Trojaner-Board - TR/Kazy.mekml.1,Schwierigkeiten mit Load.exe, Malwarebytes durchgeführt

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - TR/Kazy.mekml.1,Schwierigkeiten mit Load.exe, Malwarebytes durchgeführt (https://www.trojaner-board.de/99000-tr-kazy-mekml-1-schwierigkeiten-load-exe-malwarebytes-durchgefuehrt.html)

TR/Kazy.mekml.1,Schwierigkeiten mit Load.exe, Malwarebytes durchgeführt

Hallo!
auch ich habe ein gemeines Trojanisches Pferd auf dem Computer. TR/Kazy.mekml.1
Vielen vielen Dank schon jetzt für Eure Hilfe.
Nach der Installation von Load.exe sind die Tools auf dem Desktop nach kurzer Zeit nicht mehr sichtbar gewesen. Durch das Tool unhide.exe sind die Dateien auch nicht sichtbar geworden. Danach habe ich Malwarebytes laufen lassen und die infizierten Objekte entfernt. Das entsprechende logfile s.u.
Es hat sich bereits mehrmals ein Fenster: "Windows-Datenverlust beim Schreiben" geöffnet. Man kann "Abbrechen", "Wiederholen" oder "Weiter" anklicken. Bei allen drei Optionen fährt sich der Computer von alleine runter. Zur Zeit ignoriere ich es.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6562

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

12.05.2011 18:51:11
mbam-log-2011-05-12 (18-51-11).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 157363
Laufzeit: 2 Minute(n), 7 Sekunde(n)

Infizierte Speicherprozesse: 1
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2

Infizierte Speicherprozesse:
c:\programdata\agxosbhalgoapeg.exe (Rogue.Installer.Gen) -> 3324 -> Unloaded process successfully.

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\aGxoSBhalgOAPeG (Rogue.Installer.Gen) -> Value: aGxoSBhalgOAPeG -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\programdata\agxosbhalgoapeg.exe (Rogue.Installer.Gen) -> Quarantined and deleted successfully.
c:\programdata\44556024.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Hallo,

also glücklicherweise hat es jetzt mit unhide.exe doch geklappt. Danach war dann auch der Scan mit otl.exe kein Problem.
Hier sind die entsprechenden Logfiles.

THX, nochmals für jegliche Hilfe:dankeschoen:
OTL Logfile:

Code:

OTL logfile created on: 12.05.2011 20:04:59 - Run 2

OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\Franziska\Desktop

64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 64,00% Memory free

5,00 Gb Paging File | 3,00 Gb Available in Paging File | 70,00% Paging File free

Paging file location(s): c:\pagefile.sys 1024 3072 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 226,39 Gb Total Space | 171,20 Gb Free Space | 75,62% Space Free | Partition Type: NTFS

Drive D: | 226,27 Gb Total Space | 181,88 Gb Free Space | 80,38% Space Free | Partition Type: NTFS

Unable to calculate disk information.

 

Computer Name: FRANZISKA-PC | User Name: Franziska | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Users\Franziska\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

PRC - C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.)

PRC - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)

PRC - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.)

PRC - C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe (CyberLink Corp.)

PRC - C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)

PRC - C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)

PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)

PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)

PRC - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)

PRC - C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.)

PRC - C:\Program Files (x86)\Launch Manager\LMworker.exe (Dritek System Inc.)

PRC - C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe (Acer Incorporated)

PRC - C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer Group)

PRC - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated)

PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)

PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)

 

 
 ========== Modules (SafeList) ==========

 

MOD - C:\Users\Franziska\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.5592_none_d09196c24426e2d4\msvcr80.dll (Microsoft Corporation)

MOD - C:\Windows\winsxs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.5592_none_d1cb520e4353d918\ATL80.dll (Microsoft Corporation)

MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)

MOD - C:\Program Files (x86)\EgisTec MyWinLocker\x86\sysenv.dll (Egis Technology Inc.)

MOD - C:\Program Files (x86)\EgisTec MyWinLocker\x86\psdprotect.dll (Egis Technology Inc.)

MOD - C:\Windows\SysWOW64\wkscli.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\dbghelp.dll (Microsoft Corporation)

MOD - C:\Program Files (x86)\EgisTec MyWinLocker\x86\XmlLite.dll (Microsoft Corporation)

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

SRV - (ePowerSvc) -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated)

SRV - (NOBU) -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe (Symantec Corporation)

SRV - (MWLService) -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe (Egis Technology Inc.)

SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.)

SRV - (ODDPwrSvc) -- C:\Programme\Acer\Optical Drive Power Management\ODDPWRSvc.exe (Acer Incorporated)

SRV - (btwdins) -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)

SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (IAStorDataMgrSvc) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)

SRV - (DsiWMIService) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.)

SRV - (RS_Service) -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe (Acer Incorporated)

SRV - (Updater Service) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer Group)

SRV - (GREGService) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated)

SRV - (UNS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)

SRV - (LMS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)

SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)

DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)

DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()

DRV:64bit: - (acedrv09) -- C:\Windows\SysNative\drivers\acedrv09.sys (Protect Software GmbH)

DRV:64bit: - (acehlp09) -- C:\Windows\SysNative\drivers\acehlp09.sys (Protect Software GmbH)

DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)

DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)

DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NTI Corporation)

DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NTI Corporation)

DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)

DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)

DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)

DRV:64bit: - (btwampfl) -- C:\Windows\SysNative\drivers\btwampfl.sys (Broadcom Corporation.)

DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)

DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)

DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)

DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)

DRV:64bit: - (IntcDAud) Intel(R) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)

DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)

DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)

DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)

DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)

DRV:64bit: - (HECIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)

DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)

DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)

DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)

DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)

DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()

DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)

DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)

DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)

DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)

DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys (Egis Technology Inc.)

DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys (Egis Technology Inc.)

DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys (Egis Technology Inc.)

DRV:64bit: - (AmUStor) -- C:\Windows\SysNative\drivers\AmUStor.sys (Alcor Micro, Corp.)

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_4820t&r=27361210t416l0413z145t6721j478

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_4820t&r=27361210t416l0413z145t6721j478

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_4820t&r=27361210t416l0413z145t6721j478

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.hiergehtslos.de

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..extensions.enabledItems: {ad7d8a66-253b-11dc-977c-000c29a3126e}:0.8.29

 

FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.9\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.04.02 16:51:57 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.9\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

 

[2011.04.02 16:52:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Franziska\AppData\Roaming\mozilla\Extensions

[2011.04.02 16:52:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Franziska\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}

[2011.04.02 17:26:30 | 000,000,000 | ---D | M] (Zindus) -- C:\USERS\FRANZISKA\APPDATA\ROAMING\THUNDERBIRD\PROFILES\AQ3XY1QD.DEFAULT\EXTENSIONS\{AD7D8A66-253B-11DC-977C-000C29A3126E}

 

O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.5805.1910\swg64.dll (Google Inc.)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)

O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)

O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (AlcorMicro Co., Ltd.)

O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)

O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.)

O4:64bit: - HKLM..\Run: [ODDPwr] C:\Program Files\Acer\Optical Drive Power Management\ODDPwr.exe (Acer Incorporated)

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [ArcadeMovieService] C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe (CyberLink Corp.)

O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)

O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)

O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)

O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)

O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)

O4 - HKLM..\Run: [MDS_Menu] C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)

O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)

O4 - Startup: C:\Users\Franziska\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Franziska\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O8:64bit: - Extra context menu item: &Citavi Picker... - C:\ProgramData\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html ()

O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.)

O8 - Extra context menu item: &Citavi Picker... - C:\ProgramData\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html ()

O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.)

O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O13 - gopher Prefix: missing

O13 - gopher Prefix: missing

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)

O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{4872fd2c-3091-11e0-b63d-60eb693a3384}\Shell - "" = AutoRun

O33 - MountPoints2\{4872fd2c-3091-11e0-b63d-60eb693a3384}\Shell\AutoRun\command - "" = "E:\WD SmartWare.exe" autoplay=true

O34 - HKLM BootExecute: (autocheck autochk *) -  File not found

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2011.05.12 19:59:39 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT

[2011.05.12 19:59:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT

[2011.05.12 19:59:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT

[2011.05.12 18:42:43 | 007,734,208 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Franziska\Desktop\mbam-setup (1).exe

[2011.05.12 18:24:36 | 000,000,000 | ---D | C] -- C:\Users\Franziska\AppData\Roaming\Malwarebytes

[2011.05.12 18:24:33 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

[2011.05.12 18:24:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2011.05.12 18:24:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2011.05.12 18:24:29 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2011.05.12 18:24:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2011.05.12 17:59:06 | 000,791,393 | ---- | C] (Lars Hederer                                                ) -- C:\Users\Franziska\Desktop\Erunt-setup.exe

[2011.05.12 17:59:06 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Franziska\Desktop\OTL.exe

[2011.05.12 17:59:06 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Franziska\Desktop\TFC.exe

[2011.05.11 11:23:06 | 005,509,504 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe

[2011.05.11 11:23:05 | 003,957,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe

[2011.05.11 11:23:05 | 003,901,824 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe

[2011.05.11 09:59:08 | 000,324,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys

[2011.05.11 09:59:07 | 000,007,936 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys

[2011.04.29 15:07:05 | 002,566,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\esent.dll

[2011.04.29 15:07:05 | 001,686,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\esent.dll

[2011.04.29 15:07:05 | 000,107,904 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdsata.sys

[2011.04.29 15:07:03 | 000,187,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys

[2011.04.29 15:07:03 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fsutil.exe

[2011.04.29 15:07:03 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fsutil.exe

[2011.04.29 15:07:03 | 000,027,008 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdxata.sys

[2011.04.28 17:16:31 | 002,870,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe

[2011.04.28 17:16:31 | 002,614,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe

[2011.04.28 16:56:13 | 000,662,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll

[2011.04.28 16:56:13 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll

[2011.04.28 16:36:58 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\prevhost.exe

[2011.04.28 16:36:58 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\prevhost.exe

[2011.04.27 08:46:52 | 000,000,000 | ---D | C] -- C:\Users\Franziska\Desktop\Cholera

[2011.04.22 12:49:43 | 000,000,000 | R--D | C] -- C:\Users\Franziska\Dropbox

[2011.04.22 12:41:13 | 000,000,000 | ---D | C] -- C:\Users\Franziska\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox

[2011.04.22 12:41:00 | 000,000,000 | ---D | C] -- C:\Users\Franziska\AppData\Roaming\Dropbox

[2011.04.20 13:22:25 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll

[2011.04.20 13:22:25 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll

[2011.04.20 13:22:25 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll

[2011.04.20 13:22:25 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll

[2011.04.20 13:22:25 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll

[2011.04.20 13:22:25 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll

[2011.04.20 13:22:25 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll

[2011.04.20 13:22:25 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll

[2011.04.20 13:22:24 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec

[2011.04.20 13:22:24 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec

[2011.04.20 13:22:24 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll

[2011.04.20 13:22:24 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll

[2011.04.20 13:22:24 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe

[2011.04.20 13:22:24 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe

[2011.04.18 14:06:54 | 000,640,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.efi

[2011.04.18 14:06:54 | 000,603,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.exe

[2011.04.18 14:06:54 | 000,556,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.efi

[2011.04.18 14:06:54 | 000,518,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.exe

[2011.04.18 14:06:54 | 000,020,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdusb.dll

[2011.04.18 14:06:54 | 000,019,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kd1394.dll

[2011.04.18 14:06:54 | 000,017,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdcom.dll

[2011.04.18 14:01:50 | 000,476,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll

[2011.04.18 14:01:50 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll

[2011.04.18 13:02:24 | 001,395,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42.dll

[2011.04.18 13:02:24 | 001,359,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42u.dll

[2011.04.18 13:02:24 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42u.dll

[2011.04.18 13:02:24 | 001,137,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42.dll

[2011.04.18 12:39:27 | 000,367,104 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll

[2011.04.18 12:39:27 | 000,294,912 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll

[2011.04.18 12:39:27 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll

[2011.04.18 12:39:27 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll

[2011.04.18 12:07:53 | 000,356,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnsapi.dll

[2011.04.18 12:07:53 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnscacheugc.exe

[2011.04.18 12:07:53 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dnscacheugc.exe

[2011.04.18 12:03:51 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FXSCOVER.exe

[2011.04.18 11:01:56 | 000,852,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll

[2011.04.18 11:01:55 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll

[2011.04.18 11:01:55 | 000,612,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll

[2 C:\Users\Franziska\Desktop\*.tmp files -> C:\Users\Franziska\Desktop\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2011.05.12 19:59:03 | 000,000,933 | ---- | M] () -- C:\Users\Franziska\Desktop\NTREGOPT.lnk

[2011.05.12 19:59:03 | 000,000,914 | ---- | M] () -- C:\Users\Franziska\Desktop\ERUNT.lnk

[2011.05.12 19:49:38 | 000,502,095 | ---- | M] () -- C:\Users\Franziska\Desktop\unhide (1).exe

[2011.05.12 19:28:04 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2011.05.12 19:21:46 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2011.05.12 19:21:46 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2011.05.12 19:13:07 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2011.05.12 19:12:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011.05.12 19:12:44 | 2962,300,928 | -HS- | M] () -- C:\hiberfil.sys

[2011.05.12 18:43:28 | 000,001,118 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011.05.12 18:42:03 | 007,734,208 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Franziska\Desktop\mbam-setup (1).exe

[2011.05.12 18:11:03 | 000,502,095 | ---- | M] () -- C:\Users\Franziska\Desktop\unhide.exe

[2011.05.12 18:00:18 | 000,791,393 | ---- | M] (Lars Hederer                                                ) -- C:\Users\Franziska\Desktop\Erunt-setup.exe

[2011.05.12 17:59:53 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Franziska\Desktop\OTL.exe

[2011.05.12 17:59:49 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Franziska\Desktop\TFC.exe

[2011.05.12 17:58:20 | 000,377,282 | ---- | M] () -- C:\Users\Franziska\Desktop\Load (3).exe

[2011.05.12 17:52:07 | 000,377,282 | ---- | M] () -- C:\Users\Franziska\Desktop\Load (1).exe

[2011.05.12 17:45:19 | 000,377,282 | ---- | M] () -- C:\Users\Franziska\Desktop\Load.exe

[2011.05.11 17:13:22 | 000,001,041 | ---- | M] () -- C:\Users\Franziska\Desktop\Dropbox.lnk

[2011.05.11 17:13:22 | 000,001,021 | ---- | M] () -- C:\Users\Franziska\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

[2011.05.11 14:13:16 | 001,527,504 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2011.05.11 14:13:16 | 000,664,634 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat

[2011.05.11 14:13:16 | 000,624,776 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2011.05.11 14:13:16 | 000,134,770 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat

[2011.05.11 14:13:16 | 000,110,414 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2011.05.10 10:25:23 | 000,278,640 | ---- | M] () -- C:\Users\Franziska\Desktop\eticket-douala-berlin.pdf

[2011.05.04 14:51:17 | 000,184,527 | ---- | M] () -- C:\Users\Franziska\Desktop\Orga plus Peter.jpg

[2011.05.03 10:21:37 | 000,001,634 | ---- | M] () -- C:\Users\Franziska\Desktop\reisinger.jpg

[2011.04.28 12:33:39 | 008,377,475 | ---- | M] () -- C:\Users\Franziska\Desktop\04 - Empire of the Sun - We Are the People.mp3

[2011.04.28 12:25:52 | 004,907,342 | ---- | M] () -- C:\Users\Franziska\Desktop\Roots Rockers - 03 - Wunderschön (K.P. Crew Mix).mp3

[2011.04.21 12:09:20 | 003,400,829 | ---- | M] () -- C:\Users\Franziska\Desktop\01 Tomorrow Goes Away.m4a

[2011.04.21 12:08:57 | 003,913,227 | ---- | M] () -- C:\Users\Franziska\Desktop\Caravan Palace - Jolie Coquine.mp3

[2011.04.20 09:55:45 | 000,413,624 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2011.04.18 18:08:24 | 000,473,509 | ---- | M] () -- C:\Users\Franziska\Desktop\RVNEGO.pdf

[2011.04.18 15:17:54 | 000,098,333 | ---- | M] () -- C:\Users\Franziska\Desktop\ngaoundere.jpg

[2 C:\Users\Franziska\Desktop\*.tmp files -> C:\Users\Franziska\Desktop\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2011.05.12 19:59:03 | 000,000,933 | ---- | C] () -- C:\Users\Franziska\Desktop\NTREGOPT.lnk

[2011.05.12 19:59:03 | 000,000,914 | ---- | C] () -- C:\Users\Franziska\Desktop\ERUNT.lnk

[2011.05.12 19:51:56 | 000,502,095 | ---- | C] () -- C:\Users\Franziska\Desktop\unhide (1).exe

[2011.05.12 18:43:28 | 000,001,118 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011.05.12 18:11:27 | 000,502,095 | ---- | C] () -- C:\Users\Franziska\Desktop\unhide.exe

[2011.05.12 17:58:40 | 000,377,282 | ---- | C] () -- C:\Users\Franziska\Desktop\Load (3).exe

[2011.05.12 17:51:21 | 000,377,282 | ---- | C] () -- C:\Users\Franziska\Desktop\Load.exe

[2011.05.12 17:47:07 | 000,377,282 | ---- | C] () -- C:\Users\Franziska\Desktop\Load (1).exe

[2011.05.10 10:25:23 | 000,278,640 | ---- | C] () -- C:\Users\Franziska\Desktop\eticket-douala-berlin.pdf

[2011.05.04 14:41:33 | 000,184,527 | ---- | C] () -- C:\Users\Franziska\Desktop\Orga plus Peter.jpg

[2011.05.03 10:21:35 | 000,001,634 | ---- | C] () -- C:\Users\Franziska\Desktop\reisinger.jpg

[2011.04.28 11:44:48 | 008,377,475 | ---- | C] () -- C:\Users\Franziska\Desktop\04 - Empire of the Sun - We Are the People.mp3

[2011.04.28 11:44:39 | 004,907,342 | ---- | C] () -- C:\Users\Franziska\Desktop\Roots Rockers - 03 - Wunderschön (K.P. Crew Mix).mp3

[2011.04.22 12:49:43 | 000,001,041 | ---- | C] () -- C:\Users\Franziska\Desktop\Dropbox.lnk

[2011.04.22 12:41:18 | 000,001,021 | ---- | C] () -- C:\Users\Franziska\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

[2011.04.21 12:02:18 | 003,913,227 | ---- | C] () -- C:\Users\Franziska\Desktop\Caravan Palace - Jolie Coquine.mp3

[2011.04.21 11:59:51 | 003,400,829 | ---- | C] () -- C:\Users\Franziska\Desktop\01 Tomorrow Goes Away.m4a

[2011.04.18 18:06:53 | 000,473,509 | ---- | C] () -- C:\Users\Franziska\Desktop\RVNEGO.pdf

[2011.04.18 15:17:54 | 000,098,333 | ---- | C] () -- C:\Users\Franziska\Desktop\ngaoundere.jpg

[2011.04.02 16:52:07 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat

[2011.03.07 15:25:59 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat

[2011.01.30 21:57:23 | 000,000,000 | ---- | C] () -- C:\ProgramData\Horn Section

[2011.01.30 21:57:23 | 000,000,000 | ---- | C] () -- C:\ProgramData\Classic Thick

[2011.01.28 23:20:23 | 000,000,000 | ---- | C] () -- C:\Users\Franziska\AppData\Roaming\Horns

[2011.01.28 23:19:29 | 000,000,097 | ---- | C] () -- C:\Users\Franziska\AppData\Local\fusioncache.dat

[2011.01.28 23:15:36 | 001,527,618 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2011.01.28 23:13:05 | 000,000,000 | ---- | C] () -- C:\ProgramData\PKP_DLbz.DAT

[2010.12.23 21:02:49 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat

[2010.07.02 13:00:29 | 000,870,560 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin

[2010.07.02 13:00:29 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll

[2010.07.02 13:00:29 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll

[2010.07.02 13:00:29 | 000,104,636 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin

[2010.07.02 13:00:27 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin

[2010.07.02 12:41:30 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe

[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT

[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat

[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll

[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

[2007.05.29 13:26:34 | 000,266,248 | ---- | C] () -- C:\Windows\SysWow64\acedrv09.dll

[1998.09.14 20:43:16 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\TWAIN32d.dll

 
 ========== LOP Check ==========

 

[2011.01.06 12:08:35 | 000,000,000 | ---D | M] -- C:\Users\Franziska\AppData\Roaming\Canon

[2011.02.03 17:39:54 | 000,000,000 | ---D | M] -- C:\Users\Franziska\AppData\Roaming\DAEMON Tools Lite

[2011.05.12 14:20:22 | 000,000,000 | ---D | M] -- C:\Users\Franziska\AppData\Roaming\Dropbox

[2010.12.23 12:24:59 | 000,000,000 | ---D | M] -- C:\Users\Franziska\AppData\Roaming\GetRightToGo

[2011.02.23 12:06:09 | 000,000,000 | ---D | M] -- C:\Users\Franziska\AppData\Roaming\GraphPad Software

[2011.01.11 23:09:34 | 000,000,000 | ---D | M] -- C:\Users\Franziska\AppData\Roaming\Gutscheinmieze

[2010.12.28 22:22:40 | 000,000,000 | ---D | M] -- C:\Users\Franziska\AppData\Roaming\Liteon

[2011.01.28 23:19:14 | 000,000,000 | ---D | M] -- C:\Users\Franziska\AppData\Roaming\Nikon

[2010.12.29 00:33:56 | 000,000,000 | ---D | M] -- C:\Users\Franziska\AppData\Roaming\Swiss Academic Software

[2011.04.02 16:52:07 | 000,000,000 | ---D | M] -- C:\Users\Franziska\AppData\Roaming\Thunderbird

[2009.07.14 06:08:49 | 000,019,482 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 
 ========== Purity Check ==========

 

 

 
 ========== Alternate Data Streams ==========

 

@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:CDFF58FE

@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:E36F5B57

@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:E1F04E8D

@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:4D066AD2

@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:798A3728

 

< End of report >

--- --- ---

OTL Logfile:

Code:

OTL Extras logfile created on: 12.05.2011 20:04:59 - Run 2

OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\Franziska\Desktop

64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 64,00% Memory free

5,00 Gb Paging File | 3,00 Gb Available in Paging File | 70,00% Paging File free

Paging file location(s): c:\pagefile.sys 1024 3072 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 226,39 Gb Total Space | 171,20 Gb Free Space | 75,62% Space Free | Partition Type: NTFS

Drive D: | 226,27 Gb Total Space | 181,88 Gb Free Space | 80,38% Space Free | Partition Type: NTFS

Unable to calculate disk information.

 

Computer Name: FRANZISKA-PC | User Name: Franziska | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

 
 ========== Shell Spawning ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %* File not found

cmdfile [open] -- "%1" %* File not found

comfile [open] -- "%1" %* File not found

exefile [open] -- "%1" %* File not found

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

http [open] -- "C:\Program Files (x86)\Opera\opera.exe" "%1" File not found

https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %* File not found

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1" File not found

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found

scrfile [open] -- "%1" /S File not found

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" File not found

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

http [open] -- "C:\Program Files (x86)\Opera\opera.exe" "%1"

https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L"

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 
 ========== Authorized Applications List ==========

 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX320_series" = Canon MX320 series MP Drivers

"{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder

"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software

"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007

"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"WinRAR archiver" = WinRAR archiver

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM

"{0D7CD0D9-4A88-4A63-8F91-3F4E8F371768}" = MyWinLocker

"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard

"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8

"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe

"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com

"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie

"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver

"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform

"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management

"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology

"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker

"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup

"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger

"{4968622A-4D3F-489E-9ACE-5FEC4CC0BDE3}" = MediaShow Espresso

"{51F026FA-5146-4232-A8BA-1364740BD053}" = Acer Crystal Eye webcam

"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent

"{58F4D244-314F-4D26-B5EF-C28AB32E22CB}_is1" = Acer GameZone Console

"{5A22D889-FBDD-4AE8-86EC-089D45FC133E}" = Alcor Micro USB Card Reader

"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call

"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components

"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic

"{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite

"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync

"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110300453}" = Spin & Win

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111355427}" = Poker Pop

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}" = Merriam Websters Spell Jam

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}" = Amazonia

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}" = Heroes of Hellas

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11505173}" = Airport Mania First Flight

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}" = Farm Frenzy 2

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007

"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007

"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007

"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007

"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007

"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007

"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007

"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007

"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007

"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007

"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007

"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007

"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007

"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175

"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AC76BA86-7AD7-1031-7B44-A92000000001}" = Adobe Reader 9.2 - Deutsch

"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.1 MUI

"{AE09C972-EEB2-4DA5-8090-0FCF54576854}" = Optical Drive Power Management

"{B906C11A-D193-4143-9FA7-E2EE8A5A8F21}" = Acer Arcade Movie

"{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder

"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center

"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer

"{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}" = eBay Worldwide

"{E12C6653-1FF0-4686-ADB8-589C13AE761F}" = Citavi

"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update

"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1

"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack

"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center

"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials

"Acer Registration" = Acer Registration

"Acer Screensaver" = Acer ScreenSaver

"Acer Welcome Center" = Welcome Center

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus

"Canon MX320 series Benutzerregistrierung" = Canon MX320 series Benutzerregistrierung

"CanonMyPrinter" = Canon Utilities My Printer

"CanonSolutionMenu" = Canon Utilities Solution Menu

"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX

"ENTERPRISE" = Microsoft Office Enterprise 2007

"ERUNT_is1" = ERUNT 1.1j

"Google Chrome" = Google Chrome

"GraphPad Prism_is1" = GraphPad Prism 4

"Identity Card" = Identity Card

"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5

"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2

"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8

"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe

"InstallShield_{5A22D889-FBDD-4AE8-86EC-089D45FC133E}" = Alcor Micro USB Card Reader

"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager

"InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite

"LManager" = Launch Manager

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Mediscript-CD GK2" = Mediscript-CD GK2

"Mediscript-CD Hammerexamen" = Mediscript-CD Hammerexamen

"Mozilla Thunderbird (3.1.9)" = Mozilla Thunderbird (3.1.9)

"MP Navigator EX 2.1" = Canon MP Navigator EX 2.1

"Pochette Express 2" = Pochette Express 2

"ProtectDisc Driver" = ProtectDisc Helper Driver

"Temperature Logger V1.8" = Temperature Logger V1.8

"VLC media player" = VLC media player 1.1.7

"WinLiveSuite_Wave3" = Windows Live Essentials

 
 ========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Dropbox" = Dropbox

 
 ========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 21.04.2011 10:53:49 | Computer Name = Franziska-PC | Source = Application Hang | ID = 1002

Description = Programm Skype.exe, Version 5.1.0.112 kann nicht mehr unter Windows

 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,

 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 2cc    Startzeit: 

01cc00339f761898    Endzeit: 10    Anwendungspfad: C:\Program Files (x86)\Skype\Phone\Skype.exe

 

Berichts-ID:

 

 

Error - 22.04.2011 07:49:06 | Computer Name = Franziska-PC | Source = Application Error | ID = 1000

Description = Name der fehlerhaften Anwendung: EXCEL.EXE, Version: 12.0.6550.5004,

 Zeitstempel: 0x4d2cee93  Name des fehlerhaften Moduls: EXCEL.EXE, Version: 12.0.6550.5004,

 Zeitstempel: 0x4d2cee93  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000132f6  ID des fehlerhaften

 Prozesses: 0x104c  Startzeit der fehlerhaften Anwendung: 0x01cc00da81ab32ef  Pfad der

 fehlerhaften Anwendung: C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE  Pfad des fehlerhaften

 Moduls: C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE  Berichtskennung: 869b10c6-6cd6-11e0-91e6-60eb693a3384

 

Error - 22.04.2011 08:10:58 | Computer Name = Franziska-PC | Source = Application Error | ID = 1000

Description = Name der fehlerhaften Anwendung: EXCEL.EXE, Version: 12.0.6550.5004,

 Zeitstempel: 0x4d2cee93  Name des fehlerhaften Moduls: EXCEL.EXE, Version: 12.0.6550.5004,

 Zeitstempel: 0x4d2cee93  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0005ad65  ID des fehlerhaften

 Prozesses: 0x104c  Startzeit der fehlerhaften Anwendung: 0x01cc00da81ab32ef  Pfad der

 fehlerhaften Anwendung: C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE  Pfad des fehlerhaften

 Moduls: C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE  Berichtskennung: 9459f424-6cd9-11e0-91e6-60eb693a3384

 

Error - 23.04.2011 21:26:12 | Computer Name = Franziska-PC | Source = Application Error | ID = 1000

Description = Name der fehlerhaften Anwendung: explorer.exe, Version: 6.1.7600.16450,

 Zeitstempel: 0x4aebab8d  Name des fehlerhaften Moduls: RPCRT4.dll, Version: 6.1.7600.16385,

 Zeitstempel: 0x4a5be035  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000000000494cc

ID

 des fehlerhaften Prozesses: 0xea8  Startzeit der fehlerhaften Anwendung: 0x01cc00e22f07723b

Pfad

 der fehlerhaften Anwendung: C:\Windows\explorer.exe  Pfad des fehlerhaften Moduls:

 C:\Windows\system32\RPCRT4.dll  Berichtskennung: d6b08b7e-6e11-11e0-91e6-60eb693a3384

 

Error - 24.04.2011 08:08:43 | Computer Name = Franziska-PC | Source = Application Hang | ID = 1002

Description = Programm thunderbird.exe, Version 1.9.2.4079 kann nicht mehr unter

 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 

in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem

 zu suchen.    Prozess-ID: e9c    Startzeit: 01cc021eeb7d9922    Endzeit: 22    Anwendungspfad: 

C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe    Berichts-ID: 90c6e094-6e6b-11e0-b4ce-60eb693a3384

 

 

Error - 25.04.2011 09:37:34 | Computer Name = Franziska-PC | Source = Application Hang | ID = 1002

Description = Programm thunderbird.exe, Version 1.9.2.4079 kann nicht mehr unter

 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 

in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem

 zu suchen.    Prozess-ID: 1308    Startzeit: 01cc03447d2e7c9f    Endzeit: 10    Anwendungspfad:

 C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe    Berichts-ID: 26a50c20-6f41-11e0-b4ce-60eb693a3384

 

 

Error - 26.04.2011 06:58:55 | Computer Name = Franziska-PC | Source = SideBySide | ID = 16842815

Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files

 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder

 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe

 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"

 des "version"-Attributs im assemblyIdentity-Element ist ungültig.

 

Error - 26.04.2011 07:00:32 | Computer Name = Franziska-PC | Source = SideBySide | ID = 16842787

Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files

 (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei

 "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile  8.  Die 

im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente

 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".

Definition:

 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie

 das Programm "sxstrace.exe" für eine detaillierte Diagnose.

 

Error - 27.04.2011 05:41:09 | Computer Name = Franziska-PC | Source = SideBySide | ID = 16842815

Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files

 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder

 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe

 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"

 des "version"-Attributs im assemblyIdentity-Element ist ungültig.

 

Error - 27.04.2011 05:42:17 | Computer Name = Franziska-PC | Source = SideBySide | ID = 16842787

Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files

 (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei

 "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile  8.  Die 

im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente

 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".

Definition:

 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie

 das Programm "sxstrace.exe" für eine detaillierte Diagnose.

 

[ OSession Events ]

Error - 22.02.2011 10:39:27 | Computer Name = Franziska-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:

 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 111962

 seconds with 2460 seconds of active time.  This session ended with a crash.

 

Error - 06.04.2011 09:06:14 | Computer Name = Franziska-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:

 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 99235

 seconds with 120 seconds of active time.  This session ended with a crash.

 

Error - 19.04.2011 08:23:37 | Computer Name = Franziska-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:

 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 9987

 seconds with 2160 seconds of active time.  This session ended with a crash.

 

Error - 22.04.2011 08:10:58 | Computer Name = Franziska-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:

 12.0.6550.5004, Microsoft Office Version: 12.0.6425.1000. This session lasted 5081

 seconds with 0 seconds of active time.  This session ended with a crash.

 

Error - 06.05.2011 09:55:26 | Computer Name = Franziska-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:

 12.0.6550.5004, Microsoft Office Version: 12.0.6425.1000. This session lasted 1101

 seconds with 420 seconds of active time.  This session ended with a crash.

 

[ System Events ]

Error - 04.05.2011 11:16:54 | Computer Name = Franziska-PC | Source = Disk | ID = 262155

Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

 

Error - 04.05.2011 11:16:54 | Computer Name = Franziska-PC | Source = Disk | ID = 262155

Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

 

Error - 04.05.2011 11:16:54 | Computer Name = Franziska-PC | Source = Disk | ID = 262155

Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

 

Error - 04.05.2011 11:16:54 | Computer Name = Franziska-PC | Source = Disk | ID = 262155

Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

 

Error - 04.05.2011 11:16:54 | Computer Name = Franziska-PC | Source = Disk | ID = 262155

Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

 

Error - 04.05.2011 11:16:54 | Computer Name = Franziska-PC | Source = Disk | ID = 262155

Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

 

Error - 04.05.2011 11:16:54 | Computer Name = Franziska-PC | Source = Disk | ID = 262155

Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

 

Error - 04.05.2011 11:16:54 | Computer Name = Franziska-PC | Source = Disk | ID = 262155

Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

 

Error - 04.05.2011 11:16:54 | Computer Name = Franziska-PC | Source = Disk | ID = 262155

Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

 

Error - 04.05.2011 11:53:13 | Computer Name = Franziska-PC | Source = DCOM | ID = 10010

Description = 

 

 

< End of report >

--- --- ---

Zitat:

Art des Suchlaufs: Quick-Scan

Hallo und :hallo:

Bitte routinemäßig einen Vollscan mit malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

Hallo,

jetzt habe ich einen Vollscan mit Malawarebytes durchgeführt. Es wurden keine infizierten Objekte gefunden. Hier ist das log. Logfiles aus älteren Scans gibt es nicht, da ich das Programm erst kürzlich runtergeladen habe. Der Bildschirm ist immernoch schwarz.

Vielen Dank!!

Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: 6588

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

16.05.2011 15:36:01
mbam-log-2011-05-16 (15-36-01).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 285434
Laufzeit: 44 Minute(n), 47 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Der wievielte Scan mit Malwarebytes war das?

Der zweite Scan.
Hier nocheinmal der Log vom ersten Quickscan.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6562

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

12.05.2011 18:51:11
mbam-log-2011-05-12 (18-51-11).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 157363
Laufzeit: 2 Minute(n), 7 Sekunde(n)

Infizierte Speicherprozesse: 1
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2

Infizierte Speicherprozesse:
c:\programdata\agxosbhalgoapeg.exe (Rogue.Installer.Gen) -> 3324 -> Unloaded process successfully.

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\aGxoSBhalgOAPeG (Rogue.Installer.Gen) -> Value: aGxoSBhalgOAPeG -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\programdata\agxosbhalgoapeg.exe (Rogue.Installer.Gen) -> Quarantined and deleted successfully.
c:\programdata\44556024.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

:OTL

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{4872fd2c-3091-11e0-b63d-60eb693a3384}\Shell - "" = AutoRun

O33 - MountPoints2\{4872fd2c-3091-11e0-b63d-60eb693a3384}\Shell\AutoRun\command - "" = "E:\WD SmartWare.exe" autoplay=true

@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:CDFF58FE

@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:E36F5B57

@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:E1F04E8D

@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:4D066AD2

@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:798A3728

:Commands

[purity]

[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hallo Arne,

hier ist das Logfile der OTL Fix.

:OTL
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{4872fd2c-3091-11e0-b63d-60eb693a3384}\Shell - "" = AutoRun
O33 - MountPoints2\{4872fd2c-3091-11e0-b63d-60eb693a3384}\Shell\AutoRun\command - "" = "E:\WD SmartWare.exe" autoplay=true
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:CDFF58FE
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:E36F5B57
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:E1F04E8D
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:4D066AD2
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:798A3728
:Commands
[purity]
[resethosts]

Das ist nicht das was ich sehen wollte, sondern das Script was ich dir gepostet habe

Uups....

========== OTL ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4872fd2c-3091-11e0-b63d-60eb693a3384}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4872fd2c-3091-11e0-b63d-60eb693a3384}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4872fd2c-3091-11e0-b63d-60eb693a3384}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4872fd2c-3091-11e0-b63d-60eb693a3384}\ not found.
File "E:\WD SmartWare.exe" autoplay=true not found.
Unable to delete ADS C:\ProgramData\Temp:CDFF58FE .
Unable to delete ADS C:\ProgramData\Temp:E36F5B57 .
Unable to delete ADS C:\ProgramData\Temp:E1F04E8D .
Unable to delete ADS C:\ProgramData\Temp:4D066AD2 .
Unable to delete ADS C:\ProgramData\Temp:798A3728 .
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.22.3 log created on 05162011_215712

Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - also beide Haken setzen, auf Start scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

http://www.trojaner-board.de/attachm...rnen-start.png

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

Sorry, da ist irgendetwas schief gelaufen.
Ich habe den Scan laufen lassen und dann hat er "suspicious objects" gefunden. Nach der Anleitung für TDSSKiller, dessen link Du mir gepostet hattest, habe ich die Funde dann entfernt. Danach ist kein "Report-Button" aufgetaucht und ich konnte das Logfile nicht finden. Ich erinnere mich das "std" bei den Funden stand. Tut mir leid. Gibt es einen Ort, an dem ich das wiederfinden kann? Dann habe ich den Computer neu gestartet und das ganze nocheinmal gemacht. Logfile s.u..
Auf meine Dateien kann ich zurückgreifen. Ich habe unhide.exe schon vor ein paar Tagen durchgeführt.

2011/05/16 22:15:28.0708 0644 TDSS rootkit removing tool 2.5.1.0 May 13 2011 13:20:29
2011/05/16 22:15:28.0860 0644 ================================================================================
2011/05/16 22:15:28.0860 0644 SystemInfo:
2011/05/16 22:15:28.0860 0644
2011/05/16 22:15:28.0860 0644 OS Version: 6.1.7600 ServicePack: 0.0
2011/05/16 22:15:28.0860 0644 Product type: Workstation
2011/05/16 22:15:28.0860 0644 ComputerName: FRANZISKA-PC
2011/05/16 22:15:28.0860 0644 UserName: Franziska
2011/05/16 22:15:28.0860 0644 Windows directory: C:\Windows
2011/05/16 22:15:28.0860 0644 System windows directory: C:\Windows
2011/05/16 22:15:28.0860 0644 Running under WOW64
2011/05/16 22:15:28.0860 0644 Processor architecture: Intel x64
2011/05/16 22:15:28.0860 0644 Number of processors: 4
2011/05/16 22:15:28.0860 0644 Page size: 0x1000
2011/05/16 22:15:28.0860 0644 Boot type: Normal boot
2011/05/16 22:15:28.0860 0644 ================================================================================
2011/05/16 22:15:29.0154 0644 Initialize success
2011/05/16 22:15:49.0011 1924 ================================================================================
2011/05/16 22:15:49.0011 1924 Scan started
2011/05/16 22:15:49.0011 1924 Mode: Manual;
2011/05/16 22:15:49.0011 1924 ================================================================================
2011/05/16 22:15:51.0462 1924 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/05/16 22:15:51.0583 1924 acedrv09 (d8ca98e813d08e267e7e140bd22e073e) C:\Windows\system32\drivers\acedrv09.sys
2011/05/16 22:15:51.0688 1924 acehlp09 (f535d9cf9ab68df08d92aeb6d697ebdb) C:\Windows\system32\drivers\acehlp09.sys
2011/05/16 22:15:51.0798 1924 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
2011/05/16 22:15:51.0890 1924 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/05/16 22:15:51.0952 1924 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/05/16 22:15:52.0078 1924 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/05/16 22:15:52.0215 1924 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/05/16 22:15:52.0362 1924 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
2011/05/16 22:15:52.0506 1924 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
2011/05/16 22:15:52.0664 1924 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
2011/05/16 22:15:52.0697 1924 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
2011/05/16 22:15:52.0789 1924 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/05/16 22:15:52.0837 1924 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/05/16 22:15:52.0900 1924 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
2011/05/16 22:15:52.0943 1924 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/05/16 22:15:52.0987 1924 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
2011/05/16 22:15:53.0032 1924 AmUStor (391887990cdaa83de5c56c3fde966da1) C:\Windows\system32\drivers\AmUStor.SYS
2011/05/16 22:15:53.0191 1924 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
2011/05/16 22:15:53.0241 1924 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/05/16 22:15:53.0264 1924 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/05/16 22:15:53.0373 1924 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/05/16 22:15:53.0405 1924 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
2011/05/16 22:15:53.0505 1924 athr (70260c7c98cc0101316f5b2650c3bb44) C:\Windows\system32\DRIVERS\athrx.sys
2011/05/16 22:15:53.0693 1924 avgntflt (39c2e2870fc0c2ae0595b883cbe716b4) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/05/16 22:15:53.0733 1924 avipbb (c98fa6e5ad0e857d22716bd2b8b1f399) C:\Windows\system32\DRIVERS\avipbb.sys
2011/05/16 22:15:53.0800 1924 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/05/16 22:15:53.0869 1924 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/05/16 22:15:54.0007 1924 BCM43XX (fde8c8dc07e75347e4c6b455a0964217) C:\Windows\system32\DRIVERS\bcmwl664.sys
2011/05/16 22:15:54.0075 1924 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/05/16 22:15:54.0152 1924 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/05/16 22:15:54.0194 1924 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
2011/05/16 22:15:54.0244 1924 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/05/16 22:15:54.0258 1924 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/05/16 22:15:54.0316 1924 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\system32\DRIVERS\BrSerId.sys
2011/05/16 22:15:54.0360 1924 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/05/16 22:15:54.0400 1924 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/05/16 22:15:54.0416 1924 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\DRIVERS\BrUsbSer.sys
2011/05/16 22:15:54.0470 1924 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\DRIVERS\BthEnum.sys
2011/05/16 22:15:54.0516 1924 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/05/16 22:15:54.0573 1924 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
2011/05/16 22:15:54.0623 1924 BTHPORT (a51fa9d0e85d5adabef72e67f386309c) C:\Windows\system32\Drivers\BTHport.sys
2011/05/16 22:15:54.0689 1924 BTHUSB (f740b9a16b2c06700f2130e19986bf3b) C:\Windows\system32\Drivers\BTHUSB.sys
2011/05/16 22:15:54.0753 1924 btwampfl (380b798d30c56ede4af58619d0e86ccb) C:\Windows\system32\drivers\btwampfl.sys
2011/05/16 22:15:54.0796 1924 btwaudio (ba5622f5544c6c445dff1a05acc8b19d) C:\Windows\system32\drivers\btwaudio.sys
2011/05/16 22:15:54.0840 1924 btwavdt (a11905d0f4bd34771f195217b6aa5ae0) C:\Windows\system32\DRIVERS\btwavdt.sys
2011/05/16 22:15:54.0925 1924 btwl2cap (07096d2bc22ccb6cea5a532df0be8a75) C:\Windows\system32\DRIVERS\btwl2cap.sys
2011/05/16 22:15:54.0971 1924 btwrchid (bd776f32d64ec615be4563dc2747224e) C:\Windows\system32\DRIVERS\btwrchid.sys
2011/05/16 22:15:55.0076 1924 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/05/16 22:15:55.0128 1924 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
2011/05/16 22:15:55.0175 1924 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/05/16 22:15:55.0238 1924 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/05/16 22:15:55.0365 1924 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/05/16 22:15:55.0403 1924 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
2011/05/16 22:15:55.0453 1924 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
2011/05/16 22:15:55.0504 1924 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/05/16 22:15:55.0546 1924 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/05/16 22:15:55.0584 1924 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/05/16 22:15:55.0646 1924 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
2011/05/16 22:15:55.0673 1924 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/05/16 22:15:55.0738 1924 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/05/16 22:15:55.0805 1924 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/05/16 22:15:55.0876 1924 DXGKrnl (24ce1ecf9d0ae0301775b07f5fea175b) C:\Windows\System32\drivers\dxgkrnl.sys
2011/05/16 22:15:55.0995 1924 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/05/16 22:15:56.0243 1924 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/05/16 22:15:56.0375 1924 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
2011/05/16 22:15:56.0447 1924 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/05/16 22:15:56.0483 1924 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/05/16 22:15:56.0573 1924 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/05/16 22:15:56.0628 1924 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/05/16 22:15:56.0656 1924 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/05/16 22:15:56.0685 1924 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/05/16 22:15:56.0767 1924 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
2011/05/16 22:15:56.0866 1924 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/05/16 22:15:56.0912 1924 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/05/16 22:15:57.0015 1924 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
2011/05/16 22:15:57.0083 1924 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/05/16 22:15:57.0219 1924 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/05/16 22:15:57.0281 1924 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
2011/05/16 22:15:57.0416 1924 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/05/16 22:15:57.0469 1924 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
2011/05/16 22:15:57.0543 1924 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/05/16 22:15:57.0575 1924 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/05/16 22:15:57.0621 1924 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/05/16 22:15:57.0730 1924 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
2011/05/16 22:15:57.0780 1924 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/05/16 22:15:57.0830 1924 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
2011/05/16 22:15:57.0927 1924 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
2011/05/16 22:15:58.0024 1924 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/05/16 22:15:58.0240 1924 iaStor (abbf174cb394f5c437410a788b7e404a) C:\Windows\system32\DRIVERS\iaStor.sys
2011/05/16 22:15:58.0445 1924 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
2011/05/16 22:15:58.0829 1924 igfx (09ce164afa8483e41808784d7fca154e) C:\Windows\system32\DRIVERS\igdkmd64.sys
2011/05/16 22:15:59.0181 1924 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/05/16 22:15:59.0244 1924 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\DRIVERS\Impcd.sys
2011/05/16 22:15:59.0402 1924 IntcAzAudAddService (06b774e74f7e2b8ae903a70c45a03d61) C:\Windows\system32\drivers\RTKVHD64.sys
2011/05/16 22:15:59.0557 1924 IntcDAud (58cf58dee26c909bd6f977b61d246295) C:\Windows\system32\DRIVERS\IntcDAud.sys
2011/05/16 22:15:59.0604 1924 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
2011/05/16 22:15:59.0650 1924 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/05/16 22:15:59.0680 1924 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/05/16 22:15:59.0796 1924 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/05/16 22:15:59.0892 1924 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/05/16 22:15:59.0935 1924 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/05/16 22:15:59.0979 1924 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
2011/05/16 22:16:00.0017 1924 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/05/16 22:16:00.0073 1924 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/05/16 22:16:00.0109 1924 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/05/16 22:16:00.0142 1924 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
2011/05/16 22:16:00.0180 1924 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
2011/05/16 22:16:00.0218 1924 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/05/16 22:16:00.0333 1924 L1C (39918db0efcf045a1ce6fabbf339f975) C:\Windows\system32\DRIVERS\L1C62x64.sys
2011/05/16 22:16:00.0432 1924 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/05/16 22:16:00.0562 1924 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/05/16 22:16:00.0594 1924 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/05/16 22:16:00.0625 1924 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/05/16 22:16:00.0646 1924 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/05/16 22:16:00.0674 1924 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/05/16 22:16:00.0711 1924 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/05/16 22:16:00.0744 1924 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/05/16 22:16:00.0853 1924 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/05/16 22:16:00.0895 1924 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/05/16 22:16:00.0939 1924 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2011/05/16 22:16:01.0007 1924 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/05/16 22:16:01.0111 1924 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
2011/05/16 22:16:01.0157 1924 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
2011/05/16 22:16:01.0216 1924 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/05/16 22:16:01.0260 1924 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
2011/05/16 22:16:01.0318 1924 mrxsmb (b7f3d2c40bdf8ffb73ebfb19c77734e2) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/05/16 22:16:01.0352 1924 mrxsmb10 (86c6f88b5168ce21cf8d69d0b3ff5d19) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/05/16 22:16:01.0398 1924 mrxsmb20 (b081069251c8e9f42cb8769d07148f9c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/05/16 22:16:01.0452 1924 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
2011/05/16 22:16:01.0493 1924 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
2011/05/16 22:16:01.0544 1924 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/05/16 22:16:01.0567 1924 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/05/16 22:16:01.0599 1924 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/05/16 22:16:01.0718 1924 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/05/16 22:16:01.0766 1924 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/05/16 22:16:01.0869 1924 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/05/16 22:16:01.0907 1924 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
2011/05/16 22:16:01.0988 1924 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/05/16 22:16:02.0028 1924 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/05/16 22:16:02.0052 1924 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/05/16 22:16:02.0079 1924 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/05/16 22:16:02.0131 1924 mwlPSDFilter (6ffecc25b39dc7652a0cec0ada9db589) C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
2011/05/16 22:16:02.0198 1924 mwlPSDNServ (0befe32ca56d6ee89d58175725596a85) C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
2011/05/16 22:16:02.0228 1924 mwlPSDVDisk (d43bc633b8660463e446e28e14a51262) C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
2011/05/16 22:16:02.0367 1924 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/05/16 22:16:02.0514 1924 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
2011/05/16 22:16:02.0625 1924 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/05/16 22:16:02.0671 1924 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/05/16 22:16:02.0766 1924 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/05/16 22:16:02.0800 1924 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/05/16 22:16:02.0830 1924 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
2011/05/16 22:16:02.0897 1924 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/05/16 22:16:02.0938 1924 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
2011/05/16 22:16:03.0073 1924 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/05/16 22:16:03.0172 1924 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/05/16 22:16:03.0211 1924 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/05/16 22:16:03.0299 1924 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
2011/05/16 22:16:03.0503 1924 NTIDrvr (710263b44c1d1aee07525a53401fbe48) C:\Windows\system32\drivers\NTIDrvr.sys
2011/05/16 22:16:03.0544 1924 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/05/16 22:16:03.0608 1924 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
2011/05/16 22:16:03.0702 1924 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
2011/05/16 22:16:03.0763 1924 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/05/16 22:16:03.0879 1924 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/05/16 22:16:03.0935 1924 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/05/16 22:16:03.0966 1924 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
2011/05/16 22:16:04.0003 1924 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
2011/05/16 22:16:04.0035 1924 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
2011/05/16 22:16:04.0053 1924 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/05/16 22:16:04.0080 1924 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/05/16 22:16:04.0113 1924 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/05/16 22:16:04.0288 1924 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
2011/05/16 22:16:04.0336 1924 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/05/16 22:16:04.0442 1924 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
2011/05/16 22:16:04.0502 1924 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/05/16 22:16:04.0617 1924 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/05/16 22:16:04.0657 1924 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/05/16 22:16:04.0687 1924 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/05/16 22:16:04.0740 1924 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/05/16 22:16:04.0820 1924 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/05/16 22:16:04.0937 1924 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/05/16 22:16:04.0966 1924 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/05/16 22:16:05.0037 1924 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
2011/05/16 22:16:05.0083 1924 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/05/16 22:16:05.0130 1924 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/05/16 22:16:05.0155 1924 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/05/16 22:16:05.0188 1924 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/05/16 22:16:05.0219 1924 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
2011/05/16 22:16:05.0294 1924 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
2011/05/16 22:16:05.0424 1924 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
2011/05/16 22:16:05.0560 1924 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/05/16 22:16:05.0609 1924 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/05/16 22:16:05.0639 1924 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
2011/05/16 22:16:05.0686 1924 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/05/16 22:16:05.0792 1924 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/05/16 22:16:05.0825 1924 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/05/16 22:16:05.0846 1924 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/05/16 22:16:05.0873 1924 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/05/16 22:16:05.0887 1924 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/05/16 22:16:05.0901 1924 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/05/16 22:16:05.0949 1924 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/05/16 22:16:05.0987 1924 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/05/16 22:16:06.0007 1924 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/05/16 22:16:06.0041 1924 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/05/16 22:16:06.0138 1924 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/05/16 22:16:06.0220 1924 srv (148d50904d2a0df29a19778715eb35bb) C:\Windows\system32\DRIVERS\srv.sys
2011/05/16 22:16:06.0268 1924 srv2 (ce2189fe31d36678ac9eb7ddee08ec96) C:\Windows\system32\DRIVERS\srv2.sys
2011/05/16 22:16:06.0336 1924 srvnet (cb69edeb069a49577592835659cd0e46) C:\Windows\system32\DRIVERS\srvnet.sys
2011/05/16 22:16:06.0404 1924 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/05/16 22:16:06.0445 1924 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
2011/05/16 22:16:06.0575 1924 SynTP (ed6d1424e5b0c21a57b28dd8508d6843) C:\Windows\system32\DRIVERS\SynTP.sys
2011/05/16 22:16:06.0691 1924 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys
2011/05/16 22:16:06.0947 1924 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys
2011/05/16 22:16:07.0000 1924 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
2011/05/16 22:16:07.0032 1924 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/05/16 22:16:07.0061 1924 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/05/16 22:16:07.0100 1924 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
2011/05/16 22:16:07.0124 1924 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
2011/05/16 22:16:07.0205 1924 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/05/16 22:16:07.0271 1924 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
2011/05/16 22:16:07.0309 1924 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/05/16 22:16:07.0349 1924 UBHelper (40079b0b801c5432ba435b5ad61ce6e3) C:\Windows\system32\drivers\UBHelper.sys
2011/05/16 22:16:07.0393 1924 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
2011/05/16 22:16:07.0508 1924 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/05/16 22:16:07.0602 1924 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
2011/05/16 22:16:07.0631 1924 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/05/16 22:16:07.0680 1924 usbccgp (537a4e03d7103c12d42dfd8ffdb5bdc9) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/05/16 22:16:07.0714 1924 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
2011/05/16 22:16:07.0761 1924 usbehci (fbb21ebe49f6d560db37ac25fbc68e66) C:\Windows\system32\drivers\usbehci.sys
2011/05/16 22:16:07.0801 1924 usbhub (6b7a8a99c4a459e73c286a6763ea24cc) C:\Windows\system32\DRIVERS\usbhub.sys
2011/05/16 22:16:07.0850 1924 usbohci (8c88aa7617b4cbc2e4bed61d26b33a27) C:\Windows\system32\drivers\usbohci.sys
2011/05/16 22:16:07.0911 1924 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/05/16 22:16:07.0966 1924 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
2011/05/16 22:16:08.0013 1924 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\drivers\USBSTOR.SYS
2011/05/16 22:16:08.0063 1924 usbuhci (0b5b3b2df3fd1709618acfa50b8392b0) C:\Windows\system32\drivers\usbuhci.sys
2011/05/16 22:16:08.0134 1924 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
2011/05/16 22:16:08.0237 1924 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/05/16 22:16:08.0281 1924 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/05/16 22:16:08.0309 1924 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/05/16 22:16:08.0331 1924 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/05/16 22:16:08.0351 1924 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
2011/05/16 22:16:08.0382 1924 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/05/16 22:16:08.0412 1924 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
2011/05/16 22:16:08.0435 1924 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
2011/05/16 22:16:08.0478 1924 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/05/16 22:16:08.0513 1924 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/05/16 22:16:08.0539 1924 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/05/16 22:16:08.0636 1924 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/05/16 22:16:08.0728 1924 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/16 22:16:08.0751 1924 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/16 22:16:08.0802 1924 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/05/16 22:16:08.0860 1924 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/05/16 22:16:08.0989 1924 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/05/16 22:16:09.0059 1924 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/05/16 22:16:09.0243 1924 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/05/16 22:16:09.0297 1924 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/05/16 22:16:09.0361 1924 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/05/16 22:16:09.0400 1924 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
2011/05/16 22:16:09.0440 1924 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/05/16 22:16:09.0533 1924 ================================================================================
2011/05/16 22:16:09.0533 1924 Scan finished
2011/05/16 22:16:09.0533 1924 ================================================================================

Sieht direkt auf c: nach, der speichert die Logs da ab.

jipp!

2011/05/16 22:03:53.0030 2204 TDSS rootkit removing tool 2.5.1.0 May 13 2011 13:20:29
2011/05/16 22:03:53.0226 2204 ================================================================================
2011/05/16 22:03:53.0226 2204 SystemInfo:
2011/05/16 22:03:53.0226 2204
2011/05/16 22:03:53.0226 2204 OS Version: 6.1.7600 ServicePack: 0.0
2011/05/16 22:03:53.0226 2204 Product type: Workstation
2011/05/16 22:03:53.0226 2204 ComputerName: FRANZISKA-PC
2011/05/16 22:03:53.0226 2204 UserName: Franziska
2011/05/16 22:03:53.0226 2204 Windows directory: C:\Windows
2011/05/16 22:03:53.0226 2204 System windows directory: C:\Windows
2011/05/16 22:03:53.0226 2204 Running under WOW64
2011/05/16 22:03:53.0226 2204 Processor architecture: Intel x64
2011/05/16 22:03:53.0226 2204 Number of processors: 4
2011/05/16 22:03:53.0226 2204 Page size: 0x1000
2011/05/16 22:03:53.0226 2204 Boot type: Normal boot
2011/05/16 22:03:53.0226 2204 ================================================================================
2011/05/16 22:03:53.0551 2204 Initialize success
2011/05/16 22:05:42.0981 4684 ================================================================================
2011/05/16 22:05:42.0981 4684 Scan started
2011/05/16 22:05:42.0981 4684 Mode: Manual;
2011/05/16 22:05:42.0981 4684 ================================================================================
2011/05/16 22:05:43.0386 4684 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/05/16 22:05:43.0480 4684 acedrv09 (d8ca98e813d08e267e7e140bd22e073e) C:\Windows\system32\drivers\acedrv09.sys
2011/05/16 22:05:43.0589 4684 acehlp09 (f535d9cf9ab68df08d92aeb6d697ebdb) C:\Windows\system32\drivers\acehlp09.sys
2011/05/16 22:05:43.0683 4684 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
2011/05/16 22:05:43.0745 4684 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/05/16 22:05:43.0854 4684 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/05/16 22:05:43.0901 4684 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/05/16 22:05:43.0932 4684 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/05/16 22:05:44.0057 4684 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
2011/05/16 22:05:44.0166 4684 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
2011/05/16 22:05:44.0276 4684 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
2011/05/16 22:05:44.0385 4684 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
2011/05/16 22:05:44.0416 4684 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/05/16 22:05:44.0432 4684 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/05/16 22:05:44.0525 4684 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
2011/05/16 22:05:44.0619 4684 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/05/16 22:05:44.0681 4684 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
2011/05/16 22:05:44.0775 4684 AmUStor (391887990cdaa83de5c56c3fde966da1) C:\Windows\system32\drivers\AmUStor.SYS
2011/05/16 22:05:44.0915 4684 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
2011/05/16 22:05:44.0978 4684 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/05/16 22:05:45.0009 4684 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/05/16 22:05:45.0118 4684 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/05/16 22:05:45.0165 4684 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
2011/05/16 22:05:45.0290 4684 athr (70260c7c98cc0101316f5b2650c3bb44) C:\Windows\system32\DRIVERS\athrx.sys
2011/05/16 22:05:45.0492 4684 avgntflt (39c2e2870fc0c2ae0595b883cbe716b4) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/05/16 22:05:45.0539 4684 avipbb (c98fa6e5ad0e857d22716bd2b8b1f399) C:\Windows\system32\DRIVERS\avipbb.sys
2011/05/16 22:05:45.0664 4684 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/05/16 22:05:45.0726 4684 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/05/16 22:05:45.0867 4684 BCM43XX (fde8c8dc07e75347e4c6b455a0964217) C:\Windows\system32\DRIVERS\bcmwl664.sys
2011/05/16 22:05:46.0038 4684 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/05/16 22:05:46.0085 4684 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/05/16 22:05:46.0179 4684 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
2011/05/16 22:05:46.0241 4684 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/05/16 22:05:46.0257 4684 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/05/16 22:05:46.0319 4684 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\system32\DRIVERS\BrSerId.sys
2011/05/16 22:05:46.0350 4684 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/05/16 22:05:46.0397 4684 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/05/16 22:05:46.0413 4684 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\DRIVERS\BrUsbSer.sys
2011/05/16 22:05:46.0475 4684 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\DRIVERS\BthEnum.sys
2011/05/16 22:05:46.0522 4684 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/05/16 22:05:46.0584 4684 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
2011/05/16 22:05:46.0631 4684 BTHPORT (a51fa9d0e85d5adabef72e67f386309c) C:\Windows\system32\Drivers\BTHport.sys
2011/05/16 22:05:46.0709 4684 BTHUSB (f740b9a16b2c06700f2130e19986bf3b) C:\Windows\system32\Drivers\BTHUSB.sys
2011/05/16 22:05:46.0756 4684 btwampfl (380b798d30c56ede4af58619d0e86ccb) C:\Windows\system32\drivers\btwampfl.sys
2011/05/16 22:05:46.0803 4684 btwaudio (ba5622f5544c6c445dff1a05acc8b19d) C:\Windows\system32\drivers\btwaudio.sys
2011/05/16 22:05:46.0834 4684 btwavdt (a11905d0f4bd34771f195217b6aa5ae0) C:\Windows\system32\DRIVERS\btwavdt.sys
2011/05/16 22:05:46.0928 4684 btwl2cap (07096d2bc22ccb6cea5a532df0be8a75) C:\Windows\system32\DRIVERS\btwl2cap.sys
2011/05/16 22:05:46.0990 4684 btwrchid (bd776f32d64ec615be4563dc2747224e) C:\Windows\system32\DRIVERS\btwrchid.sys
2011/05/16 22:05:47.0084 4684 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/05/16 22:05:47.0130 4684 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
2011/05/16 22:05:47.0240 4684 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/05/16 22:05:47.0286 4684 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/05/16 22:05:47.0427 4684 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/05/16 22:05:47.0442 4684 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
2011/05/16 22:05:47.0489 4684 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
2011/05/16 22:05:47.0536 4684 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/05/16 22:05:47.0645 4684 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/05/16 22:05:47.0692 4684 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/05/16 22:05:47.0817 4684 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
2011/05/16 22:05:47.0864 4684 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/05/16 22:05:47.0910 4684 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/05/16 22:05:48.0004 4684 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/05/16 22:05:48.0082 4684 DXGKrnl (24ce1ecf9d0ae0301775b07f5fea175b) C:\Windows\System32\drivers\dxgkrnl.sys
2011/05/16 22:05:48.0238 4684 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/05/16 22:05:48.0441 4684 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/05/16 22:05:48.0503 4684 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
2011/05/16 22:05:48.0550 4684 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/05/16 22:05:48.0581 4684 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/05/16 22:05:48.0659 4684 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/05/16 22:05:48.0706 4684 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/05/16 22:05:48.0737 4684 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/05/16 22:05:48.0784 4684 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/05/16 22:05:48.0831 4684 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
2011/05/16 22:05:48.0862 4684 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/05/16 22:05:48.0893 4684 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/05/16 22:05:48.0924 4684 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
2011/05/16 22:05:49.0034 4684 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/05/16 22:05:49.0205 4684 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/05/16 22:05:49.0252 4684 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
2011/05/16 22:05:49.0314 4684 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/05/16 22:05:49.0377 4684 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
2011/05/16 22:05:49.0439 4684 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/05/16 22:05:49.0486 4684 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/05/16 22:05:49.0533 4684 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/05/16 22:05:49.0595 4684 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
2011/05/16 22:05:49.0689 4684 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/05/16 22:05:49.0767 4684 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
2011/05/16 22:05:49.0814 4684 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
2011/05/16 22:05:49.0907 4684 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/05/16 22:05:49.0970 4684 iaStor (abbf174cb394f5c437410a788b7e404a) C:\Windows\system32\DRIVERS\iaStor.sys
2011/05/16 22:05:50.0094 4684 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
2011/05/16 22:05:50.0422 4684 igfx (09ce164afa8483e41808784d7fca154e) C:\Windows\system32\DRIVERS\igdkmd64.sys
2011/05/16 22:05:50.0718 4684 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/05/16 22:05:50.0765 4684 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\DRIVERS\Impcd.sys
2011/05/16 22:05:50.0874 4684 IntcAzAudAddService (06b774e74f7e2b8ae903a70c45a03d61) C:\Windows\system32\drivers\RTKVHD64.sys
2011/05/16 22:05:51.0030 4684 IntcDAud (58cf58dee26c909bd6f977b61d246295) C:\Windows\system32\DRIVERS\IntcDAud.sys
2011/05/16 22:05:51.0108 4684 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
2011/05/16 22:05:51.0202 4684 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/05/16 22:05:51.0264 4684 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/05/16 22:05:51.0280 4684 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/05/16 22:05:51.0374 4684 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/05/16 22:05:51.0405 4684 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/05/16 22:05:51.0436 4684 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
2011/05/16 22:05:51.0467 4684 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/05/16 22:05:51.0545 4684 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/05/16 22:05:51.0592 4684 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/05/16 22:05:51.0623 4684 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
2011/05/16 22:05:51.0654 4684 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
2011/05/16 22:05:51.0717 4684 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/05/16 22:05:51.0842 4684 L1C (39918db0efcf045a1ce6fabbf339f975) C:\Windows\system32\DRIVERS\L1C62x64.sys
2011/05/16 22:05:51.0935 4684 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/05/16 22:05:52.0076 4684 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/05/16 22:05:52.0107 4684 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/05/16 22:05:52.0154 4684 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/05/16 22:05:52.0185 4684 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/05/16 22:05:52.0247 4684 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/05/16 22:05:52.0263 4684 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/05/16 22:05:52.0294 4684 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/05/16 22:05:52.0372 4684 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/05/16 22:05:52.0419 4684 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/05/16 22:05:52.0512 4684 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2011/05/16 22:05:52.0606 4684 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/05/16 22:05:52.0653 4684 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
2011/05/16 22:05:52.0700 4684 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
2011/05/16 22:05:52.0746 4684 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/05/16 22:05:52.0809 4684 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
2011/05/16 22:05:52.0856 4684 mrxsmb (b7f3d2c40bdf8ffb73ebfb19c77734e2) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/05/16 22:05:52.0902 4684 mrxsmb10 (86c6f88b5168ce21cf8d69d0b3ff5d19) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/05/16 22:05:52.0965 4684 mrxsmb20 (b081069251c8e9f42cb8769d07148f9c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/05/16 22:05:53.0027 4684 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
2011/05/16 22:05:53.0043 4684 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
2011/05/16 22:05:53.0136 4684 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/05/16 22:05:53.0230 4684 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/05/16 22:05:53.0246 4684 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/05/16 22:05:53.0292 4684 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/05/16 22:05:53.0324 4684 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/05/16 22:05:53.0402 4684 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/05/16 22:05:53.0448 4684 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
2011/05/16 22:05:53.0464 4684 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/05/16 22:05:53.0511 4684 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/05/16 22:05:53.0526 4684 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/05/16 22:05:53.0558 4684 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/05/16 22:05:53.0636 4684 mwlPSDFilter (6ffecc25b39dc7652a0cec0ada9db589) C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
2011/05/16 22:05:53.0667 4684 mwlPSDNServ (0befe32ca56d6ee89d58175725596a85) C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
2011/05/16 22:05:53.0698 4684 mwlPSDVDisk (d43bc633b8660463e446e28e14a51262) C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
2011/05/16 22:05:53.0823 4684 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/05/16 22:05:53.0916 4684 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
2011/05/16 22:05:54.0041 4684 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/05/16 22:05:54.0088 4684 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/05/16 22:05:54.0182 4684 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/05/16 22:05:54.0213 4684 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/05/16 22:05:54.0291 4684 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
2011/05/16 22:05:54.0338 4684 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/05/16 22:05:54.0369 4684 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
2011/05/16 22:05:54.0478 4684 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/05/16 22:05:54.0509 4684 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/05/16 22:05:54.0540 4684 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/05/16 22:05:54.0618 4684 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
2011/05/16 22:05:54.0790 4684 NTIDrvr (710263b44c1d1aee07525a53401fbe48) C:\Windows\system32\drivers\NTIDrvr.sys
2011/05/16 22:05:54.0852 4684 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/05/16 22:05:54.0899 4684 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
2011/05/16 22:05:54.0977 4684 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
2011/05/16 22:05:55.0024 4684 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/05/16 22:05:55.0133 4684 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/05/16 22:05:55.0180 4684 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/05/16 22:05:55.0196 4684 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
2011/05/16 22:05:55.0242 4684 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
2011/05/16 22:05:55.0274 4684 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
2011/05/16 22:05:55.0289 4684 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/05/16 22:05:55.0305 4684 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/05/16 22:05:55.0336 4684 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/05/16 22:05:55.0414 4684 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
2011/05/16 22:05:55.0430 4684 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/05/16 22:05:55.0476 4684 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
2011/05/16 22:05:55.0539 4684 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/05/16 22:05:55.0648 4684 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/05/16 22:05:55.0695 4684 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/05/16 22:05:55.0726 4684 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/05/16 22:05:55.0851 4684 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/05/16 22:05:55.0929 4684 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/05/16 22:05:55.0960 4684 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/05/16 22:05:55.0976 4684 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/05/16 22:05:56.0007 4684 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
2011/05/16 22:05:56.0022 4684 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/05/16 22:05:56.0054 4684 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/05/16 22:05:56.0132 4684 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/05/16 22:05:56.0194 4684 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/05/16 22:05:56.0225 4684 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
2011/05/16 22:05:56.0319 4684 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
2011/05/16 22:05:56.0444 4684 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
2011/05/16 22:05:56.0568 4684 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/05/16 22:05:56.0615 4684 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/05/16 22:05:56.0646 4684 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
2011/05/16 22:05:56.0709 4684 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/05/16 22:05:56.0787 4684 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/05/16 22:05:56.0849 4684 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/05/16 22:05:56.0943 4684 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/05/16 22:05:56.0974 4684 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/05/16 22:05:56.0990 4684 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/05/16 22:05:57.0005 4684 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/05/16 22:05:57.0021 4684 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/05/16 22:05:57.0146 4684 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/05/16 22:05:57.0161 4684 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/05/16 22:05:57.0192 4684 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/05/16 22:05:57.0302 4684 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/05/16 22:05:57.0473 4684 sptd (4b3f898dc1378ced2f35d04e5b0ce0df) C:\Windows\System32\Drivers\sptd.sys
2011/05/16 22:05:57.0473 4684 Suspicious file (NoAccess): C:\Windows\System32\Drivers\sptd.sys. md5: 4b3f898dc1378ced2f35d04e5b0ce0df
2011/05/16 22:05:57.0489 4684 sptd - detected LockedFile.Multi.Generic (1)
2011/05/16 22:05:57.0536 4684 srv (148d50904d2a0df29a19778715eb35bb) C:\Windows\system32\DRIVERS\srv.sys
2011/05/16 22:05:57.0567 4684 srv2 (ce2189fe31d36678ac9eb7ddee08ec96) C:\Windows\system32\DRIVERS\srv2.sys
2011/05/16 22:05:57.0614 4684 srvnet (cb69edeb069a49577592835659cd0e46) C:\Windows\system32\DRIVERS\srvnet.sys
2011/05/16 22:05:57.0676 4684 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/05/16 22:05:57.0707 4684 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
2011/05/16 22:05:57.0754 4684 SynTP (ed6d1424e5b0c21a57b28dd8508d6843) C:\Windows\system32\DRIVERS\SynTP.sys
2011/05/16 22:05:57.0910 4684 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys
2011/05/16 22:05:58.0082 4684 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys
2011/05/16 22:05:58.0144 4684 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
2011/05/16 22:05:58.0175 4684 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/05/16 22:05:58.0191 4684 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/05/16 22:05:58.0222 4684 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
2011/05/16 22:05:58.0253 4684 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
2011/05/16 22:05:58.0362 4684 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/05/16 22:05:58.0394 4684 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
2011/05/16 22:05:58.0425 4684 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/05/16 22:05:58.0472 4684 UBHelper (40079b0b801c5432ba435b5ad61ce6e3) C:\Windows\system32\drivers\UBHelper.sys
2011/05/16 22:05:58.0503 4684 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
2011/05/16 22:05:58.0581 4684 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/05/16 22:05:58.0612 4684 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
2011/05/16 22:05:58.0690 4684 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/05/16 22:05:58.0752 4684 usbccgp (537a4e03d7103c12d42dfd8ffdb5bdc9) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/05/16 22:05:58.0784 4684 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
2011/05/16 22:05:58.0862 4684 usbehci (fbb21ebe49f6d560db37ac25fbc68e66) C:\Windows\system32\drivers\usbehci.sys
2011/05/16 22:05:58.0908 4684 usbhub (6b7a8a99c4a459e73c286a6763ea24cc) C:\Windows\system32\DRIVERS\usbhub.sys
2011/05/16 22:05:58.0971 4684 usbohci (8c88aa7617b4cbc2e4bed61d26b33a27) C:\Windows\system32\drivers\usbohci.sys
2011/05/16 22:05:59.0033 4684 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/05/16 22:05:59.0127 4684 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
2011/05/16 22:05:59.0158 4684 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\drivers\USBSTOR.SYS
2011/05/16 22:05:59.0205 4684 usbuhci (0b5b3b2df3fd1709618acfa50b8392b0) C:\Windows\system32\drivers\usbuhci.sys
2011/05/16 22:05:59.0283 4684 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
2011/05/16 22:05:59.0345 4684 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/05/16 22:05:59.0376 4684 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/05/16 22:05:59.0392 4684 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/05/16 22:05:59.0423 4684 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/05/16 22:05:59.0439 4684 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
2011/05/16 22:05:59.0470 4684 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/05/16 22:05:59.0501 4684 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
2011/05/16 22:05:59.0517 4684 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
2011/05/16 22:05:59.0564 4684 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/05/16 22:05:59.0595 4684 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/05/16 22:05:59.0626 4684 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/05/16 22:05:59.0657 4684 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/05/16 22:05:59.0704 4684 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/16 22:05:59.0720 4684 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/16 22:05:59.0829 4684 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/05/16 22:05:59.0860 4684 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/05/16 22:06:00.0000 4684 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/05/16 22:06:00.0032 4684 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/05/16 22:06:00.0188 4684 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/05/16 22:06:00.0250 4684 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/05/16 22:06:00.0390 4684 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/05/16 22:06:00.0437 4684 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
2011/05/16 22:06:00.0468 4684 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/05/16 22:06:00.0562 4684 ================================================================================
2011/05/16 22:06:00.0562 4684 Scan finished
2011/05/16 22:06:00.0562 4684 ================================================================================
2011/05/16 22:06:00.0562 1672 Detected object count: 1
2011/05/16 22:09:31.0726 1672 HKLM\SYSTEM\ControlSet001\services\sptd - will be deleted after reboot
2011/05/16 22:09:31.0777 1672 HKLM\SYSTEM\ControlSet002\services\sptd - will be deleted after reboot
2011/05/16 22:09:31.0803 1672 C:\Windows\System32\Drivers\sptd.sys - will be deleted after reboot
2011/05/16 22:09:31.0803 1672 LockedFile.Multi.Generic(sptd) - User select action: Delete
2011/05/16 22:11:04.0834 5032 Deinitialize success

Ist nur SPTD, ein treiber, der auch zB von Daemontools installiert wird.

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.

http://saved.im/mtm0nzyzmzd5/cofi.jpg

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

voila! Das logfile. Was hat dieses Programm eigentlich gemacht?

2011/05/16 22:03:53.0030 2204 TDSS rootkit removing tool 2.5.1.0 May 13 2011 13:20:29
2011/05/16 22:03:53.0226 2204 ================================================================================
2011/05/16 22:03:53.0226 2204 SystemInfo:
2011/05/16 22:03:53.0226 2204
2011/05/16 22:03:53.0226 2204 OS Version: 6.1.7600 ServicePack: 0.0
2011/05/16 22:03:53.0226 2204 Product type: Workstation
2011/05/16 22:03:53.0226 2204 ComputerName: FRANZISKA-PC
2011/05/16 22:03:53.0226 2204 UserName: Franziska
2011/05/16 22:03:53.0226 2204 Windows directory: C:\Windows
2011/05/16 22:03:53.0226 2204 System windows directory: C:\Windows
2011/05/16 22:03:53.0226 2204 Running under WOW64
2011/05/16 22:03:53.0226 2204 Processor architecture: Intel x64
2011/05/16 22:03:53.0226 2204 Number of processors: 4
2011/05/16 22:03:53.0226 2204 Page size: 0x1000
2011/05/16 22:03:53.0226 2204 Boot type: Normal boot
2011/05/16 22:03:53.0226 2204 ================================================================================
2011/05/16 22:03:53.0551 2204 Initialize success
2011/05/16 22:05:42.0981 4684 ================================================================================
2011/05/16 22:05:42.0981 4684 Scan started
2011/05/16 22:05:42.0981 4684 Mode: Manual;
2011/05/16 22:05:42.0981 4684 ================================================================================
2011/05/16 22:05:43.0386 4684 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/05/16 22:05:43.0480 4684 acedrv09 (d8ca98e813d08e267e7e140bd22e073e) C:\Windows\system32\drivers\acedrv09.sys
2011/05/16 22:05:43.0589 4684 acehlp09 (f535d9cf9ab68df08d92aeb6d697ebdb) C:\Windows\system32\drivers\acehlp09.sys
2011/05/16 22:05:43.0683 4684 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
2011/05/16 22:05:43.0745 4684 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/05/16 22:05:43.0854 4684 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/05/16 22:05:43.0901 4684 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/05/16 22:05:43.0932 4684 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/05/16 22:05:44.0057 4684 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
2011/05/16 22:05:44.0166 4684 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
2011/05/16 22:05:44.0276 4684 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
2011/05/16 22:05:44.0385 4684 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
2011/05/16 22:05:44.0416 4684 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/05/16 22:05:44.0432 4684 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/05/16 22:05:44.0525 4684 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
2011/05/16 22:05:44.0619 4684 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/05/16 22:05:44.0681 4684 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
2011/05/16 22:05:44.0775 4684 AmUStor (391887990cdaa83de5c56c3fde966da1) C:\Windows\system32\drivers\AmUStor.SYS
2011/05/16 22:05:44.0915 4684 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
2011/05/16 22:05:44.0978 4684 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/05/16 22:05:45.0009 4684 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/05/16 22:05:45.0118 4684 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/05/16 22:05:45.0165 4684 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
2011/05/16 22:05:45.0290 4684 athr (70260c7c98cc0101316f5b2650c3bb44) C:\Windows\system32\DRIVERS\athrx.sys
2011/05/16 22:05:45.0492 4684 avgntflt (39c2e2870fc0c2ae0595b883cbe716b4) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/05/16 22:05:45.0539 4684 avipbb (c98fa6e5ad0e857d22716bd2b8b1f399) C:\Windows\system32\DRIVERS\avipbb.sys
2011/05/16 22:05:45.0664 4684 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/05/16 22:05:45.0726 4684 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/05/16 22:05:45.0867 4684 BCM43XX (fde8c8dc07e75347e4c6b455a0964217) C:\Windows\system32\DRIVERS\bcmwl664.sys
2011/05/16 22:05:46.0038 4684 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/05/16 22:05:46.0085 4684 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/05/16 22:05:46.0179 4684 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
2011/05/16 22:05:46.0241 4684 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/05/16 22:05:46.0257 4684 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/05/16 22:05:46.0319 4684 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\system32\DRIVERS\BrSerId.sys
2011/05/16 22:05:46.0350 4684 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/05/16 22:05:46.0397 4684 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/05/16 22:05:46.0413 4684 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\DRIVERS\BrUsbSer.sys
2011/05/16 22:05:46.0475 4684 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\DRIVERS\BthEnum.sys
2011/05/16 22:05:46.0522 4684 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/05/16 22:05:46.0584 4684 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
2011/05/16 22:05:46.0631 4684 BTHPORT (a51fa9d0e85d5adabef72e67f386309c) C:\Windows\system32\Drivers\BTHport.sys
2011/05/16 22:05:46.0709 4684 BTHUSB (f740b9a16b2c06700f2130e19986bf3b) C:\Windows\system32\Drivers\BTHUSB.sys
2011/05/16 22:05:46.0756 4684 btwampfl (380b798d30c56ede4af58619d0e86ccb) C:\Windows\system32\drivers\btwampfl.sys
2011/05/16 22:05:46.0803 4684 btwaudio (ba5622f5544c6c445dff1a05acc8b19d) C:\Windows\system32\drivers\btwaudio.sys
2011/05/16 22:05:46.0834 4684 btwavdt (a11905d0f4bd34771f195217b6aa5ae0) C:\Windows\system32\DRIVERS\btwavdt.sys
2011/05/16 22:05:46.0928 4684 btwl2cap (07096d2bc22ccb6cea5a532df0be8a75) C:\Windows\system32\DRIVERS\btwl2cap.sys
2011/05/16 22:05:46.0990 4684 btwrchid (bd776f32d64ec615be4563dc2747224e) C:\Windows\system32\DRIVERS\btwrchid.sys
2011/05/16 22:05:47.0084 4684 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/05/16 22:05:47.0130 4684 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
2011/05/16 22:05:47.0240 4684 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/05/16 22:05:47.0286 4684 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/05/16 22:05:47.0427 4684 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/05/16 22:05:47.0442 4684 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
2011/05/16 22:05:47.0489 4684 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
2011/05/16 22:05:47.0536 4684 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/05/16 22:05:47.0645 4684 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/05/16 22:05:47.0692 4684 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/05/16 22:05:47.0817 4684 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
2011/05/16 22:05:47.0864 4684 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/05/16 22:05:47.0910 4684 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/05/16 22:05:48.0004 4684 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/05/16 22:05:48.0082 4684 DXGKrnl (24ce1ecf9d0ae0301775b07f5fea175b) C:\Windows\System32\drivers\dxgkrnl.sys
2011/05/16 22:05:48.0238 4684 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/05/16 22:05:48.0441 4684 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/05/16 22:05:48.0503 4684 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
2011/05/16 22:05:48.0550 4684 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/05/16 22:05:48.0581 4684 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/05/16 22:05:48.0659 4684 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/05/16 22:05:48.0706 4684 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/05/16 22:05:48.0737 4684 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/05/16 22:05:48.0784 4684 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/05/16 22:05:48.0831 4684 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
2011/05/16 22:05:48.0862 4684 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/05/16 22:05:48.0893 4684 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/05/16 22:05:48.0924 4684 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
2011/05/16 22:05:49.0034 4684 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/05/16 22:05:49.0205 4684 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/05/16 22:05:49.0252 4684 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
2011/05/16 22:05:49.0314 4684 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/05/16 22:05:49.0377 4684 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
2011/05/16 22:05:49.0439 4684 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/05/16 22:05:49.0486 4684 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/05/16 22:05:49.0533 4684 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/05/16 22:05:49.0595 4684 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
2011/05/16 22:05:49.0689 4684 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/05/16 22:05:49.0767 4684 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
2011/05/16 22:05:49.0814 4684 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
2011/05/16 22:05:49.0907 4684 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/05/16 22:05:49.0970 4684 iaStor (abbf174cb394f5c437410a788b7e404a) C:\Windows\system32\DRIVERS\iaStor.sys
2011/05/16 22:05:50.0094 4684 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
2011/05/16 22:05:50.0422 4684 igfx (09ce164afa8483e41808784d7fca154e) C:\Windows\system32\DRIVERS\igdkmd64.sys
2011/05/16 22:05:50.0718 4684 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/05/16 22:05:50.0765 4684 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\DRIVERS\Impcd.sys
2011/05/16 22:05:50.0874 4684 IntcAzAudAddService (06b774e74f7e2b8ae903a70c45a03d61) C:\Windows\system32\drivers\RTKVHD64.sys
2011/05/16 22:05:51.0030 4684 IntcDAud (58cf58dee26c909bd6f977b61d246295) C:\Windows\system32\DRIVERS\IntcDAud.sys
2011/05/16 22:05:51.0108 4684 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
2011/05/16 22:05:51.0202 4684 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/05/16 22:05:51.0264 4684 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/05/16 22:05:51.0280 4684 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/05/16 22:05:51.0374 4684 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/05/16 22:05:51.0405 4684 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/05/16 22:05:51.0436 4684 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
2011/05/16 22:05:51.0467 4684 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/05/16 22:05:51.0545 4684 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/05/16 22:05:51.0592 4684 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/05/16 22:05:51.0623 4684 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
2011/05/16 22:05:51.0654 4684 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
2011/05/16 22:05:51.0717 4684 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/05/16 22:05:51.0842 4684 L1C (39918db0efcf045a1ce6fabbf339f975) C:\Windows\system32\DRIVERS\L1C62x64.sys
2011/05/16 22:05:51.0935 4684 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/05/16 22:05:52.0076 4684 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/05/16 22:05:52.0107 4684 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/05/16 22:05:52.0154 4684 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/05/16 22:05:52.0185 4684 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/05/16 22:05:52.0247 4684 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/05/16 22:05:52.0263 4684 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/05/16 22:05:52.0294 4684 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/05/16 22:05:52.0372 4684 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/05/16 22:05:52.0419 4684 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/05/16 22:05:52.0512 4684 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2011/05/16 22:05:52.0606 4684 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/05/16 22:05:52.0653 4684 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
2011/05/16 22:05:52.0700 4684 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
2011/05/16 22:05:52.0746 4684 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/05/16 22:05:52.0809 4684 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
2011/05/16 22:05:52.0856 4684 mrxsmb (b7f3d2c40bdf8ffb73ebfb19c77734e2) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/05/16 22:05:52.0902 4684 mrxsmb10 (86c6f88b5168ce21cf8d69d0b3ff5d19) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/05/16 22:05:52.0965 4684 mrxsmb20 (b081069251c8e9f42cb8769d07148f9c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/05/16 22:05:53.0027 4684 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
2011/05/16 22:05:53.0043 4684 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
2011/05/16 22:05:53.0136 4684 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/05/16 22:05:53.0230 4684 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/05/16 22:05:53.0246 4684 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/05/16 22:05:53.0292 4684 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/05/16 22:05:53.0324 4684 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/05/16 22:05:53.0402 4684 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/05/16 22:05:53.0448 4684 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
2011/05/16 22:05:53.0464 4684 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/05/16 22:05:53.0511 4684 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/05/16 22:05:53.0526 4684 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/05/16 22:05:53.0558 4684 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/05/16 22:05:53.0636 4684 mwlPSDFilter (6ffecc25b39dc7652a0cec0ada9db589) C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
2011/05/16 22:05:53.0667 4684 mwlPSDNServ (0befe32ca56d6ee89d58175725596a85) C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
2011/05/16 22:05:53.0698 4684 mwlPSDVDisk (d43bc633b8660463e446e28e14a51262) C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
2011/05/16 22:05:53.0823 4684 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/05/16 22:05:53.0916 4684 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
2011/05/16 22:05:54.0041 4684 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/05/16 22:05:54.0088 4684 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/05/16 22:05:54.0182 4684 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/05/16 22:05:54.0213 4684 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/05/16 22:05:54.0291 4684 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
2011/05/16 22:05:54.0338 4684 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/05/16 22:05:54.0369 4684 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
2011/05/16 22:05:54.0478 4684 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/05/16 22:05:54.0509 4684 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/05/16 22:05:54.0540 4684 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/05/16 22:05:54.0618 4684 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
2011/05/16 22:05:54.0790 4684 NTIDrvr (710263b44c1d1aee07525a53401fbe48) C:\Windows\system32\drivers\NTIDrvr.sys
2011/05/16 22:05:54.0852 4684 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/05/16 22:05:54.0899 4684 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
2011/05/16 22:05:54.0977 4684 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
2011/05/16 22:05:55.0024 4684 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/05/16 22:05:55.0133 4684 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/05/16 22:05:55.0180 4684 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/05/16 22:05:55.0196 4684 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
2011/05/16 22:05:55.0242 4684 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
2011/05/16 22:05:55.0274 4684 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
2011/05/16 22:05:55.0289 4684 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/05/16 22:05:55.0305 4684 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/05/16 22:05:55.0336 4684 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/05/16 22:05:55.0414 4684 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
2011/05/16 22:05:55.0430 4684 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/05/16 22:05:55.0476 4684 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
2011/05/16 22:05:55.0539 4684 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/05/16 22:05:55.0648 4684 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/05/16 22:05:55.0695 4684 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/05/16 22:05:55.0726 4684 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/05/16 22:05:55.0851 4684 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/05/16 22:05:55.0929 4684 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/05/16 22:05:55.0960 4684 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/05/16 22:05:55.0976 4684 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/05/16 22:05:56.0007 4684 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
2011/05/16 22:05:56.0022 4684 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/05/16 22:05:56.0054 4684 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/05/16 22:05:56.0132 4684 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/05/16 22:05:56.0194 4684 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/05/16 22:05:56.0225 4684 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
2011/05/16 22:05:56.0319 4684 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
2011/05/16 22:05:56.0444 4684 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
2011/05/16 22:05:56.0568 4684 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/05/16 22:05:56.0615 4684 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/05/16 22:05:56.0646 4684 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
2011/05/16 22:05:56.0709 4684 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/05/16 22:05:56.0787 4684 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/05/16 22:05:56.0849 4684 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/05/16 22:05:56.0943 4684 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/05/16 22:05:56.0974 4684 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/05/16 22:05:56.0990 4684 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/05/16 22:05:57.0005 4684 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/05/16 22:05:57.0021 4684 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/05/16 22:05:57.0146 4684 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/05/16 22:05:57.0161 4684 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/05/16 22:05:57.0192 4684 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/05/16 22:05:57.0302 4684 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/05/16 22:05:57.0473 4684 sptd (4b3f898dc1378ced2f35d04e5b0ce0df) C:\Windows\System32\Drivers\sptd.sys
2011/05/16 22:05:57.0473 4684 Suspicious file (NoAccess): C:\Windows\System32\Drivers\sptd.sys. md5: 4b3f898dc1378ced2f35d04e5b0ce0df
2011/05/16 22:05:57.0489 4684 sptd - detected LockedFile.Multi.Generic (1)
2011/05/16 22:05:57.0536 4684 srv (148d50904d2a0df29a19778715eb35bb) C:\Windows\system32\DRIVERS\srv.sys
2011/05/16 22:05:57.0567 4684 srv2 (ce2189fe31d36678ac9eb7ddee08ec96) C:\Windows\system32\DRIVERS\srv2.sys
2011/05/16 22:05:57.0614 4684 srvnet (cb69edeb069a49577592835659cd0e46) C:\Windows\system32\DRIVERS\srvnet.sys
2011/05/16 22:05:57.0676 4684 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/05/16 22:05:57.0707 4684 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
2011/05/16 22:05:57.0754 4684 SynTP (ed6d1424e5b0c21a57b28dd8508d6843) C:\Windows\system32\DRIVERS\SynTP.sys
2011/05/16 22:05:57.0910 4684 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys
2011/05/16 22:05:58.0082 4684 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys
2011/05/16 22:05:58.0144 4684 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
2011/05/16 22:05:58.0175 4684 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/05/16 22:05:58.0191 4684 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/05/16 22:05:58.0222 4684 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
2011/05/16 22:05:58.0253 4684 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
2011/05/16 22:05:58.0362 4684 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/05/16 22:05:58.0394 4684 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
2011/05/16 22:05:58.0425 4684 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/05/16 22:05:58.0472 4684 UBHelper (40079b0b801c5432ba435b5ad61ce6e3) C:\Windows\system32\drivers\UBHelper.sys
2011/05/16 22:05:58.0503 4684 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
2011/05/16 22:05:58.0581 4684 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/05/16 22:05:58.0612 4684 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
2011/05/16 22:05:58.0690 4684 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/05/16 22:05:58.0752 4684 usbccgp (537a4e03d7103c12d42dfd8ffdb5bdc9) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/05/16 22:05:58.0784 4684 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
2011/05/16 22:05:58.0862 4684 usbehci (fbb21ebe49f6d560db37ac25fbc68e66) C:\Windows\system32\drivers\usbehci.sys
2011/05/16 22:05:58.0908 4684 usbhub (6b7a8a99c4a459e73c286a6763ea24cc) C:\Windows\system32\DRIVERS\usbhub.sys
2011/05/16 22:05:58.0971 4684 usbohci (8c88aa7617b4cbc2e4bed61d26b33a27) C:\Windows\system32\drivers\usbohci.sys
2011/05/16 22:05:59.0033 4684 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/05/16 22:05:59.0127 4684 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
2011/05/16 22:05:59.0158 4684 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\drivers\USBSTOR.SYS
2011/05/16 22:05:59.0205 4684 usbuhci (0b5b3b2df3fd1709618acfa50b8392b0) C:\Windows\system32\drivers\usbuhci.sys
2011/05/16 22:05:59.0283 4684 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
2011/05/16 22:05:59.0345 4684 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/05/16 22:05:59.0376 4684 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/05/16 22:05:59.0392 4684 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/05/16 22:05:59.0423 4684 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/05/16 22:05:59.0439 4684 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
2011/05/16 22:05:59.0470 4684 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/05/16 22:05:59.0501 4684 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
2011/05/16 22:05:59.0517 4684 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
2011/05/16 22:05:59.0564 4684 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/05/16 22:05:59.0595 4684 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/05/16 22:05:59.0626 4684 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/05/16 22:05:59.0657 4684 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/05/16 22:05:59.0704 4684 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/16 22:05:59.0720 4684 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/16 22:05:59.0829 4684 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/05/16 22:05:59.0860 4684 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/05/16 22:06:00.0000 4684 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/05/16 22:06:00.0032 4684 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/05/16 22:06:00.0188 4684 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/05/16 22:06:00.0250 4684 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/05/16 22:06:00.0390 4684 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/05/16 22:06:00.0437 4684 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
2011/05/16 22:06:00.0468 4684 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/05/16 22:06:00.0562 4684 ================================================================================
2011/05/16 22:06:00.0562 4684 Scan finished
2011/05/16 22:06:00.0562 4684 ================================================================================
2011/05/16 22:06:00.0562 1672 Detected object count: 1
2011/05/16 22:09:31.0726 1672 HKLM\SYSTEM\ControlSet001\services\sptd - will be deleted after reboot
2011/05/16 22:09:31.0777 1672 HKLM\SYSTEM\ControlSet002\services\sptd - will be deleted after reboot
2011/05/16 22:09:31.0803 1672 C:\Windows\System32\Drivers\sptd.sys - will be deleted after reboot
2011/05/16 22:09:31.0803 1672 LockedFile.Multi.Generic(sptd) - User select action: Delete
2011/05/16 22:11:04.0834 5032 Deinitialize success