Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   google links werden umgeleitet (https://www.trojaner-board.de/96563-google-links-umgeleitet.html)

seeti 16.03.2011 15:10
google links werden umgeleitet
 
Hallo zusammen,

Ich habe seit neustem o.g. Problem. Bei einem Klick auf ein Item aus der Liste an Suchergebnissen werden von Zeit zu Zeit (für mich kein regelhaftes Muster erkennbar) dubiose Seiten geöffnet.
Ich habe gelesen, dass bereits andere User ähnliche Probleme haben - bin mir jedoch nicht sicher in wie fern Lösungsansätze zu individualisieren sind.

Hier die Logs von HijackThis:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:02:23, on 16.03.2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16722)
Boot mode: Normal

Running processes:
C:\Windows\vVX1000.exe
C:\Program Files (x86)\Common Files\TerraTec\Remote\TTTvRc.exe
C:\Program Files (x86)\avmwlanstick\WLanGUI.exe
E:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
E:\Program Files\hijackthis\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: TerraTec Home Cinema - {AD6E6555-FB2C-47D4-8339-3E2965509877} - E:\PROGRA~1\TerraTec\TERRAT~1\THCDES~1.DLL
O4 - HKLM\..\Run: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\wlangui.exe
O4 - HKLM\..\Run: [avgnt] "E:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Remote Control Editor] "C:\Program Files (x86)\Common Files\TerraTec\Remote\TTTvRc.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Dropbox.lnk = NAME\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk = E:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
O8 - Extra context menu item: An OneNote s&enden - res://E:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Append to existing PDF - res://E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://E:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - E:\Program Files\icq\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - E:\Program Files\icq\ICQ7.2\ICQ.exe
O9 - Extra button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - E:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - E:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: AVM WLAN Connection Service - AVM Berlin - C:\Program Files (x86)\avmwlanstick\WlanNetService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files (x86)\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - E:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: Cisco AnyConnect VPN Agent (vpnagent) - Cisco Systems, Inc. - C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11028 bytes


Und Malwarebyte's Antimalware:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6067

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

16.03.2011 13:35:12
mbam-log-2011-03-16 (13-35-12).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 264996
Laufzeit: 19 Minute(n), 12 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Ich bin über jeden Ratschlag dankbar!!
Herzlichen Dank für Ihre Bemühungen im Vorfeld

cosinus 16.03.2011 16:26
http://www.trojaner-board.de/images/icons/icon4.gif Bitte beachten http://www.trojaner-board.de/images/icons/icon4.gif => http://www.trojaner-board.de/95173-b...es-posten.html und http://www.trojaner-board.de/69886-a...-beachten.html

seeti 16.03.2011 18:06
sorry dafür. habe ich wohl missverstanden.

hier die beiden otl Logs:

OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\NAME\Desktop
64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 68,00% Memory free
8,00 Gb Paging File | 7,00 Gb Available in Paging File | 82,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 39,06 Gb Total Space | 14,56 Gb Free Space | 37,29% Space Free | Partition Type: NTFS
Drive D: | 115,04 Gb Total Space | 40,69 Gb Free Space | 35,37% Space Free | Partition Type: NTFS
Drive E: | 97,65 Gb Total Space | 80,28 Gb Free Space | 82,21% Space Free | Partition Type: NTFS
Drive F: | 161,37 Gb Total Space | 161,28 Gb Free Space | 99,94% Space Free | Partition Type: NTFS
Drive I: | 931,51 Gb Total Space | 222,95 Gb Free Space | 23,93% Space Free | Partition Type: NTFS

Computer Name: SEETI | User Name: NAME | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011.03.16 17:43:58 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\NAME\Desktop\OTL.exe
PRC - [2011.03.06 10:35:46 | 000,912,344 | ---- | M] (Mozilla Corporation) -- E:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011.02.11 16:41:29 | 000,603,896 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
PRC - [2010.12.17 03:24:30 | 023,343,848 | ---- | M] (Dropbox, Inc.) -- C:\Users\NAME\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2010.12.12 18:01:56 | 000,281,768 | ---- | M] (Avira GmbH) -- E:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.12.12 18:01:56 | 000,267,944 | ---- | M] (Avira GmbH) -- E:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010.12.12 18:01:56 | 000,135,336 | ---- | M] (Avira GmbH) -- E:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010.09.13 16:01:34 | 001,695,816 | ---- | M] (Elgato Systems) -- C:\Program Files (x86)\Common Files\TerraTec\Remote\TTTvRc.exe
PRC - [2010.05.20 15:26:28 | 000,762,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\vVX1000.exe
PRC - [2009.03.20 01:03:00 | 001,904,640 | ---- | M] (AVM Berlin) -- C:\Program Files (x86)\avmwlanstick\WLanGUI.exe
PRC - [2009.03.20 01:03:00 | 000,368,640 | ---- | M] (AVM Berlin) -- C:\Program Files (x86)\avmwlanstick\WLanNetService.exe


========== Modules (SafeList) ==========

MOD - [2011.03.16 17:43:58 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\NAME\Desktop\OTL.exe
MOD - [2010.08.21 06:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2010.07.22 18:06:03 | 000,159,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.4148_none_51ca66a2bbe76806\ATL90.dll
MOD - [2010.01.30 01:41:12 | 004,254,560 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2009.06.10 22:14:56 | 000,652,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4926_none_508ed732bcbc0e5a\msvcr90.dll
MOD - [2009.06.10 22:14:54 | 000,569,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4926_none_508ed732bcbc0e5a\msvcp90.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010.05.20 15:26:28 | 000,199,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc)
SRV:64bit: - [2009.08.18 01:36:20 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009.07.14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011.02.11 16:41:29 | 000,603,896 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
SRV - [2010.12.12 18:01:56 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- E:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.12.12 18:01:56 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- E:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.07.23 10:04:06 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010.06.25 18:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2010.03.25 09:41:00 | 051,456,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- E:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.03.20 01:03:00 | 000,368,640 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Program Files (x86)\avmwlanstick\WLanNetService.exe -- (AVM WLAN Connection Service)
SRV - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Stopped] -- E:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2003.04.18 18:06:26 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\srvany.exe -- (KMService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010.12.12 18:01:56 | 000,083,120 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2010.10.21 19:20:39 | 000,022,752 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpnva64.sys -- (vpnva)
DRV:64bit: - [2010.07.22 23:52:58 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010.07.22 12:37:32 | 000,125,888 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AnyDVD.sys -- (AnyDVD)
DRV:64bit: - [2010.06.25 18:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2010.05.20 15:26:28 | 002,060,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VX1000.sys -- (VX1000)
DRV:64bit: - [2010.03.02 12:35:01 | 000,116,568 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2010.01.01 18:20:28 | 000,034,472 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2009.08.18 02:48:48 | 006,037,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009.07.14 02:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009.07.14 02:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:09:02 | 000,120,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\irda.sys -- (irda)
DRV:64bit: - [2009.06.10 21:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009.06.10 21:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.03.20 01:03:00 | 000,460,800 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\fwlanusb.sys -- (FWLANUSB)
DRV:64bit: - [2009.03.20 01:03:00 | 000,014,120 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avmeject.sys -- (avmeject)
DRV:64bit: - [2009.01.13 14:08:36 | 000,068,776 | ---- | M] (Sony Ericsson) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SE1008mdm_x64.sys -- (SE1008mdm)
DRV:64bit: - [2008.05.16 11:33:06 | 000,158,760 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016mdm.sys -- (s0016mdm)
DRV:64bit: - [2008.05.16 11:33:06 | 000,151,592 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016unic.sys -- (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM)
DRV:64bit: - [2008.05.16 11:33:06 | 000,137,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016mgmt.sys -- (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM)
DRV:64bit: - [2008.05.16 11:33:06 | 000,136,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016obex.sys -- (s0016obex)
DRV:64bit: - [2008.05.16 11:33:06 | 000,034,344 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016nd5.sys -- (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS)
DRV:64bit: - [2008.05.16 11:33:04 | 000,019,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016mdfl.sys -- (s0016mdfl)
DRV:64bit: - [2008.05.16 11:32:56 | 000,115,240 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016bus.sys -- (s0016bus) Sony Ericsson Device 0016 driver (WDM)
DRV:64bit: - [2008.01.19 05:36:12 | 000,027,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\irsir.sys -- (irsir)
DRV:64bit: - [2006.11.21 14:03:10 | 000,046,496 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\emOEM64.sys -- (USB28xxOEM)
DRV:64bit: - [2006.11.21 14:02:56 | 000,466,720 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\emBDA64.sys -- (USB28xxBGA)
DRV - [2010.07.22 12:37:32 | 000,125,888 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2005.02.02 00:21:04 | 000,014,408 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "hxxp://www.psychologie.uni-mannheim.de/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..keyword.URL: "hxxp://start.facemoods.com/results.php?f=5&a=ddr&q="

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.7\extensions\\Components: E:\Program Files\Mozilla Firefox\components [2011.03.06 10:35:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.7\extensions\\Plugins: E:\Program Files\Mozilla Firefox\plugins [2011.03.06 10:35:47 | 000,000,000 | ---D | M]

[2010.07.22 17:53:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\NAME\AppData\Roaming\Mozilla\Extensions
[2011.01.26 13:40:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\NAME\AppData\Roaming\Mozilla\Firefox\Profiles\422bmj2o.default\extensions
[2010.08.06 16:52:00 | 000,000,000 | ---D | M] (Java Console) -- E:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.12.08 19:55:23 | 000,000,000 | ---D | M] (Java Console) -- E:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010.12.16 10:07:57 | 000,000,000 | ---D | M] (Java Console) -- E:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2010.12.13 13:36:54 | 000,002,035 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\fcmdSrchddr.xml

O1 HOSTS File: ([2011.03.16 11:43:29 | 000,431,056 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 14834 more lines...
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - E:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (TerraTec Home Cinema) - {AD6E6555-FB2C-47D4-8339-3E2965509877} - E:\Program Files\TerraTec\TerraTec Home Cinema\ThcDeskBand.dll (TerraTec Electronic GmbH)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [BCSSync] E:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [VX1000] C:\Windows\vVX1000.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avgnt] E:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\WLanGUI.exe (AVM Berlin)
O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [Remote Control Editor] C:\Program Files (x86)\Common Files\TerraTec\Remote\TTTvRc.exe (Elgato Systems)
O4 - Startup: C:\Users\NAME\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\NAME\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\NAME\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk = E:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: An OneNote s&enden - E:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8:64bit: - Extra context menu item: Append to existing PDF - E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to Adobe PDF - E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to existing PDF - E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selected links to Adobe PDF - E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selected links to existing PDF - E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selection to Adobe PDF - E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selection to existing PDF - E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - E:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: An OneNote s&enden - E:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Append to existing PDF - E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - E:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - E:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - E:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - E:\Program Files\icq\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - E:\Program Files\icq\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Local intranet)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - E:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - Unable to obtain root file information for disk I:\
O33 - MountPoints2\{8d48f34a-95ab-11df-8ef8-0019666db5fc}\Shell - "" = AutoRun
O33 - MountPoints2\{8d48f34a-95ab-11df-8ef8-0019666db5fc}\Shell\AutoRun\command - "" = I:\pushinst.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk - C:\Windows\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Acrobat.exe - ()
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat Synchronizer.lnk - E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe - ()
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk - - File not found
MsConfig:64bit - StartUpFolder: C:^Users^NAME^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk - E:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE - (Microsoft Corporation)
MsConfig:64bit - StartUpReg: Acrobat Assistant 8.0 - hkey= - key= - E:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
MsConfig:64bit - StartUpReg: DAEMON Tools Lite - hkey= - key= - E:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
MsConfig:64bit - StartUpReg: DivX Download Manager - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: DivXUpdate - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: iTunesHelper - hkey= - key= - E:\Program Files\itunes\iTunesHelper.exe (Apple Computer, Inc.)
MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\qttask.exe (Apple Computer, Inc.)
MsConfig:64bit - StartUpReg: Remote Control Editor - hkey= - key= - C:\Program Files (x86)\Common Files\TerraTec\Remote\TTTvRc.exe (Elgato Systems)
MsConfig:64bit - StartUpReg: Skype - hkey= - key= - C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig:64bit - State: "startup" - Reg Error: Key error.
MsConfig:64bit - State: "services" - Reg Error: Key error.

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2011.03.16 17:48:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011.03.16 17:48:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2011.03.16 17:43:54 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\NAME\Desktop\Erunt-setup.exe
[2011.03.16 17:43:54 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\NAME\Desktop\OTL.exe
[2011.03.16 17:43:54 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\NAME\Desktop\TFC.exe
[2011.03.16 15:02:53 | 000,000,000 | ---D | C] -- C:\Users\NAME\Desktop\logs
[2011.03.16 13:40:58 | 000,000,000 | ---D | C] -- C:\Users\NAME\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011.03.16 12:39:22 | 002,832,544 | ---- | C] (Adobe Systems, Inc.) -- C:\Users\NAME\Desktop\install_flash_player.exe
[2011.03.09 23:52:28 | 001,540,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2011.03.09 23:52:28 | 001,074,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DWrite.dll
[2011.03.09 23:52:27 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2011.03.09 23:52:27 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d2d1.dll
[2011.03.09 23:52:26 | 000,961,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll
[2011.03.09 23:52:26 | 000,723,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll
[2011.03.09 23:52:26 | 000,642,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll
[2011.03.09 23:52:25 | 001,118,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sbe.dll
[2011.03.09 23:52:25 | 000,850,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sbe.dll
[2011.03.09 23:52:25 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
[2011.03.09 23:52:25 | 000,259,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax
[2011.03.09 23:52:25 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax
[2011.03.09 23:52:24 | 003,138,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2011.03.09 23:52:24 | 002,690,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2011.03.09 23:52:24 | 001,097,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe
[2011.03.09 23:52:24 | 001,034,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe
[2011.03.09 13:23:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco
[2011.03.04 17:34:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ResearchSoft
[2011.03.04 17:33:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EndNote
[2011.03.04 10:30:57 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011.03.04 10:30:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.02.23 09:46:28 | 000,662,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2011.02.23 09:46:28 | 000,475,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2011.02.23 09:46:28 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2011.02.23 09:46:28 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2011.02.16 00:33:05 | 000,000,000 | ---D | C] -- C:\Users\NAME\Desktop\Keimzeit

========== Files - Modified Within 30 Days ==========

[2011.03.16 17:48:03 | 000,000,928 | ---- | M] () -- C:\Users\NAME\Desktop\NTREGOPT.lnk
[2011.03.16 17:48:03 | 000,000,909 | ---- | M] () -- C:\Users\NAME\Desktop\ERUNT.lnk
[2011.03.16 17:45:53 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.03.16 17:45:50 | 000,000,308 | -HS- | M] () -- C:\Windows\tasks\bsuvenra.job
[2011.03.16 17:45:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.03.16 17:45:36 | 3220,619,264 | -HS- | M] () -- C:\hiberfil.sys
[2011.03.16 17:44:41 | 000,020,512 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.03.16 17:44:41 | 000,020,512 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.03.16 17:44:05 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\NAME\Desktop\Erunt-setup.exe
[2011.03.16 17:43:58 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\NAME\Desktop\OTL.exe
[2011.03.16 17:43:57 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\NAME\Desktop\TFC.exe
[2011.03.16 17:42:16 | 000,742,874 | ---- | M] () -- C:\Users\NAME\Desktop\Load.exe
[2011.03.16 17:41:43 | 000,730,320 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.03.16 17:41:43 | 000,618,714 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.03.16 17:41:43 | 000,107,034 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.03.16 14:56:00 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.03.16 13:40:58 | 000,002,975 | ---- | M] () -- C:\Users\NAME\Desktop\HiJackThis.lnk
[2011.03.16 13:40:26 | 001,402,880 | ---- | M] () -- C:\Users\NAME\Desktop\HijackThis.msi
[2011.03.16 12:46:10 | 002,832,544 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\NAME\Desktop\install_flash_player.exe
[2011.03.16 11:43:29 | 000,431,056 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011.03.13 12:40:23 | 000,005,701 | ---- | M] () -- C:\Users\NAME\Desktop\Anleitung.html
[2011.03.11 14:48:18 | 000,000,967 | ---- | M] () -- C:\Users\NAME\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
[2011.03.10 14:07:14 | 000,061,930 | ---- | M] () -- C:\Users\NAME\Desktop\Auftragsbestaetigung_www.ticketonline.com.pdf
[2011.03.09 13:41:06 | 000,001,129 | ---- | M] () -- C:\Users\NAME\Desktop\Literatur - Shortcut.lnk
[2011.03.04 10:30:57 | 000,000,766 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.03.04 10:16:55 | 000,002,517 | ---- | M] () -- C:\Users\NAME\Desktop\EndNote Program.lnk
[2011.03.04 10:11:16 | 000,200,704 | RHS- | M] () -- C:\Windows\SysWow64\msacm32Q.dll
[2011.03.04 10:05:28 | 012,934,239 | ---- | M] () -- C:\Users\NAME\Desktop\ENX402update.zip
[2011.02.28 10:13:41 | 000,001,797 | ---- | M] () -- C:\Users\NAME\Desktop\Anfrage_DAK.pdf
[2011.02.24 13:34:01 | 002,999,803 | ---- | M] () -- C:\Users\NAME\Desktop\Untitled.wma
[2011.02.19 07:37:10 | 001,540,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2011.02.19 07:36:49 | 000,902,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2011.02.19 06:32:48 | 001,074,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\DWrite.dll
[2011.02.19 06:32:35 | 000,739,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\d2d1.dll
[2011.02.16 00:59:09 | 000,011,776 | ---- | M] () -- C:\Users\NAME\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== Files Created - No Company Name ==========

[2011.03.16 17:48:03 | 000,000,928 | ---- | C] () -- C:\Users\NAME\Desktop\NTREGOPT.lnk
[2011.03.16 17:48:03 | 000,000,909 | ---- | C] () -- C:\Users\NAME\Desktop\ERUNT.lnk
[2011.03.16 17:42:14 | 000,742,874 | ---- | C] () -- C:\Users\NAME\Desktop\Load.exe
[2011.03.16 13:40:58 | 000,002,975 | ---- | C] () -- C:\Users\NAME\Desktop\HiJackThis.lnk
[2011.03.16 13:40:25 | 001,402,880 | ---- | C] () -- C:\Users\NAME\Desktop\HijackThis.msi
[2011.03.13 12:41:14 | 000,005,701 | ---- | C] () -- C:\Users\NAME\Desktop\Anleitung.html
[2011.03.10 14:07:14 | 000,061,930 | ---- | C] () -- C:\Users\NAME\Desktop\Auftragsbestaetigung_www.ticketonline.com.pdf
[2011.03.09 13:41:06 | 000,001,129 | ---- | C] () -- C:\Users\NAME\Desktop\Literatur - Shortcut.lnk
[2011.03.07 20:39:48 | 000,000,967 | ---- | C] () -- C:\Users\NAME\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
[2011.03.04 10:30:57 | 000,000,766 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.03.04 10:16:55 | 000,002,517 | ---- | C] () -- C:\Users\NAME\Desktop\EndNote Program.lnk
[2011.03.04 10:11:16 | 000,200,704 | RHS- | C] () -- C:\Windows\SysWow64\msacm32Q.dll
[2011.03.04 10:11:16 | 000,000,308 | -HS- | C] () -- C:\Windows\tasks\bsuvenra.job
[2011.03.04 10:03:17 | 012,934,239 | ---- | C] () -- C:\Users\NAME\Desktop\ENX402update.zip
[2011.02.28 10:13:41 | 000,001,797 | ---- | C] () -- C:\Users\NAME\Desktop\Anfrage_DAK.pdf
[2011.02.24 13:34:01 | 002,999,803 | ---- | C] () -- C:\Users\NAME\Desktop\Untitled.wma
[2011.01.18 12:19:35 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\CommonDL.dll
[2011.01.18 12:19:35 | 000,002,413 | ---- | C] () -- C:\Windows\SysWow64\lgAxconfig.ini
[2010.12.22 11:52:18 | 000,011,776 | ---- | C] () -- C:\Users\NAME\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.07.31 12:39:42 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2010.07.26 16:17:58 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe
[2010.07.25 15:57:36 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.07.23 12:03:37 | 000,007,608 | ---- | C] () -- C:\Users\NAME\AppData\Local\resmon.resmoncfg
[2010.07.23 10:07:36 | 002,463,976 | ---- | C] () -- C:\Windows\SysWow64\NPSWF32.dll
[2010.07.22 16:17:06 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010.06.25 18:03:12 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.26 17:24:18 | 000,015,498 | ---- | C] () -- C:\Windows\VX1000.ini
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== Custom Scans ==========


< %SYSTEMDRIVE%\*. >
[2010.07.22 16:26:01 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2010.07.23 01:04:39 | 000,000,000 | ---D | M] -- C:\ATI
[2010.07.23 02:14:42 | 000,000,000 | -HSD | M] -- C:\Boot
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2011.01.18 12:20:55 | 000,000,000 | ---D | M] -- C:\KP500
[2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2010.12.22 15:16:14 | 000,000,000 | R--D | M] -- C:\Program Files
[2011.03.16 17:48:03 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2011.01.30 14:04:12 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2010.07.22 16:25:42 | 000,000,000 | -HSD | M] -- C:\Recovery
[2011.03.04 16:46:57 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2010.07.22 16:25:47 | 000,000,000 | R--D | M] -- C:\Users
[2011.03.16 17:37:25 | 000,000,000 | ---D | M] -- C:\Windows

< %PROGRAMFILES%\*.exe >

< %LOCALAPPDATA%\*.exe >

< %systemroot%\*. /mp /s >


< MD5 for: EXPLORER.EXE >
[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\SysWOW64\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2009.08.03 07:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\explorer.exe
[2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2009.10.31 07:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2009.08.03 07:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: USERINIT.EXE >
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe

< MD5 for: WININIT.EXE >
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

< MD5 for: WINLOGON.EXE >
[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< End of report >

Nr 2:OTL EXTRAS Logfile:
Code:
OTL Extras logfile created on: 16.03.2011 17:49:56 - Run 1
OTL by OldTimer - Version 3.2.22.3    Folder = C:\Users\Tim\Desktop
64bit- An unknown product  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 68,00% Memory free
8,00 Gb Paging File | 7,00 Gb Available in Paging File | 82,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 39,06 Gb Total Space | 14,56 Gb Free Space | 37,29% Space Free | Partition Type: NTFS
Drive D: | 115,04 Gb Total Space | 40,69 Gb Free Space | 35,37% Space Free | Partition Type: NTFS
Drive E: | 97,65 Gb Total Space | 80,28 Gb Free Space | 82,21% Space Free | Partition Type: NTFS
Drive F: | 161,37 Gb Total Space | 161,28 Gb Free Space | 99,94% Space Free | Partition Type: NTFS
Drive I: | 931,51 Gb Total Space | 222,95 Gb Free Space | 23,93% Space Free | Partition Type: NTFS
 
Computer Name: SEETI | User Name: Tim | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- E:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "E:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "E:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "E:\Program Files\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "E:\Program Files\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "E:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "E:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "E:\Program Files\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "E:\Program Files\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{2016B2AD-0051-05C7-9CCB-CE9F05659CB7}" = ccc-utility64
"{25D04DBB-FE9D-E3BA-C2F3-F1BE9B8C0709}" = ATI Catalyst Install Manager
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{6965A8D2-465D-4F98-9FAA-0E9E2348F329}" = Microsoft LifeCam
"{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0407-1000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-1000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-1000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-1000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002C-0407-1000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0407-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (German) 2010
"{90140000-0044-0407-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-006E-0407-1000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00BA-0407-1000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{9C5A08BF-BB99-4998-81BD-F6CC32483B34}" = Microsoft Corporation
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"WinRAR archiver" = WinRAR
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{09E2111C-16B1-4DDF-BF0D-F994C9A12350}" = Adobe Setup
"{0CA1005F-B640-0354-EC82-F8F7447A8E8A}" = CCC Help Hungarian
"{0FC472C3-6A2A-969F-10E7-E8F61B18117C}" = Catalyst Control Center Localization All
"{11202615-E557-4ECF-9B86-F59C81E52909}" = FIFA 10
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 23
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{31405CA2-F009-D91B-FEFF-35924343CB14}" = Catalyst Control Center InstallProxy
"{31B75145-DF24-C759-E735-9C129956961E}" = CCC Help Spanish
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{483213DE-E8FC-44D9-8826-11D480BEE38D}" = TerraTec Remote Control
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{501BADCD-F8F7-44CB-AC3F-6ED25C1A28B5}" = iTunes
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}" = TerraTec Home Cinema
"{641C1B16-FD4C-0F97-47AE-76637FC64225}" = CCC Help English
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{75AE638F-750A-11DF-96D5-005056806466}" = Google Earth Plug-in
"{79C2D7F9-3BF8-52C1-6A7A-84C9296171F8}" = CCC Help German
"{7B29E627-71A5-6824-3F85-DBEF19624BD0}" = ccc-core-static
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{86B3F2D6-AC2B-0014-8AE1-F2F77F781B0C}" = EndNote X4
"{87323561-58BA-4D5B-BADA-A791B69D1705}" = Catalyst Control Center - Branding
"{88B2BB7B-A684-E8E3-65C6-DDC5DC152C2A}" = CCC Help French
"{8CB77076-DB66-5D92-7886-807226C9CE4B}" = CCC Help Italian
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{929408E6-D265-4174-805F-81D1D914E2A4}" = QuickTime
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9C6F56DA-7051-6677-4E5A-9DC6C573F2B5}" = CCC Help Portuguese
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1033-0000-7760-000000000003}" = Adobe Acrobat 8 Professional
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B7F560B3-6EFF-4026-A982-843895A41149}" = Adobe BridgeTalk Plugin CS3
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C3FA3CCE-2A88-0976-B875-4B3E9D41204D}" = Catalyst Control Center Graphics Previews Common
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{CB3F8375-B600-4B9F-83C9-238ED1E583FD}" = Adobe InDesign CS3
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1C18EDD-571A-4BDD-BE7B-1DD86027D7FF}" = Adobe Creative Suite 3 Design Premium
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D54A0D86-35B0-BFC8-174B-D991EDF903B8}" = Catalyst Control Center Graphics Previews Vista
"{D5610369-AF78-386F-4985-9822654973A3}" = CCC Help Polish
"{DA703982C580418795BF4001AA9D7061}" = DivX Plus Media Foundation Components
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E6BF9670-C9E9-461A-9B14-B5ADAC3176CF}" = Cisco AnyConnect VPN Client
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3
"{F1CBC6F7-D82D-4DC5-B81C-9A14F418593A}_is1" = WC3Banlist
"{F77D44EB-2A6E-E2EE-7C30-40A5409B2650}" = CCC Help Greek
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_c14ac4070fd9614ffe63f4bb533db2c" = Add or Remove Adobe Creative Suite 3 Design Premium
"AnyDVD" = AnyDVD
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVMWLANCLI" = AVM FRITZ!WLAN
"CCleaner" = CCleaner
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"ERUNT_is1" = ERUNT 1.1j
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"foobar2000" = foobar2000
"InstallShield_{501BADCD-F8F7-44CB-AC3F-6ED25C1A28B5}" = iTunes
"InstallShield_{929408E6-D265-4174-805F-81D1D914E2A4}" = QuickTime
"IrfanView" = IrfanView (remove only)
"JDownloader" = JDownloader
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.7)" = Mozilla Firefox (3.6.7)
"ResearchSoft Direct Export Helper" = ResearchSoft Direct Export Helper
"VLC media player" = VLC media player 1.1.1
"WinPcapInst" = WinPcap 4.1.2
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Mozilla Firefox (3.6.15)" = Mozilla Firefox (3.6.15)
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 12.03.2011 14:03:17 | Computer Name = seeti | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "e:\program files\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "e:\program files\spybot
 - search & destroy\DelZip179.dll" on line 8.  The value "*" of attribute "language"
 in element "assemblyIdentity" is invalid.
 
Error - 13.03.2011 06:56:35 | Computer Name = seeti | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "e:\program files\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "e:\program files\spybot
 - search & destroy\DelZip179.dll" on line 8.  The value "*" of attribute "language"
 in element "assemblyIdentity" is invalid.
 
Error - 14.03.2011 11:03:44 | Computer Name = seeti | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "e:\program files\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "e:\program files\spybot
 - search & destroy\DelZip179.dll" on line 8.  The value "*" of attribute "language"
 in element "assemblyIdentity" is invalid.
 
Error - 15.03.2011 06:28:43 | Computer Name = seeti | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "e:\program files\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "e:\program files\spybot
 - search & destroy\DelZip179.dll" on line 8.  The value "*" of attribute "language"
 in element "assemblyIdentity" is invalid.
 
Error - 15.03.2011 12:34:49 | Computer Name = seeti | Source = Application Hang | ID = 1002
Description = The program Acrobat.exe version 8.0.0.456 stopped interacting with
 Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Action Center control panel.    Process ID: 9d0    Start
 Time: 01cbe32edc1a612b    Termination Time: 16    Application Path: E:\Program Files\Adobe\Acrobat
 8.0\Acrobat\Acrobat.exe    Report Id: 21b286e1-4f22-11e0-80de-00040eccf525 
 
Error - 15.03.2011 12:49:48 | Computer Name = seeti | Source = Application Error | ID = 1000
Description = Faulting application name: Acrobat.exe, version: 8.0.0.456, time stamp:
 0x453c8d7f  Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
 code: 0xc0000005  Fault offset: 0x0a2c0a0a  Faulting process id: 0x130c  Faulting application
 start time: 0x01cbe33016f609e9  Faulting application path: E:\Program Files\Adobe\Acrobat
 8.0\Acrobat\Acrobat.exe  Faulting module path: unknown  Report Id: 3c9ced82-4f24-11e0-997d-00040eccf525
 
Error - 15.03.2011 12:50:06 | Computer Name = seeti | Source = Application Error | ID = 1000
Description = Faulting application name: Acrobat.exe, version: 8.0.0.456, time stamp:
 0x453c8d7f  Faulting module name: MSVCR80.dll, version: 8.0.50727.4927, time stamp:
 0x4a2752ff  Exception code: 0xc0000005  Fault offset: 0x000507f5  Faulting process id:
 0x130c  Faulting application start time: 0x01cbe33016f609e9  Faulting application path:
 E:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrobat.exe  Faulting module path: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\MSVCR80.dll
Report
 Id: 47894799-4f24-11e0-997d-00040eccf525
 
Error - 16.03.2011 05:28:50 | Computer Name = seeti | Source = SDWinSec.exe | ID = 0
Description =
 
Error - 16.03.2011 05:29:05 | Computer Name = seeti | Source = SDWinSec.exe | ID = 0
Description =
 
Error - 16.03.2011 07:23:37 | Computer Name = seeti | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "e:\program files\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "e:\program files\spybot
 - search & destroy\DelZip179.dll" on line 8.  The value "*" of attribute "language"
 in element "assemblyIdentity" is invalid.
 
[ Cisco AnyConnect VPN Client Events ]
Error - 16.03.2011 12:46:18 | Computer Name = seeti | Source = vpnagent | ID = 67108866
Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp
Line:
 2484 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED
 
Error - 16.03.2011 12:46:18 | Computer Name = seeti | Source = vpnagent | ID = 67108866
Description = Function: CRouteMgr::UpdatePublicAddress File: .\RouteMgr.cpp Line:
2188 Invoked Function: CChangeRouteTable::FindBestRouteInterface Return Code: -33095647
 (0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED
 
Error - 16.03.2011 12:46:18 | Computer Name = seeti | Source = vpnagent | ID = 67108866
Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp
Line:
 2484 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED
 
Error - 16.03.2011 12:46:18 | Computer Name = seeti | Source = vpnagent | ID = 67108866
Description = Function: CRouteMgr::UpdatePublicAddress File: .\RouteMgr.cpp Line:
2188 Invoked Function: CChangeRouteTable::FindBestRouteInterface Return Code: -33095647
 (0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED
 
Error - 16.03.2011 12:46:18 | Computer Name = seeti | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::applyHostConfigForNoVpn File: .\MainThread.cpp
Line:
 7578 Invoked Function: CHostConfigMgr::DeterminePublicInterface Return Code: -33095647
 (0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED
 
Error - 16.03.2011 12:46:18 | Computer Name = seeti | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::genericNoticeHandler File: .\MainThread.cpp Line:
 5613 Invoked Function: CMainThread::applyHostConfigForNoVpn Return Code: -33095647
 (0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED
 
Error - 16.03.2011 12:46:18 | Computer Name = seeti | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::processNotice File: .\MainThread.cpp Line: 5353
Invoked
 Function: CMainThread::genericNoticeHandler Return Code: -33095647 (0xFE070021) Description:
 ROUTETABLE_ERROR_GETBESTROUTE_FAILED
 
Error - 16.03.2011 12:46:18 | Computer Name = seeti | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::noticeHandler File: .\MainThread.cpp Line: 5315
Invoked
 Function: CMainThread::processNotice Return Code: -33095647 (0xFE070021) Description:
 ROUTETABLE_ERROR_GETBESTROUTE_FAILED
 
Error - 16.03.2011 12:46:18 | Computer Name = seeti | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::internalCallbackHandler File: .\MainThread.cpp
Line:
 5077 Invoked Function: CMainThread::noticeHandler Return Code: -33095647 (0xFE070021)
Description:
 ROUTETABLE_ERROR_GETBESTROUTE_FAILED
 
Error - 16.03.2011 12:46:18 | Computer Name = seeti | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::callbackHandler File: .\MainThread.cpp Line:
5003 Invoked Function: internalCallbackHandler Return Code: -33095647 (0xFE070021)
Description:
 ROUTETABLE_ERROR_GETBESTROUTE_FAILED
 
[ System Events ]
Error - 28.02.2011 17:51:02 | Computer Name = seeti | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Some processor performance power management features have been disabled
 due to a known firmware problem. Check with the computer manufacturer for updated
 firmware.
 
Error - 28.02.2011 17:51:02 | Computer Name = seeti | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\Drivers\GEARAspiWDM.sys has been blocked from
 loading due to incompatibility with this system. Please contact your software vendor
 for a compatible version of the driver.
 
Error - 28.02.2011 17:51:10 | Computer Name = seeti | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\Drivers\GEARAspiWDM.sys has been blocked from
 loading due to incompatibility with this system. Please contact your software vendor
 for a compatible version of the driver.
 
Error - 28.02.2011 17:51:14 | Computer Name = seeti | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
 
Error - 28.02.2011 17:51:14 | Computer Name = seeti | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 01.03.2011 02:36:12 | Computer Name = seeti | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Some processor performance power management features have been disabled
 due to a known firmware problem. Check with the computer manufacturer for updated
 firmware.
 
Error - 01.03.2011 02:36:12 | Computer Name = seeti | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\Drivers\GEARAspiWDM.sys has been blocked from
 loading due to incompatibility with this system. Please contact your software vendor
 for a compatible version of the driver.
 
Error - 01.03.2011 02:36:19 | Computer Name = seeti | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\Drivers\GEARAspiWDM.sys has been blocked from
 loading due to incompatibility with this system. Please contact your software vendor
 for a compatible version of the driver.
 
Error - 01.03.2011 02:36:23 | Computer Name = seeti | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
 
Error - 01.03.2011 02:36:23 | Computer Name = seeti | Source = atikmdag | ID = 43029
Description = Display is not active
 
 
< End of report >
--- --- ---

Danke für die Bemühungen im Vorfeld!!

cosinus 16.03.2011 19:24
Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle davon posten. Du findest diese im Reiter Logdateien in Malwarebytes.

seeti 16.03.2011 19:39
Ja, es gibt noch ein paar.

Hier chronologisch mit dem aktuellsten startend. Der aus dem ersten Post ist jedoch der neueste.

Code:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6067

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

15.03.2011 17:39:21
mbam-log-2011-03-15 (17-39-21).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 164526
Laufzeit: 1 Minute(n), 43 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Windows\Zpygaa.exe (Trojan.Agent) -> Quarantined and deleted successfully.
Code:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 5950

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

04.03.2011 10:40:41
mbam-log-2011-03-04 (10-40-41).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 163448
Laufzeit: 2 Minute(n), 18 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 4
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 3

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\LKGGOPABUH (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\NtWqIVLZEWZU (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Windows\Tasks\{22116563-108c-42c0-a7ce-60161b75e508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{62c40aa6-4406-467a-a5a5-dfdf1b559b7a}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{bbaeaeaf-1275-40e2-bd6c-bc8f88bd114a}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
Code:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 5950

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

04.03.2011 10:35:25
mbam-log-2011-03-04 (10-35-25).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|)
Durchsuchte Objekte: 45164
Laufzeit: 3 Minute(n), 7 Sekunde(n)

Infizierte Speicherprozesse: 1
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2

Infizierte Speicherprozesse:
c:\Windows\kmservice.exe (RiskWare.Tool.CK) -> 1748 -> Unloaded process successfully.

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\LKGGOPABUH (Trojan.FraudPack.Gen) -> Value: LKGGOPABUH -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Windows\kmservice.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
c:\Users\Tim\AppData\Local\Temp\Zmw.exe (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully.

cosinus 16.03.2011 19:57
Aus welcher Quelle stammt das bei dir installierte Office 2010?

seeti 16.03.2011 20:03
uni-volumen-lizenz

cosinus 16.03.2011 20:04
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
http://saved.im/mtm0nzyzmzd5/cofi.jpg
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

seeti 16.03.2011 21:15
Ich hatte Probleme damit Antivir komplett zu deaktivieren und habe es daher kurzerhand deinstalliert. Wundere mich nun, dass es im Log dennoch als Enabled auftaucht?!

Combofix Logfile:
Code:
ComboFix 11-03-16.01 - Name 16.03.2011  20:19:42.1.2 - x64
Microsoft Windows 7 Professional  6.1.7600.0.1252.49.1033.18.4095.3091 [GMT 1:00]
ausgeführt von:: c:\users\Name\Desktop\cofi.exe
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\NAME\AppData\Roaming\Local
c:\users\NAME\AppData\Roaming\Local\Temp\DDM\Settings\0.ddi
c:\users\NAME\AppData\Roaming\Local\Temp\DDM\Settings\1.ddi
c:\users\NAME\AppData\Roaming\Local\Temp\DDM\Settings\2.ddi
c:\users\NAME\AppData\Roaming\Local\Temp\DDM\Settings\3.ddi
I:\autorun.inf
.
.
(((((((((((((((((((((((  Dateien erstellt von 2011-02-16 bis 2011-03-16  ))))))))))))))))))))))))))))))
.
.
2011-03-16 16:48 . 2011-03-16 16:48        --------        d-----w-        c:\program files (x86)\ERUNT
2011-03-16 12:40 . 2011-03-16 12:40        388096        ----a-r-        c:\users\NAME\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-03-04 16:34 . 2011-03-04 16:34        --------        d-----w-        c:\program files\Common Files\ResearchSoft
2011-03-04 09:30 . 2010-12-20 17:09        38224        ----a-w-        c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-03-04 09:11 . 2011-03-04 09:11        200704        --sha-r-        c:\windows\SysWow64\msacm32Q.dll
2011-02-23 22:48 . 2010-09-14 06:45        367104        ----a-w-        c:\windows\system32\wcncsvc.dll
2011-02-23 22:48 . 2010-09-14 06:07        276992        ----a-w-        c:\windows\SysWow64\wcncsvc.dll
2011-02-23 08:46 . 2011-01-07 08:07        662528        ----a-w-        c:\windows\system32\XpsPrint.dll
2011-02-23 08:46 . 2011-01-07 08:07        475648        ----a-w-        c:\windows\system32\XpsGdiConverter.dll
2011-02-23 08:46 . 2011-01-07 07:31        442880        ----a-w-        c:\windows\SysWow64\XpsPrint.dll
2011-02-23 08:46 . 2011-01-07 07:31        288256        ----a-w-        c:\windows\SysWow64\XpsGdiConverter.dll
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-11 15:45 . 2011-02-11 15:45        8952        ----a-w-        c:\windows\SysWow64\vpncategories.dll
2011-02-11 15:44 . 2011-02-11 15:44        28920        ----a-w-        c:\windows\SysWow64\vpnevents.dll
2011-01-26 06:53 . 2011-02-09 08:33        982912        ----a-w-        c:\windows\system32\drivers\dxgkrnl.sys
2011-01-26 06:53 . 2011-02-09 08:33        265088        ----a-w-        c:\windows\system32\drivers\dxgmms1.sys
2011-01-26 06:31 . 2011-02-09 08:33        144384        ----a-w-        c:\windows\system32\cdd.dll
2011-01-07 08:06 . 2011-02-09 08:33        46080        ----a-w-        c:\windows\system32\atmlib.dll
2011-01-07 07:27 . 2011-02-09 08:33        34304        ----a-w-        c:\windows\SysWow64\atmlib.dll
2011-01-07 05:49 . 2011-02-09 08:33        366080        ----a-w-        c:\windows\system32\atmfd.dll
2011-01-07 05:33 . 2011-02-09 08:33        294400        ----a-w-        c:\windows\SysWow64\atmfd.dll
2011-01-05 06:20 . 2011-02-09 08:33        612352        ----a-w-        c:\windows\system32\vbscript.dll
2011-01-05 05:37 . 2011-02-09 08:33        428032        ----a-w-        c:\windows\SysWow64\vbscript.dll
2011-01-05 04:00 . 2011-02-09 08:33        3127808        ----a-w-        c:\windows\system32\win32k.sys
2010-12-21 06:16 . 2011-02-09 08:33        97280        ----a-w-        c:\windows\system32\wscsvc.dll
2010-12-21 06:16 . 2011-02-09 08:33        62976        ----a-w-        c:\windows\system32\wscapi.dll
2010-12-21 06:16 . 2011-02-09 08:33        214016        ----a-w-        c:\windows\system32\winsrv.dll
2010-12-21 06:16 . 2011-02-09 08:33        1197056        ----a-w-        c:\windows\system32\wininet.dll
2010-12-21 06:16 . 2011-02-09 08:33        442880        ----a-w-        c:\windows\system32\winhttp.dll
2010-12-21 06:16 . 2011-02-09 08:33        258048        ----a-w-        c:\windows\system32\WebClnt.dll
2010-12-21 06:15 . 2011-02-09 08:33        264192        ----a-w-        c:\windows\system32\upnp.dll
2010-12-21 06:15 . 2011-02-09 08:33        15360        ----a-w-        c:\windows\system32\slwga.dll
2010-12-21 06:13 . 2011-02-09 08:33        2003968        ----a-w-        c:\windows\system32\msxml6.dll
2010-12-21 06:13 . 2011-02-09 08:33        1880576        ----a-w-        c:\windows\system32\msxml3.dll
2010-12-21 06:10 . 2011-02-09 08:33        100864        ----a-w-        c:\windows\system32\davclnt.dll
2010-12-21 05:38 . 2011-02-09 08:33        51200        ----a-w-        c:\windows\SysWow64\wscapi.dll
2010-12-21 05:38 . 2011-02-09 08:33        981504        ----a-w-        c:\windows\SysWow64\wininet.dll
2010-12-21 05:38 . 2011-02-09 08:33        350720        ----a-w-        c:\windows\SysWow64\winhttp.dll
2010-12-21 05:38 . 2011-02-09 08:33        204800        ----a-w-        c:\windows\SysWow64\WebClnt.dll
2010-12-21 05:38 . 2011-02-09 08:33        204288        ----a-w-        c:\windows\SysWow64\upnp.dll
2010-12-21 05:38 . 2011-02-09 08:33        14336        ----a-w-        c:\windows\SysWow64\slwga.dll
2010-12-21 05:36 . 2011-02-09 08:33        1389568        ----a-w-        c:\windows\SysWow64\msxml6.dll
2010-12-21 05:36 . 2011-02-09 08:33        1236992        ----a-w-        c:\windows\SysWow64\msxml3.dll
2010-12-21 05:34 . 2011-02-09 08:33        80384        ----a-w-        c:\windows\SysWow64\davclnt.dll
2010-12-20 17:08 . 2010-07-23 08:28        24152        ----a-w-        c:\windows\system32\drivers\mbam.sys
2010-12-18 06:11 . 2011-02-09 08:34        57856        ----a-w-        c:\windows\system32\licmgr10.dll
2010-12-18 06:11 . 2011-02-09 08:33        714752        ----a-w-        c:\windows\system32\kerberos.dll
2010-12-18 05:29 . 2011-02-09 08:34        44544        ----a-w-        c:\windows\SysWow64\licmgr10.dll
2010-12-18 05:29 . 2011-02-09 08:33        541184        ----a-w-        c:\windows\SysWow64\kerberos.dll
2010-12-18 04:55 . 2011-02-09 08:34        482816        ----a-w-        c:\windows\system32\html.iec
2010-12-18 04:20 . 2011-02-09 08:34        386048        ----a-w-        c:\windows\SysWow64\html.iec
2010-12-18 04:13 . 2011-02-09 08:34        1638912        ----a-w-        c:\windows\system32\mshtml.tlb
2010-12-18 03:47 . 2011-02-09 08:34        1638912        ----a-w-        c:\windows\SysWow64\mshtml.tlb
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36        94208        ----a-w-        c:\users\NAME\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36        94208        ----a-w-        c:\users\NAME
\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36        94208        ----a-w-        c:\users\NAME\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"Remote Control Editor"="c:\program files (x86)\Common Files\TerraTec\Remote\TTTvRc.exe" [2010-09-13 1695816]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AVMWlanClient"="c:\program files (x86)\avmwlanstick\wlangui.exe" [2009-03-20 1904640]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-27 98304]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152]
.
c:\users\NAME\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\NAME
\AppData\Roaming\Dropbox\bin\Dropbox.exe [2010-12-17 23343848]
OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk - e:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2010-3-29 245120]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SBSDWSCService;SBSD Security Center Service;e:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;e:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 51456888]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\DRIVERS\s0016bus.sys [x]
R3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0016mdfl.sys [x]
R3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0016mdm.sys [x]
R3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0016mgmt.sys [x]
R3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\DRIVERS\s0016nd5.sys [x]
R3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0016obex.sys [x]
R3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\DRIVERS\s0016unic.sys [x]
R3 SE1008mdm;Sony Ericsson SE1008 Mobile Device Full USB Driver;c:\windows\system32\DRIVERS\SE1008mdm_x64.sys [x]
R4 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-30 136176]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]
S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2011-02-11 603896]
S3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\DRIVERS\fwlanusb.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2011-03-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-30 11:44]
.
2011-03-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-30 11:44]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36        97792        ----a-w-        c:\users\NAME\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36        97792        ----a-w-        c:\users\NAME\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36        97792        ----a-w-        c:\users\NAME\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36        97792        ----a-w-        c:\users\NAME\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"="e:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
"VX1000"="c:\windows\vVX1000.exe" [2010-05-20 762736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An OneNote s&enden - e:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
IE: Append to existing PDF - e:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - e:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - e:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - e:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - e:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - e:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - e:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - e:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Nach Microsoft E&xcel exportieren - e:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
FF - ProfilePath - c:\users\NAME\AppData\Roaming\Mozilla\Firefox\Profiles\422bmj2o.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.psychologie.uni-mannheim.de/
FF - prefs.js: keyword.URL - hxxp://start.facemoods.com/results.php?f=5&a=ddr&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - e:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - e:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - e:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - e:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-03-16  20:24:38
ComboFix-quarantined-files.txt  2011-03-16 19:24
.
Vor Suchlauf: 15.553.392.640 bytes free
Nach Suchlauf: 15.413.714.944 bytes free
.
- - End Of File - - 5092C43AEFF4AF0D23E41E2ABD30B999
--- --- ---

cosinus 16.03.2011 21:20
Das ist ein Bug von AntiVir, denn es müllt das Sicherheitscenter zu und löscht nicht immer diese Einträge bei der Deinstallation.

Bitte nun Logs mit GMER und mbrcheck erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg

Anleitung zu mbrcheck:
Downloade Dir MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur wenige Sekunden.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes

seeti 16.03.2011 21:45
Log GMER

Code:
GMER 1.0.15.15530 - hxxp://www.gmer.net
Rootkit scan 2011-03-16 21:33:10
Windows 6.1.7600 
Running: 6nl5e5pc.exe


---- Registry - GMER 1.0.15 ----

Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1                                                                  771343423
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2                                                                  285507792
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0                                                                  1
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                   
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                0x00 0x00 0x00 0x00 ...
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                0
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                              0x58 0x42 0x8F 0x73 ...
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                E:\Program Files\DAEMON Tools Lite\
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                         
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                        0x20 0x01 0x00 0x00 ...
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                    0x72 0x93 0xEE 0xA8 ...
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                     
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                0xB8 0xF6 0x27 0xED ...
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)               
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                    0x00 0x00 0x00 0x00 ...
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                    0
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                  0x58 0x42 0x8F 0x73 ...
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                    E:\Program Files\DAEMON Tools Lite\
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)     
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                            0x20 0x01 0x00 0x00 ...
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                        0x72 0x93 0xEE 0xA8 ...
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) 
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                    0xB8 0xF6 0x27 0xED ...

---- EOF - GMER 1.0.15 ----
Log MBRCheck
Code:
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:                       
Windows Version:                Windows 7 Professional
Windows Information:                (build 7600), 64-bit
Base Board Manufacturer:       
BIOS Manufacturer:                American Megatrends Inc.
System Manufacturer:                To Be Filled By O.E.M.
System Product Name:                To Be Filled By O.E.M.
Logical Drives Mask:                0x000001fd

Kernel Drivers (total 198):
  0x02A02000 \SystemRoot\system32\ntoskrnl.exe
  0x02FDF000 \SystemRoot\system32\hal.dll
  0x00BD5000 \SystemRoot\system32\kdcom.dll
  0x00CC7000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
  0x00CD4000 \SystemRoot\system32\PSHED.dll
  0x00CE8000 \SystemRoot\system32\CLFS.SYS
  0x00C00000 \SystemRoot\system32\CI.dll
  0x00D46000 \SystemRoot\system32\drivers\Wdf01000.sys
  0x00DEA000 \SystemRoot\system32\drivers\WDFLDR.SYS
  0x00E1C000 \SystemRoot\System32\Drivers\spnk.sys
  0x00F42000 \SystemRoot\System32\Drivers\WMILIB.SYS
  0x00F4B000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
  0x00F7A000 \SystemRoot\system32\DRIVERS\ACPI.sys
  0x00FD1000 \SystemRoot\system32\DRIVERS\msisadrv.sys
  0x00FDB000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
  0x010A7000 \SystemRoot\system32\DRIVERS\pci.sys
  0x010DA000 \SystemRoot\System32\drivers\partmgr.sys
  0x010EF000 \SystemRoot\system32\DRIVERS\volmgr.sys
  0x01104000 \SystemRoot\System32\drivers\volmgrx.sys
  0x01160000 \SystemRoot\system32\DRIVERS\pciide.sys
  0x01167000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
  0x01177000 \SystemRoot\System32\drivers\mountmgr.sys
  0x01191000 \SystemRoot\system32\DRIVERS\atapi.sys
  0x0119A000 \SystemRoot\system32\DRIVERS\ataport.SYS
  0x011C4000 \SystemRoot\system32\DRIVERS\nvstor.sys
  0x01000000 \SystemRoot\system32\DRIVERS\storport.sys
  0x01062000 \SystemRoot\system32\DRIVERS\amdxata.sys
  0x01289000 \SystemRoot\system32\drivers\fltmgr.sys
  0x012D5000 \SystemRoot\system32\drivers\fileinfo.sys
  0x01400000 \SystemRoot\System32\Drivers\Ntfs.sys
  0x012E9000 \SystemRoot\System32\Drivers\msrpc.sys
  0x015A3000 \SystemRoot\System32\Drivers\ksecdd.sys
  0x01347000 \SystemRoot\System32\Drivers\cng.sys
  0x015BD000 \SystemRoot\System32\drivers\pcw.sys
  0x015CE000 \SystemRoot\System32\Drivers\Fs_Rec.sys
  0x016BB000 \SystemRoot\system32\drivers\ndis.sys
  0x01600000 \SystemRoot\system32\drivers\NETIO.SYS
  0x01660000 \SystemRoot\System32\Drivers\ksecpkg.sys
  0x01801000 \SystemRoot\System32\drivers\tcpip.sys
  0x017AD000 \SystemRoot\System32\drivers\fwpkclnt.sys
  0x0168B000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
  0x01200000 \SystemRoot\system32\DRIVERS\volsnap.sys
  0x0169B000 \SystemRoot\System32\Drivers\spldr.sys
  0x0124C000 \SystemRoot\System32\drivers\rdyboost.sys
  0x016A3000 \SystemRoot\System32\Drivers\mup.sys
  0x017F7000 \SystemRoot\System32\drivers\hwpolicy.sys
  0x013BA000 \SystemRoot\System32\DRIVERS\fvevol.sys
  0x015D8000 \SystemRoot\system32\DRIVERS\disk.sys
  0x0106D000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
  0x03A7D000 \SystemRoot\system32\DRIVERS\cdrom.sys
  0x03AA7000 \SystemRoot\System32\Drivers\Null.SYS
  0x03AB0000 \SystemRoot\System32\Drivers\Beep.SYS
  0x03AB7000 \SystemRoot\System32\drivers\vga.sys
  0x03AC5000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
  0x03AEA000 \SystemRoot\System32\drivers\watchdog.sys
  0x03AFA000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0x03B03000 \SystemRoot\system32\drivers\rdpencdd.sys
  0x03B0C000 \SystemRoot\system32\drivers\rdprefmp.sys
  0x03B15000 \SystemRoot\System32\Drivers\Msfs.SYS
  0x03B20000 \SystemRoot\System32\Drivers\Npfs.SYS
  0x03B31000 \SystemRoot\system32\DRIVERS\tdx.sys
  0x03B4F000 \SystemRoot\system32\DRIVERS\TDI.SYS
  0x03B5C000 \SystemRoot\system32\drivers\afd.sys
  0x03E46000 \SystemRoot\System32\DRIVERS\netbt.sys
  0x03E8B000 \SystemRoot\system32\DRIVERS\wfplwf.sys
  0x03E94000 \SystemRoot\system32\DRIVERS\pacer.sys
  0x03EBA000 \SystemRoot\system32\DRIVERS\netbios.sys
  0x03EC9000 \SystemRoot\system32\DRIVERS\serial.sys
  0x03EE6000 \SystemRoot\system32\DRIVERS\wanarp.sys
  0x03F01000 \SystemRoot\system32\DRIVERS\termdd.sys
  0x03F15000 \SystemRoot\system32\DRIVERS\rdbss.sys
  0x03F66000 \SystemRoot\system32\drivers\nsiproxy.sys
  0x03F72000 \SystemRoot\system32\DRIVERS\mssmbios.sys
  0x03F7D000 \SystemRoot\System32\Drivers\ElbyCDIO.sys
  0x03F88000 \SystemRoot\System32\drivers\discache.sys
  0x04007000 \SystemRoot\system32\drivers\csc.sys
  0x0408A000 \SystemRoot\System32\Drivers\dfsc.sys
  0x040A8000 \SystemRoot\system32\DRIVERS\blbdrive.sys
  0x040B9000 \SystemRoot\system32\DRIVERS\tunnel.sys
  0x040DF000 \SystemRoot\system32\DRIVERS\amdk8.sys
  0x040F6000 \SystemRoot\system32\DRIVERS\irsir.sys
  0x04102000 \SystemRoot\system32\drivers\irenum.sys
  0x0410B000 \SystemRoot\system32\DRIVERS\fdc.sys
  0x04118000 \SystemRoot\system32\DRIVERS\parport.sys
  0x04135000 \SystemRoot\system32\DRIVERS\i8042prt.sys
  0x04153000 \SystemRoot\system32\DRIVERS\kbdclass.sys
  0x04162000 \SystemRoot\system32\DRIVERS\mouclass.sys
  0x04171000 \SystemRoot\system32\DRIVERS\serenum.sys
  0x0417D000 \SystemRoot\system32\DRIVERS\usbohci.sys
  0x04188000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
  0x041DE000 \SystemRoot\system32\DRIVERS\usbehci.sys
  0x03F97000 \SystemRoot\System32\Drivers\AnyDVD.sys
  0x03FBA000 \SystemRoot\system32\DRIVERS\1394ohci.sys
  0x03E00000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
  0x044DF000 \SystemRoot\system32\DRIVERS\nvm62x64.sys
  0x048BA000 \SystemRoot\system32\DRIVERS\atikmdag.sys
  0x04ED1000 \SystemRoot\System32\drivers\dxgkrnl.sys
  0x04800000 \SystemRoot\System32\drivers\dxgmms1.sys
  0x04846000 \SystemRoot\System32\Drivers\anm1kx56.SYS
  0x0488B000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
  0x0489B000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
  0x04FC5000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
  0x04FE9000 \SystemRoot\system32\DRIVERS\ndistapi.sys
  0x04543000 \SystemRoot\system32\DRIVERS\ndiswan.sys
  0x04572000 \SystemRoot\system32\DRIVERS\raspppoe.sys
  0x0458D000 \SystemRoot\system32\DRIVERS\raspptp.sys
  0x045AE000 \SystemRoot\system32\DRIVERS\rassstp.sys
  0x04FF5000 \SystemRoot\system32\DRIVERS\rdpbus.sys
  0x048B1000 \SystemRoot\system32\DRIVERS\swenum.sys
  0x04400000 \SystemRoot\system32\DRIVERS\ks.sys
  0x04443000 \SystemRoot\system32\DRIVERS\umbus.sys
  0x04455000 \SystemRoot\system32\DRIVERS\flpydisk.sys
  0x04460000 \SystemRoot\system32\DRIVERS\usbhub.sys
  0x044BA000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0x0589B000 \SystemRoot\system32\drivers\HdAudio.sys
  0x058F7000 \SystemRoot\system32\drivers\portcls.sys
  0x05934000 \SystemRoot\system32\drivers\drmk.sys
  0x05956000 \SystemRoot\system32\drivers\ksthunk.sys
  0x00090000 \SystemRoot\System32\win32k.sys
  0x0595C000 \SystemRoot\System32\drivers\Dxapi.sys
  0x05968000 \SystemRoot\System32\Drivers\crashdmp.sys
  0x05976000 \SystemRoot\System32\Drivers\dump_diskdump.sys
  0x05980000 \SystemRoot\System32\Drivers\dump_nvstor.sys
  0x059AB000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
  0x059BE000 \SystemRoot\system32\DRIVERS\usbccgp.sys
  0x059DB000 \SystemRoot\system32\DRIVERS\USBD.SYS
  0x059DD000 \SystemRoot\system32\DRIVERS\emOEM64.sys
  0x05800000 \SystemRoot\system32\DRIVERS\emBDA64.sys
  0x05871000 \SystemRoot\system32\DRIVERS\BdaSup.SYS
  0x05875000 \SystemRoot\system32\drivers\usbaudio.sys
  0x045C8000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
  0x059E7000 \SystemRoot\system32\DRIVERS\monitor.sys
  0x005A0000 \SystemRoot\System32\TSDDD.dll
  0x00680000 \SystemRoot\System32\cdd.dll
  0x00930000 \SystemRoot\System32\ATMFD.DLL
  0x0260A000 \SystemRoot\system32\drivers\luafv.sys
  0x0262D000 \SystemRoot\system32\drivers\WudfPf.sys
  0x0264E000 \SystemRoot\system32\DRIVERS\irda.sys
  0x02671000 \SystemRoot\system32\DRIVERS\lltdio.sys
  0x02686000 \SystemRoot\system32\DRIVERS\nwifi.sys
  0x026D9000 \SystemRoot\system32\DRIVERS\ndisuio.sys
  0x026EC000 \SystemRoot\system32\DRIVERS\rspndr.sys
  0x02704000 \SystemRoot\system32\drivers\HTTP.sys
  0x027CC000 \SystemRoot\system32\DRIVERS\bowser.sys
  0x045E3000 \SystemRoot\System32\drivers\mpsdrv.sys
  0x05A83000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  0x05AB0000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
  0x05AFE000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
  0x05B21000 \SystemRoot\system32\drivers\npf.sys
  0x05B2D000 \SystemRoot\system32\drivers\peauth.sys
  0x05BD3000 \SystemRoot\System32\Drivers\secdrv.SYS
  0x05A00000 \SystemRoot\System32\DRIVERS\srvnet.sys
  0x05A2D000 \SystemRoot\System32\drivers\tcpipreg.sys
  0x05ED0000 \SystemRoot\System32\DRIVERS\srv2.sys
  0x05F37000 \SystemRoot\System32\DRIVERS\srv.sys
  0x05E00000 \SystemRoot\System32\Drivers\fastfat.SYS
  0x05E36000 \??\C:\Windows\system32\Drivers\PROCEXP113.SYS
  0x05EAF000 \SystemRoot\system32\DRIVERS\asyncmac.sys
  0x77A50000 \Windows\System32\ntdll.dll
  0x48440000 \Windows\System32\smss.exe
  0xFFD70000 \Windows\System32\apisetschema.dll
  0xFF270000 \Windows\System32\autochk.exe
  0xFFD50000 \Windows\System32\lpk.dll
  0xFFCD0000 \Windows\System32\difxapi.dll
  0xFFC80000 \Windows\System32\Wldap32.dll
  0xFFB50000 \Windows\System32\wininet.dll
  0x77C20000 \Windows\System32\psapi.dll
  0xFFB20000 \Windows\System32\imm32.dll
  0xFFB00000 \Windows\System32\sechost.dll
  0x77950000 \Windows\System32\user32.dll
  0xFFA30000 \Windows\System32\usp10.dll
  0xFF8B0000 \Windows\System32\urlmon.dll
  0xFEB20000 \Windows\System32\shell32.dll
  0xFEA40000 \Windows\System32\oleaut32.dll
  0x77C10000 \Windows\System32\normaliz.dll
  0xFE860000 \Windows\System32\setupapi.dll
  0xFE650000 \Windows\System32\ole32.dll
  0x77830000 \Windows\System32\kernel32.dll
  0xFE540000 \Windows\System32\msctf.dll
  0xFE4A0000 \Windows\System32\comdlg32.dll
  0xFE430000 \Windows\System32\gdi32.dll
  0xFE390000 \Windows\System32\clbcatq.dll
  0xFE370000 \Windows\System32\imagehlp.dll
  0xFE2F0000 \Windows\System32\shlwapi.dll
  0xFE210000 \Windows\System32\advapi32.dll
  0xFE200000 \Windows\System32\nsi.dll
  0xFE160000 \Windows\System32\msvcrt.dll
  0xFE030000 \Windows\System32\rpcrt4.dll
  0xFDFE0000 \Windows\System32\ws2_32.dll
  0xFDD80000 \Windows\System32\iertutil.dll
  0xFDD10000 \Windows\System32\KernelBase.dll
  0xFDC70000 \Windows\System32\comctl32.dll
  0xFDC50000 \Windows\System32\devobj.dll
  0xFDAE0000 \Windows\System32\crypt32.dll
  0xFDAA0000 \Windows\System32\wintrust.dll
  0xFDA60000 \Windows\System32\cfgmgr32.dll
  0xFDA50000 \Windows\System32\msasn1.dll
  0x75A00000 \Windows\SysWOW64\normaliz.dll

Processes (total 52):
      0 System Idle Process
      4 System
    248 C:\Windows\System32\smss.exe
    356 csrss.exe
    424 C:\Windows\System32\wininit.exe
    448 csrss.exe
    480 C:\Windows\System32\services.exe
    496 C:\Windows\System32\lsass.exe
    504 C:\Windows\System32\lsm.exe
    588 C:\Windows\System32\winlogon.exe
    668 C:\Windows\System32\svchost.exe
    756 C:\Windows\System32\svchost.exe
    796 C:\Windows\System32\atiesrxx.exe
    884 C:\Windows\System32\svchost.exe
    928 C:\Windows\System32\svchost.exe
    980 C:\Windows\System32\svchost.exe
    436 C:\Windows\System32\svchost.exe
    1092 C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
    1108 C:\Windows\System32\atieclxx.exe
    1144 C:\Windows\System32\svchost.exe
    1360 C:\Windows\System32\spoolsv.exe
    1380 C:\Windows\System32\taskeng.exe
    1404 C:\Windows\System32\svchost.exe
    1484 C:\Program Files (x86)\avmwlanstick\WLanNetService.exe
    1528 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    1620 C:\Program Files\Microsoft LifeCam\MSCamS64.exe
    1684 svchost.exe
    1716 C:\Windows\System32\svchost.exe
    2068 C:\Windows\System32\taskhost.exe
    2120 C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    2132 C:\Windows\System32\dwm.exe
    2176 C:\Windows\explorer.exe
    2360 C:\Windows\System32\svchost.exe
    2612 C:\Program Files\Windows Sidebar\sidebar.exe
    2620 C:\Program Files (x86)\Common Files\TerraTec\Remote\TTTvRc.exe
    2744 C:\Program Files (x86)\avmwlanstick\WLanGUI.exe
    2764 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    2864 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    2992 C:\Windows\System32\svchost.exe
    2308 C:\Windows\System32\SearchIndexer.exe
    112 C:\Program Files\Windows Media Player\wmpnetwk.exe
    2856 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    3280 C:\Windows\System32\svchost.exe
    4012 C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    2228 <unknown>
    540 WmiPrvSE.exe
    3468 C:\Windows\System32\SearchProtocolHost.exe
    2804 C:\Windows\System32\SearchFilterHost.exe
    3396 C:\Windows\System32\wbem\WMIADAP.exe
    2372 C:\Users\Tim\Desktop\MBRCheck.exe
    3560 C:\Windows\System32\conhost.exe
    2780 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00  (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`00000000  (NTFS)
\\.\E: --> \\.\PhysicalDrive1 at offset 0x00000009`c3dc5600  (NTFS)
\\.\F: --> \\.\PhysicalDrive1 at offset 0x00000022`2dc1ee00  (NTFS)
\\.\I: --> \\.\PhysicalDrive2 at offset 0x00000000`00007e00  (NTFS)

PhysicalDrive1 Model Number: WDC WD3200AAKS-00B3A, Rev: 01.0
PhysicalDrive0 Model Number: IC35L120AVV207-1, Rev: V24OA66A
PhysicalDrive2 Model Number: SeagateFreeAgent XTreme, Rev: 4115

      Size  Device Name          MBR Status
  --------------------------------------------
    298 GB  \\.\PhysicalDrive1  RE: Windows 7 MBR code detected
            SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
    115 GB  \\.\PhysicalDrive0  Unknown MBR code
            SHA1: AEC1DD0568C3B80AFFEC2C2BE03A5BDA9CCC4889
    931 GB  \\.\PhysicalDrive2  RE: Windows XP MBR code detected
            SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

cosinus 17.03.2011 09:01
Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

seeti 17.03.2011 09:26
guten Morgen : )

Hier der Log-File:

Code:
2011/03/17 09:19:48.0472 3092        TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/03/17 09:19:48.0972 3092        ================================================================================
2011/03/17 09:19:48.0972 3092        SystemInfo:
2011/03/17 09:19:48.0972 3092       
2011/03/17 09:19:48.0972 3092        OS Version: 6.1.7600 ServicePack: 0.0
2011/03/17 09:19:48.0972 3092        Product type: Workstation
2011/03/17 09:19:48.0972 3092        ComputerName: SEETI
2011/03/17 09:19:48.0972 3092        UserName: NAME
2011/03/17 09:19:48.0972 3092        Windows directory: C:\Windows
2011/03/17 09:19:48.0972 3092        System windows directory: C:\Windows
2011/03/17 09:19:48.0972 3092        Running under WOW64
2011/03/17 09:19:48.0972 3092        Processor architecture: Intel x64
2011/03/17 09:19:48.0972 3092        Number of processors: 2
2011/03/17 09:19:48.0972 3092        Page size: 0x1000
2011/03/17 09:19:48.0972 3092        Boot type: Normal boot
2011/03/17 09:19:48.0972 3092        ================================================================================
2011/03/17 09:19:51.0988 3092        Initialize success
2011/03/17 09:20:00.0253 3728        ================================================================================
2011/03/17 09:20:00.0253 3728        Scan started
2011/03/17 09:20:00.0253 3728        Mode: Manual;
2011/03/17 09:20:00.0253 3728        ================================================================================
2011/03/17 09:20:01.0800 3728        1394ohci        (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/03/17 09:20:01.0832 3728        ACPI            (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
2011/03/17 09:20:01.0863 3728        AcpiPmi        (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/03/17 09:20:01.0910 3728        adp94xx        (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/03/17 09:20:01.0941 3728        adpahci        (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/03/17 09:20:01.0972 3728        adpu320        (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/03/17 09:20:02.0019 3728        AFD            (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
2011/03/17 09:20:02.0050 3728        agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
2011/03/17 09:20:02.0066 3728        aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
2011/03/17 09:20:02.0113 3728        amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
2011/03/17 09:20:02.0144 3728        AmdK8          (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/03/17 09:20:02.0160 3728        AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/03/17 09:20:02.0191 3728        amdsata        (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
2011/03/17 09:20:02.0207 3728        amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/03/17 09:20:02.0222 3728        amdxata        (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
2011/03/17 09:20:02.0300 3728        AnyDVD          (f60d46c5dc12d95b299e9e47fbd49345) C:\Windows\system32\Drivers\AnyDVD.sys
2011/03/17 09:20:02.0316 3728        AppID          (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
2011/03/17 09:20:02.0347 3728        arc            (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/03/17 09:20:02.0363 3728        arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/03/17 09:20:02.0394 3728        AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/03/17 09:20:02.0410 3728        atapi          (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
2011/03/17 09:20:02.0519 3728        atikmdag        (52bd95caa9cae8977fe043e9ad6d2d0e) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/03/17 09:20:02.0660 3728        avmeject        (1dc2f715792cf33428ad7993acbd224d) C:\Windows\system32\drivers\avmeject.sys
2011/03/17 09:20:02.0691 3728        b06bdrv        (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/03/17 09:20:02.0722 3728        b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/03/17 09:20:02.0753 3728        Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/03/17 09:20:02.0800 3728        blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/03/17 09:20:02.0832 3728        bowser          (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
2011/03/17 09:20:02.0847 3728        BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/03/17 09:20:02.0863 3728        BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/03/17 09:20:02.0894 3728        Brserid        (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/03/17 09:20:02.0910 3728        BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/03/17 09:20:02.0925 3728        BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/03/17 09:20:02.0941 3728        BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/03/17 09:20:02.0957 3728        BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/03/17 09:20:03.0019 3728        cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/03/17 09:20:03.0035 3728        cdrom          (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
2011/03/17 09:20:03.0066 3728        circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/03/17 09:20:03.0097 3728        CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/03/17 09:20:03.0144 3728        CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/03/17 09:20:03.0175 3728        cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
2011/03/17 09:20:03.0207 3728        CNG            (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
2011/03/17 09:20:03.0222 3728        Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/03/17 09:20:03.0253 3728        CompositeBus    (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/03/17 09:20:03.0285 3728        crcdisk        (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/03/17 09:20:03.0332 3728        CSC            (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys
2011/03/17 09:20:03.0394 3728        DfsC            (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
2011/03/17 09:20:03.0410 3728        discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/03/17 09:20:03.0441 3728        Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/03/17 09:20:03.0503 3728        Dot4            (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
2011/03/17 09:20:03.0535 3728        Dot4Print      (85135ad27e79b689335c08167d917cde) C:\Windows\system32\DRIVERS\Dot4Prt.sys
2011/03/17 09:20:03.0582 3728        drmkaud        (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/03/17 09:20:03.0628 3728        DXGKrnl        (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
2011/03/17 09:20:03.0707 3728        ebdrv          (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/03/17 09:20:03.0800 3728        ElbyCDIO        (a14d6e3ef78f6d6ac42f98d633f2400a) C:\Windows\system32\Drivers\ElbyCDIO.sys
2011/03/17 09:20:03.0832 3728        elxstor        (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/03/17 09:20:03.0863 3728        ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
2011/03/17 09:20:03.0910 3728        exfat          (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/03/17 09:20:03.0941 3728        fastfat        (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/03/17 09:20:03.0972 3728        fdc            (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/03/17 09:20:04.0003 3728        FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/03/17 09:20:04.0019 3728        Filetrace      (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/03/17 09:20:04.0050 3728        flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/03/17 09:20:04.0082 3728        FltMgr          (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
2011/03/17 09:20:04.0113 3728        FsDepends      (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/03/17 09:20:04.0128 3728        Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/03/17 09:20:04.0160 3728        fvevol          (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
2011/03/17 09:20:04.0207 3728        FWLANUSB        (444534cba693dd23c1cc589681e01656) C:\Windows\system32\DRIVERS\fwlanusb.sys
2011/03/17 09:20:04.0253 3728        gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/03/17 09:20:04.0332 3728        hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/03/17 09:20:04.0378 3728        HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
2011/03/17 09:20:04.0410 3728        HDAudBus        (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/03/17 09:20:04.0425 3728        HidBatt        (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/03/17 09:20:04.0441 3728        HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/03/17 09:20:04.0457 3728        HidIr          (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/03/17 09:20:04.0503 3728        HidUsb          (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
2011/03/17 09:20:04.0535 3728        HpSAMD          (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/03/17 09:20:04.0582 3728        HTTP            (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
2011/03/17 09:20:04.0644 3728        hwpolicy        (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
2011/03/17 09:20:04.0707 3728        i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/03/17 09:20:04.0738 3728        iaStorV        (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
2011/03/17 09:20:04.0832 3728        iirsp          (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/03/17 09:20:04.0925 3728        intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
2011/03/17 09:20:04.0957 3728        intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/03/17 09:20:04.0988 3728        IpFilterDriver  (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/03/17 09:20:05.0003 3728        IPMIDRV        (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/03/17 09:20:05.0019 3728        IPNAT          (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/03/17 09:20:05.0066 3728        irda            (05360b1ea5a2abf620d1d96ebd8bd8f1) C:\Windows\system32\DRIVERS\irda.sys
2011/03/17 09:20:05.0082 3728        IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/03/17 09:20:05.0128 3728        irsir          (d2ca12736624ba636f8357dc3ef0757e) C:\Windows\system32\DRIVERS\irsir.sys
2011/03/17 09:20:05.0144 3728        isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
2011/03/17 09:20:05.0175 3728        iScsiPrt        (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/03/17 09:20:05.0207 3728        kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/03/17 09:20:05.0238 3728        kbdhid          (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/03/17 09:20:05.0253 3728        KSecDD          (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
2011/03/17 09:20:05.0300 3728        KSecPkg        (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
2011/03/17 09:20:05.0316 3728        ksthunk        (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/03/17 09:20:05.0378 3728        lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/03/17 09:20:05.0410 3728        LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/03/17 09:20:05.0425 3728        LSI_SAS        (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/03/17 09:20:05.0457 3728        LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/03/17 09:20:05.0488 3728        LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/03/17 09:20:05.0503 3728        luafv          (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/03/17 09:20:05.0535 3728        megasas        (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/03/17 09:20:05.0550 3728        MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/03/17 09:20:05.0597 3728        Modem          (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/03/17 09:20:05.0628 3728        monitor        (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/03/17 09:20:05.0644 3728        mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2011/03/17 09:20:05.0675 3728        mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/03/17 09:20:05.0691 3728        mountmgr        (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
2011/03/17 09:20:05.0707 3728        mpio            (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
2011/03/17 09:20:05.0753 3728        mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/03/17 09:20:05.0785 3728        MRxDAV          (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
2011/03/17 09:20:05.0816 3728        mrxsmb          (767a4c3bcf9410c286ced15a2db17108) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/03/17 09:20:05.0847 3728        mrxsmb10        (920ee0ff995fcfdeb08c41605a959e1c) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/03/17 09:20:05.0863 3728        mrxsmb20        (740d7ea9d72c981510a5292cf6adc941) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/03/17 09:20:05.0894 3728        msahci          (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
2011/03/17 09:20:05.0925 3728        msdsm          (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
2011/03/17 09:20:05.0957 3728        Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/03/17 09:20:05.0988 3728        mshidkmdf      (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/03/17 09:20:06.0019 3728        msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/03/17 09:20:06.0066 3728        MSKSSRV        (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/03/17 09:20:06.0082 3728        MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/03/17 09:20:06.0113 3728        MSPQM          (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/03/17 09:20:06.0128 3728        MsRPC          (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
2011/03/17 09:20:06.0160 3728        mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/03/17 09:20:06.0175 3728        MSTEE          (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/03/17 09:20:06.0207 3728        MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/03/17 09:20:06.0222 3728        Mup            (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/03/17 09:20:06.0285 3728        NativeWifiP    (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/03/17 09:20:06.0332 3728        NDIS            (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
2011/03/17 09:20:06.0363 3728        NdisCap        (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/03/17 09:20:06.0394 3728        NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/03/17 09:20:06.0425 3728        Ndisuio        (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/03/17 09:20:06.0441 3728        NdisWan        (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/03/17 09:20:06.0457 3728        NDProxy        (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
2011/03/17 09:20:06.0488 3728        NetBIOS        (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/03/17 09:20:06.0519 3728        NetBT          (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
2011/03/17 09:20:06.0566 3728        nfrd960        (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/03/17 09:20:06.0613 3728        NPF            (351533acc2a069b94e80bbfc177e8fdf) C:\Windows\system32\drivers\npf.sys
2011/03/17 09:20:06.0628 3728        Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/03/17 09:20:06.0660 3728        nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/03/17 09:20:06.0707 3728        Ntfs            (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
2011/03/17 09:20:06.0753 3728        Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/03/17 09:20:06.0785 3728        NVENETFD        (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys
2011/03/17 09:20:06.0832 3728        nvraid          (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
2011/03/17 09:20:06.0863 3728        nvstor          (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
2011/03/17 09:20:06.0878 3728        nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/03/17 09:20:06.0894 3728        ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/03/17 09:20:06.0957 3728        Parport        (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/03/17 09:20:06.0972 3728        partmgr        (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
2011/03/17 09:20:07.0019 3728        pci            (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
2011/03/17 09:20:07.0035 3728        pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
2011/03/17 09:20:07.0066 3728        pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/03/17 09:20:07.0082 3728        pcw            (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/03/17 09:20:07.0113 3728        PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/03/17 09:20:07.0222 3728        PptpMiniport    (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
2011/03/17 09:20:07.0238 3728        Processor      (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/03/17 09:20:07.0285 3728        Psched          (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
2011/03/17 09:20:07.0332 3728        ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/03/17 09:20:07.0378 3728        ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/03/17 09:20:07.0410 3728        QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/03/17 09:20:07.0425 3728        RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/03/17 09:20:07.0457 3728        RasAgileVpn    (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/03/17 09:20:07.0472 3728        Rasl2tp        (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/03/17 09:20:07.0503 3728        RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/03/17 09:20:07.0535 3728        RasSstp        (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/03/17 09:20:07.0550 3728        rdbss          (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
2011/03/17 09:20:07.0582 3728        rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/03/17 09:20:07.0597 3728        RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/03/17 09:20:07.0628 3728        RDPDR          (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys
2011/03/17 09:20:07.0675 3728        RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/03/17 09:20:07.0691 3728        RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/03/17 09:20:07.0707 3728        RDPWD          (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
2011/03/17 09:20:07.0738 3728        rdyboost        (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
2011/03/17 09:20:07.0800 3728        rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/03/17 09:20:07.0863 3728        s0016bus        (ea268bce30691c2dd24f02e617fd2eb5) C:\Windows\system32\DRIVERS\s0016bus.sys
2011/03/17 09:20:07.0878 3728        s0016mdfl      (f5f9deb89996d333ef976624d37e24e3) C:\Windows\system32\DRIVERS\s0016mdfl.sys
2011/03/17 09:20:07.0910 3728        s0016mdm        (c17ce2aee67480febcc36eccb54c0be8) C:\Windows\system32\DRIVERS\s0016mdm.sys
2011/03/17 09:20:07.0941 3728        s0016mgmt      (cc267f04c54c5ec5b7bd658d7628469f) C:\Windows\system32\DRIVERS\s0016mgmt.sys
2011/03/17 09:20:07.0972 3728        s0016nd5        (30a35bbce09d9fe67482fd62c61911fc) C:\Windows\system32\DRIVERS\s0016nd5.sys
2011/03/17 09:20:07.0988 3728        s0016obex      (ca394dcc38579c7ad82e83ee64d798a0) C:\Windows\system32\DRIVERS\s0016obex.sys
2011/03/17 09:20:08.0035 3728        s0016unic      (eb267ccea84e6e8598d92f73332ac67b) C:\Windows\system32\DRIVERS\s0016unic.sys
2011/03/17 09:20:08.0066 3728        s3cap          (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys
2011/03/17 09:20:08.0097 3728        sbp2port        (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/03/17 09:20:08.0128 3728        scfilter        (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
2011/03/17 09:20:08.0191 3728        SE1008mdm      (e56568da6064404861dcf223c6bf4b36) C:\Windows\system32\DRIVERS\SE1008mdm_x64.sys
2011/03/17 09:20:08.0222 3728        secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/03/17 09:20:08.0269 3728        Serenum        (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/03/17 09:20:08.0300 3728        Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/03/17 09:20:08.0316 3728        sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/03/17 09:20:08.0347 3728        sffdisk        (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/03/17 09:20:08.0363 3728        sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/03/17 09:20:08.0394 3728        sffp_sd        (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/03/17 09:20:08.0410 3728        sfloppy        (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/03/17 09:20:08.0457 3728        SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/03/17 09:20:08.0472 3728        SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/03/17 09:20:08.0503 3728        Smb            (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/03/17 09:20:08.0550 3728        spldr          (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/03/17 09:20:08.0628 3728        sptd            (602884696850c86434530790b110e8eb) C:\Windows\system32\Drivers\sptd.sys
2011/03/17 09:20:08.0628 3728        Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850c86434530790b110e8eb
2011/03/17 09:20:08.0628 3728        sptd - detected Locked file (1)
2011/03/17 09:20:08.0675 3728        srv            (de6f5658da951c4bc8e498570b5b0d5f) C:\Windows\system32\DRIVERS\srv.sys
2011/03/17 09:20:08.0722 3728        srv2            (4d33d59c0b930c523d29f9bd40cda9d2) C:\Windows\system32\DRIVERS\srv2.sys
2011/03/17 09:20:08.0753 3728        srvnet          (5a663fd67049267bc5c3f3279e631ffb) C:\Windows\system32\DRIVERS\srvnet.sys
2011/03/17 09:20:08.0785 3728        stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/03/17 09:20:08.0832 3728        storflt        (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys
2011/03/17 09:20:08.0878 3728        storvsc        (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys
2011/03/17 09:20:08.0894 3728        swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
2011/03/17 09:20:08.0972 3728        Tcpip          (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys
2011/03/17 09:20:09.0035 3728        TCPIP6          (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys
2011/03/17 09:20:09.0082 3728        tcpipreg        (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
2011/03/17 09:20:09.0097 3728        TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/03/17 09:20:09.0113 3728        TDTCP          (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/03/17 09:20:09.0144 3728        tdx            (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
2011/03/17 09:20:09.0175 3728        TermDD          (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
2011/03/17 09:20:09.0207 3728        tssecsrv        (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/03/17 09:20:09.0238 3728        tunnel          (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
2011/03/17 09:20:09.0269 3728        uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/03/17 09:20:09.0300 3728        udfs            (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
2011/03/17 09:20:09.0347 3728        uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/03/17 09:20:09.0378 3728        umbus          (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
2011/03/17 09:20:09.0394 3728        UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/03/17 09:20:09.0457 3728        USB28xxBGA      (7815ed341c2fa24fc26b5411a1c20586) C:\Windows\system32\DRIVERS\emBDA64.sys
2011/03/17 09:20:09.0488 3728        USB28xxOEM      (d4d70ccc5ed0804d63abad0aa01ae65a) C:\Windows\system32\DRIVERS\emOEM64.sys
2011/03/17 09:20:09.0535 3728        usbaudio        (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
2011/03/17 09:20:09.0582 3728        usbccgp        (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/03/17 09:20:09.0613 3728        usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
2011/03/17 09:20:09.0675 3728        usbehci        (df9f9afc9aaabd8ed47975d44e38169a) C:\Windows\system32\DRIVERS\usbehci.sys
2011/03/17 09:20:09.0707 3728        usbhub          (372a91bc3c6603080a793880b0873785) C:\Windows\system32\DRIVERS\usbhub.sys
2011/03/17 09:20:09.0738 3728        usbohci        (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
2011/03/17 09:20:09.0753 3728        usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/03/17 09:20:09.0785 3728        USBSTOR        (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/03/17 09:20:09.0800 3728        usbuhci        (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/03/17 09:20:09.0832 3728        vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/03/17 09:20:09.0847 3728        vga            (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/03/17 09:20:09.0878 3728        VgaSave        (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/03/17 09:20:09.0910 3728        vhdmp          (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/03/17 09:20:09.0925 3728        viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
2011/03/17 09:20:09.0972 3728        vmbus          (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys
2011/03/17 09:20:09.0988 3728        VMBusHID        (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys
2011/03/17 09:20:10.0019 3728        volmgr          (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/03/17 09:20:10.0035 3728        volmgrx        (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
2011/03/17 09:20:10.0066 3728        volsnap        (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
2011/03/17 09:20:10.0144 3728        vpnva          (e526a69d932538ae8bc96b3f4a5a90b1) C:\Windows\system32\DRIVERS\vpnva64.sys
2011/03/17 09:20:10.0175 3728        vsmraid        (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/03/17 09:20:10.0191 3728        vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
2011/03/17 09:20:10.0269 3728        VX1000          (ce6c085771812d5ee863cc7ef93caef2) C:\Windows\system32\DRIVERS\VX1000.sys
2011/03/17 09:20:10.0347 3728        WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/03/17 09:20:10.0378 3728        WANARP          (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/03/17 09:20:10.0394 3728        Wanarpv6        (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/03/17 09:20:10.0457 3728        Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/03/17 09:20:10.0488 3728        Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/03/17 09:20:10.0550 3728        WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/03/17 09:20:10.0582 3728        WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/03/17 09:20:10.0660 3728        WinUsb          (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/03/17 09:20:10.0675 3728        WmiAcpi        (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/03/17 09:20:10.0722 3728        ws2ifsl        (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/03/17 09:20:10.0769 3728        WudfPf          (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
2011/03/17 09:20:10.0800 3728        WUDFRd          (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/03/17 09:20:10.0910 3728        ================================================================================
2011/03/17 09:20:10.0910 3728        Scan finished
2011/03/17 09:20:10.0910 3728        ================================================================================
2011/03/17 09:20:10.0925 2872        Detected object count: 1
2011/03/17 09:20:22.0863 2872        Locked file(sptd) - User select action: Skip
2011/03/17 09:22:16.0377 3316        ================================================================================
2011/03/17 09:22:16.0377 3316        Scan started
2011/03/17 09:22:16.0377 3316        Mode: Manual;
2011/03/17 09:22:16.0377 3316        ================================================================================
2011/03/17 09:22:17.0002 3316        1394ohci        (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/03/17 09:22:17.0034 3316        ACPI            (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
2011/03/17 09:22:17.0065 3316        AcpiPmi        (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/03/17 09:22:17.0096 3316        adp94xx        (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/03/17 09:22:17.0190 3316        adpahci        (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/03/17 09:22:17.0268 3316        adpu320        (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/03/17 09:22:17.0377 3316        AFD            (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
2011/03/17 09:22:17.0456 3316        agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
2011/03/17 09:22:17.0534 3316        aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
2011/03/17 09:22:17.0596 3316        amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
2011/03/17 09:22:17.0643 3316        AmdK8          (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/03/17 09:22:17.0737 3316        AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/03/17 09:22:17.0815 3316        amdsata        (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
2011/03/17 09:22:17.0877 3316        amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/03/17 09:22:17.0987 3316        amdxata        (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
2011/03/17 09:22:18.0065 3316        AnyDVD          (f60d46c5dc12d95b299e9e47fbd49345) C:\Windows\system32\Drivers\AnyDVD.sys
2011/03/17 09:22:18.0127 3316        AppID          (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
2011/03/17 09:22:18.0190 3316        arc            (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/03/17 09:22:18.0221 3316        arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/03/17 09:22:18.0331 3316        AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/03/17 09:22:18.0346 3316        atapi          (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
2011/03/17 09:22:18.0596 3316        atikmdag        (52bd95caa9cae8977fe043e9ad6d2d0e) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/03/17 09:22:18.0706 3316        avmeject        (1dc2f715792cf33428ad7993acbd224d) C:\Windows\system32\drivers\avmeject.sys
2011/03/17 09:22:18.0815 3316        b06bdrv        (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/03/17 09:22:18.0893 3316        b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/03/17 09:22:18.0971 3316        Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/03/17 09:22:19.0002 3316        blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/03/17 09:22:19.0034 3316        bowser          (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
2011/03/17 09:22:19.0096 3316        BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/03/17 09:22:19.0143 3316        BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/03/17 09:22:19.0237 3316        Brserid        (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/03/17 09:22:19.0284 3316        BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/03/17 09:22:19.0362 3316        BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/03/17 09:22:19.0424 3316        BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/03/17 09:22:19.0502 3316        BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/03/17 09:22:19.0627 3316        cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/03/17 09:22:19.0706 3316        cdrom          (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
2011/03/17 09:22:19.0768 3316        circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/03/17 09:22:19.0846 3316        CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/03/17 09:22:19.0971 3316        CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/03/17 09:22:20.0034 3316        cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
2011/03/17 09:22:20.0127 3316        CNG            (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
2011/03/17 09:22:20.0174 3316        Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/03/17 09:22:20.0206 3316        CompositeBus    (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/03/17 09:22:20.0237 3316        crcdisk        (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/03/17 09:22:20.0331 3316        CSC            (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys
2011/03/17 09:22:20.0424 3316        DfsC            (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
2011/03/17 09:22:20.0502 3316        discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/03/17 09:22:20.0565 3316        Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/03/17 09:22:20.0627 3316        Dot4            (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
2011/03/17 09:22:20.0706 3316        Dot4Print      (85135ad27e79b689335c08167d917cde) C:\Windows\system32\DRIVERS\Dot4Prt.sys
2011/03/17 09:22:20.0799 3316        drmkaud        (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/03/17 09:22:21.0002 3316        DXGKrnl        (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
2011/03/17 09:22:21.0377 3316        ebdrv          (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/03/17 09:22:21.0440 3316        ElbyCDIO        (a14d6e3ef78f6d6ac42f98d633f2400a) C:\Windows\system32\Drivers\ElbyCDIO.sys
2011/03/17 09:22:21.0549 3316        elxstor        (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/03/17 09:22:21.0627 3316        ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
2011/03/17 09:22:21.0706 3316        exfat          (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/03/17 09:22:21.0768 3316        fastfat        (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/03/17 09:22:21.0831 3316        fdc            (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/03/17 09:22:21.0893 3316        FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/03/17 09:22:21.0940 3316        Filetrace      (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/03/17 09:22:22.0034 3316        flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/03/17 09:22:22.0127 3316        FltMgr          (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
2011/03/17 09:22:22.0190 3316        FsDepends      (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/03/17 09:22:22.0221 3316        Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/03/17 09:22:22.0252 3316        fvevol          (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
2011/03/17 09:22:22.0346 3316        FWLANUSB        (444534cba693dd23c1cc589681e01656) C:\Windows\system32\DRIVERS\fwlanusb.sys
2011/03/17 09:22:22.0471 3316        gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/03/17 09:22:22.0596 3316        hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/03/17 09:22:22.0706 3316        HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
2011/03/17 09:22:22.0752 3316        HDAudBus        (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/03/17 09:22:22.0831 3316        HidBatt        (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/03/17 09:22:22.0893 3316        HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/03/17 09:22:22.0956 3316        HidIr          (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/03/17 09:22:23.0002 3316        HidUsb          (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
2011/03/17 09:22:23.0096 3316        HpSAMD          (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/03/17 09:22:23.0174 3316        HTTP            (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
2011/03/17 09:22:23.0190 3316        hwpolicy        (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
2011/03/17 09:22:23.0221 3316        i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/03/17 09:22:23.0237 3316        iaStorV        (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
2011/03/17 09:22:23.0268 3316        iirsp          (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/03/17 09:22:23.0299 3316        intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
2011/03/17 09:22:23.0315 3316        intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/03/17 09:22:23.0346 3316        IpFilterDriver  (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/03/17 09:22:23.0362 3316        IPMIDRV        (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/03/17 09:22:23.0393 3316        IPNAT          (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/03/17 09:22:23.0424 3316        irda            (05360b1ea5a2abf620d1d96ebd8bd8f1) C:\Windows\system32\DRIVERS\irda.sys
2011/03/17 09:22:23.0424 3316        IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/03/17 09:22:23.0471 3316        irsir          (d2ca12736624ba636f8357dc3ef0757e) C:\Windows\system32\DRIVERS\irsir.sys
2011/03/17 09:22:23.0502 3316        isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
2011/03/17 09:22:23.0518 3316        iScsiPrt        (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/03/17 09:22:23.0549 3316        kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/03/17 09:22:23.0565 3316        kbdhid          (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/03/17 09:22:23.0596 3316        KSecDD          (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
2011/03/17 09:22:23.0627 3316        KSecPkg        (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
2011/03/17 09:22:23.0643 3316        ksthunk        (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/03/17 09:22:23.0690 3316        lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/03/17 09:22:23.0721 3316        LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/03/17 09:22:23.0737 3316        LSI_SAS        (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/03/17 09:22:23.0752 3316        LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/03/17 09:22:23.0768 3316        LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/03/17 09:22:23.0799 3316        luafv          (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/03/17 09:22:23.0815 3316        megasas        (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/03/17 09:22:23.0846 3316        MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/03/17 09:22:23.0877 3316        Modem          (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/03/17 09:22:23.0893 3316        monitor        (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/03/17 09:22:23.0909 3316        mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2011/03/17 09:22:23.0940 3316        mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/03/17 09:22:23.0956 3316        mountmgr        (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
2011/03/17 09:22:23.0987 3316        mpio            (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
2011/03/17 09:22:24.0002 3316        mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/03/17 09:22:24.0034 3316        MRxDAV          (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
2011/03/17 09:22:24.0065 3316        mrxsmb          (767a4c3bcf9410c286ced15a2db17108) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/03/17 09:22:24.0081 3316        mrxsmb10        (920ee0ff995fcfdeb08c41605a959e1c) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/03/17 09:22:24.0112 3316        mrxsmb20        (740d7ea9d72c981510a5292cf6adc941) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/03/17 09:22:24.0127 3316        msahci          (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
2011/03/17 09:22:24.0159 3316        msdsm          (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
2011/03/17 09:22:24.0206 3316        Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/03/17 09:22:24.0221 3316        mshidkmdf      (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/03/17 09:22:24.0237 3316        msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/03/17 09:22:24.0299 3316        MSKSSRV        (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/03/17 09:22:24.0362 3316        MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/03/17 09:22:24.0424 3316        MSPQM          (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/03/17 09:22:24.0487 3316        MsRPC          (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
2011/03/17 09:22:24.0581 3316        mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/03/17 09:22:24.0643 3316        MSTEE          (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/03/17 09:22:24.0752 3316        MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/03/17 09:22:24.0815 3316        Mup            (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/03/17 09:22:24.0971 3316        NativeWifiP    (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/03/17 09:22:25.0081 3316        NDIS            (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
2011/03/17 09:22:25.0159 3316        NdisCap        (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/03/17 09:22:25.0237 3316        NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/03/17 09:22:25.0284 3316        Ndisuio        (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/03/17 09:22:25.0393 3316        NdisWan        (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/03/17 09:22:25.0456 3316        NDProxy        (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
2011/03/17 09:22:25.0518 3316        NetBIOS        (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/03/17 09:22:25.0596 3316        NetBT          (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
2011/03/17 09:22:25.0674 3316        nfrd960        (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/03/17 09:22:25.0768 3316        NPF            (351533acc2a069b94e80bbfc177e8fdf) C:\Windows\system32\drivers\npf.sys
2011/03/17 09:22:25.0815 3316        Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/03/17 09:22:25.0893 3316        nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/03/17 09:22:26.0018 3316        Ntfs            (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
2011/03/17 09:22:26.0081 3316        Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/03/17 09:22:26.0206 3316        NVENETFD        (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys
2011/03/17 09:22:26.0237 3316        nvraid          (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
2011/03/17 09:22:26.0440 3316        nvstor          (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
2011/03/17 09:22:26.0534 3316        nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/03/17 09:22:26.0612 3316        ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/03/17 09:22:26.0690 3316        Parport        (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/03/17 09:22:26.0737 3316        partmgr        (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
2011/03/17 09:22:26.0831 3316        pci            (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
2011/03/17 09:22:26.0909 3316        pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
2011/03/17 09:22:27.0002 3316        pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/03/17 09:22:27.0049 3316        pcw            (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/03/17 09:22:27.0159 3316        PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/03/17 09:22:27.0268 3316        PptpMiniport    (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
2011/03/17 09:22:27.0331 3316        Processor      (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/03/17 09:22:27.0377 3316        Psched          (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
2011/03/17 09:22:27.0565 3316        ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/03/17 09:22:27.0627 3316        ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/03/17 09:22:27.0690 3316        QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/03/17 09:22:27.0721 3316        RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/03/17 09:22:27.0768 3316        RasAgileVpn    (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/03/17 09:22:27.0815 3316        Rasl2tp        (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/03/17 09:22:27.0862 3316        RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/03/17 09:22:27.0940 3316        RasSstp        (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/03/17 09:22:28.0049 3316        rdbss          (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
2011/03/17 09:22:28.0159 3316        rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/03/17 09:22:28.0174 3316        RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/03/17 09:22:28.0237 3316        RDPDR          (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys
2011/03/17 09:22:28.0299 3316        RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/03/17 09:22:28.0377 3316        RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/03/17 09:22:28.0440 3316        RDPWD          (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
2011/03/17 09:22:28.0471 3316        rdyboost        (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
2011/03/17 09:22:28.0627 3316        rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/03/17 09:22:28.0721 3316        s0016bus        (ea268bce30691c2dd24f02e617fd2eb5) C:\Windows\system32\DRIVERS\s0016bus.sys
2011/03/17 09:22:28.0799 3316        s0016mdfl      (f5f9deb89996d333ef976624d37e24e3) C:\Windows\system32\DRIVERS\s0016mdfl.sys
2011/03/17 09:22:28.0846 3316        s0016mdm        (c17ce2aee67480febcc36eccb54c0be8) C:\Windows\system32\DRIVERS\s0016mdm.sys
2011/03/17 09:22:28.0940 3316        s0016mgmt      (cc267f04c54c5ec5b7bd658d7628469f) C:\Windows\system32\DRIVERS\s0016mgmt.sys
2011/03/17 09:22:29.0034 3316        s0016nd5        (30a35bbce09d9fe67482fd62c61911fc) C:\Windows\system32\DRIVERS\s0016nd5.sys
2011/03/17 09:22:29.0127 3316        s0016obex      (ca394dcc38579c7ad82e83ee64d798a0) C:\Windows\system32\DRIVERS\s0016obex.sys
2011/03/17 09:22:29.0237 3316        s0016unic      (eb267ccea84e6e8598d92f73332ac67b) C:\Windows\system32\DRIVERS\s0016unic.sys
2011/03/17 09:22:29.0331 3316        s3cap          (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys
2011/03/17 09:22:29.0440 3316        sbp2port        (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/03/17 09:22:29.0549 3316        scfilter        (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
2011/03/17 09:22:29.0659 3316        SE1008mdm      (e56568da6064404861dcf223c6bf4b36) C:\Windows\system32\DRIVERS\SE1008mdm_x64.sys
2011/03/17 09:22:29.0752 3316        secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/03/17 09:22:29.0831 3316        Serenum        (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/03/17 09:22:29.0909 3316        Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/03/17 09:22:30.0002 3316        sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/03/17 09:22:30.0081 3316        sffdisk        (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/03/17 09:22:30.0143 3316        sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/03/17 09:22:30.0174 3316        sffp_sd        (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/03/17 09:22:30.0206 3316        sfloppy        (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/03/17 09:22:30.0237 3316        SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/03/17 09:22:30.0315 3316        SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/03/17 09:22:30.0362 3316        Smb            (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/03/17 09:22:30.0456 3316        spldr          (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/03/17 09:22:30.0596 3316        sptd            (602884696850c86434530790b110e8eb) C:\Windows\system32\Drivers\sptd.sys
2011/03/17 09:22:30.0596 3316        Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850c86434530790b110e8eb
2011/03/17 09:22:30.0596 3316        sptd - detected Locked file (1)
2011/03/17 09:22:30.0690 3316        srv            (de6f5658da951c4bc8e498570b5b0d5f) C:\Windows\system32\DRIVERS\srv.sys
2011/03/17 09:22:30.0784 3316        srv2            (4d33d59c0b930c523d29f9bd40cda9d2) C:\Windows\system32\DRIVERS\srv2.sys
2011/03/17 09:22:30.0846 3316        srvnet          (5a663fd67049267bc5c3f3279e631ffb) C:\Windows\system32\DRIVERS\srvnet.sys
2011/03/17 09:22:30.0956 3316        stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/03/17 09:22:31.0002 3316        storflt        (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys
2011/03/17 09:22:31.0034 3316        storvsc        (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys
2011/03/17 09:22:31.0096 3316        swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
2011/03/17 09:22:31.0268 3316        Tcpip          (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys
2011/03/17 09:22:31.0424 3316        TCPIP6          (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys
2011/03/17 09:22:31.0534 3316        tcpipreg        (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
2011/03/17 09:22:31.0596 3316        TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/03/17 09:22:31.0659 3316        TDTCP          (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/03/17 09:22:31.0690 3316        tdx            (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
2011/03/17 09:22:31.0784 3316        TermDD          (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
2011/03/17 09:22:31.0877 3316        tssecsrv        (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/03/17 09:22:31.0924 3316        tunnel          (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
2011/03/17 09:22:31.0987 3316        uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/03/17 09:22:32.0049 3316        udfs            (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
2011/03/17 09:22:32.0159 3316        uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/03/17 09:22:32.0190 3316        umbus          (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
2011/03/17 09:22:32.0206 3316        UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/03/17 09:22:32.0377 3316        USB28xxBGA      (7815ed341c2fa24fc26b5411a1c20586) C:\Windows\system32\DRIVERS\emBDA64.sys
2011/03/17 09:22:32.0456 3316        USB28xxOEM      (d4d70ccc5ed0804d63abad0aa01ae65a) C:\Windows\system32\DRIVERS\emOEM64.sys
2011/03/17 09:22:32.0518 3316        usbaudio        (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
2011/03/17 09:22:32.0674 3316        usbccgp        (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/03/17 09:22:32.0768 3316        usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
2011/03/17 09:22:32.0893 3316        usbehci        (df9f9afc9aaabd8ed47975d44e38169a) C:\Windows\system32\DRIVERS\usbehci.sys
2011/03/17 09:22:32.0956 3316        usbhub          (372a91bc3c6603080a793880b0873785) C:\Windows\system32\DRIVERS\usbhub.sys
2011/03/17 09:22:33.0096 3316        usbohci        (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
2011/03/17 09:22:33.0174 3316        usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/03/17 09:22:33.0268 3316        USBSTOR        (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/03/17 09:22:33.0299 3316        usbuhci        (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/03/17 09:22:33.0377 3316        vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/03/17 09:22:33.0440 3316        vga            (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/03/17 09:22:33.0487 3316        VgaSave        (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/03/17 09:22:33.0518 3316        vhdmp          (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/03/17 09:22:33.0534 3316        viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
2011/03/17 09:22:33.0643 3316        vmbus          (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys
2011/03/17 09:22:33.0737 3316        VMBusHID        (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys
2011/03/17 09:22:33.0815 3316        volmgr          (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/03/17 09:22:33.0909 3316        volmgrx        (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
2011/03/17 09:22:33.0956 3316        volsnap        (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
2011/03/17 09:22:34.0049 3316        vpnva          (e526a69d932538ae8bc96b3f4a5a90b1) C:\Windows\system32\DRIVERS\vpnva64.sys
2011/03/17 09:22:34.0112 3316        vsmraid        (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/03/17 09:22:34.0174 3316        vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
2011/03/17 09:22:34.0268 3316        VX1000          (ce6c085771812d5ee863cc7ef93caef2) C:\Windows\system32\DRIVERS\VX1000.sys
2011/03/17 09:22:34.0362 3316        WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/03/17 09:22:34.0424 3316        WANARP          (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/03/17 09:22:34.0440 3316        Wanarpv6        (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/03/17 09:22:34.0518 3316        Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/03/17 09:22:34.0596 3316        Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/03/17 09:22:34.0674 3316        WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/03/17 09:22:34.0752 3316        WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/03/17 09:22:34.0815 3316        WinUsb          (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/03/17 09:22:34.0877 3316        WmiAcpi        (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/03/17 09:22:34.0940 3316        ws2ifsl        (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/03/17 09:22:35.0034 3316        WudfPf          (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
2011/03/17 09:22:35.0096 3316        WUDFRd          (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/03/17 09:22:35.0190 3316        ================================================================================
2011/03/17 09:22:35.0190 3316        Scan finished
2011/03/17 09:22:35.0190 3316        ================================================================================
2011/03/17 09:22:35.0206 3744        Detected object count: 1
2011/03/17 09:23:39.0402 3744        HKLM\SYSTEM\ControlSet001\services\sptd - will be deleted after reboot
2011/03/17 09:23:39.0417 3744        HKLM\SYSTEM\ControlSet002\services\sptd - will be deleted after reboot
2011/03/17 09:23:39.0433 3744        C:\Windows\system32\Drivers\sptd.sys - will be deleted after reboot
2011/03/17 09:23:39.0433 3744        Locked file(sptd) - User select action: Delete
2011/03/17 09:23:45.0339 3108        Deinitialize success

cosinus 17.03.2011 09:53
Zitat:
2011/03/17 09:22:35.0206 3744 Detected object count: 1
2011/03/17 09:23:39.0402 3744 HKLM\SYSTEM\ControlSet001\services\sptd - will be deleted after reboot
2011/03/17 09:23:39.0417 3744 HKLM\SYSTEM\ControlSet002\services\sptd - will be deleted after reboot
2011/03/17 09:23:39.0433 3744 C:\Windows\system32\Drivers\sptd.sys - will be deleted after reboot
2011/03/17 09:23:39.0433 3744 Locked file(sptd) - User select action: Delete
2011/03/17 09:23:45.0339 3108 Deinitialize success
Den SPTD-Treiber hättest du nicht löschen müssen.

Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

seeti 17.03.2011 12:23
Hier die Scan-Ergebnisse:

Code:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6067

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

17.03.2011 12:20:16
mbam-log-2011-03-17 (12-20-16).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|)
Durchsuchte Objekte: 320352
Laufzeit: 19 Minute(n), 18 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Code:
SUPERAntiSpyware Scann-Protokoll
hxxp://www.superantispyware.com

Generiert 03/17/2011 bei 11:58 AM

Version der Applikation : 4.49.1000

Version der Kern-Datenbank : 6614
Version der Spur-Datenbank : 4426

Scan Art      : kompletter Scann
Totale Scann-Zeit : 01:25:17

Gescannte Speicherelemente  : 669
Erfasste Speicher-Bedrohungen  : 0
Gescannte Register-Elemente  : 14145
Erfasste Register-Bedrohungen  : 0
Gescannte Datei-Elemente    : 160424
Erfasste Datei-Elemente  : 0
Erst einmal ein ganz großes und ehrliches DANKESCHÖN bis hier hin! Das hätte ich allein nie hinbekommen!
Gibt es weitere Schritte, die ich unternehmen sollte?

Herzliche Grüße


Alle Zeitangaben in WEZ +1. Es ist jetzt 21:09 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131