| |
| |||||||
Log-Analyse und Auswertung: TR/Spy.SpyEyes.gps von AntiVir gefundenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
22.04.2011, 09:18
| #1 |
 |  TR/Spy.SpyEyes.gps von AntiVir gefunden Hallo zusammen, AntiVir hat mir gestern folgenden Fund gemeldet: Code:
ATTFilter In der Datei 'C:\polaroidexe\polaroidexe.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Spy.SpyEyes.gps' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern
Code:
ATTFilter Die Datei 'C:\polaroidexe\polaroidexe.exe'
enthielt einen Virus oder unerwünschtes Programm 'TR/Spy.SpyEyes.gps' [trojan].
Durchgeführte Aktion(en):
Der Registrierungseintrag <HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\B494E216C2DCD6D7> konnte nicht entfernt werden.
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4b123ace.qua' verschoben!
Dennoch hoffe ich, dass jemand von euch mir helfen kann, mein System vielleicht anderweitig zu säubern. In anderen Threads scheint dies gelungen zu sein und deshalb wäre ich für eure Hilfe sehr dankbar! Habe die Anleitung entsprechend durchgearbeitet und hier sind die Log Files. Vielen Dank vorab für eure Antwort! OTL.txt Code:
ATTFilter OTL logfile created on: 22.04.2011 09:33:27 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\********\Desktop Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 56,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 80,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 890,41 Gb Total Space | 782,32 Gb Free Space | 87,86% Space Free | Partition Type: NTFS Drive D: | 40,00 Gb Total Space | 29,12 Gb Free Space | 72,81% Space Free | Partition Type: NTFS Computer Name: DESKTOP | User Name: ******** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.04.22 09:24:21 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\********\Desktop\OTL.exe PRC - [2011.04.21 18:22:15 | 002,146,496 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe PRC - [2011.04.19 18:03:25 | 001,190,680 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe PRC - [2011.04.08 16:28:14 | 000,220,552 | ---- | M] (Geek Software GmbH) -- C:\Program Files\PDF24\pdf24.exe PRC - [2011.03.16 20:38:46 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2011.02.06 17:17:27 | 000,234,784 | ---- | M] (Apple Inc.) -- C:\Program Files\AirPrint\airprint.exe PRC - [2010.11.14 13:37:58 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.11.14 13:37:58 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2010.08.24 11:38:18 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe PRC - [2010.04.02 10:18:54 | 001,185,112 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE PRC - [2010.01.14 21:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2010.01.08 15:23:58 | 000,303,104 | ---- | M] (Wistron Corporation) -- C:\Program Files\RemoteKeySrv\RemoteKeySrv.exe PRC - [2009.12.29 19:50:10 | 000,678,432 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe PRC - [2009.12.09 19:02:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2009.11.07 04:46:52 | 000,020,480 | ---- | M] (X10) -- C:\Program Files\Common Files\X10\Common\X10nets.exe PRC - [2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.07.14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2009.07.14 03:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2009.07.01 19:03:12 | 002,352,416 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe PRC - [2009.07.01 19:03:12 | 000,795,936 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe PRC - [2009.07.01 19:03:12 | 000,582,944 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe PRC - [2009.02.03 15:53:00 | 001,155,072 | ---- | M] (MAGIX AG) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe PRC - [2007.07.24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe ========== Modules (SafeList) ========== MOD - [2011.04.22 09:24:21 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\********\Desktop\OTL.exe MOD - [2010.08.21 07:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll MOD - [2009.07.14 03:16:12 | 000,145,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\powrprof.dll MOD - [2009.07.14 03:15:50 | 001,386,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvbvm60.dll MOD - [2009.07.14 03:15:50 | 000,120,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvfw32.dll MOD - [2009.07.14 03:15:13 | 000,453,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dsound.dll MOD - [2009.07.01 19:03:26 | 000,226,592 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BtMmHook.dll ========== Win32 Services (SafeList) ========== SRV - [2011.04.21 18:22:15 | 002,146,496 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service) SRV - [2011.03.16 20:38:46 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.02.06 17:17:27 | 000,234,784 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\AirPrint\Airprint.exe -- (AirPrint) SRV - [2010.11.14 13:37:58 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2010.08.24 11:38:18 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService) SRV - [2010.01.08 15:23:58 | 000,303,104 | ---- | M] (Wistron Corporation) [Auto | Running] -- C:\Program Files\RemoteKeySrv\RemoteKeySrv.exe -- (RemoteKeySrv) SRV - [2009.12.09 19:02:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R) SRV - [2009.11.07 04:46:52 | 000,020,480 | ---- | M] (X10) [Auto | Running] -- C:\Program Files\Common Files\X10\Common\X10nets.exe -- (x10nets) SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009.07.01 19:03:12 | 000,582,944 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins) SRV - [2009.02.03 15:53:00 | 001,155,072 | ---- | M] (MAGIX AG) [Unknown | Running] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs) SRV - [2008.08.07 11:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) SRV - [2007.07.24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) ========== Driver Services (SafeList) ========== DRV - [2011.04.19 02:00:29 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd) DRV - [2011.04.19 02:00:28 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer) DRV - [2011.03.18 00:33:32 | 000,049,240 | ---- | M] (NCH Software) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stdriver32.sys -- (stdriver) DRV - [2011.03.16 20:38:46 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2010.12.04 12:33:03 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd) DRV - [2010.11.25 21:10:54 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2010.04.01 18:20:05 | 000,013,824 | ---- | M] (LoteSoft Co.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\splitcam.sys -- (SPLITCAM) DRV - [2010.03.29 20:20:26 | 000,223,440 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\System32\drivers\truecrypt.sys -- (truecrypt) DRV - [2010.03.02 05:57:12 | 001,006,624 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8192se.sys -- (rtl8192se) DRV - [2010.01.07 10:05:26 | 000,182,304 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\RtsUStor.sys -- (RSUSBSTOR) DRV - [2009.12.22 14:43:16 | 001,558,368 | ---- | M] (NXP Semiconductors Germany GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NxpCap.sys -- (NxpCap) DRV - [2009.12.03 12:26:22 | 009,941,512 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2009.10.29 12:20:40 | 000,010,360 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\system32\DRIVERS\hidkmdf.sys -- (hidkmdf) DRV - [2009.10.29 12:20:38 | 000,022,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\system32\DRIVERS\NW1950.sys -- (NW1950) DRV - [2009.10.13 14:03:28 | 000,067,688 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA) DRV - [2009.07.14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp) DRV - [2009.07.14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2009.07.01 13:46:20 | 000,043,944 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btusbflt.sys -- (btusbflt) DRV - [2009.05.13 13:47:30 | 000,027,160 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\x10ufx2.sys -- (XUIF) DRV - [2009.05.13 13:26:26 | 000,013,720 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\x10hid.sys -- (X10Hid) DRV - [2009.05.11 09:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2005.12.08 15:33:40 | 000,004,096 | ---- | M] (Wistron) [Kernel | On_Demand | Running] -- C:\Program Files\RemoteKeySrv\GENPORT.sys -- (genport) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://webmail.havigs.com/ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "about:blank" FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:4.0 FF - prefs.js..extensions.enabledItems: {99B98C2C-7274-45a3-A640-D9DF1A1C8460}:1.4 FF - prefs.js..extensions.enabledItems: {338B4DFE-2E2C-4338-9E41-E176D497299E}:1.0.0 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.4 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.03.22 21:23:34 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.03.22 21:23:34 | 000,000,000 | ---D | M] [2010.03.31 16:53:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\********\AppData\Roaming\mozilla\Extensions [2010.03.31 16:53:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\********\AppData\Roaming\mozilla\Extensions\home2@tomtom.com [2011.04.07 19:39:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\********\AppData\Roaming\mozilla\Firefox\Profiles\lmsewdbk.default\extensions [2010.04.01 18:19:15 | 000,000,000 | ---D | M] (SplitCam Toolbar) -- C:\Users\********\AppData\Roaming\mozilla\Firefox\Profiles\lmsewdbk.default\extensions\{338B4DFE-2E2C-4338-9E41-E176D497299E} [2010.03.30 00:50:30 | 000,000,000 | ---D | M] (CookieCuller) -- C:\Users\********\AppData\Roaming\mozilla\Firefox\Profiles\lmsewdbk.default\extensions\{99B98C2C-7274-45a3-A640-D9DF1A1C8460} [2011.04.02 23:20:38 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\********\AppData\Roaming\mozilla\Firefox\Profiles\lmsewdbk.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2011.03.22 00:34:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2010.03.30 00:15:16 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2010.09.18 17:41:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.10.24 23:38:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.01.09 01:27:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011.03.13 13:59:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} File not found (No name found) -- () (No name found) -- C:\USERS\********\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LMSEWDBK.DEFAULT\EXTENSIONS\{C0C9A2C7-2E5C-4447-BC53-97718BC91E1B}.XPI [2011.03.22 21:23:27 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll [2011.02.02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll [2011.03.22 21:23:29 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2011.03.22 21:23:29 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml [2011.03.22 21:23:30 | 000,001,153 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml [2011.03.22 21:23:30 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml [2011.03.22 21:23:30 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml [2011.03.22 21:23:30 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (SMTTB2009 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\SplitCam Toolbar\tbcore3.dll () O3 - HKLM\..\Toolbar: (SplitCam Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\SplitCam Toolbar\tbcore3.dll () O3 - HKCU\..\Toolbar\WebBrowser: (SplitCam Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\SplitCam Toolbar\tbcore3.dll () O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [PDFPrint] C:\Program Files\PDF24\pdf24.exe (Geek Software GmbH) O4 - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe (Realtek Semiconductor) O4 - HKCU..\Run: [ccleaner] C:\Program Files\CCleaner\ccleaner.exe (Piriform Ltd) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - File not found O9 - Extra Button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.) O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe () O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpReg: TkBellExe - hkey= - key= - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) MsConfig - StartUpReg: TomTomHOME.exe - hkey= - key= - C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom) ========== Files/Folders - Created Within 30 Days ========== [2011.04.22 09:31:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\ERUNT [2011.04.22 09:31:47 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT [2011.04.22 09:24:19 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\********\Desktop\Erunt-setup.exe [2011.04.22 09:24:19 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\********\Desktop\OTL.exe [2011.04.22 09:24:19 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\********\Desktop\TFC.exe [2011.04.21 22:53:54 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2011.04.21 22:53:54 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2011.04.21 22:53:54 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2011.04.21 22:53:29 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2011.04.21 22:53:25 | 000,000,000 | --SD | C] -- C:\cofi [2011.04.21 22:51:37 | 000,000,000 | ---D | C] -- C:\Qoobox [2011.04.21 22:50:38 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe [2011.04.21 22:44:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2011.04.21 22:44:21 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy [2011.04.21 20:28:43 | 000,064,512 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys [2011.04.21 20:28:41 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys [2011.04.21 20:28:08 | 000,000,000 | ---D | C] -- C:\Users\********\AppData\Local\Sunbelt Software [2011.04.21 20:27:33 | 000,000,000 | -H-D | C] -- C:\ProgramData\{AA5544E4-9BBC-419B-9204-40B5924D26AA} [2011.04.21 20:27:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\Lavasoft [2011.04.21 20:27:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft [2011.04.21 20:27:24 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft [2011.04.17 15:57:05 | 000,000,000 | ---D | C] -- C:\Users\********\Documents\Bewerbung [2011.04.17 11:26:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\PDF24 [2011.04.10 13:07:05 | 000,000,000 | ---D | C] -- C:\Users\********\AppData\Roaming\Malwarebytes [2011.04.10 12:48:24 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.04.10 12:48:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\Malwarebytes' Anti-Malware [2011.04.10 12:48:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.04.10 12:48:20 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.04.10 12:48:19 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2011.04.10 12:25:38 | 000,000,000 | ---D | C] -- C:\Users\********\AppData\Roaming\Quwe [2011.04.10 12:25:38 | 000,000,000 | ---D | C] -- C:\Users\********\AppData\Roaming\Qesew [2011.04.07 22:54:32 | 000,000,000 | ---D | C] -- C:\Users\********\AppData\Roaming\kock [2011.04.07 19:23:20 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJEGV [2011.04.05 22:33:49 | 000,000,000 | ---D | C] -- C:\Users\********\AppData\Local\PDF24 [2011.04.05 22:31:23 | 000,000,000 | ---D | C] -- C:\Program Files\PDF24 [2011.04.05 22:20:39 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJScan [2011.04.05 22:11:44 | 000,000,000 | ---D | C] -- C:\ProgramData\CanonIJWSpt [2011.04.05 22:10:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\Canon CanoScan LiDE 210 Manual [2011.04.05 22:10:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\CanoScan LiDE 210 [2011.03.31 20:12:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\VideoLAN [2004.11.24 21:25:52 | 000,335,872 | ---- | C] ( ) -- C:\Windows\System32\drvc.dll ========== Files - Modified Within 30 Days ========== [2011.04.22 09:33:45 | 000,009,696 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.04.22 09:33:45 | 000,009,696 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.04.22 09:31:47 | 000,000,862 | ---- | M] () -- C:\Users\********\Desktop\NTREGOPT.lnk [2011.04.22 09:31:47 | 000,000,843 | ---- | M] () -- C:\Users\********\Desktop\ERUNT.lnk [2011.04.22 09:31:01 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.04.22 09:30:47 | 000,657,438 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.04.22 09:30:47 | 000,618,714 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.04.22 09:30:47 | 000,130,810 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.04.22 09:30:47 | 000,107,034 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.04.22 09:26:34 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.04.22 09:26:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.04.22 09:25:56 | 2414,432,256 | -HS- | M] () -- C:\hiberfil.sys [2011.04.22 09:24:23 | 000,301,568 | ---- | M] () -- C:\Users\********\Desktop\g2m3e4r.exe [2011.04.22 09:24:22 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\********\Desktop\Erunt-setup.exe [2011.04.22 09:24:21 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\********\Desktop\OTL.exe [2011.04.22 09:24:21 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\********\Desktop\TFC.exe [2011.04.22 01:53:01 | 000,237,568 | ---- | M] () -- C:\Windows\System32\rmc_rtspdl.dll [2011.04.22 01:53:01 | 000,156,672 | ---- | M] (Radioactive) -- C:\Windows\System32\rmc_fixasf.exe [2011.04.22 00:12:14 | 002,302,976 | ---- | M] () -- C:\Users\********\Kontakte_2104.pst [2011.04.22 00:11:42 | 008,397,824 | ---- | M] () -- C:\Users\********\Ablage_2104.pst [2011.04.22 00:10:37 | 006,366,208 | ---- | M] () -- C:\Users\********\backup.pst [2011.04.21 20:28:55 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat [2011.04.21 20:28:55 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat [2011.04.21 20:28:40 | 000,098,392 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys [2011.04.21 20:27:33 | 000,001,072 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk [2011.04.19 02:00:29 | 000,064,512 | ---- | M] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys [2011.04.18 12:23:39 | 000,016,432 | ---- | M] () -- C:\Windows\System32\lsdelete.exe [2011.04.17 11:26:16 | 000,001,782 | ---- | M] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk [2011.04.17 10:45:07 | 000,468,888 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.04.05 22:11:45 | 000,001,989 | ---- | M] () -- C:\Users\Public\Desktop\Canon Solution Menu EX.lnk [2011.04.05 22:10:42 | 000,002,286 | ---- | M] () -- C:\Users\Public\Desktop\Canon CanoScan LiDE 210 Online-Handbuch.lnk [2011.04.03 17:57:56 | 000,448,224 | ---- | M] () -- C:\Users\********\Documents\Amazon-Gift-Card_Michi 2011.pdf [2011.03.31 20:20:26 | 000,000,933 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk ========== Files Created - No Company Name ========== [2011.04.22 09:31:47 | 000,000,862 | ---- | C] () -- C:\Users\********\Desktop\NTREGOPT.lnk [2011.04.22 09:31:47 | 000,000,843 | ---- | C] () -- C:\Users\********\Desktop\ERUNT.lnk [2011.04.22 09:24:19 | 000,301,568 | ---- | C] () -- C:\Users\********\Desktop\g2m3e4r.exe [2011.04.22 00:11:54 | 002,302,976 | ---- | C] () -- C:\Users\********\Kontakte_2104.pst [2011.04.22 00:11:12 | 008,397,824 | ---- | C] () -- C:\Users\********\Ablage_2104.pst [2011.04.22 00:10:34 | 006,366,208 | ---- | C] () -- C:\Users\********\backup.pst [2011.04.21 22:53:54 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe [2011.04.21 22:53:54 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2011.04.21 22:53:54 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe [2011.04.21 22:53:54 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2011.04.21 22:53:54 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2011.04.21 22:38:47 | 000,016,432 | ---- | C] () -- C:\Windows\System32\lsdelete.exe [2011.04.21 20:28:55 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat [2011.04.21 20:28:55 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat [2011.04.21 20:27:33 | 000,001,072 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk [2011.04.17 11:26:16 | 000,001,782 | ---- | C] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk [2011.04.05 22:11:45 | 000,001,989 | ---- | C] () -- C:\Users\Public\Desktop\Canon Solution Menu EX.lnk [2011.04.05 22:10:42 | 000,002,286 | ---- | C] () -- C:\Users\Public\Desktop\Canon CanoScan LiDE 210 Online-Handbuch.lnk [2011.04.05 22:10:18 | 000,393,256 | ---- | C] () -- C:\Windows\System32\CNQ4809N.DAT [2011.04.03 17:57:56 | 000,448,224 | ---- | C] () -- C:\Users\********\Documents\Amazon-Gift-Card_Michi 2011.pdf [2010.10.17 13:31:26 | 065,169,605 | ---- | C] () -- C:\Users\********\AppData\Local\altu.flv [2010.10.17 13:31:26 | 065,169,605 | ---- | C] () -- C:\Program Files\altu.flv [2010.10.11 22:25:44 | 022,373,229 | ---- | C] () -- C:\Users\********\AppData\Local\P1D.flv [2010.05.15 18:35:36 | 000,056,320 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll [2010.05.13 18:04:27 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI [2010.04.18 10:44:54 | 000,003,584 | ---- | C] () -- C:\Users\********\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.04.11 23:58:50 | 003,620,216 | ---- | C] () -- C:\Users\********\AppData\Local\vluvsladygagas webcam video April 11 2010 0253 PM.flv [2010.04.01 18:34:49 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll [2010.03.30 01:46:29 | 000,237,568 | ---- | C] () -- C:\Windows\System32\rmc_rtspdl.dll [2010.03.30 00:29:03 | 000,056,880 | ---- | C] () -- C:\Windows\System32\scvideo.dll [2010.03.30 00:15:54 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat [2010.03.29 21:27:29 | 000,000,162 | ---- | C] () -- C:\Windows\ODBC.INI [2010.03.03 02:00:00 | 001,449,935 | ---- | C] () -- C:\Windows\System32\ffmpegmt.dll [2010.03.03 02:00:00 | 000,882,688 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2010.03.03 02:00:00 | 000,336,384 | ---- | C] () -- C:\Windows\System32\ff_libfaad2.dll [2010.03.03 02:00:00 | 000,324,096 | ---- | C] () -- C:\Windows\System32\TomsMoComp_ff.dll [2010.03.03 02:00:00 | 000,248,320 | ---- | C] () -- C:\Windows\System32\ff_kernelDeint.dll [2010.03.03 02:00:00 | 000,216,576 | ---- | C] () -- C:\Windows\System32\ff_libdts.dll [2010.03.03 02:00:00 | 000,169,984 | ---- | C] () -- C:\Windows\System32\ff_samplerate.dll [2010.03.03 02:00:00 | 000,151,552 | ---- | C] () -- C:\Windows\System32\ff_libmad.dll [2010.03.03 02:00:00 | 000,145,408 | ---- | C] () -- C:\Windows\System32\libmpeg2_ff.dll [2010.03.03 02:00:00 | 000,121,856 | ---- | C] () -- C:\Windows\System32\ff_liba52.dll [2010.03.03 02:00:00 | 000,116,736 | ---- | C] () -- C:\Windows\System32\ff_tremor.dll [2010.03.03 02:00:00 | 000,097,792 | ---- | C] () -- C:\Windows\System32\ff_unrar.dll [2010.01.10 07:44:49 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll [2010.01.08 10:39:19 | 000,451,072 | ---- | C] () -- C:\Windows\System32\ISSRemoveSP.exe [2010.01.08 10:05:02 | 000,149,504 | ---- | C] () -- C:\Windows\unwise32_setup.exe [2010.01.08 10:05:02 | 000,127,184 | ---- | C] () -- C:\Windows\Unwise.exe [2010.01.08 09:57:53 | 000,013,224 | ---- | C] () -- C:\Windows\System32\drivers\RtPCEE3.DAT [2010.01.07 10:22:31 | 000,007,648 | ---- | C] () -- C:\Windows\System32\716xCoInstaller.dll [2010.01.07 10:22:31 | 000,000,480 | ---- | C] () -- C:\Windows\11317231_001416BE_ca.bin [2010.01.07 10:22:31 | 000,000,480 | ---- | C] () -- C:\Windows\11317231_001316BE_ca.bin [2010.01.07 10:22:31 | 000,000,480 | ---- | C] () -- C:\Windows\11317231_001216BE_ca.bin [2009.12.03 09:27:28 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll [2009.12.03 00:50:04 | 000,041,808 | ---- | C] () -- C:\Windows\System32\nvcoproc.bin [2009.12.03 00:50:00 | 000,330,344 | ---- | C] () -- C:\Windows\System32\easyUpdatusAPIU.dll [2009.11.14 20:37:08 | 000,154,112 | ---- | C] () -- C:\Windows\System32\ts.dll [2009.11.14 20:33:40 | 000,357,888 | ---- | C] () -- C:\Windows\System32\gdsmux.exe [2009.11.14 20:33:38 | 000,249,856 | ---- | C] () -- C:\Windows\System32\dxr.dll [2009.11.14 20:11:50 | 000,093,184 | ---- | C] () -- C:\Windows\System32\avss.dll [2009.11.14 20:11:42 | 000,150,016 | ---- | C] () -- C:\Windows\System32\mkx.dll [2009.11.14 20:11:42 | 000,141,824 | ---- | C] () -- C:\Windows\System32\mp4.dll [2009.11.14 20:11:40 | 000,123,392 | ---- | C] () -- C:\Windows\System32\ogm.dll [2009.11.14 20:11:40 | 000,109,568 | ---- | C] () -- C:\Windows\System32\avi.dll [2009.11.14 20:11:38 | 000,097,792 | ---- | C] () -- C:\Windows\System32\avs.dll [2009.11.14 20:11:36 | 000,136,704 | ---- | C] () -- C:\Windows\System32\mkv2vfr.exe [2009.11.14 20:11:36 | 000,113,152 | ---- | C] () -- C:\Windows\System32\dsmux.exe [2009.11.14 20:11:32 | 000,080,384 | ---- | C] () -- C:\Windows\System32\mkzlib.dll [2009.11.14 20:11:32 | 000,024,576 | ---- | C] () -- C:\Windows\System32\mkunicode.dll [2009.10.29 12:20:42 | 008,824,824 | ---- | C] () -- C:\Windows\System32\drivers\NWTransLib.sys [2009.10.29 12:20:38 | 000,022,392 | ---- | C] () -- C:\Windows\System32\drivers\NW1950.sys [2009.08.11 23:21:26 | 000,087,552 | ---- | C] () -- C:\Windows\System32\ac3config.exe [2009.08.03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll [2009.08.03 16:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe [2009.07.14 10:47:43 | 000,657,438 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2009.07.14 10:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2009.07.14 10:47:43 | 000,130,810 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2009.07.14 10:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2009.07.14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 06:33:53 | 000,468,888 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2009.07.14 04:05:48 | 000,618,714 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2009.07.14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2009.07.14 04:05:48 | 000,107,034 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2009.07.14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2009.07.14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2009.07.14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2009.07.14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2009.06.07 18:24:04 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2009.01.11 00:15:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\mmfinfo.dll [2008.12.19 17:15:58 | 004,338,246 | ---- | C] () -- C:\Windows\System32\libavcodec.dll [2008.12.17 19:41:18 | 000,884,237 | ---- | C] () -- C:\Windows\System32\ff_x264.dll [2008.12.17 19:22:58 | 000,093,184 | ---- | C] () -- C:\Windows\System32\ff_wmv9.dll [2008.12.17 19:22:48 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2008.12.17 19:17:34 | 000,239,247 | ---- | C] () -- C:\Windows\System32\ff_theora.dll [2008.12.17 18:59:54 | 000,560,802 | ---- | C] () -- C:\Windows\System32\libmplayer.dll [2008.11.06 18:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll [2007.10.13 11:30:20 | 000,000,137 | ---- | C] () -- C:\Windows\System32\Registration.ini [2007.09.16 16:27:47 | 010,181,784 | ---- | C] () -- C:\Users\********\AppData\Local\Vi7 Small.avi.AVI [2006.11.02 18:10:16 | 000,080,912 | ---- | C] () -- C:\Windows\System32\sherlock2.exe [2004.10.03 19:50:54 | 000,129,024 | ---- | C] () -- C:\Windows\System32\ff_mpeg2enc.dll ========== LOP Check ========== [2010.10.31 15:57:43 | 000,000,000 | ---D | M] -- C:\Users\********\AppData\Roaming\calibre [2011.04.05 22:20:39 | 000,000,000 | ---D | M] -- C:\Users\********\AppData\Roaming\Canon [2010.04.12 18:39:24 | 000,000,000 | ---D | M] -- C:\Users\********\AppData\Roaming\CD-LabelPrint [2010.12.04 12:36:04 | 000,000,000 | ---D | M] -- C:\Users\********\AppData\Roaming\DAEMON Tools Lite [2011.01.24 00:24:04 | 000,000,000 | ---D | M] -- C:\Users\********\AppData\Roaming\GrabPro [2010.10.02 17:07:58 | 000,000,000 | ---D | M] -- C:\Users\********\AppData\Roaming\ICQ [2011.04.07 22:54:32 | 000,000,000 | ---D | M] -- C:\Users\********\AppData\Roaming\kock [2011.01.24 00:36:37 | 000,000,000 | ---D | M] -- C:\Users\********\AppData\Roaming\Orbit [2010.03.29 21:27:12 | 000,000,000 | ---D | M] -- C:\Users\********\AppData\Roaming\PowerCinema [2011.01.23 20:00:33 | 000,000,000 | ---D | M] -- C:\Users\********\AppData\Roaming\ProgSense [2011.04.10 13:14:47 | 000,000,000 | ---D | M] -- C:\Users\********\AppData\Roaming\Qesew [2011.04.10 13:14:36 | 000,000,000 | ---D | M] -- C:\Users\********\AppData\Roaming\Quwe [2010.03.31 16:53:54 | 000,000,000 | ---D | M] -- C:\Users\********\AppData\Roaming\TomTom [2010.09.19 17:47:05 | 000,000,000 | ---D | M] -- C:\Users\********\AppData\Roaming\TrueCrypt [2011.04.18 21:45:52 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2010.04.18 18:31:00 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN [2011.04.21 23:00:11 | 000,000,000 | --SD | M] -- C:\cofi [2010.03.29 17:21:22 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2011.01.23 20:00:33 | 000,000,000 | ---D | M] -- C:\Downloads [2010.01.08 09:32:52 | 000,000,000 | ---D | M] -- C:\Intel [2010.03.29 21:11:59 | 000,000,000 | RH-D | M] -- C:\MSOCache [2011.04.22 09:31:47 | 000,000,000 | ---D | M] -- C:\Program Files [2011.04.21 22:44:21 | 000,000,000 | ---D | M] -- C:\ProgramData [2010.03.29 17:21:22 | 000,000,000 | -HSD | M] -- C:\Programme [2011.04.21 22:53:29 | 000,000,000 | ---D | M] -- C:\Qoobox [2010.03.29 17:21:22 | 000,000,000 | -HSD | M] -- C:\Recovery [2011.04.22 03:00:27 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2010.03.29 17:21:33 | 000,000,000 | R--D | M] -- C:\Users [2011.04.22 09:28:44 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < MD5 for: EXPLORER.EXE > [2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe [2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\explorer.exe [2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe [2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe [2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe [2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe < MD5 for: USERINIT.EXE > [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe [2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-04-22 01:01:47 < End of report > Code:
ATTFilter OTL Extras logfile created on: 22.04.2011 09:33:27 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\********\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 56,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 890,41 Gb Total Space | 782,32 Gb Free Space | 87,86% Space Free | Partition Type: NTFS
Drive D: | 40,00 Gb Total Space | 29,12 Gb Free Space | 72,81% Space Free | Partition Type: NTFS
Computer Name: DESKTOP | User Name: Matthias | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4
"_{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{07B62101-7EBD-434A-94B1-B38063BE5516}" = CorelDRAW Essentials 4 - PHOTO-PAINT
"{0C0670E5-2D51-42C6-ACFF-CBCB65B7DCDB}" = SplitCam
"{0C7B9FAF-9C93-4E3A-9EC5-DE553B5771F0}" = Linguatec Voice Reader Studio
"{0ED4216F-3540-4D6B-8199-1C8DDEA3924B}" = CorelDRAW Essentials 4 - Lang DE
"{10E3699C-3BBE-419F-8085-3AE94E932EAA}" = calibre
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4300" = Canon iP4300
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4809" = CanoScan LiDE 210 Scanner Driver
"{19AC095C-3520-4999-AA15-93B6D0248A50}" = CorelDRAW Essentials 4 - Content
"{1E5F3CC6-D390-4393-A2AA-6CEC04F1705A}" = Image Resizer Powertoy Clone for Windows
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = Media Player Classic - Home Cinema v. 1.3.1249.0
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Medion Touch Center
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 24
"{2A697B53-0DE3-42DA-B41D-C3F804B1C538}" = iTunes
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2D87E961-577B-492B-AD54-1368680FB9A7}" = Bing Maps 3D
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{34A9406E-1994-4C20-AC72-04CFA2B24545}" = CorelDRAW Essentials 4 - Lang EN
"{3576C335-958D-4D60-A812-F68F9A2796AF}" = CorelDRAW Essentials 4 - Lang IT
"{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}" = Microsoft XNA Framework Redistributable 3.0
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3E6F0CAD-EE38-42A5-9EEA-AE17A55BF2D4}" = Firebird SQL Server - MAGIX Edition
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{5176C4D8-E6C1-422A-8D6F-E13EB996DCEA}" = CyberLink YouMemo
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5500BB35-1C21-4328-9F16-F894B860FADE}" = CorelDRAW Essentials 4 - Lang NL
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{699D0EFA-5AC2-4DAB-846E-E4EFDA00ACAC}" = RemoteKeySrv
"{70AA9B4F-64F7-4B0D-ADD8-05802D61AF72}" = Windows Live Toolbar
"{70CC0095-AA68-45BE-AE98-D8170182E9EB}" = PowerCinema Movie
"{714F1BA5-F95E-4821-AA70-D30BBE04A5FF}" = NextWindow Drivers
"{71BFC818-0CED-42D6-9C87-5142918957EE}" = ICQ7.1
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72BF1DA0-2B00-4794-9173-159722019B74}" = CyberLink YouPaint
"{76E852ED-1B06-4BC8-9D6A-625DB95FB7E5}" = CorelDRAW Essentials 4 - IPM - No VBA
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 2.9.7
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista and Later
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{8FF90DB8-6DED-44A3-B182-244FEC09012F}" = Microsoft Touch Pack for Windows 7
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0000-0000-0000000FF1CE}" = Microsoft Office Outlook 2007
"{90120000-001A-0000-0000-0000000FF1CE}_OUTLOOK_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0000-0000-0000000FF1CE}_OUTLOOK_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}_PRJPRO_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}_VISPRO_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_PRJPRO_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_VISPRO_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_PRJPRO_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_VISPRO_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}_PRJPRO_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}_VISPRO_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2007
"{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{9E73617F-2F38-4864-BD61-BB2DDFE43323}" = Microsoft Office Project 2007 Service Pack 2 (SP2)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
"{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{0FD405D3-CAF8-4CA6-8BFD-911D2F8A6585}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0054-0407-0000-0000000FF1CE}" = Microsoft Office Visio MUI (German) 2007
"{90120000-0054-0407-0000-0000000FF1CE}_VISPRO_{60CC0F2D-BFA0-4851-903D-809D876DD87B}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}_PRJPRO_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}_VISPRO_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00B4-0407-0000-0000000FF1CE}" = Microsoft Office Project MUI (German) 2007
"{90120000-00B4-0407-0000-0000000FF1CE}_PRJPRO_{16809599-3C53-4A9A-A7E2-74A6D0D2C007}" = Microsoft Office Project 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9043B9A0-9505-405B-8202-E7167A38A89C}" = CorelDRAW Essentials 4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 4.1
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D3D8C60-A55F-4fed-B2B9-173F09590E16}" = REALTEK Wireless LAN Driver
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB770FDE-8087-4C98-9A85-BD64262C104C}" = Medion Home Cinema
"{ABD8B955-1C69-4AF3-949B-13CD587C175F}" = CorelDRAW Essentials 4 - Lang BR
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3 - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{B9FA9F15-A1F3-4DB1-AD49-0B9351843FAA}" = CorelDRAW Essentials 4 - Draw
"{BA9319FE-BCEF-4C99-8039-F464648D046E}" = CorelDRAW Essentials 4 - Lang FR
"{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU]
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4 - ICA
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C682F3F0-00A6-4379-B083-4F3273624D7B}" = CorelDRAW Essentials 4 - Lang ES
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"{DCD786A9-31EF-4D35-B7CC-EFB8F548AEE2}" = O&O SafeErase
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F16841F6-5F0F-4DBE-B318-63CEB916F21D}" = CorelDRAW Essentials 4 - Filters
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Applian Director1.1" = Applian Director
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"Camtasia Studio 3" = Camtasia Studio 3
"Canon iP4300 Benutzerregistrierung" = Canon iP4300 Benutzerregistrierung
"Canon Setup Utility 2.3" = Canon Setup Utility 2.3
"CanonSolutionMenuEX" = Canon Solution Menu EX
"CCleaner" = CCleaner
"Cole2k Media - Codec Pack" = Cole2k Media - Codec Pack (Advanced) 7.9.1
"Debut" = Debut Video Capture Software
"DivX Setup.divx.com" = DivX-Setup
"DPP" = Canon Utilities Digital Photo Professional 3.4
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Easy-PrintToolBox" = Canon Utilities Easy-PrintToolBox
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EOS Utility" = Canon Utilities EOS Utility
"ERUNT_is1" = ERUNT 1.1j
"FLV Player" = FLV Player 2.0 (build 25)
"Indeo® Software" = Indeo® Software
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Medion Touch Center
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{5176C4D8-E6C1-422A-8D6F-E13EB996DCEA}" = CyberLink YouMemo
"InstallShield_{72BF1DA0-2B00-4794-9173-159722019B74}" = CyberLink YouPaint
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallShield_{AB770FDE-8087-4C98-9A85-BD64262C104C}" = Medion Home Cinema
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"JDownloader" = JDownloader
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 4.0 (x86 de)" = Mozilla Firefox 4.0 (x86 de)
"MP Navigator EX 4.0" = Canon MP Navigator EX 4.0
"NVIDIA Drivers" = NVIDIA Drivers
"OUTLOOK" = Microsoft Office Outlook 2007
"Picture Style Editor" = Canon Utilities Picture Style Editor
"PRJPRO" = Microsoft Office Project Professional 2007
"RealPlayer 12.0" = RealPlayer
"Replay Media Catcher 3.11" = Replay Media Catcher
"SplitCam Toolbar" = SplitCam Toolbar
"TomTom HOME" = TomTom HOME 2.7.6.2056
"TrueCrypt" = TrueCrypt
"VISPRO" = Microsoft Office Visio Professional 2007
"VLC media player" = VLC media player 1.1.8
"WinLiveSuite_Wave3" = Windows Live Essentials
"X10Hardware" = X10 Hardware(TM)
"XP Codec Pack" = XP Codec Pack
"Yahoo! Messenger" = Yahoo! Messenger
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 17.04.2011 14:08:27 | Computer Name = Desktop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2278
Error - 17.04.2011 14:08:27 | Computer Name = Desktop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2278
Error - 17.04.2011 14:08:28 | Computer Name = Desktop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 17.04.2011 14:08:28 | Computer Name = Desktop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3417
Error - 17.04.2011 14:08:28 | Computer Name = Desktop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3417
Error - 18.04.2011 13:31:09 | Computer Name = Desktop | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: taskeng.exe, Version: 6.1.7600.16699,
Zeitstempel: 0x4ccf7a97 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000703bb ID des fehlerhaften
Prozesses: 0x9f0 Startzeit der fehlerhaften Anwendung: 0x01cbfdee56cc8d68 Pfad der
fehlerhaften Anwendung: C:\Windows\system32\taskeng.exe Pfad des fehlerhaften Moduls:
unknown Berichtskennung: a53e180c-69e1-11e0-94de-1c4bd6033cb2
Error - 20.04.2011 12:01:41 | Computer Name = Desktop | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: DllHost.exe, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bc6b7 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16695,
Zeitstempel: 0x4cc7ab44 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00075c8c ID des fehlerhaften
Prozesses: 0x58c Startzeit der fehlerhaften Anwendung: 0x01cbff7419fdeafc Pfad der
fehlerhaften Anwendung: C:\Windows\system32\DllHost.exe Pfad des fehlerhaften Moduls:
C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: 7af205e8-6b67-11e0-b00c-1c4bd6033cb2
Error - 21.04.2011 14:27:58 | Computer Name = Desktop | Source = Lavasoft Ad-Aware Service | ID = 0
Description =
Error - 21.04.2011 16:54:20 | Computer Name = Desktop | Source = VSS | ID = 8193
Description =
Error - 21.04.2011 21:00:12 | Computer Name = Desktop | Source = VSS | ID = 8193
Description =
[ Media Center Events ]
Error - 23.08.2010 18:42:45 | Computer Name = Desktop | Source = MCUpdate | ID = 0
Description = 00:42:45 - MCESpotlight konnte nicht abgerufen werden (Fehler: Die
Verbindung mit dem Remoteserver kann nicht hergestellt werden.)
Error - 23.08.2010 18:43:29 | Computer Name = Desktop | Source = MCUpdate | ID = 0
Description = 00:43:28 - Broadband konnte nicht abgerufen werden (Fehler: Die Verbindung
mit dem Remoteserver kann nicht hergestellt werden.)
Error - 24.08.2010 14:00:45 | Computer Name = Desktop | Source = MCUpdate | ID = 0
Description = 20:00:45 - Directory konnte nicht abgerufen werden (Fehler: Die Verbindung
mit dem Remoteserver kann nicht hergestellt werden.)
Error - 09.09.2010 13:45:14 | Computer Name = Desktop | Source = MCUpdate | ID = 0
Description = 19:45:14 - MCEClientUX konnte nicht abgerufen werden (Fehler: Die
Verbindung mit dem Remoteserver kann nicht hergestellt werden.)
[ OSession Events ]
Error - 22.03.2011 17:05:45 | Computer Name = Desktop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 378
seconds with 180 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 23.11.2010 17:38:26 | Computer Name = Desktop | Source = bowser | ID = 8003
Description =
Error - 28.11.2010 07:22:04 | Computer Name = Desktop | Source = bowser | ID = 8003
Description =
Error - 28.11.2010 09:19:19 | Computer Name = Desktop | Source = bowser | ID = 8003
Description =
Error - 28.11.2010 11:48:04 | Computer Name = Desktop | Source = bowser | ID = 8003
Description =
Error - 02.12.2010 17:45:17 | Computer Name = Desktop | Source = bowser | ID = 8003
Description =
Error - 03.12.2010 04:31:38 | Computer Name = Desktop | Source = bowser | ID = 8003
Description =
Error - 03.12.2010 11:16:24 | Computer Name = Desktop | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
Error - 03.12.2010 11:20:38 | Computer Name = Desktop | Source = Ntfs | ID = 262281
Description = Auf dem Volume "H:" konnte der Transaktionsressourcen-Manager aufgrund
eines nicht wiederholbaren Fehlers nicht gestartet werden. Der Fehlercode ist in
den Daten enthalten.
Error - 03.12.2010 12:35:45 | Computer Name = Desktop | Source = bowser | ID = 8003
Description =
Error - 04.12.2010 06:34:52 | Computer Name = Desktop | Source = NetBT | ID = 4321
Description = Der Name "WORKGROUP :1d" konnte nicht auf der Schnittstelle mit
IP-Adresse 192.168.2.104 registriert werden. Der Computer mit IP-Adresse 192.168.2.1
hat nicht zugelassen, dass dieser Computer diesen Namen verwendet.
< End of report >
Code:
ATTFilter GMER 1.0.15.15570 - hxxp://www.gmer.net
Rootkit scan 2011-04-22 09:59:54
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\iaStor0 WDC_WD10 rev.80.0
Running: g2m3e4r.exe; Driver: C:\Users\********\AppData\Local\Temp\fwldapoc.sys
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwSaveKeyEx + 13BD 83247589 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 8326C092 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
? System32\Drivers\spfi.sys Das System kann den angegebenen Pfad nicht finden. !
.text USBPORT.SYS!DllUnload 917A4CA0 5 Bytes JMP 88A251D8
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 8663B1F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{0B8F75AA-6092-423F-8182-9C35D08FA678} 88A3C1F8
Device \Driver\volmgr \Device\VolMgrControl 8597D1F8
Device \Driver\usbuhci \Device\USBPDO-0 88A361F8
Device \Driver\usbuhci \Device\USBPDO-1 88A361F8
Device \Driver\usbuhci \Device\USBPDO-2 88A361F8
Device \Driver\usbehci \Device\USBPDO-3 86691500
Device \Driver\usbuhci \Device\USBPDO-4 88A361F8
Device \Driver\usbuhci \Device\USBPDO-5 88A361F8
Device \Driver\usbuhci \Device\USBPDO-6 88A361F8
Device \Driver\volmgr \Device\HarddiskVolume1 8597D1F8
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
Device \Driver\usbehci \Device\USBPDO-7 86691500
Device \Driver\volmgr \Device\HarddiskVolume2 8597D1F8
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
Device \Driver\cdrom \Device\CdRom0 88A5C1F8
Device \Driver\iaStor -> DriverStartIo \Device\Ide\iaStor0 88BCAAEA
Device \Driver\iaStor \Device\Ide\iaStor0 [8BA7C960] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\iaStor -> DriverStartIo \Device\Ide\IAAStorageDevice-0 88BCAAEA
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-0 [8BA7C960] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\volmgr \Device\HarddiskVolume3 8597D1F8
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
Device \Driver\volmgr \Device\HarddiskVolume4 8597D1F8
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
Device \Driver\NetBT \Device\NetBt_Wins_Export 88A3C1F8
Device \Driver\ACPI_HAL \Device\0000004b halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
Device \Driver\NetBT \Device\NetBT_Tcpip_{C01B1037-EBDE-4812-918C-42D7B7594353} 88A3C1F8
Device \Driver\BTHUSB \Device\00000089 bthport.sys (Bluetooth-Bustreiber/Microsoft Corporation)
Device \Driver\BTHUSB \Device\00000089 bthport.sys (Bluetooth-Bustreiber/Microsoft Corporation)
Device \Driver\NetBT \Device\NetBT_Tcpip_{7A5F3B8D-398E-416E-83ED-75B499643A19} 88A3C1F8
Device \Driver\usbuhci \Device\USBFDO-0 88A361F8
Device \Driver\usbuhci \Device\USBFDO-1 88A361F8
Device \Driver\usbuhci \Device\USBFDO-2 88A361F8
Device \Driver\usbehci \Device\USBFDO-3 86691500
Device \Driver\usbuhci \Device\USBFDO-4 88A361F8
Device \Driver\usbuhci \Device\USBFDO-5 88A361F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{4F7CE2CD-1AA4-4E79-95F5-FAB2ED8FADF3} 88A3C1F8
Device \Driver\BTHUSB \Device\0000008b bthport.sys (Bluetooth-Bustreiber/Microsoft Corporation)
Device \Driver\BTHUSB \Device\0000008b bthport.sys (Bluetooth-Bustreiber/Microsoft Corporation)
Device \Driver\usbuhci \Device\USBFDO-6 88A361F8
Device \Driver\usbehci \Device\USBFDO-7 86691500
Device \Device\Ide\IAAStorageDevice-1 -> \??\IDE#DiskWDC_WD10EARS-00Y5B1_____________________80.00A80#4&1b2adb9a&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0025d3a14f3d
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0025d3a15499
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\1c4bd6033cb2
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xA2 0xC4 0x49 0xF4 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0025d3a14f3d (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0025d3a15499 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\1c4bd6033cb2 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xA2 0xC4 0x49 0xF4 ...
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OOSAFEERASE04.00.00.01MSWINDOWS 0DCA2D38AAC82F9F01ADBA02A26CA80B243744DB67F39D5C2552B2957B163C93D291408F77FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808FEBC9E127BECC74CBA7FD869164D6794BA7FD869164D67944DC90C7E176435D7B5884736BF660771E6ECE2E676DBF6615D3516A2E81587361B530287B0EB3174CB9DB73ED93807A228050085B34FADDA386087557B1727F5E048C48C4A2AE8BEBB7DBCAA5C0CC63944E896A62765277959A4F545BBDB918A0513B00C7CF38165998BCBBF9E7F12F39E17CD6F8426752C8EB65F18DA74BD3462423ACF947E751A6DCFEB032B9188968BADE34731F97A681AEFD437BCD17239C889E85F95E51293B4763940BF271BE753732A5ACA2D6EA6B04FFE4E79CACDE3F9BFD78934A9788DDDCEE506508892363450841920F25DE37DF596D05E194080AEDF3561D9AE1F464ECC34A801E3884D5ED2EE3735DF27211EA9E9716BDB0DE01008C5BCA33ACF005B097D3FAE46EB05F6A974AD416D7EE124D45B2B5594CF5C3EFB61B46379A802D4BEADA3E7A70032972C37382FF86CAE1706E1B904AAF2C9CCA170A820791B16F74EC3F46C5EDA30CCD06C569EC34C95EFED86209568380AC085F4B990306D8BF93CD698B526E7E097365CCB6474CDA61DE16921597BB47B1754024F2474B7B5022E0
---- EOF - GMER 1.0.15 ----
Code:
ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Datenbank Version: 6417
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
22.04.2011 11:11:14
mbam-log-2011-04-22 (11-11-14).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 299494
Laufzeit: 41 Minute(n), 24 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
|
|
25.04.2011, 14:25
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | TR/Spy.SpyEyes.gps von AntiVir gefunden Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.
__________________
__________________ |
|
25.04.2011, 15:02
| #3 |
| | TR/Spy.SpyEyes.gps von AntiVir gefunden Hi, das ist, was bei all meinen kürzlichen Scans an Logfiles gespeichert wurde (beginnend mit den ältesten, erstmalig ausgeführt am 10.04.2011):
__________________Code:
ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Datenbank Version: 5363
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
10.04.2011 13:14:36
mbam-log-2011-04-10 (13-14-36).txt
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 150094
Laufzeit: 2 Minute(n), 56 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 7
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{8B644AD0-956D-A60B-F32E-C98C2E711249} (Trojan.Dropper) -> Value: {8B644AD0-956D-A60B-F32E-C98C2E711249} -> Quarantined and deleted successfully.
Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Bad: (93.188.165.13,93.188.160.43) Good: () -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{0B8F75AA-6092-423F-8182-9C35D08FA678}\NameServer (Trojan.DNSChanger) -> Bad: (93.188.165.13,93.188.160.43) Good: () -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{4F7CE2CD-1AA4-4E79-95F5-FAB2ED8FADF3}\NameServer (Trojan.DNSChanger) -> Bad: (93.188.165.13,93.188.160.43) Good: () -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7A5F3B8D-398E-416E-83ED-75B499643A19}\NameServer (Trojan.DNSChanger) -> Bad: (93.188.165.13,93.188.160.43) Good: () -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7A5F3B8D-398E-416E-83ED-75B499643A19}\DhcpNameServer (Trojan.DNSChanger) -> Bad: (93.188.165.13,93.188.160.43) Good: () -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{C01B1037-EBDE-4812-918C-42D7B7594353}\NameServer (Trojan.DNSChanger) -> Bad: (93.188.165.13,93.188.160.43) Good: () -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{C01B1037-EBDE-4812-918C-42D7B7594353}\DhcpNameServer (Trojan.DNSChanger) -> Bad: (93.188.165.13,93.188.160.43) Good: () -> Quarantined and deleted successfully.
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
c:\Users\Matthias\AppData\Roaming\Quwe\axer.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Users\Public\Desktop\control center.lnk (Rogue.ControlCenter) -> Quarantined and deleted successfully.
Code:
ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Datenbank Version: 6324
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
10.04.2011 17:32:47
mbam-log-2011-04-10 (17-32-47).txt
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 160297
Laufzeit: 3 Minute(n), 56 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{8B644AD0-956D-A60B-F32E-C98C2E711249} (Trojan.ZbotR.Gen) -> Value: {8B644AD0-956D-A60B-F32E-C98C2E711249} -> Quarantined and deleted successfully.
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Code:
ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Datenbank Version: 6414
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
21.04.2011 20:18:30
mbam-log-2011-04-21 (20-18-30).txt
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 161663
Laufzeit: 4 Minute(n), 5 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Code:
ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Datenbank Version: 6415
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
21.04.2011 23:38:56
mbam-log-2011-04-21 (23-38-56).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 68586
Laufzeit: 5 Minute(n), 22 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Code:
ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Datenbank Version: 6415
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
21.04.2011 23:42:31
mbam-log-2011-04-21 (23-42-31).txt
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 162120
Laufzeit: 3 Minute(n), 24 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Code:
ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Datenbank Version: 6416
Windows 6.1.7600 (Safe Mode)
Internet Explorer 8.0.7600.16385
22.04.2011 00:57:56
mbam-log-2011-04-22 (00-57-56).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 114422
Laufzeit: 9 Minute(n), 34 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Code:
ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Datenbank Version: 6416
Windows 6.1.7600 (Safe Mode)
Internet Explorer 8.0.7600.16385
22.04.2011 01:00:01
mbam-log-2011-04-22 (01-00-01).txt
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 159596
Laufzeit: 1 Minute(n), 54 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Code:
ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Datenbank Version: 6417
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
22.04.2011 11:11:14
mbam-log-2011-04-22 (11-11-14).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 299494
Laufzeit: 41 Minute(n), 24 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
|
|
25.04.2011, 15:10
| #4 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Spy.SpyEyes.gps von AntiVir gefundenZitat:
Warum postest du das Log nicht von allein? 
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
25.04.2011, 15:20
| #5 |
| | TR/Spy.SpyEyes.gps von AntiVir gefunden Combofix war eine Art Selbstversuch - habe das Kleingedruckte zu spät gelesen. Da Combofix aber nicht vollständig gelaufen ist, war mir nicht bewusst, dass es ein Logfile gibt... Hoffe, ich hab dadurch nix kaputt gemacht? Wo finde ich das Log, um es hier posten zu können? Geändert von mattan75 (25.04.2011 um 15:26 Uhr) Grund: vergessen, zu fragen... |
|
25.04.2011, 15:32
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Spy.SpyEyes.gps von AntiVir gefunden Schau nach: C:\Combofix.txt oder in C:\Qoobox
__________________ --> TR/Spy.SpyEyes.gps von AntiVir gefunden |
|
25.04.2011, 15:39
| #7 |
| | TR/Spy.SpyEyes.gps von AntiVir gefunden Eine .txt direkt auf C: existiert nicht und in C:\Qoobox ist auch kein Logfile zu finden. Soll ich das tool noch mal ausführen? Falls ja - ich möchte diesmal alles richtig machen - bitte weise an, wie... |
|
25.04.2011, 15:49
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Spy.SpyEyes.gps von AntiVir gefunden Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!! Code:
ATTFilter :OTL
[2011.04.10 12:25:38 | 000,000,000 | ---D | C] -- C:\Users\********\AppData\Roaming\Quwe
[2011.04.10 12:25:38 | 000,000,000 | ---D | C] -- C:\Users\********\AppData\Roaming\Qesew
[2011.04.07 22:54:32 | 000,000,000 | ---D | C] -- C:\Users\********\AppData\Roaming\kock
:Commands
[purity]
[resethosts]
[emptytemp]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
25.04.2011, 16:11
| #9 |
| | TR/Spy.SpyEyes.gps von AntiVir gefunden Done: Code:
ATTFilter All processes killed
========== OTL ==========
C:\Users\********\AppData\Roaming\Quwe folder moved successfully.
C:\Users\********\AppData\Roaming\Qesew folder moved successfully.
C:\Users\********\AppData\Roaming\kock folder moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: ********
->Temp folder emptied: 3356796 bytes
->Temporary Internet Files folder emptied: 812350 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 7654262 bytes
->Flash cache emptied: 479 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 9356 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 11,00 mb
OTL by OldTimer - Version 3.2.22.3 log created on 04252011_170532
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
|
|
25.04.2011, 20:00
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Spy.SpyEyes.gps von AntiVir gefunden Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )  Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
25.04.2011, 20:32
| #11 |
| | TR/Spy.SpyEyes.gps von AntiVir gefunden Danke - alles klar, hab ich gemacht. Finde ich übrigens super, dass du mir so hilfst!! Hier das Log: Code:
ATTFilter 2011/04/25 21:28:24.0412 0588 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/25 21:28:24.0640 0588 ================================================================================
2011/04/25 21:28:24.0640 0588 SystemInfo:
2011/04/25 21:28:24.0640 0588
2011/04/25 21:28:24.0640 0588 OS Version: 6.1.7600 ServicePack: 0.0
2011/04/25 21:28:24.0640 0588 Product type: Workstation
2011/04/25 21:28:24.0640 0588 ComputerName: DESKTOP
2011/04/25 21:28:24.0641 0588 UserName: ********
2011/04/25 21:28:24.0641 0588 Windows directory: C:\Windows
2011/04/25 21:28:24.0641 0588 System windows directory: C:\Windows
2011/04/25 21:28:24.0641 0588 Processor architecture: Intel x86
2011/04/25 21:28:24.0641 0588 Number of processors: 2
2011/04/25 21:28:24.0641 0588 Page size: 0x1000
2011/04/25 21:28:24.0641 0588 Boot type: Normal boot
2011/04/25 21:28:24.0641 0588 ================================================================================
2011/04/25 21:28:24.0988 0588 Initialize success
2011/04/25 21:28:30.0132 1308 ================================================================================
2011/04/25 21:28:30.0132 1308 Scan started
2011/04/25 21:28:30.0132 1308 Mode: Manual;
2011/04/25 21:28:30.0132 1308 ================================================================================
2011/04/25 21:28:31.0219 1308 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/04/25 21:28:31.0287 1308 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
2011/04/25 21:28:31.0327 1308 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/04/25 21:28:31.0380 1308 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/04/25 21:28:31.0441 1308 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2011/04/25 21:28:31.0473 1308 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2011/04/25 21:28:31.0533 1308 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
2011/04/25 21:28:31.0568 1308 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
2011/04/25 21:28:31.0606 1308 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2011/04/25 21:28:31.0682 1308 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
2011/04/25 21:28:31.0719 1308 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
2011/04/25 21:28:31.0757 1308 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
2011/04/25 21:28:31.0789 1308 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2011/04/25 21:28:31.0811 1308 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2011/04/25 21:28:31.0847 1308 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
2011/04/25 21:28:31.0893 1308 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/04/25 21:28:31.0936 1308 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
2011/04/25 21:28:32.0012 1308 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
2011/04/25 21:28:32.0070 1308 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2011/04/25 21:28:32.0105 1308 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2011/04/25 21:28:32.0154 1308 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/04/25 21:28:32.0184 1308 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
2011/04/25 21:28:32.0275 1308 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/04/25 21:28:32.0324 1308 avipbb (5fedef54757b34fb611b9ec8fb399364) C:\Windows\system32\DRIVERS\avipbb.sys
2011/04/25 21:28:32.0388 1308 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2011/04/25 21:28:32.0421 1308 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/04/25 21:28:32.0469 1308 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2011/04/25 21:28:32.0513 1308 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/04/25 21:28:32.0585 1308 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys
2011/04/25 21:28:32.0612 1308 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/04/25 21:28:32.0647 1308 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/04/25 21:28:32.0691 1308 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2011/04/25 21:28:32.0731 1308 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/04/25 21:28:32.0760 1308 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/04/25 21:28:32.0785 1308 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/04/25 21:28:32.0823 1308 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\DRIVERS\BthEnum.sys
2011/04/25 21:28:32.0849 1308 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/04/25 21:28:32.0882 1308 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
2011/04/25 21:28:32.0915 1308 BTHPORT (4a34888e13224678dd062466afec4240) C:\Windows\system32\Drivers\BTHport.sys
2011/04/25 21:28:32.0959 1308 BTHUSB (fa04c63916fa221dbb91fce153d07a55) C:\Windows\system32\Drivers\BTHUSB.sys
2011/04/25 21:28:33.0006 1308 btusbflt (92c5b845803f3662637eb691ac0b250f) C:\Windows\system32\drivers\btusbflt.sys
2011/04/25 21:28:33.0039 1308 btwaudio (d57d29132efe13a83133d9bd449e0cf1) C:\Windows\system32\drivers\btwaudio.sys
2011/04/25 21:28:33.0078 1308 btwavdt (d282c14a69357d0e1bafaecc2ca98c3a) C:\Windows\system32\drivers\btwavdt.sys
2011/04/25 21:28:33.0130 1308 btwl2cap (aafd7cb76ba61fbb08e302da208c974a) C:\Windows\system32\DRIVERS\btwl2cap.sys
2011/04/25 21:28:33.0164 1308 btwrchid (02eb4d2b05967df2d32f29c84ab1fb17) C:\Windows\system32\DRIVERS\btwrchid.sys
2011/04/25 21:28:33.0271 1308 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2011/04/25 21:28:33.0324 1308 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
2011/04/25 21:28:33.0363 1308 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2011/04/25 21:28:33.0397 1308 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2011/04/25 21:28:33.0443 1308 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/04/25 21:28:33.0473 1308 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
2011/04/25 21:28:33.0522 1308 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2011/04/25 21:28:33.0572 1308 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2011/04/25 21:28:33.0606 1308 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/04/25 21:28:33.0637 1308 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/04/25 21:28:33.0719 1308 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
2011/04/25 21:28:33.0745 1308 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2011/04/25 21:28:33.0775 1308 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2011/04/25 21:28:33.0850 1308 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2011/04/25 21:28:33.0906 1308 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys
2011/04/25 21:28:34.0041 1308 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2011/04/25 21:28:34.0247 1308 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2011/04/25 21:28:34.0286 1308 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
2011/04/25 21:28:34.0348 1308 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2011/04/25 21:28:34.0395 1308 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2011/04/25 21:28:34.0432 1308 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2011/04/25 21:28:34.0469 1308 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2011/04/25 21:28:34.0520 1308 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2011/04/25 21:28:34.0574 1308 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/04/25 21:28:34.0608 1308 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2011/04/25 21:28:34.0658 1308 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2011/04/25 21:28:34.0690 1308 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2011/04/25 21:28:34.0736 1308 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
2011/04/25 21:28:34.0771 1308 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/04/25 21:28:34.0818 1308 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/04/25 21:28:34.0891 1308 genport (c1049f3d658f33d0d64cc48b0dcccf08) C:\Program Files\RemoteKeySrv\GenPort.sys
2011/04/25 21:28:35.0008 1308 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2011/04/25 21:28:35.0050 1308 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
2011/04/25 21:28:35.0093 1308 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/04/25 21:28:35.0117 1308 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/04/25 21:28:35.0147 1308 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2011/04/25 21:28:35.0182 1308 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2011/04/25 21:28:35.0216 1308 hidkmdf (1fab2540c1bd6da847ccd292f4eee48a) C:\Windows\system32\DRIVERS\hidkmdf.sys
2011/04/25 21:28:35.0267 1308 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
2011/04/25 21:28:35.0357 1308 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/04/25 21:28:35.0422 1308 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
2011/04/25 21:28:35.0449 1308 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
2011/04/25 21:28:35.0472 1308 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/04/25 21:28:35.0531 1308 iaStor (5a6c5876fb84418d08d67b8caed5efcf) C:\Windows\system32\DRIVERS\iaStor.sys
2011/04/25 21:28:35.0574 1308 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
2011/04/25 21:28:35.0619 1308 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2011/04/25 21:28:35.0798 1308 IntcAzAudAddService (ba9a1f572d1a91559e6e76504cfd381c) C:\Windows\system32\drivers\RTKVHDA.sys
2011/04/25 21:28:35.0998 1308 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
2011/04/25 21:28:36.0035 1308 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2011/04/25 21:28:36.0066 1308 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/04/25 21:28:36.0126 1308 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/04/25 21:28:36.0162 1308 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2011/04/25 21:28:36.0218 1308 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2011/04/25 21:28:36.0252 1308 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
2011/04/25 21:28:36.0290 1308 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/04/25 21:28:36.0327 1308 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/04/25 21:28:36.0358 1308 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/04/25 21:28:36.0413 1308 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
2011/04/25 21:28:36.0457 1308 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
2011/04/25 21:28:36.0598 1308 Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
2011/04/25 21:28:36.0674 1308 Lbd (336abe8721cbc3110f1c6426da633417) C:\Windows\system32\DRIVERS\Lbd.sys
2011/04/25 21:28:36.0702 1308 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/04/25 21:28:36.0759 1308 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/04/25 21:28:36.0789 1308 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/04/25 21:28:36.0824 1308 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/04/25 21:28:36.0865 1308 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/04/25 21:28:36.0896 1308 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2011/04/25 21:28:36.0933 1308 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2011/04/25 21:28:36.0964 1308 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/04/25 21:28:36.0994 1308 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2011/04/25 21:28:37.0034 1308 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2011/04/25 21:28:37.0051 1308 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
2011/04/25 21:28:37.0092 1308 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2011/04/25 21:28:37.0117 1308 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
2011/04/25 21:28:37.0134 1308 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
2011/04/25 21:28:37.0160 1308 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2011/04/25 21:28:37.0189 1308 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
2011/04/25 21:28:37.0249 1308 mrxsmb (b4c76ef46322a9711c7b0f4e21ef6ea5) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/04/25 21:28:37.0284 1308 mrxsmb10 (e593d45024a3fdd11e93cc4a6ca91101) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/04/25 21:28:37.0323 1308 mrxsmb20 (a9f86c82c9cc3b679cc3957e1183a30f) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/04/25 21:28:37.0357 1308 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
2011/04/25 21:28:37.0410 1308 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
2011/04/25 21:28:37.0481 1308 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2011/04/25 21:28:37.0506 1308 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2011/04/25 21:28:37.0540 1308 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/04/25 21:28:37.0589 1308 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2011/04/25 21:28:37.0619 1308 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/04/25 21:28:37.0642 1308 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2011/04/25 21:28:37.0671 1308 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2011/04/25 21:28:37.0704 1308 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/04/25 21:28:37.0725 1308 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2011/04/25 21:28:37.0765 1308 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/04/25 21:28:37.0814 1308 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2011/04/25 21:28:37.0876 1308 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2011/04/25 21:28:37.0927 1308 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
2011/04/25 21:28:37.0958 1308 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/04/25 21:28:38.0004 1308 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/04/25 21:28:38.0040 1308 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/04/25 21:28:38.0064 1308 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/04/25 21:28:38.0099 1308 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
2011/04/25 21:28:38.0129 1308 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2011/04/25 21:28:38.0165 1308 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
2011/04/25 21:28:38.0214 1308 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/04/25 21:28:38.0253 1308 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2011/04/25 21:28:38.0287 1308 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2011/04/25 21:28:38.0337 1308 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
2011/04/25 21:28:38.0394 1308 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2011/04/25 21:28:38.0449 1308 NVHDA (eff6795cdacb959d1ab89eb9b9c29b57) C:\Windows\system32\drivers\nvhda32v.sys
2011/04/25 21:28:38.0654 1308 nvlddmkm (50c1b2dd2a5b3ed82c6e4683c4ad58b8) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/04/25 21:28:38.0926 1308 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
2011/04/25 21:28:38.0962 1308 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
2011/04/25 21:28:39.0015 1308 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/04/25 21:28:39.0054 1308 NW1950 (f1a718c6c6cd3edf157fa3d459adfef7) C:\Windows\system32\DRIVERS\NW1950.sys
2011/04/25 21:28:39.0122 1308 NxpCap (953e08d5ca0b02697a8145aaa0ca28be) C:\Windows\system32\DRIVERS\NxpCap.sys
2011/04/25 21:28:39.0198 1308 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/04/25 21:28:39.0291 1308 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2011/04/25 21:28:39.0317 1308 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
2011/04/25 21:28:39.0339 1308 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2011/04/25 21:28:39.0395 1308 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
2011/04/25 21:28:39.0433 1308 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
2011/04/25 21:28:39.0473 1308 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/04/25 21:28:39.0513 1308 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2011/04/25 21:28:39.0582 1308 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2011/04/25 21:28:39.0700 1308 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2011/04/25 21:28:39.0730 1308 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2011/04/25 21:28:39.0792 1308 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2011/04/25 21:28:39.0844 1308 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2011/04/25 21:28:39.0903 1308 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/04/25 21:28:39.0937 1308 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2011/04/25 21:28:39.0974 1308 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2011/04/25 21:28:39.0994 1308 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/04/25 21:28:40.0046 1308 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/04/25 21:28:40.0085 1308 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/04/25 21:28:40.0117 1308 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2011/04/25 21:28:40.0149 1308 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
2011/04/25 21:28:40.0182 1308 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/04/25 21:28:40.0201 1308 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/04/25 21:28:40.0233 1308 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2011/04/25 21:28:40.0262 1308 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2011/04/25 21:28:40.0293 1308 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
2011/04/25 21:28:40.0322 1308 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
2011/04/25 21:28:40.0385 1308 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
2011/04/25 21:28:40.0447 1308 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2011/04/25 21:28:40.0486 1308 RSUSBSTOR (b87f999e05dd9c0312c83a8752e8e66b) C:\Windows\System32\Drivers\RtsUStor.sys
2011/04/25 21:28:40.0543 1308 RTL8167 (80b66a4181f782884a815e69d0afa743) C:\Windows\system32\DRIVERS\Rt86win7.sys
2011/04/25 21:28:40.0593 1308 rtl8192se (cfd6c307bf5db3b339be9f92b95433b9) C:\Windows\system32\DRIVERS\rtl8192se.sys
2011/04/25 21:28:40.0674 1308 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/04/25 21:28:40.0704 1308 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
2011/04/25 21:28:40.0769 1308 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/04/25 21:28:40.0806 1308 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2011/04/25 21:28:40.0837 1308 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2011/04/25 21:28:40.0859 1308 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2011/04/25 21:28:40.0929 1308 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/04/25 21:28:40.0958 1308 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/04/25 21:28:40.0981 1308 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/04/25 21:28:41.0002 1308 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/04/25 21:28:41.0048 1308 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
2011/04/25 21:28:41.0081 1308 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/04/25 21:28:41.0120 1308 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/04/25 21:28:41.0143 1308 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2011/04/25 21:28:41.0200 1308 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2011/04/25 21:28:41.0252 1308 SPLITCAM (c7c361a04742ab187e10583bbf4fa975) C:\Windows\system32\DRIVERS\splitcam.sys
2011/04/25 21:28:41.0324 1308 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys
2011/04/25 21:28:41.0324 1308 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
2011/04/25 21:28:41.0331 1308 sptd - detected Locked file (1)
2011/04/25 21:28:41.0369 1308 srv (4a9b0f215de2519e2363f91df25c1e97) C:\Windows\system32\DRIVERS\srv.sys
2011/04/25 21:28:41.0422 1308 srv2 (14c44875518ae1c982e54ea8c5f7fe28) C:\Windows\system32\DRIVERS\srv2.sys
2011/04/25 21:28:41.0467 1308 srvnet (07a14223b0a50e76ade003fdf95d4fec) C:\Windows\system32\DRIVERS\srvnet.sys
2011/04/25 21:28:41.0547 1308 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
2011/04/25 21:28:41.0602 1308 stdriver (5c031c715e14f10dfc9395004f54ee21) C:\Windows\system32\DRIVERS\stdriver32.sys
2011/04/25 21:28:41.0630 1308 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2011/04/25 21:28:41.0656 1308 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
2011/04/25 21:28:41.0765 1308 Tcpip (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\drivers\tcpip.sys
2011/04/25 21:28:41.0861 1308 TCPIP6 (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\DRIVERS\tcpip.sys
2011/04/25 21:28:41.0897 1308 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
2011/04/25 21:28:41.0935 1308 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
2011/04/25 21:28:41.0961 1308 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
2011/04/25 21:28:41.0993 1308 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
2011/04/25 21:28:42.0024 1308 TermDD (a85c8503237a12e393b2c22acd3a3bc2) C:\Windows\system32\DRIVERS\termdd.sys
2011/04/25 21:28:42.0031 1308 Suspicious file (Forged): C:\Windows\system32\DRIVERS\termdd.sys. Real md5: a85c8503237a12e393b2c22acd3a3bc2, Fake md5: c36f41ee20e6999dbf4b0425963268a5
2011/04/25 21:28:42.0038 1308 TermDD - detected Rootkit.Win32.TDSS.tdl3 (0)
2011/04/25 21:28:42.0128 1308 truecrypt (aceb4f4f83b895e15c8c1a2f55009783) C:\Windows\system32\drivers\truecrypt.sys
2011/04/25 21:28:42.0180 1308 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/04/25 21:28:42.0213 1308 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
2011/04/25 21:28:42.0253 1308 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2011/04/25 21:28:42.0306 1308 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
2011/04/25 21:28:42.0364 1308 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/04/25 21:28:42.0406 1308 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
2011/04/25 21:28:42.0434 1308 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2011/04/25 21:28:42.0484 1308 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\Windows\system32\Drivers\usbaapl.sys
2011/04/25 21:28:42.0516 1308 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/04/25 21:28:42.0553 1308 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
2011/04/25 21:28:42.0600 1308 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys
2011/04/25 21:28:42.0637 1308 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys
2011/04/25 21:28:42.0666 1308 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
2011/04/25 21:28:42.0700 1308 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2011/04/25 21:28:42.0756 1308 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
2011/04/25 21:28:42.0779 1308 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/04/25 21:28:42.0805 1308 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/04/25 21:28:42.0862 1308 usbvideo (b5f6a992d996282b7fae7048e50af83a) C:\Windows\System32\Drivers\usbvideo.sys
2011/04/25 21:28:42.0900 1308 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/04/25 21:28:42.0942 1308 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/04/25 21:28:42.0974 1308 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2011/04/25 21:28:43.0015 1308 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/04/25 21:28:43.0084 1308 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
2011/04/25 21:28:43.0117 1308 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2011/04/25 21:28:43.0144 1308 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
2011/04/25 21:28:43.0192 1308 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/04/25 21:28:43.0230 1308 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2011/04/25 21:28:43.0269 1308 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
2011/04/25 21:28:43.0372 1308 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/04/25 21:28:43.0413 1308 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/04/25 21:28:43.0449 1308 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/04/25 21:28:43.0485 1308 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys
2011/04/25 21:28:43.0530 1308 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2011/04/25 21:28:43.0563 1308 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/25 21:28:43.0584 1308 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/25 21:28:43.0647 1308 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2011/04/25 21:28:43.0683 1308 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2011/04/25 21:28:43.0792 1308 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/04/25 21:28:43.0828 1308 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2011/04/25 21:28:43.0942 1308 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/04/25 21:28:43.0983 1308 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/04/25 21:28:44.0040 1308 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/04/25 21:28:44.0104 1308 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
2011/04/25 21:28:44.0146 1308 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/04/25 21:28:44.0213 1308 X10Hid (1f93fcb5bab3a921ecba522f63586f4a) C:\Windows\System32\Drivers\x10hid.sys
2011/04/25 21:28:44.0258 1308 XUIF (378dc1b0b1f62a7488ee8d31a3c6e949) C:\Windows\System32\Drivers\x10ufx2.sys
2011/04/25 21:28:44.0396 1308 ================================================================================
2011/04/25 21:28:44.0396 1308 Scan finished
2011/04/25 21:28:44.0396 1308 ================================================================================
2011/04/25 21:28:44.0417 5624 Detected object count: 2
2011/04/25 21:29:05.0961 5624 Locked file(sptd) - User select action: Skip
2011/04/25 21:29:05.0987 5624 TermDD (a85c8503237a12e393b2c22acd3a3bc2) C:\Windows\system32\DRIVERS\termdd.sys
2011/04/25 21:29:05.0987 5624 Suspicious file (Forged): C:\Windows\system32\DRIVERS\termdd.sys. Real md5: a85c8503237a12e393b2c22acd3a3bc2, Fake md5: c36f41ee20e6999dbf4b0425963268a5
2011/04/25 21:29:06.0061 5624 Backup copy found, using it..
2011/04/25 21:29:06.0083 5624 C:\Windows\system32\DRIVERS\termdd.sys - will be cured after reboot
2011/04/25 21:29:06.0083 5624 Rootkit.Win32.TDSS.tdl3(TermDD) - User select action: Cure
2011/04/25 21:29:10.0100 3288 Deinitialize success
|
|
25.04.2011, 20:51
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Spy.SpyEyes.gps von AntiVir gefunden TDL3 wurde erkannt und entfernt. Bitte Windows neu starten und zur Kontrolle ein neues Log mit dem Kaspersky-TDSS-Killer machen.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
25.04.2011, 21:11
| #13 |
| | TR/Spy.SpyEyes.gps von AntiVir gefunden Die Kontrolle sah schon mal gut aus: Code:
ATTFilter 2011/04/25 22:10:25.0627 5080 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/25 22:10:25.0968 5080 ================================================================================
2011/04/25 22:10:25.0968 5080 SystemInfo:
2011/04/25 22:10:25.0968 5080
2011/04/25 22:10:25.0968 5080 OS Version: 6.1.7600 ServicePack: 0.0
2011/04/25 22:10:25.0968 5080 Product type: Workstation
2011/04/25 22:10:25.0968 5080 ComputerName: DESKTOP
2011/04/25 22:10:25.0968 5080 UserName: Matthias
2011/04/25 22:10:25.0968 5080 Windows directory: C:\Windows
2011/04/25 22:10:25.0968 5080 System windows directory: C:\Windows
2011/04/25 22:10:25.0968 5080 Processor architecture: Intel x86
2011/04/25 22:10:25.0968 5080 Number of processors: 2
2011/04/25 22:10:25.0968 5080 Page size: 0x1000
2011/04/25 22:10:25.0968 5080 Boot type: Normal boot
2011/04/25 22:10:25.0968 5080 ================================================================================
2011/04/25 22:10:27.0569 5080 Initialize success
2011/04/25 22:10:29.0939 5128 ================================================================================
2011/04/25 22:10:29.0939 5128 Scan started
2011/04/25 22:10:29.0939 5128 Mode: Manual;
2011/04/25 22:10:29.0939 5128 ================================================================================
2011/04/25 22:10:32.0457 5128 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/04/25 22:10:32.0514 5128 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
2011/04/25 22:10:32.0554 5128 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/04/25 22:10:32.0596 5128 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/04/25 22:10:32.0635 5128 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2011/04/25 22:10:32.0678 5128 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2011/04/25 22:10:32.0749 5128 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
2011/04/25 22:10:32.0806 5128 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
2011/04/25 22:10:32.0855 5128 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2011/04/25 22:10:32.0931 5128 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
2011/04/25 22:10:32.0957 5128 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
2011/04/25 22:10:32.0995 5128 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
2011/04/25 22:10:33.0038 5128 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2011/04/25 22:10:33.0083 5128 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2011/04/25 22:10:33.0119 5128 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
2011/04/25 22:10:33.0146 5128 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/04/25 22:10:33.0185 5128 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
2011/04/25 22:10:33.0283 5128 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
2011/04/25 22:10:33.0375 5128 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2011/04/25 22:10:33.0410 5128 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2011/04/25 22:10:33.0459 5128 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/04/25 22:10:33.0500 5128 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
2011/04/25 22:10:33.0601 5128 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/04/25 22:10:33.0651 5128 avipbb (5fedef54757b34fb611b9ec8fb399364) C:\Windows\system32\DRIVERS\avipbb.sys
2011/04/25 22:10:33.0715 5128 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2011/04/25 22:10:33.0770 5128 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/04/25 22:10:33.0840 5128 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2011/04/25 22:10:33.0884 5128 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/04/25 22:10:33.0967 5128 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys
2011/04/25 22:10:33.0994 5128 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/04/25 22:10:34.0041 5128 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/04/25 22:10:34.0085 5128 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2011/04/25 22:10:34.0125 5128 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/04/25 22:10:34.0175 5128 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/04/25 22:10:34.0212 5128 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/04/25 22:10:34.0294 5128 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\DRIVERS\BthEnum.sys
2011/04/25 22:10:34.0332 5128 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/04/25 22:10:34.0375 5128 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
2011/04/25 22:10:34.0409 5128 BTHPORT (4a34888e13224678dd062466afec4240) C:\Windows\system32\Drivers\BTHport.sys
2011/04/25 22:10:34.0475 5128 BTHUSB (fa04c63916fa221dbb91fce153d07a55) C:\Windows\system32\Drivers\BTHUSB.sys
2011/04/25 22:10:34.0522 5128 btusbflt (92c5b845803f3662637eb691ac0b250f) C:\Windows\system32\drivers\btusbflt.sys
2011/04/25 22:10:34.0563 5128 btwaudio (d57d29132efe13a83133d9bd449e0cf1) C:\Windows\system32\drivers\btwaudio.sys
2011/04/25 22:10:34.0671 5128 btwavdt (d282c14a69357d0e1bafaecc2ca98c3a) C:\Windows\system32\drivers\btwavdt.sys
2011/04/25 22:10:34.0708 5128 btwl2cap (aafd7cb76ba61fbb08e302da208c974a) C:\Windows\system32\DRIVERS\btwl2cap.sys
2011/04/25 22:10:34.0758 5128 btwrchid (02eb4d2b05967df2d32f29c84ab1fb17) C:\Windows\system32\DRIVERS\btwrchid.sys
2011/04/25 22:10:34.0931 5128 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2011/04/25 22:10:34.0984 5128 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
2011/04/25 22:10:35.0068 5128 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2011/04/25 22:10:35.0102 5128 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2011/04/25 22:10:35.0225 5128 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/04/25 22:10:35.0288 5128 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
2011/04/25 22:10:35.0360 5128 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2011/04/25 22:10:35.0410 5128 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2011/04/25 22:10:35.0489 5128 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/04/25 22:10:35.0597 5128 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/04/25 22:10:35.0701 5128 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
2011/04/25 22:10:35.0759 5128 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2011/04/25 22:10:35.0790 5128 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2011/04/25 22:10:35.0877 5128 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2011/04/25 22:10:36.0022 5128 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys
2011/04/25 22:10:36.0358 5128 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2011/04/25 22:10:36.0485 5128 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2011/04/25 22:10:36.0524 5128 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
2011/04/25 22:10:36.0574 5128 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2011/04/25 22:10:36.0666 5128 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2011/04/25 22:10:36.0726 5128 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2011/04/25 22:10:36.0774 5128 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2011/04/25 22:10:36.0803 5128 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2011/04/25 22:10:36.0834 5128 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/04/25 22:10:36.0869 5128 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2011/04/25 22:10:36.0929 5128 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2011/04/25 22:10:36.0962 5128 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2011/04/25 22:10:37.0029 5128 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
2011/04/25 22:10:37.0109 5128 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/04/25 22:10:37.0189 5128 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/04/25 22:10:37.0301 5128 genport (c1049f3d658f33d0d64cc48b0dcccf08) C:\Program Files\RemoteKeySrv\GenPort.sys
2011/04/25 22:10:37.0417 5128 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2011/04/25 22:10:37.0510 5128 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
2011/04/25 22:10:37.0564 5128 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/04/25 22:10:37.0600 5128 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/04/25 22:10:37.0630 5128 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2011/04/25 22:10:37.0665 5128 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2011/04/25 22:10:37.0721 5128 hidkmdf (1fab2540c1bd6da847ccd292f4eee48a) C:\Windows\system32\DRIVERS\hidkmdf.sys
2011/04/25 22:10:37.0828 5128 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
2011/04/25 22:10:37.0872 5128 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/04/25 22:10:37.0926 5128 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
2011/04/25 22:10:37.0964 5128 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
2011/04/25 22:10:37.0999 5128 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/04/25 22:10:38.0059 5128 iaStor (5a6c5876fb84418d08d67b8caed5efcf) C:\Windows\system32\DRIVERS\iaStor.sys
2011/04/25 22:10:38.0100 5128 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
2011/04/25 22:10:38.0157 5128 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2011/04/25 22:10:38.0351 5128 IntcAzAudAddService (ba9a1f572d1a91559e6e76504cfd381c) C:\Windows\system32\drivers\RTKVHDA.sys
2011/04/25 22:10:38.0403 5128 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
2011/04/25 22:10:38.0461 5128 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2011/04/25 22:10:38.0493 5128 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/04/25 22:10:38.0542 5128 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/04/25 22:10:38.0577 5128 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2011/04/25 22:10:38.0634 5128 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2011/04/25 22:10:38.0667 5128 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
2011/04/25 22:10:38.0727 5128 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/04/25 22:10:38.0765 5128 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/04/25 22:10:38.0807 5128 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/04/25 22:10:38.0842 5128 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
2011/04/25 22:10:38.0884 5128 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
2011/04/25 22:10:39.0036 5128 Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
2011/04/25 22:10:39.0089 5128 Lbd (336abe8721cbc3110f1c6426da633417) C:\Windows\system32\DRIVERS\Lbd.sys
2011/04/25 22:10:39.0117 5128 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/04/25 22:10:39.0186 5128 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/04/25 22:10:39.0216 5128 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/04/25 22:10:39.0329 5128 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/04/25 22:10:39.0381 5128 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/04/25 22:10:39.0423 5128 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2011/04/25 22:10:39.0471 5128 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2011/04/25 22:10:39.0502 5128 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/04/25 22:10:39.0538 5128 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2011/04/25 22:10:39.0583 5128 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2011/04/25 22:10:39.0637 5128 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
2011/04/25 22:10:39.0720 5128 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2011/04/25 22:10:39.0755 5128 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
2011/04/25 22:10:39.0808 5128 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
2011/04/25 22:10:39.0846 5128 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2011/04/25 22:10:39.0895 5128 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
2011/04/25 22:10:39.0943 5128 mrxsmb (b4c76ef46322a9711c7b0f4e21ef6ea5) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/04/25 22:10:39.0989 5128 mrxsmb10 (e593d45024a3fdd11e93cc4a6ca91101) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/04/25 22:10:40.0036 5128 mrxsmb20 (a9f86c82c9cc3b679cc3957e1183a30f) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/04/25 22:10:40.0072 5128 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
2011/04/25 22:10:40.0103 5128 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
2011/04/25 22:10:40.0164 5128 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2011/04/25 22:10:40.0188 5128 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2011/04/25 22:10:40.0223 5128 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/04/25 22:10:40.0394 5128 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2011/04/25 22:10:40.0423 5128 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/04/25 22:10:40.0458 5128 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2011/04/25 22:10:40.0487 5128 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2011/04/25 22:10:40.0531 5128 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/04/25 22:10:40.0555 5128 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2011/04/25 22:10:40.0603 5128 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/04/25 22:10:40.0630 5128 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2011/04/25 22:10:40.0670 5128 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2011/04/25 22:10:40.0732 5128 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
2011/04/25 22:10:40.0773 5128 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/04/25 22:10:40.0820 5128 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/04/25 22:10:40.0844 5128 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/04/25 22:10:40.0880 5128 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/04/25 22:10:40.0915 5128 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
2011/04/25 22:10:40.0945 5128 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2011/04/25 22:10:40.0981 5128 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
2011/04/25 22:10:41.0043 5128 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/04/25 22:10:41.0080 5128 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2011/04/25 22:10:41.0125 5128 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2011/04/25 22:10:41.0175 5128 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
2011/04/25 22:10:41.0232 5128 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2011/04/25 22:10:41.0354 5128 NVHDA (eff6795cdacb959d1ab89eb9b9c29b57) C:\Windows\system32\drivers\nvhda32v.sys
2011/04/25 22:10:41.0553 5128 nvlddmkm (50c1b2dd2a5b3ed82c6e4683c4ad58b8) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/04/25 22:10:41.0642 5128 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
2011/04/25 22:10:41.0677 5128 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
2011/04/25 22:10:41.0720 5128 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/04/25 22:10:41.0747 5128 NW1950 (f1a718c6c6cd3edf157fa3d459adfef7) C:\Windows\system32\DRIVERS\NW1950.sys
2011/04/25 22:10:41.0804 5128 NxpCap (953e08d5ca0b02697a8145aaa0ca28be) C:\Windows\system32\DRIVERS\NxpCap.sys
2011/04/25 22:10:41.0858 5128 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/04/25 22:10:41.0952 5128 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2011/04/25 22:10:41.0988 5128 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
2011/04/25 22:10:42.0018 5128 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2011/04/25 22:10:42.0056 5128 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
2011/04/25 22:10:42.0104 5128 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
2011/04/25 22:10:42.0144 5128 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/04/25 22:10:42.0184 5128 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2011/04/25 22:10:42.0231 5128 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2011/04/25 22:10:42.0515 5128 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2011/04/25 22:10:42.0545 5128 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2011/04/25 22:10:42.0608 5128 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2011/04/25 22:10:42.0671 5128 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2011/04/25 22:10:42.0830 5128 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/04/25 22:10:42.0919 5128 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2011/04/25 22:10:43.0001 5128 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2011/04/25 22:10:43.0065 5128 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/04/25 22:10:43.0106 5128 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/04/25 22:10:43.0156 5128 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/04/25 22:10:43.0221 5128 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2011/04/25 22:10:43.0364 5128 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
2011/04/25 22:10:43.0398 5128 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/04/25 22:10:43.0430 5128 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/04/25 22:10:43.0471 5128 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2011/04/25 22:10:43.0511 5128 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2011/04/25 22:10:43.0542 5128 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
2011/04/25 22:10:43.0582 5128 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
2011/04/25 22:10:43.0678 5128 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
2011/04/25 22:10:43.0763 5128 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2011/04/25 22:10:43.0821 5128 RSUSBSTOR (b87f999e05dd9c0312c83a8752e8e66b) C:\Windows\System32\Drivers\RtsUStor.sys
2011/04/25 22:10:43.0881 5128 RTL8167 (80b66a4181f782884a815e69d0afa743) C:\Windows\system32\DRIVERS\Rt86win7.sys
2011/04/25 22:10:43.0942 5128 rtl8192se (cfd6c307bf5db3b339be9f92b95433b9) C:\Windows\system32\DRIVERS\rtl8192se.sys
2011/04/25 22:10:43.0990 5128 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/04/25 22:10:44.0031 5128 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
2011/04/25 22:10:44.0163 5128 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/04/25 22:10:44.0221 5128 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2011/04/25 22:10:44.0331 5128 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2011/04/25 22:10:44.0384 5128 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2011/04/25 22:10:44.0466 5128 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/04/25 22:10:44.0496 5128 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/04/25 22:10:44.0533 5128 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/04/25 22:10:44.0554 5128 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/04/25 22:10:44.0608 5128 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
2011/04/25 22:10:44.0633 5128 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/04/25 22:10:44.0669 5128 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/04/25 22:10:44.0695 5128 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2011/04/25 22:10:44.0760 5128 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2011/04/25 22:10:44.0801 5128 SPLITCAM (c7c361a04742ab187e10583bbf4fa975) C:\Windows\system32\DRIVERS\splitcam.sys
2011/04/25 22:10:44.0884 5128 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys
2011/04/25 22:10:44.0885 5128 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
2011/04/25 22:10:44.0892 5128 sptd - detected Locked file (1)
2011/04/25 22:10:44.0940 5128 srv (4a9b0f215de2519e2363f91df25c1e97) C:\Windows\system32\DRIVERS\srv.sys
2011/04/25 22:10:44.0993 5128 srv2 (14c44875518ae1c982e54ea8c5f7fe28) C:\Windows\system32\DRIVERS\srv2.sys
2011/04/25 22:10:45.0049 5128 srvnet (07a14223b0a50e76ade003fdf95d4fec) C:\Windows\system32\DRIVERS\srvnet.sys
2011/04/25 22:10:45.0140 5128 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
2011/04/25 22:10:45.0229 5128 stdriver (5c031c715e14f10dfc9395004f54ee21) C:\Windows\system32\DRIVERS\stdriver32.sys
2011/04/25 22:10:45.0335 5128 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2011/04/25 22:10:45.0364 5128 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
2011/04/25 22:10:45.0581 5128 Tcpip (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\drivers\tcpip.sys
2011/04/25 22:10:45.0639 5128 TCPIP6 (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\DRIVERS\tcpip.sys
2011/04/25 22:10:45.0702 5128 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
2011/04/25 22:10:45.0751 5128 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
2011/04/25 22:10:45.0788 5128 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
2011/04/25 22:10:45.0819 5128 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
2011/04/25 22:10:45.0893 5128 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
2011/04/25 22:10:46.0010 5128 truecrypt (aceb4f4f83b895e15c8c1a2f55009783) C:\Windows\system32\drivers\truecrypt.sys
2011/04/25 22:10:46.0062 5128 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/04/25 22:10:46.0095 5128 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
2011/04/25 22:10:46.0135 5128 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2011/04/25 22:10:46.0177 5128 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
2011/04/25 22:10:46.0258 5128 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/04/25 22:10:46.0333 5128 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
2011/04/25 22:10:46.0361 5128 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2011/04/25 22:10:46.0444 5128 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\Windows\system32\Drivers\usbaapl.sys
2011/04/25 22:10:46.0487 5128 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/04/25 22:10:46.0524 5128 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
2011/04/25 22:10:46.0560 5128 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys
2011/04/25 22:10:46.0597 5128 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys
2011/04/25 22:10:46.0625 5128 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
2011/04/25 22:10:46.0738 5128 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2011/04/25 22:10:46.0816 5128 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
2011/04/25 22:10:46.0847 5128 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/04/25 22:10:46.0869 5128 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/04/25 22:10:46.0989 5128 usbvideo (b5f6a992d996282b7fae7048e50af83a) C:\Windows\System32\Drivers\usbvideo.sys
2011/04/25 22:10:47.0065 5128 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/04/25 22:10:47.0113 5128 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/04/25 22:10:47.0146 5128 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2011/04/25 22:10:47.0208 5128 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/04/25 22:10:47.0266 5128 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
2011/04/25 22:10:47.0332 5128 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2011/04/25 22:10:47.0371 5128 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
2011/04/25 22:10:47.0393 5128 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/04/25 22:10:47.0436 5128 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2011/04/25 22:10:47.0475 5128 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
2011/04/25 22:10:47.0510 5128 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/04/25 22:10:47.0550 5128 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/04/25 22:10:47.0587 5128 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/04/25 22:10:47.0623 5128 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys
2011/04/25 22:10:47.0668 5128 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2011/04/25 22:10:47.0701 5128 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/25 22:10:47.0724 5128 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/25 22:10:47.0785 5128 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2011/04/25 22:10:47.0821 5128 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2011/04/25 22:10:47.0908 5128 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/04/25 22:10:47.0945 5128 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2011/04/25 22:10:48.0069 5128 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/04/25 22:10:48.0121 5128 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/04/25 22:10:48.0184 5128 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/04/25 22:10:48.0315 5128 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
2011/04/25 22:10:48.0406 5128 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/04/25 22:10:48.0484 5128 X10Hid (1f93fcb5bab3a921ecba522f63586f4a) C:\Windows\System32\Drivers\x10hid.sys
2011/04/25 22:10:48.0552 5128 XUIF (378dc1b0b1f62a7488ee8d31a3c6e949) C:\Windows\System32\Drivers\x10ufx2.sys
2011/04/25 22:10:48.0699 5128 ================================================================================
2011/04/25 22:10:48.0699 5128 Scan finished
2011/04/25 22:10:48.0699 5128 ================================================================================
2011/04/25 22:10:48.0721 5120 Detected object count: 1
2011/04/25 22:11:00.0103 5120 Locked file(sptd) - User select action: Skip
|
|
26.04.2011, 09:06
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Spy.SpyEyes.gps von AntiVir gefunden Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
26.04.2011, 20:28
| #15 |
| | TR/Spy.SpyEyes.gps von AntiVir gefunden Hi, habe alles wie angewiesen erledigt. Hier das Log: Code:
ATTFilter ComboFix 11-04-25.03 - ******** 26.04.2011 21:15:31.2.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.49.1031.18.3070.1816 [GMT 2:00]
ausgeführt von:: c:\users\********\Desktop\cofi.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
AV: Lavasoft Ad-Watch Live! Virenschutz *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\SplitCam Toolbar\tbHElper.dll
c:\windows\system32\scvideo.dll
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-03-26 bis 2011-04-26 ))))))))))))))))))))))))))))))
.
.
2011-04-26 19:22 . 2011-04-26 19:22 -------- d-----w- c:\users\********\AppData\Local\temp
2011-04-26 19:22 . 2011-04-26 19:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-04-25 15:05 . 2011-04-25 15:05 -------- d-----w- C:\_OTL
2011-04-23 11:53 . 2007-06-26 22:56 19968 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\sst3cpc.dll
2011-04-22 07:31 . 2011-04-22 07:32 -------- d-----w- c:\program files\ERUNT
2011-04-21 20:44 . 2011-04-21 21:13 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-04-21 20:44 . 2011-04-21 21:13 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-04-21 20:38 . 2011-04-18 10:23 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-04-21 18:28 . 2011-04-19 00:00 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-04-21 18:28 . 2011-04-21 18:28 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-04-21 18:28 . 2011-04-21 18:28 -------- d-----w- c:\users\********\AppData\Local\Sunbelt Software
2011-04-21 18:27 . 2011-04-21 18:27 -------- dc-h--w- c:\programdata\{AA5544E4-9BBC-419B-9204-40B5924D26AA}
2011-04-21 18:27 . 2011-04-21 18:27 -------- d-----w- c:\programdata\Lavasoft
2011-04-21 18:27 . 2011-04-21 18:27 -------- d-----w- c:\program files\Lavasoft
2011-04-16 08:22 . 2011-02-23 05:06 311296 ----a-w- c:\windows\system32\drivers\srv.sys
2011-04-16 08:22 . 2011-02-23 05:05 309760 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-04-16 08:22 . 2011-02-23 05:05 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-04-16 08:22 . 2011-02-18 05:36 428032 ----a-w- c:\windows\system32\vbscript.dll
2011-04-16 08:22 . 2011-03-03 03:31 2331136 ----a-w- c:\windows\system32\win32k.sys
2011-04-16 08:22 . 2011-02-24 05:32 981504 ----a-w- c:\windows\system32\wininet.dll
2011-04-16 08:22 . 2011-02-24 05:32 673040 ----a-w- c:\program files\Internet Explorer\iexplore.exe
2011-04-16 08:22 . 2011-02-24 05:29 860160 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2011-04-16 08:19 . 2011-03-03 05:29 132608 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-04-16 08:19 . 2011-03-03 05:27 28672 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-04-16 08:19 . 2011-02-19 05:32 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-04-16 08:19 . 2011-02-19 03:37 294912 ----a-w- c:\windows\system32\atmfd.dll
2011-04-16 08:19 . 2011-02-12 05:30 191488 ----a-w- c:\windows\system32\FXSCOVER.exe
2011-04-16 08:19 . 2011-02-24 05:32 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-04-14 18:16 . 2011-03-08 05:38 740864 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-14 18:16 . 2011-03-11 05:40 1164288 ----a-w- c:\windows\system32\mfc42u.dll
2011-04-14 18:16 . 2011-03-11 05:40 1137664 ----a-w- c:\windows\system32\mfc42.dll
2011-04-14 18:16 . 2011-02-23 05:05 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-04-14 18:16 . 2011-02-23 05:05 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-04-14 18:16 . 2011-02-23 05:05 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-14 18:16 . 2011-02-23 05:05 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
2011-04-10 11:07 . 2011-04-10 11:07 -------- d-----w- c:\users\********\AppData\Roaming\Malwarebytes
2011-04-10 10:48 . 2010-12-20 16:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-10 10:48 . 2011-04-10 10:48 -------- d-----w- c:\programdata\Malwarebytes
2011-04-10 10:48 . 2010-12-20 16:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-10 10:48 . 2011-04-10 11:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-07 17:23 . 2011-04-07 17:23 -------- d--h--w- c:\programdata\CanonIJEGV
2011-04-05 20:33 . 2011-04-05 20:33 -------- d-----w- c:\users\********\AppData\Local\PDF24
2011-04-05 20:31 . 2011-04-24 10:15 -------- d-----w- c:\program files\PDF24
2011-04-05 20:20 . 2011-04-05 20:20 -------- d--h--w- c:\programdata\CanonIJScan
2011-04-05 20:11 . 2011-04-05 20:11 -------- d-----w- c:\programdata\CanonIJWSpt
2011-04-05 20:10 . 2010-03-29 15:31 438272 ----a-w- c:\windows\system32\CNQ4809L.dll
2011-04-05 20:10 . 2010-03-18 15:12 1335296 ----a-w- c:\windows\system32\CNQ4809C.dll
2011-04-05 20:10 . 2010-03-18 15:12 114688 ----a-w- c:\windows\system32\CNQ4809I.dll
2011-04-05 20:10 . 2010-03-18 15:11 106496 ----a-w- c:\windows\system32\CNQ4809U.dll
2011-04-05 20:10 . 2008-08-25 16:02 15872 ----a-w- c:\windows\system32\CNHMCA.dll
2011-04-05 20:10 . 2010-03-11 08:56 180224 ----a-w- c:\windows\system32\CNQ4809Y.dll
2011-04-05 20:10 . 2010-01-13 14:03 94208 ----a-w- c:\windows\system32\CNQ4809O.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-25 19:30 . 2009-07-14 00:01 51776 ----a-w- c:\windows\system32\drivers\termdd.sys
2011-04-21 23:53 . 2010-03-29 23:46 237568 ----a-w- c:\windows\system32\rmc_rtspdl.dll
2011-04-21 23:53 . 2010-03-29 23:46 156672 ----a-w- c:\windows\system32\rmc_fixasf.exe
2011-03-17 22:33 . 2011-03-17 22:33 49240 ----a-w- c:\windows\system32\drivers\stdriver32.sys
2011-03-16 18:38 . 2010-03-29 17:18 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-02-19 05:33 . 2011-03-09 19:32 802304 ----a-w- c:\windows\system32\FntCache.dll
2011-02-19 05:32 . 2011-03-09 19:32 1074176 ----a-w- c:\windows\system32\DWrite.dll
2011-02-19 05:32 . 2011-03-09 19:32 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-02-18 15:36 . 2011-02-18 15:36 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2011-02-18 15:36 . 2011-02-18 15:36 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-02-03 05:45 . 2011-02-10 19:12 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2011-02-02 20:40 . 2010-09-18 15:41 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-03-22 19:23 . 2011-03-22 19:23 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"ccleaner"="c:\program files\CCleaner\ccleaner.exe" [2011-03-23 2229048]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-12-02 13838952]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-12-29 8391200]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RtHDVBg.exe" [2009-12-29 678432]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-14 281768]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"CanonSolutionMenuEx"="c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-04-01 202256]
"PDFPrint"="c:\program files\PDF24\pdf24.exe" [2011-04-18 220552]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-1 795936]
RemoteKeySrv.lnk - c:\program files\RemoteKeySrv\RemoteKeySrv.exe [2010-1-8 303104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer9"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-04-01 21:57 202256 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2010-08-24 09:38 247144 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-04-04 136176]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2011-04-21 2146496]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [2010-01-07 182304]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2011-04-19 64512]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-12-04 691696]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AirPrint;AirPrint;c:\program files\AirPrint\Airprint.exe [2011-02-06 234784]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-11-14 135336]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-02-03 1155072]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-12-09 13336]
S2 RemoteKeySrv;RemoteKeySrv;c:\program files\RemoteKeySrv\RemoteKeySrv.exe [2010-01-08 303104]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2010-08-24 92008]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2009-07-01 43944]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]
S3 genport;genport;c:\program files\RemoteKeySrv\GenPort.sys [2005-12-08 4096]
S3 hidkmdf;Microsoft HID Class Shim for KMDF;c:\windows\system32\DRIVERS\hidkmdf.sys [2009-10-29 10360]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-10-13 67688]
S3 NW1950;NextWindow 1950 Touch Screen;c:\windows\system32\DRIVERS\NW1950.sys [2009-10-29 22392]
S3 NxpCap;CTX capture service;c:\windows\system32\DRIVERS\NxpCap.sys [2009-12-22 1558368]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-03-04 277536]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2010-03-02 1006624]
S3 stdriver;Sound Tap Upper Class Filter Driver v2.0.0.0;c:\windows\system32\DRIVERS\stdriver32.sys [2011-03-17 49240]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
S3 X10Hid;X10 Hid Device;c:\windows\System32\Drivers\x10hid.sys [2009-05-13 13720]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - Lavasoft Kernexplorer
.
Inhalt des "geplante Tasks" Ordners
.
2011-04-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-04 15:21]
.
2011-04-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-04 15:21]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = https://webmail.havigs.com/
uInternet Settings,ProxyOverride = *.local
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4
IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} - c:\program files\ICQ7.1\ICQ.exe
FF - ProfilePath - c:\users\********\AppData\Roaming\Mozilla\Firefox\Profiles\lmsewdbk.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
SafeBoot-klmdb.sys
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]
"OOSAFEERASE04.00.00.01MSWINDOWS"="0DCA2D38AAC82F9F01ADBA02A26CA80B243744DB67F39D5C2552B2957B163C93D291408F77FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808FEBC9E127BECC74CBA7FD869164D6794BA7FD869164D67944DC90C7E176435D7B5884736BF660771E6ECE2E676DBF6615D3516A2E81587361B530287B0EB3174CB9DB73ED93807A228050085B34FADDA386087557B1727F5E048C48C4A2AE8BEBB7DBCAA5C0CC63944E896A62765277959A4F545BBDB918A0513B00C7CF38165998BCBBF9E7F12F39E17CD6F8426752C8EB65F18DA74BD3462423ACF947E751A6DCFEB032B9188968BADE34731F97A681AEFD437BCD17239C889E85F95E51293B4763940BF271BE753732A5ACA2D6EA6B04FFE4E79CACDE3F9BFD78934A9788DDDCEE506508892363450841920F25DE37DF596D05E194080AEDF3561D9AE1F464ECC34A801E3884D5ED2EE3735DF27211EA9E9716BDB0DE01008C5BCA33ACF005B097D3FAE46EB05F6A974AD416D7EE124D45B2B5594CF5C3EFB61B46379A802D4BEADA3E7A70032972C37382FF86CAE1706E1B904AAF2C9CCA170A820791B16F74EC3F46C5EDA30CCD06C569EC34C95EFED86209568380AC085F4B990306D8BF93CD698B526E7E097365CCB6474CDA61DE16921597BB47B1754024F2474B7B5022E0DB2EC2165A66D1C66A2869275F57F5EBA4853F6D0863FE2BC12FB806969ACF2A3B1715366E8B668F926420C9A1D6E7EC1E13ED1489319A762F16E74C3038AF76A4255A4D114D0241DE58433E7B8348659FD84642E10FE3DC12083D2DCDF1F53C5D75E61E2960D7B6937733CDDE80DDAED73C7EE65ED3A623E1279841DE2E13A2D2A88BA27E5303F0CB1E5C15151AC8484D95B14A7A30B7A4F03C154C474BF8B2E358044027872E4453065BFE81C3834318F49D800A9A38B7E700272E3FC97C5E9362BF62AC98184EA5534192176CAB91FB4CC28527E2A416D9D9370DF6B3F8C91B09CAE2AD9FEDBE7034591480F718B0CAFD7D0D0A33B6ACD8E05C6F3B3FCA7EFEDA12CE12C7FCB37633ED4839C2EC34B290E05069D65F9688F96D0AD4C0E046176B69382498C586AE07C6E4AD5F69FC10E47D94DF72B8697ADBDCEECAE22B0549B8FEE943B212CA8AC0F50E8F8B6026A8F124CD6BE04CBC93CA46269595D614EEE13A7F093B012A8B93A507E464AEF53A22D392A055BA7044FA8932CD156EE67C7DA11C7E320FB39C174277E8185939F800D631DDE8F1D5C425B4F149A1C544CC1355D9BC5C500BBBFE8F132F3ACBA05A6DA705FE5F3547E340263D1422B33BC3C26A643D3F155A5F4F733336A7AD84ED573EC6FBACF17A88517826AD47ACC8CD96368E82E64587FE435CFF2B51C01D7936744A2FB5D53B0DDC5463AE4708A25"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-04-26 21:24:15
ComboFix-quarantined-files.txt 2011-04-26 19:24
.
Vor Suchlauf: 8 Verzeichnis(se), 838.284.333.056 Bytes frei
Nach Suchlauf: 11 Verzeichnis(se), 837.818.785.792 Bytes frei
.
- - End Of File - - CAFAB19DC104FC2AF0DE24A0440FC70C
|
|
| Themen zu TR/Spy.SpyEyes.gps von AntiVir gefunden |
| ad-aware, antivir, avgntflt.sys, avira, benutzerregistrierung, bho, bonjour, canon, converter, dllhost.exe, error, excel, firefox, flash player, home, install.exe, ip-adresse, jdownloader, location, locker, logfile, microsoft office word, mozilla, neu aufsetzen, ntdll.dll, nvlddmkm.sys, office 2007, oldtimer, plug-in, programm, realtek, registry, rundll, saver, scan, searchplugins, security, security update, shell32.dll, software, sptd.sys, start menu, system, trojan, usb 2.0, usbport.sys, video converter, virus, visual studio, webcheck, windows |
Linear-Darstellung
