Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Ist mein System safe-for-work? (Nach Trojaner-Befall etc.)

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 15.08.2011, 11:38   #1
Oliver_
 
Ist mein System safe-for-work? (Nach Trojaner-Befall etc.) - Icon17

Ist mein System safe-for-work? (Nach Trojaner-Befall etc.)



Hallo Team!
Vielleicht kann mich jemand kurz durch einen Check meines Systems geleiten, um festzustellen, ob es wirklich frei von Viren/Trojaners/Rootkits ist. Ich habe in den letzten Monaten zwei Infektionen beseitigen können ("Windows Security 2011", "appconf32.exe"), frage mich jedoch, ob ich das ganze System nicht doch neu aufsetzen muss.

Hier mal die ersten Logs:
Zitat:
Zitat von SFC
cmd: sfc /scannow
"Der Windows-Ressourcenschutz hat keine Integritätsverletzungen gefunden"
Zitat:
Zitat von TDSSKiller
2011/08/15 09:45:36.0648 1488 TDSS rootkit removing tool 2.5.15.0 Aug 11 2011 16:32:13
2011/08/15 09:45:36.0773 1488 ================================================================================
2011/08/15 09:45:36.0773 1488 SystemInfo:
2011/08/15 09:45:36.0773 1488
2011/08/15 09:45:36.0773 1488 OS Version: 6.1.7601 ServicePack: 1.0
2011/08/15 09:45:36.0773 1488 Product type: Workstation
2011/08/15 09:45:36.0773 1488 ComputerName: USER-PC
2011/08/15 09:45:36.0773 1488 UserName: Oliver
2011/08/15 09:45:36.0773 1488 Windows directory: C:\Windows
2011/08/15 09:45:36.0773 1488 System windows directory: C:\Windows
2011/08/15 09:45:36.0773 1488 Running under WOW64
2011/08/15 09:45:36.0773 1488 Processor architecture: Intel x64
2011/08/15 09:45:36.0773 1488 Number of processors: 2
2011/08/15 09:45:36.0773 1488 Page size: 0x1000
2011/08/15 09:45:36.0773 1488 Boot type: Normal boot
2011/08/15 09:45:36.0773 1488 ================================================================================
2011/08/15 09:45:37.0787 1488 Initialize success
2011/08/15 09:45:40.0891 2852 ================================================================================
2011/08/15 09:45:40.0891 2852 Scan started
2011/08/15 09:45:40.0891 2852 Mode: Manual;
2011/08/15 09:45:40.0891 2852 ================================================================================
2011/08/15 09:45:41.0952 2852 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
2011/08/15 09:45:42.0015 2852 acedrv11 (a3769020f7e8a70fd3e824c050f33306) C:\Windows\system32\drivers\acedrv11.sys
2011/08/15 09:45:42.0077 2852 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
2011/08/15 09:45:42.0139 2852 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
2011/08/15 09:45:42.0217 2852 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/08/15 09:45:42.0295 2852 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/08/15 09:45:42.0342 2852 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/08/15 09:45:42.0420 2852 afcdp (3426a6eaa09077f3ab946fb9ceb85d8e) C:\Windows\system32\DRIVERS\afcdp.sys
2011/08/15 09:45:42.0498 2852 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
2011/08/15 09:45:42.0576 2852 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
2011/08/15 09:45:42.0623 2852 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
2011/08/15 09:45:42.0701 2852 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
2011/08/15 09:45:42.0779 2852 amdiox64 (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys
2011/08/15 09:45:42.0810 2852 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/08/15 09:45:43.0044 2852 amdkmdag (9a4b92150a5e259a7159d914cc3a60d7) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/08/15 09:45:43.0278 2852 amdkmdap (9deb889d152f9c9dba98be8986084535) C:\Windows\system32\DRIVERS\atikmpag.sys
2011/08/15 09:45:43.0309 2852 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/08/15 09:45:43.0356 2852 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
2011/08/15 09:45:43.0387 2852 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/08/15 09:45:43.0434 2852 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
2011/08/15 09:45:43.0528 2852 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
2011/08/15 09:45:43.0590 2852 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/08/15 09:45:43.0621 2852 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/08/15 09:45:43.0699 2852 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/08/15 09:45:43.0746 2852 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
2011/08/15 09:45:43.0824 2852 athr (2142725e147c9a44b3f0d76099c5da71) C:\Windows\system32\DRIVERS\athrx.sys
2011/08/15 09:45:44.0089 2852 atikmdag (9a4b92150a5e259a7159d914cc3a60d7) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/08/15 09:45:44.0323 2852 AtiPcie (7c5d273e29dcc5505469b299c6f29163) C:\Windows\system32\DRIVERS\AtiPcie.sys
2011/08/15 09:45:44.0417 2852 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/08/15 09:45:44.0479 2852 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/08/15 09:45:44.0526 2852 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/08/15 09:45:44.0604 2852 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/08/15 09:45:44.0651 2852 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
2011/08/15 09:45:44.0682 2852 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/08/15 09:45:44.0729 2852 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/08/15 09:45:44.0776 2852 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/08/15 09:45:44.0838 2852 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/08/15 09:45:44.0885 2852 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/08/15 09:45:44.0916 2852 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/08/15 09:45:44.0979 2852 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/08/15 09:45:45.0057 2852 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/08/15 09:45:45.0135 2852 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
2011/08/15 09:45:45.0197 2852 Ch64USB (f09fffccf86452ecfaf423d66731b6a6) C:\Windows\system32\drivers\Ch64USB.sys
2011/08/15 09:45:45.0244 2852 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/08/15 09:45:45.0306 2852 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/08/15 09:45:45.0415 2852 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/08/15 09:45:45.0462 2852 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
2011/08/15 09:45:45.0525 2852 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
2011/08/15 09:45:45.0587 2852 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/08/15 09:45:45.0649 2852 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
2011/08/15 09:45:45.0712 2852 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/08/15 09:45:45.0790 2852 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
2011/08/15 09:45:45.0883 2852 CT20XUT (b3b541b3b25adb02d793c51953b22491) C:\Windows\system32\drivers\CT20XUT.SYS
2011/08/15 09:45:45.0930 2852 CT20XUT.SYS (b3b541b3b25adb02d793c51953b22491) C:\Windows\System32\drivers\CT20XUT.SYS
2011/08/15 09:45:45.0977 2852 ctac32k (f2e098f140b769ae62803e89230f11a9) C:\Windows\system32\drivers\ctac32k.sys
2011/08/15 09:45:46.0039 2852 ctaud2k (5c315e9dabf63d9d12973585a6113066) C:\Windows\system32\drivers\ctaud2k.sys
2011/08/15 09:45:46.0117 2852 CTEXFIFX (59d681564c6d5cd72890082925501be9) C:\Windows\system32\drivers\CTEXFIFX.SYS
2011/08/15 09:45:46.0211 2852 CTEXFIFX.SYS (59d681564c6d5cd72890082925501be9) C:\Windows\System32\drivers\CTEXFIFX.SYS
2011/08/15 09:45:46.0273 2852 CTHWIUT (d0ebcff35fe9a4f9d3ca2fd6a38bee56) C:\Windows\system32\drivers\CTHWIUT.SYS
2011/08/15 09:45:46.0289 2852 CTHWIUT.SYS (d0ebcff35fe9a4f9d3ca2fd6a38bee56) C:\Windows\System32\drivers\CTHWIUT.SYS
2011/08/15 09:45:46.0320 2852 ctprxy2k (ef305cab6295b8a250a77a7fd5f9f113) C:\Windows\system32\drivers\ctprxy2k.sys
2011/08/15 09:45:46.0367 2852 ctsfm2k (01323c189318b92bb7781b911de9d62b) C:\Windows\system32\drivers\ctsfm2k.sys
2011/08/15 09:45:46.0476 2852 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
2011/08/15 09:45:46.0523 2852 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/08/15 09:45:46.0570 2852 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/08/15 09:45:46.0648 2852 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/08/15 09:45:46.0726 2852 dtsoftbus01 (fb9bef3401ee5ecc2603311b9c64f44a) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
2011/08/15 09:45:46.0788 2852 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
2011/08/15 09:45:46.0913 2852 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/08/15 09:45:47.0053 2852 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/08/15 09:45:47.0116 2852 emupia (1b68c7ddd39811df63fc04af937be91a) C:\Windows\system32\drivers\emupia2k.sys
2011/08/15 09:45:47.0178 2852 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
2011/08/15 09:45:47.0256 2852 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/08/15 09:45:47.0287 2852 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/08/15 09:45:47.0334 2852 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/08/15 09:45:47.0397 2852 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/08/15 09:45:47.0428 2852 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/08/15 09:45:47.0459 2852 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/08/15 09:45:47.0521 2852 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
2011/08/15 09:45:47.0584 2852 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/08/15 09:45:47.0615 2852 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/08/15 09:45:47.0709 2852 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
2011/08/15 09:45:47.0755 2852 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/08/15 09:45:47.0802 2852 ggflt (a4198f2bd8aa592cb90476277a81b5e1) C:\Windows\system32\DRIVERS\ggflt.sys
2011/08/15 09:45:47.0849 2852 ggsemc (d266350bdaab9eb6c1aec370eeaaff3a) C:\Windows\system32\DRIVERS\ggsemc.sys
2011/08/15 09:45:48.0005 2852 ha20x2k (c1c61e83f44b105a4a131cb0c583174c) C:\Windows\system32\drivers\ha20x2k.sys
2011/08/15 09:45:48.0083 2852 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/08/15 09:45:48.0145 2852 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
2011/08/15 09:45:48.0208 2852 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
2011/08/15 09:45:48.0270 2852 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/08/15 09:45:48.0317 2852 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/08/15 09:45:48.0348 2852 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/08/15 09:45:48.0395 2852 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
2011/08/15 09:45:48.0457 2852 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
2011/08/15 09:45:48.0551 2852 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
2011/08/15 09:45:48.0629 2852 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
2011/08/15 09:45:48.0691 2852 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
2011/08/15 09:45:48.0754 2852 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
2011/08/15 09:45:48.0832 2852 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/08/15 09:45:48.0879 2852 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
2011/08/15 09:45:48.0925 2852 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/08/15 09:45:48.0972 2852 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/08/15 09:45:49.0019 2852 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
2011/08/15 09:45:49.0066 2852 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/08/15 09:45:49.0113 2852 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/08/15 09:45:49.0159 2852 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
2011/08/15 09:45:49.0206 2852 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
2011/08/15 09:45:49.0237 2852 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/08/15 09:45:49.0284 2852 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/08/15 09:45:49.0331 2852 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
2011/08/15 09:45:49.0378 2852 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
2011/08/15 09:45:49.0409 2852 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/08/15 09:45:49.0487 2852 L6TPortGX (938d1cc2ff0b93bb9651c3e6b0d6fbf4) C:\Windows\system32\Drivers\L6TPortGX64.sys
2011/08/15 09:45:49.0596 2852 Lbd (c8b3131857931ae76798a741cc52b021) C:\Windows\system32\DRIVERS\Lbd.sys
2011/08/15 09:45:49.0643 2852 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/08/15 09:45:49.0721 2852 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/08/15 09:45:49.0783 2852 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/08/15 09:45:49.0815 2852 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/08/15 09:45:49.0861 2852 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/08/15 09:45:49.0908 2852 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/08/15 09:45:49.0955 2852 ManyCam (d33e2b74cf8b3a652bf0a9fbd068e87a) C:\Windows\system32\DRIVERS\ManyCam_x64.sys
2011/08/15 09:45:50.0017 2852 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/08/15 09:45:50.0064 2852 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/08/15 09:45:50.0111 2852 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/08/15 09:45:50.0173 2852 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/08/15 09:45:50.0236 2852 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2011/08/15 09:45:50.0298 2852 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/08/15 09:45:50.0361 2852 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
2011/08/15 09:45:50.0439 2852 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys
2011/08/15 09:45:50.0501 2852 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
2011/08/15 09:45:50.0548 2852 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys
2011/08/15 09:45:50.0579 2852 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/08/15 09:45:50.0657 2852 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
2011/08/15 09:45:50.0704 2852 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/08/15 09:45:50.0766 2852 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/08/15 09:45:50.0813 2852 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/08/15 09:45:50.0875 2852 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
2011/08/15 09:45:50.0907 2852 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
2011/08/15 09:45:50.0969 2852 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/08/15 09:45:51.0000 2852 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/08/15 09:45:51.0047 2852 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
2011/08/15 09:45:51.0125 2852 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/08/15 09:45:51.0187 2852 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/08/15 09:45:51.0219 2852 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/08/15 09:45:51.0281 2852 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
2011/08/15 09:45:51.0312 2852 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
2011/08/15 09:45:51.0343 2852 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/08/15 09:45:51.0390 2852 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/08/15 09:45:51.0453 2852 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/08/15 09:45:51.0499 2852 mvusbews (8fa52b6049596fe2fdbc8a5e8b14ebfc) C:\Windows\system32\Drivers\mvusbews.sys
2011/08/15 09:45:51.0577 2852 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/08/15 09:45:51.0671 2852 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
2011/08/15 09:45:51.0733 2852 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/08/15 09:45:51.0765 2852 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/08/15 09:45:51.0843 2852 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/08/15 09:45:51.0889 2852 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/08/15 09:45:51.0952 2852 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
2011/08/15 09:45:51.0999 2852 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/08/15 09:45:52.0061 2852 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
2011/08/15 09:45:52.0170 2852 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/08/15 09:45:52.0248 2852 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
2011/08/15 09:45:52.0357 2852 nmwcd (903681bab213d5f84717c0fc42afb28a) C:\Windows\system32\drivers\ccdcmbx64.sys
2011/08/15 09:45:52.0404 2852 nmwcdc (ec4c5ebd003e0395bf4ea5a2efd13ce6) C:\Windows\system32\drivers\ccdcmbox64.sys
2011/08/15 09:45:52.0451 2852 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/08/15 09:45:52.0498 2852 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/08/15 09:45:52.0591 2852 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
2011/08/15 09:45:52.0654 2852 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/08/15 09:45:52.0716 2852 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
2011/08/15 09:45:52.0763 2852 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
2011/08/15 09:45:52.0841 2852 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
2011/08/15 09:45:52.0888 2852 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
2011/08/15 09:45:52.0950 2852 ossrv (eb8724534cee0977eac4878812682f6b) C:\Windows\system32\drivers\ctoss2k.sys
2011/08/15 09:45:53.0013 2852 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/08/15 09:45:53.0059 2852 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
2011/08/15 09:45:53.0122 2852 pccsmcfd (bc0018c2d29f655188a0ed3fa94fdb24) C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
2011/08/15 09:45:53.0184 2852 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
2011/08/15 09:45:53.0231 2852 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
2011/08/15 09:45:53.0262 2852 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/08/15 09:45:53.0293 2852 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/08/15 09:45:53.0340 2852 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/08/15 09:45:53.0527 2852 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
2011/08/15 09:45:53.0574 2852 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/08/15 09:45:53.0668 2852 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
2011/08/15 09:45:53.0715 2852 PxHlpa64 (05f46042208e515b9c240aafc54e7aa2) C:\Windows\system32\Drivers\PxHlpa64.sys
2011/08/15 09:45:53.0777 2852 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/08/15 09:45:53.0871 2852 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/08/15 09:45:53.0902 2852 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/08/15 09:45:53.0964 2852 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/08/15 09:45:53.0995 2852 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/08/15 09:45:54.0058 2852 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/08/15 09:45:54.0089 2852 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/08/15 09:45:54.0120 2852 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/08/15 09:45:54.0183 2852 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
2011/08/15 09:45:54.0229 2852 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/08/15 09:45:54.0261 2852 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/08/15 09:45:54.0339 2852 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
2011/08/15 09:45:54.0401 2852 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/08/15 09:45:54.0463 2852 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/08/15 09:45:54.0526 2852 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
2011/08/15 09:45:54.0588 2852 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
2011/08/15 09:45:54.0682 2852 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/08/15 09:45:54.0744 2852 RTL8167 (16d4e350420baa7e63e16e3fc033e1f5) C:\Windows\system32\DRIVERS\Rt64win7.sys
2011/08/15 09:45:54.0822 2852 s0016bus (ea268bce30691c2dd24f02e617fd2eb5) C:\Windows\system32\DRIVERS\s0016bus.sys
2011/08/15 09:45:54.0853 2852 s0016mdfl (f5f9deb89996d333ef976624d37e24e3) C:\Windows\system32\DRIVERS\s0016mdfl.sys
2011/08/15 09:45:54.0900 2852 s0016mdm (c17ce2aee67480febcc36eccb54c0be8) C:\Windows\system32\DRIVERS\s0016mdm.sys
2011/08/15 09:45:54.0931 2852 s0016mgmt (cc267f04c54c5ec5b7bd658d7628469f) C:\Windows\system32\DRIVERS\s0016mgmt.sys
2011/08/15 09:45:54.0994 2852 s0016nd5 (30a35bbce09d9fe67482fd62c61911fc) C:\Windows\system32\DRIVERS\s0016nd5.sys
2011/08/15 09:45:55.0025 2852 s0016obex (ca394dcc38579c7ad82e83ee64d798a0) C:\Windows\system32\DRIVERS\s0016obex.sys
2011/08/15 09:45:55.0072 2852 s0016unic (eb267ccea84e6e8598d92f73332ac67b) C:\Windows\system32\DRIVERS\s0016unic.sys
2011/08/15 09:45:55.0150 2852 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
2011/08/15 09:45:55.0212 2852 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
2011/08/15 09:45:55.0290 2852 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
2011/08/15 09:45:55.0368 2852 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/08/15 09:45:55.0446 2852 seehcri (ede7a1d2715aac2190d51dc07afd44e3) C:\Windows\system32\DRIVERS\seehcri.sys
2011/08/15 09:45:55.0509 2852 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/08/15 09:45:55.0571 2852 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/08/15 09:45:55.0633 2852 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/08/15 09:45:55.0727 2852 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
2011/08/15 09:45:55.0758 2852 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
2011/08/15 09:45:55.0789 2852 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
2011/08/15 09:45:55.0836 2852 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/08/15 09:45:55.0899 2852 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/08/15 09:45:55.0930 2852 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/08/15 09:45:55.0977 2852 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/08/15 09:45:56.0055 2852 snapman (446eb38ce4a6d040f548b2f547ca96ff) C:\Windows\system32\DRIVERS\snapman.sys
2011/08/15 09:45:56.0117 2852 SndTAudio (40f516ab5d0c90f3faa50a6fe1f3b4fb) C:\Windows\system32\drivers\SndTAudio.sys
2011/08/15 09:45:56.0179 2852 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/08/15 09:45:56.0273 2852 sptd (602884696850c86434530790b110e8eb) C:\Windows\system32\Drivers\sptd.sys
2011/08/15 09:45:56.0273 2852 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850c86434530790b110e8eb
2011/08/15 09:45:56.0289 2852 sptd - detected LockedFile.Multi.Generic (1)
2011/08/15 09:45:56.0335 2852 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
2011/08/15 09:45:56.0413 2852 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
2011/08/15 09:45:56.0476 2852 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
2011/08/15 09:45:56.0554 2852 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/08/15 09:45:56.0632 2852 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
2011/08/15 09:45:56.0694 2852 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
2011/08/15 09:45:56.0757 2852 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
2011/08/15 09:45:56.0881 2852 Tcpip (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\drivers\tcpip.sys
2011/08/15 09:45:56.0991 2852 TCPIP6 (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\DRIVERS\tcpip.sys
2011/08/15 09:45:57.0084 2852 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
2011/08/15 09:45:57.0131 2852 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/08/15 09:45:57.0209 2852 tdrpman251 (df9179b7bdf0c5b71f9c3d93c016bae5) C:\Windows\system32\DRIVERS\tdrpm251.sys
2011/08/15 09:45:57.0287 2852 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/08/15 09:45:57.0334 2852 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
2011/08/15 09:45:57.0365 2852 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
2011/08/15 09:45:57.0459 2852 timounter (f7546ead58cc3000ac02cf9529b9934e) C:\Windows\system32\DRIVERS\timntr.sys
2011/08/15 09:45:57.0568 2852 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/08/15 09:45:57.0661 2852 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
2011/08/15 09:45:57.0739 2852 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
2011/08/15 09:45:57.0771 2852 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/08/15 09:45:57.0833 2852 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
2011/08/15 09:45:57.0895 2852 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
2011/08/15 09:45:57.0973 2852 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
2011/08/15 09:45:58.0020 2852 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/08/15 09:45:58.0083 2852 upperdev (7168819f30fe9622284ea19bde7f8ab4) C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys
2011/08/15 09:45:58.0145 2852 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/08/15 09:45:58.0223 2852 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
2011/08/15 09:45:58.0270 2852 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/08/15 09:45:58.0317 2852 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\drivers\usbhub.sys
2011/08/15 09:45:58.0363 2852 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
2011/08/15 09:45:58.0426 2852 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/08/15 09:45:58.0488 2852 usbser (4acee387fa8fd39f83564fcd2fc234f2) C:\Windows\system32\drivers\usbser.sys
2011/08/15 09:45:58.0519 2852 UsbserFilt (66c25cb20b2974e0c0cfdab49fb72a02) C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys
2011/08/15 09:45:58.0566 2852 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/08/15 09:45:58.0597 2852 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/08/15 09:45:58.0644 2852 usb_rndisx (70d05ee263568a742d14e1876df80532) C:\Windows\system32\DRIVERS\usb8023x.sys
2011/08/15 09:45:58.0722 2852 V0260VID (49834961fcf5480f41496ce284e2b462) C:\Windows\system32\DRIVERS\V0260Vid.sys
2011/08/15 09:45:58.0785 2852 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
2011/08/15 09:45:58.0847 2852 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/08/15 09:45:58.0878 2852 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/08/15 09:45:58.0941 2852 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
2011/08/15 09:45:58.0987 2852 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
2011/08/15 09:45:59.0034 2852 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
2011/08/15 09:45:59.0081 2852 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
2011/08/15 09:45:59.0128 2852 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
2011/08/15 09:45:59.0206 2852 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
2011/08/15 09:45:59.0253 2852 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
2011/08/15 09:45:59.0299 2852 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/08/15 09:45:59.0346 2852 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/08/15 09:45:59.0393 2852 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/08/15 09:45:59.0471 2852 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
2011/08/15 09:45:59.0533 2852 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/08/15 09:45:59.0580 2852 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
2011/08/15 09:45:59.0611 2852 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
2011/08/15 09:45:59.0705 2852 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/08/15 09:45:59.0752 2852 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/08/15 09:45:59.0892 2852 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/08/15 09:45:59.0939 2852 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/08/15 09:46:00.0095 2852 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/08/15 09:46:00.0173 2852 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
2011/08/15 09:46:00.0298 2852 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/08/15 09:46:00.0360 2852 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys
2011/08/15 09:46:00.0454 2852 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
2011/08/15 09:46:00.0516 2852 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/08/15 09:46:00.0610 2852 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
2011/08/15 09:46:00.0657 2852 Boot (0x1200) (bd8620a6c53c2859d19e8fd1804f66e3) \Device\Harddisk0\DR0\Partition0
2011/08/15 09:46:00.0688 2852 Boot (0x1200) (800ed64a06bbbfdb7a6994bea4de474f) \Device\Harddisk0\DR0\Partition1
2011/08/15 09:46:00.0719 2852 Boot (0x1200) (de1b966b1e3186de9fe5d76283229acf) \Device\Harddisk0\DR0\Partition2
2011/08/15 09:46:00.0735 2852 ================================================================================
2011/08/15 09:46:00.0735 2852 Scan finished
2011/08/15 09:46:00.0735 2852 ================================================================================
2011/08/15 09:46:00.0750 1068 Detected object count: 1
2011/08/15 09:46:00.0750 1068 Actual detected object count: 1
2011/08/15 09:47:29.0265 1068 LockedFile.Multi.Generic(sptd) - User select action: Skip
2011/08/15 09:49:38.0724 1420 Deinitialize success
Zitat:
Zitat von OTL
OTL logfile created on: 15.08.2011 09:52:38 - Run 4
OTL by OldTimer - Version 3.2.26.4 Folder = C:\Users\Oliver\Desktop
64bit- An unknown product Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 0,94 Gb Available Physical Memory | 46,96% Memory free
4,00 Gb Paging File | 2,74 Gb Available in Paging File | 68,44% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 37,56 Gb Total Space | 6,65 Gb Free Space | 17,71% Space Free | Partition Type: NTFS
Drive D: | 97,65 Gb Total Space | 11,44 Gb Free Space | 11,72% Space Free | Partition Type: NTFS
Drive E: | 97,66 Gb Total Space | 10,07 Gb Free Space | 10,31% Space Free | Partition Type: NTFS

Computer Name: USER-PC | User Name: Oliver | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Oliver\Desktop\OTL.exe ()
PRC - C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe ()
PRC - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)


========== Modules (No Company Name) ==========

MOD - C:\Users\Oliver\Desktop\OTL.exe ()
MOD - C:\Program Files (x86)\Rainlendar2\plugins\iCalendarPlugin.dll ()
MOD - C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe ()
MOD - C:\Program Files (x86)\Rainlendar2\wxmsw28u_xrc_vc_rny.dll ()
MOD - C:\Program Files (x86)\Rainlendar2\wxbase28u_xml_vc_rny.dll ()
MOD - C:\Program Files (x86)\Rainlendar2\wxmsw28u_html_vc_rny.dll ()
MOD - C:\Program Files (x86)\Rainlendar2\wxmsw28u_adv_vc_rny.dll ()
MOD - C:\Program Files (x86)\Rainlendar2\wxmsw28u_core_vc_rny.dll ()
MOD - C:\Program Files (x86)\Rainlendar2\wxbase28u_vc_rny.dll ()
MOD - C:\Program Files (x86)\Rainlendar2\lfs.dll ()
MOD - C:\Program Files (x86)\Rainlendar2\lua51.dll ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV:64bit: - (NisSrv) -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (HPSIService) -- C:\Windows\SysNative\HPSIsvc.exe (HP)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SMServer) -- C:\Windows\SysWOW64\snmvtsvc.exe (SMServer)
SRV - (afcdpsrv) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
SRV - (AcrSch2Svc) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (CTAudSvcService) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
SRV - (Cherry Device Interface) -- C:\Program Files (x86)\Cherry\CDI\cdi.exe (Cherry, Auerbach Germany, www.cherry.de)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (Lbd) -- C:\Windows\SysNative\drivers\Lbd.sys (Lavasoft AB)
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (UsbserFilt) -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys (Nokia)
DRV:64bit: - (upperdev) -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys (Nokia)
DRV:64bit: - (nmwcdc) -- C:\Windows\SysNative\drivers\ccdcmbox64.sys (Nokia)
DRV:64bit: - (nmwcd) -- C:\Windows\SysNative\drivers\ccdcmbx64.sys (Nokia)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation)
DRV:64bit: - (L6TPortGX) -- C:\Windows\SysNative\drivers\L6TPortGX64.sys (Line 6)
DRV:64bit: - (mvusbews) -- C:\Windows\SysNative\drivers\mvusbews.sys (Marvell Semiconductor, Inc.)
DRV:64bit: - (acedrv11) -- C:\Windows\SysNative\drivers\acedrv11.sys (Protect Software GmbH)
DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices)
DRV:64bit: - (SndTAudio) -- C:\Windows\SysNative\drivers\SndTAudio.sys (Windows (R) Codename Longhorn DDK provider)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (afcdp) -- C:\Windows\SysNative\drivers\afcdp.sys (Acronis)
DRV:64bit: - (tdrpman251) Acronis Try&Decide and Restore Points filter (build 251) -- C:\Windows\SysNative\drivers\tdrpm251.sys (Acronis)
DRV:64bit: - (timounter) -- C:\Windows\SysNative\drivers\timntr.sys (Acronis)
DRV:64bit: - (snapman) -- C:\Windows\SysNative\drivers\snapman.sys (Acronis)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (ha20x2k) -- C:\Windows\SysNative\drivers\ha20x2k.sys (Creative Technology Ltd)
DRV:64bit: - (emupia) -- C:\Windows\SysNative\drivers\emupia2k.sys (Creative Technology Ltd)
DRV:64bit: - (ctsfm2k) -- C:\Windows\SysNative\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV:64bit: - (ctprxy2k) -- C:\Windows\SysNative\drivers\ctprxy2k.sys (Creative Technology Ltd)
DRV:64bit: - (ossrv) -- C:\Windows\SysNative\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV:64bit: - (ctaud2k) Creative Audio Driver (WDM) -- C:\Windows\SysNative\drivers\ctaud2k.sys (Creative Technology Ltd)
DRV:64bit: - (ctac32k) -- C:\Windows\SysNative\drivers\ctac32k.sys (Creative Technology Ltd)
DRV:64bit: - (CTEXFIFX.SYS) -- C:\Windows\SysNative\drivers\CTEXFIFX.sys (Creative Technology Ltd.)
DRV:64bit: - (CTEXFIFX) -- C:\Windows\SysNative\drivers\CTEXFIFX.sys (Creative Technology Ltd.)
DRV:64bit: - (CTHWIUT.SYS) -- C:\Windows\SysNative\drivers\CTHWIUT.sys (Creative Technology Ltd.)
DRV:64bit: - (CTHWIUT) -- C:\Windows\SysNative\drivers\CTHWIUT.sys (Creative Technology Ltd.)
DRV:64bit: - (CT20XUT.SYS) -- C:\Windows\SysNative\drivers\CT20XUT.sys (Creative Technology Ltd.)
DRV:64bit: - (CT20XUT) -- C:\Windows\SysNative\drivers\CT20XUT.sys (Creative Technology Ltd.)
DRV:64bit: - (AtiPcie) AMD PCI Express (3GIO) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)
DRV:64bit: - (ggsemc) -- C:\Windows\SysNative\drivers\ggsemc.sys (Sony Ericsson Mobile Communications)
DRV:64bit: - (ggflt) -- C:\Windows\SysNative\drivers\ggflt.sys (Sony Ericsson Mobile Communications)
DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys (Nokia)
DRV:64bit: - (s0016mdm) -- C:\Windows\SysNative\drivers\s0016mdm.sys (MCCI Corporation)
DRV:64bit: - (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM) -- C:\Windows\SysNative\drivers\s0016unic.sys (MCCI Corporation)
DRV:64bit: - (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM) -- C:\Windows\SysNative\drivers\s0016mgmt.sys (MCCI Corporation)
DRV:64bit: - (s0016obex) -- C:\Windows\SysNative\drivers\s0016obex.sys (MCCI Corporation)
DRV:64bit: - (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS) -- C:\Windows\SysNative\drivers\s0016nd5.sys (MCCI Corporation)
DRV:64bit: - (s0016mdfl) -- C:\Windows\SysNative\drivers\s0016mdfl.sys (MCCI Corporation)
DRV:64bit: - (s0016bus) Sony Ericsson Device 0016 driver (WDM) -- C:\Windows\SysNative\drivers\s0016bus.sys (MCCI Corporation)
DRV:64bit: - (ManyCam) -- C:\Windows\SysNative\drivers\ManyCam_x64.sys (ManyCam LLC.)
DRV:64bit: - (seehcri) -- C:\Windows\SysNative\drivers\seehcri.sys (Sony Ericsson Mobile Communications)
DRV:64bit: - (Ch64USB) -- C:\Windows\SysNative\drivers\Ch64USB.sys (Cherry GmbH)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (V0260VID) -- C:\Windows\SysNative\drivers\V0260Vid.sys (Creative Technology Ltd.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2825060531-2891394673-632927140-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-2825060531-2891394673-632927140-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 15 BE 08 9F B8 F9 CB 01 [binary data]
IE - HKU\S-1-5-21-2825060531-2891394673-632927140-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.4.48
FF - prefs.js..network.proxy.type: 2


FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.1: C:\Users\Oliver\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll File not found
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Oliver\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2011.01.26 10:58:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.06.30 09:11:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.03.24 19:26:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.06.29 08:48:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011.01.26 10:58:32 | 000,000,000 | ---D | M]

[2009.12.08 21:46:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Oliver\AppData\Roaming\mozilla\Extensions
[2009.12.08 21:46:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Oliver\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.08.12 11:06:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Oliver\AppData\Roaming\mozilla\Firefox\Profiles\6fqm9v92.default\extensions
[2011.03.24 19:26:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
File not found (No name found) --
() (No name found) -- C:\USERS\OLIVER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6FQM9V92.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011.06.30 09:11:27 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010.07.20 17:21:40 | 000,106,192 | ---- | M] ( ) -- C:\Program Files (x86)\mozilla firefox\plugins\npstrlnk.dll
[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2011.06.28 10:08:05 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2825060531-2891394673-632927140-1003..\Run: [Rainlendar2] C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2825060531-2891394673-632927140-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2825060531-2891394673-632927140-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2825060531-2891394673-632927140-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: TaskbarNoThumbnail = 1
O7 - HKU\S-1-5-21-2825060531-2891394673-632927140-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-2825060531-2891394673-632927140-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-2825060531-2891394673-632927140-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Rip YouTube File - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Program Files (x86)\SoundTaxi\YouTubeRipper.dll ()
O9 - Extra 'Tools' menuitem : Rip YouTube file embedded in this page - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Program Files (x86)\SoundTaxi\YouTubeRipper.dll ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 10.0.0)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.02.16 13:16:05 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-2825060531-2891394673-632927140-1003\...com [@ = comfile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2011.08.15 09:08:38 | 001,404,720 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Oliver\Desktop\tdsskiller.exe
[2011.08.15 08:53:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2011.08.15 08:53:01 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2011.08.09 08:23:04 | 000,000,000 | ---D | C] -- C:\Users\Oliver\AppData\Roaming\FileZilla
[2011.08.09 08:22:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
[2011.08.09 08:22:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileZilla FTP Client
[2011.08.05 13:56:54 | 000,000,000 | ---D | C] -- C:\Users\Oliver\AppData\Roaming\UAs
[2011.08.04 10:26:44 | 000,000,000 | ---D | C] -- C:\Users\Oliver\AppData\Roaming\xmldm
[2011.08.04 10:25:43 | 000,000,000 | ---D | C] -- C:\Users\Oliver\AppData\Roaming\kock
[2009.06.04 00:57:38 | 000,060,928 | ---- | C] ( ) -- C:\Windows\SysWow64\a3d.dll
[2009.06.04 00:32:54 | 000,012,800 | ---- | C] ( ) -- C:\Windows\SysWow64\killapps.exe
[1 C:\Users\Oliver\AppData\Local\*.tmp files -> C:\Users\Oliver\AppData\Local\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011.08.15 09:54:01 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.08.15 09:27:46 | 000,579,584 | ---- | M] () -- C:\Users\Oliver\Desktop\OTL.exe
[2011.08.15 09:08:47 | 001,404,720 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Oliver\Desktop\tdsskiller.exe
[2011.08.15 08:05:39 | 000,013,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.08.15 08:05:39 | 000,013,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.08.15 08:04:23 | 000,788,896 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.08.15 08:04:23 | 000,658,420 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.08.15 08:04:23 | 000,124,054 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.08.15 07:58:36 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.08.15 07:58:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.08.15 07:58:20 | 1609,424,896 | -HS- | M] () -- C:\hiberfil.sys
[2011.08.14 23:43:32 | 000,063,172 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000003-00000000-00000007-00001102-00000005-00211102}.rfx
[2011.08.14 23:43:32 | 000,063,172 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000003-00000000-00000007-00001102-00000005-00211102}.rfx
[2011.08.14 23:43:32 | 000,000,788 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000003-00000000-00000007-00001102-00000005-00211102}.rfx
[2011.08.10 09:28:28 | 000,774,364 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.08.02 19:23:17 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011.07.29 12:15:22 | 000,026,907 | ---- | M] () -- C:\Untitled Song.h2song
[1 C:\Users\Oliver\AppData\Local\*.tmp files -> C:\Users\Oliver\AppData\Local\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011.08.15 09:27:28 | 000,579,584 | ---- | C] () -- C:\Users\Oliver\Desktop\OTL.exe
[2011.08.02 19:21:56 | 000,001,903 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011.07.29 12:15:22 | 000,026,907 | ---- | C] () -- C:\Untitled Song.h2song
[2011.07.19 08:58:48 | 000,001,847 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
[2011.06.28 12:24:43 | 000,000,772 | ---- | C] () -- C:\Windows\wiso.ini
[2011.06.07 11:20:49 | 000,000,000 | ---- | C] () -- C:\Users\Oliver\AppData\Local\{61807AD2-CA13-453F-9623-77199EBD4A7F}
[2011.05.24 23:44:26 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011.03.17 19:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010.04.16 19:47:22 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010.04.03 13:45:26 | 000,027,136 | ---- | C] () -- C:\Users\Oliver\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.04.03 13:27:17 | 000,774,364 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.01.21 14:53:20 | 000,004,088 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009.12.04 20:29:52 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2009.10.31 15:12:02 | 000,118,696 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2009.09.18 18:27:33 | 000,007,664 | ---- | C] () -- C:\Users\Oliver\AppData\Local\Resmon.ResmonCfg
[2009.09.18 07:30:06 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009.08.28 08:10:36 | 000,000,360 | ---- | C] () -- C:\Windows\GearBox.ini
[2009.08.24 18:54:01 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2009.08.24 18:54:01 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2009.08.24 18:52:49 | 000,003,072 | ---- | C] () -- C:\Windows\SysWow64\CTXFIGER.DLL
[2009.08.24 17:59:15 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009.06.07 16:24:04 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009.06.07 16:16:12 | 000,819,200 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2009.06.04 01:37:08 | 000,021,093 | ---- | C] () -- C:\Windows\SysWow64\instwdm.ini
[2009.06.04 01:37:06 | 000,000,054 | ---- | C] () -- C:\Windows\SysWow64\ctzapxx.ini
[2009.06.04 00:55:20 | 000,002,560 | ---- | C] () -- C:\Windows\SysWow64\CtxfiRes.dll
[2009.06.04 00:40:44 | 000,321,512 | ---- | C] () -- C:\Windows\SysWow64\ctdlang.dat
[2009.06.04 00:40:44 | 000,056,509 | ---- | C] () -- C:\Windows\SysWow64\ctdnlstr.dat
[2009.06.04 00:33:04 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\enlocstr.exe
[2009.05.27 09:49:00 | 000,000,285 | ---- | C] () -- C:\Windows\SysWow64\kill.ini
[2009.04.01 11:48:16 | 000,053,478 | ---- | C] () -- C:\Windows\mvtcpui.ini
[2002.09.18 01:45:00 | 000,119,808 | ---- | C] () -- C:\Windows\lsb_un20.exe

========== LOP Check ==========

[2009.08.25 16:01:30 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Cherry
[2009.11.30 22:31:09 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\.purple
[2011.04.08 15:00:51 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\Acronis
[2011.08.08 16:28:37 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\Audacity
[2011.03.27 15:53:11 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\Braid
[2009.08.25 08:02:15 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\Cherry
[2009.08.25 16:07:23 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\DAEMON Tools Lite
[2011.08.09 08:24:54 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\FileZilla
[2011.08.14 18:39:56 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\foobar2000
[2011.07.11 10:35:31 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\Foxit Software
[2009.10.24 11:20:59 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\JAM Software
[2011.08.04 10:25:43 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\kock
[2010.06.12 19:37:02 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\Line 6
[2009.12.01 22:18:56 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\LucasArts
[2010.09.07 13:25:55 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\Miranda
[2009.10.02 15:56:50 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\Mp3tag
[2010.04.03 13:50:03 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\Nokia
[2010.04.03 13:50:04 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\Nokia Ovi Suite
[2010.04.12 21:38:14 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\Nseries
[2011.05.09 10:02:55 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\OneUpIndustries
[2011.07.20 09:29:01 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\Opera
[2010.04.03 13:49:35 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\PC Suite
[2010.11.04 14:55:06 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\ProtectDISC
[2010.07.01 19:47:24 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\runic games
[2011.08.15 09:49:38 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\TeraCopy
[2009.12.08 21:46:03 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\Thunderbird
[2011.08.14 11:22:49 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\UAs
[2011.08.14 11:22:49 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\xmldm
[2011.07.12 16:07:01 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 16 bytes -> C:\Users\Oliver\Downloads:Shareaza.GUID

< End of report >

Alt 15.08.2011, 11:39   #2
Oliver_
 
Ist mein System safe-for-work? (Nach Trojaner-Befall etc.) - Reden

Ist mein System safe-for-work? (Nach Trojaner-Befall etc.)



Wg. Zeichenbegrenzung gehts hier weiter.

GMER Logfile:
Code:
ATTFilter
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2011-08-15 10:24:38
Windows 6.1.7601 Service Pack 1 
Running: f3yhnh4j.exe


---- Registry - GMER 1.0.15 ----

Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1                                                                  771343423
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2                                                                  285507792
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0                                                                  1
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                    
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                 0
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                              0x02 0x73 0x56 0x90 ...
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                 0xD4 0xC3 0x97 0x02 ...
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                           
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                     0x70 0x7C 0x51 0x44 ...
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                      
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                0x73 0xCA 0x69 0xE5 ...
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                     0
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                  0x02 0x73 0x56 0x90 ...
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                     0xD4 0xC3 0x97 0x02 ...
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)       
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                         0x70 0x7C 0x51 0x44 ...
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)  
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                    0x73 0xCA 0x69 0xE5 ...

---- EOF - GMER 1.0.15 ----
         
--- --- ---

Zitat:
Zitat von MBAM
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Datenbank Version: 7468

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

15.08.2011 11:21:40
mbam-log-2011-08-15 (11-21-40).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 324166
Laufzeit: 48 Minute(n), 29 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Hoffe ihr könnt mir helfen. Habe echt Angst, dass mein Onlinebanking manipuliert werden könnte!

Danke und schönsten Gruß,
Olli
__________________


Alt 17.08.2011, 11:48   #3
Oliver_
 
Ist mein System safe-for-work? (Nach Trojaner-Befall etc.) - Standard

Ist mein System safe-for-work? (Nach Trojaner-Befall etc.)



Bisher ist noch nichts neues aufgepoppt. Was soll ich noch prüfen, bevor ich wieder onlinebanking betreibe?
__________________

Antwort

Themen zu Ist mein System safe-for-work? (Nach Trojaner-Befall etc.)
.dll, alternate, bho, detected, error, explorer, firefox, format, frage, ftp, harddisk, helper, kaspersky, langs, lockedfile.multi.generic, logfile, microsoft, microsoft security, mozilla thunderbird, mp3, neu, neu aufsetzen, nodrives, object, realtek, registry, schutz, security, software, start menu, system, version=1.0, windows, winlogon



Ähnliche Themen: Ist mein System safe-for-work? (Nach Trojaner-Befall etc.)


  1. Trojaner TR/Atraps.Gen - Befall auf windows 7 System
    Log-Analyse und Auswertung - 04.11.2013 (19)
  2. XP-Rechner nach "System care antivirus" Befall neu aufgesetzt
    Log-Analyse und Auswertung - 29.04.2013 (9)
  3. System nach Rootkit Befall repariert - große Unsicherheit ob wirklich clean
    Log-Analyse und Auswertung - 22.03.2013 (2)
  4. Ist mein System nach augenscheinlichem Virenbefall gesäubert?
    Plagegeister aller Art und deren Bekämpfung - 28.12.2012 (3)
  5. System noch sicher nach Befall durch sirefef?
    Plagegeister aller Art und deren Bekämpfung - 16.08.2012 (2)
  6. Win 7 nach GVU-Befall neuinstalliert - System nun absolut sauber?
    Log-Analyse und Auswertung - 13.08.2012 (2)
  7. System neu aufgesetzt nach Befall, Datensicherung prüfen, Restverdacht
    Plagegeister aller Art und deren Bekämpfung - 14.07.2012 (1)
  8. Ihr System wurde gesperrt / 100 € per Pay-safe / keine Lizenz / ORL im Anhang
    Plagegeister aller Art und deren Bekämpfung - 04.02.2012 (1)
  9. Fehlermeldung bei System Start nach Trojaner Befall: Error loading C:\WINDOWS\System32\disktcfg.dll
    Plagegeister aller Art und deren Bekämpfung - 24.11.2010 (6)
  10. Befall Backdoor.Bifrose.AAGY , Datei winupdcenter.exe, ist mein System ferngesteuert?
    Plagegeister aller Art und deren Bekämpfung - 08.01.2010 (7)
  11. System beschädigt nach Viren/Trojaner-Befall
    Plagegeister aller Art und deren Bekämpfung - 18.01.2009 (4)
  12. Nach Trojaner-Befall System neu aufgesetzt - Wieder alles sauber?
    Mülltonne - 14.12.2008 (0)
  13. Nach Trojaner entfernung, ist mein System wieder clean?
    Mülltonne - 20.11.2008 (0)
  14. Nach Trojaner Befall System neu aufgesetzt
    Mülltonne - 05.10.2008 (0)
  15. System neu installiert?Jetzt Safe?
    Log-Analyse und Auswertung - 14.05.2006 (1)
  16. nach escan im Safe Mode ist PC wahnsinnig langsam geworden
    Log-Analyse und Auswertung - 11.03.2006 (2)
  17. Nach Trojaner-Befall und Säuberung mit eScan, asquared, xoftspy,... mein Hijack Log
    Log-Analyse und Auswertung - 24.10.2005 (4)

Zum Thema Ist mein System safe-for-work? (Nach Trojaner-Befall etc.) - Hallo Team! Vielleicht kann mich jemand kurz durch einen Check meines Systems geleiten, um festzustellen, ob es wirklich frei von Viren/Trojaners/Rootkits ist. Ich habe in den letzten Monaten zwei Infektionen - Ist mein System safe-for-work? (Nach Trojaner-Befall etc.)...
Archiv
Du betrachtest: Ist mein System safe-for-work? (Nach Trojaner-Befall etc.) auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.