|
Log-Analyse und Auswertung: TR/Spy.SpyEyes.gps von AntiVir gefundenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
22.04.2011, 09:18 | #1 |
| TR/Spy.SpyEyes.gps von AntiVir gefunden Hallo zusammen, AntiVir hat mir gestern folgenden Fund gemeldet: Code:
ATTFilter In der Datei 'C:\polaroidexe\polaroidexe.exe' wurde ein Virus oder unerwünschtes Programm 'TR/Spy.SpyEyes.gps' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern Code:
ATTFilter Die Datei 'C:\polaroidexe\polaroidexe.exe' enthielt einen Virus oder unerwünschtes Programm 'TR/Spy.SpyEyes.gps' [trojan]. Durchgeführte Aktion(en): Der Registrierungseintrag <HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\B494E216C2DCD6D7> konnte nicht entfernt werden. Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4b123ace.qua' verschoben! Dennoch hoffe ich, dass jemand von euch mir helfen kann, mein System vielleicht anderweitig zu säubern. In anderen Threads scheint dies gelungen zu sein und deshalb wäre ich für eure Hilfe sehr dankbar! Habe die Anleitung entsprechend durchgearbeitet und hier sind die Log Files. Vielen Dank vorab für eure Antwort! OTL.txt Code:
ATTFilter OTL logfile created on: 22.04.2011 09:33:27 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\********\Desktop Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 56,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 80,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 890,41 Gb Total Space | 782,32 Gb Free Space | 87,86% Space Free | Partition Type: NTFS Drive D: | 40,00 Gb Total Space | 29,12 Gb Free Space | 72,81% Space Free | Partition Type: NTFS Computer Name: DESKTOP | User Name: ******** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.04.22 09:24:21 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\********\Desktop\OTL.exe PRC - [2011.04.21 18:22:15 | 002,146,496 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe PRC - [2011.04.19 18:03:25 | 001,190,680 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe PRC - [2011.04.08 16:28:14 | 000,220,552 | ---- | M] (Geek Software GmbH) -- C:\Program Files\PDF24\pdf24.exe PRC - [2011.03.16 20:38:46 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2011.02.06 17:17:27 | 000,234,784 | ---- | M] (Apple Inc.) -- C:\Program Files\AirPrint\airprint.exe PRC - [2010.11.14 13:37:58 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.11.14 13:37:58 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2010.08.24 11:38:18 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe PRC - [2010.04.02 10:18:54 | 001,185,112 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE PRC - [2010.01.14 21:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2010.01.08 15:23:58 | 000,303,104 | ---- | M] (Wistron Corporation) -- C:\Program Files\RemoteKeySrv\RemoteKeySrv.exe PRC - [2009.12.29 19:50:10 | 000,678,432 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe PRC - [2009.12.09 19:02:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2009.11.07 04:46:52 | 000,020,480 | ---- | M] (X10) -- C:\Program Files\Common Files\X10\Common\X10nets.exe PRC - [2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.07.14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2009.07.14 03:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2009.07.01 19:03:12 | 002,352,416 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe PRC - [2009.07.01 19:03:12 | 000,795,936 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe PRC - [2009.07.01 19:03:12 | 000,582,944 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe PRC - [2009.02.03 15:53:00 | 001,155,072 | ---- | M] (MAGIX AG) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe PRC - [2007.07.24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe ========== Modules (SafeList) ========== MOD - [2011.04.22 09:24:21 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\********\Desktop\OTL.exe MOD - [2010.08.21 07:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll MOD - [2009.07.14 03:16:12 | 000,145,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\powrprof.dll MOD - [2009.07.14 03:15:50 | 001,386,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvbvm60.dll MOD - [2009.07.14 03:15:50 | 000,120,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvfw32.dll MOD - [2009.07.14 03:15:13 | 000,453,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dsound.dll MOD - [2009.07.01 19:03:26 | 000,226,592 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BtMmHook.dll ========== Win32 Services (SafeList) ========== SRV - [2011.04.21 18:22:15 | 002,146,496 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service) SRV - [2011.03.16 20:38:46 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.02.06 17:17:27 | 000,234,784 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\AirPrint\Airprint.exe -- (AirPrint) SRV - [2010.11.14 13:37:58 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2010.08.24 11:38:18 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService) SRV - [2010.01.08 15:23:58 | 000,303,104 | ---- | M] (Wistron Corporation) [Auto | Running] -- C:\Program Files\RemoteKeySrv\RemoteKeySrv.exe -- (RemoteKeySrv) SRV - [2009.12.09 19:02:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R) SRV - [2009.11.07 04:46:52 | 000,020,480 | ---- | M] (X10) [Auto | Running] -- C:\Program Files\Common Files\X10\Common\X10nets.exe -- (x10nets) SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009.07.01 19:03:12 | 000,582,944 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins) SRV - [2009.02.03 15:53:00 | 001,155,072 | ---- | M] (MAGIX AG) [Unknown | Running] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs) SRV - [2008.08.07 11:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) SRV - [2007.07.24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) ========== Driver Services (SafeList) ========== DRV - [2011.04.19 02:00:29 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd) DRV - [2011.04.19 02:00:28 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer) DRV - [2011.03.18 00:33:32 | 000,049,240 | ---- | M] (NCH Software) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stdriver32.sys -- (stdriver) DRV - [2011.03.16 20:38:46 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2010.12.04 12:33:03 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd) DRV - [2010.11.25 21:10:54 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2010.04.01 18:20:05 | 000,013,824 | ---- | M] (LoteSoft Co.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\splitcam.sys -- (SPLITCAM) DRV - [2010.03.29 20:20:26 | 000,223,440 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\System32\drivers\truecrypt.sys -- (truecrypt) DRV - [2010.03.02 05:57:12 | 001,006,624 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8192se.sys -- (rtl8192se) DRV - [2010.01.07 10:05:26 | 000,182,304 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\RtsUStor.sys -- (RSUSBSTOR) DRV - [2009.12.22 14:43:16 | 001,558,368 | ---- | M] (NXP Semiconductors Germany GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NxpCap.sys -- (NxpCap) DRV - [2009.12.03 12:26:22 | 009,941,512 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2009.10.29 12:20:40 | 000,010,360 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\system32\DRIVERS\hidkmdf.sys -- (hidkmdf) DRV - [2009.10.29 12:20:38 | 000,022,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\system32\DRIVERS\NW1950.sys -- (NW1950) DRV - [2009.10.13 14:03:28 | 000,067,688 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA) DRV - [2009.07.14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp) DRV - [2009.07.14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2009.07.01 13:46:20 | 000,043,944 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btusbflt.sys -- (btusbflt) DRV - [2009.05.13 13:47:30 | 000,027,160 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\x10ufx2.sys -- (XUIF) DRV - [2009.05.13 13:26:26 | 000,013,720 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\x10hid.sys -- (X10Hid) DRV - [2009.05.11 09:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2005.12.08 15:33:40 | 000,004,096 | ---- | M] (Wistron) [Kernel | On_Demand | Running] -- C:\Program Files\RemoteKeySrv\GENPORT.sys -- (genport) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://webmail.havigs.com/ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "about:blank" FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:4.0 FF - prefs.js..extensions.enabledItems: {99B98C2C-7274-45a3-A640-D9DF1A1C8460}:1.4 FF - prefs.js..extensions.enabledItems: {338B4DFE-2E2C-4338-9E41-E176D497299E}:1.0.0 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.4 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.03.22 21:23:34 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.03.22 21:23:34 | 000,000,000 | ---D | M] [2010.03.31 16:53:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\********\AppData\Roaming\mozilla\Extensions [2010.03.31 16:53:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\********\AppData\Roaming\mozilla\Extensions\home2@tomtom.com [2011.04.07 19:39:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\********\AppData\Roaming\mozilla\Firefox\Profiles\lmsewdbk.default\extensions [2010.04.01 18:19:15 | 000,000,000 | ---D | M] (SplitCam Toolbar) -- C:\Users\********\AppData\Roaming\mozilla\Firefox\Profiles\lmsewdbk.default\extensions\{338B4DFE-2E2C-4338-9E41-E176D497299E} [2010.03.30 00:50:30 | 000,000,000 | ---D | M] (CookieCuller) -- C:\Users\********\AppData\Roaming\mozilla\Firefox\Profiles\lmsewdbk.default\extensions\{99B98C2C-7274-45a3-A640-D9DF1A1C8460} [2011.04.02 23:20:38 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\********\AppData\Roaming\mozilla\Firefox\Profiles\lmsewdbk.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2011.03.22 00:34:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2010.03.30 00:15:16 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2010.09.18 17:41:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.10.24 23:38:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.01.09 01:27:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011.03.13 13:59:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} File not found (No name found) -- () (No name found) -- C:\USERS\********\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LMSEWDBK.DEFAULT\EXTENSIONS\{C0C9A2C7-2E5C-4447-BC53-97718BC91E1B}.XPI [2011.03.22 21:23:27 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll [2011.02.02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll [2011.03.22 21:23:29 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2011.03.22 21:23:29 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml [2011.03.22 21:23:30 | 000,001,153 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml [2011.03.22 21:23:30 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml [2011.03.22 21:23:30 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml [2011.03.22 21:23:30 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (SMTTB2009 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\SplitCam Toolbar\tbcore3.dll () O3 - HKLM\..\Toolbar: (SplitCam Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\SplitCam Toolbar\tbcore3.dll () O3 - HKCU\..\Toolbar\WebBrowser: (SplitCam Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\SplitCam Toolbar\tbcore3.dll () O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [PDFPrint] C:\Program Files\PDF24\pdf24.exe (Geek Software GmbH) O4 - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe (Realtek Semiconductor) O4 - HKCU..\Run: [ccleaner] C:\Program Files\CCleaner\ccleaner.exe (Piriform Ltd) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - File not found O9 - Extra Button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.) O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe () O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpReg: TkBellExe - hkey= - key= - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) MsConfig - StartUpReg: TomTomHOME.exe - hkey= - key= - C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom) ========== Files/Folders - Created Within 30 Days ========== [2011.04.22 09:31:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\ERUNT [2011.04.22 09:31:47 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT [2011.04.22 09:24:19 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\********\Desktop\Erunt-setup.exe [2011.04.22 09:24:19 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\********\Desktop\OTL.exe [2011.04.22 09:24:19 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\********\Desktop\TFC.exe [2011.04.21 22:53:54 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2011.04.21 22:53:54 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2011.04.21 22:53:54 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2011.04.21 22:53:29 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2011.04.21 22:53:25 | 000,000,000 | --SD | C] -- C:\cofi [2011.04.21 22:51:37 | 000,000,000 | ---D | C] -- C:\Qoobox [2011.04.21 22:50:38 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe [2011.04.21 22:44:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2011.04.21 22:44:21 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy [2011.04.21 20:28:43 | 000,064,512 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys [2011.04.21 20:28:41 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys [2011.04.21 20:28:08 | 000,000,000 | ---D | C] -- C:\Users\********\AppData\Local\Sunbelt Software [2011.04.21 20:27:33 | 000,000,000 | -H-D | C] -- C:\ProgramData\{AA5544E4-9BBC-419B-9204-40B5924D26AA} [2011.04.21 20:27:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\Lavasoft [2011.04.21 20:27:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft [2011.04.21 20:27:24 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft [2011.04.17 15:57:05 | 000,000,000 | ---D | C] -- C:\Users\********\Documents\Bewerbung [2011.04.17 11:26:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\PDF24 [2011.04.10 13:07:05 | 000,000,000 | ---D | C] -- C:\Users\********\AppData\Roaming\Malwarebytes [2011.04.10 12:48:24 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.04.10 12:48:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\Malwarebytes' Anti-Malware [2011.04.10 12:48:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.04.10 12:48:20 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.04.10 12:48:19 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2011.04.10 12:25:38 | 000,000,000 | ---D | C] -- C:\Users\********\AppData\Roaming\Quwe [2011.04.10 12:25:38 | 000,000,000 | ---D | C] -- C:\Users\********\AppData\Roaming\Qesew [2011.04.07 22:54:32 | 000,000,000 | ---D | C] -- C:\Users\********\AppData\Roaming\kock [2011.04.07 19:23:20 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJEGV [2011.04.05 22:33:49 | 000,000,000 | ---D | C] -- C:\Users\********\AppData\Local\PDF24 [2011.04.05 22:31:23 | 000,000,000 | ---D | C] -- C:\Program Files\PDF24 [2011.04.05 22:20:39 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJScan [2011.04.05 22:11:44 | 000,000,000 | ---D | C] -- C:\ProgramData\CanonIJWSpt [2011.04.05 22:10:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\Canon CanoScan LiDE 210 Manual [2011.04.05 22:10:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\CanoScan LiDE 210 [2011.03.31 20:12:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\VideoLAN [2004.11.24 21:25:52 | 000,335,872 | ---- | C] ( ) -- C:\Windows\System32\drvc.dll ========== Files - Modified Within 30 Days ========== [2011.04.22 09:33:45 | 000,009,696 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.04.22 09:33:45 | 000,009,696 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.04.22 09:31:47 | 000,000,862 | ---- | M] () -- C:\Users\********\Desktop\NTREGOPT.lnk [2011.04.22 09:31:47 | 000,000,843 | ---- | M] () -- C:\Users\********\Desktop\ERUNT.lnk [2011.04.22 09:31:01 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.04.22 09:30:47 | 000,657,438 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.04.22 09:30:47 | 000,618,714 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.04.22 09:30:47 | 000,130,810 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.04.22 09:30:47 | 000,107,034 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.04.22 09:26:34 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.04.22 09:26:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.04.22 09:25:56 | 2414,432,256 | -HS- | M] () -- C:\hiberfil.sys [2011.04.22 09:24:23 | 000,301,568 | ---- | M] () -- C:\Users\********\Desktop\g2m3e4r.exe [2011.04.22 09:24:22 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\********\Desktop\Erunt-setup.exe [2011.04.22 09:24:21 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\********\Desktop\OTL.exe [2011.04.22 09:24:21 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\********\Desktop\TFC.exe [2011.04.22 01:53:01 | 000,237,568 | ---- | M] () -- C:\Windows\System32\rmc_rtspdl.dll [2011.04.22 01:53:01 | 000,156,672 | ---- | M] (Radioactive) -- C:\Windows\System32\rmc_fixasf.exe [2011.04.22 00:12:14 | 002,302,976 | ---- | M] () -- C:\Users\********\Kontakte_2104.pst [2011.04.22 00:11:42 | 008,397,824 | ---- | M] () -- C:\Users\********\Ablage_2104.pst [2011.04.22 00:10:37 | 006,366,208 | ---- | M] () -- C:\Users\********\backup.pst [2011.04.21 20:28:55 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat [2011.04.21 20:28:55 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat [2011.04.21 20:28:40 | 000,098,392 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys [2011.04.21 20:27:33 | 000,001,072 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk [2011.04.19 02:00:29 | 000,064,512 | ---- | M] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys [2011.04.18 12:23:39 | 000,016,432 | ---- | M] () -- C:\Windows\System32\lsdelete.exe [2011.04.17 11:26:16 | 000,001,782 | ---- | M] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk [2011.04.17 10:45:07 | 000,468,888 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.04.05 22:11:45 | 000,001,989 | ---- | M] () -- C:\Users\Public\Desktop\Canon Solution Menu EX.lnk [2011.04.05 22:10:42 | 000,002,286 | ---- | M] () -- C:\Users\Public\Desktop\Canon CanoScan LiDE 210 Online-Handbuch.lnk [2011.04.03 17:57:56 | 000,448,224 | ---- | M] () -- C:\Users\********\Documents\Amazon-Gift-Card_Michi 2011.pdf [2011.03.31 20:20:26 | 000,000,933 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk ========== Files Created - No Company Name ========== [2011.04.22 09:31:47 | 000,000,862 | ---- | C] () -- C:\Users\********\Desktop\NTREGOPT.lnk [2011.04.22 09:31:47 | 000,000,843 | ---- | C] () -- C:\Users\********\Desktop\ERUNT.lnk [2011.04.22 09:24:19 | 000,301,568 | ---- | C] () -- C:\Users\********\Desktop\g2m3e4r.exe [2011.04.22 00:11:54 | 002,302,976 | ---- | C] () -- C:\Users\********\Kontakte_2104.pst [2011.04.22 00:11:12 | 008,397,824 | ---- | C] () -- C:\Users\********\Ablage_2104.pst [2011.04.22 00:10:34 | 006,366,208 | ---- | C] () -- C:\Users\********\backup.pst [2011.04.21 22:53:54 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe [2011.04.21 22:53:54 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2011.04.21 22:53:54 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe [2011.04.21 22:53:54 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2011.04.21 22:53:54 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2011.04.21 22:38:47 | 000,016,432 | ---- | C] () -- C:\Windows\System32\lsdelete.exe [2011.04.21 20:28:55 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat [2011.04.21 20:28:55 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat [2011.04.21 20:27:33 | 000,001,072 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk [2011.04.17 11:26:16 | 000,001,782 | ---- | C] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk [2011.04.05 22:11:45 | 000,001,989 | ---- | C] () -- C:\Users\Public\Desktop\Canon Solution Menu EX.lnk [2011.04.05 22:10:42 | 000,002,286 | ---- | C] () -- C:\Users\Public\Desktop\Canon CanoScan LiDE 210 Online-Handbuch.lnk [2011.04.05 22:10:18 | 000,393,256 | ---- | C] () -- C:\Windows\System32\CNQ4809N.DAT [2011.04.03 17:57:56 | 000,448,224 | ---- | C] () -- C:\Users\********\Documents\Amazon-Gift-Card_Michi 2011.pdf [2010.10.17 13:31:26 | 065,169,605 | ---- | C] () -- C:\Users\********\AppData\Local\altu.flv [2010.10.17 13:31:26 | 065,169,605 | ---- | C] () -- C:\Program Files\altu.flv [2010.10.11 22:25:44 | 022,373,229 | ---- | C] () -- C:\Users\********\AppData\Local\P1D.flv [2010.05.15 18:35:36 | 000,056,320 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll [2010.05.13 18:04:27 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI [2010.04.18 10:44:54 | 000,003,584 | ---- | C] () -- C:\Users\********\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.04.11 23:58:50 | 003,620,216 | ---- | C] () -- C:\Users\********\AppData\Local\vluvsladygagas webcam video April 11 2010 0253 PM.flv [2010.04.01 18:34:49 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll [2010.03.30 01:46:29 | 000,237,568 | ---- | C] () -- C:\Windows\System32\rmc_rtspdl.dll [2010.03.30 00:29:03 | 000,056,880 | ---- | C] () -- C:\Windows\System32\scvideo.dll [2010.03.30 00:15:54 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat [2010.03.29 21:27:29 | 000,000,162 | ---- | C] () -- C:\Windows\ODBC.INI [2010.03.03 02:00:00 | 001,449,935 | ---- | C] () -- C:\Windows\System32\ffmpegmt.dll [2010.03.03 02:00:00 | 000,882,688 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2010.03.03 02:00:00 | 000,336,384 | ---- | C] () -- C:\Windows\System32\ff_libfaad2.dll [2010.03.03 02:00:00 | 000,324,096 | ---- | C] () -- C:\Windows\System32\TomsMoComp_ff.dll [2010.03.03 02:00:00 | 000,248,320 | ---- | C] () -- C:\Windows\System32\ff_kernelDeint.dll [2010.03.03 02:00:00 | 000,216,576 | ---- | C] () -- C:\Windows\System32\ff_libdts.dll [2010.03.03 02:00:00 | 000,169,984 | ---- | C] () -- C:\Windows\System32\ff_samplerate.dll [2010.03.03 02:00:00 | 000,151,552 | ---- | C] () -- C:\Windows\System32\ff_libmad.dll [2010.03.03 02:00:00 | 000,145,408 | ---- | C] () -- C:\Windows\System32\libmpeg2_ff.dll [2010.03.03 02:00:00 | 000,121,856 | ---- | C] () -- C:\Windows\System32\ff_liba52.dll [2010.03.03 02:00:00 | 000,116,736 | ---- | C] () -- C:\Windows\System32\ff_tremor.dll [2010.03.03 02:00:00 | 000,097,792 | ---- | C] () -- C:\Windows\System32\ff_unrar.dll [2010.01.10 07:44:49 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll [2010.01.08 10:39:19 | 000,451,072 | ---- | C] () -- C:\Windows\System32\ISSRemoveSP.exe [2010.01.08 10:05:02 | 000,149,504 | ---- | C] () -- C:\Windows\unwise32_setup.exe [2010.01.08 10:05:02 | 000,127,184 | ---- | C] () -- C:\Windows\Unwise.exe [2010.01.08 09:57:53 | 000,013,224 | ---- | C] () -- C:\Windows\System32\drivers\RtPCEE3.DAT [2010.01.07 10:22:31 | 000,007,648 | ---- | C] () -- C:\Windows\System32\716xCoInstaller.dll [2010.01.07 10:22:31 | 000,000,480 | ---- | C] () -- C:\Windows\11317231_001416BE_ca.bin [2010.01.07 10:22:31 | 000,000,480 | ---- | C] () -- C:\Windows\11317231_001316BE_ca.bin [2010.01.07 10:22:31 | 000,000,480 | ---- | C] () -- C:\Windows\11317231_001216BE_ca.bin [2009.12.03 09:27:28 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll [2009.12.03 00:50:04 | 000,041,808 | ---- | C] () -- C:\Windows\System32\nvcoproc.bin [2009.12.03 00:50:00 | 000,330,344 | ---- | C] () -- C:\Windows\System32\easyUpdatusAPIU.dll [2009.11.14 20:37:08 | 000,154,112 | ---- | C] () -- C:\Windows\System32\ts.dll [2009.11.14 20:33:40 | 000,357,888 | ---- | C] () -- C:\Windows\System32\gdsmux.exe [2009.11.14 20:33:38 | 000,249,856 | ---- | C] () -- C:\Windows\System32\dxr.dll [2009.11.14 20:11:50 | 000,093,184 | ---- | C] () -- C:\Windows\System32\avss.dll [2009.11.14 20:11:42 | 000,150,016 | ---- | C] () -- C:\Windows\System32\mkx.dll [2009.11.14 20:11:42 | 000,141,824 | ---- | C] () -- C:\Windows\System32\mp4.dll [2009.11.14 20:11:40 | 000,123,392 | ---- | C] () -- C:\Windows\System32\ogm.dll [2009.11.14 20:11:40 | 000,109,568 | ---- | C] () -- C:\Windows\System32\avi.dll [2009.11.14 20:11:38 | 000,097,792 | ---- | C] () -- C:\Windows\System32\avs.dll [2009.11.14 20:11:36 | 000,136,704 | ---- | C] () -- C:\Windows\System32\mkv2vfr.exe [2009.11.14 20:11:36 | 000,113,152 | ---- | C] () -- C:\Windows\System32\dsmux.exe [2009.11.14 20:11:32 | 000,080,384 | ---- | C] () -- C:\Windows\System32\mkzlib.dll [2009.11.14 20:11:32 | 000,024,576 | ---- | C] () -- C:\Windows\System32\mkunicode.dll [2009.10.29 12:20:42 | 008,824,824 | ---- | C] () -- C:\Windows\System32\drivers\NWTransLib.sys [2009.10.29 12:20:38 | 000,022,392 | ---- | C] () -- C:\Windows\System32\drivers\NW1950.sys [2009.08.11 23:21:26 | 000,087,552 | ---- | C] () -- C:\Windows\System32\ac3config.exe [2009.08.03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll [2009.08.03 16:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe [2009.07.14 10:47:43 | 000,657,438 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2009.07.14 10:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2009.07.14 10:47:43 | 000,130,810 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2009.07.14 10:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2009.07.14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 06:33:53 | 000,468,888 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2009.07.14 04:05:48 | 000,618,714 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2009.07.14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2009.07.14 04:05:48 | 000,107,034 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2009.07.14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2009.07.14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2009.07.14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2009.07.14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2009.06.07 18:24:04 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2009.01.11 00:15:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\mmfinfo.dll [2008.12.19 17:15:58 | 004,338,246 | ---- | C] () -- C:\Windows\System32\libavcodec.dll [2008.12.17 19:41:18 | 000,884,237 | ---- | C] () -- C:\Windows\System32\ff_x264.dll [2008.12.17 19:22:58 | 000,093,184 | ---- | C] () -- C:\Windows\System32\ff_wmv9.dll [2008.12.17 19:22:48 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2008.12.17 19:17:34 | 000,239,247 | ---- | C] () -- C:\Windows\System32\ff_theora.dll [2008.12.17 18:59:54 | 000,560,802 | ---- | C] () -- C:\Windows\System32\libmplayer.dll [2008.11.06 18:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll [2007.10.13 11:30:20 | 000,000,137 | ---- | C] () -- C:\Windows\System32\Registration.ini [2007.09.16 16:27:47 | 010,181,784 | ---- | C] () -- C:\Users\********\AppData\Local\Vi7 Small.avi.AVI [2006.11.02 18:10:16 | 000,080,912 | ---- | C] () -- C:\Windows\System32\sherlock2.exe [2004.10.03 19:50:54 | 000,129,024 | ---- | C] () -- C:\Windows\System32\ff_mpeg2enc.dll ========== LOP Check ========== [2010.10.31 15:57:43 | 000,000,000 | ---D | M] -- C:\Users\********\AppData\Roaming\calibre [2011.04.05 22:20:39 | 000,000,000 | ---D | M] -- C:\Users\********\AppData\Roaming\Canon [2010.04.12 18:39:24 | 000,000,000 | ---D | M] -- C:\Users\********\AppData\Roaming\CD-LabelPrint [2010.12.04 12:36:04 | 000,000,000 | ---D | M] -- C:\Users\********\AppData\Roaming\DAEMON Tools Lite [2011.01.24 00:24:04 | 000,000,000 | ---D | M] -- C:\Users\********\AppData\Roaming\GrabPro [2010.10.02 17:07:58 | 000,000,000 | ---D | M] -- C:\Users\********\AppData\Roaming\ICQ [2011.04.07 22:54:32 | 000,000,000 | ---D | M] -- C:\Users\********\AppData\Roaming\kock [2011.01.24 00:36:37 | 000,000,000 | ---D | M] -- C:\Users\********\AppData\Roaming\Orbit [2010.03.29 21:27:12 | 000,000,000 | ---D | M] -- C:\Users\********\AppData\Roaming\PowerCinema [2011.01.23 20:00:33 | 000,000,000 | ---D | M] -- C:\Users\********\AppData\Roaming\ProgSense [2011.04.10 13:14:47 | 000,000,000 | ---D | M] -- C:\Users\********\AppData\Roaming\Qesew [2011.04.10 13:14:36 | 000,000,000 | ---D | M] -- C:\Users\********\AppData\Roaming\Quwe [2010.03.31 16:53:54 | 000,000,000 | ---D | M] -- C:\Users\********\AppData\Roaming\TomTom [2010.09.19 17:47:05 | 000,000,000 | ---D | M] -- C:\Users\********\AppData\Roaming\TrueCrypt [2011.04.18 21:45:52 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2010.04.18 18:31:00 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN [2011.04.21 23:00:11 | 000,000,000 | --SD | M] -- C:\cofi [2010.03.29 17:21:22 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2011.01.23 20:00:33 | 000,000,000 | ---D | M] -- C:\Downloads [2010.01.08 09:32:52 | 000,000,000 | ---D | M] -- C:\Intel [2010.03.29 21:11:59 | 000,000,000 | RH-D | M] -- C:\MSOCache [2011.04.22 09:31:47 | 000,000,000 | ---D | M] -- C:\Program Files [2011.04.21 22:44:21 | 000,000,000 | ---D | M] -- C:\ProgramData [2010.03.29 17:21:22 | 000,000,000 | -HSD | M] -- C:\Programme [2011.04.21 22:53:29 | 000,000,000 | ---D | M] -- C:\Qoobox [2010.03.29 17:21:22 | 000,000,000 | -HSD | M] -- C:\Recovery [2011.04.22 03:00:27 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2010.03.29 17:21:33 | 000,000,000 | R--D | M] -- C:\Users [2011.04.22 09:28:44 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < MD5 for: EXPLORER.EXE > [2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe [2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\explorer.exe [2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe [2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe [2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe [2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe < MD5 for: USERINIT.EXE > [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe [2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-04-22 01:01:47 < End of report > Code:
ATTFilter OTL Extras logfile created on: 22.04.2011 09:33:27 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\********\Desktop Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 56,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 80,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 890,41 Gb Total Space | 782,32 Gb Free Space | 87,86% Space Free | Partition Type: NTFS Drive D: | 40,00 Gb Total Space | 29,12 Gb Free Space | 72,81% Space Free | Partition Type: NTFS Computer Name: DESKTOP | User Name: Matthias | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [Digital Photo Professional] -- C:\Program Files\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "_{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4 "_{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "{07B62101-7EBD-434A-94B1-B38063BE5516}" = CorelDRAW Essentials 4 - PHOTO-PAINT "{0C0670E5-2D51-42C6-ACFF-CBCB65B7DCDB}" = SplitCam "{0C7B9FAF-9C93-4E3A-9EC5-DE553B5771F0}" = Linguatec Voice Reader Studio "{0ED4216F-3540-4D6B-8199-1C8DDEA3924B}" = CorelDRAW Essentials 4 - Lang DE "{10E3699C-3BBE-419F-8085-3AE94E932EAA}" = calibre "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4300" = Canon iP4300 "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4809" = CanoScan LiDE 210 Scanner Driver "{19AC095C-3520-4999-AA15-93B6D0248A50}" = CorelDRAW Essentials 4 - Content "{1E5F3CC6-D390-4393-A2AA-6CEC04F1705A}" = Image Resizer Powertoy Clone for Windows "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = Media Player Classic - Home Cinema v. 1.3.1249.0 "{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Medion Touch Center "{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 24 "{2A697B53-0DE3-42DA-B41D-C3F804B1C538}" = iTunes "{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour "{2D87E961-577B-492B-AD54-1368680FB9A7}" = Bing Maps 3D "{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{34A9406E-1994-4C20-AC72-04CFA2B24545}" = CorelDRAW Essentials 4 - Lang EN "{3576C335-958D-4D60-A812-F68F9A2796AF}" = CorelDRAW Essentials 4 - Lang IT "{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}" = Microsoft XNA Framework Redistributable 3.0 "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology "{3E6F0CAD-EE38-42A5-9EEA-AE17A55BF2D4}" = Firebird SQL Server - MAGIX Edition "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go "{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack "{5176C4D8-E6C1-422A-8D6F-E13EB996DCEA}" = CyberLink YouMemo "{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent "{5500BB35-1C21-4328-9F16-F894B860FADE}" = CorelDRAW Essentials 4 - Lang NL "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime "{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{699D0EFA-5AC2-4DAB-846E-E4EFDA00ACAC}" = RemoteKeySrv "{70AA9B4F-64F7-4B0D-ADD8-05802D61AF72}" = Windows Live Toolbar "{70CC0095-AA68-45BE-AE98-D8170182E9EB}" = PowerCinema Movie "{714F1BA5-F95E-4821-AA70-D30BBE04A5FF}" = NextWindow Drivers "{71BFC818-0CED-42D6-9C87-5142918957EE}" = ICQ7.1 "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{72BF1DA0-2B00-4794-9173-159722019B74}" = CyberLink YouPaint "{76E852ED-1B06-4BC8-9D6A-625DB95FB7E5}" = CorelDRAW Essentials 4 - IPM - No VBA "{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow "{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 2.9.7 "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista and Later "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86) "{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update "{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules "{8FF90DB8-6DED-44A3-B182-244FEC09012F}" = Microsoft Touch Pack for Windows 7 "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-0000-0000-0000000FF1CE}" = Microsoft Office Outlook 2007 "{90120000-001A-0000-0000-0000000FF1CE}_OUTLOOK_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-0000-0000-0000000FF1CE}_OUTLOOK_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}_PRJPRO_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}_VISPRO_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}_PRJPRO_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}_VISPRO_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}_PRJPRO_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}_VISPRO_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0410-0000-0000000FF1CE}_PRJPRO_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0410-0000-0000000FF1CE}_VISPRO_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{90120000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2007 "{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{9E73617F-2F38-4864-BD61-BB2DDFE43323}" = Microsoft Office Project 2007 Service Pack 2 (SP2) "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007 "{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{0FD405D3-CAF8-4CA6-8BFD-911D2F8A6585}" = Microsoft Office Visio 2007 Service Pack 2 (SP2) "{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{90120000-0054-0407-0000-0000000FF1CE}" = Microsoft Office Visio MUI (German) 2007 "{90120000-0054-0407-0000-0000000FF1CE}_VISPRO_{60CC0F2D-BFA0-4851-903D-809D876DD87B}" = Microsoft Office Visio 2007 Service Pack 2 (SP2) "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-006E-0407-0000-0000000FF1CE}_PRJPRO_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-006E-0407-0000-0000000FF1CE}_VISPRO_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00B4-0407-0000-0000000FF1CE}" = Microsoft Office Project MUI (German) 2007 "{90120000-00B4-0407-0000-0000000FF1CE}_PRJPRO_{16809599-3C53-4A9A-A7E2-74A6D0D2C007}" = Microsoft Office Project 2007 Service Pack 2 (SP2) "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{9043B9A0-9505-405B-8202-E7167A38A89C}" = CorelDRAW Essentials 4 "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader "{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 4.1 "{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9D3D8C60-A55F-4fed-B2B9-173F09590E16}" = REALTEK Wireless LAN Driver "{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software "{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker "{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AB770FDE-8087-4C98-9A85-BD64262C104C}" = Medion Home Cinema "{ABD8B955-1C69-4AF3-949B-13CD587C175F}" = CorelDRAW Essentials 4 - Lang BR "{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3 - Deutsch "{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0 "{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer "{B9FA9F15-A1F3-4DB1-AD49-0B9351843FAA}" = CorelDRAW Essentials 4 - Draw "{BA9319FE-BCEF-4C99-8039-F464648D046E}" = CorelDRAW Essentials 4 - Lang FR "{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU] "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86) "{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4 - ICA "{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint "{C682F3F0-00A6-4379-B083-4F3273624D7B}" = CorelDRAW Essentials 4 - Lang ES "{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support "{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector "{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86 "{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2 "{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call "{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow "{DCD786A9-31EF-4D35-B7CC-EFB8F548AEE2}" = O&O SafeErase "{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware "{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer "{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy "{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F16841F6-5F0F-4DBE-B318-63CEB916F21D}" = CorelDRAW Essentials 4 - Filters "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729) "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01 "{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0 "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Ad-Aware" = Ad-Aware "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "Applian Director1.1" = Applian Director "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "AVS Update Manager_is1" = AVS Update Manager 1.0 "AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3 "AVS4YOU Video Converter 6_is1" = AVS Video Converter 6 "Camtasia Studio 3" = Camtasia Studio 3 "Canon iP4300 Benutzerregistrierung" = Canon iP4300 Benutzerregistrierung "Canon Setup Utility 2.3" = Canon Setup Utility 2.3 "CanonSolutionMenuEX" = Canon Solution Menu EX "CCleaner" = CCleaner "Cole2k Media - Codec Pack" = Cole2k Media - Codec Pack (Advanced) 7.9.1 "Debut" = Debut Video Capture Software "DivX Setup.divx.com" = DivX-Setup "DPP" = Canon Utilities Digital Photo Professional 3.4 "Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint "Easy-PrintToolBox" = Canon Utilities Easy-PrintToolBox "ENTERPRISE" = Microsoft Office Enterprise 2007 "EOS Utility" = Canon Utilities EOS Utility "ERUNT_is1" = ERUNT 1.1j "FLV Player" = FLV Player 2.0 (build 25) "Indeo® Software" = Indeo® Software "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Medion Touch Center "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go "InstallShield_{5176C4D8-E6C1-422A-8D6F-E13EB996DCEA}" = CyberLink YouMemo "InstallShield_{72BF1DA0-2B00-4794-9173-159722019B74}" = CyberLink YouPaint "InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow "InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9 "InstallShield_{AB770FDE-8087-4C98-9A85-BD64262C104C}" = Medion Home Cinema "InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector "InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow "JDownloader" = JDownloader "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "MediaNavigation.CDLabelPrint" = CD-LabelPrint "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Mozilla Firefox 4.0 (x86 de)" = Mozilla Firefox 4.0 (x86 de) "MP Navigator EX 4.0" = Canon MP Navigator EX 4.0 "NVIDIA Drivers" = NVIDIA Drivers "OUTLOOK" = Microsoft Office Outlook 2007 "Picture Style Editor" = Canon Utilities Picture Style Editor "PRJPRO" = Microsoft Office Project Professional 2007 "RealPlayer 12.0" = RealPlayer "Replay Media Catcher 3.11" = Replay Media Catcher "SplitCam Toolbar" = SplitCam Toolbar "TomTom HOME" = TomTom HOME 2.7.6.2056 "TrueCrypt" = TrueCrypt "VISPRO" = Microsoft Office Visio Professional 2007 "VLC media player" = VLC media player 1.1.8 "WinLiveSuite_Wave3" = Windows Live Essentials "X10Hardware" = X10 Hardware(TM) "XP Codec Pack" = XP Codec Pack "Yahoo! Messenger" = Yahoo! Messenger ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 17.04.2011 14:08:27 | Computer Name = Desktop | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 2278 Error - 17.04.2011 14:08:27 | Computer Name = Desktop | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 2278 Error - 17.04.2011 14:08:28 | Computer Name = Desktop | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 17.04.2011 14:08:28 | Computer Name = Desktop | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 3417 Error - 17.04.2011 14:08:28 | Computer Name = Desktop | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 3417 Error - 18.04.2011 13:31:09 | Computer Name = Desktop | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: taskeng.exe, Version: 6.1.7600.16699, Zeitstempel: 0x4ccf7a97 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000703bb ID des fehlerhaften Prozesses: 0x9f0 Startzeit der fehlerhaften Anwendung: 0x01cbfdee56cc8d68 Pfad der fehlerhaften Anwendung: C:\Windows\system32\taskeng.exe Pfad des fehlerhaften Moduls: unknown Berichtskennung: a53e180c-69e1-11e0-94de-1c4bd6033cb2 Error - 20.04.2011 12:01:41 | Computer Name = Desktop | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: DllHost.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc6b7 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16695, Zeitstempel: 0x4cc7ab44 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00075c8c ID des fehlerhaften Prozesses: 0x58c Startzeit der fehlerhaften Anwendung: 0x01cbff7419fdeafc Pfad der fehlerhaften Anwendung: C:\Windows\system32\DllHost.exe Pfad des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: 7af205e8-6b67-11e0-b00c-1c4bd6033cb2 Error - 21.04.2011 14:27:58 | Computer Name = Desktop | Source = Lavasoft Ad-Aware Service | ID = 0 Description = Error - 21.04.2011 16:54:20 | Computer Name = Desktop | Source = VSS | ID = 8193 Description = Error - 21.04.2011 21:00:12 | Computer Name = Desktop | Source = VSS | ID = 8193 Description = [ Media Center Events ] Error - 23.08.2010 18:42:45 | Computer Name = Desktop | Source = MCUpdate | ID = 0 Description = 00:42:45 - MCESpotlight konnte nicht abgerufen werden (Fehler: Die Verbindung mit dem Remoteserver kann nicht hergestellt werden.) Error - 23.08.2010 18:43:29 | Computer Name = Desktop | Source = MCUpdate | ID = 0 Description = 00:43:28 - Broadband konnte nicht abgerufen werden (Fehler: Die Verbindung mit dem Remoteserver kann nicht hergestellt werden.) Error - 24.08.2010 14:00:45 | Computer Name = Desktop | Source = MCUpdate | ID = 0 Description = 20:00:45 - Directory konnte nicht abgerufen werden (Fehler: Die Verbindung mit dem Remoteserver kann nicht hergestellt werden.) Error - 09.09.2010 13:45:14 | Computer Name = Desktop | Source = MCUpdate | ID = 0 Description = 19:45:14 - MCEClientUX konnte nicht abgerufen werden (Fehler: Die Verbindung mit dem Remoteserver kann nicht hergestellt werden.) [ OSession Events ] Error - 22.03.2011 17:05:45 | Computer Name = Desktop | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 378 seconds with 180 seconds of active time. This session ended with a crash. [ System Events ] Error - 23.11.2010 17:38:26 | Computer Name = Desktop | Source = bowser | ID = 8003 Description = Error - 28.11.2010 07:22:04 | Computer Name = Desktop | Source = bowser | ID = 8003 Description = Error - 28.11.2010 09:19:19 | Computer Name = Desktop | Source = bowser | ID = 8003 Description = Error - 28.11.2010 11:48:04 | Computer Name = Desktop | Source = bowser | ID = 8003 Description = Error - 02.12.2010 17:45:17 | Computer Name = Desktop | Source = bowser | ID = 8003 Description = Error - 03.12.2010 04:31:38 | Computer Name = Desktop | Source = bowser | ID = 8003 Description = Error - 03.12.2010 11:16:24 | Computer Name = Desktop | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden. Error - 03.12.2010 11:20:38 | Computer Name = Desktop | Source = Ntfs | ID = 262281 Description = Auf dem Volume "H:" konnte der Transaktionsressourcen-Manager aufgrund eines nicht wiederholbaren Fehlers nicht gestartet werden. Der Fehlercode ist in den Daten enthalten. Error - 03.12.2010 12:35:45 | Computer Name = Desktop | Source = bowser | ID = 8003 Description = Error - 04.12.2010 06:34:52 | Computer Name = Desktop | Source = NetBT | ID = 4321 Description = Der Name "WORKGROUP :1d" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.2.104 registriert werden. Der Computer mit IP-Adresse 192.168.2.1 hat nicht zugelassen, dass dieser Computer diesen Namen verwendet. < End of report > Code:
ATTFilter GMER 1.0.15.15570 - hxxp://www.gmer.net Rootkit scan 2011-04-22 09:59:54 Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\iaStor0 WDC_WD10 rev.80.0 Running: g2m3e4r.exe; Driver: C:\Users\********\AppData\Local\Temp\fwldapoc.sys ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwSaveKeyEx + 13BD 83247589 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 8326C092 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} ? System32\Drivers\spfi.sys Das System kann den angegebenen Pfad nicht finden. ! .text USBPORT.SYS!DllUnload 917A4CA0 5 Bytes JMP 88A251D8 ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 8663B1F8 Device \Driver\NetBT \Device\NetBT_Tcpip_{0B8F75AA-6092-423F-8182-9C35D08FA678} 88A3C1F8 Device \Driver\volmgr \Device\VolMgrControl 8597D1F8 Device \Driver\usbuhci \Device\USBPDO-0 88A361F8 Device \Driver\usbuhci \Device\USBPDO-1 88A361F8 Device \Driver\usbuhci \Device\USBPDO-2 88A361F8 Device \Driver\usbehci \Device\USBPDO-3 86691500 Device \Driver\usbuhci \Device\USBPDO-4 88A361F8 Device \Driver\usbuhci \Device\USBPDO-5 88A361F8 Device \Driver\usbuhci \Device\USBPDO-6 88A361F8 Device \Driver\volmgr \Device\HarddiskVolume1 8597D1F8 AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) Device \Driver\usbehci \Device\USBPDO-7 86691500 Device \Driver\volmgr \Device\HarddiskVolume2 8597D1F8 AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) Device \Driver\cdrom \Device\CdRom0 88A5C1F8 Device \Driver\iaStor -> DriverStartIo \Device\Ide\iaStor0 88BCAAEA Device \Driver\iaStor \Device\Ide\iaStor0 [8BA7C960] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\iaStor -> DriverStartIo \Device\Ide\IAAStorageDevice-0 88BCAAEA Device \Driver\iaStor \Device\Ide\IAAStorageDevice-0 [8BA7C960] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\volmgr \Device\HarddiskVolume3 8597D1F8 AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) Device \Driver\volmgr \Device\HarddiskVolume4 8597D1F8 AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) Device \Driver\NetBT \Device\NetBt_Wins_Export 88A3C1F8 Device \Driver\ACPI_HAL \Device\0000004b halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) Device \Driver\NetBT \Device\NetBT_Tcpip_{C01B1037-EBDE-4812-918C-42D7B7594353} 88A3C1F8 Device \Driver\BTHUSB \Device\00000089 bthport.sys (Bluetooth-Bustreiber/Microsoft Corporation) Device \Driver\BTHUSB \Device\00000089 bthport.sys (Bluetooth-Bustreiber/Microsoft Corporation) Device \Driver\NetBT \Device\NetBT_Tcpip_{7A5F3B8D-398E-416E-83ED-75B499643A19} 88A3C1F8 Device \Driver\usbuhci \Device\USBFDO-0 88A361F8 Device \Driver\usbuhci \Device\USBFDO-1 88A361F8 Device \Driver\usbuhci \Device\USBFDO-2 88A361F8 Device \Driver\usbehci \Device\USBFDO-3 86691500 Device \Driver\usbuhci \Device\USBFDO-4 88A361F8 Device \Driver\usbuhci \Device\USBFDO-5 88A361F8 Device \Driver\NetBT \Device\NetBT_Tcpip_{4F7CE2CD-1AA4-4E79-95F5-FAB2ED8FADF3} 88A3C1F8 Device \Driver\BTHUSB \Device\0000008b bthport.sys (Bluetooth-Bustreiber/Microsoft Corporation) Device \Driver\BTHUSB \Device\0000008b bthport.sys (Bluetooth-Bustreiber/Microsoft Corporation) Device \Driver\usbuhci \Device\USBFDO-6 88A361F8 Device \Driver\usbehci \Device\USBFDO-7 86691500 Device \Device\Ide\IAAStorageDevice-1 -> \??\IDE#DiskWDC_WD10EARS-00Y5B1_____________________80.00A80#4&1b2adb9a&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0025d3a14f3d Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0025d3a15499 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\1c4bd6033cb2 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xA2 0xC4 0x49 0xF4 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0025d3a14f3d (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0025d3a15499 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\1c4bd6033cb2 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xA2 0xC4 0x49 0xF4 ... Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OOSAFEERASE04.00.00.01MSWINDOWS 0DCA2D38AAC82F9F01ADBA02A26CA80B243744DB67F39D5C2552B2957B163C93D291408F77FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808FEBC9E127BECC74CBA7FD869164D6794BA7FD869164D67944DC90C7E176435D7B5884736BF660771E6ECE2E676DBF6615D3516A2E81587361B530287B0EB3174CB9DB73ED93807A228050085B34FADDA386087557B1727F5E048C48C4A2AE8BEBB7DBCAA5C0CC63944E896A62765277959A4F545BBDB918A0513B00C7CF38165998BCBBF9E7F12F39E17CD6F8426752C8EB65F18DA74BD3462423ACF947E751A6DCFEB032B9188968BADE34731F97A681AEFD437BCD17239C889E85F95E51293B4763940BF271BE753732A5ACA2D6EA6B04FFE4E79CACDE3F9BFD78934A9788DDDCEE506508892363450841920F25DE37DF596D05E194080AEDF3561D9AE1F464ECC34A801E3884D5ED2EE3735DF27211EA9E9716BDB0DE01008C5BCA33ACF005B097D3FAE46EB05F6A974AD416D7EE124D45B2B5594CF5C3EFB61B46379A802D4BEADA3E7A70032972C37382FF86CAE1706E1B904AAF2C9CCA170A820791B16F74EC3F46C5EDA30CCD06C569EC34C95EFED86209568380AC085F4B990306D8BF93CD698B526E7E097365CCB6474CDA61DE16921597BB47B1754024F2474B7B5022E0 ---- EOF - GMER 1.0.15 ---- Code:
ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 6417 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 22.04.2011 11:11:14 mbam-log-2011-04-22 (11-11-14).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 299494 Laufzeit: 41 Minute(n), 24 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) |
25.04.2011, 14:25 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | TR/Spy.SpyEyes.gps von AntiVir gefunden Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.
__________________
__________________ |
25.04.2011, 15:02 | #3 |
| TR/Spy.SpyEyes.gps von AntiVir gefunden Hi, das ist, was bei all meinen kürzlichen Scans an Logfiles gespeichert wurde (beginnend mit den ältesten, erstmalig ausgeführt am 10.04.2011):
__________________Code:
ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 5363 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 10.04.2011 13:14:36 mbam-log-2011-04-10 (13-14-36).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 150094 Laufzeit: 2 Minute(n), 56 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 1 Infizierte Dateiobjekte der Registrierung: 7 Infizierte Verzeichnisse: 0 Infizierte Dateien: 2 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{8B644AD0-956D-A60B-F32E-C98C2E711249} (Trojan.Dropper) -> Value: {8B644AD0-956D-A60B-F32E-C98C2E711249} -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Bad: (93.188.165.13,93.188.160.43) Good: () -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{0B8F75AA-6092-423F-8182-9C35D08FA678}\NameServer (Trojan.DNSChanger) -> Bad: (93.188.165.13,93.188.160.43) Good: () -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{4F7CE2CD-1AA4-4E79-95F5-FAB2ED8FADF3}\NameServer (Trojan.DNSChanger) -> Bad: (93.188.165.13,93.188.160.43) Good: () -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7A5F3B8D-398E-416E-83ED-75B499643A19}\NameServer (Trojan.DNSChanger) -> Bad: (93.188.165.13,93.188.160.43) Good: () -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7A5F3B8D-398E-416E-83ED-75B499643A19}\DhcpNameServer (Trojan.DNSChanger) -> Bad: (93.188.165.13,93.188.160.43) Good: () -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{C01B1037-EBDE-4812-918C-42D7B7594353}\NameServer (Trojan.DNSChanger) -> Bad: (93.188.165.13,93.188.160.43) Good: () -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{C01B1037-EBDE-4812-918C-42D7B7594353}\DhcpNameServer (Trojan.DNSChanger) -> Bad: (93.188.165.13,93.188.160.43) Good: () -> Quarantined and deleted successfully. Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: c:\Users\Matthias\AppData\Roaming\Quwe\axer.exe (Trojan.Dropper) -> Quarantined and deleted successfully. c:\Users\Public\Desktop\control center.lnk (Rogue.ControlCenter) -> Quarantined and deleted successfully. Code:
ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 6324 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 10.04.2011 17:32:47 mbam-log-2011-04-10 (17-32-47).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 160297 Laufzeit: 3 Minute(n), 56 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 1 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{8B644AD0-956D-A60B-F32E-C98C2E711249} (Trojan.ZbotR.Gen) -> Value: {8B644AD0-956D-A60B-F32E-C98C2E711249} -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) Code:
ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 6414 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 21.04.2011 20:18:30 mbam-log-2011-04-21 (20-18-30).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 161663 Laufzeit: 4 Minute(n), 5 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) Code:
ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 6415 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 21.04.2011 23:38:56 mbam-log-2011-04-21 (23-38-56).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 68586 Laufzeit: 5 Minute(n), 22 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) Code:
ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 6415 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 21.04.2011 23:42:31 mbam-log-2011-04-21 (23-42-31).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 162120 Laufzeit: 3 Minute(n), 24 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) Code:
ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 6416 Windows 6.1.7600 (Safe Mode) Internet Explorer 8.0.7600.16385 22.04.2011 00:57:56 mbam-log-2011-04-22 (00-57-56).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 114422 Laufzeit: 9 Minute(n), 34 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) Code:
ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 6416 Windows 6.1.7600 (Safe Mode) Internet Explorer 8.0.7600.16385 22.04.2011 01:00:01 mbam-log-2011-04-22 (01-00-01).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 159596 Laufzeit: 1 Minute(n), 54 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) Code:
ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 6417 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 22.04.2011 11:11:14 mbam-log-2011-04-22 (11-11-14).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 299494 Laufzeit: 41 Minute(n), 24 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) |
25.04.2011, 15:10 | #4 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | TR/Spy.SpyEyes.gps von AntiVir gefundenZitat:
Warum postest du das Log nicht von allein?
__________________ Logfiles bitte immer in CODE-Tags posten |
25.04.2011, 15:20 | #5 |
| TR/Spy.SpyEyes.gps von AntiVir gefunden Combofix war eine Art Selbstversuch - habe das Kleingedruckte zu spät gelesen. Da Combofix aber nicht vollständig gelaufen ist, war mir nicht bewusst, dass es ein Logfile gibt... Hoffe, ich hab dadurch nix kaputt gemacht? Wo finde ich das Log, um es hier posten zu können? Geändert von mattan75 (25.04.2011 um 15:26 Uhr) Grund: vergessen, zu fragen... |
25.04.2011, 15:32 | #6 |
/// Winkelfunktion /// TB-Süch-Tiger™ | TR/Spy.SpyEyes.gps von AntiVir gefunden Schau nach: C:\Combofix.txt oder in C:\Qoobox
__________________ --> TR/Spy.SpyEyes.gps von AntiVir gefunden |
25.04.2011, 15:39 | #7 |
| TR/Spy.SpyEyes.gps von AntiVir gefunden Eine .txt direkt auf C: existiert nicht und in C:\Qoobox ist auch kein Logfile zu finden. Soll ich das tool noch mal ausführen? Falls ja - ich möchte diesmal alles richtig machen - bitte weise an, wie... |
25.04.2011, 15:49 | #8 |
/// Winkelfunktion /// TB-Süch-Tiger™ | TR/Spy.SpyEyes.gps von AntiVir gefunden Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!! Code:
ATTFilter :OTL [2011.04.10 12:25:38 | 000,000,000 | ---D | C] -- C:\Users\********\AppData\Roaming\Quwe [2011.04.10 12:25:38 | 000,000,000 | ---D | C] -- C:\Users\********\AppData\Roaming\Qesew [2011.04.07 22:54:32 | 000,000,000 | ---D | C] -- C:\Users\********\AppData\Roaming\kock :Commands [purity] [resethosts] [emptytemp] Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________ Logfiles bitte immer in CODE-Tags posten |
25.04.2011, 16:11 | #9 |
| TR/Spy.SpyEyes.gps von AntiVir gefunden Done: Code:
ATTFilter All processes killed ========== OTL ========== C:\Users\********\AppData\Roaming\Quwe folder moved successfully. C:\Users\********\AppData\Roaming\Qesew folder moved successfully. C:\Users\********\AppData\Roaming\kock folder moved successfully. ========== COMMANDS ========== C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: ******** ->Temp folder emptied: 3356796 bytes ->Temporary Internet Files folder emptied: 812350 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 7654262 bytes ->Flash cache emptied: 479 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 9356 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 11,00 mb OTL by OldTimer - Version 3.2.22.3 log created on 04252011_170532 Files\Folders moved on Reboot... Registry entries deleted on Reboot... |
25.04.2011, 20:00 | #10 |
/// Winkelfunktion /// TB-Süch-Tiger™ | TR/Spy.SpyEyes.gps von AntiVir gefunden Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern ) Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ Logfiles bitte immer in CODE-Tags posten |
25.04.2011, 20:32 | #11 |
| TR/Spy.SpyEyes.gps von AntiVir gefunden Danke - alles klar, hab ich gemacht. Finde ich übrigens super, dass du mir so hilfst!! Hier das Log: Code:
ATTFilter 2011/04/25 21:28:24.0412 0588 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28 2011/04/25 21:28:24.0640 0588 ================================================================================ 2011/04/25 21:28:24.0640 0588 SystemInfo: 2011/04/25 21:28:24.0640 0588 2011/04/25 21:28:24.0640 0588 OS Version: 6.1.7600 ServicePack: 0.0 2011/04/25 21:28:24.0640 0588 Product type: Workstation 2011/04/25 21:28:24.0640 0588 ComputerName: DESKTOP 2011/04/25 21:28:24.0641 0588 UserName: ******** 2011/04/25 21:28:24.0641 0588 Windows directory: C:\Windows 2011/04/25 21:28:24.0641 0588 System windows directory: C:\Windows 2011/04/25 21:28:24.0641 0588 Processor architecture: Intel x86 2011/04/25 21:28:24.0641 0588 Number of processors: 2 2011/04/25 21:28:24.0641 0588 Page size: 0x1000 2011/04/25 21:28:24.0641 0588 Boot type: Normal boot 2011/04/25 21:28:24.0641 0588 ================================================================================ 2011/04/25 21:28:24.0988 0588 Initialize success 2011/04/25 21:28:30.0132 1308 ================================================================================ 2011/04/25 21:28:30.0132 1308 Scan started 2011/04/25 21:28:30.0132 1308 Mode: Manual; 2011/04/25 21:28:30.0132 1308 ================================================================================ 2011/04/25 21:28:31.0219 1308 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys 2011/04/25 21:28:31.0287 1308 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys 2011/04/25 21:28:31.0327 1308 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys 2011/04/25 21:28:31.0380 1308 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys 2011/04/25 21:28:31.0441 1308 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys 2011/04/25 21:28:31.0473 1308 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys 2011/04/25 21:28:31.0533 1308 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys 2011/04/25 21:28:31.0568 1308 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys 2011/04/25 21:28:31.0606 1308 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys 2011/04/25 21:28:31.0682 1308 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys 2011/04/25 21:28:31.0719 1308 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys 2011/04/25 21:28:31.0757 1308 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys 2011/04/25 21:28:31.0789 1308 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys 2011/04/25 21:28:31.0811 1308 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys 2011/04/25 21:28:31.0847 1308 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys 2011/04/25 21:28:31.0893 1308 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys 2011/04/25 21:28:31.0936 1308 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys 2011/04/25 21:28:32.0012 1308 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys 2011/04/25 21:28:32.0070 1308 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys 2011/04/25 21:28:32.0105 1308 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys 2011/04/25 21:28:32.0154 1308 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys 2011/04/25 21:28:32.0184 1308 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys 2011/04/25 21:28:32.0275 1308 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\Windows\system32\DRIVERS\avgntflt.sys 2011/04/25 21:28:32.0324 1308 avipbb (5fedef54757b34fb611b9ec8fb399364) C:\Windows\system32\DRIVERS\avipbb.sys 2011/04/25 21:28:32.0388 1308 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys 2011/04/25 21:28:32.0421 1308 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys 2011/04/25 21:28:32.0469 1308 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys 2011/04/25 21:28:32.0513 1308 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys 2011/04/25 21:28:32.0585 1308 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys 2011/04/25 21:28:32.0612 1308 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys 2011/04/25 21:28:32.0647 1308 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys 2011/04/25 21:28:32.0691 1308 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys 2011/04/25 21:28:32.0731 1308 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys 2011/04/25 21:28:32.0760 1308 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys 2011/04/25 21:28:32.0785 1308 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys 2011/04/25 21:28:32.0823 1308 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\DRIVERS\BthEnum.sys 2011/04/25 21:28:32.0849 1308 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys 2011/04/25 21:28:32.0882 1308 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys 2011/04/25 21:28:32.0915 1308 BTHPORT (4a34888e13224678dd062466afec4240) C:\Windows\system32\Drivers\BTHport.sys 2011/04/25 21:28:32.0959 1308 BTHUSB (fa04c63916fa221dbb91fce153d07a55) C:\Windows\system32\Drivers\BTHUSB.sys 2011/04/25 21:28:33.0006 1308 btusbflt (92c5b845803f3662637eb691ac0b250f) C:\Windows\system32\drivers\btusbflt.sys 2011/04/25 21:28:33.0039 1308 btwaudio (d57d29132efe13a83133d9bd449e0cf1) C:\Windows\system32\drivers\btwaudio.sys 2011/04/25 21:28:33.0078 1308 btwavdt (d282c14a69357d0e1bafaecc2ca98c3a) C:\Windows\system32\drivers\btwavdt.sys 2011/04/25 21:28:33.0130 1308 btwl2cap (aafd7cb76ba61fbb08e302da208c974a) C:\Windows\system32\DRIVERS\btwl2cap.sys 2011/04/25 21:28:33.0164 1308 btwrchid (02eb4d2b05967df2d32f29c84ab1fb17) C:\Windows\system32\DRIVERS\btwrchid.sys 2011/04/25 21:28:33.0271 1308 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys 2011/04/25 21:28:33.0324 1308 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys 2011/04/25 21:28:33.0363 1308 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys 2011/04/25 21:28:33.0397 1308 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys 2011/04/25 21:28:33.0443 1308 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys 2011/04/25 21:28:33.0473 1308 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys 2011/04/25 21:28:33.0522 1308 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys 2011/04/25 21:28:33.0572 1308 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys 2011/04/25 21:28:33.0606 1308 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys 2011/04/25 21:28:33.0637 1308 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys 2011/04/25 21:28:33.0719 1308 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys 2011/04/25 21:28:33.0745 1308 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys 2011/04/25 21:28:33.0775 1308 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys 2011/04/25 21:28:33.0850 1308 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys 2011/04/25 21:28:33.0906 1308 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys 2011/04/25 21:28:34.0041 1308 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys 2011/04/25 21:28:34.0247 1308 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys 2011/04/25 21:28:34.0286 1308 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys 2011/04/25 21:28:34.0348 1308 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys 2011/04/25 21:28:34.0395 1308 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys 2011/04/25 21:28:34.0432 1308 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys 2011/04/25 21:28:34.0469 1308 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys 2011/04/25 21:28:34.0520 1308 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys 2011/04/25 21:28:34.0574 1308 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys 2011/04/25 21:28:34.0608 1308 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys 2011/04/25 21:28:34.0658 1308 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys 2011/04/25 21:28:34.0690 1308 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys 2011/04/25 21:28:34.0736 1308 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys 2011/04/25 21:28:34.0771 1308 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys 2011/04/25 21:28:34.0818 1308 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 2011/04/25 21:28:34.0891 1308 genport (c1049f3d658f33d0d64cc48b0dcccf08) C:\Program Files\RemoteKeySrv\GenPort.sys 2011/04/25 21:28:35.0008 1308 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys 2011/04/25 21:28:35.0050 1308 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys 2011/04/25 21:28:35.0093 1308 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys 2011/04/25 21:28:35.0117 1308 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys 2011/04/25 21:28:35.0147 1308 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys 2011/04/25 21:28:35.0182 1308 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys 2011/04/25 21:28:35.0216 1308 hidkmdf (1fab2540c1bd6da847ccd292f4eee48a) C:\Windows\system32\DRIVERS\hidkmdf.sys 2011/04/25 21:28:35.0267 1308 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys 2011/04/25 21:28:35.0357 1308 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys 2011/04/25 21:28:35.0422 1308 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys 2011/04/25 21:28:35.0449 1308 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys 2011/04/25 21:28:35.0472 1308 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys 2011/04/25 21:28:35.0531 1308 iaStor (5a6c5876fb84418d08d67b8caed5efcf) C:\Windows\system32\DRIVERS\iaStor.sys 2011/04/25 21:28:35.0574 1308 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys 2011/04/25 21:28:35.0619 1308 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys 2011/04/25 21:28:35.0798 1308 IntcAzAudAddService (ba9a1f572d1a91559e6e76504cfd381c) C:\Windows\system32\drivers\RTKVHDA.sys 2011/04/25 21:28:35.0998 1308 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys 2011/04/25 21:28:36.0035 1308 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys 2011/04/25 21:28:36.0066 1308 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys 2011/04/25 21:28:36.0126 1308 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys 2011/04/25 21:28:36.0162 1308 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys 2011/04/25 21:28:36.0218 1308 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys 2011/04/25 21:28:36.0252 1308 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys 2011/04/25 21:28:36.0290 1308 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys 2011/04/25 21:28:36.0327 1308 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys 2011/04/25 21:28:36.0358 1308 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys 2011/04/25 21:28:36.0413 1308 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys 2011/04/25 21:28:36.0457 1308 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys 2011/04/25 21:28:36.0598 1308 Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys 2011/04/25 21:28:36.0674 1308 Lbd (336abe8721cbc3110f1c6426da633417) C:\Windows\system32\DRIVERS\Lbd.sys 2011/04/25 21:28:36.0702 1308 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys 2011/04/25 21:28:36.0759 1308 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys 2011/04/25 21:28:36.0789 1308 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys 2011/04/25 21:28:36.0824 1308 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys 2011/04/25 21:28:36.0865 1308 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys 2011/04/25 21:28:36.0896 1308 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys 2011/04/25 21:28:36.0933 1308 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys 2011/04/25 21:28:36.0964 1308 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys 2011/04/25 21:28:36.0994 1308 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys 2011/04/25 21:28:37.0034 1308 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys 2011/04/25 21:28:37.0051 1308 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys 2011/04/25 21:28:37.0092 1308 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys 2011/04/25 21:28:37.0117 1308 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys 2011/04/25 21:28:37.0134 1308 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys 2011/04/25 21:28:37.0160 1308 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys 2011/04/25 21:28:37.0189 1308 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys 2011/04/25 21:28:37.0249 1308 mrxsmb (b4c76ef46322a9711c7b0f4e21ef6ea5) C:\Windows\system32\DRIVERS\mrxsmb.sys 2011/04/25 21:28:37.0284 1308 mrxsmb10 (e593d45024a3fdd11e93cc4a6ca91101) C:\Windows\system32\DRIVERS\mrxsmb10.sys 2011/04/25 21:28:37.0323 1308 mrxsmb20 (a9f86c82c9cc3b679cc3957e1183a30f) C:\Windows\system32\DRIVERS\mrxsmb20.sys 2011/04/25 21:28:37.0357 1308 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys 2011/04/25 21:28:37.0410 1308 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys 2011/04/25 21:28:37.0481 1308 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys 2011/04/25 21:28:37.0506 1308 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys 2011/04/25 21:28:37.0540 1308 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys 2011/04/25 21:28:37.0589 1308 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys 2011/04/25 21:28:37.0619 1308 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys 2011/04/25 21:28:37.0642 1308 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys 2011/04/25 21:28:37.0671 1308 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys 2011/04/25 21:28:37.0704 1308 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys 2011/04/25 21:28:37.0725 1308 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys 2011/04/25 21:28:37.0765 1308 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys 2011/04/25 21:28:37.0814 1308 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys 2011/04/25 21:28:37.0876 1308 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys 2011/04/25 21:28:37.0927 1308 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys 2011/04/25 21:28:37.0958 1308 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys 2011/04/25 21:28:38.0004 1308 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys 2011/04/25 21:28:38.0040 1308 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys 2011/04/25 21:28:38.0064 1308 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys 2011/04/25 21:28:38.0099 1308 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys 2011/04/25 21:28:38.0129 1308 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys 2011/04/25 21:28:38.0165 1308 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys 2011/04/25 21:28:38.0214 1308 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys 2011/04/25 21:28:38.0253 1308 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys 2011/04/25 21:28:38.0287 1308 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys 2011/04/25 21:28:38.0337 1308 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys 2011/04/25 21:28:38.0394 1308 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys 2011/04/25 21:28:38.0449 1308 NVHDA (eff6795cdacb959d1ab89eb9b9c29b57) C:\Windows\system32\drivers\nvhda32v.sys 2011/04/25 21:28:38.0654 1308 nvlddmkm (50c1b2dd2a5b3ed82c6e4683c4ad58b8) C:\Windows\system32\DRIVERS\nvlddmkm.sys 2011/04/25 21:28:38.0926 1308 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys 2011/04/25 21:28:38.0962 1308 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys 2011/04/25 21:28:39.0015 1308 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys 2011/04/25 21:28:39.0054 1308 NW1950 (f1a718c6c6cd3edf157fa3d459adfef7) C:\Windows\system32\DRIVERS\NW1950.sys 2011/04/25 21:28:39.0122 1308 NxpCap (953e08d5ca0b02697a8145aaa0ca28be) C:\Windows\system32\DRIVERS\NxpCap.sys 2011/04/25 21:28:39.0198 1308 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys 2011/04/25 21:28:39.0291 1308 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys 2011/04/25 21:28:39.0317 1308 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys 2011/04/25 21:28:39.0339 1308 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys 2011/04/25 21:28:39.0395 1308 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys 2011/04/25 21:28:39.0433 1308 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys 2011/04/25 21:28:39.0473 1308 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys 2011/04/25 21:28:39.0513 1308 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys 2011/04/25 21:28:39.0582 1308 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys 2011/04/25 21:28:39.0700 1308 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys 2011/04/25 21:28:39.0730 1308 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys 2011/04/25 21:28:39.0792 1308 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys 2011/04/25 21:28:39.0844 1308 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys 2011/04/25 21:28:39.0903 1308 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys 2011/04/25 21:28:39.0937 1308 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys 2011/04/25 21:28:39.0974 1308 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys 2011/04/25 21:28:39.0994 1308 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys 2011/04/25 21:28:40.0046 1308 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys 2011/04/25 21:28:40.0085 1308 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys 2011/04/25 21:28:40.0117 1308 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys 2011/04/25 21:28:40.0149 1308 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys 2011/04/25 21:28:40.0182 1308 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys 2011/04/25 21:28:40.0201 1308 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys 2011/04/25 21:28:40.0233 1308 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys 2011/04/25 21:28:40.0262 1308 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys 2011/04/25 21:28:40.0293 1308 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys 2011/04/25 21:28:40.0322 1308 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys 2011/04/25 21:28:40.0385 1308 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys 2011/04/25 21:28:40.0447 1308 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys 2011/04/25 21:28:40.0486 1308 RSUSBSTOR (b87f999e05dd9c0312c83a8752e8e66b) C:\Windows\System32\Drivers\RtsUStor.sys 2011/04/25 21:28:40.0543 1308 RTL8167 (80b66a4181f782884a815e69d0afa743) C:\Windows\system32\DRIVERS\Rt86win7.sys 2011/04/25 21:28:40.0593 1308 rtl8192se (cfd6c307bf5db3b339be9f92b95433b9) C:\Windows\system32\DRIVERS\rtl8192se.sys 2011/04/25 21:28:40.0674 1308 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys 2011/04/25 21:28:40.0704 1308 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys 2011/04/25 21:28:40.0769 1308 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 2011/04/25 21:28:40.0806 1308 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys 2011/04/25 21:28:40.0837 1308 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys 2011/04/25 21:28:40.0859 1308 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys 2011/04/25 21:28:40.0929 1308 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys 2011/04/25 21:28:40.0958 1308 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys 2011/04/25 21:28:40.0981 1308 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys 2011/04/25 21:28:41.0002 1308 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys 2011/04/25 21:28:41.0048 1308 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys 2011/04/25 21:28:41.0081 1308 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys 2011/04/25 21:28:41.0120 1308 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys 2011/04/25 21:28:41.0143 1308 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys 2011/04/25 21:28:41.0200 1308 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys 2011/04/25 21:28:41.0252 1308 SPLITCAM (c7c361a04742ab187e10583bbf4fa975) C:\Windows\system32\DRIVERS\splitcam.sys 2011/04/25 21:28:41.0324 1308 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys 2011/04/25 21:28:41.0324 1308 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505 2011/04/25 21:28:41.0331 1308 sptd - detected Locked file (1) 2011/04/25 21:28:41.0369 1308 srv (4a9b0f215de2519e2363f91df25c1e97) C:\Windows\system32\DRIVERS\srv.sys 2011/04/25 21:28:41.0422 1308 srv2 (14c44875518ae1c982e54ea8c5f7fe28) C:\Windows\system32\DRIVERS\srv2.sys 2011/04/25 21:28:41.0467 1308 srvnet (07a14223b0a50e76ade003fdf95d4fec) C:\Windows\system32\DRIVERS\srvnet.sys 2011/04/25 21:28:41.0547 1308 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys 2011/04/25 21:28:41.0602 1308 stdriver (5c031c715e14f10dfc9395004f54ee21) C:\Windows\system32\DRIVERS\stdriver32.sys 2011/04/25 21:28:41.0630 1308 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys 2011/04/25 21:28:41.0656 1308 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys 2011/04/25 21:28:41.0765 1308 Tcpip (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\drivers\tcpip.sys 2011/04/25 21:28:41.0861 1308 TCPIP6 (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\DRIVERS\tcpip.sys 2011/04/25 21:28:41.0897 1308 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys 2011/04/25 21:28:41.0935 1308 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys 2011/04/25 21:28:41.0961 1308 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys 2011/04/25 21:28:41.0993 1308 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys 2011/04/25 21:28:42.0024 1308 TermDD (a85c8503237a12e393b2c22acd3a3bc2) C:\Windows\system32\DRIVERS\termdd.sys 2011/04/25 21:28:42.0031 1308 Suspicious file (Forged): C:\Windows\system32\DRIVERS\termdd.sys. Real md5: a85c8503237a12e393b2c22acd3a3bc2, Fake md5: c36f41ee20e6999dbf4b0425963268a5 2011/04/25 21:28:42.0038 1308 TermDD - detected Rootkit.Win32.TDSS.tdl3 (0) 2011/04/25 21:28:42.0128 1308 truecrypt (aceb4f4f83b895e15c8c1a2f55009783) C:\Windows\system32\drivers\truecrypt.sys 2011/04/25 21:28:42.0180 1308 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys 2011/04/25 21:28:42.0213 1308 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys 2011/04/25 21:28:42.0253 1308 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys 2011/04/25 21:28:42.0306 1308 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys 2011/04/25 21:28:42.0364 1308 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys 2011/04/25 21:28:42.0406 1308 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys 2011/04/25 21:28:42.0434 1308 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys 2011/04/25 21:28:42.0484 1308 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\Windows\system32\Drivers\usbaapl.sys 2011/04/25 21:28:42.0516 1308 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys 2011/04/25 21:28:42.0553 1308 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys 2011/04/25 21:28:42.0600 1308 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys 2011/04/25 21:28:42.0637 1308 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys 2011/04/25 21:28:42.0666 1308 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys 2011/04/25 21:28:42.0700 1308 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys 2011/04/25 21:28:42.0756 1308 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys 2011/04/25 21:28:42.0779 1308 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS 2011/04/25 21:28:42.0805 1308 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys 2011/04/25 21:28:42.0862 1308 usbvideo (b5f6a992d996282b7fae7048e50af83a) C:\Windows\System32\Drivers\usbvideo.sys 2011/04/25 21:28:42.0900 1308 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys 2011/04/25 21:28:42.0942 1308 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys 2011/04/25 21:28:42.0974 1308 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys 2011/04/25 21:28:43.0015 1308 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys 2011/04/25 21:28:43.0084 1308 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys 2011/04/25 21:28:43.0117 1308 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys 2011/04/25 21:28:43.0144 1308 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys 2011/04/25 21:28:43.0192 1308 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys 2011/04/25 21:28:43.0230 1308 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys 2011/04/25 21:28:43.0269 1308 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys 2011/04/25 21:28:43.0372 1308 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys 2011/04/25 21:28:43.0413 1308 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys 2011/04/25 21:28:43.0449 1308 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys 2011/04/25 21:28:43.0485 1308 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys 2011/04/25 21:28:43.0530 1308 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys 2011/04/25 21:28:43.0563 1308 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys 2011/04/25 21:28:43.0584 1308 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys 2011/04/25 21:28:43.0647 1308 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys 2011/04/25 21:28:43.0683 1308 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys 2011/04/25 21:28:43.0792 1308 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys 2011/04/25 21:28:43.0828 1308 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys 2011/04/25 21:28:43.0942 1308 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys 2011/04/25 21:28:43.0983 1308 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys 2011/04/25 21:28:44.0040 1308 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys 2011/04/25 21:28:44.0104 1308 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys 2011/04/25 21:28:44.0146 1308 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys 2011/04/25 21:28:44.0213 1308 X10Hid (1f93fcb5bab3a921ecba522f63586f4a) C:\Windows\System32\Drivers\x10hid.sys 2011/04/25 21:28:44.0258 1308 XUIF (378dc1b0b1f62a7488ee8d31a3c6e949) C:\Windows\System32\Drivers\x10ufx2.sys 2011/04/25 21:28:44.0396 1308 ================================================================================ 2011/04/25 21:28:44.0396 1308 Scan finished 2011/04/25 21:28:44.0396 1308 ================================================================================ 2011/04/25 21:28:44.0417 5624 Detected object count: 2 2011/04/25 21:29:05.0961 5624 Locked file(sptd) - User select action: Skip 2011/04/25 21:29:05.0987 5624 TermDD (a85c8503237a12e393b2c22acd3a3bc2) C:\Windows\system32\DRIVERS\termdd.sys 2011/04/25 21:29:05.0987 5624 Suspicious file (Forged): C:\Windows\system32\DRIVERS\termdd.sys. Real md5: a85c8503237a12e393b2c22acd3a3bc2, Fake md5: c36f41ee20e6999dbf4b0425963268a5 2011/04/25 21:29:06.0061 5624 Backup copy found, using it.. 2011/04/25 21:29:06.0083 5624 C:\Windows\system32\DRIVERS\termdd.sys - will be cured after reboot 2011/04/25 21:29:06.0083 5624 Rootkit.Win32.TDSS.tdl3(TermDD) - User select action: Cure 2011/04/25 21:29:10.0100 3288 Deinitialize success |
25.04.2011, 20:51 | #12 |
/// Winkelfunktion /// TB-Süch-Tiger™ | TR/Spy.SpyEyes.gps von AntiVir gefunden TDL3 wurde erkannt und entfernt. Bitte Windows neu starten und zur Kontrolle ein neues Log mit dem Kaspersky-TDSS-Killer machen.
__________________ Logfiles bitte immer in CODE-Tags posten |
25.04.2011, 21:11 | #13 |
| TR/Spy.SpyEyes.gps von AntiVir gefunden Die Kontrolle sah schon mal gut aus: Code:
ATTFilter 2011/04/25 22:10:25.0627 5080 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28 2011/04/25 22:10:25.0968 5080 ================================================================================ 2011/04/25 22:10:25.0968 5080 SystemInfo: 2011/04/25 22:10:25.0968 5080 2011/04/25 22:10:25.0968 5080 OS Version: 6.1.7600 ServicePack: 0.0 2011/04/25 22:10:25.0968 5080 Product type: Workstation 2011/04/25 22:10:25.0968 5080 ComputerName: DESKTOP 2011/04/25 22:10:25.0968 5080 UserName: Matthias 2011/04/25 22:10:25.0968 5080 Windows directory: C:\Windows 2011/04/25 22:10:25.0968 5080 System windows directory: C:\Windows 2011/04/25 22:10:25.0968 5080 Processor architecture: Intel x86 2011/04/25 22:10:25.0968 5080 Number of processors: 2 2011/04/25 22:10:25.0968 5080 Page size: 0x1000 2011/04/25 22:10:25.0968 5080 Boot type: Normal boot 2011/04/25 22:10:25.0968 5080 ================================================================================ 2011/04/25 22:10:27.0569 5080 Initialize success 2011/04/25 22:10:29.0939 5128 ================================================================================ 2011/04/25 22:10:29.0939 5128 Scan started 2011/04/25 22:10:29.0939 5128 Mode: Manual; 2011/04/25 22:10:29.0939 5128 ================================================================================ 2011/04/25 22:10:32.0457 5128 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys 2011/04/25 22:10:32.0514 5128 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys 2011/04/25 22:10:32.0554 5128 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys 2011/04/25 22:10:32.0596 5128 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys 2011/04/25 22:10:32.0635 5128 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys 2011/04/25 22:10:32.0678 5128 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys 2011/04/25 22:10:32.0749 5128 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys 2011/04/25 22:10:32.0806 5128 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys 2011/04/25 22:10:32.0855 5128 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys 2011/04/25 22:10:32.0931 5128 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys 2011/04/25 22:10:32.0957 5128 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys 2011/04/25 22:10:32.0995 5128 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys 2011/04/25 22:10:33.0038 5128 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys 2011/04/25 22:10:33.0083 5128 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys 2011/04/25 22:10:33.0119 5128 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys 2011/04/25 22:10:33.0146 5128 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys 2011/04/25 22:10:33.0185 5128 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys 2011/04/25 22:10:33.0283 5128 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys 2011/04/25 22:10:33.0375 5128 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys 2011/04/25 22:10:33.0410 5128 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys 2011/04/25 22:10:33.0459 5128 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys 2011/04/25 22:10:33.0500 5128 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys 2011/04/25 22:10:33.0601 5128 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\Windows\system32\DRIVERS\avgntflt.sys 2011/04/25 22:10:33.0651 5128 avipbb (5fedef54757b34fb611b9ec8fb399364) C:\Windows\system32\DRIVERS\avipbb.sys 2011/04/25 22:10:33.0715 5128 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys 2011/04/25 22:10:33.0770 5128 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys 2011/04/25 22:10:33.0840 5128 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys 2011/04/25 22:10:33.0884 5128 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys 2011/04/25 22:10:33.0967 5128 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys 2011/04/25 22:10:33.0994 5128 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys 2011/04/25 22:10:34.0041 5128 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys 2011/04/25 22:10:34.0085 5128 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys 2011/04/25 22:10:34.0125 5128 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys 2011/04/25 22:10:34.0175 5128 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys 2011/04/25 22:10:34.0212 5128 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys 2011/04/25 22:10:34.0294 5128 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\DRIVERS\BthEnum.sys 2011/04/25 22:10:34.0332 5128 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys 2011/04/25 22:10:34.0375 5128 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys 2011/04/25 22:10:34.0409 5128 BTHPORT (4a34888e13224678dd062466afec4240) C:\Windows\system32\Drivers\BTHport.sys 2011/04/25 22:10:34.0475 5128 BTHUSB (fa04c63916fa221dbb91fce153d07a55) C:\Windows\system32\Drivers\BTHUSB.sys 2011/04/25 22:10:34.0522 5128 btusbflt (92c5b845803f3662637eb691ac0b250f) C:\Windows\system32\drivers\btusbflt.sys 2011/04/25 22:10:34.0563 5128 btwaudio (d57d29132efe13a83133d9bd449e0cf1) C:\Windows\system32\drivers\btwaudio.sys 2011/04/25 22:10:34.0671 5128 btwavdt (d282c14a69357d0e1bafaecc2ca98c3a) C:\Windows\system32\drivers\btwavdt.sys 2011/04/25 22:10:34.0708 5128 btwl2cap (aafd7cb76ba61fbb08e302da208c974a) C:\Windows\system32\DRIVERS\btwl2cap.sys 2011/04/25 22:10:34.0758 5128 btwrchid (02eb4d2b05967df2d32f29c84ab1fb17) C:\Windows\system32\DRIVERS\btwrchid.sys 2011/04/25 22:10:34.0931 5128 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys 2011/04/25 22:10:34.0984 5128 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys 2011/04/25 22:10:35.0068 5128 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys 2011/04/25 22:10:35.0102 5128 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys 2011/04/25 22:10:35.0225 5128 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys 2011/04/25 22:10:35.0288 5128 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys 2011/04/25 22:10:35.0360 5128 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys 2011/04/25 22:10:35.0410 5128 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys 2011/04/25 22:10:35.0489 5128 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys 2011/04/25 22:10:35.0597 5128 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys 2011/04/25 22:10:35.0701 5128 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys 2011/04/25 22:10:35.0759 5128 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys 2011/04/25 22:10:35.0790 5128 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys 2011/04/25 22:10:35.0877 5128 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys 2011/04/25 22:10:36.0022 5128 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys 2011/04/25 22:10:36.0358 5128 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys 2011/04/25 22:10:36.0485 5128 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys 2011/04/25 22:10:36.0524 5128 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys 2011/04/25 22:10:36.0574 5128 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys 2011/04/25 22:10:36.0666 5128 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys 2011/04/25 22:10:36.0726 5128 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys 2011/04/25 22:10:36.0774 5128 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys 2011/04/25 22:10:36.0803 5128 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys 2011/04/25 22:10:36.0834 5128 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys 2011/04/25 22:10:36.0869 5128 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys 2011/04/25 22:10:36.0929 5128 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys 2011/04/25 22:10:36.0962 5128 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys 2011/04/25 22:10:37.0029 5128 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys 2011/04/25 22:10:37.0109 5128 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys 2011/04/25 22:10:37.0189 5128 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 2011/04/25 22:10:37.0301 5128 genport (c1049f3d658f33d0d64cc48b0dcccf08) C:\Program Files\RemoteKeySrv\GenPort.sys 2011/04/25 22:10:37.0417 5128 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys 2011/04/25 22:10:37.0510 5128 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys 2011/04/25 22:10:37.0564 5128 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys 2011/04/25 22:10:37.0600 5128 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys 2011/04/25 22:10:37.0630 5128 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys 2011/04/25 22:10:37.0665 5128 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys 2011/04/25 22:10:37.0721 5128 hidkmdf (1fab2540c1bd6da847ccd292f4eee48a) C:\Windows\system32\DRIVERS\hidkmdf.sys 2011/04/25 22:10:37.0828 5128 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys 2011/04/25 22:10:37.0872 5128 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys 2011/04/25 22:10:37.0926 5128 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys 2011/04/25 22:10:37.0964 5128 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys 2011/04/25 22:10:37.0999 5128 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys 2011/04/25 22:10:38.0059 5128 iaStor (5a6c5876fb84418d08d67b8caed5efcf) C:\Windows\system32\DRIVERS\iaStor.sys 2011/04/25 22:10:38.0100 5128 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys 2011/04/25 22:10:38.0157 5128 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys 2011/04/25 22:10:38.0351 5128 IntcAzAudAddService (ba9a1f572d1a91559e6e76504cfd381c) C:\Windows\system32\drivers\RTKVHDA.sys 2011/04/25 22:10:38.0403 5128 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys 2011/04/25 22:10:38.0461 5128 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys 2011/04/25 22:10:38.0493 5128 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys 2011/04/25 22:10:38.0542 5128 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys 2011/04/25 22:10:38.0577 5128 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys 2011/04/25 22:10:38.0634 5128 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys 2011/04/25 22:10:38.0667 5128 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys 2011/04/25 22:10:38.0727 5128 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys 2011/04/25 22:10:38.0765 5128 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys 2011/04/25 22:10:38.0807 5128 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys 2011/04/25 22:10:38.0842 5128 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys 2011/04/25 22:10:38.0884 5128 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys 2011/04/25 22:10:39.0036 5128 Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys 2011/04/25 22:10:39.0089 5128 Lbd (336abe8721cbc3110f1c6426da633417) C:\Windows\system32\DRIVERS\Lbd.sys 2011/04/25 22:10:39.0117 5128 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys 2011/04/25 22:10:39.0186 5128 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys 2011/04/25 22:10:39.0216 5128 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys 2011/04/25 22:10:39.0329 5128 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys 2011/04/25 22:10:39.0381 5128 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys 2011/04/25 22:10:39.0423 5128 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys 2011/04/25 22:10:39.0471 5128 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys 2011/04/25 22:10:39.0502 5128 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys 2011/04/25 22:10:39.0538 5128 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys 2011/04/25 22:10:39.0583 5128 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys 2011/04/25 22:10:39.0637 5128 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys 2011/04/25 22:10:39.0720 5128 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys 2011/04/25 22:10:39.0755 5128 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys 2011/04/25 22:10:39.0808 5128 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys 2011/04/25 22:10:39.0846 5128 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys 2011/04/25 22:10:39.0895 5128 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys 2011/04/25 22:10:39.0943 5128 mrxsmb (b4c76ef46322a9711c7b0f4e21ef6ea5) C:\Windows\system32\DRIVERS\mrxsmb.sys 2011/04/25 22:10:39.0989 5128 mrxsmb10 (e593d45024a3fdd11e93cc4a6ca91101) C:\Windows\system32\DRIVERS\mrxsmb10.sys 2011/04/25 22:10:40.0036 5128 mrxsmb20 (a9f86c82c9cc3b679cc3957e1183a30f) C:\Windows\system32\DRIVERS\mrxsmb20.sys 2011/04/25 22:10:40.0072 5128 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys 2011/04/25 22:10:40.0103 5128 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys 2011/04/25 22:10:40.0164 5128 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys 2011/04/25 22:10:40.0188 5128 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys 2011/04/25 22:10:40.0223 5128 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys 2011/04/25 22:10:40.0394 5128 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys 2011/04/25 22:10:40.0423 5128 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys 2011/04/25 22:10:40.0458 5128 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys 2011/04/25 22:10:40.0487 5128 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys 2011/04/25 22:10:40.0531 5128 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys 2011/04/25 22:10:40.0555 5128 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys 2011/04/25 22:10:40.0603 5128 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys 2011/04/25 22:10:40.0630 5128 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys 2011/04/25 22:10:40.0670 5128 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys 2011/04/25 22:10:40.0732 5128 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys 2011/04/25 22:10:40.0773 5128 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys 2011/04/25 22:10:40.0820 5128 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys 2011/04/25 22:10:40.0844 5128 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys 2011/04/25 22:10:40.0880 5128 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys 2011/04/25 22:10:40.0915 5128 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys 2011/04/25 22:10:40.0945 5128 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys 2011/04/25 22:10:40.0981 5128 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys 2011/04/25 22:10:41.0043 5128 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys 2011/04/25 22:10:41.0080 5128 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys 2011/04/25 22:10:41.0125 5128 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys 2011/04/25 22:10:41.0175 5128 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys 2011/04/25 22:10:41.0232 5128 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys 2011/04/25 22:10:41.0354 5128 NVHDA (eff6795cdacb959d1ab89eb9b9c29b57) C:\Windows\system32\drivers\nvhda32v.sys 2011/04/25 22:10:41.0553 5128 nvlddmkm (50c1b2dd2a5b3ed82c6e4683c4ad58b8) C:\Windows\system32\DRIVERS\nvlddmkm.sys 2011/04/25 22:10:41.0642 5128 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys 2011/04/25 22:10:41.0677 5128 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys 2011/04/25 22:10:41.0720 5128 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys 2011/04/25 22:10:41.0747 5128 NW1950 (f1a718c6c6cd3edf157fa3d459adfef7) C:\Windows\system32\DRIVERS\NW1950.sys 2011/04/25 22:10:41.0804 5128 NxpCap (953e08d5ca0b02697a8145aaa0ca28be) C:\Windows\system32\DRIVERS\NxpCap.sys 2011/04/25 22:10:41.0858 5128 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys 2011/04/25 22:10:41.0952 5128 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys 2011/04/25 22:10:41.0988 5128 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys 2011/04/25 22:10:42.0018 5128 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys 2011/04/25 22:10:42.0056 5128 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys 2011/04/25 22:10:42.0104 5128 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys 2011/04/25 22:10:42.0144 5128 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys 2011/04/25 22:10:42.0184 5128 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys 2011/04/25 22:10:42.0231 5128 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys 2011/04/25 22:10:42.0515 5128 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys 2011/04/25 22:10:42.0545 5128 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys 2011/04/25 22:10:42.0608 5128 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys 2011/04/25 22:10:42.0671 5128 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys 2011/04/25 22:10:42.0830 5128 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys 2011/04/25 22:10:42.0919 5128 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys 2011/04/25 22:10:43.0001 5128 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys 2011/04/25 22:10:43.0065 5128 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys 2011/04/25 22:10:43.0106 5128 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys 2011/04/25 22:10:43.0156 5128 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys 2011/04/25 22:10:43.0221 5128 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys 2011/04/25 22:10:43.0364 5128 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys 2011/04/25 22:10:43.0398 5128 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys 2011/04/25 22:10:43.0430 5128 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys 2011/04/25 22:10:43.0471 5128 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys 2011/04/25 22:10:43.0511 5128 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys 2011/04/25 22:10:43.0542 5128 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys 2011/04/25 22:10:43.0582 5128 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys 2011/04/25 22:10:43.0678 5128 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys 2011/04/25 22:10:43.0763 5128 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys 2011/04/25 22:10:43.0821 5128 RSUSBSTOR (b87f999e05dd9c0312c83a8752e8e66b) C:\Windows\System32\Drivers\RtsUStor.sys 2011/04/25 22:10:43.0881 5128 RTL8167 (80b66a4181f782884a815e69d0afa743) C:\Windows\system32\DRIVERS\Rt86win7.sys 2011/04/25 22:10:43.0942 5128 rtl8192se (cfd6c307bf5db3b339be9f92b95433b9) C:\Windows\system32\DRIVERS\rtl8192se.sys 2011/04/25 22:10:43.0990 5128 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys 2011/04/25 22:10:44.0031 5128 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys 2011/04/25 22:10:44.0163 5128 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 2011/04/25 22:10:44.0221 5128 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys 2011/04/25 22:10:44.0331 5128 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys 2011/04/25 22:10:44.0384 5128 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys 2011/04/25 22:10:44.0466 5128 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys 2011/04/25 22:10:44.0496 5128 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys 2011/04/25 22:10:44.0533 5128 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys 2011/04/25 22:10:44.0554 5128 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys 2011/04/25 22:10:44.0608 5128 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys 2011/04/25 22:10:44.0633 5128 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys 2011/04/25 22:10:44.0669 5128 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys 2011/04/25 22:10:44.0695 5128 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys 2011/04/25 22:10:44.0760 5128 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys 2011/04/25 22:10:44.0801 5128 SPLITCAM (c7c361a04742ab187e10583bbf4fa975) C:\Windows\system32\DRIVERS\splitcam.sys 2011/04/25 22:10:44.0884 5128 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys 2011/04/25 22:10:44.0885 5128 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505 2011/04/25 22:10:44.0892 5128 sptd - detected Locked file (1) 2011/04/25 22:10:44.0940 5128 srv (4a9b0f215de2519e2363f91df25c1e97) C:\Windows\system32\DRIVERS\srv.sys 2011/04/25 22:10:44.0993 5128 srv2 (14c44875518ae1c982e54ea8c5f7fe28) C:\Windows\system32\DRIVERS\srv2.sys 2011/04/25 22:10:45.0049 5128 srvnet (07a14223b0a50e76ade003fdf95d4fec) C:\Windows\system32\DRIVERS\srvnet.sys 2011/04/25 22:10:45.0140 5128 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys 2011/04/25 22:10:45.0229 5128 stdriver (5c031c715e14f10dfc9395004f54ee21) C:\Windows\system32\DRIVERS\stdriver32.sys 2011/04/25 22:10:45.0335 5128 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys 2011/04/25 22:10:45.0364 5128 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys 2011/04/25 22:10:45.0581 5128 Tcpip (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\drivers\tcpip.sys 2011/04/25 22:10:45.0639 5128 TCPIP6 (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\DRIVERS\tcpip.sys 2011/04/25 22:10:45.0702 5128 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys 2011/04/25 22:10:45.0751 5128 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys 2011/04/25 22:10:45.0788 5128 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys 2011/04/25 22:10:45.0819 5128 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys 2011/04/25 22:10:45.0893 5128 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys 2011/04/25 22:10:46.0010 5128 truecrypt (aceb4f4f83b895e15c8c1a2f55009783) C:\Windows\system32\drivers\truecrypt.sys 2011/04/25 22:10:46.0062 5128 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys 2011/04/25 22:10:46.0095 5128 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys 2011/04/25 22:10:46.0135 5128 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys 2011/04/25 22:10:46.0177 5128 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys 2011/04/25 22:10:46.0258 5128 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys 2011/04/25 22:10:46.0333 5128 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys 2011/04/25 22:10:46.0361 5128 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys 2011/04/25 22:10:46.0444 5128 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\Windows\system32\Drivers\usbaapl.sys 2011/04/25 22:10:46.0487 5128 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys 2011/04/25 22:10:46.0524 5128 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys 2011/04/25 22:10:46.0560 5128 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys 2011/04/25 22:10:46.0597 5128 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys 2011/04/25 22:10:46.0625 5128 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys 2011/04/25 22:10:46.0738 5128 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys 2011/04/25 22:10:46.0816 5128 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys 2011/04/25 22:10:46.0847 5128 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS 2011/04/25 22:10:46.0869 5128 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys 2011/04/25 22:10:46.0989 5128 usbvideo (b5f6a992d996282b7fae7048e50af83a) C:\Windows\System32\Drivers\usbvideo.sys 2011/04/25 22:10:47.0065 5128 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys 2011/04/25 22:10:47.0113 5128 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys 2011/04/25 22:10:47.0146 5128 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys 2011/04/25 22:10:47.0208 5128 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys 2011/04/25 22:10:47.0266 5128 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys 2011/04/25 22:10:47.0332 5128 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys 2011/04/25 22:10:47.0371 5128 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys 2011/04/25 22:10:47.0393 5128 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys 2011/04/25 22:10:47.0436 5128 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys 2011/04/25 22:10:47.0475 5128 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys 2011/04/25 22:10:47.0510 5128 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys 2011/04/25 22:10:47.0550 5128 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys 2011/04/25 22:10:47.0587 5128 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys 2011/04/25 22:10:47.0623 5128 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys 2011/04/25 22:10:47.0668 5128 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys 2011/04/25 22:10:47.0701 5128 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys 2011/04/25 22:10:47.0724 5128 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys 2011/04/25 22:10:47.0785 5128 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys 2011/04/25 22:10:47.0821 5128 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys 2011/04/25 22:10:47.0908 5128 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys 2011/04/25 22:10:47.0945 5128 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys 2011/04/25 22:10:48.0069 5128 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys 2011/04/25 22:10:48.0121 5128 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys 2011/04/25 22:10:48.0184 5128 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys 2011/04/25 22:10:48.0315 5128 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys 2011/04/25 22:10:48.0406 5128 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys 2011/04/25 22:10:48.0484 5128 X10Hid (1f93fcb5bab3a921ecba522f63586f4a) C:\Windows\System32\Drivers\x10hid.sys 2011/04/25 22:10:48.0552 5128 XUIF (378dc1b0b1f62a7488ee8d31a3c6e949) C:\Windows\System32\Drivers\x10ufx2.sys 2011/04/25 22:10:48.0699 5128 ================================================================================ 2011/04/25 22:10:48.0699 5128 Scan finished 2011/04/25 22:10:48.0699 5128 ================================================================================ 2011/04/25 22:10:48.0721 5120 Detected object count: 1 2011/04/25 22:11:00.0103 5120 Locked file(sptd) - User select action: Skip |
26.04.2011, 09:06 | #14 |
/// Winkelfunktion /// TB-Süch-Tiger™ | TR/Spy.SpyEyes.gps von AntiVir gefunden Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
26.04.2011, 20:28 | #15 |
| TR/Spy.SpyEyes.gps von AntiVir gefunden Hi, habe alles wie angewiesen erledigt. Hier das Log: Code:
ATTFilter ComboFix 11-04-25.03 - ******** 26.04.2011 21:15:31.2.2 - x86 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.49.1031.18.3070.1816 [GMT 2:00] ausgeführt von:: c:\users\********\Desktop\cofi.exe AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7} AV: Lavasoft Ad-Watch Live! Virenschutz *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116} SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A} SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Neuer Wiederherstellungspunkt wurde erstellt . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files\SplitCam Toolbar\tbHElper.dll c:\windows\system32\scvideo.dll . . ((((((((((((((((((((((( Dateien erstellt von 2011-03-26 bis 2011-04-26 )))))))))))))))))))))))))))))) . . 2011-04-26 19:22 . 2011-04-26 19:22 -------- d-----w- c:\users\********\AppData\Local\temp 2011-04-26 19:22 . 2011-04-26 19:22 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-04-25 15:05 . 2011-04-25 15:05 -------- d-----w- C:\_OTL 2011-04-23 11:53 . 2007-06-26 22:56 19968 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\sst3cpc.dll 2011-04-22 07:31 . 2011-04-22 07:32 -------- d-----w- c:\program files\ERUNT 2011-04-21 20:44 . 2011-04-21 21:13 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2011-04-21 20:44 . 2011-04-21 21:13 -------- d-----w- c:\program files\Spybot - Search & Destroy 2011-04-21 20:38 . 2011-04-18 10:23 16432 ----a-w- c:\windows\system32\lsdelete.exe 2011-04-21 18:28 . 2011-04-19 00:00 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys 2011-04-21 18:28 . 2011-04-21 18:28 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2011-04-21 18:28 . 2011-04-21 18:28 -------- d-----w- c:\users\********\AppData\Local\Sunbelt Software 2011-04-21 18:27 . 2011-04-21 18:27 -------- dc-h--w- c:\programdata\{AA5544E4-9BBC-419B-9204-40B5924D26AA} 2011-04-21 18:27 . 2011-04-21 18:27 -------- d-----w- c:\programdata\Lavasoft 2011-04-21 18:27 . 2011-04-21 18:27 -------- d-----w- c:\program files\Lavasoft 2011-04-16 08:22 . 2011-02-23 05:06 311296 ----a-w- c:\windows\system32\drivers\srv.sys 2011-04-16 08:22 . 2011-02-23 05:05 309760 ----a-w- c:\windows\system32\drivers\srv2.sys 2011-04-16 08:22 . 2011-02-23 05:05 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys 2011-04-16 08:22 . 2011-02-18 05:36 428032 ----a-w- c:\windows\system32\vbscript.dll 2011-04-16 08:22 . 2011-03-03 03:31 2331136 ----a-w- c:\windows\system32\win32k.sys 2011-04-16 08:22 . 2011-02-24 05:32 981504 ----a-w- c:\windows\system32\wininet.dll 2011-04-16 08:22 . 2011-02-24 05:32 673040 ----a-w- c:\program files\Internet Explorer\iexplore.exe 2011-04-16 08:22 . 2011-02-24 05:29 860160 ----a-w- c:\program files\Internet Explorer\iedvtool.dll 2011-04-16 08:19 . 2011-03-03 05:29 132608 ----a-w- c:\windows\system32\dnsrslvr.dll 2011-04-16 08:19 . 2011-03-03 05:27 28672 ----a-w- c:\windows\system32\dnscacheugc.exe 2011-04-16 08:19 . 2011-02-19 05:32 34304 ----a-w- c:\windows\system32\atmlib.dll 2011-04-16 08:19 . 2011-02-19 03:37 294912 ----a-w- c:\windows\system32\atmfd.dll 2011-04-16 08:19 . 2011-02-12 05:30 191488 ----a-w- c:\windows\system32\FXSCOVER.exe 2011-04-16 08:19 . 2011-02-24 05:32 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll 2011-04-14 18:16 . 2011-03-08 05:38 740864 ----a-w- c:\windows\system32\inetcomm.dll 2011-04-14 18:16 . 2011-03-11 05:40 1164288 ----a-w- c:\windows\system32\mfc42u.dll 2011-04-14 18:16 . 2011-03-11 05:40 1137664 ----a-w- c:\windows\system32\mfc42.dll 2011-04-14 18:16 . 2011-02-23 05:05 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2011-04-14 18:16 . 2011-02-23 05:05 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys 2011-04-14 18:16 . 2011-02-23 05:05 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-04-14 18:16 . 2011-02-23 05:05 69632 ----a-w- c:\windows\system32\drivers\bowser.sys 2011-04-10 11:07 . 2011-04-10 11:07 -------- d-----w- c:\users\********\AppData\Roaming\Malwarebytes 2011-04-10 10:48 . 2010-12-20 16:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-04-10 10:48 . 2011-04-10 10:48 -------- d-----w- c:\programdata\Malwarebytes 2011-04-10 10:48 . 2010-12-20 16:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-04-10 10:48 . 2011-04-10 11:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-04-07 17:23 . 2011-04-07 17:23 -------- d--h--w- c:\programdata\CanonIJEGV 2011-04-05 20:33 . 2011-04-05 20:33 -------- d-----w- c:\users\********\AppData\Local\PDF24 2011-04-05 20:31 . 2011-04-24 10:15 -------- d-----w- c:\program files\PDF24 2011-04-05 20:20 . 2011-04-05 20:20 -------- d--h--w- c:\programdata\CanonIJScan 2011-04-05 20:11 . 2011-04-05 20:11 -------- d-----w- c:\programdata\CanonIJWSpt 2011-04-05 20:10 . 2010-03-29 15:31 438272 ----a-w- c:\windows\system32\CNQ4809L.dll 2011-04-05 20:10 . 2010-03-18 15:12 1335296 ----a-w- c:\windows\system32\CNQ4809C.dll 2011-04-05 20:10 . 2010-03-18 15:12 114688 ----a-w- c:\windows\system32\CNQ4809I.dll 2011-04-05 20:10 . 2010-03-18 15:11 106496 ----a-w- c:\windows\system32\CNQ4809U.dll 2011-04-05 20:10 . 2008-08-25 16:02 15872 ----a-w- c:\windows\system32\CNHMCA.dll 2011-04-05 20:10 . 2010-03-11 08:56 180224 ----a-w- c:\windows\system32\CNQ4809Y.dll 2011-04-05 20:10 . 2010-01-13 14:03 94208 ----a-w- c:\windows\system32\CNQ4809O.dll . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-04-25 19:30 . 2009-07-14 00:01 51776 ----a-w- c:\windows\system32\drivers\termdd.sys 2011-04-21 23:53 . 2010-03-29 23:46 237568 ----a-w- c:\windows\system32\rmc_rtspdl.dll 2011-04-21 23:53 . 2010-03-29 23:46 156672 ----a-w- c:\windows\system32\rmc_fixasf.exe 2011-03-17 22:33 . 2011-03-17 22:33 49240 ----a-w- c:\windows\system32\drivers\stdriver32.sys 2011-03-16 18:38 . 2010-03-29 17:18 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys 2011-02-19 05:33 . 2011-03-09 19:32 802304 ----a-w- c:\windows\system32\FntCache.dll 2011-02-19 05:32 . 2011-03-09 19:32 1074176 ----a-w- c:\windows\system32\DWrite.dll 2011-02-19 05:32 . 2011-03-09 19:32 739840 ----a-w- c:\windows\system32\d2d1.dll 2011-02-18 15:36 . 2011-02-18 15:36 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys 2011-02-18 15:36 . 2011-02-18 15:36 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll 2011-02-03 05:45 . 2011-02-10 19:12 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys 2011-02-02 20:40 . 2010-09-18 15:41 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-03-22 19:23 . 2011-03-22 19:23 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504] "ccleaner"="c:\program files\CCleaner\ccleaner.exe" [2011-03-23 2229048] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-12-02 13838952] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-12-29 8391200] "RtHDVBg"="c:\program files\Realtek\Audio\HDA\RtHDVBg.exe" [2009-12-29 678432] "UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-14 281768] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064] "CanonSolutionMenuEx"="c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-04-01 202256] "PDFPrint"="c:\program files\PDF24\pdf24.exe" [2011-04-18 220552] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-1 795936] RemoteKeySrv.lnk - c:\program files\RemoteKeySrv\RemoteKeySrv.exe [2010-1-8 303104] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "mixer9"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] 2010-04-01 21:57 202256 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe] 2010-08-24 09:38 247144 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-04-04 136176] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2011-04-21 2146496] R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [2010-01-07 182304] S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2011-04-19 64512] S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-12-04 691696] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128] S2 AirPrint;AirPrint;c:\program files\AirPrint\Airprint.exe [2011-02-06 234784] S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-11-14 135336] S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-02-03 1155072] S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-12-09 13336] S2 RemoteKeySrv;RemoteKeySrv;c:\program files\RemoteKeySrv\RemoteKeySrv.exe [2010-01-08 303104] S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2010-08-24 92008] S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2009-07-01 43944] S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472] S3 genport;genport;c:\program files\RemoteKeySrv\GenPort.sys [2005-12-08 4096] S3 hidkmdf;Microsoft HID Class Shim for KMDF;c:\windows\system32\DRIVERS\hidkmdf.sys [2009-10-29 10360] S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-10-13 67688] S3 NW1950;NextWindow 1950 Touch Screen;c:\windows\system32\DRIVERS\NW1950.sys [2009-10-29 22392] S3 NxpCap;CTX capture service;c:\windows\system32\DRIVERS\NxpCap.sys [2009-12-22 1558368] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-03-04 277536] S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2010-03-02 1006624] S3 stdriver;Sound Tap Upper Class Filter Driver v2.0.0.0;c:\windows\system32\DRIVERS\stdriver32.sys [2011-03-17 49240] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336] S3 X10Hid;X10 Hid Device;c:\windows\System32\Drivers\x10hid.sys [2009-05-13 13720] . . --- Andere Dienste/Treiber im Speicher --- . *Deregistered* - Lavasoft Kernexplorer . Inhalt des "geplante Tasks" Ordners . 2011-04-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-04-04 15:21] . 2011-04-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-04-04 15:21] . . ------- Zusätzlicher Suchlauf ------- . uStart Page = https://webmail.havigs.com/ uInternet Settings,ProxyOverride = *.local IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Nach Microsoft E&xel exportieren - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000 IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} - c:\program files\ICQ7.1\ICQ.exe FF - ProfilePath - c:\users\********\AppData\Roaming\Mozilla\Firefox\Profiles\lmsewdbk.default\ FF - prefs.js: browser.startup.homepage - about:blank FF - user.js: network.cookie.cookieBehavior - 0 FF - user.js: privacy.clearOnShutdown.cookies - false FF - user.js: security.warn_viewing_mixed - false FF - user.js: security.warn_viewing_mixed.show_once - false FF - user.js: security.warn_submit_insecure - false FF - user.js: security.warn_submit_insecure.show_once - false . - - - - Entfernte verwaiste Registrierungseinträge - - - - . SafeBoot-klmdb.sys . . . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*] "OOSAFEERASE04.00.00.01MSWINDOWS"="0DCA2D38AAC82F9F01ADBA02A26CA80B243744DB67F39D5C2552B2957B163C93D291408F77FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808FEBC9E127BECC74CBA7FD869164D6794BA7FD869164D67944DC90C7E176435D7B5884736BF660771E6ECE2E676DBF6615D3516A2E81587361B530287B0EB3174CB9DB73ED93807A228050085B34FADDA386087557B1727F5E048C48C4A2AE8BEBB7DBCAA5C0CC63944E896A62765277959A4F545BBDB918A0513B00C7CF38165998BCBBF9E7F12F39E17CD6F8426752C8EB65F18DA74BD3462423ACF947E751A6DCFEB032B9188968BADE34731F97A681AEFD437BCD17239C889E85F95E51293B4763940BF271BE753732A5ACA2D6EA6B04FFE4E79CACDE3F9BFD78934A9788DDDCEE506508892363450841920F25DE37DF596D05E194080AEDF3561D9AE1F464ECC34A801E3884D5ED2EE3735DF27211EA9E9716BDB0DE01008C5BCA33ACF005B097D3FAE46EB05F6A974AD416D7EE124D45B2B5594CF5C3EFB61B46379A802D4BEADA3E7A70032972C37382FF86CAE1706E1B904AAF2C9CCA170A820791B16F74EC3F46C5EDA30CCD06C569EC34C95EFED86209568380AC085F4B990306D8BF93CD698B526E7E097365CCB6474CDA61DE16921597BB47B1754024F2474B7B5022E0DB2EC2165A66D1C66A2869275F57F5EBA4853F6D0863FE2BC12FB806969ACF2A3B1715366E8B668F926420C9A1D6E7EC1E13ED1489319A762F16E74C3038AF76A4255A4D114D0241DE58433E7B8348659FD84642E10FE3DC12083D2DCDF1F53C5D75E61E2960D7B6937733CDDE80DDAED73C7EE65ED3A623E1279841DE2E13A2D2A88BA27E5303F0CB1E5C15151AC8484D95B14A7A30B7A4F03C154C474BF8B2E358044027872E4453065BFE81C3834318F49D800A9A38B7E700272E3FC97C5E9362BF62AC98184EA5534192176CAB91FB4CC28527E2A416D9D9370DF6B3F8C91B09CAE2AD9FEDBE7034591480F718B0CAFD7D0D0A33B6ACD8E05C6F3B3FCA7EFEDA12CE12C7FCB37633ED4839C2EC34B290E05069D65F9688F96D0AD4C0E046176B69382498C586AE07C6E4AD5F69FC10E47D94DF72B8697ADBDCEECAE22B0549B8FEE943B212CA8AC0F50E8F8B6026A8F124CD6BE04CBC93CA46269595D614EEE13A7F093B012A8B93A507E464AEF53A22D392A055BA7044FA8932CD156EE67C7DA11C7E320FB39C174277E8185939F800D631DDE8F1D5C425B4F149A1C544CC1355D9BC5C500BBBFE8F132F3ACBA05A6DA705FE5F3547E340263D1422B33BC3C26A643D3F155A5F4F733336A7AD84ED573EC6FBACF17A88517826AD47ACC8CD96368E82E64587FE435CFF2B51C01D7936744A2FB5D53B0DDC5463AE4708A25" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Zeit der Fertigstellung: 2011-04-26 21:24:15 ComboFix-quarantined-files.txt 2011-04-26 19:24 . Vor Suchlauf: 8 Verzeichnis(se), 838.284.333.056 Bytes frei Nach Suchlauf: 11 Verzeichnis(se), 837.818.785.792 Bytes frei . - - End Of File - - CAFAB19DC104FC2AF0DE24A0440FC70C |
Themen zu TR/Spy.SpyEyes.gps von AntiVir gefunden |
ad-aware, antivir, avgntflt.sys, avira, benutzerregistrierung, bho, bonjour, canon, converter, dllhost.exe, error, excel, firefox, flash player, home, install.exe, ip-adresse, jdownloader, location, locker, logfile, microsoft office word, mozilla, neu aufsetzen, ntdll.dll, nvlddmkm.sys, office 2007, oldtimer, plug-in, programm, realtek, registry, rundll, saver, scan, searchplugins, security, security update, shell32.dll, software, sptd.sys, start menu, system, trojan, usb 2.0, usbport.sys, video converter, virus, visual studio, webcheck, windows |