Trojaner Recycler und Malware auf dem USB-Stick und dem Rechner?

vee · 04.04.2011, 20:08

Hab ich gemacht aber stürzt trotzdem ab -.-

cosinus · 04.04.2011, 20:30

Dann erstmal dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

vee · 04.04.2011, 20:49

TDSSKiller Log:

Code:

ATTFilter

2011/04/04 21:42:48.0877 3244	TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/04 21:42:49.0205 3244	================================================================================
2011/04/04 21:42:49.0205 3244	SystemInfo:
2011/04/04 21:42:49.0205 3244	
2011/04/04 21:42:49.0205 3244	OS Version: 6.1.7600 ServicePack: 0.0
2011/04/04 21:42:49.0205 3244	Product type: Workstation
2011/04/04 21:42:49.0205 3244	ComputerName: VEE-PC
2011/04/04 21:42:49.0205 3244	UserName: Vee
2011/04/04 21:42:49.0205 3244	Windows directory: C:\Windows
2011/04/04 21:42:49.0205 3244	System windows directory: C:\Windows
2011/04/04 21:42:49.0205 3244	Processor architecture: Intel x86
2011/04/04 21:42:49.0205 3244	Number of processors: 2
2011/04/04 21:42:49.0205 3244	Page size: 0x1000
2011/04/04 21:42:49.0205 3244	Boot type: Normal boot
2011/04/04 21:42:49.0205 3244	================================================================================
2011/04/04 21:42:52.0902 3244	Initialize success
2011/04/04 21:43:23.0353 2900	================================================================================
2011/04/04 21:43:23.0353 2900	Scan started
2011/04/04 21:43:23.0353 2900	Mode: Manual; 
2011/04/04 21:43:23.0353 2900	================================================================================
2011/04/04 21:43:25.0615 2900	1394ohci        (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/04/04 21:43:25.0677 2900	ACPI            (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
2011/04/04 21:43:25.0709 2900	AcpiPmi         (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/04/04 21:43:25.0771 2900	adp94xx         (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/04/04 21:43:25.0818 2900	adpahci         (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2011/04/04 21:43:25.0880 2900	adpu320         (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2011/04/04 21:43:25.0958 2900	AFD             (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
2011/04/04 21:43:26.0067 2900	AgereSoftModem  (7e10e3bb9b258ad8a9300f91214d67b9) C:\Windows\system32\DRIVERS\AGRSM.sys
2011/04/04 21:43:26.0130 2900	agp440          (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
2011/04/04 21:43:26.0177 2900	aic78xx         (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2011/04/04 21:43:26.0255 2900	aliide          (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
2011/04/04 21:43:26.0286 2900	amdagp          (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
2011/04/04 21:43:26.0317 2900	amdide          (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
2011/04/04 21:43:26.0364 2900	AmdK8           (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2011/04/04 21:43:26.0411 2900	AmdPPM          (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2011/04/04 21:43:26.0442 2900	amdsata         (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
2011/04/04 21:43:26.0489 2900	amdsbs          (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/04/04 21:43:26.0535 2900	amdxata         (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
2011/04/04 21:43:26.0629 2900	AppID           (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
2011/04/04 21:43:26.0754 2900	arc             (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2011/04/04 21:43:26.0801 2900	arcsas          (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2011/04/04 21:43:26.0847 2900	aswFsBlk        (1c2e6bb4fe8621b1b863855b02bc33eb) C:\Windows\system32\drivers\aswFsBlk.sys
2011/04/04 21:43:26.0910 2900	aswMonFlt       (b0f137f664f10829cd2380b0e20e7c29) C:\Windows\system32\drivers\aswMonFlt.sys
2011/04/04 21:43:26.0988 2900	aswRdr          (b6a9373619d851be80fb5f1b5eed0d4e) C:\Windows\system32\drivers\aswRdr.sys
2011/04/04 21:43:27.0066 2900	aswSnx          (9be41c1ae8bc481eb662d85c98d979c2) C:\Windows\system32\drivers\aswSnx.sys
2011/04/04 21:43:27.0175 2900	aswSP           (4b1a54ba2bc5873a774df6b70ab8b0b3) C:\Windows\system32\drivers\aswSP.sys
2011/04/04 21:43:27.0237 2900	aswTdi          (c7f1cea32766184911293f4e1ee653f5) C:\Windows\system32\drivers\aswTdi.sys
2011/04/04 21:43:27.0300 2900	AsyncMac        (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/04/04 21:43:27.0362 2900	atapi           (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
2011/04/04 21:43:27.0518 2900	b06bdrv         (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2011/04/04 21:43:27.0581 2900	b57nd60x        (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/04/04 21:43:27.0643 2900	Beep            (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2011/04/04 21:43:27.0705 2900	blbdrive        (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/04/04 21:43:27.0768 2900	bowser          (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys
2011/04/04 21:43:27.0799 2900	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/04/04 21:43:27.0830 2900	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/04/04 21:43:27.0893 2900	Brserid         (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2011/04/04 21:43:27.0924 2900	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/04/04 21:43:27.0971 2900	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/04/04 21:43:28.0017 2900	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/04/04 21:43:28.0080 2900	BthEnum         (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\DRIVERS\BthEnum.sys
2011/04/04 21:43:28.0111 2900	BTHMODEM        (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/04/04 21:43:28.0205 2900	BthPan          (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
2011/04/04 21:43:28.0267 2900	BTHPORT         (4a34888e13224678dd062466afec4240) C:\Windows\system32\Drivers\BTHport.sys
2011/04/04 21:43:28.0329 2900	BTHUSB          (fa04c63916fa221dbb91fce153d07a55) C:\Windows\system32\Drivers\BTHUSB.sys
2011/04/04 21:43:28.0392 2900	cdfs            (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2011/04/04 21:43:28.0454 2900	cdrom           (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
2011/04/04 21:43:28.0517 2900	circlass        (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2011/04/04 21:43:28.0563 2900	CLFS            (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2011/04/04 21:43:28.0657 2900	CmBatt          (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/04/04 21:43:28.0688 2900	cmdide          (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
2011/04/04 21:43:28.0735 2900	CNG             (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2011/04/04 21:43:28.0797 2900	Compbatt        (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2011/04/04 21:43:28.0844 2900	CompositeBus    (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/04/04 21:43:28.0891 2900	crcdisk         (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/04/04 21:43:28.0985 2900	CSC             (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
2011/04/04 21:43:29.0094 2900	DCamUSBGene     (4aefc07ae970fb75201cdcb79e9bad33) C:\Windows\system32\DRIVERS\usbgene.sys
2011/04/04 21:43:29.0172 2900	DfsC            (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
2011/04/04 21:43:29.0219 2900	discache        (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2011/04/04 21:43:29.0281 2900	Disk            (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2011/04/04 21:43:29.0390 2900	drmkaud         (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2011/04/04 21:43:29.0453 2900	DXGKrnl         (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys
2011/04/04 21:43:29.0609 2900	ebdrv           (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2011/04/04 21:43:30.0077 2900	elxstor         (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2011/04/04 21:43:30.0123 2900	ErrDev          (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
2011/04/04 21:43:30.0186 2900	exfat           (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2011/04/04 21:43:30.0233 2900	fastfat         (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2011/04/04 21:43:30.0279 2900	fdc             (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2011/04/04 21:43:30.0342 2900	FileInfo        (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2011/04/04 21:43:30.0373 2900	Filetrace       (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2011/04/04 21:43:30.0404 2900	flpydisk        (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/04/04 21:43:30.0467 2900	FltMgr          (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2011/04/04 21:43:30.0529 2900	FsDepends       (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2011/04/04 21:43:30.0591 2900	Fs_Rec          (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2011/04/04 21:43:30.0638 2900	fvevol          (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
2011/04/04 21:43:30.0685 2900	gagp30kx        (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/04/04 21:43:30.0732 2900	GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/04/04 21:43:30.0779 2900	hcw85cir        (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2011/04/04 21:43:30.0857 2900	HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
2011/04/04 21:43:30.0919 2900	HDAudBus        (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/04/04 21:43:30.0950 2900	HidBatt         (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/04/04 21:43:30.0997 2900	HidBth          (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2011/04/04 21:43:31.0059 2900	HidIr           (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2011/04/04 21:43:31.0122 2900	HidUsb          (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
2011/04/04 21:43:31.0200 2900	HpSAMD          (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/04/04 21:43:31.0262 2900	HTTP            (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
2011/04/04 21:43:31.0309 2900	hwpolicy        (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
2011/04/04 21:43:31.0371 2900	i8042prt        (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/04/04 21:43:31.0418 2900	iaStorV         (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
2011/04/04 21:43:31.0465 2900	iirsp           (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2011/04/04 21:43:31.0761 2900	intelide        (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
2011/04/04 21:43:31.0949 2900	intelppm        (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2011/04/04 21:43:32.0011 2900	IpFilterDriver  (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/04/04 21:43:32.0089 2900	IPMIDRV         (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/04/04 21:43:32.0120 2900	IPNAT           (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2011/04/04 21:43:32.0198 2900	IRENUM          (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2011/04/04 21:43:32.0229 2900	isapnp          (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
2011/04/04 21:43:32.0292 2900	iScsiPrt        (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/04/04 21:43:32.0354 2900	kbdclass        (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/04/04 21:43:32.0401 2900	kbdhid          (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/04/04 21:43:32.0448 2900	KSecDD          (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
2011/04/04 21:43:32.0510 2900	KSecPkg         (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
2011/04/04 21:43:32.0619 2900	lltdio          (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/04/04 21:43:32.0713 2900	LSI_FC          (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/04/04 21:43:32.0744 2900	LSI_SAS         (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/04/04 21:43:32.0775 2900	LSI_SAS2        (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/04/04 21:43:32.0807 2900	LSI_SCSI        (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/04/04 21:43:32.0869 2900	luafv           (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2011/04/04 21:43:32.0916 2900	megasas         (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2011/04/04 21:43:32.0963 2900	MegaSR          (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/04/04 21:43:33.0009 2900	Modem           (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2011/04/04 21:43:33.0056 2900	monitor         (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2011/04/04 21:43:33.0103 2900	mouclass        (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
2011/04/04 21:43:33.0150 2900	mouhid          (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2011/04/04 21:43:33.0181 2900	mountmgr        (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
2011/04/04 21:43:33.0228 2900	mpio            (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
2011/04/04 21:43:33.0275 2900	mpsdrv          (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2011/04/04 21:43:33.0321 2900	MRxDAV          (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
2011/04/04 21:43:33.0368 2900	mrxsmb          (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/04/04 21:43:33.0415 2900	mrxsmb10        (5613358b4050f46f5a9832da8050d6e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/04/04 21:43:33.0446 2900	mrxsmb20        (25c9792778d80feb4c8201e62281bfdf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/04/04 21:43:33.0477 2900	msahci          (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
2011/04/04 21:43:33.0524 2900	msdsm           (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
2011/04/04 21:43:33.0602 2900	Msfs            (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2011/04/04 21:43:33.0633 2900	mshidkmdf       (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2011/04/04 21:43:33.0665 2900	msisadrv        (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/04/04 21:43:33.0727 2900	MSKSSRV         (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2011/04/04 21:43:33.0774 2900	MSPCLOCK        (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/04/04 21:43:33.0805 2900	MSPQM           (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2011/04/04 21:43:33.0852 2900	MsRPC           (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2011/04/04 21:43:33.0914 2900	mssmbios        (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/04/04 21:43:33.0977 2900	MSTEE           (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2011/04/04 21:43:34.0008 2900	MTConfig        (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/04/04 21:43:34.0070 2900	Mup             (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2011/04/04 21:43:34.0148 2900	NativeWifiP     (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2011/04/04 21:43:34.0226 2900	NDIS            (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
2011/04/04 21:43:34.0304 2900	NdisCap         (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/04/04 21:43:34.0351 2900	NdisTapi        (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/04/04 21:43:34.0398 2900	Ndisuio         (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/04/04 21:43:34.0445 2900	NdisWan         (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/04/04 21:43:34.0476 2900	NDProxy         (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
2011/04/04 21:43:34.0523 2900	NetBIOS         (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2011/04/04 21:43:34.0569 2900	NetBT           (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
2011/04/04 21:43:34.0788 2900	netw5v32        (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows\system32\DRIVERS\netw5v32.sys
2011/04/04 21:43:34.0991 2900	nfrd960         (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/04/04 21:43:35.0053 2900	Npfs            (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2011/04/04 21:43:35.0100 2900	nsiproxy        (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2011/04/04 21:43:35.0162 2900	Ntfs            (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
2011/04/04 21:43:35.0271 2900	Null            (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2011/04/04 21:43:35.0693 2900	nvlddmkm        (19f5c4949b2e4cbd2e95b8ecdfc84d25) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/04/04 21:43:35.0958 2900	nvraid          (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
2011/04/04 21:43:36.0020 2900	nvstor          (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
2011/04/04 21:43:36.0067 2900	nv_agp          (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/04/04 21:43:36.0114 2900	ohci1394        (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/04/04 21:43:36.0176 2900	Parport         (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2011/04/04 21:43:36.0223 2900	partmgr         (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
2011/04/04 21:43:36.0254 2900	Parvdm          (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2011/04/04 21:43:36.0301 2900	pci             (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
2011/04/04 21:43:36.0348 2900	pciide          (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
2011/04/04 21:43:36.0395 2900	pcmcia          (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/04/04 21:43:36.0457 2900	pcw             (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2011/04/04 21:43:36.0504 2900	PEAUTH          (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2011/04/04 21:43:36.0707 2900	PptpMiniport    (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2011/04/04 21:43:36.0753 2900	Processor       (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2011/04/04 21:43:36.0831 2900	Psched          (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2011/04/04 21:43:36.0909 2900	ql2300          (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2011/04/04 21:43:37.0003 2900	ql40xx          (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/04/04 21:43:37.0050 2900	QWAVEdrv        (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2011/04/04 21:43:37.0081 2900	RasAcd          (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2011/04/04 21:43:37.0143 2900	RasAgileVpn     (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/04/04 21:43:37.0190 2900	Rasl2tp         (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/04/04 21:43:37.0237 2900	RasPppoe        (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/04/04 21:43:37.0268 2900	RasSstp         (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2011/04/04 21:43:37.0315 2900	rdbss           (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
2011/04/04 21:43:37.0377 2900	rdpbus          (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/04/04 21:43:37.0455 2900	RDPCDD          (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/04/04 21:43:37.0502 2900	RDPDR           (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
2011/04/04 21:43:37.0565 2900	RDPENCDD        (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2011/04/04 21:43:37.0611 2900	RDPREFMP        (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2011/04/04 21:43:37.0658 2900	RDPWD           (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
2011/04/04 21:43:37.0721 2900	rdyboost        (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
2011/04/04 21:43:37.0814 2900	RFCOMM          (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
2011/04/04 21:43:37.0908 2900	rspndr          (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2011/04/04 21:43:38.0017 2900	RTL8167         (7dfd48e24479b68b258d8770121155a0) C:\Windows\system32\DRIVERS\Rt86win7.sys
2011/04/04 21:43:38.0064 2900	s3cap           (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
2011/04/04 21:43:38.0126 2900	sbp2port        (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/04/04 21:43:38.0189 2900	scfilter        (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
2011/04/04 21:43:38.0282 2900	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/04/04 21:43:38.0345 2900	Serenum         (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2011/04/04 21:43:38.0391 2900	Serial          (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2011/04/04 21:43:38.0438 2900	sermouse        (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2011/04/04 21:43:38.0516 2900	sffdisk         (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/04/04 21:43:38.0547 2900	sffp_mmc        (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/04/04 21:43:38.0594 2900	sffp_sd         (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/04/04 21:43:38.0657 2900	sfloppy         (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/04/04 21:43:38.0719 2900	sisagp          (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
2011/04/04 21:43:38.0781 2900	SiSRaid2        (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/04/04 21:43:38.0828 2900	SiSRaid4        (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/04/04 21:43:38.0875 2900	Smb             (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2011/04/04 21:43:38.0953 2900	spldr           (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2011/04/04 21:43:39.0109 2900	sptd            (c4bb8a12843d9cbb65f5ff617f389bbd) C:\Windows\system32\Drivers\sptd.sys
2011/04/04 21:43:39.0109 2900	Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: c4bb8a12843d9cbb65f5ff617f389bbd
2011/04/04 21:43:39.0125 2900	sptd - detected Locked file (1)
2011/04/04 21:43:39.0171 2900	srv             (2dbedfb1853f06110ec2aa7f3213c89f) C:\Windows\system32\DRIVERS\srv.sys
2011/04/04 21:43:39.0234 2900	srv2            (db37131d1027c50ea7ee21c8bb4536aa) C:\Windows\system32\DRIVERS\srv2.sys
2011/04/04 21:43:39.0281 2900	srvnet          (f5980b74124db9233b33f86fc5ebbb4f) C:\Windows\system32\DRIVERS\srvnet.sys
2011/04/04 21:43:39.0405 2900	stexstor        (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2011/04/04 21:43:39.0577 2900	storflt         (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
2011/04/04 21:43:39.0655 2900	storvsc         (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
2011/04/04 21:43:39.0702 2900	swenum          (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
2011/04/04 21:43:39.0905 2900	Tcpip           (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\drivers\tcpip.sys
2011/04/04 21:43:40.0123 2900	TCPIP6          (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\DRIVERS\tcpip.sys
2011/04/04 21:43:40.0419 2900	tcpipreg        (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
2011/04/04 21:43:40.0513 2900	TDPIPE          (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
2011/04/04 21:43:40.0560 2900	TDTCP           (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
2011/04/04 21:43:40.0607 2900	tdx             (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
2011/04/04 21:43:40.0638 2900	TermDD          (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
2011/04/04 21:43:40.0763 2900	tssecsrv        (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/04/04 21:43:40.0825 2900	tunnel          (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
2011/04/04 21:43:40.0872 2900	uagp35          (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2011/04/04 21:43:40.0919 2900	udfs            (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
2011/04/04 21:43:41.0012 2900	uliagpkx        (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/04/04 21:43:41.0059 2900	umbus           (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
2011/04/04 21:43:41.0121 2900	UmPass          (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2011/04/04 21:43:41.0215 2900	USBAAPL         (5c2bdc152bbab34f36473deaf7713f22) C:\Windows\system32\Drivers\usbaapl.sys
2011/04/04 21:43:41.0262 2900	usbccgp         (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/04/04 21:43:41.0293 2900	usbcir          (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
2011/04/04 21:43:41.0340 2900	usbehci         (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys
2011/04/04 21:43:41.0418 2900	usbhub          (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys
2011/04/04 21:43:41.0449 2900	usbohci         (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
2011/04/04 21:43:41.0511 2900	usbprint        (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2011/04/04 21:43:41.0558 2900	USBSTOR         (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/04/04 21:43:41.0589 2900	usbuhci         (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/04/04 21:43:41.0745 2900	vdrvroot        (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/04/04 21:43:41.0777 2900	vga             (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/04/04 21:43:41.0823 2900	VgaSave         (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2011/04/04 21:43:41.0886 2900	vhdmp           (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/04/04 21:43:41.0979 2900	viaagp          (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
2011/04/04 21:43:42.0011 2900	ViaC7           (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2011/04/04 21:43:42.0057 2900	viaide          (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
2011/04/04 21:43:42.0104 2900	vmbus           (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
2011/04/04 21:43:42.0135 2900	VMBusHID        (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
2011/04/04 21:43:42.0198 2900	volmgr          (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/04/04 21:43:42.0245 2900	volmgrx         (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2011/04/04 21:43:42.0291 2900	volsnap         (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
2011/04/04 21:43:42.0354 2900	vsmraid         (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/04/04 21:43:42.0416 2900	vwifibus        (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
2011/04/04 21:43:42.0525 2900	WacomPen        (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2011/04/04 21:43:42.0603 2900	WANARP          (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/04 21:43:42.0635 2900	Wanarpv6        (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/04 21:43:42.0728 2900	Wd              (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2011/04/04 21:43:42.0775 2900	Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2011/04/04 21:43:42.0900 2900	WfpLwf          (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/04/04 21:43:42.0947 2900	WIMMount        (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2011/04/04 21:43:43.0087 2900	WinUsb          (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/04/04 21:43:43.0134 2900	WmiAcpi         (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/04/04 21:43:43.0212 2900	ws2ifsl         (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/04/04 21:43:43.0305 2900	WudfPf          (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
2011/04/04 21:43:43.0368 2900	WUDFRd          (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/04/04 21:43:43.0477 2900	\HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/04/04 21:43:43.0508 2900	================================================================================
2011/04/04 21:43:43.0508 2900	Scan finished
2011/04/04 21:43:43.0508 2900	================================================================================
2011/04/04 21:43:43.0539 2152	Detected object count: 2
2011/04/04 21:43:58.0328 2152	Locked file(sptd) - User select action: Skip 
2011/04/04 21:43:58.0952 2152	\HardDisk0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/04/04 21:43:58.0952 2152	\HardDisk0 - ok
2011/04/04 21:43:58.0952 2152	Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure 
2011/04/04 21:44:11.0791 2676	Deinitialize success

cosinus · 04.04.2011, 21:03

Code:

ATTFilter

2011/04/04 21:43:43.0539 2152	Detected object count: 2
2011/04/04 21:43:58.0328 2152	Locked file(sptd) - User select action: Skip 
2011/04/04 21:43:58.0952 2152	\HardDisk0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/04/04 21:43:58.0952 2152	\HardDisk0 - ok
2011/04/04 21:43:58.0952 2152	Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure 
2011/04/04 21:44:11.0791 2676	Deinitialize success

Treffer!!

Der TDSS-Killer hat den TDL4 erkannt und gekillt.

Probier combofix bitte nochmal. Mach aber erst einen Neustart von Windows.

vee · 04.04.2011, 21:47

Combofix Log:

Code:

ATTFilter

ComboFix 11-04-04.01 - Vee 04.04.2011  22:17:38.1.2 - x86
Microsoft Windows 7 Ultimate   6.1.7600.0.1252.49.1031.18.2046.1443 [GMT 2:00]
ausgeführt von:: c:\users\Vee\Desktop\cofi.exe
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\arp.exe
c:\windows\System32\config\systemprofile\AppData\Local\{E7D4207A-0C83-41F1-89B1-19535F5AE88C}
c:\windows\System32\config\systemprofile\AppData\Local\{E7D4207A-0C83-41F1-89B1-19535F5AE88C}\chrome.manifest
c:\windows\System32\config\systemprofile\AppData\Local\{E7D4207A-0C83-41F1-89B1-19535F5AE88C}\chrome\content\_cfg.js
c:\windows\System32\config\systemprofile\AppData\Local\{E7D4207A-0C83-41F1-89B1-19535F5AE88C}\chrome\content\overlay.xul
c:\windows\System32\config\systemprofile\AppData\Local\{E7D4207A-0C83-41F1-89B1-19535F5AE88C}\install.rdf
.
c:\windows\system32\userinit.exe . . . ist infiziert!!
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-03-04 bis 2011-04-04  ))))))))))))))))))))))))))))))
.
.
2011-04-04 20:32 . 2011-04-04 20:35	--------	d-----w-	c:\users\Vee\AppData\Local\temp
2011-04-04 20:32 . 2011-04-04 20:32	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-04-04 14:55 . 2011-04-04 16:31	--------	d-----w-	c:\program files\sdguurri
2011-04-03 19:21 . 2011-04-03 19:21	--------	d-----w-	C:\_OTL
2011-04-03 08:58 . 2011-02-23 13:56	371544	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2011-04-03 08:58 . 2011-02-23 14:04	40648	----a-w-	c:\windows\avastSS.scr
2011-04-01 14:29 . 2011-04-01 14:29	--------	d-----w-	c:\users\Vee\AppData\Roaming\Malwarebytes
2011-04-01 14:29 . 2011-04-01 14:29	--------	d-----w-	c:\programdata\Malwarebytes
2011-04-01 14:29 . 2010-12-20 16:09	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-01 14:29 . 2011-04-01 14:29	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2011-04-01 14:29 . 2010-12-20 16:08	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-04-01 13:54 . 2011-04-01 13:54	--------	d-----w-	c:\windows\system32\config\systemprofile\AppData\Local\Apple Computer
2011-04-01 13:21 . 2011-04-01 13:59	--------	d-----w-	c:\program files\CCleaner
2011-04-01 13:19 . 2006-06-19 10:01	69632	----a-w-	c:\windows\system32\ztvcabinet.dll
2011-04-01 13:19 . 2006-05-25 12:52	162304	----a-w-	c:\windows\system32\ztvunrar36.dll
2011-04-01 13:19 . 2005-08-25 22:50	77312	----a-w-	c:\windows\system32\ztvunace26.dll
2011-04-01 13:19 . 2003-02-02 17:06	153088	----a-w-	c:\windows\system32\unrar3.dll
2011-04-01 13:19 . 2002-03-05 22:00	75264	----a-w-	c:\windows\system32\unacev2.dll
2011-04-01 11:54 . 2011-04-04 17:56	--------	d-----w-	c:\programdata\Spybot - Search & Destroy
2011-04-01 11:54 . 2011-04-01 11:54	--------	d-----w-	c:\program files\Spybot - Search & Destroy
2011-03-26 12:23 . 2011-03-26 12:23	--------	d-----w-	c:\programdata\Elaborate Bytes
2011-03-26 12:03 . 2011-03-26 12:03	--------	d-----w-	c:\programdata\SlySoft
2011-03-09 15:30 . 2011-02-19 05:32	1074176	----a-w-	c:\windows\system32\DWrite.dll
2011-03-09 15:30 . 2011-02-19 05:33	802304	----a-w-	c:\windows\system32\FntCache.dll
2011-03-09 15:30 . 2011-02-19 05:32	739840	----a-w-	c:\windows\system32\d2d1.dll
2011-03-09 15:10 . 2010-12-23 05:28	850432	----a-w-	c:\windows\system32\sbe.dll
2011-03-09 15:10 . 2010-12-23 05:28	642048	----a-w-	c:\windows\system32\CPFilters.dll
2011-03-09 15:10 . 2010-12-23 05:28	534528	----a-w-	c:\windows\system32\EncDec.dll
2011-03-09 15:10 . 2010-12-23 05:24	199680	----a-w-	c:\windows\system32\mpg2splt.ax
2011-03-09 15:10 . 2010-12-18 05:30	2690560	----a-w-	c:\windows\system32\mstscax.dll
2011-03-09 15:10 . 2010-12-18 05:26	1034240	----a-w-	c:\windows\system32\mstsc.exe
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-23 14:04 . 2010-03-16 18:27	190016	----a-w-	c:\windows\system32\aswBoot.exe
2011-02-23 13:56 . 2010-03-16 18:28	301528	----a-w-	c:\windows\system32\drivers\aswSP.sys
2011-02-23 13:55 . 2010-03-16 18:28	49240	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2011-02-23 13:55 . 2010-03-16 18:28	25432	----a-w-	c:\windows\system32\drivers\aswRdr.sys
2011-02-23 13:55 . 2010-03-16 18:28	53592	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2011-02-23 13:54 . 2010-03-16 18:28	19544	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2011-02-03 05:45 . 2011-02-09 07:30	219008	----a-w-	c:\windows\system32\drivers\dxgmms1.sys
2011-02-02 17:11 . 2009-12-20 16:48	222080	------w-	c:\windows\system32\MpSigStub.exe
2011-01-07 07:31 . 2011-02-23 13:29	442880	----a-w-	c:\windows\system32\XpsPrint.dll
2011-01-07 07:31 . 2011-02-23 13:29	288256	----a-w-	c:\windows\system32\XpsGdiConverter.dll
2011-01-07 07:27 . 2011-02-09 07:30	34304	----a-w-	c:\windows\system32\atmlib.dll
2011-01-07 05:33 . 2011-02-09 07:30	294400	----a-w-	c:\windows\system32\atmfd.dll
2011-01-05 05:37 . 2011-02-09 07:31	428032	----a-w-	c:\windows\system32\vbscript.dll
2011-01-05 03:37 . 2011-02-09 07:31	2329088	----a-w-	c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-02-23 14:04	122512	------w-	c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTAgent.exe" [2010-04-15 427328]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-27 149280]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-02-23 3451496]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-14 47904]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]
.
c:\users\Vee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\system32\userinit.exe,,,c:\program files\sdguurri\bjukjdaw.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 uxddrv;Dynamically loaded UxdDrv;d:\diagnose\WSTGER32\2PART\uxddrv86.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-10-01 697328]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-02-23 53592]
S3 DCamUSBGene;GenesysLogic USB2.0 PC Camera;c:\windows\system32\DRIVERS\usbgene.sys [2007-06-26 131584]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000-Serie - Adaptertreiber für Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
S3 RTL8167;Realtek 8167 NT-Treiber;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
.
.
.
------- Zusätzlicher Suchlauf -------
.
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\users\Vee\AppData\Roaming\Mozilla\Firefox\Profiles\oj67mgft.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: NCH Toolbar: {c2db4fe6-8409-45ce-8010-189a7b5cce86} - %profile%\extensions\{c2db4fe6-8409-45ce-8010-189a7b5cce86}
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{c2db4fe6-8409-45ce-8010-189a7b5cce86} - c:\program files\NCH\tbNCH.dll
BHO-{30F9B915-B755-4826-820B-08FBA6BD249D} - c:\program files\ConduitEngine\ConduitEngine.dll
BHO-{c2db4fe6-8409-45ce-8010-189a7b5cce86} - c:\program files\NCH\tbNCH.dll
Toolbar-{c2db4fe6-8409-45ce-8010-189a7b5cce86} - c:\program files\NCH\tbNCH.dll
Toolbar-{30F9B915-B755-4826-820B-08FBA6BD249D} - c:\program files\ConduitEngine\ConduitEngine.dll
WebBrowser-{C2DB4FE6-8409-45CE-8010-189A7B5CCE86} - c:\program files\NCH\tbNCH.dll
AddRemove-AviSynth - c:\program files\AviSynth 2.5\Uninstall.exe
AddRemove-conduitEngine - c:\progra~1\CONDUI~1\ConduitEngineUninstall.exe
AddRemove-HaaliMkx - c:\program files\Haali\MatroskaSplitter\uninstall.exe
AddRemove-NCH Toolbar - c:\progra~1\NCH\UNWISE.EXE
AddRemove-Prism - c:\program files\NCH Software\Prism\uninst.exe
AddRemove-PS3 Video 9 - c:\program files\Red Kawa\Video Converter App\uninstaller.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\conhost.exe
c:\windows\system32\WUDFHost.exe
c:\program files\iPod\bin\iPodService.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-04-04  22:42:00 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2011-04-04 20:42
.
Vor Suchlauf: 10 Verzeichnis(se), 153.795.305.472 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 153.433.214.976 Bytes frei
.
- - End Of File - - 01E8D8B22273C1E6003F50FADCED7202

cosinus · 05.04.2011, 10:38

Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

vee · 05.04.2011, 15:59

TDSSKiller Log:

Code:

ATTFilter

2011/04/05 16:53:44.0593 0212	TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/05 16:53:44.0890 0212	================================================================================
2011/04/05 16:53:44.0890 0212	SystemInfo:
2011/04/05 16:53:44.0890 0212	
2011/04/05 16:53:44.0890 0212	OS Version: 6.1.7600 ServicePack: 0.0
2011/04/05 16:53:44.0890 0212	Product type: Workstation
2011/04/05 16:53:44.0890 0212	ComputerName: VEE-PC
2011/04/05 16:53:44.0890 0212	UserName: Vee
2011/04/05 16:53:44.0890 0212	Windows directory: C:\Windows
2011/04/05 16:53:44.0890 0212	System windows directory: C:\Windows
2011/04/05 16:53:44.0890 0212	Processor architecture: Intel x86
2011/04/05 16:53:44.0890 0212	Number of processors: 2
2011/04/05 16:53:44.0890 0212	Page size: 0x1000
2011/04/05 16:53:44.0890 0212	Boot type: Normal boot
2011/04/05 16:53:44.0890 0212	================================================================================
2011/04/05 16:53:47.0869 0212	Initialize success
2011/04/05 16:53:52.0222 2672	================================================================================
2011/04/05 16:53:52.0222 2672	Scan started
2011/04/05 16:53:52.0222 2672	Mode: Manual; 
2011/04/05 16:53:52.0222 2672	================================================================================
2011/04/05 16:53:53.0439 2672	1394ohci        (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/04/05 16:53:53.0517 2672	ACPI            (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
2011/04/05 16:53:53.0610 2672	AcpiPmi         (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/04/05 16:53:53.0688 2672	adp94xx         (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/04/05 16:53:53.0735 2672	adpahci         (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2011/04/05 16:53:53.0797 2672	adpu320         (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2011/04/05 16:53:53.0875 2672	AFD             (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
2011/04/05 16:53:53.0969 2672	AgereSoftModem  (7e10e3bb9b258ad8a9300f91214d67b9) C:\Windows\system32\DRIVERS\AGRSM.sys
2011/04/05 16:53:54.0047 2672	agp440          (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
2011/04/05 16:53:54.0109 2672	aic78xx         (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2011/04/05 16:53:54.0187 2672	aliide          (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
2011/04/05 16:53:54.0203 2672	amdagp          (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
2011/04/05 16:53:54.0234 2672	amdide          (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
2011/04/05 16:53:54.0265 2672	AmdK8           (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2011/04/05 16:53:54.0312 2672	AmdPPM          (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2011/04/05 16:53:54.0343 2672	amdsata         (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
2011/04/05 16:53:54.0390 2672	amdsbs          (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/04/05 16:53:54.0421 2672	amdxata         (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
2011/04/05 16:53:54.0593 2672	AppID           (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
2011/04/05 16:53:54.0687 2672	arc             (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2011/04/05 16:53:54.0702 2672	arcsas          (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2011/04/05 16:53:54.0749 2672	aswFsBlk        (1c2e6bb4fe8621b1b863855b02bc33eb) C:\Windows\system32\drivers\aswFsBlk.sys
2011/04/05 16:53:54.0827 2672	aswMonFlt       (b0f137f664f10829cd2380b0e20e7c29) C:\Windows\system32\drivers\aswMonFlt.sys
2011/04/05 16:53:54.0874 2672	aswRdr          (b6a9373619d851be80fb5f1b5eed0d4e) C:\Windows\system32\drivers\aswRdr.sys
2011/04/05 16:53:54.0999 2672	aswSnx          (9be41c1ae8bc481eb662d85c98d979c2) C:\Windows\system32\drivers\aswSnx.sys
2011/04/05 16:53:55.0045 2672	aswSP           (4b1a54ba2bc5873a774df6b70ab8b0b3) C:\Windows\system32\drivers\aswSP.sys
2011/04/05 16:53:55.0108 2672	aswTdi          (c7f1cea32766184911293f4e1ee653f5) C:\Windows\system32\drivers\aswTdi.sys
2011/04/05 16:53:55.0170 2672	AsyncMac        (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/04/05 16:53:55.0217 2672	atapi           (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
2011/04/05 16:53:55.0311 2672	b06bdrv         (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2011/04/05 16:53:55.0357 2672	b57nd60x        (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/04/05 16:53:55.0404 2672	Beep            (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2011/04/05 16:53:55.0467 2672	blbdrive        (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/04/05 16:53:55.0545 2672	bowser          (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys
2011/04/05 16:53:55.0576 2672	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/04/05 16:53:55.0591 2672	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/04/05 16:53:55.0654 2672	Brserid         (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2011/04/05 16:53:55.0685 2672	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/04/05 16:53:55.0732 2672	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/04/05 16:53:55.0747 2672	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/04/05 16:53:55.0810 2672	BthEnum         (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\DRIVERS\BthEnum.sys
2011/04/05 16:53:55.0825 2672	BTHMODEM        (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/04/05 16:53:55.0903 2672	BthPan          (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
2011/04/05 16:53:55.0966 2672	BTHPORT         (4a34888e13224678dd062466afec4240) C:\Windows\system32\Drivers\BTHport.sys
2011/04/05 16:53:56.0028 2672	BTHUSB          (fa04c63916fa221dbb91fce153d07a55) C:\Windows\system32\Drivers\BTHUSB.sys
2011/04/05 16:53:56.0403 2672	cdfs            (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2011/04/05 16:53:56.0730 2672	cdrom           (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
2011/04/05 16:53:56.0871 2672	circlass        (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2011/04/05 16:53:56.0964 2672	CLFS            (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2011/04/05 16:53:57.0136 2672	CmBatt          (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/04/05 16:53:57.0183 2672	cmdide          (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
2011/04/05 16:53:57.0229 2672	CNG             (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2011/04/05 16:53:57.0276 2672	Compbatt        (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2011/04/05 16:53:57.0323 2672	CompositeBus    (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/04/05 16:53:57.0354 2672	crcdisk         (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/04/05 16:53:57.0417 2672	CSC             (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
2011/04/05 16:53:57.0495 2672	DCamUSBGene     (4aefc07ae970fb75201cdcb79e9bad33) C:\Windows\system32\DRIVERS\usbgene.sys
2011/04/05 16:53:57.0604 2672	DfsC            (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
2011/04/05 16:53:57.0651 2672	discache        (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2011/04/05 16:53:57.0697 2672	Disk            (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2011/04/05 16:53:57.0791 2672	drmkaud         (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2011/04/05 16:53:57.0869 2672	DXGKrnl         (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys
2011/04/05 16:53:58.0321 2672	ebdrv           (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2011/04/05 16:53:58.0867 2672	elxstor         (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2011/04/05 16:53:58.0930 2672	ErrDev          (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
2011/04/05 16:53:59.0023 2672	exfat           (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2011/04/05 16:53:59.0055 2672	fastfat         (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2011/04/05 16:53:59.0117 2672	fdc             (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2011/04/05 16:53:59.0164 2672	FileInfo        (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2011/04/05 16:53:59.0195 2672	Filetrace       (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2011/04/05 16:53:59.0226 2672	flpydisk        (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/04/05 16:53:59.0273 2672	FltMgr          (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2011/04/05 16:53:59.0320 2672	FsDepends       (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2011/04/05 16:53:59.0351 2672	Fs_Rec          (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2011/04/05 16:53:59.0429 2672	fvevol          (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
2011/04/05 16:53:59.0476 2672	gagp30kx        (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/04/05 16:53:59.0523 2672	GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/04/05 16:53:59.0554 2672	hcw85cir        (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2011/04/05 16:53:59.0616 2672	HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
2011/04/05 16:53:59.0679 2672	HDAudBus        (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/04/05 16:53:59.0710 2672	HidBatt         (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/04/05 16:53:59.0741 2672	HidBth          (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2011/04/05 16:53:59.0788 2672	HidIr           (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2011/04/05 16:53:59.0850 2672	HidUsb          (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
2011/04/05 16:53:59.0897 2672	HpSAMD          (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/04/05 16:53:59.0975 2672	HTTP            (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
2011/04/05 16:53:59.0991 2672	hwpolicy        (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
2011/04/05 16:54:00.0053 2672	i8042prt        (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/04/05 16:54:00.0084 2672	iaStorV         (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
2011/04/05 16:54:00.0131 2672	iirsp           (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2011/04/05 16:54:00.0178 2672	intelide        (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
2011/04/05 16:54:00.0256 2672	intelppm        (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2011/04/05 16:54:00.0287 2672	IpFilterDriver  (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/04/05 16:54:00.0334 2672	IPMIDRV         (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/04/05 16:54:00.0365 2672	IPNAT           (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2011/04/05 16:54:00.0427 2672	IRENUM          (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2011/04/05 16:54:00.0459 2672	isapnp          (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
2011/04/05 16:54:00.0490 2672	iScsiPrt        (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/04/05 16:54:00.0552 2672	kbdclass        (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/04/05 16:54:00.0630 2672	kbdhid          (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/04/05 16:54:00.0661 2672	KSecDD          (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
2011/04/05 16:54:00.0708 2672	KSecPkg         (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
2011/04/05 16:54:00.0802 2672	lltdio          (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/04/05 16:54:00.0864 2672	LSI_FC          (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/04/05 16:54:00.0911 2672	LSI_SAS         (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/04/05 16:54:00.0942 2672	LSI_SAS2        (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/04/05 16:54:00.0973 2672	LSI_SCSI        (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/04/05 16:54:01.0020 2672	luafv           (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2011/04/05 16:54:01.0067 2672	megasas         (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2011/04/05 16:54:01.0129 2672	MegaSR          (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/04/05 16:54:01.0176 2672	Modem           (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2011/04/05 16:54:01.0239 2672	monitor         (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2011/04/05 16:54:01.0285 2672	mouclass        (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
2011/04/05 16:54:01.0332 2672	mouhid          (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2011/04/05 16:54:01.0363 2672	mountmgr        (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
2011/04/05 16:54:01.0395 2672	mpio            (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
2011/04/05 16:54:01.0441 2672	mpsdrv          (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2011/04/05 16:54:01.0473 2672	MRxDAV          (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
2011/04/05 16:54:01.0519 2672	mrxsmb          (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/04/05 16:54:01.0551 2672	mrxsmb10        (5613358b4050f46f5a9832da8050d6e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/04/05 16:54:01.0582 2672	mrxsmb20        (25c9792778d80feb4c8201e62281bfdf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/04/05 16:54:01.0629 2672	msahci          (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
2011/04/05 16:54:01.0675 2672	msdsm           (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
2011/04/05 16:54:01.0722 2672	Msfs            (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2011/04/05 16:54:01.0753 2672	mshidkmdf       (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2011/04/05 16:54:01.0769 2672	msisadrv        (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/04/05 16:54:01.0831 2672	MSKSSRV         (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2011/04/05 16:54:01.0847 2672	MSPCLOCK        (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/04/05 16:54:01.0894 2672	MSPQM           (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2011/04/05 16:54:01.0925 2672	MsRPC           (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2011/04/05 16:54:01.0956 2672	mssmbios        (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/04/05 16:54:02.0003 2672	MSTEE           (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2011/04/05 16:54:02.0034 2672	MTConfig        (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/04/05 16:54:02.0065 2672	Mup             (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2011/04/05 16:54:02.0143 2672	NativeWifiP     (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2011/04/05 16:54:02.0206 2672	NDIS            (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
2011/04/05 16:54:02.0268 2672	NdisCap         (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/04/05 16:54:02.0315 2672	NdisTapi        (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/04/05 16:54:02.0362 2672	Ndisuio         (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/04/05 16:54:02.0393 2672	NdisWan         (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/04/05 16:54:02.0409 2672	NDProxy         (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
2011/04/05 16:54:02.0455 2672	NetBIOS         (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2011/04/05 16:54:02.0487 2672	NetBT           (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
2011/04/05 16:54:02.0970 2672	netw5v32        (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows\system32\DRIVERS\netw5v32.sys
2011/04/05 16:54:03.0235 2672	nfrd960         (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/04/05 16:54:03.0313 2672	Npfs            (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2011/04/05 16:54:03.0360 2672	nsiproxy        (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2011/04/05 16:54:03.0423 2672	Ntfs            (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
2011/04/05 16:54:03.0532 2672	Null            (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2011/04/05 16:54:03.0937 2672	nvlddmkm        (19f5c4949b2e4cbd2e95b8ecdfc84d25) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/04/05 16:54:04.0327 2672	nvraid          (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
2011/04/05 16:54:04.0468 2672	nvstor          (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
2011/04/05 16:54:04.0546 2672	nv_agp          (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/04/05 16:54:04.0686 2672	ohci1394        (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/04/05 16:54:04.0842 2672	Parport         (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2011/04/05 16:54:04.0889 2672	partmgr         (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
2011/04/05 16:54:04.0951 2672	Parvdm          (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2011/04/05 16:54:05.0014 2672	pci             (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
2011/04/05 16:54:05.0045 2672	pciide          (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
2011/04/05 16:54:05.0092 2672	pcmcia          (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/04/05 16:54:05.0123 2672	pcw             (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2011/04/05 16:54:05.0170 2672	PEAUTH          (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2011/04/05 16:54:05.0310 2672	PptpMiniport    (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2011/04/05 16:54:05.0341 2672	Processor       (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2011/04/05 16:54:05.0419 2672	Psched          (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2011/04/05 16:54:05.0497 2672	ql2300          (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2011/04/05 16:54:05.0575 2672	ql40xx          (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/04/05 16:54:05.0622 2672	QWAVEdrv        (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2011/04/05 16:54:05.0669 2672	RasAcd          (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2011/04/05 16:54:05.0731 2672	RasAgileVpn     (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/04/05 16:54:05.0763 2672	Rasl2tp         (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/04/05 16:54:05.0825 2672	RasPppoe        (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/04/05 16:54:05.0856 2672	RasSstp         (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2011/04/05 16:54:05.0887 2672	rdbss           (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
2011/04/05 16:54:05.0919 2672	rdpbus          (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/04/05 16:54:05.0950 2672	RDPCDD          (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/04/05 16:54:05.0997 2672	RDPDR           (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
2011/04/05 16:54:06.0043 2672	RDPENCDD        (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2011/04/05 16:54:06.0137 2672	RDPREFMP        (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2011/04/05 16:54:06.0184 2672	RDPWD           (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
2011/04/05 16:54:06.0277 2672	rdyboost        (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
2011/04/05 16:54:06.0371 2672	RFCOMM          (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
2011/04/05 16:54:06.0449 2672	rspndr          (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2011/04/05 16:54:06.0527 2672	RTL8167         (7dfd48e24479b68b258d8770121155a0) C:\Windows\system32\DRIVERS\Rt86win7.sys
2011/04/05 16:54:06.0574 2672	s3cap           (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
2011/04/05 16:54:06.0636 2672	sbp2port        (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/04/05 16:54:06.0683 2672	scfilter        (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
2011/04/05 16:54:06.0745 2672	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/04/05 16:54:06.0808 2672	Serenum         (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2011/04/05 16:54:06.0839 2672	Serial          (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2011/04/05 16:54:06.0870 2672	sermouse        (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2011/04/05 16:54:06.0948 2672	sffdisk         (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/04/05 16:54:06.0964 2672	sffp_mmc        (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/04/05 16:54:06.0995 2672	sffp_sd         (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/04/05 16:54:07.0042 2672	sfloppy         (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/04/05 16:54:07.0089 2672	sisagp          (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
2011/04/05 16:54:07.0151 2672	SiSRaid2        (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/04/05 16:54:07.0182 2672	SiSRaid4        (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/04/05 16:54:07.0213 2672	Smb             (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2011/04/05 16:54:07.0276 2672	spldr           (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2011/04/05 16:54:07.0416 2672	sptd            (c4bb8a12843d9cbb65f5ff617f389bbd) C:\Windows\system32\Drivers\sptd.sys
2011/04/05 16:54:07.0416 2672	Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: c4bb8a12843d9cbb65f5ff617f389bbd
2011/04/05 16:54:07.0432 2672	sptd - detected Locked file (1)
2011/04/05 16:54:07.0510 2672	srv             (2dbedfb1853f06110ec2aa7f3213c89f) C:\Windows\system32\DRIVERS\srv.sys
2011/04/05 16:54:07.0541 2672	srv2            (db37131d1027c50ea7ee21c8bb4536aa) C:\Windows\system32\DRIVERS\srv2.sys
2011/04/05 16:54:07.0588 2672	srvnet          (f5980b74124db9233b33f86fc5ebbb4f) C:\Windows\system32\DRIVERS\srvnet.sys
2011/04/05 16:54:07.0681 2672	stexstor        (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2011/04/05 16:54:07.0728 2672	storflt         (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
2011/04/05 16:54:07.0759 2672	storvsc         (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
2011/04/05 16:54:07.0806 2672	swenum          (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
2011/04/05 16:54:08.0009 2672	Tcpip           (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\drivers\tcpip.sys
2011/04/05 16:54:08.0227 2672	TCPIP6          (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\DRIVERS\tcpip.sys
2011/04/05 16:54:08.0820 2672	tcpipreg        (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
2011/04/05 16:54:08.0945 2672	TDPIPE          (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
2011/04/05 16:54:09.0007 2672	TDTCP           (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
2011/04/05 16:54:09.0039 2672	tdx             (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
2011/04/05 16:54:09.0070 2672	TermDD          (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
2011/04/05 16:54:09.0148 2672	tssecsrv        (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/04/05 16:54:09.0241 2672	tunnel          (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
2011/04/05 16:54:09.0273 2672	uagp35          (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2011/04/05 16:54:09.0319 2672	udfs            (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
2011/04/05 16:54:09.0382 2672	uliagpkx        (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/04/05 16:54:09.0429 2672	umbus           (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
2011/04/05 16:54:09.0491 2672	UmPass          (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2011/04/05 16:54:09.0585 2672	USBAAPL         (5c2bdc152bbab34f36473deaf7713f22) C:\Windows\system32\Drivers\usbaapl.sys
2011/04/05 16:54:09.0631 2672	usbccgp         (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/04/05 16:54:09.0694 2672	usbcir          (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
2011/04/05 16:54:09.0741 2672	usbehci         (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys
2011/04/05 16:54:09.0803 2672	usbhub          (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys
2011/04/05 16:54:09.0850 2672	usbohci         (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
2011/04/05 16:54:09.0897 2672	usbprint        (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2011/04/05 16:54:09.0943 2672	USBSTOR         (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/04/05 16:54:09.0975 2672	usbuhci         (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/04/05 16:54:10.0084 2672	vdrvroot        (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/04/05 16:54:10.0131 2672	vga             (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/04/05 16:54:10.0162 2672	VgaSave         (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2011/04/05 16:54:10.0193 2672	vhdmp           (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/04/05 16:54:10.0255 2672	viaagp          (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
2011/04/05 16:54:10.0287 2672	ViaC7           (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2011/04/05 16:54:10.0333 2672	viaide          (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
2011/04/05 16:54:10.0365 2672	vmbus           (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
2011/04/05 16:54:10.0411 2672	VMBusHID        (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
2011/04/05 16:54:10.0443 2672	volmgr          (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/04/05 16:54:10.0474 2672	volmgrx         (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2011/04/05 16:54:10.0521 2672	volsnap         (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
2011/04/05 16:54:10.0583 2672	vsmraid         (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/04/05 16:54:10.0630 2672	vwifibus        (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
2011/04/05 16:54:10.0708 2672	WacomPen        (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2011/04/05 16:54:10.0770 2672	WANARP          (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/05 16:54:10.0786 2672	Wanarpv6        (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/05 16:54:10.0864 2672	Wd              (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2011/04/05 16:54:10.0895 2672	Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2011/04/05 16:54:11.0020 2672	WfpLwf          (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/04/05 16:54:11.0051 2672	WIMMount        (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2011/04/05 16:54:11.0160 2672	WinUsb          (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/04/05 16:54:11.0223 2672	WmiAcpi         (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/04/05 16:54:11.0316 2672	ws2ifsl         (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/04/05 16:54:11.0394 2672	WudfPf          (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
2011/04/05 16:54:11.0441 2672	WUDFRd          (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/04/05 16:54:11.0550 2672	================================================================================
2011/04/05 16:54:11.0550 2672	Scan finished
2011/04/05 16:54:11.0550 2672	================================================================================
2011/04/05 16:54:11.0566 3600	Detected object count: 1
2011/04/05 16:54:18.0555 3600	Locked file(sptd) - User select action: Skip 
2011/04/05 16:54:29.0615 2240	================================================================================
2011/04/05 16:54:29.0615 2240	Scan started
2011/04/05 16:54:29.0615 2240	Mode: Manual; 
2011/04/05 16:54:29.0615 2240	================================================================================
2011/04/05 16:54:30.0255 2240	1394ohci        (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/04/05 16:54:30.0738 2240	ACPI            (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
2011/04/05 16:54:31.0113 2240	AcpiPmi         (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/04/05 16:54:31.0378 2240	adp94xx         (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/04/05 16:54:31.0456 2240	adpahci         (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2011/04/05 16:54:31.0487 2240	adpu320         (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2011/04/05 16:54:31.0534 2240	AFD             (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
2011/04/05 16:54:31.0659 2240	AgereSoftModem  (7e10e3bb9b258ad8a9300f91214d67b9) C:\Windows\system32\DRIVERS\AGRSM.sys
2011/04/05 16:54:31.0705 2240	agp440          (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
2011/04/05 16:54:31.0768 2240	aic78xx         (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2011/04/05 16:54:31.0815 2240	aliide          (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
2011/04/05 16:54:31.0830 2240	amdagp          (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
2011/04/05 16:54:31.0908 2240	amdide          (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
2011/04/05 16:54:31.0924 2240	AmdK8           (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2011/04/05 16:54:31.0986 2240	AmdPPM          (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2011/04/05 16:54:32.0002 2240	amdsata         (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
2011/04/05 16:54:32.0111 2240	amdsbs          (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/04/05 16:54:32.0158 2240	amdxata         (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
2011/04/05 16:54:32.0251 2240	AppID           (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
2011/04/05 16:54:32.0298 2240	arc             (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2011/04/05 16:54:32.0329 2240	arcsas          (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2011/04/05 16:54:32.0392 2240	aswFsBlk        (1c2e6bb4fe8621b1b863855b02bc33eb) C:\Windows\system32\drivers\aswFsBlk.sys
2011/04/05 16:54:32.0470 2240	aswMonFlt       (b0f137f664f10829cd2380b0e20e7c29) C:\Windows\system32\drivers\aswMonFlt.sys
2011/04/05 16:54:32.0548 2240	aswRdr          (b6a9373619d851be80fb5f1b5eed0d4e) C:\Windows\system32\drivers\aswRdr.sys
2011/04/05 16:54:32.0688 2240	aswSnx          (9be41c1ae8bc481eb662d85c98d979c2) C:\Windows\system32\drivers\aswSnx.sys
2011/04/05 16:54:32.0844 2240	aswSP           (4b1a54ba2bc5873a774df6b70ab8b0b3) C:\Windows\system32\drivers\aswSP.sys
2011/04/05 16:54:33.0078 2240	aswTdi          (c7f1cea32766184911293f4e1ee653f5) C:\Windows\system32\drivers\aswTdi.sys
2011/04/05 16:54:33.0203 2240	AsyncMac        (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/04/05 16:54:33.0250 2240	atapi           (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
2011/04/05 16:54:33.0328 2240	b06bdrv         (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2011/04/05 16:54:33.0390 2240	b57nd60x        (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/04/05 16:54:33.0453 2240	Beep            (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2011/04/05 16:54:33.0499 2240	blbdrive        (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/04/05 16:54:33.0546 2240	bowser          (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys
2011/04/05 16:54:33.0593 2240	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/04/05 16:54:33.0671 2240	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/04/05 16:54:33.0733 2240	Brserid         (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2011/04/05 16:54:33.0780 2240	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/04/05 16:54:33.0827 2240	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/04/05 16:54:33.0921 2240	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/04/05 16:54:34.0014 2240	BthEnum         (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\DRIVERS\BthEnum.sys
2011/04/05 16:54:34.0077 2240	BTHMODEM        (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/04/05 16:54:34.0123 2240	BthPan          (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
2011/04/05 16:54:34.0186 2240	BTHPORT         (4a34888e13224678dd062466afec4240) C:\Windows\system32\Drivers\BTHport.sys
2011/04/05 16:54:34.0233 2240	BTHUSB          (fa04c63916fa221dbb91fce153d07a55) C:\Windows\system32\Drivers\BTHUSB.sys
2011/04/05 16:54:34.0342 2240	cdfs            (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2011/04/05 16:54:34.0373 2240	cdrom           (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
2011/04/05 16:54:34.0404 2240	circlass        (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2011/04/05 16:54:34.0467 2240	CLFS            (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2011/04/05 16:54:34.0498 2240	CmBatt          (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/04/05 16:54:34.0529 2240	cmdide          (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
2011/04/05 16:54:34.0560 2240	CNG             (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2011/04/05 16:54:34.0607 2240	Compbatt        (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2011/04/05 16:54:34.0623 2240	CompositeBus    (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/04/05 16:54:34.0654 2240	crcdisk         (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/04/05 16:54:34.0732 2240	CSC             (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
2011/04/05 16:54:34.0794 2240	DCamUSBGene     (4aefc07ae970fb75201cdcb79e9bad33) C:\Windows\system32\DRIVERS\usbgene.sys
2011/04/05 16:54:34.0841 2240	DfsC            (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
2011/04/05 16:54:34.0872 2240	discache        (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2011/04/05 16:54:34.0903 2240	Disk            (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2011/04/05 16:54:34.0981 2240	drmkaud         (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2011/04/05 16:54:35.0028 2240	DXGKrnl         (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys
2011/04/05 16:54:35.0153 2240	ebdrv           (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2011/04/05 16:54:35.0278 2240	elxstor         (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2011/04/05 16:54:35.0309 2240	ErrDev          (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
2011/04/05 16:54:35.0356 2240	exfat           (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2011/04/05 16:54:35.0403 2240	fastfat         (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2011/04/05 16:54:35.0434 2240	fdc             (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2011/04/05 16:54:35.0481 2240	FileInfo        (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2011/04/05 16:54:35.0512 2240	Filetrace       (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2011/04/05 16:54:35.0543 2240	flpydisk        (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/04/05 16:54:35.0590 2240	FltMgr          (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2011/04/05 16:54:35.0637 2240	FsDepends       (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2011/04/05 16:54:35.0668 2240	Fs_Rec          (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2011/04/05 16:54:35.0715 2240	fvevol          (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
2011/04/05 16:54:35.0746 2240	gagp30kx        (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/04/05 16:54:35.0793 2240	GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/04/05 16:54:35.0824 2240	hcw85cir        (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2011/04/05 16:54:35.0886 2240	HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
2011/04/05 16:54:35.0917 2240	HDAudBus        (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/04/05 16:54:35.0949 2240	HidBatt         (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/04/05 16:54:35.0980 2240	HidBth          (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2011/04/05 16:54:36.0027 2240	HidIr           (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2011/04/05 16:54:36.0058 2240	HidUsb          (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
2011/04/05 16:54:36.0105 2240	HpSAMD          (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/04/05 16:54:36.0151 2240	HTTP            (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
2011/04/05 16:54:36.0183 2240	hwpolicy        (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
2011/04/05 16:54:36.0495 2240	i8042prt        (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/04/05 16:54:36.0635 2240	iaStorV         (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
2011/04/05 16:54:36.0682 2240	iirsp           (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2011/04/05 16:54:36.0729 2240	intelide        (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
2011/04/05 16:54:36.0760 2240	intelppm        (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2011/04/05 16:54:36.0791 2240	IpFilterDriver  (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/04/05 16:54:36.0838 2240	IPMIDRV         (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/04/05 16:54:36.0853 2240	IPNAT           (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2011/04/05 16:54:36.0900 2240	IRENUM          (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2011/04/05 16:54:36.0916 2240	isapnp          (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
2011/04/05 16:54:36.0963 2240	iScsiPrt        (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/04/05 16:54:36.0994 2240	kbdclass        (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/04/05 16:54:37.0025 2240	kbdhid          (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/04/05 16:54:37.0056 2240	KSecDD          (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
2011/04/05 16:54:37.0103 2240	KSecPkg         (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
2011/04/05 16:54:37.0150 2240	lltdio          (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/04/05 16:54:37.0212 2240	LSI_FC          (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/04/05 16:54:37.0243 2240	LSI_SAS         (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/04/05 16:54:37.0259 2240	LSI_SAS2        (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/04/05 16:54:37.0290 2240	LSI_SCSI        (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/04/05 16:54:37.0321 2240	luafv           (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2011/04/05 16:54:37.0353 2240	megasas         (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2011/04/05 16:54:37.0384 2240	MegaSR          (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/04/05 16:54:37.0415 2240	Modem           (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2011/04/05 16:54:37.0446 2240	monitor         (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2011/04/05 16:54:37.0477 2240	mouclass        (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
2011/04/05 16:54:37.0493 2240	mouhid          (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2011/04/05 16:54:37.0540 2240	mountmgr        (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
2011/04/05 16:54:37.0555 2240	mpio            (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
2011/04/05 16:54:37.0587 2240	mpsdrv          (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2011/04/05 16:54:37.0633 2240	MRxDAV          (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
2011/04/05 16:54:37.0665 2240	mrxsmb          (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/04/05 16:54:37.0696 2240	mrxsmb10        (5613358b4050f46f5a9832da8050d6e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/04/05 16:54:37.0743 2240	mrxsmb20        (25c9792778d80feb4c8201e62281bfdf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/04/05 16:54:37.0758 2240	msahci          (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
2011/04/05 16:54:37.0789 2240	msdsm           (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
2011/04/05 16:54:37.0852 2240	Msfs            (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2011/04/05 16:54:37.0883 2240	mshidkmdf       (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2011/04/05 16:54:37.0899 2240	msisadrv        (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/04/05 16:54:37.0961 2240	MSKSSRV         (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2011/04/05 16:54:37.0977 2240	MSPCLOCK        (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/04/05 16:54:38.0008 2240	MSPQM           (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2011/04/05 16:54:38.0039 2240	MsRPC           (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2011/04/05 16:54:38.0086 2240	mssmbios        (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/04/05 16:54:38.0101 2240	MSTEE           (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2011/04/05 16:54:38.0133 2240	MTConfig        (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/04/05 16:54:38.0164 2240	Mup             (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2011/04/05 16:54:38.0211 2240	NativeWifiP     (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2011/04/05 16:54:38.0257 2240	NDIS            (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
2011/04/05 16:54:38.0289 2240	NdisCap         (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/04/05 16:54:38.0320 2240	NdisTapi        (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/04/05 16:54:38.0351 2240	Ndisuio         (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/04/05 16:54:38.0382 2240	NdisWan         (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/04/05 16:54:38.0413 2240	NDProxy         (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
2011/04/05 16:54:38.0460 2240	NetBIOS         (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2011/04/05 16:54:38.0523 2240	NetBT           (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
2011/04/05 16:54:38.0694 2240	netw5v32        (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows\system32\DRIVERS\netw5v32.sys
2011/04/05 16:54:38.0741 2240	nfrd960         (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/04/05 16:54:38.0788 2240	Npfs            (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2011/04/05 16:54:38.0819 2240	nsiproxy        (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2011/04/05 16:54:38.0881 2240	Ntfs            (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
2011/04/05 16:54:38.0928 2240	Null            (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2011/04/05 16:54:39.0272 2240	nvlddmkm        (19f5c4949b2e4cbd2e95b8ecdfc84d25) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/04/05 16:54:39.0443 2240	nvraid          (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
2011/04/05 16:54:39.0474 2240	nvstor          (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
2011/04/05 16:54:39.0506 2240	nv_agp          (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/04/05 16:54:39.0537 2240	ohci1394        (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/04/05 16:54:39.0584 2240	Parport         (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2011/04/05 16:54:39.0615 2240	partmgr         (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
2011/04/05 16:54:39.0646 2240	Parvdm          (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2011/04/05 16:54:39.0677 2240	pci             (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
2011/04/05 16:54:39.0724 2240	pciide          (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
2011/04/05 16:54:39.0740 2240	pcmcia          (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/04/05 16:54:39.0771 2240	pcw             (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2011/04/05 16:54:39.0818 2240	PEAUTH          (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2011/04/05 16:54:39.0958 2240	PptpMiniport    (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2011/04/05 16:54:39.0974 2240	Processor       (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2011/04/05 16:54:40.0067 2240	Psched          (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2011/04/05 16:54:40.0130 2240	ql2300          (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2011/04/05 16:54:40.0332 2240	ql40xx          (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/04/05 16:54:40.0972 2240	QWAVEdrv        (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2011/04/05 16:54:42.0017 2240	RasAcd          (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2011/04/05 16:54:42.0470 2240	RasAgileVpn     (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/04/05 16:54:42.0594 2240	Rasl2tp         (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/04/05 16:54:42.0657 2240	RasPppoe        (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/04/05 16:54:42.0704 2240	RasSstp         (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2011/04/05 16:54:42.0750 2240	rdbss           (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
2011/04/05 16:54:42.0797 2240	rdpbus          (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/04/05 16:54:42.0844 2240	RDPCDD          (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/04/05 16:54:42.0906 2240	RDPDR           (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
2011/04/05 16:54:42.0953 2240	RDPENCDD        (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2011/04/05 16:54:42.0984 2240	RDPREFMP        (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2011/04/05 16:54:43.0031 2240	RDPWD           (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
2011/04/05 16:54:43.0062 2240	rdyboost        (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
2011/04/05 16:54:43.0296 2240	RFCOMM          (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
2011/04/05 16:54:43.0515 2240	rspndr          (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2011/04/05 16:54:43.0577 2240	RTL8167         (7dfd48e24479b68b258d8770121155a0) C:\Windows\system32\DRIVERS\Rt86win7.sys
2011/04/05 16:54:43.0764 2240	s3cap           (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
2011/04/05 16:54:44.0201 2240	sbp2port        (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/04/05 16:54:44.0388 2240	scfilter        (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
2011/04/05 16:54:44.0466 2240	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/04/05 16:54:44.0529 2240	Serenum         (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2011/04/05 16:54:44.0576 2240	Serial          (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2011/04/05 16:54:44.0607 2240	sermouse        (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2011/04/05 16:54:44.0685 2240	sffdisk         (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/04/05 16:54:44.0716 2240	sffp_mmc        (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/04/05 16:54:44.0856 2240	sffp_sd         (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/04/05 16:54:45.0075 2240	sfloppy         (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/04/05 16:54:45.0168 2240	sisagp          (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
2011/04/05 16:54:45.0215 2240	SiSRaid2        (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/04/05 16:54:45.0278 2240	SiSRaid4        (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/04/05 16:54:45.0309 2240	Smb             (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2011/04/05 16:54:45.0418 2240	spldr           (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2011/04/05 16:54:45.0558 2240	sptd            (c4bb8a12843d9cbb65f5ff617f389bbd) C:\Windows\system32\Drivers\sptd.sys
2011/04/05 16:54:45.0558 2240	Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: c4bb8a12843d9cbb65f5ff617f389bbd
2011/04/05 16:54:45.0558 2240	sptd - detected Locked file (1)
2011/04/05 16:54:45.0636 2240	srv             (2dbedfb1853f06110ec2aa7f3213c89f) C:\Windows\system32\DRIVERS\srv.sys
2011/04/05 16:54:45.0683 2240	srv2            (db37131d1027c50ea7ee21c8bb4536aa) C:\Windows\system32\DRIVERS\srv2.sys
2011/04/05 16:54:45.0730 2240	srvnet          (f5980b74124db9233b33f86fc5ebbb4f) C:\Windows\system32\DRIVERS\srvnet.sys
2011/04/05 16:54:46.0182 2240	stexstor        (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2011/04/05 16:54:46.0510 2240	storflt         (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
2011/04/05 16:54:46.0635 2240	storvsc         (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
2011/04/05 16:54:46.0728 2240	swenum          (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
2011/04/05 16:54:47.0025 2240	Tcpip           (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\drivers\tcpip.sys
2011/04/05 16:54:47.0384 2240	TCPIP6          (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\DRIVERS\tcpip.sys
2011/04/05 16:54:47.0696 2240	tcpipreg        (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
2011/04/05 16:54:47.0805 2240	TDPIPE          (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
2011/04/05 16:54:47.0836 2240	TDTCP           (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
2011/04/05 16:54:47.0898 2240	tdx             (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
2011/04/05 16:54:47.0961 2240	TermDD          (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
2011/04/05 16:54:48.0148 2240	tssecsrv        (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/04/05 16:54:48.0320 2240	tunnel          (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
2011/04/05 16:54:48.0522 2240	uagp35          (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2011/04/05 16:54:48.0600 2240	udfs            (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
2011/04/05 16:54:48.0663 2240	uliagpkx        (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/04/05 16:54:48.0694 2240	umbus           (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
2011/04/05 16:54:48.0725 2240	UmPass          (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2011/04/05 16:54:48.0788 2240	USBAAPL         (5c2bdc152bbab34f36473deaf7713f22) C:\Windows\system32\Drivers\usbaapl.sys
2011/04/05 16:54:48.0975 2240	usbccgp         (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/04/05 16:54:49.0334 2240	usbcir          (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
2011/04/05 16:54:49.0458 2240	usbehci         (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys
2011/04/05 16:54:49.0521 2240	usbhub          (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys
2011/04/05 16:54:49.0568 2240	usbohci         (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
2011/04/05 16:54:49.0614 2240	usbprint        (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2011/04/05 16:54:49.0677 2240	USBSTOR         (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/04/05 16:54:49.0848 2240	usbuhci         (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/04/05 16:54:49.0989 2240	vdrvroot        (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/04/05 16:54:50.0051 2240	vga             (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/04/05 16:54:50.0098 2240	VgaSave         (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2011/04/05 16:54:50.0160 2240	vhdmp           (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/04/05 16:54:50.0223 2240	viaagp          (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
2011/04/05 16:54:50.0254 2240	ViaC7           (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2011/04/05 16:54:50.0301 2240	viaide          (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
2011/04/05 16:54:50.0394 2240	vmbus           (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
2011/04/05 16:54:50.0472 2240	VMBusHID        (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
2011/04/05 16:54:50.0597 2240	volmgr          (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/04/05 16:54:50.0722 2240	volmgrx         (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2011/04/05 16:54:50.0753 2240	volsnap         (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
2011/04/05 16:54:50.0816 2240	vsmraid         (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/04/05 16:54:50.0847 2240	vwifibus        (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
2011/04/05 16:54:50.0909 2240	WacomPen        (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2011/04/05 16:54:50.0956 2240	WANARP          (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/05 16:54:50.0972 2240	Wanarpv6        (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/05 16:54:51.0034 2240	Wd              (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2011/04/05 16:54:51.0081 2240	Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2011/04/05 16:54:51.0284 2240	WfpLwf          (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/04/05 16:54:51.0424 2240	WIMMount        (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2011/04/05 16:54:51.0767 2240	WinUsb          (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/04/05 16:54:51.0970 2240	WmiAcpi         (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/04/05 16:54:52.0048 2240	ws2ifsl         (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/04/05 16:54:52.0110 2240	WudfPf          (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
2011/04/05 16:54:52.0142 2240	WUDFRd          (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/04/05 16:54:52.0251 2240	================================================================================
2011/04/05 16:54:52.0251 2240	Scan finished
2011/04/05 16:54:52.0251 2240	================================================================================
2011/04/05 16:54:52.0266 3396	Detected object count: 1
2011/04/05 16:55:22.0858 3396	sptd            (c4bb8a12843d9cbb65f5ff617f389bbd) C:\Windows\system32\Drivers\sptd.sys
2011/04/05 16:55:22.0858 3396	Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: c4bb8a12843d9cbb65f5ff617f389bbd
2011/04/05 16:55:22.0858 3396	C:\Windows\system32\Drivers\sptd.sys - copied to quarantine
2011/04/05 16:55:22.0858 3396	Locked file(sptd) - User select action: Quarantine 
2011/04/05 16:56:20.0872 1524	Deinitialize success

cosinus · 05.04.2011, 17:43

Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.

Doppelklick auf die MBRCheck.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Das Tool braucht nur wenige Sekunden.
Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.

Poste mir bitte den Inhalt des .txt Dokumentes

vee · 05.04.2011, 18:22

GMER Log:

Code:

ATTFilter

GMER 1.0.15.15570 - hxxp://www.gmer.net
Rootkit scan 2011-04-05 19:10:45
Windows 6.1.7600  Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-8 WDC_WD2500BEVS-22UST0 rev.01.01A01
Running: 6d2661g9.exe; Driver: C:\Users\Vee\AppData\Local\Temp\pfldypow.sys


---- System - GMER 1.0.15 ----

SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                        ZwAddBootEntry [0x8DC4C9CA]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                        ZwAllocateVirtualMemory [0x8EA99A68]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                        ZwCreateEvent [0x8DC4EEAC]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                        ZwCreateEventPair [0x8DC4EF04]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                        ZwCreateIoCompletion [0x8DC4F01A]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                        ZwCreateMutant [0x8DC4EE02]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                        ZwCreateSection [0x8DC4EF54]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                        ZwCreateSemaphore [0x8DC4EE56]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                        ZwCreateTimer [0x8DC4EFC8]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                        ZwDeleteBootEntry [0x8DC4C9EE]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                        ZwFreeVirtualMemory [0x8EA99B18]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                        ZwLoadDriver [0x8DC4C7B8]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                        ZwModifyBootEntry [0x8DC4CA12]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                        ZwNotifyChangeKey [0x8DC4F412]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                        ZwNotifyChangeMultipleKeys [0x8DC4D4AA]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                        ZwOpenEvent [0x8DC4EEDC]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                        ZwOpenEventPair [0x8DC4EF2C]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                        ZwOpenIoCompletion [0x8DC4F044]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                        ZwOpenMutant [0x8DC4EE2E]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                        ZwOpenSection [0x8DC4EF94]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                        ZwOpenSemaphore [0x8DC4EE84]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                        ZwOpenTimer [0x8DC4EFF2]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                        ZwProtectVirtualMemory [0x8EA99BB0]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                        ZwQueryObject [0x8DC4D370]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                        ZwSetBootEntryOrder [0x8DC4CA36]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                        ZwSetBootOptions [0x8DC4CA5A]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                        ZwSetSystemInformation [0x8DC4C812]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                        ZwSetSystemPowerState [0x8DC4C94E]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                        ZwShutdownSystem [0x8DC4C92A]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                        ZwSystemDebugControl [0x8DC4C972]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                        ZwVdmControl [0x8DC4CA7E]

Code            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                        ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!ZwSaveKeyEx + 13BD                                                                                              82A81589 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                                       82AA6092 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text           ntkrnlpa.exe!RtlSidHashLookup + 214                                                                                          82AAD824 4 Bytes  [CA, C9, C4, 8D]
.text           ntkrnlpa.exe!RtlSidHashLookup + 23C                                                                                          82AAD84C 4 Bytes  [68, 9A, A9, 8E]
.text           ntkrnlpa.exe!RtlSidHashLookup + 2F0                                                                                          82AAD900 8 Bytes  [AC, EE, C4, 8D, 04, EF, C4, ...] {LODSB ; OUT DX, AL ; LES ECX, DWORD [EBP-0x723b10fc]}
.text           ntkrnlpa.exe!RtlSidHashLookup + 2FC                                                                                          82AAD90C 4 Bytes  [1A, F0, C4, 8D]
.text           ntkrnlpa.exe!RtlSidHashLookup + 318                                                                                          82AAD928 4 Bytes  [02, EE, C4, 8D]
.text           ...                                                                                                                          
?               System32\Drivers\spsl.sys                                                                                                    Das System kann den angegebenen Pfad nicht finden. !
.text           USBPORT.SYS!DllUnload                                                                                                        8EB59CA0 5 Bytes  JMP 85D17450 

---- User code sections - GMER 1.0.15 ----

.text           C:\Program Files\Bonjour\mDNSResponder.exe[148] ntdll.dll!LdrUnloadDll                                                       77B3BEAF 5 Bytes  JMP 0006006C 
.text           C:\Program Files\Bonjour\mDNSResponder.exe[148] ntdll.dll!LdrLoadDll                                                         77B3F5B5 5 Bytes  JMP 00060030 
.text           C:\Program Files\Bonjour\mDNSResponder.exe[148] USER32.dll!UnhookWindowsHookEx                                               773DCC7B 5 Bytes  JMP 00100120 
.text           C:\Program Files\Bonjour\mDNSResponder.exe[148] USER32.dll!UnhookWinEvent                                                    773DD924 5 Bytes  JMP 0010006C 
.text           C:\Program Files\Bonjour\mDNSResponder.exe[148] USER32.dll!SetWindowsHookExW                                                 773E210A 5 Bytes  JMP 001000E4 
.text           C:\Program Files\Bonjour\mDNSResponder.exe[148] USER32.dll!SetWinEventHook                                                   773E507E 5 Bytes  JMP 00100030 
.text           C:\Program Files\Bonjour\mDNSResponder.exe[148] USER32.dll!SetWindowsHookExA                                                 77406DFA 5 Bytes  JMP 001000A8 
.text           C:\Windows\system32\taskhost.exe[360] ntdll.dll!LdrUnloadDll                                                                 77B3BEAF 5 Bytes  JMP 0006006C 
.text           C:\Windows\system32\taskhost.exe[360] ntdll.dll!LdrLoadDll                                                                   77B3F5B5 5 Bytes  JMP 00060030 
.text           C:\Windows\system32\taskhost.exe[360] USER32.dll!UnhookWindowsHookEx                                                         773DCC7B 5 Bytes  JMP 000F0120 
.text           C:\Windows\system32\taskhost.exe[360] USER32.dll!UnhookWinEvent                                                              773DD924 5 Bytes  JMP 000F006C 
.text           C:\Windows\system32\taskhost.exe[360] USER32.dll!SetWindowsHookExW                                                           773E210A 5 Bytes  JMP 000F00E4 
.text           C:\Windows\system32\taskhost.exe[360] USER32.dll!SetWinEventHook                                                             773E507E 5 Bytes  JMP 000F0030 
.text           C:\Windows\system32\taskhost.exe[360] USER32.dll!SetWindowsHookExA                                                           77406DFA 5 Bytes  JMP 000F00A8 
.text           C:\Windows\system32\wininit.exe[448] ntdll.dll!LdrUnloadDll                                                                  77B3BEAF 5 Bytes  JMP 0007006C 
.text           C:\Windows\system32\wininit.exe[448] ntdll.dll!LdrLoadDll                                                                    77B3F5B5 5 Bytes  JMP 00070030 
.text           C:\Windows\system32\wininit.exe[448] USER32.dll!UnhookWindowsHookEx                                                          773DCC7B 5 Bytes  JMP 00100120 
.text           C:\Windows\system32\wininit.exe[448] USER32.dll!UnhookWinEvent                                                               773DD924 5 Bytes  JMP 0010006C 
.text           C:\Windows\system32\wininit.exe[448] USER32.dll!SetWindowsHookExW                                                            773E210A 5 Bytes  JMP 001000E4 
.text           C:\Windows\system32\wininit.exe[448] USER32.dll!SetWinEventHook                                                              773E507E 5 Bytes  JMP 00100030 
.text           C:\Windows\system32\wininit.exe[448] USER32.dll!SetWindowsHookExA                                                            77406DFA 5 Bytes  JMP 001000A8 
.text           C:\Windows\system32\svchost.exe[460] ntdll.dll!LdrUnloadDll                                                                  77B3BEAF 5 Bytes  JMP 0006006C 
.text           C:\Windows\system32\svchost.exe[460] ntdll.dll!LdrLoadDll                                                                    77B3F5B5 5 Bytes  JMP 00060030 
.text           C:\Windows\system32\svchost.exe[460] USER32.dll!UnhookWindowsHookEx                                                          773DCC7B 5 Bytes  JMP 00250120 
.text           C:\Windows\system32\svchost.exe[460] USER32.dll!UnhookWinEvent                                                               773DD924 5 Bytes  JMP 0025006C 
.text           C:\Windows\system32\svchost.exe[460] USER32.dll!SetWindowsHookExW                                                            773E210A 5 Bytes  JMP 002500E4 
.text           C:\Windows\system32\svchost.exe[460] USER32.dll!SetWinEventHook                                                              773E507E 5 Bytes  JMP 00250030 
.text           C:\Windows\system32\svchost.exe[460] USER32.dll!SetWindowsHookExA                                                            77406DFA 5 Bytes  JMP 002500A8 
.text           C:\Windows\system32\services.exe[516] ntdll.dll!LdrUnloadDll                                                                 77B3BEAF 5 Bytes  JMP 0006006C 
.text           C:\Windows\system32\services.exe[516] ntdll.dll!LdrLoadDll                                                                   77B3F5B5 5 Bytes  JMP 00060030 
.text           C:\Windows\system32\lsass.exe[524] ntdll.dll!LdrUnloadDll                                                                    77B3BEAF 5 Bytes  JMP 000A006C 
.text           C:\Windows\system32\lsass.exe[524] ntdll.dll!LdrLoadDll                                                                      77B3F5B5 5 Bytes  JMP 000A0030 
.text           C:\Windows\system32\lsm.exe[536] ntdll.dll!LdrUnloadDll                                                                      77B3BEAF 5 Bytes  JMP 000A006C 
.text           C:\Windows\system32\lsm.exe[536] ntdll.dll!LdrLoadDll                                                                        77B3F5B5 5 Bytes  JMP 000A0030 
.text           C:\Windows\system32\winlogon.exe[608] ntdll.dll!LdrUnloadDll                                                                 77B3BEAF 5 Bytes  JMP 0007006C 
.text           C:\Windows\system32\winlogon.exe[608] ntdll.dll!LdrLoadDll                                                                   77B3F5B5 5 Bytes  JMP 00070030 
.text           C:\Windows\system32\winlogon.exe[608] USER32.dll!UnhookWindowsHookEx                                                         773DCC7B 5 Bytes  JMP 00110120 
.text           C:\Windows\system32\winlogon.exe[608] USER32.dll!UnhookWinEvent                                                              773DD924 5 Bytes  JMP 0011006C 
.text           C:\Windows\system32\winlogon.exe[608] USER32.dll!SetWindowsHookExW                                                           773E210A 5 Bytes  JMP 001100E4 
.text           C:\Windows\system32\winlogon.exe[608] USER32.dll!SetWinEventHook                                                             773E507E 5 Bytes  JMP 00110030 
.text           C:\Windows\system32\winlogon.exe[608] USER32.dll!SetWindowsHookExA                                                           77406DFA 5 Bytes  JMP 001100A8 
.text           C:\Windows\system32\svchost.exe[692] ntdll.dll!LdrUnloadDll                                                                  77B3BEAF 5 Bytes  JMP 0006006C 
.text           C:\Windows\system32\svchost.exe[692] ntdll.dll!LdrLoadDll                                                                    77B3F5B5 5 Bytes  JMP 00060030 
.text           C:\Windows\system32\nvvsvc.exe[768] ntdll.dll!LdrUnloadDll                                                                   77B3BEAF 5 Bytes  JMP 0016006C 
.text           C:\Windows\system32\nvvsvc.exe[768] ntdll.dll!LdrLoadDll                                                                     77B3F5B5 5 Bytes  JMP 00160030 
.text           C:\Windows\system32\nvvsvc.exe[768] USER32.dll!UnhookWindowsHookEx                                                           773DCC7B 5 Bytes  JMP 001F0120 
.text           C:\Windows\system32\nvvsvc.exe[768] USER32.dll!UnhookWinEvent                                                                773DD924 5 Bytes  JMP 001F006C 
.text           C:\Windows\system32\nvvsvc.exe[768] USER32.dll!SetWindowsHookExW                                                             773E210A 5 Bytes  JMP 001F00E4 
.text           C:\Windows\system32\nvvsvc.exe[768] USER32.dll!SetWinEventHook                                                               773E507E 5 Bytes  JMP 001F0030 
.text           C:\Windows\system32\nvvsvc.exe[768] USER32.dll!SetWindowsHookExA                                                             77406DFA 5 Bytes  JMP 001F00A8 
.text           C:\Windows\system32\svchost.exe[808] ntdll.dll!LdrUnloadDll                                                                  77B3BEAF 5 Bytes  JMP 0006006C 
.text           C:\Windows\system32\svchost.exe[808] ntdll.dll!LdrLoadDll                                                                    77B3F5B5 5 Bytes  JMP 00060030 
.text           C:\Windows\System32\svchost.exe[864] ntdll.dll!LdrUnloadDll                                                                  77B3BEAF 5 Bytes  JMP 0006006C 
.text           C:\Windows\System32\svchost.exe[864] ntdll.dll!LdrLoadDll                                                                    77B3F5B5 5 Bytes  JMP 00060030 
.text           C:\Windows\System32\svchost.exe[864] USER32.dll!UnhookWindowsHookEx                                                          773DCC7B 5 Bytes  JMP 001B0120 
.text           C:\Windows\System32\svchost.exe[864] USER32.dll!UnhookWinEvent                                                               773DD924 5 Bytes  JMP 001B006C 
.text           C:\Windows\System32\svchost.exe[864] USER32.dll!SetWindowsHookExW                                                            773E210A 5 Bytes  JMP 001B00E4 
.text           C:\Windows\System32\svchost.exe[864] USER32.dll!SetWinEventHook                                                              773E507E 5 Bytes  JMP 001B0030 
.text           C:\Windows\System32\svchost.exe[864] USER32.dll!SetWindowsHookExA                                                            77406DFA 5 Bytes  JMP 001B00A8 
.text           C:\Windows\System32\svchost.exe[940] ntdll.dll!LdrUnloadDll                                                                  77B3BEAF 5 Bytes  JMP 0006006C 
.text           C:\Windows\System32\svchost.exe[940] ntdll.dll!LdrLoadDll                                                                    77B3F5B5 5 Bytes  JMP 00060030 
.text           C:\Windows\System32\svchost.exe[940] USER32.dll!UnhookWindowsHookEx                                                          773DCC7B 5 Bytes  JMP 002A0120 
.text           C:\Windows\System32\svchost.exe[940] USER32.dll!UnhookWinEvent                                                               773DD924 5 Bytes  JMP 002A006C 
.text           C:\Windows\System32\svchost.exe[940] USER32.dll!SetWindowsHookExW                                                            773E210A 5 Bytes  JMP 002A00E4 
.text           C:\Windows\System32\svchost.exe[940] USER32.dll!SetWinEventHook                                                              773E507E 5 Bytes  JMP 002A0030 
.text           C:\Windows\System32\svchost.exe[940] USER32.dll!SetWindowsHookExA                                                            77406DFA 5 Bytes  JMP 002A00A8 
.text           C:\Windows\system32\svchost.exe[976] ntdll.dll!LdrUnloadDll                                                                  77B3BEAF 5 Bytes  JMP 000A006C 
.text           C:\Windows\system32\svchost.exe[976] ntdll.dll!LdrLoadDll                                                                    77B3F5B5 5 Bytes  JMP 000A0030 
.text           C:\Windows\system32\svchost.exe[976] USER32.dll!UnhookWindowsHookEx                                                          773DCC7B 5 Bytes  JMP 00CB0120 
.text           C:\Windows\system32\svchost.exe[976] USER32.dll!UnhookWinEvent                                                               773DD924 5 Bytes  JMP 00CB006C 
.text           C:\Windows\system32\svchost.exe[976] USER32.dll!SetWindowsHookExW                                                            773E210A 5 Bytes  JMP 00CB00E4 
.text           C:\Windows\system32\svchost.exe[976] USER32.dll!SetWinEventHook                                                              773E507E 5 Bytes  JMP 00CB0030 
.text           C:\Windows\system32\svchost.exe[976] USER32.dll!SetWindowsHookExA                                                            77406DFA 5 Bytes  JMP 00CB00A8 
.text           C:\Windows\system32\svchost.exe[1136] ntdll.dll!LdrUnloadDll                                                                 77B3BEAF 5 Bytes  JMP 0006006C 
.text           C:\Windows\system32\svchost.exe[1136] ntdll.dll!LdrLoadDll                                                                   77B3F5B5 5 Bytes  JMP 00060030 
.text           C:\Windows\system32\svchost.exe[1136] USER32.dll!UnhookWindowsHookEx                                                         773DCC7B 5 Bytes  JMP 00400120 
.text           C:\Windows\system32\svchost.exe[1136] USER32.dll!UnhookWinEvent                                                              773DD924 5 Bytes  JMP 0040006C 
.text           C:\Windows\system32\svchost.exe[1136] USER32.dll!SetWindowsHookExW                                                           773E210A 5 Bytes  JMP 004000E4 
.text           C:\Windows\system32\svchost.exe[1136] USER32.dll!SetWinEventHook                                                             773E507E 5 Bytes  JMP 00400030 
.text           C:\Windows\system32\svchost.exe[1136] USER32.dll!SetWindowsHookExA                                                           77406DFA 5 Bytes  JMP 004000A8 
.text           C:\Windows\system32\nvvsvc.exe[1240] ntdll.dll!LdrUnloadDll                                                                  77B3BEAF 5 Bytes  JMP 0016006C 
.text           C:\Windows\system32\nvvsvc.exe[1240] ntdll.dll!LdrLoadDll                                                                    77B3F5B5 5 Bytes  JMP 00160030 
.text           C:\Windows\system32\nvvsvc.exe[1240] USER32.dll!UnhookWindowsHookEx                                                          773DCC7B 5 Bytes  JMP 00200120 
.text           C:\Windows\system32\nvvsvc.exe[1240] USER32.dll!UnhookWinEvent                                                               773DD924 5 Bytes  JMP 0020006C 
.text           C:\Windows\system32\nvvsvc.exe[1240] USER32.dll!SetWindowsHookExW                                                            773E210A 5 Bytes  JMP 002000E4 
.text           C:\Windows\system32\nvvsvc.exe[1240] USER32.dll!SetWinEventHook                                                              773E507E 5 Bytes  JMP 00200030 
.text           C:\Windows\system32\nvvsvc.exe[1240] USER32.dll!SetWindowsHookExA                                                            77406DFA 5 Bytes  JMP 002000A8 
.text           C:\Windows\system32\svchost.exe[1264] ntdll.dll!LdrUnloadDll                                                                 77B3BEAF 5 Bytes  JMP 0006006C 
.text           C:\Windows\system32\svchost.exe[1264] ntdll.dll!LdrLoadDll                                                                   77B3F5B5 5 Bytes  JMP 00060030 
.text           C:\Windows\system32\svchost.exe[1264] USER32.dll!UnhookWindowsHookEx                                                         773DCC7B 5 Bytes  JMP 00900120 
.text           C:\Windows\system32\svchost.exe[1264] USER32.dll!UnhookWinEvent                                                              773DD924 5 Bytes  JMP 0090006C 
.text           C:\Windows\system32\svchost.exe[1264] USER32.dll!SetWindowsHookExW                                                           773E210A 5 Bytes  JMP 009000E4 
.text           C:\Windows\system32\svchost.exe[1264] USER32.dll!SetWinEventHook                                                             773E507E 5 Bytes  JMP 00900030 
.text           C:\Windows\system32\svchost.exe[1264] USER32.dll!SetWindowsHookExA                                                           77406DFA 5 Bytes  JMP 009000A8 
.text           C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1404] kernel32.dll!SetUnhandledExceptionFilter                           77023162 4 Bytes  [C2, 04, 00, 90] {RET 0x4; NOP }
.text           C:\Windows\system32\Dwm.exe[1532] ntdll.dll!LdrUnloadDll                                                                     77B3BEAF 5 Bytes  JMP 0006006C 
.text           C:\Windows\system32\Dwm.exe[1532] ntdll.dll!LdrLoadDll                                                                       77B3F5B5 5 Bytes  JMP 00060030 
.text           C:\Windows\system32\Dwm.exe[1532] USER32.dll!UnhookWindowsHookEx                                                             773DCC7B 5 Bytes  JMP 000F0120 
.text           C:\Windows\system32\Dwm.exe[1532] USER32.dll!UnhookWinEvent                                                                  773DD924 5 Bytes  JMP 000F006C 
.text           C:\Windows\system32\Dwm.exe[1532] USER32.dll!SetWindowsHookExW                                                               773E210A 5 Bytes  JMP 000F00E4 
.text           C:\Windows\system32\Dwm.exe[1532] USER32.dll!SetWinEventHook                                                                 773E507E 5 Bytes  JMP 000F0030 
.text           C:\Windows\system32\Dwm.exe[1532] USER32.dll!SetWindowsHookExA                                                               77406DFA 5 Bytes  JMP 000F00A8 
.text           C:\Windows\Explorer.EXE[1556] ntdll.dll!LdrUnloadDll                                                                         77B3BEAF 5 Bytes  JMP 0006006C 
.text           C:\Windows\Explorer.EXE[1556] ntdll.dll!LdrLoadDll                                                                           77B3F5B5 5 Bytes  JMP 00060030 
.text           C:\Windows\Explorer.EXE[1556] USER32.dll!UnhookWindowsHookEx                                                                 773DCC7B 5 Bytes  JMP 00150120 
.text           C:\Windows\Explorer.EXE[1556] USER32.dll!UnhookWinEvent                                                                      773DD924 5 Bytes  JMP 0015006C 
.text           C:\Windows\Explorer.EXE[1556] USER32.dll!SetWindowsHookExW                                                                   773E210A 5 Bytes  JMP 001500E4 
.text           C:\Windows\Explorer.EXE[1556] USER32.dll!SetWinEventHook                                                                     773E507E 5 Bytes  JMP 00150030 
.text           C:\Windows\Explorer.EXE[1556] USER32.dll!SetWindowsHookExA                                                                   77406DFA 5 Bytes  JMP 001500A8 
.text           C:\Program Files\Java\jre6\bin\jusched.exe[1712] ntdll.dll!LdrUnloadDll                                                      77B3BEAF 5 Bytes  JMP 0017006C 
.text           C:\Program Files\Java\jre6\bin\jusched.exe[1712] ntdll.dll!LdrLoadDll                                                        77B3F5B5 5 Bytes  JMP 00170030 
.text           C:\Program Files\Java\jre6\bin\jusched.exe[1712] USER32.dll!UnhookWindowsHookEx                                              773DCC7B 5 Bytes  JMP 00210120 
.text           C:\Program Files\Java\jre6\bin\jusched.exe[1712] USER32.dll!UnhookWinEvent                                                   773DD924 5 Bytes  JMP 0021006C 
.text           C:\Program Files\Java\jre6\bin\jusched.exe[1712] USER32.dll!SetWindowsHookExW                                                773E210A 5 Bytes  JMP 002100E4 
.text           C:\Program Files\Java\jre6\bin\jusched.exe[1712] USER32.dll!SetWinEventHook                                                  773E507E 5 Bytes  JMP 00210030 
.text           C:\Program Files\Java\jre6\bin\jusched.exe[1712] USER32.dll!SetWindowsHookExA                                                77406DFA 5 Bytes  JMP 002100A8 
.text           C:\Program Files\iTunes\iTunesHelper.exe[1892] ntdll.dll!LdrUnloadDll                                                        77B3BEAF 5 Bytes  JMP 0006006C 
.text           C:\Program Files\iTunes\iTunesHelper.exe[1892] ntdll.dll!LdrLoadDll                                                          77B3F5B5 5 Bytes  JMP 00060030 
.text           C:\Program Files\iTunes\iTunesHelper.exe[1892] USER32.dll!UnhookWindowsHookEx                                                773DCC7B 5 Bytes  JMP 00100120 
.text           C:\Program Files\iTunes\iTunesHelper.exe[1892] USER32.dll!UnhookWinEvent                                                     773DD924 5 Bytes  JMP 0010006C 
.text           C:\Program Files\iTunes\iTunesHelper.exe[1892] USER32.dll!SetWindowsHookExW                                                  773E210A 5 Bytes  JMP 001000E4 
.text           C:\Program Files\iTunes\iTunesHelper.exe[1892] USER32.dll!SetWinEventHook                                                    773E507E 5 Bytes  JMP 00100030 
.text           C:\Program Files\iTunes\iTunesHelper.exe[1892] USER32.dll!SetWindowsHookExA                                                  77406DFA 5 Bytes  JMP 001000A8 
.text           C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1972] ntdll.dll!LdrUnloadDll          77B3BEAF 5 Bytes  JMP 0006006C 
.text           C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1972] ntdll.dll!LdrLoadDll            77B3F5B5 5 Bytes  JMP 00060030 
.text           C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1972] USER32.dll!UnhookWindowsHookEx  773DCC7B 5 Bytes  JMP 00090120 
.text           C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1972] USER32.dll!UnhookWinEvent       773DD924 5 Bytes  JMP 0009006C 
.text           C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1972] USER32.dll!SetWindowsHookExW    773E210A 5 Bytes  JMP 000900E4 
.text           C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1972] USER32.dll!SetWinEventHook      773E507E 5 Bytes  JMP 00090030 
.text           C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1972] USER32.dll!SetWindowsHookExA    77406DFA 5 Bytes  JMP 000900A8 
.text           C:\Windows\System32\spoolsv.exe[2036] ntdll.dll!LdrUnloadDll                                                                 77B3BEAF 5 Bytes  JMP 0006006C 
.text           C:\Windows\System32\spoolsv.exe[2036] ntdll.dll!LdrLoadDll                                                                   77B3F5B5 5 Bytes  JMP 00060030 
.text           C:\Windows\System32\spoolsv.exe[2036] USER32.dll!UnhookWindowsHookEx                                                         773DCC7B 5 Bytes  JMP 00140120 
.text           C:\Windows\System32\spoolsv.exe[2036] USER32.dll!UnhookWinEvent                                                              773DD924 5 Bytes  JMP 0014006C 
.text           C:\Windows\System32\spoolsv.exe[2036] USER32.dll!SetWindowsHookExW                                                           773E210A 5 Bytes  JMP 001400E4 
.text           C:\Windows\System32\spoolsv.exe[2036] USER32.dll!SetWinEventHook                                                             773E507E 5 Bytes  JMP 00140030 
.text           C:\Windows\System32\spoolsv.exe[2036] USER32.dll!SetWindowsHookExA                                                           77406DFA 5 Bytes  JMP 001400A8 
.text           C:\Windows\system32\svchost.exe[2196] ntdll.dll!LdrUnloadDll                                                                 77B3BEAF 5 Bytes  JMP 0006006C 
.text           C:\Windows\system32\svchost.exe[2196] ntdll.dll!LdrLoadDll                                                                   77B3F5B5 5 Bytes  JMP 00060030 
.text           C:\Windows\system32\SearchIndexer.exe[2820] ntdll.dll!LdrUnloadDll                                                           77B3BEAF 5 Bytes  JMP 0006006C 
.text           C:\Windows\system32\SearchIndexer.exe[2820] ntdll.dll!LdrLoadDll                                                             77B3F5B5 5 Bytes  JMP 00060030 
.text           C:\Windows\system32\SearchIndexer.exe[2820] USER32.dll!UnhookWindowsHookEx                                                   773DCC7B 5 Bytes  JMP 00250120 
.text           C:\Windows\system32\SearchIndexer.exe[2820] USER32.dll!UnhookWinEvent                                                        773DD924 5 Bytes  JMP 0025006C 
.text           C:\Windows\system32\SearchIndexer.exe[2820] USER32.dll!SetWindowsHookExW                                                     773E210A 5 Bytes  JMP 002500E4 
.text           C:\Windows\system32\SearchIndexer.exe[2820] USER32.dll!SetWinEventHook                                                       773E507E 5 Bytes  JMP 00250030 
.text           C:\Windows\system32\SearchIndexer.exe[2820] USER32.dll!SetWindowsHookExA                                                     77406DFA 5 Bytes  JMP 002500A8 
.text           C:\Program Files\iPod\bin\iPodService.exe[2876] ntdll.dll!LdrUnloadDll                                                       77B3BEAF 5 Bytes  JMP 0016006C 
.text           C:\Program Files\iPod\bin\iPodService.exe[2876] ntdll.dll!LdrLoadDll                                                         77B3F5B5 5 Bytes  JMP 00160030 
.text           C:\Program Files\iPod\bin\iPodService.exe[2876] USER32.dll!UnhookWindowsHookEx                                               773DCC7B 5 Bytes  JMP 00200120 
.text           C:\Program Files\iPod\bin\iPodService.exe[2876] USER32.dll!UnhookWinEvent                                                    773DD924 5 Bytes  JMP 0020006C 
.text           C:\Program Files\iPod\bin\iPodService.exe[2876] USER32.dll!SetWindowsHookExW                                                 773E210A 5 Bytes  JMP 002000E4 
.text           C:\Program Files\iPod\bin\iPodService.exe[2876] USER32.dll!SetWinEventHook                                                   773E507E 5 Bytes  JMP 00200030 
.text           C:\Program Files\iPod\bin\iPodService.exe[2876] USER32.dll!SetWindowsHookExA                                                 77406DFA 5 Bytes  JMP 002000A8 
.text           C:\Windows\system32\svchost.exe[2928] ntdll.dll!LdrUnloadDll                                                                 77B3BEAF 5 Bytes  JMP 0006006C 
.text           C:\Windows\system32\svchost.exe[2928] ntdll.dll!LdrLoadDll                                                                   77B3F5B5 5 Bytes  JMP 00060030 
.text           C:\Windows\system32\svchost.exe[2996] ntdll.dll!LdrUnloadDll                                                                 77B3BEAF 5 Bytes  JMP 0006006C 
.text           C:\Windows\system32\svchost.exe[2996] ntdll.dll!LdrLoadDll                                                                   77B3F5B5 5 Bytes  JMP 00060030 
.text           C:\Windows\system32\svchost.exe[2996] USER32.dll!UnhookWindowsHookEx                                                         773DCC7B 5 Bytes  JMP 001F0120 
.text           C:\Windows\system32\svchost.exe[2996] USER32.dll!UnhookWinEvent                                                              773DD924 5 Bytes  JMP 001F006C 
.text           C:\Windows\system32\svchost.exe[2996] USER32.dll!SetWindowsHookExW                                                           773E210A 5 Bytes  JMP 001F00E4 
.text           C:\Windows\system32\svchost.exe[2996] USER32.dll!SetWinEventHook                                                             773E507E 5 Bytes  JMP 001F0030 
.text           C:\Windows\system32\svchost.exe[2996] USER32.dll!SetWindowsHookExA                                                           77406DFA 5 Bytes  JMP 001F00A8 
.text           C:\Windows\system32\svchost.exe[3052] ntdll.dll!LdrUnloadDll                                                                 77B3BEAF 5 Bytes  JMP 000A006C 
.text           C:\Windows\system32\svchost.exe[3052] ntdll.dll!LdrLoadDll                                                                   77B3F5B5 5 Bytes  JMP 000A0030 
.text           C:\Windows\system32\WUDFHost.exe[3132] ntdll.dll!LdrUnloadDll                                                                77B3BEAF 5 Bytes  JMP 0006006C 
.text           C:\Windows\system32\WUDFHost.exe[3132] ntdll.dll!LdrLoadDll                                                                  77B3F5B5 5 Bytes  JMP 00060030 
.text           C:\Windows\system32\WUDFHost.exe[3132] USER32.dll!UnhookWindowsHookEx                                                        773DCC7B 5 Bytes  JMP 00100120 
.text           C:\Windows\system32\WUDFHost.exe[3132] USER32.dll!UnhookWinEvent                                                             773DD924 5 Bytes  JMP 0010006C 
.text           C:\Windows\system32\WUDFHost.exe[3132] USER32.dll!SetWindowsHookExW                                                          773E210A 5 Bytes  JMP 001000E4 
.text           C:\Windows\system32\WUDFHost.exe[3132] USER32.dll!SetWinEventHook                                                            773E507E 5 Bytes  JMP 00100030 
.text           C:\Windows\system32\WUDFHost.exe[3132] USER32.dll!SetWindowsHookExA                                                          77406DFA 5 Bytes  JMP 001000A8 
.text           C:\Windows\System32\svchost.exe[3848] ntdll.dll!LdrUnloadDll                                                                 77B3BEAF 5 Bytes  JMP 0006006C 
.text           C:\Windows\System32\svchost.exe[3848] ntdll.dll!LdrLoadDll                                                                   77B3F5B5 5 Bytes  JMP 00060030 
.text           C:\Windows\System32\svchost.exe[3848] USER32.dll!UnhookWindowsHookEx                                                         773DCC7B 5 Bytes  JMP 00180120 
.text           C:\Windows\System32\svchost.exe[3848] USER32.dll!UnhookWinEvent                                                              773DD924 5 Bytes  JMP 0018006C 
.text           C:\Windows\System32\svchost.exe[3848] USER32.dll!SetWindowsHookExW                                                           773E210A 5 Bytes  JMP 001800E4 
.text           C:\Windows\System32\svchost.exe[3848] USER32.dll!SetWinEventHook                                                             773E507E 5 Bytes  JMP 00180030 
.text           C:\Windows\System32\svchost.exe[3848] USER32.dll!SetWindowsHookExA                                                           77406DFA 5 Bytes  JMP 001800A8 

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT             \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortUchar]                                                     [88A1B90E] \SystemRoot\System32\Drivers\spsl.sys
IAT             \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortUchar]                                                    [88A1BF9C] \SystemRoot\System32\Drivers\spsl.sys
IAT             \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortUlong]                                                    [88A1B3E6] \SystemRoot\System32\Drivers\spsl.sys
IAT             \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort]                                             [88A1C178] \SystemRoot\System32\Drivers\spsl.sys
IAT             \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort]                                              [88A1B1D4] \SystemRoot\System32\Drivers\spsl.sys

---- Devices - GMER 1.0.15 ----

Device          \FileSystem\Ntfs \Ntfs                                                                                                       84A7A1F8
Device          \FileSystem\fastfat \FatCdrom                                                                                                85D25470
Device          \Driver\volmgr \Device\VolMgrControl                                                                                         84A741F8
Device          \Driver\usbuhci \Device\USBPDO-0                                                                                             85DF71F8
Device          \Driver\usbuhci \Device\USBPDO-1                                                                                             85DF71F8
Device          \Driver\usbehci \Device\USBPDO-2                                                                                             85CF5470
Device          \Driver\usbuhci \Device\USBPDO-3                                                                                             85DF71F8
Device          \Driver\usbuhci \Device\USBPDO-4                                                                                             85DF71F8

AttachedDevice  \Driver\tdx \Device\Tcp                                                                                                      aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device          \Driver\NetBT \Device\NetBT_Tcpip_{C335EEA2-1750-4D18-8837-E5DC6DB8530E}                                                     85CA11F8
Device          \Driver\usbuhci \Device\USBPDO-5                                                                                             85DF71F8
Device          \Driver\usbehci \Device\USBPDO-6                                                                                             85CF5470
Device          \Driver\PCI_PNP4028 \Device\00000057                                                                                         spsl.sys
Device          \Driver\volmgr \Device\HarddiskVolume1                                                                                       84A741F8

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                                       fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device          \Driver\volmgr \Device\HarddiskVolume2                                                                                       84A741F8

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                                       fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device          \Driver\atapi \Device\Ide\IdePort0                                                                                           84A771F8
Device          \Driver\atapi \Device\Ide\IdePort1                                                                                           84A771F8
Device          \Driver\atapi \Device\Ide\IdePort2                                                                                           84A771F8
Device          \Driver\atapi \Device\Ide\IdePort3                                                                                           84A771F8
Device          \Driver\atapi \Device\Ide\IdePort4                                                                                           84A771F8
Device          \Driver\atapi \Device\Ide\IdePort5                                                                                           84A771F8
Device          \Driver\atapi \Device\Ide\IdePort6                                                                                           84A771F8
Device          \Driver\msahci \Device\Ide\PciIde2Channel0                                                                                   84A781F8
Device          \Driver\msahci \Device\Ide\PciIde2Channel1                                                                                   84A781F8
Device          \Driver\msahci \Device\Ide\PciIde2Channel2                                                                                   84A781F8
Device          \Driver\atapi \Device\Ide\IdeDeviceP4T0L0-8                                                                                  84A771F8
Device          \Driver\volmgr \Device\HarddiskVolume3                                                                                       84A741F8

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                                                       fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device          \Driver\USBSTOR \Device\00000073                                                                                             875C3470
Device          \Driver\USBSTOR \Device\00000074                                                                                             875C3470
Device          \Driver\volmgr \Device\HarddiskVolume4                                                                                       84A741F8

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4                                                                                       fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device          \Driver\USBSTOR \Device\00000075                                                                                             875C3470
Device          \Driver\USBSTOR \Device\00000076                                                                                             875C3470
Device          \Driver\NetBT \Device\NetBt_Wins_Export                                                                                      85CA11F8
Device          \Driver\ACPI_HAL \Device\0000004a                                                                                            halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
Device          \Driver\BTHUSB \Device\00000079                                                                                              bthport.sys (Bluetooth-Bustreiber/Microsoft Corporation)
Device          \Driver\BTHUSB \Device\00000079                                                                                              bthport.sys (Bluetooth-Bustreiber/Microsoft Corporation)
Device          \Driver\NetBT \Device\NetBT_Tcpip_{27852BB0-8506-48DE-8F8C-576D817DB8C3}                                                     85CA11F8

AttachedDevice  \Driver\tdx \Device\Udp                                                                                                      aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device          \Driver\usbuhci \Device\USBFDO-0                                                                                             85DF71F8
Device          \Driver\usbuhci \Device\USBFDO-1                                                                                             85DF71F8
Device          \Driver\BTHUSB \Device\0000007b                                                                                              bthport.sys (Bluetooth-Bustreiber/Microsoft Corporation)
Device          \Driver\BTHUSB \Device\0000007b                                                                                              bthport.sys (Bluetooth-Bustreiber/Microsoft Corporation)
Device          \Driver\usbehci \Device\USBFDO-2                                                                                             85CF5470
Device          \Driver\usbuhci \Device\USBFDO-3                                                                                             85DF71F8
Device          \Driver\usbuhci \Device\USBFDO-4                                                                                             85DF71F8
Device          \Driver\usbuhci \Device\USBFDO-5                                                                                             85DF71F8
Device          \Driver\sptd \Device\1629280029                                                                                              spsl.sys
Device          \Driver\usbehci \Device\USBFDO-6                                                                                             85CF5470
Device          \Driver\awk0y679 \Device\Scsi\awk0y6791                                                                                      85BCF1F8
Device          \Driver\NetBT \Device\NetBT_Tcpip_{FB401F87-E611-43F1-B357-3C66150271EF}                                                     85CA11F8
Device          \FileSystem\fastfat \Fat                                                                                                     85D25470

AttachedDevice  \FileSystem\fastfat \Fat                                                                                                     fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001060d10d32                                                  
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1                                                                           771343423
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2                                                                           285507792
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0                                                                           1
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                             
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                          C:\Program Files\DAEMON Tools Pro\
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                          0x96 0x4D 0x00 0x00 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                          0
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                       0x4D 0xA1 0xD5 0x20 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                                    
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                                 0xA0 0x02 0x00 0x00 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                              0xC9 0x85 0x60 0x55 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002                                    
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@a0                                 0xA0 0x02 0x00 0x00 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@hdf12                              0x88 0x20 0xA1 0xF0 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0                               
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0@hdf12                         0xAF 0x5E 0xD9 0x82 ...
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001060d10d32 (not active ControlSet)                              
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                         
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                              C:\Program Files\DAEMON Tools Pro\
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                              0x96 0x4D 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                              0
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                           0x4D 0xA1 0xD5 0x20 ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)                
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                                     0xA0 0x02 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                                  0xC9 0x85 0x60 0x55 ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002 (not active ControlSet)                
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@a0                                     0xA0 0x02 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@hdf12                                  0x88 0x20 0xA1 0xF0 ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0 (not active ControlSet)           
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0@hdf12                             0xAF 0x5E 0xD9 0x82 ...

---- Files - GMER 1.0.15 ----

File            C:\## aswSnx private storage                                                                                                 0 bytes
File            C:\## aswSnx private storage\snx_rhive                                                                                       262144 bytes
File            C:\## aswSnx private storage\snx_rhive.LOG1                                                                                  5120 bytes
File            C:\## aswSnx private storage\snx_rhive.LOG2                                                                                  0 bytes
File            C:\## aswSnx private storage\snx_rhive{3208742a-5eef-11e0-8eb0-001060d10d32}.TM.blf                                          65536 bytes
File            C:\## aswSnx private storage\snx_rhive{3208742a-5eef-11e0-8eb0-001060d10d32}.TMContainer00000000000000000001.regtrans-ms     524288 bytes
File            C:\## aswSnx private storage\snx_rhive{3208742a-5eef-11e0-8eb0-001060d10d32}.TMContainer00000000000000000002.regtrans-ms     524288 bytes
File            C:\## aswSnx private storage\webStorage                                                                                      0 bytes
File            C:\## aswSnx private storage\webStorage\attrib                                                                               0 bytes
File            C:\## aswSnx private storage\webStorage\image                                                                                0 bytes
File            C:\## aswSnx private storage\webStorage\image\Windows                                                                        0 bytes
File            C:\## aswSnx private storage\webStorage\image\Windows\Prefetch                                                               0 bytes
File            C:\## aswSnx private storage\webStorage\image\Windows\Prefetch\CONHOST.EXE-3218E401.pf                                       11514 bytes
File            C:\## aswSnx private storage\webStorage\image\Windows\Prefetch\IEXPLORE.EXE-BC8A94AF.pf                                      32968 bytes
File            C:\## aswSnx private storage\webStorage\snx_fs.dat                                                                           612 bytes

---- EOF - GMER 1.0.15 ----

OSAM Log:

Code:

ATTFilter

Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 19:18:26 on 05.04.2011

OS: Windows 7 Ultimate Edition (Build 7600), 32-bit
Default Browser: Mozilla Corporation Firefox 3.5.18

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"PhysX.cpl" - "NVIDIA Corporation" - C:\Windows\system32\PhysX.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"AnyDVD" (AnyDVD) - ? - C:\Windows\System32\Drivers\AnyDVD.sys  (File not found)
"aswFsBlk" (aswFsBlk) - "AVAST Software" - C:\Windows\system32\drivers\aswFsBlk.sys
"aswMonFlt" (aswMonFlt) - "AVAST Software" - C:\Windows\system32\drivers\aswMonFlt.sys
"aswRdr" (aswRdr) - "AVAST Software" - C:\Windows\system32\drivers\aswRdr.sys
"aswSnx" (aswSnx) - "AVAST Software" - C:\Windows\system32\drivers\aswSnx.sys
"aswSP" (aswSP) - "AVAST Software" - C:\Windows\system32\drivers\aswSP.sys
"avast! Network Shield Support" (aswTdi) - "AVAST Software" - C:\Windows\system32\drivers\aswTdi.sys
"awk0y679" (awk0y679) - "Advanced Micro Devices" - C:\Windows\system32\drivers\awk0y679.sys  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"catchme" (catchme) - ? - C:\Users\Vee\AppData\Local\Temp\catchme.sys  (File not found)
"Dynamically loaded UxdDrv" (uxddrv) - ? - d:\DIAGNOSE\WSTGER32\2PART\uxddrv86.sys  (File not found)
"ElbyCDIO Driver" (ElbyCDIO) - ? - C:\Windows\System32\Drivers\ElbyCDIO.sys  (File not found)
"pfldypow" (pfldypow) - ? - C:\Users\Vee\AppData\Local\Temp\pfldypow.sys  (Hidden registry entry, rootkit activity | File not found)
"sptd" (sptd) - "Duplex Secure Ltd." - C:\Windows\System32\Drivers\sptd.sys  (File is exclusively opened, access blocked)

[Explorer]
-----( HKCU\Software\Classes\Folder\shellex\ColumnHandlers )-----
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{472083B0-C522-11CF-8763-00608CC02F24} "avast" - "AVAST Software" - C:\Program Files\Alwil Software\Avast5\ashShell.dll
{A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.dll
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll
{3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} "NVIDIA CPL Context Menu Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvshext.dll
{FFB699E0-306A-11d3-8BD1-00104B6F7516} "NVIDIA CPL Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? -   (File not found | COM-object registry key not found)
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? -   (File not found | COM-object registry key not found)
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? -   (File not found | COM-object registry key not found)
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? -   (File not found | COM-object registry key not found)
{52B87208-9CCF-42C9-B88E-069281105805} "Trojan Remover Shell Extension" - ? -   (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_16" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} "Java Plug-in 1.6.0_16" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_16" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_16.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\system32\Macromed\Flash\Flash10d.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{30F9B915-B755-4826-820B-08FBA6BD249D} "{30F9B915-B755-4826-820B-08FBA6BD249D}" - ? -   (File not found | COM-object registry key not found)
{c2db4fe6-8409-45ce-8010-189a7b5cce86} "{c2db4fe6-8409-45ce-8010-189a7b5cce86}" - ? -   (File not found | COM-object registry key not found)

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Vee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"OpenOffice.org 3.1.lnk" - ? - C:\Users\Vee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk  (Shortcut exists | File not found)
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"DAEMON Tools Pro Agent" - "DT Soft Ltd" - "C:\Program Files\DAEMON Tools Pro\DTAgent.exe" -autorun
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"AppleSyncNotifier" - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
"avast5" - "AVAST Software" - "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
"iTunesHelper" - "Apple Inc." - "C:\Program Files\iTunes\iTunesHelper.exe"
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Java\jre6\bin\jusched.exe"

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"avast! Antivirus" (avast! Antivirus) - "AVAST Software" - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

MBR Log:

Code:

ATTFilter

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:			
Windows Version:		Windows 7 Ultimate Edition
Windows Information:		 (build 7600), 32-bit
Base Board Manufacturer:	Notebook
BIOS Manufacturer:		Phoenix Technologies LTD
System Manufacturer:		Notebook
System Product Name:		MIM2280
Logical Drives Mask:		0x00000074

Kernel Drivers (total 174):
  0x82A3E000 \SystemRoot\system32\ntkrnlpa.exe
  0x82A07000 \SystemRoot\system32\halmacpi.dll
  0x80BAD000 \SystemRoot\system32\kdcom.dll
  0x88810000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
  0x88888000 \SystemRoot\system32\PSHED.dll
  0x88899000 \SystemRoot\system32\BOOTVID.dll
  0x888A1000 \SystemRoot\system32\CLFS.SYS
  0x888E3000 \SystemRoot\system32\CI.dll
  0x8898E000 \SystemRoot\system32\drivers\Wdf01000.sys
  0x88800000 \SystemRoot\system32\drivers\WDFLDR.SYS
  0x88A19000 \SystemRoot\System32\Drivers\spsl.sys
  0x88B12000 \SystemRoot\System32\Drivers\WMILIB.SYS
  0x88B1B000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
  0x88B41000 \SystemRoot\system32\DRIVERS\ACPI.sys
  0x88B89000 \SystemRoot\system32\DRIVERS\msisadrv.sys
  0x88B91000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
  0x88B9C000 \SystemRoot\system32\DRIVERS\pci.sys
  0x88BC6000 \SystemRoot\System32\drivers\partmgr.sys
  0x88BD7000 \SystemRoot\system32\DRIVERS\compbatt.sys
  0x88BDF000 \SystemRoot\system32\DRIVERS\BATTC.SYS
  0x88BEA000 \SystemRoot\system32\DRIVERS\volmgr.sys
  0x88C0E000 \SystemRoot\System32\drivers\volmgrx.sys
  0x88C59000 \SystemRoot\system32\DRIVERS\intelide.sys
  0x88C60000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
  0x88C6E000 \SystemRoot\system32\DRIVERS\pciide.sys
  0x88C75000 \SystemRoot\System32\drivers\mountmgr.sys
  0x88C8B000 \SystemRoot\system32\DRIVERS\atapi.sys
  0x88C94000 \SystemRoot\system32\DRIVERS\ataport.SYS
  0x88CB7000 \SystemRoot\system32\DRIVERS\msahci.sys
  0x88CC1000 \SystemRoot\system32\DRIVERS\amdxata.sys
  0x88CCA000 \SystemRoot\system32\drivers\fltmgr.sys
  0x88CFE000 \SystemRoot\system32\drivers\fileinfo.sys
  0x88E25000 \SystemRoot\System32\Drivers\Ntfs.sys
  0x88F54000 \SystemRoot\System32\Drivers\msrpc.sys
  0x88F7F000 \SystemRoot\System32\Drivers\ksecdd.sys
  0x88F92000 \SystemRoot\System32\Drivers\cng.sys
  0x88FEF000 \SystemRoot\System32\drivers\pcw.sys
  0x88E00000 \SystemRoot\System32\Drivers\Fs_Rec.sys
  0x88D0F000 \SystemRoot\system32\drivers\ndis.sys
  0x89013000 \SystemRoot\system32\drivers\NETIO.SYS
  0x89051000 \SystemRoot\System32\Drivers\ksecpkg.sys
  0x89076000 \SystemRoot\System32\drivers\tcpip.sys
  0x891BF000 \SystemRoot\System32\drivers\fwpkclnt.sys
  0x891F0000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
  0x89234000 \SystemRoot\system32\DRIVERS\volsnap.sys
  0x89273000 \SystemRoot\System32\Drivers\spldr.sys
  0x8927B000 \SystemRoot\System32\drivers\rdyboost.sys
  0x892A8000 \SystemRoot\System32\Drivers\mup.sys
  0x892B8000 \SystemRoot\System32\drivers\hwpolicy.sys
  0x892C0000 \SystemRoot\System32\DRIVERS\fvevol.sys
  0x892F2000 \SystemRoot\system32\DRIVERS\disk.sys
  0x89303000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
  0x8935B000 \SystemRoot\System32\Drivers\awk0y679.SYS
  0x89393000 \SystemRoot\system32\DRIVERS\cdrom.sys
  0x8DC3A000 \SystemRoot\System32\Drivers\aswSnx.SYS
  0x8DC98000 \SystemRoot\System32\Drivers\Null.SYS
  0x8DC9F000 \SystemRoot\System32\Drivers\Beep.SYS
  0x8DCA6000 \SystemRoot\System32\drivers\vga.sys
  0x8DCB2000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
  0x8DCD3000 \SystemRoot\System32\drivers\watchdog.sys
  0x8DCE0000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0x8DCE8000 \SystemRoot\system32\drivers\rdpencdd.sys
  0x8DCF0000 \SystemRoot\system32\drivers\rdprefmp.sys
  0x8DCF8000 \SystemRoot\System32\Drivers\Msfs.SYS
  0x8DD03000 \SystemRoot\System32\Drivers\Npfs.SYS
  0x8DD11000 \SystemRoot\system32\DRIVERS\tdx.sys
  0x8DD28000 \SystemRoot\system32\DRIVERS\TDI.SYS
  0x8DD33000 \SystemRoot\System32\Drivers\aswTdi.SYS
  0x8DD3D000 \SystemRoot\system32\drivers\afd.sys
  0x8DD97000 \SystemRoot\System32\Drivers\aswRdr.SYS
  0x8DD9C000 \SystemRoot\System32\DRIVERS\netbt.sys
  0x8DDCE000 \SystemRoot\system32\DRIVERS\wfplwf.sys
  0x8DDD5000 \SystemRoot\system32\DRIVERS\pacer.sys
  0x8DC00000 \SystemRoot\system32\DRIVERS\netbios.sys
  0x8DC0E000 \SystemRoot\system32\DRIVERS\wanarp.sys
  0x8DC21000 \SystemRoot\system32\DRIVERS\termdd.sys
  0x893B2000 \SystemRoot\system32\DRIVERS\rdbss.sys
  0x8DDF4000 \SystemRoot\system32\drivers\nsiproxy.sys
  0x893F3000 \SystemRoot\system32\DRIVERS\mssmbios.sys
  0x89200000 \SystemRoot\System32\drivers\discache.sys
  0x8EA06000 \SystemRoot\system32\drivers\csc.sys
  0x8EA6A000 \SystemRoot\System32\Drivers\dfsc.sys
  0x8EA82000 \SystemRoot\system32\DRIVERS\blbdrive.sys
  0x8EA90000 \SystemRoot\System32\Drivers\aswSP.SYS
  0x8EAD8000 \SystemRoot\system32\DRIVERS\tunnel.sys
  0x8EAF9000 \SystemRoot\system32\DRIVERS\intelppm.sys
  0x8F207000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
  0x8FD01000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
  0x8FD03000 \SystemRoot\System32\drivers\dxgkrnl.sys
  0x8FDBA000 \SystemRoot\System32\drivers\dxgmms1.sys
  0x8EB0B000 \SystemRoot\System32\Drivers\fastfat.SYS
  0x8FDF3000 \SystemRoot\system32\DRIVERS\usbuhci.sys
  0x8EB35000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
  0x8EB80000 \SystemRoot\system32\DRIVERS\usbehci.sys
  0x8EB8F000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
  0x90608000 \SystemRoot\system32\DRIVERS\netw5v32.sys
  0x90A1B000 \SystemRoot\system32\DRIVERS\Rt86win7.sys
  0x90A40000 \SystemRoot\system32\DRIVERS\i8042prt.sys
  0x90A58000 \SystemRoot\system32\DRIVERS\kbdclass.sys
  0x90A65000 \SystemRoot\system32\DRIVERS\mouclass.sys
  0x90A72000 \SystemRoot\system32\DRIVERS\CmBatt.sys
  0x90A76000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
  0x90A83000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
  0x90A95000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
  0x90AAD000 \SystemRoot\system32\DRIVERS\ndistapi.sys
  0x90AB8000 \SystemRoot\system32\DRIVERS\ndiswan.sys
  0x90ADA000 \SystemRoot\system32\DRIVERS\raspppoe.sys
  0x90AF2000 \SystemRoot\system32\DRIVERS\raspptp.sys
  0x90B09000 \SystemRoot\system32\DRIVERS\rassstp.sys
  0x90B20000 \SystemRoot\system32\DRIVERS\rdpbus.sys
  0x90B2A000 \SystemRoot\system32\DRIVERS\swenum.sys
  0x90B2C000 \SystemRoot\system32\DRIVERS\ks.sys
  0x90B60000 \SystemRoot\system32\DRIVERS\umbus.sys
  0x90B6E000 \SystemRoot\system32\DRIVERS\usbhub.sys
  0x90BB2000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0x8EBAE000 \SystemRoot\system32\drivers\HdAudio.sys
  0x90BC3000 \SystemRoot\system32\drivers\portcls.sys
  0x8920C000 \SystemRoot\system32\drivers\drmk.sys
  0x93E03000 \SystemRoot\system32\DRIVERS\AGRSM.sys
  0x93F09000 \SystemRoot\system32\DRIVERS\USBD.SYS
  0x93F0B000 \SystemRoot\system32\drivers\modem.sys
  0x95CC0000 \SystemRoot\System32\win32k.sys
  0x93F18000 \SystemRoot\System32\drivers\Dxapi.sys
  0x93F22000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
  0x93F39000 \SystemRoot\System32\Drivers\crashdmp.sys
  0x93F46000 \SystemRoot\System32\Drivers\dump_dumpata.sys
  0x93F51000 \SystemRoot\System32\Drivers\dump_msahci.sys
  0x93F5B000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
  0x93F6C000 \SystemRoot\system32\DRIVERS\monitor.sys
  0x95F20000 \SystemRoot\System32\TSDDD.dll
  0x95F50000 \SystemRoot\System32\cdd.dll
  0x93F77000 \SystemRoot\system32\DRIVERS\usbgene.sys
  0x93F98000 \SystemRoot\system32\DRIVERS\STREAM.SYS
  0x93FA6000 \SystemRoot\system32\DRIVERS\USBCAMD2.SYS
  0x93FAD000 \SystemRoot\system32\DRIVERS\USBGENE0.SYS
  0x81E1C000 \SystemRoot\system32\DRIVERS\USBGENE1.SYS
  0x81E9A000 \SystemRoot\system32\DRIVERS\USBGENE2.SYS
  0x81EBC000 \SystemRoot\System32\Drivers\BTHUSB.sys
  0x81ECE000 \SystemRoot\System32\Drivers\bthport.sys
  0x81F32000 \SystemRoot\system32\DRIVERS\rfcomm.sys
  0x81F56000 \SystemRoot\system32\DRIVERS\BthEnum.sys
  0x81F63000 \SystemRoot\system32\DRIVERS\bthpan.sys
  0x81F7E000 \SystemRoot\system32\drivers\luafv.sys
  0x81F99000 \??\C:\Windows\system32\drivers\aswMonFlt.sys
  0x81FD1000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
  0x81FD4000 \SystemRoot\system32\drivers\WudfPf.sys
  0x81FEE000 \SystemRoot\system32\DRIVERS\lltdio.sys
  0x8EC1C000 \SystemRoot\system32\DRIVERS\nwifi.sys
  0x8EC62000 \SystemRoot\system32\DRIVERS\ndisuio.sys
  0x8EC72000 \SystemRoot\system32\DRIVERS\rspndr.sys
  0x8EC85000 \SystemRoot\system32\drivers\HTTP.sys
  0x8ED0A000 \SystemRoot\system32\DRIVERS\bowser.sys
  0x8ED23000 \SystemRoot\System32\drivers\mpsdrv.sys
  0x8ED35000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  0x8ED58000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
  0x8ED93000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
  0x9DE0C000 \SystemRoot\system32\drivers\peauth.sys
  0x9DEA3000 \SystemRoot\System32\Drivers\secdrv.SYS
  0x9DEAD000 \SystemRoot\System32\DRIVERS\srvnet.sys
  0x9DECE000 \SystemRoot\System32\drivers\tcpipreg.sys
  0x9DEDB000 \SystemRoot\System32\DRIVERS\srv2.sys
  0x9DF2A000 \SystemRoot\System32\DRIVERS\srv.sys
  0x9DF7B000 \??\C:\Users\Vee\AppData\Local\Temp\pfldypow.sys
  0x77AE0000 \Windows\System32\ntdll.dll
  0x47E00000 \Windows\System32\smss.exe
  0x77D20000 \Windows\System32\apisetschema.dll
  0x00F20000 \Windows\System32\autochk.exe
  0x77CE0000 \Windows\System32\imagehlp.dll
  0x77C80000 \Windows\System32\difxapi.dll
  0x77A60000 \Windows\System32\comdlg32.dll
  0x77C70000 \Windows\System32\psapi.dll
  0x77C50000 \Windows\System32\imm32.dll
  0x77860000 \Windows\System32\iertutil.dll
  0x77700000 \Windows\System32\ole32.dll

Processes (total 41):
       0 System Idle Process
       4 System
     308 C:\Windows\System32\smss.exe
     396 csrss.exe
     448 C:\Windows\System32\wininit.exe
     468 csrss.exe
     516 C:\Windows\System32\services.exe
     524 C:\Windows\System32\lsass.exe
     536 C:\Windows\System32\lsm.exe
     608 C:\Windows\System32\winlogon.exe
     692 C:\Windows\System32\svchost.exe
     768 C:\Windows\System32\nvvsvc.exe
     808 C:\Windows\System32\svchost.exe
     864 C:\Windows\System32\svchost.exe
     940 C:\Windows\System32\svchost.exe
     976 C:\Windows\System32\svchost.exe
    1136 C:\Windows\System32\svchost.exe
    1240 C:\Windows\System32\nvvsvc.exe
    1264 C:\Windows\System32\svchost.exe
    1404 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    1532 C:\Windows\System32\dwm.exe
    1556 C:\Windows\explorer.exe
    1712 C:\Program Files\Java\jre6\bin\jusched.exe
    1780 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    1892 C:\Program Files\iTunes\iTunesHelper.exe
    2036 C:\Windows\System32\spoolsv.exe
     460 C:\Windows\System32\svchost.exe
     360 C:\Windows\System32\taskhost.exe
    1972 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
     148 C:\Program Files\Bonjour\mDNSResponder.exe
    2196 C:\Windows\System32\svchost.exe
    2820 C:\Windows\System32\SearchIndexer.exe
    2876 C:\Program Files\iPod\bin\iPodService.exe
    2928 C:\Windows\System32\svchost.exe
    2996 C:\Windows\System32\svchost.exe
    3052 C:\Windows\System32\svchost.exe
    3848 C:\Windows\System32\svchost.exe
    1672 C:\Windows\System32\audiodg.exe
     380 C:\Users\Vee\Desktop\MBRCheck.exe
    1884 C:\Windows\System32\conhost.exe
    3824 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00  (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x00000033`72f7e000  (FAT32)

PhysicalDrive0 Model Number: WDCWD2500BEVS-22UST0, Rev: 01.01A01

      Size  Device Name          MBR Status
  --------------------------------------------
    232 GB  \\.\PhysicalDrive0   Windows 7 MBR code detected
            SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


Done!

cosinus · 05.04.2011, 18:46

Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

vee · 07.04.2011, 05:05

Malwarebytes Log:

Code:

ATTFilter

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6235

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

06.04.2011 22:36:54
mbam-log-2011-04-06 (22-36-54).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|G:\|)
Durchsuchte Objekte: 298684
Laufzeit: 56 Minute(n), 49 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

SuperAntiSpyware Log:

Code:

ATTFilter

SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 04/05/2011 at 10:27 PM

Application Version : 4.50.1002

Core Rules Database Version : 6756
Trace Rules Database Version: 4568

Scan type       : Complete Scan
Total Scan Time : 02:28:04

Memory items scanned      : 645
Memory threats detected   : 0
Registry items scanned    : 8212
Registry threats detected : 0
File items scanned        : 152270
File threats detected     : 8

Adware.Tracking Cookie
	C:\Users\Vee\AppData\Roaming\Microsoft\Windows\Cookies\vee@fastclick[1].txt
	C:\Users\Vee\AppData\Roaming\Microsoft\Windows\Cookies\vee@doubleclick[2].txt
	C:\Users\Vee\AppData\Roaming\Microsoft\Windows\Cookies\vee@bs.serving-sys[1].txt
	C:\Users\Vee\AppData\Roaming\Microsoft\Windows\Cookies\vee@serving-sys[1].txt
	C:\Users\Vee\AppData\Roaming\Microsoft\Windows\Cookies\vee@atdmt[1].txt
	C:\Users\Vee\AppData\Roaming\Microsoft\Windows\Cookies\vee@ad.zanox[1].txt
	C:\Users\Vee\AppData\Roaming\Microsoft\Windows\Cookies\vee@ad.yieldmanager[1].txt
	C:\Users\Vee\AppData\Roaming\Microsoft\Windows\Cookies\vee@imrworldwide[2].txt

cosinus · 07.04.2011, 10:01

Zitat:

Datenbank Version: 6235

Du hast Malwarebytes vorher nicht aktualisiert. Bitte updaten und einen Vollscan machen.

vee · 07.04.2011, 17:26

Neuer Malwarebytes Log:

Code:

ATTFilter

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6300

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

07.04.2011 18:21:01
mbam-log-2011-04-07 (18-21-01).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|G:\|)
Durchsuchte Objekte: 299157
Laufzeit: 1 Stunde(n), 0 Minute(n), 54 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

cosinus · 07.04.2011, 19:14

Sieht ok aus, da wurden nur Cookies gefunden.
Noch Probleme oder weitere Funde in der Zwischenzeit?

vee · 07.04.2011, 19:23

Eigentlich nicht, aber auf meinem USB-Stick ist noch immer der Ordner "Recycler" und ungefähr 20000 "trz8000.tmp" Dateien.
Ich lösche sie grade, aber ich weiß nicht ob er beim nächsten mal, wenn ich den Stick wieder reinstecke, da ist.
Oder wird das alles jetzt löschbar sein?

Und vielen Dank für deine Hilfe! Ich weiß nicht was ich sonst gemacht hätte!

04.04.2011, 20:30	#17
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Trojaner Recycler und Malware auf dem USB-Stick und dem Rechner? Dann erstmal dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html __________________ __________________

05.04.2011, 10:38	#21
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Trojaner Recycler und Malware auf dem USB-Stick und dem Rechner? Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html __________________ --> Trojaner Recycler und Malware auf dem USB-Stick und dem Rechner?

05.04.2011, 18:46	#25
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Trojaner Recycler und Malware auf dem USB-Stick und dem Rechner? Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!! __________________ Logfiles bitte immer in CODE-Tags posten

07.04.2011, 19:14	#29
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Trojaner Recycler und Malware auf dem USB-Stick und dem Rechner? Sieht ok aus, da wurden nur Cookies gefunden. Noch Probleme oder weitere Funde in der Zwischenzeit? __________________ Logfiles bitte immer in CODE-Tags posten

Trojaner Recycler und Malware auf dem USB-Stick und dem Rechner?

Log-Analyse und Auswertung: Trojaner Recycler und Malware auf dem USB-Stick und dem Rechner?