| |
| |||||||
Log-Analyse und Auswertung: Windows Recovery Malware. Halbwegs beseitigt.Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
13.04.2011, 11:37
| #1 |
 |  Windows Recovery Malware. Halbwegs beseitigt. Hallo, ich habe mich hier angemeldet, weil auch ich mir diesen Windows Recovery Mist eingefangen hab. Nachdem im Internet empfohlen wurde, Trojan Killer zu installieren, hab ich das gemacht. Aber anscheinend war das ein Fehler, denn irgendwie scheint mir das Programm nicht ganz geheuer zu sein. Jedenfalls bin ich dann auf dieses Forum gestoßen und habe mich ein bisschen eingelesen. Ich hab natürlich den Thread zur Entfernung von Windows Recovery gefunden es gab jedoch ein Problem: Beim Ausführen von rkill.com (in iexplorer.exe) gibts nen blue screen. Ich habe dann trotzdem Malwarebytes Anti-Malware ausgeführt und der hat auch einiges gefunden. Allerdings sind immernoch alle Dateien auf C:\ versteckt und Avast meldet sich oft zu Wort, dass die Datei svhost.exe auf eine bösartige Website will. Außerdem findet er öfter Dateien eines RootKits. Ich habe dann einen vollständigen Virenscan gemacht und mit OT Helper alle Prozesse beendet und mit Anti-Malware nochmal einen Quickscan gemacht, der jedoch nix gefunden hat. Jetzt bin ich Ratlos. Der Computer ist ziemlich ausgelastet, außerdem sind alle Dateien versteckt und Avast meldet sich oft. Also noch nix behoben. Kann mir jemand helfen?  Habe hier ein paar Logfiles angehängt: Achso, die Extras.Txt ist zu groß. Hab die in meine Dropbox gestellt: hxxp://dl.dropbox.com/u/16632825/Extras.Txt Danke  |
|
13.04.2011, 13:33
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Windows Recovery Malware. Halbwegs beseitigt. Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)
__________________Code:
ATTFilter :OTL
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1351351&SearchSource=2&q="
FF - prefs.js..network.proxy.backup.ftp: "173.203.80.108"
FF - prefs.js..network.proxy.backup.ftp_port: 80
FF - prefs.js..network.proxy.backup.socks: "173.203.80.108"
FF - prefs.js..network.proxy.backup.socks_port: 80
FF - prefs.js..network.proxy.backup.ssl: "173.203.80.108"
FF - prefs.js..network.proxy.backup.ssl_port: 80
FF - prefs.js..network.proxy.ftp: "190.202.87.131"
FF - prefs.js..network.proxy.ftp_port: 3128
FF - prefs.js..network.proxy.http: "190.202.87.131"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "190.202.87.131"
FF - prefs.js..network.proxy.socks_port: 3128
FF - prefs.js..network.proxy.ssl: "190.202.87.131"
FF - prefs.js..network.proxy.ssl_port: 3128
FF - prefs.js..network.proxy.type: 0
O4 - HKLM..\Run: [] File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | -H-- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2011.01.11 00:00:26 | 000,000,000 | ---D | M] - D:\AutoCAD 2010 -- [ NTFS ]
O32 - AutoRun File - [2011.01.12 23:55:25 | 000,000,000 | ---D | M] - D:\Autodesk Inventor -- [ NTFS ]
O32 - AutoRun File - [2009.02.21 17:25:05 | 000,000,000 | ---D | M] - D:\AutoIt3 -- [ NTFS ]
O32 - AutoRun File - [2009.10.13 13:03:14 | 000,000,000 | ---D | M] - D:\AutoMKV -- [ NTFS ]
O32 - AutoRun File - [2011.03.13 15:35:41 | 000,000,000 | ---D | M] - D:\Autoplay Menu Designer 4.1 -- [ NTFS ]
O32 - AutoRun File - [2008.01.19 22:00:00 | 000,000,043 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{079e2ca2-0e73-11e0-8750-0023542c8080}\Shell - "" = AutoRun
O33 - MountPoints2\{079e2ca2-0e73-11e0-8750-0023542c8080}\Shell\AutoRun\command - "" = H:\Startme.exe
O33 - MountPoints2\{1482e1c1-9c76-11de-97f7-0023542c8080}\Shell\AutoRun\command - "" = Autorun.exe
O33 - MountPoints2\{5b316bc3-9fb7-11df-a316-0023542c8080}\Shell - "" = AutoRun
O33 - MountPoints2\{5b316bc3-9fb7-11df-a316-0023542c8080}\Shell\AutoRun\command - "" = J:\Startme.exe
O33 - MountPoints2\{9de4f769-ff62-11dd-a6c9-0023542c8080}\Shell\AutoRun\command - "" = I:\InstallTomTomHOME.exe
O33 - MountPoints2\{d93648f2-feca-11dd-912a-0023542c8080}\Shell - "" = AutoRun
O33 - MountPoints2\{d93648f2-feca-11dd-912a-0023542c8080}\Shell\AutoRun\command - "" = G:\autorun.exe
O33 - MountPoints2\{e7246319-9255-11df-93a1-0023542c8080}\Shell - "" = AutoRun
O33 - MountPoints2\{e7246319-9255-11df-93a1-0023542c8080}\Shell\AutoRun\command - "" = H:\Startme.exe
O33 - MountPoints2\{e829f4c5-fe95-11dd-b23f-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{e829f4c5-fe95-11dd-b23f-806e6f6e6963}\Shell\AutoRun\command - "" = E:\.\Bin\ASSETUP.exe
O33 - MountPoints2\{f1c94e98-efe8-11df-b8d4-0023542c8080}\Shell - "" = AutoRun
O33 - MountPoints2\{f1c94e98-efe8-11df-b8d4-0023542c8080}\Shell\AutoRun\command - "" = F:\Startme.exe
[2011.04.12 18:55:24 | 000,000,000 | -H-D | C] -- C:\Users\Daniel\AppData\Local\{6F7C4E6B-13FA-4B35-AA1E-C9FA71DE380A}
[2011.04.12 17:14:07 | 000,000,000 | -H-D | C] -- C:\Users\Daniel\AppData\Local\{2100A5DA-0492-4CCB-AFF6-E303099387D1}
[2011.04.11 18:32:19 | 000,000,000 | -H-D | C] -- C:\Users\Daniel\AppData\Local\{1879E83B-105A-49E0-A79C-B976DFD4575F}
[2011.04.10 20:31:09 | 000,000,000 | -H-D | C] -- C:\Users\Daniel\AppData\Local\{D6F4CF8C-82FB-4F7E-81D0-2BFC0D88B323}
[2011.04.12 19:12:39 | 000,000,128 | -H-- | M] () -- C:\ProgramData\~42000136r
[2011.04.12 19:12:39 | 000,000,096 | -H-- | M] () -- C:\ProgramData\~42000136
[2011.04.12 19:12:35 | 000,000,588 | -H-- | M] () -- C:\Users\Daniel\Desktop\Windows Restore.lnk
[2011.04.12 19:01:00 | 000,000,336 | -H-- | M] () -- C:\ProgramData\42000136
[2011.04.22 19:52:28 | 000,016,384 | -H-- | C] () -- C:\Windows\PCWNOBAR.EXE
[2011.04.22 19:52:28 | 000,003,079 | -H-- | C] () -- C:\Windows\PCWNOBAR.VBS
[2010.11.02 20:52:18 | 000,020,000 | -H-- | C] () -- C:\ProgramData\T09F8
[2010.11.02 20:44:57 | 000,020,000 | -H-- | C] () -- C:\ProgramData\V36QQ
@Alternate Data Stream - 24 bytes -> C:\Windows:118665A542D196CC
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:C8B8CEBD
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:52BA26F1
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:9FA1200D
:Commands
[purity]
[resethosts]
[emptytemp]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________ |
|
13.04.2011, 16:20
| #3 |
| | Windows Recovery Malware. Halbwegs beseitigt. Hey, danke für deine Antwort
__________________Ich habe also OTL gestartet und alle Programme vorher beendet (inkl. Virenscanner). Hab dann den Text reinkopiert und auf FIX geklickt. Es passierte leider nicht viel: Cannot create file C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\el7i34hd.default\prefs.js Dann ist nichts mehr passiert ... |
|
13.04.2011, 20:25
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows Recovery Malware. Halbwegs beseitigt. Hast du OTL per Rechtsklick als Admin ausgeführt?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
13.04.2011, 20:45
| #5 |
| | Windows Recovery Malware. Halbwegs beseitigt. Oh man, oh man. Hätt nicht gedacht, dass mir sowas passiert  Hier also die Logdatei: Code:
ATTFilter All processes killed
========== OTL ==========
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1351351&SearchSource=2&q=" removed from keyword.URL
Prefs.js: "173.203.80.108" removed from network.proxy.backup.ftp
Prefs.js: 80 removed from network.proxy.backup.ftp_port
Prefs.js: "173.203.80.108" removed from network.proxy.backup.socks
Prefs.js: 80 removed from network.proxy.backup.socks_port
Prefs.js: "173.203.80.108" removed from network.proxy.backup.ssl
Prefs.js: 80 removed from network.proxy.backup.ssl_port
Prefs.js: "190.202.87.131" removed from network.proxy.ftp
Prefs.js: 3128 removed from network.proxy.ftp_port
Prefs.js: "190.202.87.131" removed from network.proxy.http
Prefs.js: 3128 removed from network.proxy.http_port
Prefs.js: true removed from network.proxy.share_proxy_settings
Prefs.js: "190.202.87.131" removed from network.proxy.socks
Prefs.js: 3128 removed from network.proxy.socks_port
Prefs.js: "190.202.87.131" removed from network.proxy.ssl
Prefs.js: 3128 removed from network.proxy.ssl_port
Prefs.js: 0 removed from network.proxy.type
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
File not found.
File not found.
File not found.
File not found.
File not found.
File move failed. E:\AUTORUN.INF scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{079e2ca2-0e73-11e0-8750-0023542c8080}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{079e2ca2-0e73-11e0-8750-0023542c8080}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{079e2ca2-0e73-11e0-8750-0023542c8080}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{079e2ca2-0e73-11e0-8750-0023542c8080}\ not found.
File H:\Startme.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1482e1c1-9c76-11de-97f7-0023542c8080}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1482e1c1-9c76-11de-97f7-0023542c8080}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5b316bc3-9fb7-11df-a316-0023542c8080}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5b316bc3-9fb7-11df-a316-0023542c8080}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5b316bc3-9fb7-11df-a316-0023542c8080}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5b316bc3-9fb7-11df-a316-0023542c8080}\ not found.
File J:\Startme.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9de4f769-ff62-11dd-a6c9-0023542c8080}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9de4f769-ff62-11dd-a6c9-0023542c8080}\ not found.
File I:\InstallTomTomHOME.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d93648f2-feca-11dd-912a-0023542c8080}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d93648f2-feca-11dd-912a-0023542c8080}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d93648f2-feca-11dd-912a-0023542c8080}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d93648f2-feca-11dd-912a-0023542c8080}\ not found.
File G:\autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e7246319-9255-11df-93a1-0023542c8080}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e7246319-9255-11df-93a1-0023542c8080}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e7246319-9255-11df-93a1-0023542c8080}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e7246319-9255-11df-93a1-0023542c8080}\ not found.
File H:\Startme.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e829f4c5-fe95-11dd-b23f-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e829f4c5-fe95-11dd-b23f-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e829f4c5-fe95-11dd-b23f-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e829f4c5-fe95-11dd-b23f-806e6f6e6963}\ not found.
File E:\.\Bin\ASSETUP.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f1c94e98-efe8-11df-b8d4-0023542c8080}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f1c94e98-efe8-11df-b8d4-0023542c8080}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f1c94e98-efe8-11df-b8d4-0023542c8080}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f1c94e98-efe8-11df-b8d4-0023542c8080}\ not found.
File F:\Startme.exe not found.
C:\Users\Daniel\AppData\Local\{6F7C4E6B-13FA-4B35-AA1E-C9FA71DE380A}\chrome\content folder moved successfully.
C:\Users\Daniel\AppData\Local\{6F7C4E6B-13FA-4B35-AA1E-C9FA71DE380A}\chrome folder moved successfully.
C:\Users\Daniel\AppData\Local\{6F7C4E6B-13FA-4B35-AA1E-C9FA71DE380A} folder moved successfully.
C:\Users\Daniel\AppData\Local\{2100A5DA-0492-4CCB-AFF6-E303099387D1} folder moved successfully.
C:\Users\Daniel\AppData\Local\{1879E83B-105A-49E0-A79C-B976DFD4575F} folder moved successfully.
C:\Users\Daniel\AppData\Local\{D6F4CF8C-82FB-4F7E-81D0-2BFC0D88B323} folder moved successfully.
C:\ProgramData\~42000136r moved successfully.
C:\ProgramData\~42000136 moved successfully.
C:\Users\Daniel\Desktop\Windows Restore.lnk moved successfully.
C:\ProgramData\42000136 moved successfully.
C:\Windows\PCWNOBAR.EXE moved successfully.
C:\Windows\PCWNOBAR.VBS moved successfully.
C:\ProgramData\T09F8 moved successfully.
C:\ProgramData\V36QQ moved successfully.
ADS C:\Windows:118665A542D196CC deleted successfully.
ADS C:\ProgramData\TEMP:C8B8CEBD deleted successfully.
ADS C:\ProgramData\TEMP:52BA26F1 deleted successfully.
ADS C:\ProgramData\TEMP:9FA1200D deleted successfully.
========== COMMANDS ==========
HOSTS file reset successfully
[EMPTYTEMP]
User: All Users
User: Birungueta
User: Daniel
->Temp folder emptied: 3349 bytes
->Temporary Internet Files folder emptied: 16689481 bytes
->Java cache emptied: 10746 bytes
->FireFox cache emptied: 182555906 bytes
->Apple Safari cache emptied: 192020480 bytes
->Opera cache emptied: 4693366 bytes
->Flash cache emptied: 2622000 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Gast
->Temp folder emptied: 49208 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 757369 bytes
%systemroot%\System32 .tmp files removed: 879400 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 6513720 bytes
RecycleBin emptied: 305462315 bytes
Total Files Cleaned = 679,00 mb
OTL by OldTimer - Version 3.2.22.3 log created on 04132011_213734
Files\Folders moved on Reboot...
File move failed. E:\AUTORUN.INF scheduled to be moved on reboot.
Registry entries deleted on Reboot...
|
|
13.04.2011, 21:09
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows Recovery Malware. Halbwegs beseitigt. Ich brauch den Quarantäneordner von OTL. Bitte folgendes machen: 1.) GANZ WICHTIG!! Virenscanner deaktivieren, der darf da nicht rummurksen! 2.) Ordner C:\_OTL in eine Datei zippen 3.) Die erstellte ZIP-Datei hier hochladen => http://www.trojaner-board.de/54791-a...ner-board.html 4.) Wenns erfolgreich war Bescheid sagen 5.) Erst dann wieder den Virenscanner einschalten Danach dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html
__________________ --> Windows Recovery Malware. Halbwegs beseitigt. |
|
13.04.2011, 21:22
| #7 |
| | Windows Recovery Malware. Halbwegs beseitigt. So, hat geklappt mit dem Upload. Einen Link zu der hochgeladenen Datei hab ich nicht bekommen. Ist richtig so, oder? Desweiteren musste ich leider den Ordner auf den Desktop kopieren, denn das Packen hat direkt in C: weder mit WinRar, noch mit 7zip funktioniert. Jedesmal Zugriff Verweigert oder Cannot open File. Das Tool werde ich dann gleich starten. |
|
13.04.2011, 21:30
| #8 |
| | Windows Recovery Malware. Halbwegs beseitigt. Und hier nochmal das Logfile (hat 2 Sachen gefunden (1 Rootkit)): Code:
ATTFilter 2011/04/13 22:24:47.0462 1564 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/13 22:24:47.0765 1564 ================================================================================
2011/04/13 22:24:47.0765 1564 SystemInfo:
2011/04/13 22:24:47.0765 1564
2011/04/13 22:24:47.0765 1564 OS Version: 6.0.6002 ServicePack: 2.0
2011/04/13 22:24:47.0765 1564 Product type: Workstation
2011/04/13 22:24:47.0765 1564 ComputerName: WAFFEL-ICE
2011/04/13 22:24:47.0765 1564 UserName: Daniel
2011/04/13 22:24:47.0765 1564 Windows directory: C:\Windows
2011/04/13 22:24:47.0765 1564 System windows directory: C:\Windows
2011/04/13 22:24:47.0765 1564 Processor architecture: Intel x86
2011/04/13 22:24:47.0765 1564 Number of processors: 2
2011/04/13 22:24:47.0765 1564 Page size: 0x1000
2011/04/13 22:24:47.0765 1564 Boot type: Normal boot
2011/04/13 22:24:47.0765 1564 ================================================================================
2011/04/13 22:24:54.0543 1564 Initialize success
2011/04/13 22:24:57.0394 1488 ================================================================================
2011/04/13 22:24:57.0394 1488 Scan started
2011/04/13 22:24:57.0394 1488 Mode: Manual;
2011/04/13 22:24:57.0394 1488 ================================================================================
2011/04/13 22:24:58.0755 1488 AbilisT (bba404351f75beac27d9eb38db32f526) C:\Windows\system32\DRIVERS\AbilisBdaTuner.sys
2011/04/13 22:24:58.0871 1488 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/04/13 22:24:58.0954 1488 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2011/04/13 22:24:58.0995 1488 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2011/04/13 22:24:59.0030 1488 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2011/04/13 22:24:59.0064 1488 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2011/04/13 22:24:59.0115 1488 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2011/04/13 22:24:59.0176 1488 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2011/04/13 22:24:59.0207 1488 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/04/13 22:24:59.0245 1488 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2011/04/13 22:24:59.0288 1488 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2011/04/13 22:24:59.0316 1488 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2011/04/13 22:24:59.0343 1488 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2011/04/13 22:24:59.0370 1488 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2011/04/13 22:24:59.0518 1488 amdkmdag (5ab10c74c8ea15e98a6c771b7269615e) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/04/13 22:24:59.0647 1488 amdkmdap (e9890f7ec1ab4d09afeb09dd76334622) C:\Windows\system32\DRIVERS\atikmpag.sys
2011/04/13 22:24:59.0751 1488 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2011/04/13 22:24:59.0783 1488 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2011/04/13 22:24:59.0819 1488 AsIO (2b4e66fac6503494a2c6f32bb6ab3826) C:\Windows\system32\drivers\AsIO.sys
2011/04/13 22:24:59.0887 1488 aswFsBlk (1c2e6bb4fe8621b1b863855b02bc33eb) C:\Windows\system32\drivers\aswFsBlk.sys
2011/04/13 22:24:59.0931 1488 aswMonFlt (b0f137f664f10829cd2380b0e20e7c29) C:\Windows\system32\drivers\aswMonFlt.sys
2011/04/13 22:24:59.0964 1488 aswRdr (b6a9373619d851be80fb5f1b5eed0d4e) C:\Windows\system32\drivers\aswRdr.sys
2011/04/13 22:25:00.0010 1488 aswSnx (9be41c1ae8bc481eb662d85c98d979c2) C:\Windows\system32\drivers\aswSnx.sys
2011/04/13 22:25:00.0063 1488 aswSP (4b1a54ba2bc5873a774df6b70ab8b0b3) C:\Windows\system32\drivers\aswSP.sys
2011/04/13 22:25:00.0099 1488 aswTdi (c7f1cea32766184911293f4e1ee653f5) C:\Windows\system32\drivers\aswTdi.sys
2011/04/13 22:25:00.0138 1488 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/04/13 22:25:00.0168 1488 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/04/13 22:25:00.0246 1488 AtiHDAudioService (99a0f5c917558624cbeb113cb12e3f25) C:\Windows\system32\drivers\AtihdLH3.sys
2011/04/13 22:25:00.0381 1488 atikmdag (5ab10c74c8ea15e98a6c771b7269615e) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/04/13 22:25:00.0483 1488 atksgt (f0d933b42cd0594048e4d5200ae9e417) C:\Windows\system32\DRIVERS\atksgt.sys
2011/04/13 22:25:00.0570 1488 avgio (87828ecd657f81503465ac705e845076) C:\Avira\AntiVir PersonalEdition Classic\avgio.sys
2011/04/13 22:25:00.0598 1488 avgntflt (fcb30820bed1d3feb55e3dd55a3f947f) C:\Avira\AntiVir PersonalEdition Classic\avgntflt.sys
2011/04/13 22:25:00.0624 1488 avipbb (0b09df022250fb7ba91fb932eac6ea9b) C:\Windows\system32\DRIVERS\avipbb.sys
2011/04/13 22:25:00.0673 1488 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/04/13 22:25:00.0704 1488 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2011/04/13 22:25:00.0737 1488 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2011/04/13 22:25:00.0789 1488 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/04/13 22:25:00.0817 1488 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/04/13 22:25:00.0847 1488 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/04/13 22:25:00.0879 1488 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/04/13 22:25:00.0911 1488 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/04/13 22:25:00.0933 1488 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/04/13 22:25:00.0956 1488 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/04/13 22:25:00.0990 1488 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/04/13 22:25:01.0036 1488 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/04/13 22:25:01.0074 1488 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2011/04/13 22:25:01.0115 1488 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/04/13 22:25:01.0183 1488 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2011/04/13 22:25:01.0215 1488 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys
2011/04/13 22:25:01.0240 1488 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2011/04/13 22:25:01.0278 1488 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2011/04/13 22:25:01.0336 1488 CSC (9bdb2e89be8d0ef37b1f25c3d3fc192c) C:\Windows\system32\drivers\csc.sys
2011/04/13 22:25:01.0411 1488 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2011/04/13 22:25:01.0492 1488 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/04/13 22:25:01.0548 1488 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
2011/04/13 22:25:01.0587 1488 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
2011/04/13 22:25:01.0610 1488 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
2011/04/13 22:25:01.0664 1488 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/04/13 22:25:01.0710 1488 DroidCam (d9f07d1b8dff55480a88eb4f9cde5824) C:\Windows\system32\drivers\droidcam.sys
2011/04/13 22:25:01.0801 1488 DXGKrnl (5c7e2097b91d689ded7a6ff90f0f3a25) C:\Windows\System32\drivers\dxgkrnl.sys
2011/04/13 22:25:01.0872 1488 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/04/13 22:25:01.0924 1488 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/04/13 22:25:01.0967 1488 ElbyCDFL (ce37e3d51912e59c80c6d84337c0b4cd) C:\Windows\system32\Drivers\ElbyCDFL.sys
2011/04/13 22:25:01.0998 1488 ElbyCDIO (178cc9403816c082d22a1d47fa1f9c85) C:\Windows\system32\Drivers\ElbyCDIO.sys
2011/04/13 22:25:02.0047 1488 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2011/04/13 22:25:02.0083 1488 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2011/04/13 22:25:02.0149 1488 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/04/13 22:25:02.0203 1488 ezplay (73e701e0fa4d2fc7d22efceff276c50a) C:\Windows\system32\Drivers\ezplay.sys
2011/04/13 22:25:02.0259 1488 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/04/13 22:25:02.0308 1488 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/04/13 22:25:02.0347 1488 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/04/13 22:25:02.0373 1488 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/04/13 22:25:02.0415 1488 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/04/13 22:25:02.0459 1488 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/04/13 22:25:02.0517 1488 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/04/13 22:25:02.0536 1488 fvevol (fecf4c2e42440a8d132bf94eee3c3fc9) C:\Windows\system32\DRIVERS\fvevol.sys
2011/04/13 22:25:02.0596 1488 GA622T (924206725fec3d529c4303e1d3186dde) C:\Windows\system32\DRIVERS\GA622ND5.SYS
2011/04/13 22:25:02.0627 1488 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2011/04/13 22:25:02.0679 1488 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/04/13 22:25:02.0732 1488 ggflt (007aea2e06e7cef7372e40c277163959) C:\Windows\system32\DRIVERS\ggflt.sys
2011/04/13 22:25:02.0764 1488 ggsemc (c73de35960ca75c5ab4ae636b127c64e) C:\Windows\system32\DRIVERS\ggsemc.sys
2011/04/13 22:25:02.0823 1488 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/04/13 22:25:02.0873 1488 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/04/13 22:25:02.0902 1488 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/04/13 22:25:02.0928 1488 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/04/13 22:25:02.0965 1488 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/04/13 22:25:03.0002 1488 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2011/04/13 22:25:03.0060 1488 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/04/13 22:25:03.0086 1488 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2011/04/13 22:25:03.0119 1488 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/04/13 22:25:03.0161 1488 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2011/04/13 22:25:03.0200 1488 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/04/13 22:25:03.0309 1488 IntcAzAudAddService (9ed3cf7322a49dac3eca62bb9928ca54) C:\Windows\system32\drivers\RTKVHDA.sys
2011/04/13 22:25:03.0379 1488 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/04/13 22:25:03.0412 1488 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/04/13 22:25:03.0444 1488 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/04/13 22:25:03.0568 1488 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2011/04/13 22:25:03.0602 1488 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/04/13 22:25:03.0635 1488 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/04/13 22:25:03.0663 1488 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2011/04/13 22:25:03.0702 1488 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/04/13 22:25:03.0730 1488 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/04/13 22:25:03.0767 1488 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/04/13 22:25:03.0796 1488 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/04/13 22:25:03.0837 1488 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/04/13 22:25:03.0919 1488 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/04/13 22:25:03.0968 1488 L1E (c61350992a67ea1edd3d314a11a99659) C:\Windows\system32\DRIVERS\L1E60x86.sys
2011/04/13 22:25:04.0034 1488 lirsgt (f8a7212d0864ef5e9185fb95e6623f4d) C:\Windows\system32\DRIVERS\lirsgt.sys
2011/04/13 22:25:04.0058 1488 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/04/13 22:25:04.0105 1488 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2011/04/13 22:25:04.0139 1488 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2011/04/13 22:25:04.0166 1488 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2011/04/13 22:25:04.0185 1488 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/04/13 22:25:04.0250 1488 MDFSYSNT (c7182501e051cc77f1bcaa1832a8c6ea) C:\Windows\system32\drivers\MDFSYSNT.sys
2011/04/13 22:25:04.0271 1488 MDPMGRNT (26784cbd67a803a78411fff404d45db7) C:\Windows\system32\drivers\MDPMGRNT.sys
2011/04/13 22:25:04.0304 1488 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2011/04/13 22:25:04.0332 1488 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2011/04/13 22:25:04.0390 1488 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/04/13 22:25:04.0410 1488 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/04/13 22:25:04.0432 1488 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/04/13 22:25:04.0453 1488 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/04/13 22:25:04.0489 1488 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/04/13 22:25:04.0526 1488 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2011/04/13 22:25:04.0548 1488 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/04/13 22:25:04.0574 1488 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/04/13 22:25:04.0634 1488 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/04/13 22:25:04.0673 1488 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/04/13 22:25:04.0702 1488 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/04/13 22:25:04.0719 1488 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/04/13 22:25:04.0746 1488 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
2011/04/13 22:25:04.0767 1488 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2011/04/13 22:25:04.0803 1488 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/04/13 22:25:04.0825 1488 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/04/13 22:25:04.0866 1488 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/04/13 22:25:04.0917 1488 msloop (0a562f61d84bf1988e4dd6413b76c1d4) C:\Windows\system32\DRIVERS\loop.sys
2011/04/13 22:25:04.0953 1488 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/04/13 22:25:04.0978 1488 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/04/13 22:25:05.0002 1488 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/04/13 22:25:05.0050 1488 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/04/13 22:25:05.0101 1488 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/04/13 22:25:05.0188 1488 MTsensor (dcdaab8697a47894a554050ce18d0b56) C:\Windows\system32\DRIVERS\ASACPI.sys
2011/04/13 22:25:05.0207 1488 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/04/13 22:25:05.0251 1488 mv61xx (a95fed4c2fb11c79e7ddbe2eff1919b5) C:\Windows\system32\DRIVERS\mv61xx.sys
2011/04/13 22:25:05.0311 1488 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/04/13 22:25:05.0349 1488 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/04/13 22:25:05.0372 1488 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/04/13 22:25:05.0392 1488 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/04/13 22:25:05.0409 1488 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/04/13 22:25:05.0431 1488 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/04/13 22:25:05.0483 1488 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/04/13 22:25:05.0513 1488 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/04/13 22:25:05.0567 1488 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/04/13 22:25:05.0611 1488 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/04/13 22:25:05.0629 1488 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/04/13 22:25:05.0672 1488 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/04/13 22:25:05.0709 1488 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/04/13 22:25:05.0760 1488 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/04/13 22:25:05.0785 1488 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2011/04/13 22:25:05.0817 1488 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2011/04/13 22:25:05.0849 1488 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2011/04/13 22:25:05.0903 1488 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\Windows\system32\DRIVERS\nwlnkflt.sys
2011/04/13 22:25:05.0926 1488 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\Windows\system32\DRIVERS\nwlnkfwd.sys
2011/04/13 22:25:05.0981 1488 NwlnkIpx (79ea3fcda7067977625b3363a2657c80) C:\Windows\system32\DRIVERS\nwlnkipx.sys
2011/04/13 22:25:06.0037 1488 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/04/13 22:25:06.0109 1488 PAC207 (4a410c7aea51123519c20d43a20bce96) C:\Windows\system32\DRIVERS\PFC027.SYS
2011/04/13 22:25:06.0154 1488 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/04/13 22:25:06.0187 1488 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/04/13 22:25:06.0214 1488 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/04/13 22:25:06.0277 1488 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/04/13 22:25:06.0300 1488 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
2011/04/13 22:25:06.0325 1488 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/04/13 22:25:06.0366 1488 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\Windows\system32\Drivers\pcouffin.sys
2011/04/13 22:25:06.0410 1488 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/04/13 22:25:06.0471 1488 pfc (444f122e68db44c0589227781f3c8b3f) C:\Windows\system32\drivers\pfc.sys
2011/04/13 22:25:06.0557 1488 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/04/13 22:25:06.0583 1488 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2011/04/13 22:25:06.0628 1488 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/04/13 22:25:06.0693 1488 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2011/04/13 22:25:06.0734 1488 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/04/13 22:25:06.0763 1488 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/04/13 22:25:06.0781 1488 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/04/13 22:25:06.0818 1488 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/04/13 22:25:06.0848 1488 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/04/13 22:25:06.0876 1488 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/04/13 22:25:06.0917 1488 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/04/13 22:25:06.0934 1488 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/04/13 22:25:06.0980 1488 rdpdr (943b18305eae3935598a9b4a3d560b4c) C:\Windows\system32\DRIVERS\rdpdr.sys
2011/04/13 22:25:07.0007 1488 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/04/13 22:25:07.0041 1488 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/04/13 22:25:07.0075 1488 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/04/13 22:25:07.0196 1488 SANDRA (230fd3749904ca045ea5ec0aa14006e9) D:\SiSoftware Sandra Lite 2011\WNt500x86\Sandra.sys
2011/04/13 22:25:07.0246 1488 SbieDrv (a07d4747a6ebf15968cf5c891709d8f6) D:\Sandboxie\SbieDrv.sys
2011/04/13 22:25:07.0304 1488 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/04/13 22:25:07.0348 1488 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/04/13 22:25:07.0391 1488 seehcri (e5b56569a9f79b70314fede6c953641e) C:\Windows\system32\DRIVERS\seehcri.sys
2011/04/13 22:25:07.0429 1488 Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
2011/04/13 22:25:07.0453 1488 Serial (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
2011/04/13 22:25:07.0475 1488 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/04/13 22:25:07.0518 1488 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2011/04/13 22:25:07.0548 1488 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2011/04/13 22:25:07.0579 1488 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2011/04/13 22:25:07.0608 1488 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/04/13 22:25:07.0648 1488 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2011/04/13 22:25:07.0681 1488 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2011/04/13 22:25:07.0708 1488 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2011/04/13 22:25:07.0758 1488 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/04/13 22:25:07.0807 1488 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/04/13 22:25:07.0879 1488 sptd (71e276f6d189413266ea22171806597b) C:\Windows\system32\Drivers\sptd.sys
2011/04/13 22:25:07.0879 1488 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 71e276f6d189413266ea22171806597b
2011/04/13 22:25:07.0884 1488 sptd - detected Locked file (1)
2011/04/13 22:25:07.0950 1488 srv (ff3cbc13db84d81f56931bc922cc37c4) C:\Windows\system32\DRIVERS\srv.sys
2011/04/13 22:25:07.0971 1488 srv2 (d15959d9f69f0d39a0153e9c244f20dd) C:\Windows\system32\DRIVERS\srv2.sys
2011/04/13 22:25:07.0988 1488 srvnet (faa0d553a49e85008c6bb3781987c574) C:\Windows\system32\DRIVERS\srvnet.sys
2011/04/13 22:25:08.0024 1488 ssmdrv (71d609c5dff067906d930bde031c4cfe) C:\Windows\system32\DRIVERS\ssmdrv.sys
2011/04/13 22:25:08.0082 1488 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/04/13 22:25:08.0113 1488 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/04/13 22:25:08.0140 1488 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/04/13 22:25:08.0170 1488 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/04/13 22:25:08.0231 1488 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2011/04/13 22:25:08.0276 1488 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2011/04/13 22:25:08.0294 1488 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2011/04/13 22:25:08.0320 1488 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/04/13 22:25:08.0345 1488 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/04/13 22:25:08.0389 1488 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/04/13 22:25:08.0431 1488 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/04/13 22:25:08.0472 1488 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/04/13 22:25:08.0517 1488 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/04/13 22:25:08.0543 1488 tunnel (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys
2011/04/13 22:25:08.0568 1488 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2011/04/13 22:25:08.0690 1488 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/04/13 22:25:08.0728 1488 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2011/04/13 22:25:08.0757 1488 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2011/04/13 22:25:08.0789 1488 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/04/13 22:25:08.0817 1488 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/04/13 22:25:08.0844 1488 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/04/13 22:25:08.0897 1488 UnlockerDriver5 (f365fa561c3ab455d8685770d208691a) D:\Unlocker\UnlockerDriver5.sys
2011/04/13 22:25:08.0960 1488 USBAAPL (c1ca131f4e3ed63d6bc89a35ffad4cda) C:\Windows\system32\Drivers\usbaapl.sys
2011/04/13 22:25:09.0013 1488 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/04/13 22:25:09.0043 1488 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/04/13 22:25:09.0103 1488 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/04/13 22:25:09.0143 1488 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/04/13 22:25:09.0167 1488 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/04/13 22:25:09.0202 1488 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/04/13 22:25:09.0273 1488 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2011/04/13 22:25:09.0303 1488 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/04/13 22:25:09.0328 1488 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/04/13 22:25:09.0368 1488 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/04/13 22:25:09.0394 1488 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/04/13 22:25:09.0421 1488 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2011/04/13 22:25:09.0450 1488 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2011/04/13 22:25:09.0490 1488 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2011/04/13 22:25:09.0517 1488 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/04/13 22:25:09.0559 1488 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/04/13 22:25:09.0578 1488 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/04/13 22:25:09.0604 1488 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2011/04/13 22:25:09.0634 1488 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/04/13 22:25:09.0659 1488 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/13 22:25:09.0669 1488 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/13 22:25:09.0711 1488 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2011/04/13 22:25:09.0756 1488 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/04/13 22:25:09.0892 1488 WinUSB (676f4b665bdd8053eaa53ac1695b8074) C:\Windows\system32\DRIVERS\WinUSB.sys
2011/04/13 22:25:09.0950 1488 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
2011/04/13 22:25:10.0012 1488 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/04/13 22:25:10.0047 1488 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/04/13 22:25:10.0091 1488 WSDPrintDevice (4422ac5ed8d4c2f0db63e71d4c069dd7) C:\Windows\system32\DRIVERS\WSDPrint.sys
2011/04/13 22:25:10.0126 1488 WSDScan (65d1ff8aaff4a7d8f787a290e5087816) C:\Windows\system32\DRIVERS\WSDScan.sys
2011/04/13 22:25:10.0177 1488 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/04/13 22:25:10.0239 1488 zebrbus (812a1e9b0dd3bf23606c32ce696d042b) C:\Windows\system32\DRIVERS\zebrbus.sys
2011/04/13 22:25:10.0284 1488 zebrmdfl (9a42f9ccc5cb1ed3db2fe0e007eed8a5) C:\Windows\system32\DRIVERS\zebrmdfl.sys
2011/04/13 22:25:10.0315 1488 zebrmdm (5198070a595009871108091bc4b0e000) C:\Windows\system32\DRIVERS\zebrmdm.sys
2011/04/13 22:25:10.0345 1488 zebrmdmc (29df5831f0d1ce863f23c53585736f32) C:\Windows\system32\DRIVERS\zebrmdmc.sys
2011/04/13 22:25:10.0391 1488 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/04/13 22:25:11.0520 1488 ================================================================================
2011/04/13 22:25:11.0520 1488 Scan finished
2011/04/13 22:25:11.0520 1488 ================================================================================
2011/04/13 22:25:11.0529 4360 Detected object count: 2
2011/04/13 22:25:18.0443 4360 Locked file(sptd) - User select action: Skip
2011/04/13 22:25:18.0503 4360 \HardDisk0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/04/13 22:25:18.0503 4360 \HardDisk0 - ok
2011/04/13 22:25:18.0504 4360 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2011/04/13 22:25:23.0220 0600 Deinitialize success
|
|
14.04.2011, 08:13
| #9 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows Recovery Malware. Halbwegs beseitigt.Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
14.04.2011, 12:21
| #10 |
| | Windows Recovery Malware. Halbwegs beseitigt. Ok, er hat noch was gefunden. Hab noch nix angeklickt. Als präferierte Auswahl steht 'skip'. Hier die Log-Datei: Code:
ATTFilter 2011/04/14 13:29:26.0668 5128 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/14 13:29:26.0951 5128 ================================================================================
2011/04/14 13:29:26.0952 5128 SystemInfo:
2011/04/14 13:29:26.0952 5128
2011/04/14 13:29:26.0952 5128 OS Version: 6.0.6002 ServicePack: 2.0
2011/04/14 13:29:26.0952 5128 Product type: Workstation
2011/04/14 13:29:26.0952 5128 ComputerName: WAFFEL-ICE
2011/04/14 13:29:26.0952 5128 UserName: Daniel
2011/04/14 13:29:26.0952 5128 Windows directory: C:\Windows
2011/04/14 13:29:26.0952 5128 System windows directory: C:\Windows
2011/04/14 13:29:26.0952 5128 Processor architecture: Intel x86
2011/04/14 13:29:26.0952 5128 Number of processors: 2
2011/04/14 13:29:26.0952 5128 Page size: 0x1000
2011/04/14 13:29:26.0952 5128 Boot type: Normal boot
2011/04/14 13:29:26.0952 5128 ================================================================================
2011/04/14 13:29:29.0561 5128 Initialize success
2011/04/14 13:30:05.0569 5804 ================================================================================
2011/04/14 13:30:05.0569 5804 Scan started
2011/04/14 13:30:05.0569 5804 Mode: Manual;
2011/04/14 13:30:05.0569 5804 ================================================================================
2011/04/14 13:30:06.0165 5804 AbilisT (bba404351f75beac27d9eb38db32f526) C:\Windows\system32\DRIVERS\AbilisBdaTuner.sys
2011/04/14 13:30:06.0206 5804 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/04/14 13:30:06.0272 5804 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2011/04/14 13:30:06.0313 5804 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2011/04/14 13:30:06.0340 5804 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2011/04/14 13:30:06.0375 5804 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2011/04/14 13:30:06.0434 5804 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2011/04/14 13:30:06.0478 5804 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2011/04/14 13:30:06.0509 5804 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/04/14 13:30:06.0547 5804 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2011/04/14 13:30:06.0582 5804 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2011/04/14 13:30:06.0610 5804 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2011/04/14 13:30:06.0636 5804 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2011/04/14 13:30:06.0664 5804 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2011/04/14 13:30:06.0812 5804 amdkmdag (5ab10c74c8ea15e98a6c771b7269615e) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/04/14 13:30:06.0899 5804 amdkmdap (e9890f7ec1ab4d09afeb09dd76334622) C:\Windows\system32\DRIVERS\atikmpag.sys
2011/04/14 13:30:07.0004 5804 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2011/04/14 13:30:07.0035 5804 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2011/04/14 13:30:07.0080 5804 AsIO (2b4e66fac6503494a2c6f32bb6ab3826) C:\Windows\system32\drivers\AsIO.sys
2011/04/14 13:30:07.0164 5804 aswFsBlk (1c2e6bb4fe8621b1b863855b02bc33eb) C:\Windows\system32\drivers\aswFsBlk.sys
2011/04/14 13:30:07.0208 5804 aswMonFlt (b0f137f664f10829cd2380b0e20e7c29) C:\Windows\system32\drivers\aswMonFlt.sys
2011/04/14 13:30:07.0232 5804 aswRdr (b6a9373619d851be80fb5f1b5eed0d4e) C:\Windows\system32\drivers\aswRdr.sys
2011/04/14 13:30:07.0271 5804 aswSnx (9be41c1ae8bc481eb662d85c98d979c2) C:\Windows\system32\drivers\aswSnx.sys
2011/04/14 13:30:07.0315 5804 aswSP (4b1a54ba2bc5873a774df6b70ab8b0b3) C:\Windows\system32\drivers\aswSP.sys
2011/04/14 13:30:07.0351 5804 aswTdi (c7f1cea32766184911293f4e1ee653f5) C:\Windows\system32\drivers\aswTdi.sys
2011/04/14 13:30:07.0382 5804 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/04/14 13:30:07.0412 5804 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/04/14 13:30:07.0473 5804 AtiHDAudioService (99a0f5c917558624cbeb113cb12e3f25) C:\Windows\system32\drivers\AtihdLH3.sys
2011/04/14 13:30:07.0601 5804 atikmdag (5ab10c74c8ea15e98a6c771b7269615e) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/04/14 13:30:07.0702 5804 atksgt (f0d933b42cd0594048e4d5200ae9e417) C:\Windows\system32\DRIVERS\atksgt.sys
2011/04/14 13:30:07.0781 5804 avgio (87828ecd657f81503465ac705e845076) C:\Avira\AntiVir PersonalEdition Classic\avgio.sys
2011/04/14 13:30:07.0809 5804 avgntflt (fcb30820bed1d3feb55e3dd55a3f947f) C:\Avira\AntiVir PersonalEdition Classic\avgntflt.sys
2011/04/14 13:30:07.0835 5804 avipbb (0b09df022250fb7ba91fb932eac6ea9b) C:\Windows\system32\DRIVERS\avipbb.sys
2011/04/14 13:30:07.0884 5804 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/04/14 13:30:07.0923 5804 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2011/04/14 13:30:07.0951 5804 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2011/04/14 13:30:07.0991 5804 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/04/14 13:30:08.0011 5804 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/04/14 13:30:08.0041 5804 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/04/14 13:30:08.0074 5804 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/04/14 13:30:08.0104 5804 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/04/14 13:30:08.0127 5804 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/04/14 13:30:08.0150 5804 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/04/14 13:30:08.0176 5804 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/04/14 13:30:08.0222 5804 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/04/14 13:30:08.0252 5804 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2011/04/14 13:30:08.0293 5804 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/04/14 13:30:08.0336 5804 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2011/04/14 13:30:08.0368 5804 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys
2011/04/14 13:30:08.0389 5804 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2011/04/14 13:30:08.0414 5804 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2011/04/14 13:30:08.0456 5804 CSC (9bdb2e89be8d0ef37b1f25c3d3fc192c) C:\Windows\system32\drivers\csc.sys
2011/04/14 13:30:08.0492 5804 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2011/04/14 13:30:08.0553 5804 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/04/14 13:30:08.0618 5804 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
2011/04/14 13:30:08.0648 5804 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
2011/04/14 13:30:08.0671 5804 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
2011/04/14 13:30:08.0715 5804 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/04/14 13:30:08.0761 5804 DroidCam (d9f07d1b8dff55480a88eb4f9cde5824) C:\Windows\system32\drivers\droidcam.sys
2011/04/14 13:30:08.0811 5804 DXGKrnl (5c7e2097b91d689ded7a6ff90f0f3a25) C:\Windows\System32\drivers\dxgkrnl.sys
2011/04/14 13:30:08.0857 5804 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/04/14 13:30:08.0908 5804 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/04/14 13:30:08.0952 5804 ElbyCDFL (ce37e3d51912e59c80c6d84337c0b4cd) C:\Windows\system32\Drivers\ElbyCDFL.sys
2011/04/14 13:30:08.0966 5804 ElbyCDIO (178cc9403816c082d22a1d47fa1f9c85) C:\Windows\system32\Drivers\ElbyCDIO.sys
2011/04/14 13:30:09.0007 5804 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2011/04/14 13:30:09.0043 5804 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2011/04/14 13:30:09.0084 5804 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/04/14 13:30:09.0138 5804 ezplay (73e701e0fa4d2fc7d22efceff276c50a) C:\Windows\system32\Drivers\ezplay.sys
2011/04/14 13:30:09.0185 5804 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/04/14 13:30:09.0219 5804 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/04/14 13:30:09.0257 5804 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/04/14 13:30:09.0283 5804 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/04/14 13:30:09.0309 5804 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/04/14 13:30:09.0336 5804 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/04/14 13:30:09.0394 5804 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/04/14 13:30:09.0413 5804 fvevol (fecf4c2e42440a8d132bf94eee3c3fc9) C:\Windows\system32\DRIVERS\fvevol.sys
2011/04/14 13:30:09.0473 5804 GA622T (924206725fec3d529c4303e1d3186dde) C:\Windows\system32\DRIVERS\GA622ND5.SYS
2011/04/14 13:30:09.0504 5804 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2011/04/14 13:30:09.0548 5804 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/04/14 13:30:09.0600 5804 ggflt (007aea2e06e7cef7372e40c277163959) C:\Windows\system32\DRIVERS\ggflt.sys
2011/04/14 13:30:09.0625 5804 ggsemc (c73de35960ca75c5ab4ae636b127c64e) C:\Windows\system32\DRIVERS\ggsemc.sys
2011/04/14 13:30:09.0675 5804 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/04/14 13:30:09.0725 5804 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/04/14 13:30:09.0746 5804 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/04/14 13:30:09.0772 5804 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/04/14 13:30:09.0795 5804 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/04/14 13:30:09.0821 5804 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2011/04/14 13:30:09.0871 5804 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/04/14 13:30:09.0897 5804 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2011/04/14 13:30:09.0938 5804 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/04/14 13:30:09.0963 5804 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2011/04/14 13:30:09.0994 5804 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/04/14 13:30:10.0095 5804 IntcAzAudAddService (9ed3cf7322a49dac3eca62bb9928ca54) C:\Windows\system32\drivers\RTKVHDA.sys
2011/04/14 13:30:10.0148 5804 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/04/14 13:30:10.0173 5804 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/04/14 13:30:10.0205 5804 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/04/14 13:30:10.0255 5804 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2011/04/14 13:30:10.0280 5804 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/04/14 13:30:10.0304 5804 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/04/14 13:30:10.0333 5804 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2011/04/14 13:30:10.0380 5804 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/04/14 13:30:10.0408 5804 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/04/14 13:30:10.0445 5804 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/04/14 13:30:10.0466 5804 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/04/14 13:30:10.0515 5804 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/04/14 13:30:10.0580 5804 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/04/14 13:30:10.0637 5804 L1E (c61350992a67ea1edd3d314a11a99659) C:\Windows\system32\DRIVERS\L1E60x86.sys
2011/04/14 13:30:10.0704 5804 lirsgt (f8a7212d0864ef5e9185fb95e6623f4d) C:\Windows\system32\DRIVERS\lirsgt.sys
2011/04/14 13:30:10.0736 5804 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/04/14 13:30:10.0775 5804 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2011/04/14 13:30:10.0809 5804 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2011/04/14 13:30:10.0844 5804 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2011/04/14 13:30:10.0862 5804 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/04/14 13:30:10.0928 5804 MDFSYSNT (c7182501e051cc77f1bcaa1832a8c6ea) C:\Windows\system32\drivers\MDFSYSNT.sys
2011/04/14 13:30:10.0958 5804 MDPMGRNT (26784cbd67a803a78411fff404d45db7) C:\Windows\system32\drivers\MDPMGRNT.sys
2011/04/14 13:30:10.0990 5804 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2011/04/14 13:30:11.0027 5804 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2011/04/14 13:30:11.0159 5804 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/04/14 13:30:11.0204 5804 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/04/14 13:30:11.0226 5804 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/04/14 13:30:11.0248 5804 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/04/14 13:30:11.0275 5804 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/04/14 13:30:11.0312 5804 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2011/04/14 13:30:11.0334 5804 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/04/14 13:30:11.0360 5804 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/04/14 13:30:11.0412 5804 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/04/14 13:30:11.0450 5804 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/04/14 13:30:11.0471 5804 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/04/14 13:30:11.0486 5804 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/04/14 13:30:11.0516 5804 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
2011/04/14 13:30:11.0537 5804 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2011/04/14 13:30:11.0572 5804 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/04/14 13:30:11.0595 5804 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/04/14 13:30:11.0627 5804 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/04/14 13:30:11.0678 5804 msloop (0a562f61d84bf1988e4dd6413b76c1d4) C:\Windows\system32\DRIVERS\loop.sys
2011/04/14 13:30:11.0714 5804 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/04/14 13:30:11.0739 5804 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/04/14 13:30:11.0772 5804 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/04/14 13:30:11.0811 5804 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/04/14 13:30:11.0854 5804 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/04/14 13:30:11.0899 5804 MTsensor (dcdaab8697a47894a554050ce18d0b56) C:\Windows\system32\DRIVERS\ASACPI.sys
2011/04/14 13:30:11.0918 5804 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/04/14 13:30:11.0962 5804 mv61xx (a95fed4c2fb11c79e7ddbe2eff1919b5) C:\Windows\system32\DRIVERS\mv61xx.sys
2011/04/14 13:30:12.0014 5804 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/04/14 13:30:12.0060 5804 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/04/14 13:30:12.0092 5804 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/04/14 13:30:12.0111 5804 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/04/14 13:30:12.0129 5804 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/04/14 13:30:12.0150 5804 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/04/14 13:30:12.0194 5804 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/04/14 13:30:12.0216 5804 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/04/14 13:30:12.0270 5804 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/04/14 13:30:12.0305 5804 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/04/14 13:30:12.0323 5804 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/04/14 13:30:12.0367 5804 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/04/14 13:30:12.0395 5804 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/04/14 13:30:12.0422 5804 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/04/14 13:30:12.0446 5804 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2011/04/14 13:30:12.0470 5804 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2011/04/14 13:30:12.0502 5804 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2011/04/14 13:30:12.0548 5804 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\Windows\system32\DRIVERS\nwlnkflt.sys
2011/04/14 13:30:12.0570 5804 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\Windows\system32\DRIVERS\nwlnkfwd.sys
2011/04/14 13:30:12.0617 5804 NwlnkIpx (79ea3fcda7067977625b3363a2657c80) C:\Windows\system32\DRIVERS\nwlnkipx.sys
2011/04/14 13:30:12.0682 5804 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/04/14 13:30:12.0754 5804 PAC207 (4a410c7aea51123519c20d43a20bce96) C:\Windows\system32\DRIVERS\PFC027.SYS
2011/04/14 13:30:12.0790 5804 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/04/14 13:30:12.0836 5804 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/04/14 13:30:12.0859 5804 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/04/14 13:30:12.0913 5804 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/04/14 13:30:12.0937 5804 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
2011/04/14 13:30:12.0970 5804 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/04/14 13:30:13.0011 5804 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\Windows\system32\Drivers\pcouffin.sys
2011/04/14 13:30:13.0071 5804 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/04/14 13:30:13.0124 5804 pfc (444f122e68db44c0589227781f3c8b3f) C:\Windows\system32\drivers\pfc.sys
2011/04/14 13:30:13.0218 5804 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/04/14 13:30:13.0244 5804 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2011/04/14 13:30:13.0281 5804 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/04/14 13:30:13.0346 5804 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2011/04/14 13:30:13.0379 5804 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/04/14 13:30:13.0408 5804 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/04/14 13:30:13.0426 5804 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/04/14 13:30:13.0446 5804 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/04/14 13:30:13.0476 5804 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/04/14 13:30:13.0505 5804 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/04/14 13:30:13.0552 5804 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/04/14 13:30:13.0568 5804 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/04/14 13:30:13.0608 5804 rdpdr (943b18305eae3935598a9b4a3d560b4c) C:\Windows\system32\DRIVERS\rdpdr.sys
2011/04/14 13:30:13.0623 5804 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/04/14 13:30:13.0652 5804 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/04/14 13:30:13.0687 5804 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/04/14 13:30:13.0816 5804 SANDRA (230fd3749904ca045ea5ec0aa14006e9) D:\SiSoftware Sandra Lite 2011\WNt500x86\Sandra.sys
2011/04/14 13:30:13.0866 5804 SbieDrv (a07d4747a6ebf15968cf5c891709d8f6) D:\Sandboxie\SbieDrv.sys
2011/04/14 13:30:13.0908 5804 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/04/14 13:30:13.0951 5804 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/04/14 13:30:13.0994 5804 seehcri (e5b56569a9f79b70314fede6c953641e) C:\Windows\system32\DRIVERS\seehcri.sys
2011/04/14 13:30:14.0032 5804 Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
2011/04/14 13:30:14.0056 5804 Serial (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
2011/04/14 13:30:14.0078 5804 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/04/14 13:30:14.0121 5804 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2011/04/14 13:30:14.0152 5804 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2011/04/14 13:30:14.0183 5804 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2011/04/14 13:30:14.0211 5804 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/04/14 13:30:14.0243 5804 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2011/04/14 13:30:14.0267 5804 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2011/04/14 13:30:14.0295 5804 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2011/04/14 13:30:14.0345 5804 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/04/14 13:30:14.0394 5804 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/04/14 13:30:14.0457 5804 sptd (71e276f6d189413266ea22171806597b) C:\Windows\system32\Drivers\sptd.sys
2011/04/14 13:30:14.0457 5804 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 71e276f6d189413266ea22171806597b
2011/04/14 13:30:14.0461 5804 sptd - detected Locked file (1)
2011/04/14 13:30:14.0512 5804 srv (ff3cbc13db84d81f56931bc922cc37c4) C:\Windows\system32\DRIVERS\srv.sys
2011/04/14 13:30:14.0536 5804 srv2 (d15959d9f69f0d39a0153e9c244f20dd) C:\Windows\system32\DRIVERS\srv2.sys
2011/04/14 13:30:14.0554 5804 srvnet (faa0d553a49e85008c6bb3781987c574) C:\Windows\system32\DRIVERS\srvnet.sys
2011/04/14 13:30:14.0601 5804 ssmdrv (71d609c5dff067906d930bde031c4cfe) C:\Windows\system32\DRIVERS\ssmdrv.sys
2011/04/14 13:30:14.0669 5804 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/04/14 13:30:14.0700 5804 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/04/14 13:30:14.0719 5804 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/04/14 13:30:14.0740 5804 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/04/14 13:30:14.0802 5804 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2011/04/14 13:30:14.0829 5804 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2011/04/14 13:30:14.0847 5804 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2011/04/14 13:30:14.0874 5804 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/04/14 13:30:14.0907 5804 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/04/14 13:30:14.0934 5804 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/04/14 13:30:14.0984 5804 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/04/14 13:30:15.0033 5804 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/04/14 13:30:15.0087 5804 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/04/14 13:30:15.0113 5804 tunnel (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys
2011/04/14 13:30:15.0138 5804 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2011/04/14 13:30:15.0177 5804 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/04/14 13:30:15.0215 5804 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2011/04/14 13:30:15.0244 5804 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2011/04/14 13:30:15.0268 5804 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/04/14 13:30:15.0288 5804 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/04/14 13:30:15.0314 5804 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/04/14 13:30:15.0375 5804 UnlockerDriver5 (f365fa561c3ab455d8685770d208691a) D:\Unlocker\UnlockerDriver5.sys
2011/04/14 13:30:15.0447 5804 USBAAPL (c1ca131f4e3ed63d6bc89a35ffad4cda) C:\Windows\system32\Drivers\usbaapl.sys
2011/04/14 13:30:15.0500 5804 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/04/14 13:30:15.0530 5804 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/04/14 13:30:15.0582 5804 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/04/14 13:30:15.0606 5804 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/04/14 13:30:15.0629 5804 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/04/14 13:30:15.0664 5804 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/04/14 13:30:15.0719 5804 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2011/04/14 13:30:15.0749 5804 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/04/14 13:30:15.0774 5804 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/04/14 13:30:15.0822 5804 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/04/14 13:30:15.0848 5804 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/04/14 13:30:15.0875 5804 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2011/04/14 13:30:15.0904 5804 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2011/04/14 13:30:15.0928 5804 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2011/04/14 13:30:15.0954 5804 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/04/14 13:30:15.0996 5804 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/04/14 13:30:16.0016 5804 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/04/14 13:30:16.0066 5804 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2011/04/14 13:30:16.0097 5804 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/04/14 13:30:16.0121 5804 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/14 13:30:16.0131 5804 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/14 13:30:16.0173 5804 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2011/04/14 13:30:16.0235 5804 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/04/14 13:30:16.0354 5804 WinUSB (676f4b665bdd8053eaa53ac1695b8074) C:\Windows\system32\DRIVERS\WinUSB.sys
2011/04/14 13:30:16.0396 5804 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
2011/04/14 13:30:16.0466 5804 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/04/14 13:30:16.0493 5804 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/04/14 13:30:16.0537 5804 WSDPrintDevice (4422ac5ed8d4c2f0db63e71d4c069dd7) C:\Windows\system32\DRIVERS\WSDPrint.sys
2011/04/14 13:30:16.0572 5804 WSDScan (65d1ff8aaff4a7d8f787a290e5087816) C:\Windows\system32\DRIVERS\WSDScan.sys
2011/04/14 13:30:16.0623 5804 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/04/14 13:30:16.0685 5804 zebrbus (812a1e9b0dd3bf23606c32ce696d042b) C:\Windows\system32\DRIVERS\zebrbus.sys
2011/04/14 13:30:16.0722 5804 zebrmdfl (9a42f9ccc5cb1ed3db2fe0e007eed8a5) C:\Windows\system32\DRIVERS\zebrmdfl.sys
2011/04/14 13:30:16.0752 5804 zebrmdm (5198070a595009871108091bc4b0e000) C:\Windows\system32\DRIVERS\zebrmdm.sys
2011/04/14 13:30:16.0791 5804 zebrmdmc (29df5831f0d1ce863f23c53585736f32) C:\Windows\system32\DRIVERS\zebrmdmc.sys
2011/04/14 13:30:19.0806 5804 ================================================================================
2011/04/14 13:30:19.0806 5804 Scan finished
2011/04/14 13:30:19.0806 5804 ================================================================================
2011/04/14 13:30:19.0815 5216 Detected object count: 1
2011/04/14 13:30:31.0324 5216 Locked file(sptd) - User select action: Skip
Geändert von ghosti (14.04.2011 um 12:34 Uhr) |
|
14.04.2011, 13:20
| #11 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows Recovery Malware. Halbwegs beseitigt. SPTD ist ok. Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
14.04.2011, 15:01
| #12 |
| | Windows Recovery Malware. Halbwegs beseitigt. JAAA, es sind wieder alle Dateien sichtbar. Auch im Startmenu Herzlichsten Dank! Der Combo Fix hat soweit geklappt. Hier das Logfile. Code:
ATTFilter ComboFix 11-04-13.04 - Daniel 14.04.2011 15:49:58.1.2 - x86
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.49.1031.18.3326.1845 [GMT 2:00]
ausgeführt von:: c:\users\Daniel\Desktop\cofi.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\pdfforge Toolbar\pdFForgetoolbarie.dll
c:\program files\pdfforge Toolbar\SeARchsettings.dll
c:\programdata\Adobe Systems
c:\programdata\Adobe Systems\Product licenses\B302D000.dat
c:\users\Daniel\AppData\Roaming\Adobe\plugs
c:\users\Daniel\AppData\Roaming\Adobe\shed
c:\users\Daniel\AppData\Roaming\ezplay.sys
c:\users\Daniel\AppData\Roaming\FFSJ
c:\users\Daniel\AppData\Roaming\FFSJ\FFSJ.cfg
c:\users\Daniel\AppData\Roaming\inst.exe
c:\users\Daniel\AppData\Roaming\pcouffin.sys
c:\windows\Downloaded Program Files\IDropPTB.dll
c:\windows\system32\install.exe
c:\windows\system32\msvbvtbsr.dll
c:\windows\system32\ReadMe.txt
c:\windows\XSxS
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-03-14 bis 2011-04-14 ))))))))))))))))))))))))))))))
.
.
2011-04-22 16:36 . 2011-04-22 16:50 -------- d--h--w- c:\users\Daniel\AppData\Roaming\CD Art Display
2011-04-22 16:36 . 2009-09-05 18:28 69632 ---ha-w- c:\windows\cadSSaver.scr
2011-04-22 16:36 . 2003-01-27 12:27 94208 ---ha-w- c:\windows\system32\wmpuice.dll
2011-04-14 11:25 . 2011-04-14 11:25 -------- d-----w- c:\users\Daniel\AppData\Local\{3DFF2B66-D81C-4D3D-9C49-784BC6AECEF6}
2011-04-13 19:45 . 2011-04-14 11:17 879400 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2011-04-13 17:19 . 2011-04-13 17:19 -------- d-----w- c:\users\Daniel\AppData\Local\{3053ADE2-B98D-42F2-8217-D0F20798665F}
2011-04-13 15:10 . 2011-04-13 15:10 -------- d-----w- C:\_OTL
2011-04-12 21:43 . 2011-02-23 13:56 371544 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-04-12 19:14 . 2010-12-20 16:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-12 19:14 . 2011-04-12 19:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-12 19:14 . 2010-12-20 16:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-10 12:09 . 2011-04-10 12:09 -------- d--h--w- c:\users\Daniel\AppData\Local\FontCreator
2011-04-10 12:09 . 2011-04-10 12:22 -------- d--h--w- c:\users\Daniel\AppData\Roaming\FontCreator
2011-04-10 10:21 . 2011-04-10 18:22 -------- d--h--w- c:\users\Daniel\Desktop Backup
2011-04-10 10:14 . 2010-01-06 11:13 506368 ---ha-w- c:\windows\system32\sqlite3.dll
2011-04-10 10:12 . 2011-04-10 10:17 -------- d--h--w- c:\users\Daniel\AppData\Roaming\Rainmeter
2011-04-08 14:58 . 2011-04-08 14:58 -------- d--h--w- c:\users\Daniel\AppData\Local\{5013EB7B-6E48-46AA-B462-8CA07972FDF3}
2011-04-07 13:17 . 2011-04-07 13:18 -------- d--h--w- c:\users\Daniel\AppData\Local\{EFB03396-6F5F-47F4-AF4D-E93303F65884}
2011-04-06 17:53 . 2011-04-06 17:53 -------- d--h--w- c:\users\Daniel\AppData\Local\{8836FA2F-280B-49C0-AB59-2341A148E93F}
2011-04-05 18:39 . 2011-04-05 18:40 -------- d--h--w- c:\users\Daniel\AppData\Local\{845D655F-8206-4D7A-B232-61AEA3801158}
2011-04-04 16:04 . 2011-04-04 16:04 -------- d--h--w- c:\users\Daniel\AppData\Local\{8CA62E4A-5208-4D8C-AAA0-0079E966645C}
2011-04-03 09:43 . 2011-04-03 09:43 -------- d--h--w- c:\users\Daniel\AppData\Local\{9650D6D0-DBD7-4F53-AA9C-48DBCA72ADED}
2011-04-02 11:22 . 2011-04-02 11:22 -------- d--h--w- c:\users\Daniel\AppData\Local\{C0DE76CA-12A0-43A3-AECD-FDFF6D343B27}
2011-04-01 07:47 . 2011-04-01 07:48 -------- d--h--w- c:\users\Daniel\AppData\Local\{BCB40123-1D4B-4552-BCE7-842D1404FB3E}
2011-03-31 15:13 . 2011-03-31 15:13 -------- d--h--w- c:\users\Daniel\AppData\Local\{DE58054B-7FA0-46C4-993E-59F18D7F9D86}
2011-03-30 17:05 . 2011-03-30 17:05 -------- d--h--w- c:\users\Daniel\AppData\Local\{21768AF1-9AEC-4E1A-8A75-B52E16E04468}
2011-03-29 17:04 . 2011-03-29 17:05 -------- d--h--w- c:\users\Daniel\AppData\Local\{7D8DCAA7-6CAC-44B6-93A7-0FBD78A5CA87}
2011-03-28 17:53 . 2011-03-28 17:53 -------- d--h--w- c:\users\Daniel\AppData\Local\{B1379F96-D63B-422F-9E01-C1DEBE70B07C}
2011-03-27 13:19 . 2011-03-27 13:19 -------- d--h--w- c:\users\Daniel\AppData\Local\{FB190D08-B318-428A-B153-CEF0E7D35BB4}
2011-03-26 14:50 . 2011-03-26 14:51 -------- d--h--w- c:\users\Daniel\AppData\Local\{3DD98622-FC66-4C4E-AE04-F6FE0CE2B852}
2011-03-25 12:22 . 2011-03-25 12:22 -------- d--h--w- c:\users\Daniel\AppData\Local\{1E50BA37-7E3C-45A9-83A0-394CBAAAB437}
2011-03-24 21:36 . 2011-03-24 21:37 -------- d--h--w- c:\users\Daniel\AppData\Local\{F7E2855C-47DF-433F-8643-1B56F03C3157}
2011-03-24 09:36 . 2011-03-24 09:36 -------- d--h--w- c:\users\Daniel\AppData\Local\{6063EAB0-D0D9-4B98-94EE-CD922589AFE0}
2011-03-23 10:06 . 2011-03-23 10:06 -------- d--h--w- c:\users\Daniel\AppData\Local\{670DB61A-E2E7-4247-80B1-BD241BB79DBD}
2011-03-22 19:31 . 2011-03-22 19:31 -------- d--h--w- c:\users\Daniel\AppData\Local\{F3B35707-BC22-4B2B-8CC3-FE7B9A381939}
2011-03-21 19:28 . 2011-03-21 19:28 189248 ---ha-w- c:\windows\system32\PnkBstrB.exe
2011-03-21 19:28 . 2011-03-21 19:28 75136 ---ha-w- c:\windows\system32\PnkBstrA.exe
2011-03-21 19:28 . 2011-03-21 19:28 -------- d--h--w- c:\users\Daniel\AppData\Roaming\PunkBuster
2011-03-21 13:35 . 2011-03-21 13:36 -------- d--h--w- c:\users\Daniel\AppData\Local\{AA70CE0D-1E35-4599-8020-384072341BFA}
2011-03-18 11:36 . 2011-03-18 11:36 -------- d--h--w- c:\users\Daniel\AppData\Local\{31EDE5E4-DD44-4645-AA7B-32B2E225C346}
2011-03-16 18:50 . 2011-03-16 18:50 -------- d--h--w- c:\users\Daniel\AppData\Local\{E7930CA0-B070-420A-866C-2957ABE6E00F}
2011-03-15 16:46 . 2011-03-15 16:47 -------- d--h--w- c:\users\Daniel\AppData\Local\{B91DB9FD-0F57-4BA9-AD01-E11BAD74E68C}
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-13 17:17 . 2011-03-13 17:17 94208 ---ha-w- c:\windows\system32\drivers\ezplay.sys
2011-03-09 09:49 . 2010-06-24 10:33 18328 ---ha-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-03-07 09:57 . 2011-03-07 09:57 1222408 ---ha-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-02-23 14:04 . 2010-07-30 15:12 40648 ----a-w- c:\windows\avastSS.scr
2011-02-23 14:04 . 2010-05-15 17:58 190016 ----a-w- c:\windows\system32\aswBoot.exe
2011-02-23 13:56 . 2010-05-15 17:59 301528 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-02-23 13:55 . 2010-05-15 17:59 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-02-23 13:55 . 2010-05-15 17:59 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-02-23 13:55 . 2010-05-15 17:59 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-02-23 13:54 . 2010-05-15 17:59 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-02-21 14:32 . 2008-01-21 02:21 57400 ----a-w- c:\windows\system32\drivers\mountmgr.sys
2011-02-08 12:36 . 2011-02-08 12:36 22656 ---ha-w- c:\windows\system32\drivers\droidcam.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-02-23 14:04 122512 ----a-w- d:\avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ---ha-w- c:\users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ---ha-w- c:\users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ---ha-w- c:\users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ---ha-w- c:\users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="d:\rocketdock\RocketDock.exe" [2007-09-02 495616]
"DAEMON Tools Lite"="d:\daemon tools lite\daemon.exe" [2008-12-29 687560]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Remote Control Editor"="c:\program files\Common Files\TerraTec\Remote\TTTvRc.exe" [2011-01-20 1702912]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-22 7289376]
"MacDrive 8 application"="c:\program files\Mediafour\MacDrive 8\MacDrive.exe" [2009-06-15 202328]
"Getting started with MacDrive 8"="c:\program files\Mediafour\MacDrive 8\MDGetStarted.exe" [2009-03-31 141312]
"avast5"="d:\avast5\avastUI.exe" [2011-02-23 3451496]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-09-30 98304]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-24 2516296]
"CanonSolutionMenuEx"="c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]
"IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2010-03-02 140640]
"CloneCDTray"="d:\slysoft\CloneCD\CloneCDTray.exe" [2009-01-29 57344]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
.
c:\users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Daniel\AppData\Roaming\Dropbox\bin\Dropbox.exe [2010-12-17 23343848]
Rainmeter.lnk - d:\rainmeter\Rainmeter.exe [2011-2-6 99840]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
CLS 2011.10.lnk - c:\windows\Installer\{40CE80E6-4E55-489B-A271-40724510F703}\NewShortcut11.70787B93_F30E_4877_AFB6_34DDA9EE532D.exe [2011-1-11 65536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
%ProgramFiles%\Windows Defender\MSASCui.exe -hide [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2008-06-11 20:43 640376 ----a-w- d:\acrobat 9.0\Acrobat\acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2008-06-12 00:25 37232 ----a-w- d:\acrobat 9.0\Acrobat\acrobat_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-06-12 01:38 34672 ----a-w- d:\acrobat reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 05:58 611712 ---ha-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
2008-09-02 04:52 205256 ----a-w- d:\alcohol 120\AxCmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Allway Sync]
2009-10-22 13:27 79568 ----a-w- d:\allway sync\Bin\syncappw.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-09-20 14:35 202024 ---ha-w- c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-21 02:23 125952 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GoodSync]
2010-01-22 21:31 3823288 ----a-w- d:\goodsync\GoodSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-11-17 19:59 421160 ----a-w- d:\itunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PAC207_Monitor]
2007-12-10 13:55 323584 ---ha-w- c:\windows\PixArt\i-Look110\Monitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 10:17 421888 ---ha-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Remote Control Editor]
2011-01-20 09:26 1702912 ---ha-w- c:\program files\Common Files\TerraTec\Remote\TTTvRc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RGSC]
2009-05-06 11:58 306088 ----a-w- d:\gta 4\Rockstar Games Social Club\RGSCLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SandboxieControl]
2009-01-05 14:39 336896 ----a-w- d:\sandboxie\SbieCtrl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-02-22 11:42 26101032 ---ha-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-12-10 11:26 149280 ---ha-w- c:\program files\Java\jre6\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2008-12-09 10:12 234856 ----a-w- d:\tomtom home 2\HOMERunner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
2009-10-26 07:33 15872 ----a-w- d:\unlocker\UnlockerAssistant.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 DVBVRecorder;DVBViewer Recording Service;d:\dvbviewer\DVBVservice.exe [2010-10-16 617600]
R2 KeyAgent;KeyAgent;c:\windows\system32\drivers\KeyAgent.sys [x]
R2 MacHALDriver;Mac HAL;c:\windows\system32\drivers\MacHALDriver.sys [x]
R2 mitsijm2011;Autodesk Moldflow Inventor Tool Suite Integration 2011 - Job-Manager;d:\autodesk inventor\Moldflow\bin\mitsijm.exe [2010-01-23 462336]
R2 WebCamDV;WebCamDV DV to Webcam Converter;c:\windows\system32\DRIVERS\WebCamDV.sys [x]
R3 GA622T;NETGEAR GA622T Gigabit UTP Adapter;c:\windows\system32\DRIVERS\GA622ND5.SYS [2001-12-05 34516]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2010-07-17 13224]
R3 PAC207;i-Look 110;c:\windows\system32\DRIVERS\PFC027.SYS [2008-02-13 618112]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [x]
R3 SandraAgentSrv;SiSoftware Deployment Agent Service;d:\sisoftware sandra lite 2011\RpcAgentSrv.exe [2009-08-17 93848]
R3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2010-10-26 155344]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R3 WSDPrintDevice;WSD-Druckunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2008-01-21 16896]
R3 WSDScan;WSD-Scanunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-04-10 19968]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 MDFSYSNT;MacDrive file system driver; [x]
S0 MDPMGRNT;MacDrive partition driver; [x]
S0 mv61xx;mv61xx;c:\windows\system32\DRIVERS\mv61xx.sys [2008-06-23 150568]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-02-19 717296]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 ABBYY.Licensing.FineReader.Corporate.10.0;ABBYY FineReader 10 CE Licensing Service;c:\program files\Common Files\ABBYY\FineReader\10.00\Licensing\CE\NetworkLicenseServer.exe [2009-12-19 814344]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-09-29 176128]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-02-23 53592]
S2 MacDrive8Service;MacDrive 8 service;c:\program files\Mediafour\MacDrive 8\MacDrive8Service.exe [2009-09-23 150528]
S2 MSSQL$ECSQLEXPRESS;SQL Server (ECSQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-11-25 29263712]
S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2010-12-07 2228008]
S3 AbilisT;EyeTV DTT Deluxe (2009) Service;c:\windows\system32\DRIVERS\AbilisBdaTuner.sys [2009-12-08 122720]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-09-29 6472192]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-09-29 228352]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdLH3.sys [2010-08-16 100368]
S3 DroidCam;DroidCam Virtual Audio;c:\windows\system32\drivers\droidcam.sys [2011-02-08 22656]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2010-07-17 27632]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - klmd25
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
.
------- Zusätzlicher Suchlauf -------
.
uInternet Settings,ProxyOverride = *.local
IE: An vorhandene PDF-Datei anfügen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: In Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Nach Microsoft E&xel exportieren - d:\micros~1\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\el7i34hd.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1351351&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT1351351&SearchSource=13
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
------- Dateityp-Verknüpfung -------
.
.scr=AutoCADScriptFile
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
ShellIconOverlayIdentifiers-MacDrive volume icons - (no file)
HKCU-Run-Power Off Monitor - d:\power monitor off\PowerMonitorOff.exe
MSConfigStartUp-MsnMsgr - c:\progra~1\MSNMES~1\msnmsgr.exe
MSConfigStartUp-StickyNotes - d:\stickynotes\StickyNotes.exe
MSConfigStartUp-SyncroNaut Timer - d:\syncronaut\SYSTEM\Timer4.exe
AddRemove-WOLAPI - d:\alarmstufe rot 2\Internetkomponenten\UnstllAP.EXE
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-04-14 15:55
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
.
C:\## aswSnx private storage
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 1
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-651202421-3400200994-3118346361-1000\Software\SecuROM\License information*]
"datasecu"=hex:1c,49,ff,36,ce,0a,a7,ad,8d,c4,32,18,21,f3,c2,a4,b5,f7,a3,4c,cb,
fb,5d,36,4b,be,35,76,e9,e3,16,04,72,88,0e,2a,fe,b4,51,62,6a,bb,35,43,bb,b6,\
"rkeysecu"=hex:0c,71,d8,90,96,28,f2,c2,b9,d2,fe,c6,78,73,ba,ec
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2011-04-14 15:57:28
ComboFix-quarantined-files.txt 2011-04-14 13:57
.
Vor Suchlauf: 9.816.408.064 Bytes frei
Nach Suchlauf: 9.747.030.016 Bytes frei
.
- - End Of File - - 964BDD1E0074D8F6538245237A602463
|
|
14.04.2011, 15:04
| #13 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows Recovery Malware. Halbwegs beseitigt. Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
14.04.2011, 16:12
| #14 |
| | Windows Recovery Malware. Halbwegs beseitigt. So, ich habe hier jetzt drei Logfiles. GMER ist einmal abgeschmiert, ansonsten lief es rund. OSAM ist ziemlich schnell gewesen, stimmt das so? hxxp://dl.dropbox.com/u/16632825/board/gmer.log hxxp://dl.dropbox.com/u/16632825/board/osam.log hxxp://dl.dropbox.com/u/16632825/board/MBRCheck_04.14.11_17.07.19.txt Danke |
|
14.04.2011, 17:44
| #15 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows Recovery Malware. Halbwegs beseitigt. Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Windows Recovery Malware. Halbwegs beseitigt. |
| angemeldet, anti-malware, ausgelastet, avast, beendet, blue, bösartige website, computer, dateien, dateien versteckt, eingefangen, entfernung, extras.txt, fehler, forum, gen, helper, iexplorer.exe, internet, logfiles, malwarebytes, problem, programm, prozesse, recovery, scan, trojan, windows |
Linear-Darstellung
