21 19:52        159744        ----a-w-        c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
2011-03-21 19:52 . 2011-03-21 19:52        159744        ----a-w-        c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
2011-03-21 19:52 . 2011-03-21 19:52        159744        ----a-w-        c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
2011-03-21 19:52 . 2011-03-21 19:52        159744        ----a-w-        c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
2011-03-21 19:52 . 2011-03-21 19:52        159744        ----a-w-        c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
2011-03-21 19:52 . 2011-03-21 19:52        159744        ----a-w-        c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2011-03-21 19:52 . 2011-03-21 19:52        159744        ----a-w-        c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2011-03-21 19:52 . 2011-03-21 19:52        159744        ----a-w-        c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2011-03-21 19:52 . 2011-03-21 19:52        159744        ----a-w-        c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2011-03-21 19:52 . 2011-03-21 19:52        159744        ----a-w-        c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2011-03-21 19:51 . 2011-03-21 19:51        --------        d-----w-        c:\users\slo\AppData\Local\Apple
2011-03-21 19:51 . 2011-03-21 19:51        --------        d-----w-        c:\program files (x86)\Apple Software Update
2011-03-21 19:49 . 2011-03-21 19:49        --------        d-----w-        c:\program files\Common Files\Apple
2011-03-21 19:49 . 2011-03-21 19:49        --------        d-----w-        c:\program files\Bonjour
2011-03-21 19:49 . 2011-03-21 19:49        --------        d-----w-        c:\program files (x86)\Bonjour
2011-03-21 19:49 . 2011-03-21 19:54        --------        d-----w-        c:\program files (x86)\Common Files\Apple
2011-03-21 19:49 . 2011-03-21 19:49        --------        d-----w-        c:\programdata\Apple
2011-03-18 18:09 . 2011-03-18 18:09        --------        d-----w-        c:\program files (x86)\InstallJammer Registry
2011-03-18 18:08 . 2011-03-18 18:08        --------        d-----w-        c:\program files (x86)\ButtonBeats.com Virtual Piano
2011-03-18 18:04 . 2011-03-18 18:04        --------        d-----w-        c:\users\slo\AppData\Roaming\Synthesia
2011-03-13 17:24 . 2011-03-13 17:24        --------        d-----w-        c:\program files (x86)\Winamp Detect
2011-03-13 17:24 . 2011-04-10 11:13        --------        d-----w-        c:\users\slo\AppData\Roaming\Winamp
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-05 20:47 . 2009-08-18 20:13        270240        ----a-w-        c:\windows\SysWow64\PnkBstrB.xtr
2011-02-05 20:47 . 2009-08-18 17:17        270240        ----a-w-        c:\windows\SysWow64\PnkBstrB.exe
2011-02-05 19:12 . 2009-08-18 17:17        103736        ----a-w-        c:\windows\SysWow64\PnkBstrB.ex0
2011-02-02 16:11 . 2009-10-03 09:07        270720        ------w-        c:\windows\system32\MpSigStub.exe
2011-01-24 18:09 . 2011-01-24 18:09        53248        ----a-r-        c:\users\slo\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2011-01-20 16:46 . 2011-02-10 16:47        900480        ----a-w-        c:\windows\system32\drivers\dxgkrnl.sys
2011-01-20 16:17 . 2011-02-10 16:47        366592        ----a-w-        c:\windows\system32\winspool.drv
2011-01-20 16:17 . 2011-02-10 16:47        625152        ----a-w-        c:\windows\system32\dxgi.dll
2011-01-20 16:16 . 2011-02-10 16:47        287232        ----a-w-        c:\windows\system32\d3d10core.dll
2011-01-20 16:16 . 2011-02-10 16:47        327680        ----a-w-        c:\windows\system32\d3d10_1core.dll
2011-01-20 16:16 . 2011-02-10 16:47        196096        ----a-w-        c:\windows\system32\d3d10_1.dll
2011-01-20 16:16 . 2011-02-10 16:47        1268224        ----a-w-        c:\windows\system32\d3d10.dll
2011-01-20 16:16 . 2011-02-10 16:47        748544        ----a-w-        c:\windows\system32\stobject.dll
2011-01-20 16:16 . 2011-02-10 16:47        47104        ----a-w-        c:\windows\system32\cdd.dll
2011-01-20 16:16 . 2011-02-10 16:47        3548672        ----a-w-        c:\windows\system32\mf.dll
2011-01-20 16:16 . 2011-02-10 16:47        35840        ----a-w-        c:\windows\system32\printfilterpipelineprxy.dll
2011-01-20 16:14 . 2011-02-10 16:47        278528        ----a-w-        c:\windows\system32\mfplat.dll
2011-01-20 16:14 . 2011-02-10 16:47        195072        ----a-w-        c:\windows\system32\mfps.dll
2011-01-20 16:08 . 2011-02-10 16:47        478720        ----a-w-        c:\windows\SysWow64\dxgi.dll
2011-01-20 16:08 . 2011-02-10 16:47        219648        ----a-w-        c:\windows\SysWow64\d3d10_1core.dll
2011-01-20 16:08 . 2011-02-10 16:47        160768        ----a-w-        c:\windows\SysWow64\d3d10_1.dll
2011-01-20 16:08 . 2011-02-10 16:47        1029120        ----a-w-        c:\windows\SysWow64\d3d10.dll
2011-01-20 16:08 . 2011-02-10 16:47        189952        ----a-w-        c:\windows\SysWow64\d3d10core.dll
2011-01-20 16:07 . 2011-02-10 16:47        258048        ----a-w-        c:\windows\SysWow64\winspool.drv
2011-01-20 16:07 . 2011-02-10 16:47        586240        ----a-w-        c:\windows\SysWow64\stobject.dll
2011-01-20 16:06 . 2011-02-10 16:47        2873344        ----a-w-        c:\windows\SysWow64\mf.dll
2011-01-20 16:04 . 2011-02-10 16:47        209920        ----a-w-        c:\windows\SysWow64\mfplat.dll
2011-01-20 16:04 . 2011-02-10 16:47        98816        ----a-w-        c:\windows\SysWow64\mfps.dll
2011-01-20 15:01 . 2011-02-10 16:47        3068416        ----a-w-        c:\windows\system32\xpsservices.dll
2011-01-20 15:01 . 2011-02-10 16:47        1653760        ----a-w-        c:\windows\system32\XpsPrint.dll
2011-01-20 14:59 . 2011-02-10 16:47        1032192        ----a-w-        c:\windows\system32\printfilterpipelinesvc.exe
2011-01-20 14:58 . 2011-02-10 16:47        1461760        ----a-w-        c:\windows\system32\OpcServices.dll
2011-01-20 14:57 . 2011-02-10 16:47        231936        ----a-w-        c:\windows\system32\XpsRasterService.dll
2011-01-20 14:42 . 2011-02-10 16:47        1257984        ----a-w-        c:\windows\system32\MFH264Dec.dll
2011-01-20 14:41 . 2011-02-10 16:47        428544        ----a-w-        c:\windows\system32\MFHEAACdec.dll
2011-01-20 14:40 . 2011-02-10 16:47        345088        ----a-w-        c:\windows\system32\mfreadwrite.dll
2011-01-20 14:40 . 2011-02-10 16:47        34304        ----a-w-        c:\windows\system32\mfpmp.exe
2011-01-20 14:40 . 2011-02-10 16:47        377344        ----a-w-        c:\windows\system32\mfmp4src.dll
2011-01-20 14:37 . 2011-02-10 16:47        2002944        ----a-w-        c:\windows\system32\d3d10warp.dll
2011-01-20 14:35 . 2011-02-10 16:47        566272        ----a-w-        c:\windows\system32\d3d10level9.dll
2011-01-20 14:28 . 2011-02-10 16:47        1554432        ----a-w-        c:\windows\SysWow64\xpsservices.dll
2011-01-20 14:27 . 2011-02-10 16:47        876032        ----a-w-        c:\windows\SysWow64\XpsPrint.dll
2011-01-20 14:25 . 2011-02-10 16:47        847360        ----a-w-        c:\windows\SysWow64\OpcServices.dll
2011-01-20 14:24 . 2011-02-10 16:47        135680        ----a-w-        c:\windows\SysWow64\XpsRasterService.dll
2011-01-20 14:15 . 2011-02-10 16:47        979456        ----a-w-        c:\windows\SysWow64\MFH264Dec.dll
2011-01-20 14:14 . 2011-02-10 16:47        357376        ----a-w-        c:\windows\SysWow64\MFHEAACdec.dll
2011-01-20 14:14 . 2011-02-10 16:47        302592        ----a-w-        c:\windows\SysWow64\mfmp4src.dll
2011-01-20 14:14 . 2011-02-10 16:47        261632        ----a-w-        c:\windows\SysWow64\mfreadwrite.dll
2011-01-20 14:12 . 2011-02-10 16:47        1172480        ----a-w-        c:\windows\SysWow64\d3d10warp.dll
2011-01-20 14:11 . 2011-02-10 16:47        486400        ----a-w-        c:\windows\SysWow64\d3d10level9.dll
2011-01-20 14:06 . 2011-02-10 16:47        834048        ----a-w-        c:\windows\system32\d2d1.dll
2011-01-20 13:47 . 2011-02-10 16:47        683008        ----a-w-        c:\windows\SysWow64\d2d1.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-06-16 221184]
"Logitech Vid"="c:\program files (x86)\Logitech\Vid HD\Vid.exe" [2010-10-29 5915480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-11-07 281768]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2010-05-07 165208]
"QuickTime Task"="c:\program files (x86)\QuickTime Alternative\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-03-07 421160]
.
c:\users\Mum & Dad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-17 136176]
R2 LVPrcS64;Process Monitor;c:\program files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe [2010-05-07 197976]
R3 FET5A64;VIA Rhine-Familie-Fast-Ethernet-Adaptertreiberdienst;c:\windows\system32\DRIVERS\fet5a64.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2010-11-07 135336]
S2 ICQ Service;ICQ Service;c:\program files (x86)\ICQ6Toolbar\ICQ Service.exe [2010-09-06 247096]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2009-07-14 239648]
S3 3xHybr64;Philips SAA713x PCI Card;c:\windows\system32\DRIVERS\3xHybr64.sys [x]
S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [x]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]
S3 LVUVC64;Logitech Webcam C160(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2011-04-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-17 13:04]
.
2011-04-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-17 13:04]
.
2011-04-11 c:\windows\Tasks\User_Feed_Synchronization-{A08E459A-0FF6-4E1B-9C06-B91F4E4BDE12}.job
- c:\windows\system32\msfeedssync.exe [2009-08-23 07:33]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-03-30 1833504]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-03-30 7574048]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://start.icq.com/
mLocal Page = %SystemRoot%\system32\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Save YouTube Video as MP3 - c:\program files (x86)\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP3.htm
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files (x86)\ICQ7.4\ICQ.exe
FF - ProfilePath - c:\users\slo\AppData\Roaming\Mozilla\Firefox\Profiles\w59t2voi.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Grooveshark
FF - prefs.js: browser.startup.homepage - google.de
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{EEE6C35D-6118-11DC-9C72-001320C79847} - (no file)
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
AddRemove-Mozilla Thunderbird (2.0.0.22) - k:\portables extern\ThunderbirdPortable\App\Thunderbird\uninstall\helper.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10e.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10e.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
  00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
Zeit der Fertigstellung: 2011-04-11  19:01:53
ComboFix-quarantined-files.txt  2011-04-11 17:01
.
Vor Suchlauf: 5.641.158.656 Bytes frei
Nach Suchlauf: 5.667.450.880 Bytes frei
.
- - End Of File - - E2528E8419D36B56682027AA75B12765
--- --- ---


Nachdem die Logdatei erstellt wurde, öffnete sich ein Microsoft Windows Fenster.

''LVPrcSrv Module. funktioniert nicht mehr''

was hat das zu bedeuten?

Gruß
SharKING

cosinus 11.04.2011 18:25
Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

SharKING 11.04.2011 19:08
HTML-Code:
2011/04/11 20:07:13.0341 4972        TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/11 20:07:13.0656 4972        ================================================================================
2011/04/11 20:07:13.0656 4972        SystemInfo:
2011/04/11 20:07:13.0656 4972       
2011/04/11 20:07:13.0656 4972        OS Version: 6.0.6002 ServicePack: 2.0
2011/04/11 20:07:13.0656 4972        Product type: Workstation
2011/04/11 20:07:13.0656 4972        ComputerName: SLO-PC
2011/04/11 20:07:13.0657 4972        UserName: slo
2011/04/11 20:07:13.0657 4972        Windows directory: C:\Windows
2011/04/11 20:07:13.0657 4972        System windows directory: C:\Windows
2011/04/11 20:07:13.0657 4972        Running under WOW64
2011/04/11 20:07:13.0657 4972        Processor architecture: Intel x64
2011/04/11 20:07:13.0657 4972        Number of processors: 2
2011/04/11 20:07:13.0657 4972        Page size: 0x1000
2011/04/11 20:07:13.0657 4972        Boot type: Normal boot
2011/04/11 20:07:13.0657 4972        ================================================================================
2011/04/11 20:07:14.0013 4972        Initialize success
2011/04/11 20:07:16.0767 7532        ================================================================================
2011/04/11 20:07:16.0767 7532        Scan started
2011/04/11 20:07:16.0767 7532        Mode: Manual;
2011/04/11 20:07:16.0767 7532        ================================================================================
2011/04/11 20:07:17.0997 7532        3xHybr64        (09c3c8be1385df671dcab548bee7f745) C:\Windows\system32\DRIVERS\3xHybr64.sys
2011/04/11 20:07:18.0074 7532        ACPI            (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
2011/04/11 20:07:18.0126 7532        adp94xx        (9137451d37ba1c325cd6c2def3d2d692) C:\Windows\system32\drivers\adp94xx.sys
2011/04/11 20:07:18.0185 7532        adpahci        (01f80898df5cc7df19b3b11351846263) C:\Windows\system32\drivers\adpahci.sys
2011/04/11 20:07:18.0224 7532        adpu160m        (da001db13fff45dfe9109936e265b7cc) C:\Windows\system32\drivers\adpu160m.sys
2011/04/11 20:07:18.0268 7532        adpu320        (2b10c35c5b7c5c0c28f572e035319602) C:\Windows\system32\drivers\adpu320.sys
2011/04/11 20:07:18.0332 7532        AFD            (12415ccfd3e7cec55b5184e67b039fe4) C:\Windows\system32\drivers\afd.sys
2011/04/11 20:07:18.0433 7532        aic78xx        (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
2011/04/11 20:07:18.0468 7532        aliide          (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
2011/04/11 20:07:18.0489 7532        amdide          (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
2011/04/11 20:07:18.0526 7532        AmdK8          (de55dc52f7ceb89a967572d6b491ada2) C:\Windows\system32\drivers\amdk8.sys
2011/04/11 20:07:18.0719 7532        arc            (2e8623f2fed998a97129a3db919551c8) C:\Windows\system32\drivers\arc.sys
2011/04/11 20:07:18.0748 7532        arcsas          (741a003c041a3ec480a2e71af71e9654) C:\Windows\system32\drivers\arcsas.sys
2011/04/11 20:07:18.0799 7532        AsyncMac        (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/04/11 20:07:18.0833 7532        atapi          (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
2011/04/11 20:07:18.0878 7532        atksgt          (4aef9ec86818375495fb78ca58df4e18) C:\Windows\system32\DRIVERS\atksgt.sys
2011/04/11 20:07:18.0930 7532        avgntflt        (39c2e2870fc0c2ae0595b883cbe716b4) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/04/11 20:07:19.0028 7532        avipbb          (c98fa6e5ad0e857d22716bd2b8b1f399) C:\Windows\system32\DRIVERS\avipbb.sys
2011/04/11 20:07:19.0116 7532        bowser          (8b2b19031d0aeade6e1b933df1acba7e) C:\Windows\system32\DRIVERS\bowser.sys
2011/04/11 20:07:19.0143 7532        BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
2011/04/11 20:07:19.0164 7532        BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
2011/04/11 20:07:19.0215 7532        Brserid        (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
2011/04/11 20:07:19.0239 7532        BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
2011/04/11 20:07:19.0261 7532        BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
2011/04/11 20:07:19.0298 7532        BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
2011/04/11 20:07:19.0333 7532        BTHMODEM        (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
2011/04/11 20:07:19.0359 7532        cdfs            (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
2011/04/11 20:07:19.0402 7532        cdrom          (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
2011/04/11 20:07:19.0433 7532        circlass        (f28f00596824058bc61d5edf434c9b82) C:\Windows\system32\drivers\circlass.sys
2011/04/11 20:07:19.0485 7532        CLFS            (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
2011/04/11 20:07:19.0609 7532        cmdide          (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
2011/04/11 20:07:19.0634 7532        Compbatt        (0e77a445640bf310817f60941c50560c) C:\Windows\system32\drivers\compbatt.sys
2011/04/11 20:07:19.0659 7532        crcdisk        (b1192dcd5b9cf46beed0e2a9e5bcf59a) C:\Windows\system32\drivers\crcdisk.sys
2011/04/11 20:07:19.0709 7532        DfsC            (36cd31121f228e7e79bae60aa45764c6) C:\Windows\system32\Drivers\dfsc.sys
2011/04/11 20:07:19.0762 7532        disk            (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
2011/04/11 20:07:19.0806 7532        drmkaud        (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
2011/04/11 20:07:19.0863 7532        DXGKrnl        (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
2011/04/11 20:07:19.0926 7532        E1G60          (d57fe09b575545738a73a0c193d0616a) C:\Windows\system32\DRIVERS\E1G6032E.sys
2011/04/11 20:07:19.0983 7532        Ecache          (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
2011/04/11 20:07:20.0034 7532        elxstor        (3d6298aff3fe06c0616ce5d090a3eeaa) C:\Windows\system32\drivers\elxstor.sys
2011/04/11 20:07:20.0111 7532        exfat          (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
2011/04/11 20:07:20.0209 7532        fastfat        (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
2011/04/11 20:07:20.0241 7532        fdc            (61b6dbd1ad1143f008364d4e9a96b224) C:\Windows\system32\DRIVERS\fdc.sys
2011/04/11 20:07:20.0285 7532        FET5A64        (024f983c976e5d5ce79eb403058899f8) C:\Windows\system32\DRIVERS\fet5a64.sys
2011/04/11 20:07:20.0323 7532        FileInfo        (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
2011/04/11 20:07:20.0355 7532        Filetrace      (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
2011/04/11 20:07:20.0367 7532        flpydisk        (12c3d1b4d0ce49e1ce343ba2f22f15e0) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/04/11 20:07:20.0411 7532        FltMgr          (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
2011/04/11 20:07:20.0484 7532        Fs_Rec          (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
2011/04/11 20:07:20.0523 7532        gagp30kx        (b54520cc7b4b55134d7527b1cd3fc1f2) C:\Windows\system32\drivers\gagp30kx.sys
2011/04/11 20:07:20.0554 7532        GEARAspiWDM    (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/04/11 20:07:20.0606 7532        HdAudAddService (df45f8142dc6df9d18c39b3effbd0409) C:\Windows\system32\drivers\HdAudio.sys
2011/04/11 20:07:20.0733 7532        HDAudBus        (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/04/11 20:07:20.0790 7532        HidBth          (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
2011/04/11 20:07:20.0822 7532        HidIr          (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
2011/04/11 20:07:20.0860 7532        HidUsb          (d02c82cb3a20f391c8aeff94e8e0baa1) C:\Windows\system32\DRIVERS\hidusb.sys
2011/04/11 20:07:20.0903 7532        HpCISSs        (8edc820115df1e04763b2923676ea5b2) C:\Windows\system32\drivers\hpcisss.sys
2011/04/11 20:07:20.0952 7532        HTTP            (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
2011/04/11 20:07:21.0006 7532        i2omp          (f2901763845570ecac48e6a50ec50812) C:\Windows\system32\drivers\i2omp.sys
2011/04/11 20:07:21.0056 7532        i8042prt        (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/04/11 20:07:21.0092 7532        iaStorV        (72c3ee7ea3cd75a772e62ae0e5df8b8c) C:\Windows\system32\drivers\iastorv.sys
2011/04/11 20:07:21.0150 7532        iirsp          (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
2011/04/11 20:07:21.0426 7532        IntcAzAudAddService (627c6b352718e59df08f02c536e2e0ed) C:\Windows\system32\drivers\RTKVHD64.sys
2011/04/11 20:07:21.0498 7532        intelide        (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
2011/04/11 20:07:21.0516 7532        intelppm        (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
2011/04/11 20:07:21.0576 7532        IpFilterDriver  (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/04/11 20:07:21.0716 7532        IPMIDRV        (eacdbbe429c6d170bdeee0effcbc317b) C:\Windows\system32\drivers\ipmidrv.sys
2011/04/11 20:07:21.0757 7532        IPNAT          (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
2011/04/11 20:07:21.0795 7532        IRENUM          (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
2011/04/11 20:07:21.0835 7532        isapnp          (d3bb520b31f28c1a065cd058e762ee73) C:\Windows\system32\drivers\isapnp.sys
2011/04/11 20:07:21.0878 7532        iScsiPrt        (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/04/11 20:07:21.0902 7532        iteatapi        (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
2011/04/11 20:07:21.0941 7532        iteraid        (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
2011/04/11 20:07:21.0977 7532        kbdclass        (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/04/11 20:07:22.0000 7532        kbdhid          (2b08052372c1f0dffc31cdd6e5abc4b5) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/04/11 20:07:22.0049 7532        KSecDD          (476e2c1dcea45895994bef11c2a98715) C:\Windows\system32\Drivers\ksecdd.sys
2011/04/11 20:07:22.0101 7532        ksthunk        (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
2011/04/11 20:07:22.0246 7532        lirsgt          (b658b7076b1acaa5876524595630f183) C:\Windows\system32\DRIVERS\lirsgt.sys
2011/04/11 20:07:22.0302 7532        lltdio          (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
2011/04/11 20:07:22.0369 7532        LSI_FC          (1572f8d999c0ab4376afdce058a78df9) C:\Windows\system32\drivers\lsi_fc.sys
2011/04/11 20:07:22.0400 7532        LSI_SAS        (64470979c3e3c9ff60edfb5230c56e0e) C:\Windows\system32\drivers\lsi_sas.sys
2011/04/11 20:07:22.0423 7532        LSI_SCSI        (4ced7d3b54bfc5bbae75c4a73c7f7428) C:\Windows\system32\drivers\lsi_scsi.sys
2011/04/11 20:07:22.0453 7532        luafv          (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
2011/04/11 20:07:22.0491 7532        LVPr2M64        (b3944d06eb4b64d57bd7e5fe89415f58) C:\Windows\system32\DRIVERS\LVPr2M64.sys
2011/04/11 20:07:22.0512 7532        LVPr2Mon        (b3944d06eb4b64d57bd7e5fe89415f58) C:\Windows\system32\DRIVERS\LVPr2M64.sys
2011/04/11 20:07:22.0562 7532        LVRS64          (803085f59ec92b3827cc4d90fcbfd335) C:\Windows\system32\DRIVERS\lvrs64.sys
2011/04/11 20:07:23.0322 7532        LVUVC64        (a8d7c97016e6b76ef472a4c7ab357ee3) C:\Windows\system32\DRIVERS\lvuvc64.sys
2011/04/11 20:07:23.0520 7532        megasas        (2f631c2939d5f2e8958935ee701d70d7) C:\Windows\system32\drivers\megasas.sys
2011/04/11 20:07:23.0578 7532        Modem          (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
2011/04/11 20:07:23.0620 7532        monitor        (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
2011/04/11 20:07:23.0649 7532        mouclass        (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
2011/04/11 20:07:23.0675 7532        mouhid          (8b723ed4d5dbbc47a5f54af0515bc245) C:\Windows\system32\DRIVERS\mouhid.sys
2011/04/11 20:07:23.0721 7532        MountMgr        (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
2011/04/11 20:07:23.0775 7532        mpio            (ed48eac719ee28db773359eb1b06e2b5) C:\Windows\system32\drivers\mpio.sys
2011/04/11 20:07:24.0087 7532        mpsdrv          (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
2011/04/11 20:07:24.0206 7532        Mraid35x        (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
2011/04/11 20:07:24.0259 7532        MRxDAV          (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
2011/04/11 20:07:24.0291 7532        mrxsmb          (d58d129e26705e83a4deba7177eb7972) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/04/11 20:07:24.0321 7532        mrxsmb10        (d5be5c14e0f1dc489f5bb2a67983f630) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/04/11 20:07:24.0358 7532        mrxsmb20        (09a2990c3b293c212816c9bc0d7c200e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/04/11 20:07:24.0389 7532        msahci          (eeadf970795148bfbb1db3abcc89c16b) C:\Windows\system32\drivers\msahci.sys
2011/04/11 20:07:24.0412 7532        msdsm          (96d7c0a1b98434c6e4ff0c2e26a0e20a) C:\Windows\system32\drivers\msdsm.sys
2011/04/11 20:07:24.0451 7532        Msfs            (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
2011/04/11 20:07:24.0516 7532        msisadrv        (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
2011/04/11 20:07:24.0565 7532        MSKSSRV        (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
2011/04/11 20:07:24.0630 7532        MSPCLOCK        (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/04/11 20:07:24.0678 7532        MSPQM          (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
2011/04/11 20:07:24.0714 7532        MsRPC          (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
2011/04/11 20:07:24.0743 7532        mssmbios        (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/04/11 20:07:24.0770 7532        MSTEE          (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
2011/04/11 20:07:24.0810 7532        MTsensor        (6936198f2cc25b39cf5262436c80df46) C:\Windows\system32\DRIVERS\ASACPI.sys
2011/04/11 20:07:24.0830 7532        Mup            (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
2011/04/11 20:07:24.0884 7532        NativeWifiP    (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
2011/04/11 20:07:24.0945 7532        NDIS            (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
2011/04/11 20:07:25.0047 7532        NdisTapi        (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/04/11 20:07:25.0086 7532        Ndisuio        (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/04/11 20:07:25.0178 7532        NdisWan        (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/04/11 20:07:25.0223 7532        NDProxy        (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
2011/04/11 20:07:25.0241 7532        NetBIOS        (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
2011/04/11 20:07:25.0284 7532        netbt          (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
2011/04/11 20:07:25.0345 7532        nfrd960        (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
2011/04/11 20:07:25.0390 7532        Npfs            (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
2011/04/11 20:07:25.0445 7532        nsiproxy        (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
2011/04/11 20:07:25.0566 7532        Ntfs            (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
2011/04/11 20:07:25.0657 7532        Null            (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
2011/04/11 20:07:26.0328 7532        nvlddmkm        (aa0828f3223e1a2952f80a8d2047dd40) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/04/11 20:07:26.0666 7532        nvraid          (840eeb44dc49317a6161961f7682cd99) C:\Windows\system32\drivers\nvraid.sys
2011/04/11 20:07:26.0712 7532        nvstor          (94c5334040a5d500897f4c5fd12aeede) C:\Windows\system32\drivers\nvstor.sys
2011/04/11 20:07:26.0752 7532        nv_agp          (aa1b6c86a4763502e20b65c025f39bad) C:\Windows\system32\drivers\nv_agp.sys
2011/04/11 20:07:26.0819 7532        ohci1394        (7b58953e2f263421fdbb09a192712a85) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/04/11 20:07:26.0872 7532        Parport        (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\DRIVERS\parport.sys
2011/04/11 20:07:26.0907 7532        partmgr        (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
2011/04/11 20:07:26.0949 7532        pci            (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
2011/04/11 20:07:26.0976 7532        pciide          (8d618c829034479985a9ed56106cc732) C:\Windows\system32\drivers\pciide.sys
2011/04/11 20:07:27.0007 7532        pcmcia          (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
2011/04/11 20:07:27.0040 7532        PEAUTH          (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
2011/04/11 20:07:27.0143 7532        PptpMiniport    (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
2011/04/11 20:07:27.0171 7532        Processor      (6bc78e5f12cbb74e7930aaaa4a0db387) C:\Windows\system32\drivers\processr.sys
2011/04/11 20:07:27.0289 7532        PSched          (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
2011/04/11 20:07:27.0349 7532        ql2300          (4a29d25704917161bad9b4659a248dfd) C:\Windows\system32\drivers\ql2300.sys
2011/04/11 20:07:27.0410 7532        ql40xx          (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
2011/04/11 20:07:27.0448 7532        QWAVEdrv        (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
2011/04/11 20:07:27.0481 7532        RasAcd          (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
2011/04/11 20:07:27.0515 7532        Rasl2tp        (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/04/11 20:07:27.0558 7532        RasPppoe        (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/04/11 20:07:27.0596 7532        RasSstp        (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
2011/04/11 20:07:27.0637 7532        rdbss          (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
2011/04/11 20:07:27.0731 7532        RDPCDD          (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/04/11 20:07:27.0775 7532        rdpdr          (2d98dda8edce73df99854bf3692ccc87) C:\Windows\system32\drivers\rdpdr.sys
2011/04/11 20:07:27.0795 7532        RDPENCDD        (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
2011/04/11 20:07:27.0846 7532        RDPWD          (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys
2011/04/11 20:07:27.0900 7532        rspndr          (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
2011/04/11 20:07:27.0942 7532        RTL8169        (f657766cdc5e66ab60cb8a7d78526bb5) C:\Windows\system32\DRIVERS\Rtlh64.sys
2011/04/11 20:07:27.0979 7532        sbp2port        (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
2011/04/11 20:07:28.0042 7532        secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/04/11 20:07:28.0085 7532        Serenum        (2449316316411d65bd2c761a6ffb2ce2) C:\Windows\system32\DRIVERS\serenum.sys
2011/04/11 20:07:28.0122 7532        Serial          (4b438170be2fc8e0bd35ee87a960f84f) C:\Windows\system32\DRIVERS\serial.sys
2011/04/11 20:07:28.0155 7532        sermouse        (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
2011/04/11 20:07:28.0188 7532        sffdisk        (541b32f8d6b2dcb92ec43bab267e79ea) C:\Windows\system32\drivers\sffdisk.sys
2011/04/11 20:07:28.0336 7532        sffp_mmc        (446e7cca3325c7e0ae0fde7f73cdd9c2) C:\Windows\system32\drivers\sffp_mmc.sys
2011/04/11 20:07:28.0372 7532        sffp_sd        (67edc221348911e895af51c57d9a3725) C:\Windows\system32\drivers\sffp_sd.sys
2011/04/11 20:07:28.0389 7532        sfloppy        (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
2011/04/11 20:07:28.0427 7532        SiSRaid2        (08dda16573fa44f8b13afe74597ad2e5) C:\Windows\system32\drivers\sisraid2.sys
2011/04/11 20:07:28.0463 7532        SiSRaid4        (c52259e9daaf3890d572d87ffee0979e) C:\Windows\system32\drivers\sisraid4.sys
2011/04/11 20:07:28.0503 7532        Smb            (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
2011/04/11 20:07:28.0549 7532        spldr          (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
2011/04/11 20:07:28.0635 7532        srv            (8cd33a47ca02c79038b669f31f95bdac) C:\Windows\system32\DRIVERS\srv.sys
2011/04/11 20:07:28.0702 7532        srv2            (1bedf533096c56e70f87e3e3ee02caf5) C:\Windows\system32\DRIVERS\srv2.sys
2011/04/11 20:07:28.0807 7532        srvnet          (2b8c340f830c465f514d966f7e6a822f) C:\Windows\system32\DRIVERS\srvnet.sys
2011/04/11 20:07:28.0910 7532        swenum          (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
2011/04/11 20:07:28.0944 7532        Symc8xx        (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
2011/04/11 20:07:28.0967 7532        Sym_hi          (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
2011/04/11 20:07:28.0996 7532        Sym_u3          (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
2011/04/11 20:07:29.0097 7532        Tcpip          (973658a2ea9c06b2976884b9046dfc6c) C:\Windows\system32\drivers\tcpip.sys
2011/04/11 20:07:29.0180 7532        Tcpip6          (973658a2ea9c06b2976884b9046dfc6c) C:\Windows\system32\DRIVERS\tcpip.sys
2011/04/11 20:07:29.0291 7532        tcpipreg        (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
2011/04/11 20:07:29.0341 7532        TDPIPE          (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
2011/04/11 20:07:29.0377 7532        TDTCP          (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
2011/04/11 20:07:29.0421 7532        tdx            (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
2011/04/11 20:07:29.0459 7532        TermDD          (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
2011/04/11 20:07:29.0527 7532        tssecsrv        (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/04/11 20:07:29.0576 7532        tunmp          (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
2011/04/11 20:07:29.0615 7532        tunnel          (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
2011/04/11 20:07:29.0654 7532        uagp35          (e4722dfbd6232acf17543ef2c2dce8d2) C:\Windows\system32\DRIVERS\uagp35.sys
2011/04/11 20:07:29.0745 7532        udfs            (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
2011/04/11 20:07:30.0003 7532        uliagpkx        (5663d7696abbe71f8c9d915c5374118a) C:\Windows\system32\drivers\uliagpkx.sys
2011/04/11 20:07:30.0043 7532        uliahci        (6030b68e86a30d1b315b51c4d7778b16) C:\Windows\system32\drivers\uliahci.sys
2011/04/11 20:07:30.0071 7532        UlSata          (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
2011/04/11 20:07:30.0098 7532        ulsata2        (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
2011/04/11 20:07:30.0141 7532        umbus          (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
2011/04/11 20:07:30.0208 7532        usbaudio        (c6ba890de6e41857fbe84175519cae7d) C:\Windows\system32\drivers\usbaudio.sys
2011/04/11 20:07:30.0266 7532        usbccgp        (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/04/11 20:07:30.0302 7532        usbcir          (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
2011/04/11 20:07:30.0382 7532        usbehci        (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
2011/04/11 20:07:30.0410 7532        usbhub          (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
2011/04/11 20:07:30.0474 7532        usbohci        (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
2011/04/11 20:07:30.0514 7532        usbprint        (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
2011/04/11 20:07:30.0561 7532        usbscan        (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys
2011/04/11 20:07:30.0591 7532        USBSTOR        (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/04/11 20:07:30.0612 7532        usbuhci        (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/04/11 20:07:30.0643 7532        usbvideo        (fc33099877790d51b0927b7039059855) C:\Windows\system32\Drivers\usbvideo.sys
2011/04/11 20:07:30.0692 7532        vga            (2998dc48905e9b4821ad8fd75b3e070c) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/04/11 20:07:30.0726 7532        VgaSave        (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
2011/04/11 20:07:30.0778 7532        viaide          (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
2011/04/11 20:07:30.0808 7532        volmgr          (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
2011/04/11 20:07:30.0948 7532        volmgrx        (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
2011/04/11 20:07:31.0038 7532        volsnap        (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
2011/04/11 20:07:31.0090 7532        vsmraid        (410ae2c141142c58bc617fc2c677f8b0) C:\Windows\system32\drivers\vsmraid.sys
2011/04/11 20:07:31.0132 7532        WacomPen        (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
2011/04/11 20:07:31.0188 7532        Wanarp          (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/11 20:07:31.0202 7532        Wanarpv6        (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/11 20:07:31.0249 7532        Wd              (59b501b0a04c9672142b7ffa2bdbf663) C:\Windows\system32\drivers\wd.sys
2011/04/11 20:07:31.0326 7532        Wdf01000        (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
2011/04/11 20:07:31.0453 7532        WmiAcpi        (ae34218455d5dc12d1e45de85f160346) C:\Windows\system32\drivers\wmiacpi.sys
2011/04/11 20:07:31.0525 7532        WpdUsb          (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/04/11 20:07:31.0562 7532        ws2ifsl        (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
2011/04/11 20:07:31.0648 7532        WUDFRd          (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/04/11 20:07:31.0694 7532        ================================================================================
2011/04/11 20:07:31.0694 7532        Scan finished
2011/04/11 20:07:31.0694 7532        ================================================================================

cosinus 11.04.2011 19:13
Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.


Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur wenige Sekunden.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes

SharKING 11.04.2011 19:55
wenn ich bei OSAM auf "Save Log" klicke, passiert nicht und eine log datei finde ich auch nicht.

GMER:
GMER Logfile:
Code:
GMER 1.0.15.15570 - hxxp://www.gmer.net
Rootkit scan 2011-04-11 20:40:06
Windows 6.0.6002 Service Pack 2
Running: eirp3fbw.exe


---- Registry - GMER 1.0.15 ----

Reg  HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@F:\Desktop\Kathryn\xb4s Stellenangebote\ps_radio2015.exe  1

---- EOF - GMER 1.0.15 ----
--- --- ---

cosinus 12.04.2011 09:13
Oh, hast ja ein 64-Bit-Win. Hab ich übersehen, da läuft OSAM nicht. Lass es weg. Nur noch das Log von MBRcheck brauch ich.

SharKING 12.04.2011 19:17
Verrate mir dann bitte noch einmal wie ich OSAM sauber wieder los werde (:

HTML-Code:
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:                       
Windows Version:                Windows Vista Home Premium Edition
Windows Information:                Service Pack 2 (build 6002), 64-bit
Base Board Manufacturer:        ASUSTeK Computer INC.
BIOS Manufacturer:                American Megatrends Inc.
System Manufacturer:                System manufacturer
System Product Name:                System Product Name
Logical Drives Mask:                0x000003bc

Kernel Drivers (total 138):
  0x0221E000 \SystemRoot\system32\ntoskrnl.exe
  0x02736000 \SystemRoot\system32\hal.dll
  0x0060E000 \SystemRoot\system32\kdcom.dll
  0x00618000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
  0x00653000 \SystemRoot\system32\PSHED.dll
  0x00667000 \SystemRoot\system32\CLFS.SYS
  0x006C4000 \SystemRoot\system32\CI.dll
  0x00804000 \SystemRoot\system32\drivers\Wdf01000.sys
  0x008DE000 \SystemRoot\system32\drivers\WDFLDR.SYS
  0x008EC000 \SystemRoot\system32\drivers\acpi.sys
  0x00942000 \SystemRoot\system32\drivers\WMILIB.SYS
  0x0094B000 \SystemRoot\system32\drivers\msisadrv.sys
  0x00955000 \SystemRoot\system32\drivers\pci.sys
  0x00985000 \SystemRoot\System32\drivers\partmgr.sys
  0x0099A000 \SystemRoot\system32\drivers\volmgr.sys
  0x00776000 \SystemRoot\System32\drivers\volmgrx.sys
  0x009AE000 \SystemRoot\system32\drivers\intelide.sys
  0x009B6000 \SystemRoot\system32\drivers\PCIIDEX.SYS
  0x009C6000 \SystemRoot\System32\drivers\mountmgr.sys
  0x009D9000 \SystemRoot\system32\drivers\atapi.sys
  0x007DC000 \SystemRoot\system32\drivers\ataport.SYS
  0x00A00000 \SystemRoot\system32\drivers\fltmgr.sys
  0x00A47000 \SystemRoot\system32\drivers\fileinfo.sys
  0x00A5B000 \SystemRoot\System32\Drivers\ksecdd.sys
  0x00C0B000 \SystemRoot\system32\drivers\ndis.sys
  0x00AE2000 \SystemRoot\system32\drivers\msrpc.sys
  0x00B32000 \SystemRoot\system32\drivers\NETIO.SYS
  0x00E01000 \SystemRoot\System32\drivers\tcpip.sys
  0x00F77000 \SystemRoot\System32\drivers\fwpkclnt.sys
  0x0100D000 \SystemRoot\System32\Drivers\Ntfs.sys
  0x0118D000 \SystemRoot\system32\drivers\volsnap.sys
  0x011D1000 \SystemRoot\system32\DRIVERS\uagp35.sys
  0x011E4000 \SystemRoot\System32\Drivers\spldr.sys
  0x011EC000 \SystemRoot\System32\Drivers\mup.sys
  0x00FA3000 \SystemRoot\System32\drivers\ecache.sys
  0x00FCF000 \SystemRoot\system32\drivers\disk.sys
  0x00DCE000 \SystemRoot\system32\drivers\CLASSPNP.SYS
  0x01000000 \SystemRoot\system32\drivers\crcdisk.sys
  0x00B8B000 \SystemRoot\system32\DRIVERS\tunnel.sys
  0x00B98000 \SystemRoot\system32\DRIVERS\tunmp.sys
  0x00BA1000 \SystemRoot\system32\DRIVERS\intelppm.sys
  0x02007000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
  0x02AD3000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
  0x02AD5000 \SystemRoot\System32\drivers\dxgkrnl.sys
  0x02BB8000 \SystemRoot\System32\drivers\watchdog.sys
  0x02E06000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
  0x02EF3000 \SystemRoot\system32\DRIVERS\Rtlh64.sys
  0x02F2A000 \SystemRoot\system32\DRIVERS\usbuhci.sys
  0x02F36000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
  0x02F7C000 \SystemRoot\system32\DRIVERS\usbehci.sys
  0x02C0D000 \SystemRoot\system32\DRIVERS\3xHybr64.sys
  0x02D67000 \SystemRoot\system32\DRIVERS\ks.sys
  0x02D9B000 \SystemRoot\system32\DRIVERS\BdaSup.SYS
  0x02D9F000 \SystemRoot\system32\drivers\ksthunk.sys
  0x02DA5000 \SystemRoot\system32\DRIVERS\ASACPI.sys
  0x02DAD000 \SystemRoot\system32\DRIVERS\i8042prt.sys
  0x02DC3000 \SystemRoot\system32\DRIVERS\kbdclass.sys
  0x02DD1000 \SystemRoot\system32\DRIVERS\mouclass.sys
  0x02DDD000 \SystemRoot\system32\DRIVERS\serial.sys
  0x02C00000 \SystemRoot\system32\DRIVERS\serenum.sys
  0x02F8D000 \SystemRoot\system32\DRIVERS\cdrom.sys
  0x02FA9000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
  0x02FB6000 \SystemRoot\system32\DRIVERS\msiscsi.sys
  0x0300B000 \SystemRoot\system32\DRIVERS\storport.sys
  0x03068000 \SystemRoot\system32\DRIVERS\TDI.SYS
  0x03075000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
  0x03098000 \SystemRoot\system32\DRIVERS\ndistapi.sys
  0x030A4000 \SystemRoot\system32\DRIVERS\ndiswan.sys
  0x030D5000 \SystemRoot\system32\DRIVERS\raspppoe.sys
  0x030E5000 \SystemRoot\system32\DRIVERS\raspptp.sys
  0x03103000 \SystemRoot\system32\DRIVERS\rassstp.sys
  0x0311B000 \SystemRoot\system32\DRIVERS\termdd.sys
  0x0312E000 \SystemRoot\system32\DRIVERS\swenum.sys
  0x03130000 \SystemRoot\system32\DRIVERS\mssmbios.sys
  0x0313B000 \SystemRoot\system32\DRIVERS\umbus.sys
  0x0314B000 \SystemRoot\system32\DRIVERS\usbhub.sys
  0x03193000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0x03402000 \SystemRoot\system32\drivers\RTKVHD64.sys
  0x035AB000 \SystemRoot\system32\drivers\portcls.sys
  0x031A7000 \SystemRoot\system32\drivers\drmk.sys
  0x035E6000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
  0x035F0000 \SystemRoot\System32\Drivers\Null.SYS
  0x031CA000 \SystemRoot\System32\drivers\vga.sys
  0x031D8000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
  0x03000000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0x02FEF000 \SystemRoot\system32\drivers\rdpencdd.sys
  0x02BC8000 \SystemRoot\System32\Drivers\Msfs.SYS
  0x02BD3000 \SystemRoot\System32\Drivers\Npfs.SYS
  0x02BE4000 \SystemRoot\System32\DRIVERS\rasacd.sys
  0x00BB4000 \SystemRoot\system32\DRIVERS\tdx.sys
  0x00BD1000 \SystemRoot\system32\DRIVERS\smb.sys
  0x03605000 \SystemRoot\system32\drivers\afd.sys
  0x03670000 \SystemRoot\System32\DRIVERS\netbt.sys
  0x036B4000 \SystemRoot\system32\DRIVERS\pacer.sys
  0x036D2000 \SystemRoot\system32\DRIVERS\netbios.sys
  0x036E1000 \SystemRoot\system32\DRIVERS\wanarp.sys
  0x036FC000 \SystemRoot\system32\DRIVERS\rdbss.sys
  0x03749000 \SystemRoot\system32\drivers\nsiproxy.sys
  0x03755000 \SystemRoot\System32\Drivers\dfsc.sys
  0x03772000 \SystemRoot\system32\DRIVERS\avipbb.sys
  0x03794000 \SystemRoot\System32\Drivers\crashdmp.sys
  0x037A2000 \SystemRoot\System32\Drivers\dump_dumpata.sys
  0x037AE000 \SystemRoot\System32\Drivers\dump_atapi.sys
  0x037B6000 \SystemRoot\system32\DRIVERS\usbccgp.sys
  0x037D2000 \SystemRoot\system32\DRIVERS\USBD.SYS
  0x03A00000 \SystemRoot\system32\DRIVERS\lvuvc64.sys
  0x037D4000 \SystemRoot\system32\drivers\usbaudio.sys
  0x03E09000 \SystemRoot\system32\DRIVERS\lvrs64.sys
  0x000F0000 \SystemRoot\System32\win32k.sys
  0x03E5B000 \SystemRoot\System32\drivers\Dxapi.sys
  0x03E67000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
  0x03E7F000 \SystemRoot\system32\DRIVERS\monitor.sys
  0x00420000 \SystemRoot\System32\TSDDD.dll
  0x00640000 \SystemRoot\System32\cdd.dll
  0x03E92000 \SystemRoot\system32\drivers\luafv.sys
  0x03EB4000 \SystemRoot\system32\DRIVERS\avgntflt.sys
  0x03EDA000 \SystemRoot\system32\drivers\spsys.sys
  0x03F74000 \SystemRoot\system32\DRIVERS\lltdio.sys
  0x03F88000 \SystemRoot\system32\DRIVERS\rspndr.sys
  0x0740F000 \SystemRoot\system32\drivers\HTTP.sys
  0x074B2000 \SystemRoot\System32\DRIVERS\srvnet.sys
  0x074DB000 \SystemRoot\system32\DRIVERS\bowser.sys
  0x074F9000 \SystemRoot\System32\drivers\mpsdrv.sys
  0x07513000 \SystemRoot\system32\drivers\mrxdav.sys
  0x0753A000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  0x07563000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
  0x075AC000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
  0x075CB000 \SystemRoot\System32\DRIVERS\srv2.sys
  0x07607000 \SystemRoot\System32\DRIVERS\srv.sys
  0x0769B000 \SystemRoot\system32\DRIVERS\asyncmac.sys
  0x076A6000 \SystemRoot\system32\drivers\peauth.sys
  0x0775C000 \SystemRoot\System32\Drivers\secdrv.SYS
  0x07767000 \SystemRoot\System32\drivers\tcpipreg.sys
  0x07777000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
  0x07797000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
  0x077AD000 \SystemRoot\system32\DRIVERS\cdfs.sys
  0x077C9000 \SystemRoot\system32\DRIVERS\LVPr2M64.sys
  0x77580000 \Windows\System32\ntdll.dll

Processes (total 66):
      0 System Idle Process
      4 System
    416 C:\Windows\System32\smss.exe
    488 csrss.exe
    536 C:\Windows\System32\wininit.exe
    556 csrss.exe
    592 C:\Windows\System32\services.exe
    608 C:\Windows\System32\lsass.exe
    616 C:\Windows\System32\lsm.exe
    760 C:\Windows\System32\svchost.exe
    836 C:\Windows\System32\nvvsvc.exe
    864 C:\Windows\System32\svchost.exe
    924 C:\Windows\System32\svchost.exe
    960 C:\Windows\System32\svchost.exe
    996 C:\Windows\System32\svchost.exe
    192 C:\Windows\System32\svchost.exe
    264 C:\Windows\System32\winlogon.exe
    848 C:\Windows\System32\audiodg.exe
    300 C:\Windows\System32\SLsvc.exe
    1048 C:\Windows\System32\svchost.exe
    1156 C:\Windows\System32\svchost.exe
    1188 C:\Windows\System32\nvvsvc.exe
    1408 C:\Windows\System32\spoolsv.exe
    1432 C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
    1444 C:\Windows\System32\svchost.exe
    1768 C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
    1804 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    1828 C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
    1844 C:\Windows\System32\taskeng.exe
    1088 C:\Windows\System32\dwm.exe
    1292 C:\Windows\explorer.exe
    1596 C:\Windows\System32\taskeng.exe
    1320 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    2132 C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe
    2152 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    2300 C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
    2388 C:\Windows\SysWOW64\PnkBstrA.exe
    2408 C:\Windows\System32\svchost.exe
    2428 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    2460 C:\Windows\System32\svchost.exe
    2492 C:\Windows\System32\svchost.exe
    2528 C:\Windows\System32\SearchIndexer.exe
    2616 WUDFHost.exe
    2660 C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    2820 LVPrS64H.exe
    2980 C:\Program Files\Windows Media Player\wmpnscfg.exe
    1516 C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
    3048 C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
    2164 C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
    496 C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
    3128 C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
    3152 C:\Program Files (x86)\iTunes\iTunesHelper.exe
    3164 C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
    3180 C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe
    3576 C:\Windows\System32\mobsync.exe
    3632 C:\Program Files\Windows Media Player\wmpnetwk.exe
    3908 C:\Program Files\iPod\bin\iPodService.exe
    260 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    3584 C:\Windows\System32\svchost.exe
    2632 C:\Users\slo\Desktop\osam.exe
    2336 WmiPrvSE.exe
    1788 C:\Windows\servicing\TrustedInstaller.exe
    1244 C:\Windows\System32\SearchProtocolHost.exe
    3784 C:\Windows\System32\SearchFilterHost.exe
    3200 C:\Users\slo\Desktop\MBRCheck.exe
    776 C:\Windows\SysWOW64\conime.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000  (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x0000000f`de900000  (NTFS)
\\.\F: --> \\.\PhysicalDrive0 at offset 0x00000021`cea00000  (NTFS)

PhysicalDrive0 Model Number: WDCWD2500JS-22NCB1, Rev: 10.02E02

      Size  Device Name          MBR Status
  --------------------------------------------
    232 GB  \\.\PhysicalDrive0  Windows 2008 MBR code detected
            SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


Done!


Alle Zeitangaben in WEZ +1. Es ist jetzt 09:40 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131