Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: tr/crypt.zpack.gen2

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 16.04.2011, 01:23   #1
Hemd
 
tr/crypt.zpack.gen2 - Standard

tr/crypt.zpack.gen2



Hallo,

Anti Vir hat mir heute angezeigt, dass "Skype.exe" von o.g. virus befallen sei.
Habe dann meine skype.exe datei bei virustotal hochgeladen, wobei nichts gefunden wurde, außer bei bei Rising:
Rising 23.53.04.05 2011.04.15 Suspicious

Dann habe ich einen AntiVir Scan durchgeführt:


Avira AntiVir Personal
Erstellungsdatum der Reportdatei: Freitag, 15. April 2011 19:31

Es wird nach 2564597 Virenstämmen gesucht.

Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer : Avira AntiVir Personal - FREE Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows Vista
Windowsversion : (Service Pack 2) [6.0.6002]
Boot Modus : Normal gebootet
Benutzername : Admin
Computername : XXXXX

Versionsinformationen:
BUILD.DAT : 10.0.0.635 31822 Bytes 07.03.2011 12:02:00
AVSCAN.EXE : 10.0.3.5 435368 Bytes 09.12.2010 11:57:06
AVSCAN.DLL : 10.0.3.0 56168 Bytes 26.04.2010 16:17:51
LUKE.DLL : 10.0.3.2 104296 Bytes 09.12.2010 11:57:06
LUKERES.DLL : 10.0.0.0 13672 Bytes 14.01.2010 10:59:47
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 08:05:36
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 11:00:33
VBASE002.VDF : 7.11.3.0 1950720 Bytes 09.02.2011 11:00:22
VBASE003.VDF : 7.11.5.225 1980416 Bytes 07.04.2011 12:50:57
VBASE004.VDF : 7.11.5.226 2048 Bytes 07.04.2011 12:50:58
VBASE005.VDF : 7.11.5.227 2048 Bytes 07.04.2011 12:50:58
VBASE006.VDF : 7.11.5.228 2048 Bytes 07.04.2011 12:50:58
VBASE007.VDF : 7.11.5.229 2048 Bytes 07.04.2011 12:50:59
VBASE008.VDF : 7.11.5.230 2048 Bytes 07.04.2011 12:50:59
VBASE009.VDF : 7.11.5.231 2048 Bytes 07.04.2011 12:50:59
VBASE010.VDF : 7.11.5.232 2048 Bytes 07.04.2011 12:50:59
VBASE011.VDF : 7.11.5.233 2048 Bytes 07.04.2011 12:50:59
VBASE012.VDF : 7.11.5.234 2048 Bytes 07.04.2011 12:50:59
VBASE013.VDF : 7.11.6.28 158208 Bytes 11.04.2011 10:20:52
VBASE014.VDF : 7.11.6.74 116224 Bytes 13.04.2011 10:00:11
VBASE015.VDF : 7.11.6.113 137728 Bytes 14.04.2011 16:16:31
VBASE016.VDF : 7.11.6.114 2048 Bytes 14.04.2011 16:16:31
VBASE017.VDF : 7.11.6.115 2048 Bytes 14.04.2011 16:16:31
VBASE018.VDF : 7.11.6.116 2048 Bytes 14.04.2011 16:16:31
VBASE019.VDF : 7.11.6.117 2048 Bytes 14.04.2011 16:16:31
VBASE020.VDF : 7.11.6.118 2048 Bytes 14.04.2011 16:16:31
VBASE021.VDF : 7.11.6.119 2048 Bytes 14.04.2011 16:16:31
VBASE022.VDF : 7.11.6.120 2048 Bytes 14.04.2011 16:16:32
VBASE023.VDF : 7.11.6.121 2048 Bytes 14.04.2011 16:16:32
VBASE024.VDF : 7.11.6.122 2048 Bytes 14.04.2011 16:16:32
VBASE025.VDF : 7.11.6.123 2048 Bytes 14.04.2011 16:16:32
VBASE026.VDF : 7.11.6.124 2048 Bytes 14.04.2011 16:16:32
VBASE027.VDF : 7.11.6.125 2048 Bytes 14.04.2011 16:16:32
VBASE028.VDF : 7.11.6.126 2048 Bytes 14.04.2011 16:16:33
VBASE029.VDF : 7.11.6.127 2048 Bytes 14.04.2011 16:16:33
VBASE030.VDF : 7.11.6.128 2048 Bytes 14.04.2011 16:16:33
VBASE031.VDF : 7.11.6.139 54272 Bytes 15.04.2011 16:16:33
Engineversion : 8.2.4.208
AEVDF.DLL : 8.1.2.1 106868 Bytes 30.07.2010 10:16:39
AESCRIPT.DLL : 8.1.3.58 1266042 Bytes 04.04.2011 10:00:49
AESCN.DLL : 8.1.7.2 127349 Bytes 22.11.2010 11:26:37
AESBX.DLL : 8.1.3.2 254324 Bytes 22.11.2010 11:26:59
AERDL.DLL : 8.1.9.9 639347 Bytes 25.03.2011 23:26:47
AEPACK.DLL : 8.2.6.0 549237 Bytes 08.04.2011 12:51:59
AEOFFICE.DLL : 8.1.1.20 205177 Bytes 04.04.2011 10:00:40
AEHEUR.DLL : 8.1.2.98 3441014 Bytes 15.04.2011 16:16:41
AEHELP.DLL : 8.1.16.1 246134 Bytes 04.02.2011 10:13:20
AEGEN.DLL : 8.1.5.4 397684 Bytes 04.04.2011 10:00:21
AEEMU.DLL : 8.1.3.0 393589 Bytes 22.11.2010 11:25:12
AECORE.DLL : 8.1.20.2 196982 Bytes 08.04.2011 12:51:08
AEBB.DLL : 8.1.1.0 53618 Bytes 26.04.2010 16:17:50
AVWINLL.DLL : 10.0.0.0 19304 Bytes 14.01.2010 10:59:10
AVPREF.DLL : 10.0.0.0 44904 Bytes 14.01.2010 10:59:07
AVREP.DLL : 10.0.0.8 62209 Bytes 18.02.2010 15:47:40
AVREG.DLL : 10.0.3.2 53096 Bytes 02.11.2010 20:51:29
AVSCPLR.DLL : 10.0.3.2 84328 Bytes 09.12.2010 11:57:06
AVARKT.DLL : 10.0.22.6 231784 Bytes 09.12.2010 11:57:05
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 26.01.2010 08:53:25
SQLITE3.DLL : 3.6.19.0 355688 Bytes 28.01.2010 11:57:53
AVSMTP.DLL : 10.0.0.17 63848 Bytes 16.03.2010 14:38:54
NETNT.DLL : 10.0.0.0 11624 Bytes 19.02.2010 13:40:55
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 28.01.2010 12:10:08
RCTEXT.DLL : 10.0.58.0 98152 Bytes 02.11.2010 20:51:29

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Lokale Laufwerke
Konfigurationsdatei...................: C:\Program Files\Avira\AntiVir Desktop\alldrives.avp
Protokollierung.......................: niedrig
Primäre Aktion........................: ignorieren
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, D:, E:, F:,
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: aus
Archiv Smart Extensions...............: ein
Abweichende Archivtypen...............: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox,
Makrovirenheuristik...................: ein
Dateiheuristik........................: hoch
Abweichende Gefahrenkategorien........: +PFS,+SPR,

Beginn des Suchlaufs: Freitag, 15. April 2011 19:31

Der Suchlauf nach versteckten Objekten wird begonnen.

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'wsqmcons.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'vssvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'wuauclt.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'NOTEPAD.EXE' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'CCC.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'OSDCtrl.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'OSD.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'WisLMSvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'WisKeyState.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'MOM.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'HotkeyApp.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'GoogleUpdate.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'PnkBstrB.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'PnkBstrA.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'nwtsrv.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'NBService.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'cvpnd.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'certsrv.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'mDNSResponder.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avmike.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'Ati2evxx.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SLsvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'Ati2evxx.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '1' Modul(e) wurden durchsucht

Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
[INFO] Es wurde kein Virus gefunden!

Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
[INFO] Es wurde kein Virus gefunden!
Bootsektor 'D:\'
[INFO] Es wurde kein Virus gefunden!

Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '1765' Dateien ).


Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\'
Beginne mit der Suche in 'D:\'
D:\Bilder\Diditalkamera\Freunde & Sonstiges\2005\Moe´s Bilder\Micha 06.JPG
[0] Archivtyp: ZIP
[FUND] Ist das Trojanische Pferd TR/Keylog.HotKeysHook.D
--> BF1942 -Trainer.exe
[FUND] Ist das Trojanische Pferd TR/Keylog.HotKeysHook.D
[HINWEIS] Eine Sicherungskopie wurde unter dem Namen 4a7f022e.qua erstellt ( QUARANTÄNE )
Beginne mit der Suche in 'E:\'
Der zu durchsuchende Pfad E:\ konnte nicht geöffnet werden!
Systemfehler [21]: Das Gerät ist nicht bereit.
Beginne mit der Suche in 'F:\'
Der zu durchsuchende Pfad F:\ konnte nicht geöffnet werden!
Systemfehler [21]: Das Gerät ist nicht bereit.


Ende des Suchlaufs: Freitag, 15. April 2011 21:29
Benötigte Zeit: 1:57:46 Stunde(n)

Der Suchlauf wurde vollständig durchgeführt.

25815 Verzeichnisse wurden überprüft
671125 Dateien wurden geprüft
1 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
1 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
671124 Dateien ohne Befall
10581 Archive wurden durchsucht
0 Warnungen
1 Hinweise
133223 Objekte wurden beim Rootkitscan durchsucht
0 Versteckte Objekte wurden gefunden

dann HijackThis:

HiJackthis Logfile:
Code:
ATTFilter
Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 22:37:10, on 15.04.2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal
 
Running processes:
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Launch Manager\WisKeyState.exe
C:\Program Files\Launch Manager\OSD.exe
C:\Program Files\Launch Manager\OSDCtrl.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
D:\Programme\HijackThis\TrendMicro\HiJackThis\HiJackThis.exe
C:\Windows\system32\DllHost.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2613550
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: ZoneAlarm-Sicherheit Toolbar - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files\ZoneAlarm-Sicherheit\tbZone.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: ZoneAlarm-Sicherheit Toolbar - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files\ZoneAlarm-Sicherheit\tbZone.dll
O3 - Toolbar: ZoneAlarm-Sicherheit Toolbar - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files\ZoneAlarm-Sicherheit\tbZone.dll
O3 - Toolbar: ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [HotkeyApp] "C:\Program Files\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [WisKeyState] "C:\Program Files\Launch Manager\WisKeyState.exe"
O4 - HKLM\..\Run: [LMgrVolOSD] "C:\Program Files\Launch Manager\OSD.exe"
O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ISW] "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix: 
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVM FRITZ!Fernzugang IKE Service (avmike) - AVM Berlin - C:\Program Files\FRITZ!Fernzugang\avmike.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: AVM FRITZ!Fernzugang Cert Service (certsrv) - AVM Berlin - C:\Program Files\FRITZ!Fernzugang\certsrv.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Google Update Service (gupdate1c9ae33210dd6d0) (gupdate1c9ae33210dd6d0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: ZoneAlarm Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: AVM FRITZ!Fernzugang Client (nwtsrv) - AVM Berlin - C:\Program Files\FRITZ!Fernzugang\nwtsrv.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
O23 - Service: WisLMSvc - Wistron Corp. - C:\Program Files\Launch Manager\WisLMSvc.exe
 
--
End of file - 7273 bytes
         
--- --- ---


und zum Schluss noch Malware Bytes:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4136

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

15.04.2011 22:46:13
mbam-log-2011-04-15 (22-46-13).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 137261
Laufzeit: 8 Minute(n), 0 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

....mein Verdacht ist Fehlalarm, was mein Ihr??

Vielen Dank schonmal für eure Hilfe!!

Alt 18.04.2011, 16:46   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
tr/crypt.zpack.gen2 - Standard

tr/crypt.zpack.gen2



Zitat:
Malwarebytes' Anti-Malware 1.46
Datenbank Version: 4136
Wieso scannst du mit so einer alten Version?
Es kann doch garnichts an neueren Schädlingen gefunden werden mit dieser Version aus der Steinzeit!
Aktualisieren auf Programmversion 1.50 und die Signaturen müssen bei 6390 oder höher sein.

Hijackthis-Logs interessieren uns nicht mehr, ZoneAlarm sollte deinstalliert werden.
__________________

__________________

Alt 19.04.2011, 18:49   #3
Hemd
 
tr/crypt.zpack.gen2 - Standard

tr/crypt.zpack.gen2



Entschuldigung, habe das Update vergessen.

Zone Alarm ist deinstallieirt und Windows Firewall aktiviert. Reicht die Windows Firewall denn i.A. bei Vista?


Hier das neue Log. Er hat leider nun was gefunden:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6399

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

19.04.2011 18:43:59
mbam-log-2011-04-19 (18-43-50).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 165957
Laufzeit: 5 Minute(n), 57 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 3
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\HJRUDZ5DT2 (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\NtWqIVLZEWZU (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> No action taken.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)




Soll ich zunächst auf "Entferne auswahl" klicken?
__________________

Alt 19.04.2011, 21:12   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
tr/crypt.zpack.gen2 - Standard

tr/crypt.zpack.gen2



Zitat:
Reicht die Windows Firewall denn i.A. bei Vista?
Reicht das Betriebssystem Vista?

mach bitte einen Vollscan mit Malwarebytes!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 19.04.2011, 23:56   #5
Hemd
 
tr/crypt.zpack.gen2 - Standard

tr/crypt.zpack.gen2



Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6399

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

19.04.2011 23:48:41
mbam-log-2011-04-19 (23-48-36).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 352995
Laufzeit: 1 Stunde(n), 59 Minute(n), 55 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 3
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\HJRUDZ5DT2 (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\NtWqIVLZEWZU (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> No action taken.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)


Alt 19.04.2011, 23:58   #6
Hemd
 
tr/crypt.zpack.gen2 - Standard

tr/crypt.zpack.gen2



bzw nach dem Löschen:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6399

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

19.04.2011 23:57:11
mbam-log-2011-04-19 (23-57-11).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 352995
Laufzeit: 1 Stunde(n), 59 Minute(n), 55 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 3
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\HJRUDZ5DT2 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\NtWqIVLZEWZU (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Alt 20.04.2011, 18:15   #7
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
tr/crypt.zpack.gen2 - Standard

tr/crypt.zpack.gen2



Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 20.04.2011, 18:37   #8
Hemd
 
tr/crypt.zpack.gen2 - Standard

tr/crypt.zpack.gen2



OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 20.04.2011 18:30:19 - Run 2
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\Stewen\Documents\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 55,00% Memory free
6,00 Gb Paging File | 4,00 Gb Available in Paging File | 75,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116,21 Gb Total Space | 55,87 Gb Free Space | 48,07% Space Free | Partition Type: NTFS
Drive D: | 116,67 Gb Total Space | 12,03 Gb Free Space | 10,31% Space Free | Partition Type: NTFS
Drive E: | 6,71 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: STEWEN-PC | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Programme\FireFox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Programme\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Programme\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003C9075-3061-4F2E-87E5-8513CDE2D2F9}" = rport=138 | protocol=17 | dir=out | app=system | 
"{0224475C-969F-49F4-ABDB-6B0356C67203}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{07CD5D27-F599-455B-88C0-10FB95649BBC}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{18076955-DC6F-41D0-A53F-658D78CBA30D}" = rport=445 | protocol=6 | dir=out | app=system | 
"{191DC001-9FB3-47FE-AA65-8BA880D2E619}" = lport=137 | protocol=17 | dir=in | app=system | 
"{287500EA-BF79-4C55-A09A-52E419235332}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{3B9ADE3D-96A9-49E9-AFA8-8A84775AA0FE}" = lport=139 | protocol=6 | dir=in | app=system | 
"{539DA32F-EB04-44DF-A49C-DF57C85DDCC0}" = rport=139 | protocol=6 | dir=out | app=system | 
"{6611AD78-722F-4B98-916C-413943B65653}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{7BF0D4BE-3A75-4645-BEF3-0ACFB149CCD8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{85505119-A7D2-4AEC-B8E2-653B8A29F29D}" = lport=445 | protocol=6 | dir=in | app=system | 
"{90FD536C-4442-4C3A-8A98-F6B56266E262}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{9643B286-CBF0-426A-8049-C4FDDD685DE0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{99881B42-11CE-4E1E-A3CB-96064A0A42F6}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{9B73C0DE-5E20-4ED4-873C-78EFC44EE149}" = rport=137 | protocol=17 | dir=out | app=system | 
"{9FAAFD4D-6EE8-4D09-A5A0-4964A675D8F5}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{A7DE0718-7B21-4660-8423-CEE9C761F373}" = lport=138 | protocol=17 | dir=in | app=system | 
"{D2E24CC3-0F71-4878-89E4-349FE8E0A147}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{D8C3AA8C-09A2-45D0-B1E9-B7E04EFBBF76}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{DDCADAC4-0F95-408E-93AD-8FC3DA04BEEB}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{F3230176-AEAF-4AC9-AEEA-4DFEBC410555}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1509EC91-7AEA-49A5-9CA6-EAA36FED3CC8}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{3E76D0C9-7ED6-452D-9D14-CD9EB2D25E6C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{3F6FF9AD-9363-447D-B64F-A9CE7637460B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{43DC0715-361D-405F-A2F3-74D016F5FDE2}" = protocol=17 | dir=in | app=d:\spiele\battlefield 2\bf2.exe | 
"{568A0BB7-6A55-47F8-9381-12B38AB9AAA1}" = protocol=17 | dir=in | app=d:\programme\itunes\itunes.exe | 
"{5A7A26B7-2412-4D07-A7FA-307E8F4C3E87}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{5D685FBE-C3A5-4AB4-8F5E-2CCEA59BEB24}" = protocol=6 | dir=in | app=c:\windows\system32\zonelabs\vsmon.exe | 
"{614B2D97-9996-4984-B373-ED5EB9102AF6}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{6A95469A-9D87-418A-A009-1ED22FB149C5}" = protocol=17 | dir=in | app=c:\windows\system32\zonelabs\vsmon.exe | 
"{6C52C8A4-0BA0-4389-8200-C436CC968A93}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{9676386B-5CE6-4F77-82A3-1F02D38C42B7}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{A355AF54-0BAE-4C31-9C95-A8B086A9D34A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{A4C1F432-171F-4E5A-B04D-45D892D77295}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{AA87325A-5BAA-4DEF-AA19-25DBDA187E24}" = protocol=6 | dir=in | app=d:\programme\itunes\itunes.exe | 
"{BB3C5C08-2F6F-438B-9928-D0043CC4B075}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 
"{BD481684-AEE0-4913-982B-C76BBDA58AD6}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{BEA4B884-5019-4E3C-9A60-BAA7A08E658B}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{C19E15FA-7202-47DE-9E0F-6BB4215A7DF7}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{CD2958F3-CFC4-41B7-B1B5-F408497BC01D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{F6BD49AC-B3B1-40E8-AB1C-A9A0591158C7}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{FC0A7C1E-8B6B-46BD-99B5-1A6AEC9D547F}" = protocol=6 | dir=in | app=d:\spiele\battlefield 2\bf2.exe | 
"TCP Query User{7CD1CBBE-92DA-47FF-B55C-EC79F7C9E084}D:\programme\trillian\trillian.exe" = protocol=6 | dir=in | app=d:\programme\trillian\trillian.exe | 
"TCP Query User{E33A430C-BD43-4F39-B93A-050314C08678}D:\programme\trillian\trillian.exe" = protocol=6 | dir=in | app=d:\programme\trillian\trillian.exe | 
"UDP Query User{1FFF755F-61BF-4542-BDF3-E22336D288C5}D:\programme\trillian\trillian.exe" = protocol=17 | dir=in | app=d:\programme\trillian\trillian.exe | 
"UDP Query User{4B20CD44-1367-4710-8BAD-F5C49D5D848E}D:\programme\trillian\trillian.exe" = protocol=17 | dir=in | app=d:\programme\trillian\trillian.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2(TM)
"{048C2A63-942E-A6E5-5245-9D7E6D2A3E4D}" = Catalyst Control Center Graphics Previews Vista
"{0658FB83-A726-2F36-9155-2DAC3333922E}" = ccc-core-static
"{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"{0711500B-9912-4D60-9A49-C577B4503D42}" = Nero Recode Help
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis
"{07FF7593-9DEA-40B5-9F87-F557E65BBF60}" = Nero Recode
"{1122AAC4-AAAA-43BF-B2D4-3C8C12378952}" = Nero InfoTool
"{11A84FCA-C3C7-4AFD-A797-111DB8569DBC}" = Nero BurningROM
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1B040683-C390-4711-ABC7-DA8D85E470E7}" = NeroBurningROM
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22A2D768-5724-0A73-D929-4F339DBF390C}" = Catalyst Control Center Graphics Full New
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{25B473C3-2C62-482B-858F-94ED76880F79}" = Patrizier IV
"{25EB984E-83B7-C01C-E6F0-B78181C963DC}" = Catalyst Control Center Graphics Light
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 24
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{2D3455A8-3B15-41A8-99F8-0D4215746463}" = Nero StartSmart
"{3097B151-1F61-4211-A4CC-D70127B226AE}" = SoundTrax
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3F30CC51-0788-487B-AA83-7214A239C0C0}" = Nero Disc Copy Gadget Help
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{45235788-142C-44BE-8A4D-DDE9A84492E5}" = AGEIA PhysX v7.09.13
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D42353B-533F-4306-AD0B-7FEF292ADE04}" = Nero CoverDesigner Help
"{4E8C27C2-D727-4C00-A90E-C3F6376EEE70}" = Nero ControlCenter
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{548F99E0-14CC-4D53-A7D6-4A62A5F2C748}" = Nero PhotoSnap
"{56BE5CC9-95E6-4128-ABEA-968414CA9C80}" = DolbyFiles
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5AE12194-3EAA-40DF-B2BF-FE1D6B78BBF4}" = Nero Vision
"{5C2E8A0F-80E2-4C68-8CC0-D8D16E7196BF}" = Nero RescueAgent Help
"{5C42EAB8-54F9-423A-948C-1CBEF25F8DB4}" = Nero PhotoSnap Help
"{5C964F1B-389F-ED38-03E6-394727760B5B}" = Catalyst Control Center Core Implementation
"{5DC36978-AB9A-4A23-9C12-D90D2BB781B7}" = AVM FRITZ!Fernzugang
"{667F89E4-7A9B-52C0-3102-B6083FFE8C10}" = Skins
"{6926FA8A-F7D3-56A9-DFC7-CB2D5A2FD222}" = Catalyst Control Center Localization German
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}" = Battlefield 1942
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6D9B9CF3-1E9C-45B6-B41E-5CF568605556}" = SPSS 15.0 für Windows [Auswertung Version]
"{75321954-2589-11DC-DDCC-E98356D81493}" = Nero DriveSpeed
"{753973C4-B961-43BF-B2D4-3C8C92F7216E}" = Nero DriveSpeed
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{78523651-D8B1-11DC-CCEE-741589645873}" = Nero DiscSpeed
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87AD4B3B-D0D7-5EA4-17DE-6357EAC6DF05}" = CCC Help German
"{895722FE-25FE-4854-95AC-B0C42F9DBEDA}" = REALTEK RTL8187B Wireless LAN Driver
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8C654BD0-1949-43DE-84F2-EC2A1ABB0CB4}" = Nero ShowTime
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{943CC0C0-2253-4FE0-9493-DD386F7857FD}" = Nero Express
"{948FFAAE-C57F-447B-9B07-3721E950BFDC}" = Nero ShowTime
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-00AF-0409-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{961D53EA-40DC-4156-AD74-25684CE05F81}" = Nero Installer
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A875B56-A35C-46BA-A3AA-DF8D03EE9F2F}" = Nero ControlCenter
"{9F3523F8-DAD7-AE52-6DA7-45CDDDF33726}" = Advertising Center
"{A10D9B03-AABB-47D7-8A30-2FEA97E70BC7}" = Quake Live Mozilla Plugin
"{A73BEC3C-40A0-480E-87EF-EFCD33629088}" = NeroExpress
"{A8399F58-234A-48C6-BA55-30C15738BF3C}" = Nero CoverDesigner
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}" = Join Air
"{AAA12554-2589-11DC-92EF-E98356D81493}" = Nero InfoTool
"{AABBCC54-D8B1-11DC-92EF-E98356D81493}" = Nero DiscSpeed
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{ae3264d7-3729-46c0-b592-f0ee0c9cc473}" = Nero 9
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}" = Cisco Systems VPN Client 5.0.07.0290
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2C12C8D-65DC-40BD-B309-5ADB0C6C8D8F}" = Nero WaveEditor
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B96C2601-52F5-4D5D-816A-63469EA311EF}" = "Nero SoundTrax Help
"{BCD82AB5-670D-4242-90FA-1F97103C16CD}" = Movie Templates - Starter Kit
"{C99C89A3-119A-45E6-B26E-DD5643CAA0C5}" = Menu Templates - Starter Kit
"{CA45B622-88F9-4836-A529-DBF14698498D}" = Catalyst Control Center - Branding
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CD1826A5-CFCC-4C6E-9F9D-E181876162EA}" = Nero Rescue Agent
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF75B301-CBCA-4DA0-5518-F4DAF220068D}" = ATI Catalyst Install Manager
"{D0846526-66DD-4DC9-A02C-98F9A2806812}" = Launch Manager V1.5.3
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{D7C206B6-1A63-4389-A8B1-8F607D0BFF1F}" = Nero StartSmart Help
"{DF71EB8A-6E59-4249-BCB8-38EC406E4353}" = CIB pdf brewer
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E4A8DD87-A746-4443-BF25-CAF99CED6767}" = Nero Disc Copy Gadget
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{E86156E5-9859-440D-8876-26CED1349802}" = Nero WaveEditor Help
"{EB646E31-C735-3D69-CB5E-4BEAE93AC5C5}" = Catalyst Control Center Graphics Full Existing
"{ECE4460A-037D-6ADC-F146-644A2299A356}" = ccc-utility
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F53F6769-AC46-49E3-ABE3-2C8AFD39D0DD}" = Nero Vision
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DVDFab 6_is1" = DVDFab 6.0.4.0 (28/07/2009)
"EAX Unified" = EAX Unified
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8
"GameSpy Arcade" = GameSpy Arcade
"Guitar Pro 5_is1" = Guitar Pro 5.0
"HijackThis" = HijackThis 2.0.2
"HL2UE_6500_is1" = Half-Life 2 Ultimate Edition (build 6500)
"InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"IrfanView" = IrfanView (remove only)
"JPGCOMPRESS" = JPGCOMPRESS Version 1.0
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 1.01
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Moorhuhnjagd" = Moorhuhnjagd
"Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7)
"Patrizier II Gold_is1" = Patrizier II Gold
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"PunkBusterSvc" = PunkBuster Services
"SumatraPDF" = SumatraPDF
"Transcribe!_is1" = Transcribe! 7.20
"Trillian" = Trillian
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.1.5
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 15.04.2011 13:13:39 | Computer Name = Stewen-PC | Source = EventSystem | ID = 4621
Description = 
 
Error - 15.04.2011 13:25:06 | Computer Name = Stewen-PC | Source = ESENT | ID = 215
Description = WinMail (3924) WindowsMail0: Die Sicherung wurde abgebrochen, weil
 sie vom Client angehalten wurde, oder weil die Verbindung mit dem Client unterbrochen
 wurde.
 
Error - 15.04.2011 16:34:58 | Computer Name = Stewen-PC | Source = EventSystem | ID = 4621
Description = 
 
Error - 15.04.2011 16:50:43 | Computer Name = Stewen-PC | Source = EventSystem | ID = 4621
Description = 
 
Error - 15.04.2011 19:11:57 | Computer Name = Stewen-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Transcribe.exe, Version 0.7.0.20, Zeitstempel
 0x425f8116, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
 Ausnahmecode 0xc0000005, Fehleroffset 0x6048be79,  Prozess-ID 0x177c, Anwendungsstartzeit
 01cbfbbddd61061b.
 
Error - 19.04.2011 11:22:19 | Computer Name = Stewen-PC | Source = EventSystem | ID = 4621
Description = 
 
Error - 19.04.2011 15:19:44 | Computer Name = Stewen-PC | Source = EventSystem | ID = 4621
Description = 
 
Error - 19.04.2011 16:51:35 | Computer Name = Stewen-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Skype.exe, Version 5.1.0.104, Zeitstempel 0x4d21d204,
 fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode
 0xe0fafafa, Fehleroffset 0x00000000,  Prozess-ID 0x1780, Anwendungsstartzeit 01cbfec8c933c2d9.
 
Error - 19.04.2011 16:51:45 | Computer Name = Stewen-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Skype.exe, Version 5.1.0.104, Zeitstempel 0x4d21d204,
 fehlerhaftes Modul Skype.exe, Version 5.1.0.104, Zeitstempel 0x4d21d204, Ausnahmecode
 0x40000015, Fehleroffset 0x00a2209c,  Prozess-ID 0x1780, Anwendungsstartzeit 01cbfec8c933c2d9.
 
Error - 19.04.2011 18:57:12 | Computer Name = Stewen-PC | Source = EventSystem | ID = 4621
Description = 
 
[ OSession Events ]
Error - 08.12.2010 09:51:42 | Computer Name = Stewen-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application 
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session 
lasted 3499 seconds with 1980 seconds of active time.  This session ended with a
 crash.
 
Error - 08.12.2010 09:51:51 | Computer Name = Stewen-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 704
 seconds with 360 seconds of active time.  This session ended with a crash.
 
Error - 12.12.2010 11:30:44 | Computer Name = Stewen-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 845
 seconds with 600 seconds of active time.  This session ended with a crash.
 
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >
         
--- --- ---

Alt 20.04.2011, 18:37   #9
Hemd
 
tr/crypt.zpack.gen2 - Standard

tr/crypt.zpack.gen2



OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 20.04.2011 18:30:19 - Run 2
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\Stewen\Documents\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 55,00% Memory free
6,00 Gb Paging File | 4,00 Gb Available in Paging File | 75,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116,21 Gb Total Space | 55,87 Gb Free Space | 48,07% Space Free | Partition Type: NTFS
Drive D: | 116,67 Gb Total Space | 12,03 Gb Free Space | 10,31% Space Free | Partition Type: NTFS
Drive E: | 6,71 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: STEWEN-PC | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Stewen\Documents\Desktop\OTL.exe (OldTimer Tools)
PRC - D:\Programme\FireFox\plugin-container.exe (Mozilla Corporation)
PRC - D:\Programme\FireFox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - D:\Programme\Trillian\trillian.exe (Cerulean Studios)
PRC - C:\Programme\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation)
PRC - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Launch Manager\HotkeyApp.exe (Wistron)
PRC - C:\Programme\Launch Manager\WisKeyState.exe (Wistron Corp.)
PRC - C:\Programme\Launch Manager\OSD.exe (Wistron Corp.)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Mail\WinMail.exe (Microsoft Corporation)
PRC - C:\Programme\Launch Manager\WisLMSvc.exe (Wistron Corp.)
PRC - C:\Programme\Launch Manager\OSDCtrl.exe ()
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Stewen\Documents\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (nwtsrv) -- C:\Program Files\FRITZ!Fernzugang\nwtsrv.exe (AVM Berlin)
SRV - (certsrv) -- C:\Program Files\FRITZ!Fernzugang\certsrv.exe (AVM Berlin)
SRV - (avmike) -- C:\Program Files\FRITZ!Fernzugang\avmike.exe (AVM Berlin)
SRV - (getPlusHelper) getPlus(R) -- C:\Programme\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (CVPND) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WisLMSvc) -- C:\Program Files\Launch Manager\WisLMSvc.exe (Wistron Corp.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek                                            )
DRV - (PnkBstrK) -- C:\Windows\System32\drivers\PnkBstrK.sys ()
DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (acedrv11) -- C:\Windows\System32\drivers\acedrv11.sys (Protect Software GmbH)
DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (nvstor32) -- C:\Windows\system32\drivers\nvstor32.sys (NVIDIA Corporation)
DRV - (nvrd32) -- C:\Windows\system32\drivers\nvrd32.sys (NVIDIA Corporation)
DRV - (ahcix86s) -- C:\Windows\system32\drivers\ahcix86s.sys (AMD Technologies Inc.)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (JRAID) -- C:\Windows\system32\drivers\jraid.sys (JMicron Technology Corp.)
DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.)
DRV - (AtiPcie) ATI PCI Express (3GIO) -- C:\Windows\system32\DRIVERS\AtiPcie.sys (ATI Technologies Inc.)
DRV - (Hotkey) -- C:\Windows\System32\drivers\HOTKEY.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2613550
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultthis.engineName: "ZoneAlarm-Sicherheit Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2613550&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "ZoneAlarm-Sicherheit Customized Web Search"
FF - prefs.js..browser.startup.homepage: "hxxp://search.conduit.com/?ctid=CT2613550&SearchSource=13"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: D:\Programme\FireFox\components [2011.04.19 21:12:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: D:\Programme\FireFox\plugins [2011.04.19 21:12:21 | 000,000,000 | ---D | M]
 
[2010.08.03 23:34:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Extensions
[2011.03.29 23:01:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\g3zy0f3f.default\extensions
[2011.03.06 12:03:24 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\g3zy0f3f.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.09.14 22:06:11 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\g3zy0f3f.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.03.06 12:03:12 | 000,000,000 | ---D | M] (ZoneAlarm-Sicherheit Toolbar) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\g3zy0f3f.default\extensions\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}
[2011.01.17 15:41:40 | 000,000,943 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g3zy0f3f.default\searchplugins\conduit.xml
[2009.04.16 22:02:19 | 000,000,000 | ---D | M] (Java Console) -- D:\PROGRAMME\FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2010.07.24 08:22:32 | 000,000,000 | ---D | M] (Java Console) -- D:\PROGRAMME\FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.11.06 03:20:55 | 000,000,000 | ---D | M] (Java Console) -- D:\PROGRAMME\FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CheckPoint Cleanup] C:\Users\Admin\AppData\Local\Temp\cpes_clean_launcher.exe ()
O4 - HKLM..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron)
O4 - HKLM..\Run: [LMgrOSD] C:\Program Files\Launch Manager\OSDCtrl.exe ()
O4 - HKLM..\Run: [LMgrVolOSD] C:\Program Files\Launch Manager\OSD.exe (Wistron Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WisKeyState] C:\Program Files\Launch Manager\WisKeyState.exe (Wistron Corp.)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] D:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.04.19 21:44:03 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.04.19 21:44:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.04.19 21:43:58 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.04.19 21:11:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011.04.19 21:10:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2011.04.19 21:06:50 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Apple
[2011.04.19 21:06:45 | 000,000,000 | ---D | C] -- C:\Programme\Apple Software Update
[2011.04.19 20:14:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011.04.19 20:14:43 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Java
[2011.04.19 20:12:20 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011.04.19 20:12:20 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011.04.19 20:12:20 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011.04.19 17:21:52 | 000,000,000 | ---D | C] -- C:\ProgramData\ZA_PreservedFiles
[2011.04.17 17:36:38 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft
[2011.04.17 17:36:21 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2011.04.17 17:36:13 | 000,000,000 | ---D | C] -- C:\Programme\Windows Live SkyDrive
[2011.04.17 17:04:01 | 000,000,000 | -HSD | C] -- C:\Programme\Common Files\WindowsLiveInstaller
[2011.04.17 17:03:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
[2011.04.17 17:03:50 | 000,000,000 | ---D | C] -- C:\Programme\Windows Live
[2011.04.17 17:03:18 | 000,000,000 | ---D | C] -- C:\ProgramData\WLInstaller
[2011.04.15 21:18:40 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\skypePM
[2011.04.15 19:26:45 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Avira
[2011.04.15 18:19:44 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011.04.15 18:19:43 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011.04.15 18:19:40 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2011.04.15 18:19:39 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2011.04.15 18:19:35 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2011.04.15 18:19:28 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011.04.15 18:19:28 | 000,471,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011.04.15 18:19:28 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011.04.15 18:19:28 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011.04.15 18:19:28 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2011.04.15 18:19:27 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011.04.15 18:19:22 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011.04.15 18:19:21 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011.04.15 18:19:20 | 000,512,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011.04.14 22:08:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco Systems VPN Client
[2011.04.14 22:08:41 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Deterministic Networks
[2011.04.14 22:08:35 | 000,000,000 | ---D | C] -- C:\Programme\Cisco Systems
[2011.04.11 21:22:48 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Windows Live
[2011.04.04 01:31:20 | 000,714,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
[2011.04.04 01:31:16 | 001,696,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2011.04.04 01:31:15 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2011.04.04 01:31:14 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2011.04.04 01:30:50 | 000,310,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unregmp2.exe
[2011.04.04 01:29:57 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2011.04.04 01:29:57 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2011.04.04 01:29:57 | 001,029,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2011.04.04 01:29:57 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2011.04.04 01:29:57 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2011.04.04 01:29:56 | 000,486,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2011.04.04 01:29:56 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2011.04.04 01:29:56 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2011.04.04 01:29:56 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2011.04.01 14:13:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Tunngle
[2011.04.01 13:30:51 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2011.04.01 13:30:51 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2011.04.01 13:30:48 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2011.04.01 13:21:03 | 000,000,000 | ---D | C] -- C:\Windows\System32\SPReview
[2011.04.01 13:06:10 | 000,928,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scavenge.dll
[2011.04.01 13:05:58 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\compcln.exe
[2011.04.01 13:05:11 | 000,476,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2011.04.01 13:05:11 | 000,472,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2011.04.01 13:05:11 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdohlp.dll
[2011.04.01 13:05:11 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2011.04.01 13:05:11 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2011.04.01 13:05:10 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2011.04.01 13:05:10 | 000,518,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2011.04.01 13:05:10 | 000,466,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\riched20.dll
[2011.04.01 13:05:10 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2011.04.01 13:05:10 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2011.04.01 13:05:10 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rpchttp.dll
[2011.04.01 13:05:10 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rmcast.sys
[2011.04.01 13:05:10 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtffilt.dll
[2011.04.01 13:05:10 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\RNDISMP.sys
[2011.04.01 13:05:09 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scansetting.dll
[2011.04.01 13:05:08 | 000,483,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\samsrv.dll
[2011.04.01 13:05:08 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scksp.dll
[2011.04.01 13:05:07 | 000,306,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scesrv.dll
[2011.04.01 13:05:07 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scrobj.dll
[2011.04.01 13:05:07 | 000,177,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scecli.dll
[2011.04.01 13:05:05 | 000,242,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pdh.dll
[2011.04.01 13:05:04 | 001,823,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pnidui.dll
[2011.04.01 13:05:04 | 001,248,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PerfCenterCPL.dll
[2011.04.01 13:05:04 | 000,542,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pnpui.dll
[2011.04.01 13:05:04 | 000,464,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pcaui.dll
[2011.04.01 13:05:04 | 000,327,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\P2PGraph.dll
[2011.04.01 13:05:04 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
[2011.04.01 13:05:04 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\phon.ime
[2011.04.01 13:05:04 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PNPXAssoc.dll
[2011.04.01 13:05:04 | 000,058,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PnPUnattend.exe
[2011.04.01 13:05:04 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PnPutil.exe
[2011.04.01 13:05:04 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\perfdisk.dll
[2011.04.01 13:05:03 | 001,107,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pidgenx.dll
[2011.04.01 13:05:03 | 000,723,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\powercpl.dll
[2011.04.01 13:05:03 | 000,704,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoScreensaver.scr
[2011.04.01 13:05:03 | 000,425,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
[2011.04.01 13:05:03 | 000,181,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pnpsetup.dll
[2011.04.01 13:05:03 | 000,167,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\portcls.sys
[2011.04.01 13:05:03 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceTypes.dll
[2011.04.01 13:05:03 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PkgMgr.exe
[2011.04.01 13:05:03 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceClassExtension.dll
[2011.04.01 13:05:02 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pintlgnt.ime
[2011.04.01 13:05:02 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nslookup.exe
[2011.04.01 13:05:01 | 002,644,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0009.dll
[2011.04.01 13:05:00 | 012,240,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0007.dll
[2011.04.01 13:05:00 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\offfilt.dll
[2011.04.01 13:05:00 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nlhtml.dll
[2011.04.01 13:05:00 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccp32.dll
[2011.04.01 13:04:59 | 002,153,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oobefldr.dll
[2011.04.01 13:04:59 | 001,541,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\onex.dll
[2011.04.01 13:04:59 | 000,182,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\osk.exe
[2011.04.01 13:04:59 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleprn.dll
[2011.04.01 13:04:59 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbcconf.dll
[2011.04.01 13:04:58 | 000,825,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasdlg.dll
[2011.04.01 13:04:58 | 000,642,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasgcw.dll
[2011.04.01 13:04:58 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasplap.dll
[2011.04.01 13:04:58 | 000,286,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasapi32.dll
[2011.04.01 13:04:58 | 000,281,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\raschap.dll
[2011.04.01 13:04:58 | 000,259,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasppp.dll
[2011.04.01 13:04:58 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntprint.dll
[2011.04.01 13:04:58 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasmontr.dll
[2011.04.01 13:04:58 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rastapi.dll
[2011.04.01 13:04:58 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasdiag.dll
[2011.04.01 13:04:58 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ocsetup.exe
[2011.04.01 13:04:58 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasdial.exe
[2011.04.01 13:04:57 | 001,381,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Query.dll
[2011.04.01 13:04:57 | 000,880,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RacEngn.dll
[2011.04.01 13:04:57 | 000,505,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qedit.dll
[2011.04.01 13:04:57 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quick.ime
[2011.04.01 13:04:57 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qintlgnt.ime
[2011.04.01 13:04:56 | 000,779,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationNative_v0300.dll
[2011.04.01 13:04:56 | 000,612,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpencom.dll
[2011.04.01 13:04:56 | 000,340,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RelMon.dll
[2011.04.01 13:04:56 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationSettings.exe
[2011.04.01 13:04:56 | 000,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpwsx.dll
[2011.04.01 13:04:56 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\regapi.dll
[2011.04.01 13:04:56 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\reg.exe
[2011.04.01 13:04:56 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rekeywiz.exe
[2011.04.01 13:04:55 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2011.04.01 13:04:55 | 000,551,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prnntfy.dll
[2011.04.01 13:04:55 | 000,102,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2011.04.01 13:04:55 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\powrprof.dll
[2011.04.01 13:04:55 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2011.04.01 13:04:54 | 000,497,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
[2011.04.01 13:04:54 | 000,166,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\puiapi.dll
[2011.04.01 13:04:53 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2011.04.01 13:04:53 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2011.04.01 13:04:53 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\propdefs.dll
[2011.04.01 13:04:53 | 000,050,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PSHED.DLL
[2011.04.01 13:04:49 | 000,627,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sethc.exe
[2011.04.01 13:04:43 | 000,187,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eapp3hst.dll
[2011.04.01 13:04:43 | 000,183,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eapphost.dll
[2011.04.01 13:04:43 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eappcfg.dll
[2011.04.01 13:04:43 | 000,120,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EhStorAPI.dll
[2011.04.01 13:04:43 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eappgnui.dll
[2011.04.01 13:04:42 | 002,926,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2011.04.01 13:04:42 | 001,459,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\esent.dll
[2011.04.01 13:04:42 | 000,485,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\evr.dll
[2011.04.01 13:04:42 | 000,444,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dsound.dll
[2011.04.01 13:04:42 | 000,205,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eudcedit.exe
[2011.04.01 13:04:42 | 000,137,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dsprop.dll
[2011.04.01 13:04:42 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxg.sys
[2011.04.01 13:04:42 | 000,027,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Dumpata.sys
[2011.04.01 13:04:42 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ExplorerFrame.dll
[2011.04.01 13:04:41 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EhStorPwdMgr.dll
[2011.04.01 13:04:41 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\f3ahvoas.dll
[2011.04.01 13:04:40 | 001,078,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diagperf.dll
[2011.04.01 13:04:40 | 000,230,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diskraid.exe
[2011.04.01 13:04:40 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc6.dll
[2011.04.01 13:04:40 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diskpart.exe
[2011.04.01 13:04:40 | 000,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dimsroam.dll
[2011.04.01 13:04:40 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Diskdump.sys
[2011.04.01 13:04:39 | 000,378,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\devmgr.dll
[2011.04.01 13:04:38 | 000,978,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drmv2clt.dll
[2011.04.01 13:04:38 | 000,407,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpapimig.exe
[2011.04.01 13:04:38 | 000,284,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drmmgrtn.dll
[2011.04.01 13:04:38 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drvstore.dll
[2011.04.01 13:04:38 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drvinst.exe
[2011.04.01 13:04:38 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dmsynth.dll
[2011.04.01 13:04:38 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dmusic.dll
[2011.04.01 13:04:38 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3msm.dll
[2011.04.01 13:04:38 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3cfg.dll
[2011.04.01 13:04:37 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hbaapi.dll
[2011.04.01 13:04:36 | 000,128,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpresult.exe
[2011.04.01 13:04:36 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iashlpr.dll
[2011.04.01 13:04:36 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasacct.dll
[2011.04.01 13:04:36 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasads.dll
[2011.04.01 13:04:36 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasdatastore.dll
[2011.04.01 13:04:36 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpupdate.exe
[2011.04.01 13:04:35 | 000,463,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IasMigReader.exe
[2011.04.01 13:04:35 | 000,454,144 | ---- | C] (Microsoft) -- C:\Windows\System32\IasMigPlugin.dll
[2011.04.01 13:04:35 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasnap.dll
[2011.04.01 13:04:34 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hdwwiz.exe
[2011.04.01 13:04:34 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidclass.sys
[2011.04.01 13:04:33 | 000,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Faultrep.dll
[2011.04.01 13:04:33 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdWCN.dll
[2011.04.01 13:04:33 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\findstr.exe
[2011.04.01 13:04:33 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fc.exe
[2011.04.01 13:04:32 | 000,088,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdBth.dll
[2011.04.01 13:04:32 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpapi.dll
[2011.04.01 13:04:32 | 000,068,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdSSDP.dll
[2011.04.01 13:04:32 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdWSD.dll
[2011.04.01 13:04:32 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\feclient.dll
[2011.04.01 13:04:32 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdeploy.dll
[2011.04.01 13:04:32 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdProxy.dll
[2011.04.01 13:04:32 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdBthProxy.dll
[2011.04.01 13:04:31 | 002,134,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FunctionDiscoveryFolder.dll
[2011.04.01 13:04:31 | 000,950,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpedit.dll
[2011.04.01 13:04:31 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fsquirt.exe
[2011.04.01 13:04:31 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fundisc.dll
[2011.04.01 13:04:31 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ftp.exe
[2011.04.01 13:04:31 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FwRemoteSvr.dll
[2011.04.01 13:04:30 | 001,985,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
[2011.04.01 13:04:30 | 000,595,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FWPUCLNT.DLL
[2011.04.01 13:04:30 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AudioSes.dll
[2011.04.01 13:04:30 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuxiliaryDisplayServices.dll
[2011.04.01 13:04:30 | 000,099,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS
[2011.04.01 13:04:30 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
[2011.04.01 13:04:29 | 001,216,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuxiliaryDisplayCpl.dll
[2011.04.01 13:04:29 | 000,656,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autoconv.exe
[2011.04.01 13:04:29 | 000,636,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autofmt.exe
[2011.04.01 13:04:29 | 000,516,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autoplay.dll
[2011.04.01 13:04:29 | 000,115,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuxiliaryDisplayDriverLib.dll
[2011.04.01 13:04:28 | 001,342,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\brcpl.dll
[2011.04.01 13:04:27 | 000,757,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\azroles.dll
[2011.04.01 13:04:27 | 000,542,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\blackbox.dll
[2011.04.01 13:04:27 | 000,274,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bcrypt.dll
[2011.04.01 13:04:27 | 000,130,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\basecsp.dll
[2011.04.01 13:04:27 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bthci.dll
[2011.04.01 13:04:27 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bitsigd.dll
[2011.04.01 13:04:26 | 002,515,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\accessibilitycpl.dll
[2011.04.01 13:04:24 | 001,730,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\apds.dll
[2011.04.01 13:04:24 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adsmsext.dll
[2011.04.01 13:04:23 | 001,209,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\comsvcs.dll
[2011.04.01 13:04:23 | 000,617,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adtschema.dll
[2011.04.01 13:04:23 | 000,199,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adsldpc.dll
[2011.04.01 13:04:22 | 001,645,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\connect.dll
[2011.04.01 13:04:22 | 000,593,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\comuid.dll
[2011.04.01 13:04:22 | 000,481,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmdial32.dll
[2011.04.01 13:04:22 | 000,178,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\credui.dll
[2011.04.01 13:04:22 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
[2011.04.01 13:04:22 | 000,035,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\crashdmp.sys
[2011.04.01 13:04:21 | 001,856,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dbgeng.dll
[2011.04.01 13:04:21 | 001,788,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d9.dll
[2011.04.01 13:04:21 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DevicePairing.dll
[2011.04.01 13:04:21 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DevicePairingWizard.exe
[2011.04.01 13:04:21 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\davclnt.dll
[2011.04.01 13:04:21 | 000,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DevicePairingProxy.dll
[2011.04.01 13:04:21 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmmon32.exe
[2011.04.01 13:04:21 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dataclen.dll
[2011.04.01 13:04:21 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DeviceEject.exe
[2011.04.01 13:04:20 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscript.exe
[2011.04.01 13:04:20 | 000,046,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrstub.exe
[2011.04.01 13:04:19 | 001,502,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certmgr.dll
[2011.04.01 13:04:19 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2011.04.01 13:04:18 | 001,112,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertEnroll.dll
[2011.04.01 13:04:18 | 000,640,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bthprops.cpl
[2011.04.01 13:04:18 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertEnrollUI.dll
[2011.04.01 13:04:18 | 000,323,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certcli.dll
[2011.04.01 13:04:18 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bthudtask.exe
[2011.04.01 13:04:17 | 000,614,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ci.dll
[2011.04.01 13:04:17 | 000,125,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Classpnp.sys
[2011.04.01 13:04:17 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cintlgnt.ime
[2011.04.01 13:04:17 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cbsra.exe
[2011.04.01 13:04:16 | 006,103,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chtbrkr.dll
[2011.04.01 13:04:16 | 001,671,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chsbrkr.dll
[2011.04.01 13:04:16 | 000,215,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certreq.exe
[2011.04.01 13:04:16 | 000,058,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cipher.exe
[2011.04.01 13:04:16 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CHxReadingStringIME.dll
[2011.04.01 13:04:15 | 001,053,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtctm.dll
[2011.04.01 13:04:15 | 000,799,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certutil.exe
[2011.04.01 13:04:15 | 000,564,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msftedit.dll
[2011.04.01 13:04:15 | 000,409,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msexch40.dll
[2011.04.01 13:04:15 | 000,339,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msexcl40.dll
[2011.04.01 13:04:15 | 000,332,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msihnd.dll
[2011.04.01 13:04:15 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chajei.ime
[2011.04.01 13:04:15 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011.04.01 13:04:13 | 000,560,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtcprx.dll
[2011.04.01 13:04:13 | 000,332,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll
[2011.04.01 13:04:13 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msctfui.dll
[2011.04.01 13:04:13 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsCtfMonitor.dll
[2011.04.01 13:04:13 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msimsg.dll
[2011.04.01 13:04:12 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mprapi.dll
[2011.04.01 13:04:11 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\modemui.dll
[2011.04.01 13:04:11 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MMDevAPI.dll
[2011.04.01 13:04:10 | 000,391,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscms.dll
[2011.04.01 13:04:10 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscandui.dll
[2011.04.01 13:04:10 | 000,155,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscorier.dll
[2011.04.01 13:04:10 | 000,080,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscories.dll
[2011.04.01 13:04:08 | 002,225,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcenter.dll
[2011.04.01 13:04:08 | 001,086,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NetProjW.dll
[2011.04.01 13:04:08 | 000,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncryptui.dll
[2011.04.01 13:04:08 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2011.04.01 13:04:07 | 000,592,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netlogon.dll
[2011.04.01 13:04:07 | 000,310,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mtxclu.dll
[2011.04.01 13:04:07 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NcdProp.dll
[2011.04.01 13:04:06 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NaturalLanguage6.dll
[2011.04.01 13:04:05 | 003,072,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\networkmap.dll
[2011.04.01 13:04:05 | 000,469,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\newdev.dll
[2011.04.01 13:04:05 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2011.04.01 13:04:05 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\newdev.exe
[2011.04.01 13:04:05 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\networkitemfactory.dll
[2011.04.01 13:04:04 | 000,643,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrepl40.dll
[2011.04.01 13:04:04 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSMPEG2VDEC.DLL
[2011.04.01 13:04:04 | 000,368,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mspbde40.dll
[2011.04.01 13:04:04 | 000,344,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrd3x40.dll
[2011.04.01 13:04:04 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrd2x40.dll
[2011.04.01 13:04:04 | 000,241,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msltus40.dll
[2011.04.01 13:04:04 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2011.04.01 13:04:04 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msnetobj.dll
[2011.04.01 13:04:04 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscntrs.dll
[2011.04.01 13:04:04 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscb.dll
[2011.04.01 13:04:04 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msimtf.dll
[2011.04.01 13:04:02 | 000,408,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msinfo32.exe
[2011.04.01 13:04:01 | 001,589,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjet40.dll
[2011.04.01 13:04:01 | 000,290,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjtes40.dll
[2011.04.01 13:04:01 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjter40.dll
[2011.04.01 13:04:01 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjint40.dll
[2011.04.01 13:04:01 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msisip.dll
[2011.04.01 13:04:00 | 000,856,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mswdat10.dll
[2011.04.01 13:04:00 | 000,618,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mswstr10.dll
[2011.04.01 13:04:00 | 000,454,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxbde40.dll
[2011.04.01 13:04:00 | 000,351,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssph.dll
[2011.04.01 13:04:00 | 000,203,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssphtb.dll
[2011.04.01 13:04:00 | 000,163,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msutb.dll
[2011.04.01 13:03:59 | 001,827,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011.04.01 13:03:59 | 001,480,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssrch.dll
[2011.04.01 13:03:59 | 000,670,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssvp.dll
[2011.04.01 13:03:59 | 000,414,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscp.dll
[2011.04.01 13:03:59 | 000,282,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstext40.dll
[2011.04.01 13:03:59 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssitlb.dll
[2011.04.01 13:03:59 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstlsapi.dll
[2011.04.01 13:03:59 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msstrc.dll
[2011.04.01 13:03:59 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssprxy.dll
[2011.04.01 13:03:59 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshooks.dll
[2011.04.01 13:03:58 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imkr80.ime
[2011.04.01 13:03:58 | 000,217,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\InkEd.dll
[2011.04.01 13:03:58 | 000,122,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetpp.dll
[2011.04.01 13:03:58 | 000,099,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardapi.dll
[2011.04.01 13:03:58 | 000,035,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardcpl.cpl
[2011.04.01 13:03:58 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetppui.dll
[2011.04.01 13:03:57 | 000,396,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ipsmsnap.dll
[2011.04.01 13:03:57 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iscsilog.dll
[2011.04.01 13:03:56 | 000,759,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ipsecsnp.dll
[2011.04.01 13:03:56 | 000,200,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\input.dll
[2011.04.01 13:03:56 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IPHLPAPI.DLL
[2011.04.01 13:03:56 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ipconfig.exe
[2011.04.01 13:03:55 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iassvcs.dll
[2011.04.01 13:03:55 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ifmon.dll
[2011.04.01 13:03:54 | 000,619,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe
[2011.04.01 13:03:54 | 000,398,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011.04.01 13:03:54 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iassdo.dll
[2011.04.01 13:03:54 | 000,182,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iassam.dll
[2011.04.01 13:03:54 | 000,158,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrad.dll
[2011.04.01 13:03:54 | 000,119,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrecst.dll
[2011.04.01 13:03:54 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iaspolcy.dll
[2011.04.01 13:03:54 | 000,009,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardres.dll
[2011.04.01 13:03:53 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2011.04.01 13:03:52 | 000,729,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IMJP10K.DLL
[2011.04.01 13:03:51 | 000,883,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IMJP10.IME
[2011.04.01 13:03:49 | 000,378,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imapi2.dll
[2011.04.01 13:03:49 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imapi.dll
[2011.04.01 13:03:47 | 000,677,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imapi2fs.dll
[2011.04.01 13:03:45 | 000,208,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll
[2011.04.01 13:03:43 | 002,167,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmcndmgr.dll
[2011.04.01 13:03:43 | 002,012,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\milcore.dll
[2011.04.01 13:03:43 | 001,792,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmc.exe
[2011.04.01 13:03:43 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmci.dll
[2011.04.01 13:03:43 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mimefilt.dll
[2011.04.01 13:03:43 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmcico.dll
[2011.04.01 13:03:41 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ks.sys
[2011.04.01 13:03:41 | 000,143,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\korwbrkr.dll
[2011.04.01 13:03:41 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Kswdmcap.ax
[2011.04.01 13:03:41 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\l2nacp.dll
[2011.04.01 13:03:41 | 000,017,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kd1394.dll
[2011.04.01 13:03:40 | 000,950,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mblctr.exe
[2011.04.01 13:03:40 | 000,852,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mcmde.dll
[2011.04.01 13:03:40 | 000,438,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mcupdate_GenuineIntel.dll
[2011.04.01 13:03:40 | 000,356,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MediaMetadataHandler.dll
[2011.04.01 13:03:40 | 000,019,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kdusb.dll
[2011.04.01 13:03:40 | 000,017,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kdcom.dll
[2011.04.01 13:03:39 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logagent.exe
[2011.04.01 13:03:39 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logman.exe
[2011.04.01 13:03:38 | 000,710,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Magnify.exe
[2011.04.01 13:03:38 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shsetup.dll
[2011.04.01 13:03:37 | 001,143,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wercon.exe
[2011.04.01 13:03:37 | 001,020,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdc.dll
[2011.04.01 13:03:37 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wer.dll
[2011.04.01 13:03:37 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdscore.dll
[2011.04.01 13:03:36 | 001,524,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsAnytimeUpgradeCPL.dll
[2011.04.01 13:03:36 | 000,347,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2011.04.01 13:03:35 | 000,860,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WerFaultSecure.exe
[2011.04.01 13:03:35 | 000,547,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wiaaut.dll
[2011.04.01 13:03:35 | 000,443,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32spl.dll
[2011.04.01 13:03:35 | 000,250,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtapi.dll
[2011.04.01 13:03:35 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WerFault.exe
[2011.04.01 13:03:35 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtutil.exe
[2011.04.01 13:03:35 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\whealogr.dll
[2011.04.01 13:03:34 | 000,507,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdsdyn.dll
[2011.04.01 13:03:34 | 000,128,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdsutil.dll
[2011.04.01 13:03:34 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdmdbg.dll
[2011.04.01 13:03:33 | 000,638,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Utilman.exe
[2011.04.01 13:03:33 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys
[2011.04.01 13:03:32 | 001,533,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wcnwiz.dll
[2011.04.01 13:03:32 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\usercpl.dll
[2011.04.01 13:03:32 | 000,968,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wcnwiz2.dll
[2011.04.01 13:03:32 | 000,165,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WcnNetsh.dll
[2011.04.01 13:03:32 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\watchdog.sys
[2011.04.01 13:03:30 | 000,291,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WscEapPr.dll
[2011.04.01 13:03:30 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscapi.dll
[2011.04.01 13:03:30 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscisvif.dll
[2011.04.01 13:03:29 | 001,689,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscui.cpl
[2011.04.01 13:03:29 | 001,575,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVENCOD.DLL
[2011.04.01 13:03:29 | 001,382,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVSDECD.DLL
[2011.04.01 13:03:29 | 000,657,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVXENCD.DLL
[2011.04.01 13:03:29 | 000,273,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wow32.dll
[2011.04.01 13:03:29 | 000,223,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscntfy.dll
[2011.04.01 13:03:29 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDMon.dll
[2011.04.01 13:03:29 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsdchngr.dll
[2011.04.01 13:03:28 | 001,580,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpccpl.dll
[2011.04.01 13:03:28 | 000,532,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpcao.dll
[2011.04.01 13:03:28 | 000,140,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wusa.exe
[2011.04.01 13:03:28 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xmlfilter.dll
[2011.04.01 13:03:27 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsepno.dll
[2011.04.01 13:03:26 | 001,671,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanpref.dll
[2011.04.01 13:03:26 | 000,399,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlangpui.dll
[2011.04.01 13:03:26 | 000,202,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanui.dll
[2011.04.01 13:03:26 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshom.ocx
[2011.04.01 13:03:26 | 000,083,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlgpclnt.dll
[2011.04.01 13:03:26 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsnmp32.dll
[2011.04.01 13:03:25 | 003,217,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinSAT.exe
[2011.04.01 13:03:25 | 000,986,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winload.exe
[2011.04.01 13:03:25 | 000,926,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winresume.exe
[2011.04.01 13:03:25 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2011.04.01 13:03:25 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinSCard.dll
[2011.04.01 13:03:24 | 000,996,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMNetMgr.dll
[2011.04.01 13:03:24 | 000,321,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2011.04.01 13:03:23 | 000,303,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpeffects.dll
[2011.04.01 13:03:22 | 000,533,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmdrmsdk.dll
[2011.04.01 13:03:21 | 000,122,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Storport.sys
[2011.04.01 13:03:21 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Storprop.dll
[2011.04.01 13:03:21 | 000,052,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\stream.sys
[2011.04.01 13:03:20 | 001,224,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sud.dll
[2011.04.01 13:03:20 | 000,378,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srcore.dll
[2011.04.01 13:03:19 | 000,301,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srchadmin.dll
[2011.04.01 13:03:18 | 002,205,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SyncCenter.dll
[2011.04.01 13:03:18 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sysclass.dll
[2011.04.01 13:03:17 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sysmon.ocx
[2011.04.01 13:03:17 | 000,134,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SmartcardCredentialProvider.dll
[2011.04.01 13:03:17 | 000,083,456 | ---- | C] (Microsoft) -- C:\Windows\System32\SMBHelperClass.dll
[2011.04.01 13:03:17 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slwmi.dll
[2011.04.01 13:03:16 | 000,777,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slcc.dll
[2011.04.01 13:03:16 | 000,705,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SmiEngine.dll
[2011.04.01 13:03:16 | 000,425,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shwebsvc.dll
[2011.04.01 13:03:16 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLUI.exe
[2011.04.01 13:03:13 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slwga.dll
[2011.04.01 13:03:12 | 001,081,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLCExt.dll
[2011.04.01 13:03:12 | 000,582,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLCommDlg.dll
[2011.04.01 13:03:12 | 000,289,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spinstall.exe
[2011.04.01 13:03:12 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLLUA.exe
[2011.04.01 13:03:12 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spoolss.dll
[2011.04.01 13:03:12 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slcinst.dll
[2011.04.01 13:03:12 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spcmsg.dll
[2011.04.01 13:03:11 | 000,684,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\spsys.sys
[2011.04.01 13:03:11 | 000,524,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sqlsrv32.dll
[2011.04.01 13:03:11 | 000,190,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sperror.dll
[2011.04.01 13:03:11 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwizui.dll
[2011.04.01 13:03:11 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spreview.exe
[2011.04.01 13:03:11 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwinsat.dll
[2011.04.01 13:03:10 | 000,275,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SnippingTool.exe
[2011.04.01 13:03:10 | 000,197,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SndVol.exe
[2011.04.01 13:03:10 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\softkbd.dll
[2011.04.01 13:03:09 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TSTheme.exe
[2011.04.01 13:03:09 | 000,035,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsWpfWrp.exe
[2011.04.01 13:03:07 | 000,324,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\untfs.dll
[2011.04.01 13:03:07 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBCAMD2.sys
[2011.04.01 13:03:07 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBCAMD.sys
[2011.04.01 13:03:07 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usb8023.sys
[2011.04.01 13:03:06 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unimdm.tsp
[2011.04.01 13:03:06 | 000,203,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\uDWM.dll
[2011.04.01 13:03:06 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ulib.dll
[2011.04.01 13:03:05 | 000,842,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\systemcpl.dll
[2011.04.01 13:03:03 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tintlgnt.ime
[2011.04.01 13:03:02 | 001,576,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tquery.dll
[2011.04.01 13:03:02 | 000,170,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tcpipcfg.dll
[2011.04.01 13:03:02 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tcpmon.dll
[2011.04.01 13:03:01 | 001,152,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\themecpl.dll
[2011.04.01 13:03:01 | 000,313,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\thawbrkr.dll
[2011.04.01 12:51:06 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2011.03.29 22:16:19 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\CheckPoint
[2010.06.11 00:28:05 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Admin\AppData\Roaming\pcouffin.sys
[11 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.04.20 18:25:04 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.04.20 18:25:04 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.04.20 17:53:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.04.20 16:25:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.04.20 12:50:12 | 000,621,952 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.04.20 12:50:12 | 000,590,082 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.04.20 12:50:12 | 000,123,852 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.04.20 12:50:12 | 000,102,094 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.04.20 12:49:32 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.04.20 12:43:36 | 2950,742,016 | -HS- | M] () -- C:\hiberfil.sys
[2011.04.20 12:42:32 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011.04.20 11:40:32 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{6B2082CD-3395-4E15-9AF9-67CFF8F30DCC}.job
[2011.04.19 03:29:18 | 000,377,552 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.04.14 22:10:35 | 000,001,594 | ---- | M] () -- C:\Windows\VPNInstall.MIF
[2011.04.05 13:21:40 | 000,000,000 | ---- | M] () -- C:\Windows\System32\Access.dat
[2011.04.04 01:11:10 | 210,442,572 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011.03.24 01:25:50 | 000,137,656 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[11 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.04.19 21:06:47 | 000,001,830 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2011.04.14 22:07:59 | 000,001,594 | ---- | C] () -- C:\Windows\VPNInstall.MIF
[2011.04.01 14:14:43 | 000,000,000 | ---- | C] () -- C:\Windows\System32\Access.dat
[2011.04.01 13:04:59 | 000,392,170 | ---- | C] () -- C:\Windows\System32\onex.tmf
[2011.04.01 13:04:57 | 000,009,212 | ---- | C] () -- C:\Windows\System32\RacUR.xml
[2011.04.01 13:04:57 | 000,000,153 | ---- | C] () -- C:\Windows\System32\RacUREx.xml
[2011.04.01 13:04:43 | 000,344,698 | ---- | C] () -- C:\Windows\System32\eaphost.tmf
[2011.04.01 13:04:41 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011.04.01 13:04:38 | 000,442,788 | ---- | C] () -- C:\Windows\System32\dot3.tmf
[2011.04.01 13:03:41 | 011,967,524 | ---- | C] () -- C:\Windows\System32\korwbrkr.lex
[2011.04.01 13:03:35 | 000,208,966 | ---- | C] () -- C:\Windows\System32\WFP.TMF
[2011.04.01 13:03:20 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011.04.01 13:03:20 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011.04.01 13:03:13 | 000,092,918 | ---- | C] () -- C:\Windows\System32\slmgr.vbs
[2011.04.01 13:03:11 | 000,009,239 | ---- | C] () -- C:\Windows\System32\spcinstrumentation.man
[2011.04.01 13:03:06 | 000,130,008 | ---- | C] () -- C:\Windows\System32\systemsf.ebd
[2010.11.05 15:31:24 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2010.08.03 23:34:58 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.06.16 14:16:21 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2010.06.11 00:28:05 | 000,087,608 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\inst.exe
[2010.06.11 00:28:05 | 000,007,887 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\pcouffin.cat
[2010.06.11 00:28:05 | 000,001,144 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\pcouffin.inf
[2010.06.11 00:05:05 | 000,000,085 | -HS- | C] () -- C:\ProgramData\.zreglib
[2010.03.23 13:26:48 | 000,201,512 | ---- | C] () -- C:\Windows\System32\vpnapi.dll
[2010.03.20 19:09:02 | 002,373,712 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2010.02.02 00:36:09 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009.12.03 09:27:30 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009.09.15 17:23:07 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2009.09.11 23:23:17 | 000,138,504 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2009.06.22 18:16:24 | 000,001,024 | ---- | C] () -- C:\Windows\System32\clauth2.dll
[2009.06.22 18:16:24 | 000,001,024 | ---- | C] () -- C:\Windows\System32\clauth1.dll
[2009.06.22 18:16:24 | 000,000,000 | ---- | C] () -- C:\Windows\System32\ssprs.dll
[2009.06.22 18:16:24 | 000,000,000 | ---- | C] () -- C:\Windows\System32\serauth2.dll
[2009.06.22 18:16:24 | 000,000,000 | ---- | C] () -- C:\Windows\System32\serauth1.dll
[2009.06.22 18:16:24 | 000,000,000 | ---- | C] () -- C:\Windows\System32\nsprs.dll
[2009.06.22 18:13:30 | 000,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.dll
[2009.06.22 18:13:30 | 000,000,205 | ---- | C] () -- C:\Windows\System32\lsprst7.dll
[2009.06.15 23:40:41 | 000,000,829 | ---- | C] () -- C:\Windows\eReg.dat
[2009.05.21 19:13:04 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009.04.17 19:10:58 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2009.03.30 12:53:14 | 000,214,488 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2009.03.30 12:53:02 | 000,075,064 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2009.03.26 17:03:36 | 000,009,867 | ---- | C] () -- C:\Windows\System32\drivers\HOTKEY.sys
[2009.03.26 10:22:48 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2009.03.25 21:38:04 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009.03.11 22:48:08 | 000,621,952 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.03.11 22:48:08 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.03.11 22:48:08 | 000,123,852 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.03.11 22:48:08 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2008.04.08 22:59:54 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008.04.08 22:31:48 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2008.03.06 11:40:54 | 000,168,883 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2008.03.04 20:02:00 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe
[2007.07.23 10:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2007.07.23 10:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2007.07.23 10:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,377,552 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,590,082 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,102,094 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2004.03.02 08:37:18 | 000,155,648 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2004.03.02 08:33:52 | 000,675,840 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2004.01.27 14:13:54 | 000,421,888 | ---- | C] () -- C:\Windows\System32\OpenQuicktimeLib.dll
[2004.01.26 17:15:23 | 000,233,472 | R--- | C] () -- C:\Windows\System32\MafiaSetup.exe
[2004.01.22 20:06:32 | 000,157,696 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2001.09.17 14:20:02 | 000,009,216 | ---- | C] () -- C:\Windows\System32\cpuinf32.dll

< End of report >
         
--- --- ---

Alt 20.04.2011, 18:48   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
tr/crypt.zpack.gen2 - Standard

tr/crypt.zpack.gen2



Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2613550
FF - prefs.js..browser.search.defaultthis.engineName: "ZoneAlarm-Sicherheit Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2613550&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "ZoneAlarm-Sicherheit Customized Web Search"
FF - prefs.js..browser.startup.homepage: "http://search.conduit.com/?ctid=CT2613550&SearchSource=13"
[2011.03.06 12:03:24 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\g3zy0f3f.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.09.14 22:06:11 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\g3zy0f3f.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.03.06 12:03:12 | 000,000,000 | ---D | M] (ZoneAlarm-Sicherheit Toolbar) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\g3zy0f3f.default\extensions\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}
[2011.01.17 15:41:40 | 000,000,943 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g3zy0f3f.default\searchplugins\conduit.xml
[2011.04.19 17:21:52 | 000,000,000 | ---D | C] -- C:\ProgramData\ZA_PreservedFiles
:Commands
[purity]
[resethosts]
[emptytemp]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 20.04.2011, 19:19   #11
Hemd
 
tr/crypt.zpack.gen2 - Standard

tr/crypt.zpack.gen2



musste den Pc nach dem Prozess neustarten. Danach öffnete sich beim Start von OTL dieses Log. Ist jetzt wieder alles gut?

All processes killed
========== OTL ==========
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Prefs.js: "ZoneAlarm-Sicherheit Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2613550&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
Prefs.js: "ZoneAlarm-Sicherheit Customized Web Search" removed from browser.search.selectedEngine
Prefs.js: "hxxp://search.conduit.com/?ctid=CT2613550&SearchSource=13" removed from browser.startup.homepage
C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\g3zy0f3f.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\defaults\preferences folder moved successfully.
C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\g3zy0f3f.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\defaults folder moved successfully.
C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\g3zy0f3f.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\chrome folder moved successfully.
C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\g3zy0f3f.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} folder moved successfully.
C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\g3zy0f3f.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}\chrome folder moved successfully.
C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\g3zy0f3f.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} folder moved successfully.
C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\g3zy0f3f.default\extensions\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}\searchplugin folder moved successfully.
C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\g3zy0f3f.default\extensions\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}\META-INF folder moved successfully.
C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\g3zy0f3f.default\extensions\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}\lib folder moved successfully.
C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\g3zy0f3f.default\extensions\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}\defaults folder moved successfully.
C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\g3zy0f3f.default\extensions\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}\components folder moved successfully.
C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\g3zy0f3f.default\extensions\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}\chrome folder moved successfully.
C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\g3zy0f3f.default\extensions\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} folder moved successfully.
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g3zy0f3f.default\searchplugins\conduit.xml moved successfully.
C:\ProgramData\ZA_PreservedFiles folder moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Admin
->Temp folder emptied: 55349822 bytes
->Temporary Internet Files folder emptied: 3485250 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 79462571 bytes
->Flash cache emptied: 1027 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: Stefan

User: Stewen
->Temp folder emptied: 25420089 bytes
->Temporary Internet Files folder emptied: 262090477 bytes
->Java cache emptied: 10797969 bytes
->FireFox cache emptied: 106879641 bytes
->Google Chrome cache emptied: 6121170 bytes
->Flash cache emptied: 220418 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 234355020 bytes
%systemroot%\System32 .tmp files removed: 3428864 bytes
%systemroot%\System32\drivers .tmp files removed: 279440 bytes
Windows Temp folder emptied: 95573629 bytes
RecycleBin emptied: 26886652 bytes

Total Files Cleaned = 868,00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 04202011_185700

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Alt 20.04.2011, 19:38   #12
Hemd
 
tr/crypt.zpack.gen2 - Standard

tr/crypt.zpack.gen2



nach OTL habe ich einfach mal einen Malwarebytes Scan gemacht...komischerweise findet Malwarebytes nichts, wenn ich es als Admin ausführe, findet bei einfachem Öffnen aber immer noch die 2 Trojaner!?!

"normales" Öffnen:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6400

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

20.04.2011 19:24:46
mbam-log-2011-04-20 (19-24-37).txt

Scan type: Quick scan
Objects scanned: 136334
Time elapsed: 2 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\HJRUDZ5DT2 (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\NtWqIVLZEWZU (Trojan.FakeAlert) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

---------------------------------------------------------------------

Öffnen als Admin:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6400

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

20.04.2011 19:29:02
mbam-log-2011-04-20 (19-29-02).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 164097
Laufzeit: 2 Minute(n), 27 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Geändert von Hemd (20.04.2011 um 19:47 Uhr)

Alt 20.04.2011, 19:57   #13
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
tr/crypt.zpack.gen2 - Standard

tr/crypt.zpack.gen2



Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 21.04.2011, 00:40   #14
Hemd
 
tr/crypt.zpack.gen2 - Standard

tr/crypt.zpack.gen2



Nach Durführen des Kaspersky tools und Neustart wurde das Log nicht automatisch angezeigt, also habe ich das Prog nochmal laufen lassen (dabei wurde nichts mehr gefunden) und dann das Log kopiert. Allerdings ist es jetzt mit Malwarebytes das selbe wie vorher: als Admin ausgeführt findet der Quickscan nichts, wenn ich normal ("Linksklick") ausführe, findet er wieder die zwei Troianer. unhide.exe habe ich übrigens nciht durchgeführt, da ich auf meine Dokumente noch zufgreifen kann.

2011/04/21 00:31:48.0880 2768 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/21 00:31:48.0958 2768 ================================================================================
2011/04/21 00:31:48.0958 2768 SystemInfo:
2011/04/21 00:31:48.0958 2768
2011/04/21 00:31:48.0958 2768 OS Version: 6.0.6002 ServicePack: 2.0
2011/04/21 00:31:48.0958 2768 Product type: Workstation
2011/04/21 00:31:48.0958 2768 ComputerName: STEWEN-PC
2011/04/21 00:31:48.0958 2768 UserName: Admin
2011/04/21 00:31:48.0958 2768 Windows directory: C:\Windows
2011/04/21 00:31:48.0958 2768 System windows directory: C:\Windows
2011/04/21 00:31:48.0958 2768 Processor architecture: Intel x86
2011/04/21 00:31:48.0958 2768 Number of processors: 2
2011/04/21 00:31:48.0958 2768 Page size: 0x1000
2011/04/21 00:31:48.0958 2768 Boot type: Normal boot
2011/04/21 00:31:48.0958 2768 ================================================================================
2011/04/21 00:31:49.0551 2768 Initialize success
2011/04/21 00:31:54.0075 3116 ================================================================================
2011/04/21 00:31:54.0075 3116 Scan started
2011/04/21 00:31:54.0075 3116 Mode: Manual;
2011/04/21 00:31:54.0075 3116 ================================================================================
2011/04/21 00:31:57.0086 3116 acedrv11 (e6f53d6c0dea3d375362265e175ca638) C:\Windows\system32\drivers\acedrv11.sys
2011/04/21 00:31:57.0195 3116 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/04/21 00:31:57.0367 3116 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2011/04/21 00:31:57.0975 3116 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2011/04/21 00:31:58.0287 3116 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2011/04/21 00:31:59.0083 3116 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2011/04/21 00:31:59.0629 3116 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2011/04/21 00:31:59.0722 3116 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2011/04/21 00:32:00.0206 3116 ahcix86s (fbe4016f9ef3ab3db547e40a936b6cd9) C:\Windows\system32\drivers\ahcix86s.sys
2011/04/21 00:32:00.0689 3116 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/04/21 00:32:01.0251 3116 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2011/04/21 00:32:01.0282 3116 Scan interrupted by user!
2011/04/21 00:32:01.0282 3116 Scan interrupted by user!
2011/04/21 00:32:01.0282 3116 ================================================================================
2011/04/21 00:32:01.0282 3116 Scan finished
2011/04/21 00:32:01.0282 3116 ================================================================================
2011/04/21 00:32:13.0513 2960 ================================================================================
2011/04/21 00:32:13.0513 2960 Scan started
2011/04/21 00:32:13.0513 2960 Mode: Manual;
2011/04/21 00:32:13.0513 2960 ================================================================================
2011/04/21 00:32:14.0183 2960 acedrv11 (e6f53d6c0dea3d375362265e175ca638) C:\Windows\system32\drivers\acedrv11.sys
2011/04/21 00:32:14.0480 2960 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/04/21 00:32:15.0135 2960 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2011/04/21 00:32:15.0556 2960 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2011/04/21 00:32:15.0853 2960 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2011/04/21 00:32:16.0133 2960 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2011/04/21 00:32:16.0414 2960 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2011/04/21 00:32:16.0555 2960 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2011/04/21 00:32:16.0617 2960 ahcix86s (fbe4016f9ef3ab3db547e40a936b6cd9) C:\Windows\system32\drivers\ahcix86s.sys
2011/04/21 00:32:16.0913 2960 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/04/21 00:32:17.0179 2960 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2011/04/21 00:32:17.0397 2960 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2011/04/21 00:32:17.0444 2960 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2011/04/21 00:32:17.0569 2960 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2011/04/21 00:32:17.0865 2960 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2011/04/21 00:32:18.0224 2960 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2011/04/21 00:32:18.0317 2960 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2011/04/21 00:32:18.0395 2960 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/04/21 00:32:18.0489 2960 atapi (0d83c87a801a3dfcd1bf73893fe7518c) C:\Windows\system32\drivers\atapi.sys
2011/04/21 00:32:18.0629 2960 athr (2846f5ee802889d500fcf5cc48b28381) C:\Windows\system32\DRIVERS\athr.sys
2011/04/21 00:32:19.0487 2960 atikmdag (a4e212f45b2457b39d59d4972a67af47) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/04/21 00:32:19.0846 2960 AtiPcie (4aa1eb65481c392955939e735d27118b) C:\Windows\system32\DRIVERS\AtiPcie.sys
2011/04/21 00:32:20.0018 2960 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/04/21 00:32:20.0080 2960 avipbb (5fedef54757b34fb611b9ec8fb399364) C:\Windows\system32\DRIVERS\avipbb.sys
2011/04/21 00:32:20.0283 2960 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/04/21 00:32:20.0517 2960 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2011/04/21 00:32:20.0657 2960 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
2011/04/21 00:32:20.0735 2960 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/04/21 00:32:20.0782 2960 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/04/21 00:32:20.0845 2960 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/04/21 00:32:20.0876 2960 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/04/21 00:32:21.0125 2960 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/04/21 00:32:21.0500 2960 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/04/21 00:32:21.0640 2960 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
2011/04/21 00:32:21.0718 2960 BTHMODEM (9a966a8e86d1771911ae34a20d11bff3) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/04/21 00:32:22.0061 2960 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
2011/04/21 00:32:22.0171 2960 BTHPORT (5a3abaa2f8eece7aefb942773766e3db) C:\Windows\system32\Drivers\BTHport.sys
2011/04/21 00:32:22.0233 2960 BTHUSB (94e2941280e3756a5e0bcb467865c43a) C:\Windows\system32\Drivers\BTHUSB.sys
2011/04/21 00:32:22.0311 2960 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/04/21 00:32:22.0389 2960 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/04/21 00:32:22.0545 2960 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2011/04/21 00:32:22.0639 2960 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/04/21 00:32:22.0795 2960 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/04/21 00:32:23.0185 2960 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2011/04/21 00:32:23.0528 2960 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/04/21 00:32:23.0637 2960 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2011/04/21 00:32:23.0965 2960 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2011/04/21 00:32:24.0183 2960 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\Windows\system32\DRIVERS\CVirtA.sys
2011/04/21 00:32:24.0370 2960 CVPNDRVA (18994842386fd3039279d7865740abbd) C:\Windows\system32\Drivers\CVPNDRVA.sys
2011/04/21 00:32:24.0620 2960 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2011/04/21 00:32:24.0854 2960 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/04/21 00:32:24.0932 2960 DNE (b5aa5aa5ac327bd7c1aec0c58f0c1144) C:\Windows\system32\DRIVERS\dne2000.sys
2011/04/21 00:32:25.0119 2960 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/04/21 00:32:25.0556 2960 DXGKrnl (fb85f7f69e9b109820409243f578cc4d) C:\Windows\System32\drivers\dxgkrnl.sys
2011/04/21 00:32:25.0712 2960 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/04/21 00:32:26.0320 2960 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/04/21 00:32:26.0570 2960 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2011/04/21 00:32:26.0695 2960 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2011/04/21 00:32:26.0897 2960 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/04/21 00:32:27.0209 2960 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/04/21 00:32:27.0334 2960 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/04/21 00:32:27.0475 2960 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/04/21 00:32:27.0584 2960 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/04/21 00:32:27.0709 2960 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/04/21 00:32:28.0177 2960 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/04/21 00:32:28.0395 2960 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/04/21 00:32:28.0613 2960 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2011/04/21 00:32:28.0769 2960 hamachi (833051c6c6c42117191935f734cfbd97) C:\Windows\system32\DRIVERS\hamachi.sys
2011/04/21 00:32:29.0237 2960 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
2011/04/21 00:32:29.0581 2960 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/04/21 00:32:29.0830 2960 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/04/21 00:32:30.0002 2960 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/04/21 00:32:30.0095 2960 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/04/21 00:32:30.0220 2960 Hotkey (8b566ea71d5b76157a9cdb78f25a5731) C:\Windows\system32\drivers\Hotkey.sys
2011/04/21 00:32:30.0579 2960 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2011/04/21 00:32:30.0688 2960 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/04/21 00:32:30.0766 2960 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2011/04/21 00:32:30.0844 2960 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/04/21 00:32:31.0125 2960 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2011/04/21 00:32:31.0593 2960 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/04/21 00:32:31.0733 2960 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/04/21 00:32:31.0780 2960 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/04/21 00:32:31.0843 2960 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/04/21 00:32:32.0108 2960 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2011/04/21 00:32:32.0217 2960 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/04/21 00:32:32.0295 2960 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/04/21 00:32:32.0545 2960 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2011/04/21 00:32:32.0638 2960 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/04/21 00:32:32.0716 2960 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/04/21 00:32:32.0763 2960 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/04/21 00:32:32.0825 2960 JRAID (ab95b2ddb49f6b6cf52625e56c1f1f71) C:\Windows\system32\drivers\jraid.sys
2011/04/21 00:32:32.0888 2960 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/04/21 00:32:32.0950 2960 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/04/21 00:32:33.0200 2960 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/04/21 00:32:33.0496 2960 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/04/21 00:32:33.0637 2960 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2011/04/21 00:32:33.0793 2960 LSI_SAS (90cfc725e69ad443583e57ef0ddc7e2d) C:\Windows\system32\drivers\lsi_sas.sys
2011/04/21 00:32:33.0886 2960 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2011/04/21 00:32:34.0058 2960 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/04/21 00:32:34.0448 2960 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2011/04/21 00:32:34.0651 2960 MegaSR (5e6ebb00401a104462f97041befa578a) C:\Windows\system32\drivers\megasr.sys
2011/04/21 00:32:35.0134 2960 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/04/21 00:32:35.0446 2960 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/04/21 00:32:35.0649 2960 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/04/21 00:32:35.0821 2960 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/04/21 00:32:35.0961 2960 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/04/21 00:32:36.0117 2960 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2011/04/21 00:32:36.0429 2960 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/04/21 00:32:36.0538 2960 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/04/21 00:32:36.0679 2960 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/04/21 00:32:36.0881 2960 mrxsmb (5fe5cf325f5b02ebc60832d3440cb414) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/04/21 00:32:37.0349 2960 mrxsmb10 (30b9c769446af379a2afb72b0392604d) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/04/21 00:32:37.0630 2960 mrxsmb20 (fea239b3ec4877e2b7e23204af589ddf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/04/21 00:32:37.0724 2960 msahci (f70590424eefbf5c27a40c67afdb8383) C:\Windows\system32\drivers\msahci.sys
2011/04/21 00:32:37.0864 2960 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2011/04/21 00:32:38.0192 2960 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/04/21 00:32:38.0254 2960 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/04/21 00:32:38.0613 2960 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/04/21 00:32:38.0722 2960 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/04/21 00:32:38.0769 2960 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/04/21 00:32:38.0863 2960 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/04/21 00:32:39.0003 2960 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/04/21 00:32:39.0112 2960 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/04/21 00:32:39.0455 2960 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/04/21 00:32:39.0830 2960 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/04/21 00:32:39.0923 2960 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/04/21 00:32:40.0157 2960 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/04/21 00:32:40.0235 2960 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/04/21 00:32:40.0579 2960 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/04/21 00:32:40.0750 2960 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/04/21 00:32:40.0875 2960 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/04/21 00:32:40.0953 2960 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/04/21 00:32:41.0109 2960 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/04/21 00:32:41.0437 2960 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/04/21 00:32:41.0749 2960 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/04/21 00:32:42.0154 2960 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/04/21 00:32:42.0341 2960 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/04/21 00:32:42.0700 2960 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/04/21 00:32:42.0763 2960 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2011/04/21 00:32:42.0887 2960 nvrd32 (7894ffc354ddd5a0600bc112ffec2dd0) C:\Windows\system32\drivers\nvrd32.sys
2011/04/21 00:32:42.0934 2960 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2011/04/21 00:32:43.0090 2960 nvstor32 (2a0cc26d67b38460cc7563bc8313c1d6) C:\Windows\system32\drivers\nvstor32.sys
2011/04/21 00:32:43.0418 2960 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2011/04/21 00:32:43.0917 2960 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
2011/04/21 00:32:44.0619 2960 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/04/21 00:32:44.0806 2960 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/04/21 00:32:44.0931 2960 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/04/21 00:32:45.0243 2960 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/04/21 00:32:45.0493 2960 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
2011/04/21 00:32:45.0773 2960 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/04/21 00:32:45.0851 2960 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\Windows\system32\Drivers\pcouffin.sys
2011/04/21 00:32:45.0976 2960 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/04/21 00:32:46.0304 2960 PnkBstrK (044d265297095ecebcf5a2e2df48d59d) C:\Windows\system32\drivers\PnkBstrK.sys
2011/04/21 00:32:46.0694 2960 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/04/21 00:32:46.0834 2960 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\DRIVERS\processr.sys
2011/04/21 00:32:47.0006 2960 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/04/21 00:32:47.0302 2960 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2011/04/21 00:32:47.0521 2960 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/04/21 00:32:47.0755 2960 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/04/21 00:32:47.0833 2960 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/04/21 00:32:47.0973 2960 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/04/21 00:32:48.0269 2960 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/04/21 00:32:48.0519 2960 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/04/21 00:32:48.0815 2960 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/04/21 00:32:48.0878 2960 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/04/21 00:32:49.0003 2960 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2011/04/21 00:32:49.0268 2960 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/04/21 00:32:49.0627 2960 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/04/21 00:32:49.0985 2960 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
2011/04/21 00:32:50.0219 2960 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/04/21 00:32:50.0375 2960 RTL8169 (2d19a7469ea19993d0c12e627f4530bc) C:\Windows\system32\DRIVERS\Rtlh86.sys
2011/04/21 00:32:50.0656 2960 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/04/21 00:32:50.0843 2960 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
2011/04/21 00:32:51.0062 2960 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/04/21 00:32:51.0436 2960 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/04/21 00:32:51.0748 2960 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/04/21 00:32:51.0889 2960 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/04/21 00:32:52.0107 2960 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/04/21 00:32:52.0279 2960 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2011/04/21 00:32:52.0372 2960 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/04/21 00:32:52.0715 2960 sfloppy (c33bfbd6e9e41fcd9ffef9729e9faed6) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/04/21 00:32:52.0965 2960 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2011/04/21 00:32:53.0027 2960 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2011/04/21 00:32:53.0105 2960 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2011/04/21 00:32:53.0215 2960 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/04/21 00:32:53.0308 2960 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/04/21 00:32:53.0402 2960 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
2011/04/21 00:32:53.0449 2960 srv2 (a5940ca32ed206f90be9fabdf6e92de4) C:\Windows\system32\DRIVERS\srv2.sys
2011/04/21 00:32:53.0495 2960 srvnet (37aa1d560d5fa486c4b11c2f276ada61) C:\Windows\system32\DRIVERS\srvnet.sys
2011/04/21 00:32:53.0558 2960 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
2011/04/21 00:32:53.0620 2960 StillCam (ef70b3d22b4bffda6ea851ecb063efaa) C:\Windows\system32\DRIVERS\serscan.sys
2011/04/21 00:32:53.0698 2960 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/04/21 00:32:53.0761 2960 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/04/21 00:32:53.0792 2960 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/04/21 00:32:53.0839 2960 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/04/21 00:32:53.0932 2960 Tcpip (6a10afce0b38371064be41c1fbfd3c6b) C:\Windows\system32\drivers\tcpip.sys
2011/04/21 00:32:54.0026 2960 Tcpip6 (6a10afce0b38371064be41c1fbfd3c6b) C:\Windows\system32\DRIVERS\tcpip.sys
2011/04/21 00:32:54.0057 2960 tcpipreg (9bf343f4c878d6ad6922b2c5a4fefe0d) C:\Windows\system32\drivers\tcpipreg.sys
2011/04/21 00:32:54.0104 2960 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/04/21 00:32:54.0135 2960 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/04/21 00:32:54.0182 2960 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/04/21 00:32:54.0244 2960 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/04/21 00:32:54.0322 2960 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/04/21 00:32:54.0353 2960 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/04/21 00:32:54.0385 2960 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/04/21 00:32:54.0431 2960 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2011/04/21 00:32:54.0494 2960 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/04/21 00:32:54.0541 2960 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2011/04/21 00:32:54.0587 2960 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2011/04/21 00:32:54.0634 2960 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/04/21 00:32:54.0681 2960 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/04/21 00:32:54.0728 2960 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/04/21 00:32:54.0821 2960 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/04/21 00:32:54.0853 2960 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/04/21 00:32:54.0915 2960 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/04/21 00:32:54.0946 2960 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/04/21 00:32:54.0993 2960 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
2011/04/21 00:32:55.0071 2960 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/04/21 00:32:55.0118 2960 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/04/21 00:32:55.0165 2960 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/04/21 00:32:55.0258 2960 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
2011/04/21 00:32:55.0336 2960 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/04/21 00:32:55.0367 2960 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/04/21 00:32:55.0430 2960 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2011/04/21 00:32:55.0461 2960 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2011/04/21 00:32:55.0523 2960 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2011/04/21 00:32:55.0570 2960 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/04/21 00:32:55.0633 2960 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/04/21 00:32:55.0679 2960 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/04/21 00:32:55.0804 2960 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2011/04/21 00:32:55.0882 2960 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/04/21 00:32:55.0945 2960 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/21 00:32:55.0976 2960 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/21 00:32:56.0116 2960 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2011/04/21 00:32:56.0163 2960 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/04/21 00:32:56.0381 2960 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/04/21 00:32:56.0491 2960 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/04/21 00:32:56.0522 2960 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/04/21 00:32:56.0678 2960 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/04/21 00:32:56.0990 2960 ================================================================================
2011/04/21 00:32:56.0990 2960 Scan finished
2011/04/21 00:32:56.0990 2960 ================================================================================

Geändert von Hemd (21.04.2011 um 00:48 Uhr)

Alt 21.04.2011, 00:45   #15
Hemd
 
tr/crypt.zpack.gen2 - Standard

tr/crypt.zpack.gen2



Vielleicht kannst du auch mit der Info was anfangen: Befor ich mit dem tdsskiller den gefundenen Schädling gelöscht habe, habe ich einmal aus Versehen "skip" gewählt und dann folgendes Log gespeichert:

2011/04/21 00:11:15.0746 5416 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/21 00:11:15.0779 5416 ================================================================================
2011/04/21 00:11:15.0779 5416 SystemInfo:
2011/04/21 00:11:15.0779 5416
2011/04/21 00:11:15.0779 5416 OS Version: 6.0.6002 ServicePack: 2.0
2011/04/21 00:11:15.0779 5416 Product type: Workstation
2011/04/21 00:11:15.0779 5416 ComputerName: STEWEN-PC
2011/04/21 00:11:15.0779 5416 UserName: Admin
2011/04/21 00:11:15.0779 5416 Windows directory: C:\Windows
2011/04/21 00:11:15.0779 5416 System windows directory: C:\Windows
2011/04/21 00:11:15.0779 5416 Processor architecture: Intel x86
2011/04/21 00:11:15.0780 5416 Number of processors: 2
2011/04/21 00:11:15.0780 5416 Page size: 0x1000
2011/04/21 00:11:15.0780 5416 Boot type: Normal boot
2011/04/21 00:11:15.0780 5416 ================================================================================
2011/04/21 00:11:16.0292 5416 Initialize success
2011/04/21 00:11:19.0495 4340 ================================================================================
2011/04/21 00:11:19.0495 4340 Scan started
2011/04/21 00:11:19.0495 4340 Mode: Manual;
2011/04/21 00:11:19.0495 4340 ================================================================================
2011/04/21 00:11:21.0399 4340 acedrv11 (e6f53d6c0dea3d375362265e175ca638) C:\Windows\system32\drivers\acedrv11.sys
2011/04/21 00:11:21.0796 4340 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/04/21 00:11:22.0124 4340 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2011/04/21 00:11:22.0330 4340 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2011/04/21 00:11:22.0422 4340 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2011/04/21 00:11:22.0485 4340 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2011/04/21 00:11:22.0580 4340 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2011/04/21 00:11:22.0649 4340 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2011/04/21 00:11:22.0698 4340 ahcix86s (fbe4016f9ef3ab3db547e40a936b6cd9) C:\Windows\system32\drivers\ahcix86s.sys
2011/04/21 00:11:22.0742 4340 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/04/21 00:11:23.0023 4340 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2011/04/21 00:11:23.0744 4340 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2011/04/21 00:11:24.0141 4340 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2011/04/21 00:11:24.0219 4340 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2011/04/21 00:11:24.0378 4340 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2011/04/21 00:11:24.0697 4340 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2011/04/21 00:11:24.0763 4340 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2011/04/21 00:11:24.0831 4340 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/04/21 00:11:24.0922 4340 atapi (0d83c87a801a3dfcd1bf73893fe7518c) C:\Windows\system32\drivers\atapi.sys
2011/04/21 00:11:25.0006 4340 athr (2846f5ee802889d500fcf5cc48b28381) C:\Windows\system32\DRIVERS\athr.sys
2011/04/21 00:11:25.0271 4340 atikmdag (a4e212f45b2457b39d59d4972a67af47) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/04/21 00:11:25.0445 4340 AtiPcie (4aa1eb65481c392955939e735d27118b) C:\Windows\system32\DRIVERS\AtiPcie.sys
2011/04/21 00:11:25.0551 4340 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/04/21 00:11:25.0617 4340 avipbb (5fedef54757b34fb611b9ec8fb399364) C:\Windows\system32\DRIVERS\avipbb.sys
2011/04/21 00:11:25.0747 4340 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/04/21 00:11:25.0819 4340 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2011/04/21 00:11:25.0903 4340 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
2011/04/21 00:11:25.0999 4340 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/04/21 00:11:26.0061 4340 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/04/21 00:11:26.0142 4340 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/04/21 00:11:26.0177 4340 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/04/21 00:11:26.0223 4340 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/04/21 00:11:26.0268 4340 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/04/21 00:11:26.0351 4340 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
2011/04/21 00:11:26.0411 4340 BTHMODEM (9a966a8e86d1771911ae34a20d11bff3) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/04/21 00:11:26.0484 4340 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
2011/04/21 00:11:26.0560 4340 BTHPORT (5a3abaa2f8eece7aefb942773766e3db) C:\Windows\system32\Drivers\BTHport.sys
2011/04/21 00:11:26.0645 4340 BTHUSB (94e2941280e3756a5e0bcb467865c43a) C:\Windows\system32\Drivers\BTHUSB.sys
2011/04/21 00:11:26.0724 4340 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/04/21 00:11:26.0791 4340 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/04/21 00:11:26.0868 4340 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2011/04/21 00:11:26.0940 4340 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/04/21 00:11:27.0020 4340 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/04/21 00:11:27.0092 4340 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2011/04/21 00:11:27.0134 4340 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/04/21 00:11:27.0245 4340 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2011/04/21 00:11:27.0328 4340 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2011/04/21 00:11:27.0441 4340 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\Windows\system32\DRIVERS\CVirtA.sys
2011/04/21 00:11:27.0513 4340 CVPNDRVA (18994842386fd3039279d7865740abbd) C:\Windows\system32\Drivers\CVPNDRVA.sys
2011/04/21 00:11:27.0642 4340 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2011/04/21 00:11:27.0803 4340 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/04/21 00:11:27.0866 4340 DNE (b5aa5aa5ac327bd7c1aec0c58f0c1144) C:\Windows\system32\DRIVERS\dne2000.sys
2011/04/21 00:11:28.0001 4340 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/04/21 00:11:28.0093 4340 DXGKrnl (fb85f7f69e9b109820409243f578cc4d) C:\Windows\System32\drivers\dxgkrnl.sys
2011/04/21 00:11:28.0168 4340 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/04/21 00:11:28.0292 4340 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/04/21 00:11:28.0401 4340 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2011/04/21 00:11:28.0470 4340 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2011/04/21 00:11:28.0623 4340 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/04/21 00:11:28.0671 4340 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/04/21 00:11:28.0807 4340 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/04/21 00:11:28.0896 4340 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/04/21 00:11:29.0234 4340 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/04/21 00:11:29.0524 4340 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/04/21 00:11:29.0684 4340 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/04/21 00:11:30.0123 4340 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/04/21 00:11:30.0431 4340 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2011/04/21 00:11:30.0623 4340 hamachi (833051c6c6c42117191935f734cfbd97) C:\Windows\system32\DRIVERS\hamachi.sys
2011/04/21 00:11:30.0706 4340 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
2011/04/21 00:11:31.0141 4340 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/04/21 00:11:31.0466 4340 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/04/21 00:11:31.0881 4340 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/04/21 00:11:32.0055 4340 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/04/21 00:11:32.0178 4340 Hotkey (8b566ea71d5b76157a9cdb78f25a5731) C:\Windows\system32\drivers\Hotkey.sys
2011/04/21 00:11:32.0271 4340 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2011/04/21 00:11:32.0553 4340 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/04/21 00:11:32.0653 4340 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2011/04/21 00:11:32.0720 4340 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/04/21 00:11:32.0834 4340 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2011/04/21 00:11:33.0080 4340 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/04/21 00:11:33.0491 4340 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/04/21 00:11:33.0565 4340 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/04/21 00:11:33.0674 4340 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/04/21 00:11:33.0835 4340 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2011/04/21 00:11:33.0908 4340 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/04/21 00:11:34.0056 4340 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/04/21 00:11:34.0201 4340 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2011/04/21 00:11:34.0348 4340 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/04/21 00:11:34.0408 4340 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/04/21 00:11:34.0472 4340 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/04/21 00:11:34.0530 4340 JRAID (ab95b2ddb49f6b6cf52625e56c1f1f71) C:\Windows\system32\drivers\jraid.sys
2011/04/21 00:11:34.0928 4340 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/04/21 00:11:35.0145 4340 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/04/21 00:11:35.0402 4340 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/04/21 00:11:35.0833 4340 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/04/21 00:11:36.0551 4340 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2011/04/21 00:11:36.0765 4340 LSI_SAS (90cfc725e69ad443583e57ef0ddc7e2d) C:\Windows\system32\drivers\lsi_sas.sys
2011/04/21 00:11:36.0840 4340 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2011/04/21 00:11:36.0924 4340 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/04/21 00:11:37.0229 4340 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2011/04/21 00:11:37.0423 4340 MegaSR (5e6ebb00401a104462f97041befa578a) C:\Windows\system32\drivers\megasr.sys
2011/04/21 00:11:37.0986 4340 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/04/21 00:11:38.0569 4340 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/04/21 00:11:38.0688 4340 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/04/21 00:11:39.0201 4340 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/04/21 00:11:39.0722 4340 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/04/21 00:11:40.0262 4340 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2011/04/21 00:11:40.0436 4340 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/04/21 00:11:40.0985 4340 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/04/21 00:11:41.0614 4340 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/04/21 00:11:41.0773 4340 mrxsmb (5fe5cf325f5b02ebc60832d3440cb414) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/04/21 00:11:42.0056 4340 mrxsmb10 (30b9c769446af379a2afb72b0392604d) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/04/21 00:11:42.0341 4340 mrxsmb20 (fea239b3ec4877e2b7e23204af589ddf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/04/21 00:11:42.0432 4340 msahci (f70590424eefbf5c27a40c67afdb8383) C:\Windows\system32\drivers\msahci.sys
2011/04/21 00:11:42.0747 4340 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2011/04/21 00:11:43.0347 4340 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/04/21 00:11:43.0507 4340 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/04/21 00:11:43.0671 4340 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/04/21 00:11:43.0990 4340 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/04/21 00:11:44.0474 4340 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/04/21 00:11:44.0870 4340 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/04/21 00:11:45.0203 4340 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/04/21 00:11:45.0456 4340 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/04/21 00:11:45.0707 4340 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/04/21 00:11:46.0806 4340 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/04/21 00:11:47.0727 4340 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/04/21 00:11:47.0827 4340 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/04/21 00:11:48.0020 4340 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/04/21 00:11:48.0105 4340 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/04/21 00:11:48.0156 4340 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/04/21 00:11:48.0248 4340 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/04/21 00:11:48.0328 4340 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/04/21 00:11:48.0426 4340 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/04/21 00:11:48.0500 4340 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/04/21 00:11:48.0553 4340 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/04/21 00:11:48.0644 4340 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/04/21 00:11:48.0726 4340 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/04/21 00:11:48.0768 4340 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/04/21 00:11:48.0803 4340 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2011/04/21 00:11:48.0861 4340 nvrd32 (7894ffc354ddd5a0600bc112ffec2dd0) C:\Windows\system32\drivers\nvrd32.sys
2011/04/21 00:11:48.0931 4340 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2011/04/21 00:11:49.0002 4340 nvstor32 (2a0cc26d67b38460cc7563bc8313c1d6) C:\Windows\system32\drivers\nvstor32.sys
2011/04/21 00:11:49.0062 4340 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2011/04/21 00:11:49.0292 4340 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
2011/04/21 00:11:49.0443 4340 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/04/21 00:11:49.0511 4340 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/04/21 00:11:49.0589 4340 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/04/21 00:11:49.0690 4340 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/04/21 00:11:49.0745 4340 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
2011/04/21 00:11:49.0799 4340 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/04/21 00:11:49.0863 4340 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\Windows\system32\Drivers\pcouffin.sys
2011/04/21 00:11:49.0941 4340 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/04/21 00:11:50.0124 4340 PnkBstrK (044d265297095ecebcf5a2e2df48d59d) C:\Windows\system32\drivers\PnkBstrK.sys
2011/04/21 00:11:50.0216 4340 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/04/21 00:11:50.0271 4340 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\DRIVERS\processr.sys
2011/04/21 00:11:50.0374 4340 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/04/21 00:11:50.0469 4340 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2011/04/21 00:11:50.0553 4340 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/04/21 00:11:50.0597 4340 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/04/21 00:11:50.0666 4340 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/04/21 00:11:50.0712 4340 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/04/21 00:11:50.0789 4340 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/04/21 00:11:50.0819 4340 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/04/21 00:11:50.0876 4340 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/04/21 00:11:50.0919 4340 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/04/21 00:11:51.0007 4340 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2011/04/21 00:11:51.0032 4340 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/04/21 00:11:51.0127 4340 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/04/21 00:11:51.0206 4340 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
2011/04/21 00:11:51.0349 4340 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/04/21 00:11:51.0434 4340 RTL8169 (2d19a7469ea19993d0c12e627f4530bc) C:\Windows\system32\DRIVERS\Rtlh86.sys
2011/04/21 00:11:51.0518 4340 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/04/21 00:11:51.0653 4340 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
2011/04/21 00:11:51.0731 4340 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/04/21 00:11:51.0836 4340 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/04/21 00:11:51.0929 4340 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/04/21 00:11:51.0967 4340 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/04/21 00:11:52.0087 4340 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/04/21 00:11:52.0135 4340 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2011/04/21 00:11:52.0199 4340 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/04/21 00:11:52.0268 4340 sfloppy (c33bfbd6e9e41fcd9ffef9729e9faed6) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/04/21 00:11:52.0357 4340 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2011/04/21 00:11:52.0475 4340 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2011/04/21 00:11:52.0541 4340 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2011/04/21 00:11:52.0628 4340 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/04/21 00:11:52.0771 4340 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/04/21 00:11:52.0861 4340 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys
2011/04/21 00:11:52.0861 4340 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
2011/04/21 00:11:52.0876 4340 sptd - detected Locked file (1)
2011/04/21 00:11:52.0949 4340 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
2011/04/21 00:11:53.0019 4340 srv2 (a5940ca32ed206f90be9fabdf6e92de4) C:\Windows\system32\DRIVERS\srv2.sys
2011/04/21 00:11:53.0063 4340 srvnet (37aa1d560d5fa486c4b11c2f276ada61) C:\Windows\system32\DRIVERS\srvnet.sys
2011/04/21 00:11:53.0158 4340 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
2011/04/21 00:11:53.0230 4340 StillCam (ef70b3d22b4bffda6ea851ecb063efaa) C:\Windows\system32\DRIVERS\serscan.sys
2011/04/21 00:11:53.0306 4340 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/04/21 00:11:53.0377 4340 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/04/21 00:11:53.0430 4340 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/04/21 00:11:53.0460 4340 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/04/21 00:11:53.0628 4340 Tcpip (6a10afce0b38371064be41c1fbfd3c6b) C:\Windows\system32\drivers\tcpip.sys
2011/04/21 00:11:53.0717 4340 Tcpip6 (6a10afce0b38371064be41c1fbfd3c6b) C:\Windows\system32\DRIVERS\tcpip.sys
2011/04/21 00:11:53.0820 4340 tcpipreg (9bf343f4c878d6ad6922b2c5a4fefe0d) C:\Windows\system32\drivers\tcpipreg.sys
2011/04/21 00:11:53.0882 4340 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/04/21 00:11:53.0941 4340 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/04/21 00:11:54.0028 4340 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/04/21 00:11:54.0106 4340 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/04/21 00:11:54.0253 4340 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/04/21 00:11:54.0290 4340 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/04/21 00:11:54.0370 4340 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/04/21 00:11:54.0415 4340 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2011/04/21 00:11:54.0514 4340 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/04/21 00:11:54.0601 4340 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2011/04/21 00:11:54.0642 4340 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2011/04/21 00:11:54.0734 4340 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/04/21 00:11:54.0784 4340 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/04/21 00:11:54.0860 4340 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/04/21 00:11:54.0978 4340 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/04/21 00:11:55.0041 4340 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/04/21 00:11:55.0116 4340 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/04/21 00:11:55.0163 4340 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/04/21 00:11:55.0246 4340 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
2011/04/21 00:11:55.0310 4340 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/04/21 00:11:55.0376 4340 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/04/21 00:11:55.0453 4340 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/04/21 00:11:55.0518 4340 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
2011/04/21 00:11:55.0603 4340 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/04/21 00:11:55.0639 4340 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/04/21 00:11:55.0691 4340 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2011/04/21 00:11:55.0725 4340 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2011/04/21 00:11:55.0794 4340 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2011/04/21 00:11:55.0827 4340 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/04/21 00:11:55.0894 4340 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/04/21 00:11:55.0959 4340 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/04/21 00:11:56.0046 4340 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2011/04/21 00:11:56.0138 4340 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/04/21 00:11:56.0213 4340 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/21 00:11:56.0257 4340 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/21 00:11:56.0337 4340 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2011/04/21 00:11:56.0400 4340 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/04/21 00:11:56.0609 4340 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/04/21 00:11:56.0712 4340 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/04/21 00:11:56.0774 4340 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/04/21 00:11:56.0919 4340 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/04/21 00:11:57.0119 4340 ================================================================================
2011/04/21 00:11:57.0119 4340 Scan finished
2011/04/21 00:11:57.0119 4340 ================================================================================
2011/04/21 00:11:57.0139 2196 Detected object count: 1
2011/04/21 00:13:59.0421 2196 Locked file(sptd) - User select action: Skip

Antwort

Themen zu tr/crypt.zpack.gen2
.dll, antivir, avg, ccc.exe, checkpoint, csrss.exe, datei, desktop, eudora, explorer.exe, free, hilfe!!, launch, lsass.exe, malware bytes, modul, mom.exe, namen, notepad.exe, nt.dll, programm, prozesse, registry, scan, sched.exe, services.exe, skype.exe, spoolsv.exe, svchost.exe, trojanische pferd, versteckte, verweise, virus, virus gefunden, virustotal, windows, winlogon.exe, wuauclt.exe



Ähnliche Themen: tr/crypt.zpack.gen2


  1. Windows 7 Webseiten werden auf Werbung umgeleitet. Avira fund "adware/multiPlug.Gen2" und 2 TR/Crypt.ZPACK.gen2
    Log-Analyse und Auswertung - 16.12.2014 (16)
  2. TR/Crypt.ZPACK.Gen2, Adware/InstallCore.Gen, TR/black.Gen2: Wie kann ich diese Trojaner entfernen?
    Log-Analyse und Auswertung - 12.07.2013 (3)
  3. TR/Crypt.ZPACK.Gen2 in Skype.exe
    Plagegeister aller Art und deren Bekämpfung - 05.02.2013 (17)
  4. TR/Crypt.ZPACK.Gen2 gefunden!
    Plagegeister aller Art und deren Bekämpfung - 07.01.2013 (2)
  5. TR/Crypt.ZPACK.Gen2
    Plagegeister aller Art und deren Bekämpfung - 29.12.2012 (2)
  6. AntiVir hat folgede Viren gefunden: TR/Crypt.ZPACK.Gen2' & 'TR/Crypt.XPACK.Gen5' [trojan
    Plagegeister aller Art und deren Bekämpfung - 26.09.2012 (33)
  7. Avira findet TR/Kazy.81861, TR/Crypt.ZPACK.Gen2, TR/ATRAPS.Gen2
    Log-Analyse und Auswertung - 02.08.2012 (1)
  8. TR/Crypt.ZPACK.Gen2
    Log-Analyse und Auswertung - 24.05.2012 (17)
  9. TR/CRYPT.ZPACK.Gen2
    Plagegeister aller Art und deren Bekämpfung - 03.04.2012 (7)
  10. TR/Crypt.ZPACK.Gen2 Trojaner
    Log-Analyse und Auswertung - 07.03.2012 (15)
  11. TR/Crypt.ZPACK.Gen2 in TR/Crypt.ZPACK.Gen2
    Log-Analyse und Auswertung - 01.03.2012 (17)
  12. TR/Crypt.XPACK.Gen5, TR/Crypt.ZPACK.Gen2, TR/Fake.Rean.3394, TR/PSW.Fareit.A.64
    Plagegeister aller Art und deren Bekämpfung - 19.12.2011 (30)
  13. TR/Crypt.XPACK.Gen und TR/Crypt.ZPACK.Gen2 gefunden PC extrem langsam
    Log-Analyse und Auswertung - 19.10.2011 (8)
  14. TR/Crypt.ZPACK.Gen2
    Log-Analyse und Auswertung - 19.05.2011 (20)
  15. TR/Crypt.ZPACK.Gen sowie -Gen2
    Plagegeister aller Art und deren Bekämpfung - 13.12.2010 (18)
  16. TR/Crypt.ZPack.Gen2
    Antiviren-, Firewall- und andere Schutzprogramme - 30.11.2010 (3)
  17. TR/dldr.swizzor.gen2, TR/crypt.xpack.gen, TR/crypt.zpack.gen unter Windows XP
    Plagegeister aller Art und deren Bekämpfung - 16.06.2010 (15)

Zum Thema tr/crypt.zpack.gen2 - Hallo, Anti Vir hat mir heute angezeigt, dass "Skype.exe" von o.g. virus befallen sei. Habe dann meine skype.exe datei bei virustotal hochgeladen, wobei nichts gefunden wurde, außer bei bei Rising: - tr/crypt.zpack.gen2...
Archiv
Du betrachtest: tr/crypt.zpack.gen2 auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.