Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: TR/Spy.SpyEyes.gps von AntiVir gefunden

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 22.04.2011, 09:18   #1
mattan75
 
TR/Spy.SpyEyes.gps von AntiVir gefunden - Standard

TR/Spy.SpyEyes.gps von AntiVir gefunden



Hallo zusammen,

AntiVir hat mir gestern folgenden Fund gemeldet:

Code:
ATTFilter
In der Datei 'C:\polaroidexe\polaroidexe.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Spy.SpyEyes.gps' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern
         
...und weiterhin:

Code:
ATTFilter
Die Datei 'C:\polaroidexe\polaroidexe.exe'
enthielt einen Virus oder unerwünschtes Programm 'TR/Spy.SpyEyes.gps' [trojan].
Durchgeführte Aktion(en):
Der Registrierungseintrag <HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\B494E216C2DCD6D7> konnte nicht entfernt werden.
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4b123ace.qua' verschoben!
         
Ich habe daraufhin die obenstehende .exe Datei aus meinem Autostart entfernt und den kompletten Ordner 'C:\polaroidexe' gelöscht. Allerdings schätze ich, dass "SpyEyes" tiefer im System ist und somit käme als Lösung für mich lediglich ein neu Aufsetzen infrage.

Dennoch hoffe ich, dass jemand von euch mir helfen kann, mein System vielleicht anderweitig zu säubern. In anderen Threads scheint dies gelungen zu sein und deshalb wäre ich für eure Hilfe sehr dankbar!

Habe die Anleitung entsprechend durchgearbeitet und hier sind die Log Files. Vielen Dank vorab für eure Antwort!

OTL.txt

Code:
ATTFilter
OTL logfile created on: 22.04.2011 09:33:27 - Run 1
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\********\Desktop
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 56,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 890,41 Gb Total Space | 782,32 Gb Free Space | 87,86% Space Free | Partition Type: NTFS
Drive D: | 40,00 Gb Total Space | 29,12 Gb Free Space | 72,81% Space Free | Partition Type: NTFS
 
Computer Name: DESKTOP | User Name: ******** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.04.22 09:24:21 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\********\Desktop\OTL.exe
PRC - [2011.04.21 18:22:15 | 002,146,496 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2011.04.19 18:03:25 | 001,190,680 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2011.04.08 16:28:14 | 000,220,552 | ---- | M] (Geek Software GmbH) -- C:\Program Files\PDF24\pdf24.exe
PRC - [2011.03.16 20:38:46 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.02.06 17:17:27 | 000,234,784 | ---- | M] (Apple Inc.) -- C:\Program Files\AirPrint\airprint.exe
PRC - [2010.11.14 13:37:58 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.11.14 13:37:58 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010.08.24 11:38:18 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2010.04.02 10:18:54 | 001,185,112 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
PRC - [2010.01.14 21:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2010.01.08 15:23:58 | 000,303,104 | ---- | M] (Wistron Corporation) -- C:\Program Files\RemoteKeySrv\RemoteKeySrv.exe
PRC - [2009.12.29 19:50:10 | 000,678,432 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe
PRC - [2009.12.09 19:02:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2009.11.07 04:46:52 | 000,020,480 | ---- | M] (X10) -- C:\Program Files\Common Files\X10\Common\X10nets.exe
PRC - [2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.07.14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009.07.14 03:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2009.07.01 19:03:12 | 002,352,416 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2009.07.01 19:03:12 | 000,795,936 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2009.07.01 19:03:12 | 000,582,944 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
PRC - [2009.02.03 15:53:00 | 001,155,072 | ---- | M] (MAGIX AG) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
PRC - [2007.07.24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.04.22 09:24:21 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\********\Desktop\OTL.exe
MOD - [2010.08.21 07:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2009.07.14 03:16:12 | 000,145,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\powrprof.dll
MOD - [2009.07.14 03:15:50 | 001,386,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvbvm60.dll
MOD - [2009.07.14 03:15:50 | 000,120,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvfw32.dll
MOD - [2009.07.14 03:15:13 | 000,453,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dsound.dll
MOD - [2009.07.01 19:03:26 | 000,226,592 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BtMmHook.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.04.21 18:22:15 | 002,146,496 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011.03.16 20:38:46 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.02.06 17:17:27 | 000,234,784 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\AirPrint\Airprint.exe -- (AirPrint)
SRV - [2010.11.14 13:37:58 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.08.24 11:38:18 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2010.01.08 15:23:58 | 000,303,104 | ---- | M] (Wistron Corporation) [Auto | Running] -- C:\Program Files\RemoteKeySrv\RemoteKeySrv.exe -- (RemoteKeySrv)
SRV - [2009.12.09 19:02:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2009.11.07 04:46:52 | 000,020,480 | ---- | M] (X10) [Auto | Running] -- C:\Program Files\Common Files\X10\Common\X10nets.exe -- (x10nets)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.07.01 19:03:12 | 000,582,944 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009.02.03 15:53:00 | 001,155,072 | ---- | M] (MAGIX AG) [Unknown | Running] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2008.08.07 11:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2007.07.24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.04.19 02:00:29 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2011.04.19 02:00:28 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2011.03.18 00:33:32 | 000,049,240 | ---- | M] (NCH Software) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stdriver32.sys -- (stdriver)
DRV - [2011.03.16 20:38:46 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2010.12.04 12:33:03 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010.11.25 21:10:54 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.04.01 18:20:05 | 000,013,824 | ---- | M] (LoteSoft Co.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\splitcam.sys -- (SPLITCAM)
DRV - [2010.03.29 20:20:26 | 000,223,440 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\System32\drivers\truecrypt.sys -- (truecrypt)
DRV - [2010.03.02 05:57:12 | 001,006,624 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8192se.sys -- (rtl8192se)
DRV - [2010.01.07 10:05:26 | 000,182,304 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009.12.22 14:43:16 | 001,558,368 | ---- | M] (NXP Semiconductors Germany GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NxpCap.sys -- (NxpCap)
DRV - [2009.12.03 12:26:22 | 009,941,512 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009.10.29 12:20:40 | 000,010,360 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\system32\DRIVERS\hidkmdf.sys -- (hidkmdf)
DRV - [2009.10.29 12:20:38 | 000,022,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\system32\DRIVERS\NW1950.sys -- (NW1950)
DRV - [2009.10.13 14:03:28 | 000,067,688 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2009.07.14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009.07.14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009.07.01 13:46:20 | 000,043,944 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btusbflt.sys -- (btusbflt)
DRV - [2009.05.13 13:47:30 | 000,027,160 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\x10ufx2.sys -- (XUIF)
DRV - [2009.05.13 13:26:26 | 000,013,720 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\x10hid.sys -- (X10Hid)
DRV - [2009.05.11 09:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2005.12.08 15:33:40 | 000,004,096 | ---- | M] (Wistron) [Kernel | On_Demand | Running] -- C:\Program Files\RemoteKeySrv\GENPORT.sys -- (genport)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://webmail.havigs.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "about:blank"
FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:4.0
FF - prefs.js..extensions.enabledItems: {99B98C2C-7274-45a3-A640-D9DF1A1C8460}:1.4
FF - prefs.js..extensions.enabledItems: {338B4DFE-2E2C-4338-9E41-E176D497299E}:1.0.0
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.03.22 21:23:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.03.22 21:23:34 | 000,000,000 | ---D | M]
 
[2010.03.31 16:53:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\********\AppData\Roaming\mozilla\Extensions
[2010.03.31 16:53:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\********\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2011.04.07 19:39:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\********\AppData\Roaming\mozilla\Firefox\Profiles\lmsewdbk.default\extensions
[2010.04.01 18:19:15 | 000,000,000 | ---D | M] (SplitCam Toolbar) -- C:\Users\********\AppData\Roaming\mozilla\Firefox\Profiles\lmsewdbk.default\extensions\{338B4DFE-2E2C-4338-9E41-E176D497299E}
[2010.03.30 00:50:30 | 000,000,000 | ---D | M] (CookieCuller) -- C:\Users\********\AppData\Roaming\mozilla\Firefox\Profiles\lmsewdbk.default\extensions\{99B98C2C-7274-45a3-A640-D9DF1A1C8460}
[2011.04.02 23:20:38 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\********\AppData\Roaming\mozilla\Firefox\Profiles\lmsewdbk.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.03.22 00:34:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010.03.30 00:15:16 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010.09.18 17:41:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.10.24 23:38:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.01.09 01:27:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.03.13 13:59:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
File not found (No name found) -- 
() (No name found) -- C:\USERS\********\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LMSEWDBK.DEFAULT\EXTENSIONS\{C0C9A2C7-2E5C-4447-BC53-97718BC91E1B}.XPI
[2011.03.22 21:23:27 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2011.02.02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2011.03.22 21:23:29 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2011.03.22 21:23:29 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
[2011.03.22 21:23:30 | 000,001,153 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2011.03.22 21:23:30 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2011.03.22 21:23:30 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2011.03.22 21:23:30 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (SMTTB2009 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\SplitCam Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (SplitCam Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\SplitCam Toolbar\tbcore3.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (SplitCam Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\SplitCam Toolbar\tbcore3.dll ()
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PDFPrint] C:\Program Files\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe (Realtek Semiconductor)
O4 - HKCU..\Run: [ccleaner] C:\Program Files\CCleaner\ccleaner.exe (Piriform Ltd)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O9 - Extra Button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpReg: TkBellExe - hkey= - key= - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
MsConfig - StartUpReg: TomTomHOME.exe - hkey= - key= - C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
 
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.04.22 09:31:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\ERUNT
[2011.04.22 09:31:47 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011.04.22 09:24:19 | 000,791,393 | ---- | C] (Lars Hederer                                                ) -- C:\Users\********\Desktop\Erunt-setup.exe
[2011.04.22 09:24:19 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\********\Desktop\OTL.exe
[2011.04.22 09:24:19 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\********\Desktop\TFC.exe
[2011.04.21 22:53:54 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011.04.21 22:53:54 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011.04.21 22:53:54 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011.04.21 22:53:29 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011.04.21 22:53:25 | 000,000,000 | --SD | C] -- C:\cofi
[2011.04.21 22:51:37 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011.04.21 22:50:38 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011.04.21 22:44:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011.04.21 22:44:21 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011.04.21 20:28:43 | 000,064,512 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2011.04.21 20:28:41 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2011.04.21 20:28:08 | 000,000,000 | ---D | C] -- C:\Users\********\AppData\Local\Sunbelt Software
[2011.04.21 20:27:33 | 000,000,000 | -H-D | C] -- C:\ProgramData\{AA5544E4-9BBC-419B-9204-40B5924D26AA}
[2011.04.21 20:27:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\Lavasoft
[2011.04.21 20:27:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2011.04.21 20:27:24 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2011.04.17 15:57:05 | 000,000,000 | ---D | C] -- C:\Users\********\Documents\Bewerbung
[2011.04.17 11:26:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\PDF24
[2011.04.10 13:07:05 | 000,000,000 | ---D | C] -- C:\Users\********\AppData\Roaming\Malwarebytes
[2011.04.10 12:48:24 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.04.10 12:48:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\Malwarebytes' Anti-Malware
[2011.04.10 12:48:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.04.10 12:48:20 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.04.10 12:48:19 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.04.10 12:25:38 | 000,000,000 | ---D | C] -- C:\Users\********\AppData\Roaming\Quwe
[2011.04.10 12:25:38 | 000,000,000 | ---D | C] -- C:\Users\********\AppData\Roaming\Qesew
[2011.04.07 22:54:32 | 000,000,000 | ---D | C] -- C:\Users\********\AppData\Roaming\kock
[2011.04.07 19:23:20 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJEGV
[2011.04.05 22:33:49 | 000,000,000 | ---D | C] -- C:\Users\********\AppData\Local\PDF24
[2011.04.05 22:31:23 | 000,000,000 | ---D | C] -- C:\Program Files\PDF24
[2011.04.05 22:20:39 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJScan
[2011.04.05 22:11:44 | 000,000,000 | ---D | C] -- C:\ProgramData\CanonIJWSpt
[2011.04.05 22:10:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\Canon CanoScan LiDE 210 Manual
[2011.04.05 22:10:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\CanoScan LiDE 210
[2011.03.31 20:12:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\VideoLAN
[2004.11.24 21:25:52 | 000,335,872 | ---- | C] ( ) -- C:\Windows\System32\drvc.dll
 
========== Files - Modified Within 30 Days ==========
 
[2011.04.22 09:33:45 | 000,009,696 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.04.22 09:33:45 | 000,009,696 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.04.22 09:31:47 | 000,000,862 | ---- | M] () -- C:\Users\********\Desktop\NTREGOPT.lnk
[2011.04.22 09:31:47 | 000,000,843 | ---- | M] () -- C:\Users\********\Desktop\ERUNT.lnk
[2011.04.22 09:31:01 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.04.22 09:30:47 | 000,657,438 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.04.22 09:30:47 | 000,618,714 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.04.22 09:30:47 | 000,130,810 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.04.22 09:30:47 | 000,107,034 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.04.22 09:26:34 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.04.22 09:26:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.04.22 09:25:56 | 2414,432,256 | -HS- | M] () -- C:\hiberfil.sys
[2011.04.22 09:24:23 | 000,301,568 | ---- | M] () -- C:\Users\********\Desktop\g2m3e4r.exe
[2011.04.22 09:24:22 | 000,791,393 | ---- | M] (Lars Hederer                                                ) -- C:\Users\********\Desktop\Erunt-setup.exe
[2011.04.22 09:24:21 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\********\Desktop\OTL.exe
[2011.04.22 09:24:21 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\********\Desktop\TFC.exe
[2011.04.22 01:53:01 | 000,237,568 | ---- | M] () -- C:\Windows\System32\rmc_rtspdl.dll
[2011.04.22 01:53:01 | 000,156,672 | ---- | M] (Radioactive) -- C:\Windows\System32\rmc_fixasf.exe
[2011.04.22 00:12:14 | 002,302,976 | ---- | M] () -- C:\Users\********\Kontakte_2104.pst
[2011.04.22 00:11:42 | 008,397,824 | ---- | M] () -- C:\Users\********\Ablage_2104.pst
[2011.04.22 00:10:37 | 006,366,208 | ---- | M] () -- C:\Users\********\backup.pst
[2011.04.21 20:28:55 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat
[2011.04.21 20:28:55 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat
[2011.04.21 20:28:40 | 000,098,392 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2011.04.21 20:27:33 | 000,001,072 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2011.04.19 02:00:29 | 000,064,512 | ---- | M] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2011.04.18 12:23:39 | 000,016,432 | ---- | M] () -- C:\Windows\System32\lsdelete.exe
[2011.04.17 11:26:16 | 000,001,782 | ---- | M] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk
[2011.04.17 10:45:07 | 000,468,888 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.04.05 22:11:45 | 000,001,989 | ---- | M] () -- C:\Users\Public\Desktop\Canon Solution Menu EX.lnk
[2011.04.05 22:10:42 | 000,002,286 | ---- | M] () -- C:\Users\Public\Desktop\Canon CanoScan LiDE 210 Online-Handbuch.lnk
[2011.04.03 17:57:56 | 000,448,224 | ---- | M] () -- C:\Users\********\Documents\Amazon-Gift-Card_Michi 2011.pdf
[2011.03.31 20:20:26 | 000,000,933 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
 
========== Files Created - No Company Name ==========
 
[2011.04.22 09:31:47 | 000,000,862 | ---- | C] () -- C:\Users\********\Desktop\NTREGOPT.lnk
[2011.04.22 09:31:47 | 000,000,843 | ---- | C] () -- C:\Users\********\Desktop\ERUNT.lnk
[2011.04.22 09:24:19 | 000,301,568 | ---- | C] () -- C:\Users\********\Desktop\g2m3e4r.exe
[2011.04.22 00:11:54 | 002,302,976 | ---- | C] () -- C:\Users\********\Kontakte_2104.pst
[2011.04.22 00:11:12 | 008,397,824 | ---- | C] () -- C:\Users\********\Ablage_2104.pst
[2011.04.22 00:10:34 | 006,366,208 | ---- | C] () -- C:\Users\********\backup.pst
[2011.04.21 22:53:54 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011.04.21 22:53:54 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011.04.21 22:53:54 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011.04.21 22:53:54 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011.04.21 22:53:54 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011.04.21 22:38:47 | 000,016,432 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2011.04.21 20:28:55 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011.04.21 20:28:55 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2011.04.21 20:27:33 | 000,001,072 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2011.04.17 11:26:16 | 000,001,782 | ---- | C] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk
[2011.04.05 22:11:45 | 000,001,989 | ---- | C] () -- C:\Users\Public\Desktop\Canon Solution Menu EX.lnk
[2011.04.05 22:10:42 | 000,002,286 | ---- | C] () -- C:\Users\Public\Desktop\Canon CanoScan LiDE 210 Online-Handbuch.lnk
[2011.04.05 22:10:18 | 000,393,256 | ---- | C] () -- C:\Windows\System32\CNQ4809N.DAT
[2011.04.03 17:57:56 | 000,448,224 | ---- | C] () -- C:\Users\********\Documents\Amazon-Gift-Card_Michi 2011.pdf
[2010.10.17 13:31:26 | 065,169,605 | ---- | C] () -- C:\Users\********\AppData\Local\altu.flv
[2010.10.17 13:31:26 | 065,169,605 | ---- | C] () -- C:\Program Files\altu.flv
[2010.10.11 22:25:44 | 022,373,229 | ---- | C] () -- C:\Users\********\AppData\Local\P1D.flv
[2010.05.15 18:35:36 | 000,056,320 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll
[2010.05.13 18:04:27 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2010.04.18 10:44:54 | 000,003,584 | ---- | C] () -- C:\Users\********\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.04.11 23:58:50 | 003,620,216 | ---- | C] () -- C:\Users\********\AppData\Local\vluvsladygagas webcam video April 11 2010 0253 PM.flv
[2010.04.01 18:34:49 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2010.03.30 01:46:29 | 000,237,568 | ---- | C] () -- C:\Windows\System32\rmc_rtspdl.dll
[2010.03.30 00:29:03 | 000,056,880 | ---- | C] () -- C:\Windows\System32\scvideo.dll
[2010.03.30 00:15:54 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010.03.29 21:27:29 | 000,000,162 | ---- | C] () -- C:\Windows\ODBC.INI
[2010.03.03 02:00:00 | 001,449,935 | ---- | C] () -- C:\Windows\System32\ffmpegmt.dll
[2010.03.03 02:00:00 | 000,882,688 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010.03.03 02:00:00 | 000,336,384 | ---- | C] () -- C:\Windows\System32\ff_libfaad2.dll
[2010.03.03 02:00:00 | 000,324,096 | ---- | C] () -- C:\Windows\System32\TomsMoComp_ff.dll
[2010.03.03 02:00:00 | 000,248,320 | ---- | C] () -- C:\Windows\System32\ff_kernelDeint.dll
[2010.03.03 02:00:00 | 000,216,576 | ---- | C] () -- C:\Windows\System32\ff_libdts.dll
[2010.03.03 02:00:00 | 000,169,984 | ---- | C] () -- C:\Windows\System32\ff_samplerate.dll
[2010.03.03 02:00:00 | 000,151,552 | ---- | C] () -- C:\Windows\System32\ff_libmad.dll
[2010.03.03 02:00:00 | 000,145,408 | ---- | C] () -- C:\Windows\System32\libmpeg2_ff.dll
[2010.03.03 02:00:00 | 000,121,856 | ---- | C] () -- C:\Windows\System32\ff_liba52.dll
[2010.03.03 02:00:00 | 000,116,736 | ---- | C] () -- C:\Windows\System32\ff_tremor.dll
[2010.03.03 02:00:00 | 000,097,792 | ---- | C] () -- C:\Windows\System32\ff_unrar.dll
[2010.01.10 07:44:49 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2010.01.08 10:39:19 | 000,451,072 | ---- | C] () -- C:\Windows\System32\ISSRemoveSP.exe
[2010.01.08 10:05:02 | 000,149,504 | ---- | C] () -- C:\Windows\unwise32_setup.exe
[2010.01.08 10:05:02 | 000,127,184 | ---- | C] () -- C:\Windows\Unwise.exe
[2010.01.08 09:57:53 | 000,013,224 | ---- | C] () -- C:\Windows\System32\drivers\RtPCEE3.DAT
[2010.01.07 10:22:31 | 000,007,648 | ---- | C] () -- C:\Windows\System32\716xCoInstaller.dll
[2010.01.07 10:22:31 | 000,000,480 | ---- | C] () -- C:\Windows\11317231_001416BE_ca.bin
[2010.01.07 10:22:31 | 000,000,480 | ---- | C] () -- C:\Windows\11317231_001316BE_ca.bin
[2010.01.07 10:22:31 | 000,000,480 | ---- | C] () -- C:\Windows\11317231_001216BE_ca.bin
[2009.12.03 09:27:28 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009.12.03 00:50:04 | 000,041,808 | ---- | C] () -- C:\Windows\System32\nvcoproc.bin
[2009.12.03 00:50:00 | 000,330,344 | ---- | C] () -- C:\Windows\System32\easyUpdatusAPIU.dll
[2009.11.14 20:37:08 | 000,154,112 | ---- | C] () -- C:\Windows\System32\ts.dll
[2009.11.14 20:33:40 | 000,357,888 | ---- | C] () -- C:\Windows\System32\gdsmux.exe
[2009.11.14 20:33:38 | 000,249,856 | ---- | C] () -- C:\Windows\System32\dxr.dll
[2009.11.14 20:11:50 | 000,093,184 | ---- | C] () -- C:\Windows\System32\avss.dll
[2009.11.14 20:11:42 | 000,150,016 | ---- | C] () -- C:\Windows\System32\mkx.dll
[2009.11.14 20:11:42 | 000,141,824 | ---- | C] () -- C:\Windows\System32\mp4.dll
[2009.11.14 20:11:40 | 000,123,392 | ---- | C] () -- C:\Windows\System32\ogm.dll
[2009.11.14 20:11:40 | 000,109,568 | ---- | C] () -- C:\Windows\System32\avi.dll
[2009.11.14 20:11:38 | 000,097,792 | ---- | C] () -- C:\Windows\System32\avs.dll
[2009.11.14 20:11:36 | 000,136,704 | ---- | C] () -- C:\Windows\System32\mkv2vfr.exe
[2009.11.14 20:11:36 | 000,113,152 | ---- | C] () -- C:\Windows\System32\dsmux.exe
[2009.11.14 20:11:32 | 000,080,384 | ---- | C] () -- C:\Windows\System32\mkzlib.dll
[2009.11.14 20:11:32 | 000,024,576 | ---- | C] () -- C:\Windows\System32\mkunicode.dll
[2009.10.29 12:20:42 | 008,824,824 | ---- | C] () -- C:\Windows\System32\drivers\NWTransLib.sys
[2009.10.29 12:20:38 | 000,022,392 | ---- | C] () -- C:\Windows\System32\drivers\NW1950.sys
[2009.08.11 23:21:26 | 000,087,552 | ---- | C] () -- C:\Windows\System32\ac3config.exe
[2009.08.03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009.08.03 16:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009.07.14 10:47:43 | 000,657,438 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.07.14 10:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.07.14 10:47:43 | 000,130,810 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.07.14 10:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.07.14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 06:33:53 | 000,468,888 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 04:05:48 | 000,618,714 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 04:05:48 | 000,107,034 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009.06.07 18:24:04 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009.01.11 00:15:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\mmfinfo.dll
[2008.12.19 17:15:58 | 004,338,246 | ---- | C] () -- C:\Windows\System32\libavcodec.dll
[2008.12.17 19:41:18 | 000,884,237 | ---- | C] () -- C:\Windows\System32\ff_x264.dll
[2008.12.17 19:22:58 | 000,093,184 | ---- | C] () -- C:\Windows\System32\ff_wmv9.dll
[2008.12.17 19:22:48 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2008.12.17 19:17:34 | 000,239,247 | ---- | C] () -- C:\Windows\System32\ff_theora.dll
[2008.12.17 18:59:54 | 000,560,802 | ---- | C] () -- C:\Windows\System32\libmplayer.dll
[2008.11.06 18:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2007.10.13 11:30:20 | 000,000,137 | ---- | C] () -- C:\Windows\System32\Registration.ini
[2007.09.16 16:27:47 | 010,181,784 | ---- | C] () -- C:\Users\********\AppData\Local\Vi7 Small.avi.AVI
[2006.11.02 18:10:16 | 000,080,912 | ---- | C] () -- C:\Windows\System32\sherlock2.exe
[2004.10.03 19:50:54 | 000,129,024 | ---- | C] () -- C:\Windows\System32\ff_mpeg2enc.dll
 
========== LOP Check ==========
 
[2010.10.31 15:57:43 | 000,000,000 | ---D | M] -- C:\Users\********\AppData\Roaming\calibre
[2011.04.05 22:20:39 | 000,000,000 | ---D | M] -- C:\Users\********\AppData\Roaming\Canon
[2010.04.12 18:39:24 | 000,000,000 | ---D | M] -- C:\Users\********\AppData\Roaming\CD-LabelPrint
[2010.12.04 12:36:04 | 000,000,000 | ---D | M] -- C:\Users\********\AppData\Roaming\DAEMON Tools Lite
[2011.01.24 00:24:04 | 000,000,000 | ---D | M] -- C:\Users\********\AppData\Roaming\GrabPro
[2010.10.02 17:07:58 | 000,000,000 | ---D | M] -- C:\Users\********\AppData\Roaming\ICQ
[2011.04.07 22:54:32 | 000,000,000 | ---D | M] -- C:\Users\********\AppData\Roaming\kock
[2011.01.24 00:36:37 | 000,000,000 | ---D | M] -- C:\Users\********\AppData\Roaming\Orbit
[2010.03.29 21:27:12 | 000,000,000 | ---D | M] -- C:\Users\********\AppData\Roaming\PowerCinema
[2011.01.23 20:00:33 | 000,000,000 | ---D | M] -- C:\Users\********\AppData\Roaming\ProgSense
[2011.04.10 13:14:47 | 000,000,000 | ---D | M] -- C:\Users\********\AppData\Roaming\Qesew
[2011.04.10 13:14:36 | 000,000,000 | ---D | M] -- C:\Users\********\AppData\Roaming\Quwe
[2010.03.31 16:53:54 | 000,000,000 | ---D | M] -- C:\Users\********\AppData\Roaming\TomTom
[2010.09.19 17:47:05 | 000,000,000 | ---D | M] -- C:\Users\********\AppData\Roaming\TrueCrypt
[2011.04.18 21:45:52 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2010.04.18 18:31:00 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2011.04.21 23:00:11 | 000,000,000 | --SD | M] -- C:\cofi
[2010.03.29 17:21:22 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2011.01.23 20:00:33 | 000,000,000 | ---D | M] -- C:\Downloads
[2010.01.08 09:32:52 | 000,000,000 | ---D | M] -- C:\Intel
[2010.03.29 21:11:59 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2011.04.22 09:31:47 | 000,000,000 | ---D | M] -- C:\Program Files
[2011.04.21 22:44:21 | 000,000,000 | ---D | M] -- C:\ProgramData
[2010.03.29 17:21:22 | 000,000,000 | -HSD | M] -- C:\Programme
[2011.04.21 22:53:29 | 000,000,000 | ---D | M] -- C:\Qoobox
[2010.03.29 17:21:22 | 000,000,000 | -HSD | M] -- C:\Recovery
[2011.04.22 03:00:27 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2010.03.29 17:21:33 | 000,000,000 | R--D | M] -- C:\Users
[2011.04.22 09:28:44 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: EXPLORER.EXE  >
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
 
< MD5 for: USERINIT.EXE  >
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-04-22 01:01:47
 
< End of report >
         
Extras.txt

Code:
ATTFilter
OTL Extras logfile created on: 22.04.2011 09:33:27 - Run 1
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\********\Desktop
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 56,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 890,41 Gb Total Space | 782,32 Gb Free Space | 87,86% Space Free | Partition Type: NTFS
Drive D: | 40,00 Gb Total Space | 29,12 Gb Free Space | 72,81% Space Free | Partition Type: NTFS
 
Computer Name: DESKTOP | User Name: Matthias | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4
"_{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{07B62101-7EBD-434A-94B1-B38063BE5516}" = CorelDRAW Essentials 4 - PHOTO-PAINT
"{0C0670E5-2D51-42C6-ACFF-CBCB65B7DCDB}" = SplitCam
"{0C7B9FAF-9C93-4E3A-9EC5-DE553B5771F0}" = Linguatec Voice Reader Studio
"{0ED4216F-3540-4D6B-8199-1C8DDEA3924B}" = CorelDRAW Essentials 4 - Lang DE
"{10E3699C-3BBE-419F-8085-3AE94E932EAA}" = calibre
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4300" = Canon iP4300
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4809" = CanoScan LiDE 210 Scanner Driver
"{19AC095C-3520-4999-AA15-93B6D0248A50}" = CorelDRAW Essentials 4 - Content
"{1E5F3CC6-D390-4393-A2AA-6CEC04F1705A}" = Image Resizer Powertoy Clone for Windows
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = Media Player Classic - Home Cinema v. 1.3.1249.0
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Medion Touch Center
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 24
"{2A697B53-0DE3-42DA-B41D-C3F804B1C538}" = iTunes
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2D87E961-577B-492B-AD54-1368680FB9A7}" = Bing Maps 3D
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{34A9406E-1994-4C20-AC72-04CFA2B24545}" = CorelDRAW Essentials 4 - Lang EN
"{3576C335-958D-4D60-A812-F68F9A2796AF}" = CorelDRAW Essentials 4 - Lang IT
"{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}" = Microsoft XNA Framework Redistributable 3.0
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3E6F0CAD-EE38-42A5-9EEA-AE17A55BF2D4}" = Firebird SQL Server - MAGIX Edition
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{5176C4D8-E6C1-422A-8D6F-E13EB996DCEA}" = CyberLink YouMemo
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5500BB35-1C21-4328-9F16-F894B860FADE}" = CorelDRAW Essentials 4 - Lang NL
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{699D0EFA-5AC2-4DAB-846E-E4EFDA00ACAC}" = RemoteKeySrv
"{70AA9B4F-64F7-4B0D-ADD8-05802D61AF72}" = Windows Live Toolbar
"{70CC0095-AA68-45BE-AE98-D8170182E9EB}" = PowerCinema Movie
"{714F1BA5-F95E-4821-AA70-D30BBE04A5FF}" = NextWindow Drivers
"{71BFC818-0CED-42D6-9C87-5142918957EE}" = ICQ7.1
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72BF1DA0-2B00-4794-9173-159722019B74}" = CyberLink YouPaint
"{76E852ED-1B06-4BC8-9D6A-625DB95FB7E5}" = CorelDRAW Essentials 4 - IPM - No VBA
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 2.9.7
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista and Later
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{8FF90DB8-6DED-44A3-B182-244FEC09012F}" = Microsoft Touch Pack for Windows 7
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0000-0000-0000000FF1CE}" = Microsoft Office Outlook 2007
"{90120000-001A-0000-0000-0000000FF1CE}_OUTLOOK_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0000-0000-0000000FF1CE}_OUTLOOK_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}_PRJPRO_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}_VISPRO_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_PRJPRO_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_VISPRO_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_PRJPRO_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_VISPRO_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}_PRJPRO_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}_VISPRO_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2007
"{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{9E73617F-2F38-4864-BD61-BB2DDFE43323}" = Microsoft Office Project 2007 Service Pack 2 (SP2)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
"{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{0FD405D3-CAF8-4CA6-8BFD-911D2F8A6585}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0054-0407-0000-0000000FF1CE}" = Microsoft Office Visio MUI (German) 2007
"{90120000-0054-0407-0000-0000000FF1CE}_VISPRO_{60CC0F2D-BFA0-4851-903D-809D876DD87B}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}_PRJPRO_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}_VISPRO_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00B4-0407-0000-0000000FF1CE}" = Microsoft Office Project MUI (German) 2007
"{90120000-00B4-0407-0000-0000000FF1CE}_PRJPRO_{16809599-3C53-4A9A-A7E2-74A6D0D2C007}" = Microsoft Office Project 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9043B9A0-9505-405B-8202-E7167A38A89C}" = CorelDRAW Essentials 4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 4.1
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D3D8C60-A55F-4fed-B2B9-173F09590E16}" = REALTEK Wireless LAN Driver
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB770FDE-8087-4C98-9A85-BD64262C104C}" = Medion Home Cinema
"{ABD8B955-1C69-4AF3-949B-13CD587C175F}" = CorelDRAW Essentials 4 - Lang BR
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3 - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{B9FA9F15-A1F3-4DB1-AD49-0B9351843FAA}" = CorelDRAW Essentials 4 - Draw
"{BA9319FE-BCEF-4C99-8039-F464648D046E}" = CorelDRAW Essentials 4 - Lang FR
"{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU]
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4 - ICA
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C682F3F0-00A6-4379-B083-4F3273624D7B}" = CorelDRAW Essentials 4 - Lang ES
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"{DCD786A9-31EF-4D35-B7CC-EFB8F548AEE2}" = O&O SafeErase
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F16841F6-5F0F-4DBE-B318-63CEB916F21D}" = CorelDRAW Essentials 4 - Filters
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Applian Director1.1" = Applian Director
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"Camtasia Studio 3" = Camtasia Studio 3
"Canon iP4300 Benutzerregistrierung" = Canon iP4300 Benutzerregistrierung
"Canon Setup Utility 2.3" = Canon Setup Utility 2.3
"CanonSolutionMenuEX" = Canon Solution Menu EX
"CCleaner" = CCleaner
"Cole2k Media - Codec Pack" = Cole2k Media - Codec Pack (Advanced) 7.9.1
"Debut" = Debut Video Capture Software
"DivX Setup.divx.com" = DivX-Setup
"DPP" = Canon Utilities Digital Photo Professional 3.4
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Easy-PrintToolBox" = Canon Utilities Easy-PrintToolBox
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EOS Utility" = Canon Utilities EOS Utility
"ERUNT_is1" = ERUNT 1.1j
"FLV Player" = FLV Player 2.0 (build 25)
"Indeo® Software" = Indeo® Software
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Medion Touch Center
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{5176C4D8-E6C1-422A-8D6F-E13EB996DCEA}" = CyberLink YouMemo
"InstallShield_{72BF1DA0-2B00-4794-9173-159722019B74}" = CyberLink YouPaint
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallShield_{AB770FDE-8087-4C98-9A85-BD64262C104C}" = Medion Home Cinema
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"JDownloader" = JDownloader
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 4.0 (x86 de)" = Mozilla Firefox 4.0 (x86 de)
"MP Navigator EX 4.0" = Canon MP Navigator EX 4.0
"NVIDIA Drivers" = NVIDIA Drivers
"OUTLOOK" = Microsoft Office Outlook 2007
"Picture Style Editor" = Canon Utilities Picture Style Editor
"PRJPRO" = Microsoft Office Project Professional 2007
"RealPlayer 12.0" = RealPlayer
"Replay Media Catcher 3.11" = Replay Media Catcher
"SplitCam Toolbar" = SplitCam Toolbar
"TomTom HOME" = TomTom HOME 2.7.6.2056
"TrueCrypt" = TrueCrypt
"VISPRO" = Microsoft Office Visio Professional 2007
"VLC media player" = VLC media player 1.1.8
"WinLiveSuite_Wave3" = Windows Live Essentials
"X10Hardware" = X10 Hardware(TM)
"XP Codec Pack" = XP Codec Pack
"Yahoo! Messenger" = Yahoo! Messenger
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 17.04.2011 14:08:27 | Computer Name = Desktop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2278
 
Error - 17.04.2011 14:08:27 | Computer Name = Desktop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2278
 
Error - 17.04.2011 14:08:28 | Computer Name = Desktop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 17.04.2011 14:08:28 | Computer Name = Desktop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3417
 
Error - 17.04.2011 14:08:28 | Computer Name = Desktop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3417
 
Error - 18.04.2011 13:31:09 | Computer Name = Desktop | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: taskeng.exe, Version: 6.1.7600.16699,
 Zeitstempel: 0x4ccf7a97  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000703bb  ID des fehlerhaften
 Prozesses: 0x9f0  Startzeit der fehlerhaften Anwendung: 0x01cbfdee56cc8d68  Pfad der
 fehlerhaften Anwendung: C:\Windows\system32\taskeng.exe  Pfad des fehlerhaften Moduls:
 unknown  Berichtskennung: a53e180c-69e1-11e0-94de-1c4bd6033cb2
 
Error - 20.04.2011 12:01:41 | Computer Name = Desktop | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: DllHost.exe, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc6b7  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16695,
 Zeitstempel: 0x4cc7ab44  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00075c8c  ID des fehlerhaften
 Prozesses: 0x58c  Startzeit der fehlerhaften Anwendung: 0x01cbff7419fdeafc  Pfad der
 fehlerhaften Anwendung: C:\Windows\system32\DllHost.exe  Pfad des fehlerhaften Moduls:
 C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: 7af205e8-6b67-11e0-b00c-1c4bd6033cb2
 
Error - 21.04.2011 14:27:58 | Computer Name = Desktop | Source = Lavasoft Ad-Aware Service | ID = 0
Description = 
 
Error - 21.04.2011 16:54:20 | Computer Name = Desktop | Source = VSS | ID = 8193
Description = 
 
Error - 21.04.2011 21:00:12 | Computer Name = Desktop | Source = VSS | ID = 8193
Description = 
 
[ Media Center Events ]
Error - 23.08.2010 18:42:45 | Computer Name = Desktop | Source = MCUpdate | ID = 0
Description = 00:42:45 - MCESpotlight konnte nicht abgerufen werden (Fehler: Die
 Verbindung mit dem Remoteserver kann nicht hergestellt werden.)  
 
Error - 23.08.2010 18:43:29 | Computer Name = Desktop | Source = MCUpdate | ID = 0
Description = 00:43:28 - Broadband konnte nicht abgerufen werden (Fehler: Die Verbindung
 mit dem Remoteserver kann nicht hergestellt werden.)  
 
Error - 24.08.2010 14:00:45 | Computer Name = Desktop | Source = MCUpdate | ID = 0
Description = 20:00:45 - Directory konnte nicht abgerufen werden (Fehler: Die Verbindung
 mit dem Remoteserver kann nicht hergestellt werden.)  
 
Error - 09.09.2010 13:45:14 | Computer Name = Desktop | Source = MCUpdate | ID = 0
Description = 19:45:14 - MCEClientUX konnte nicht abgerufen werden (Fehler: Die 
Verbindung mit dem Remoteserver kann nicht hergestellt werden.)  
 
[ OSession Events ]
Error - 22.03.2011 17:05:45 | Computer Name = Desktop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 378
 seconds with 180 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 23.11.2010 17:38:26 | Computer Name = Desktop | Source = bowser | ID = 8003
Description = 
 
Error - 28.11.2010 07:22:04 | Computer Name = Desktop | Source = bowser | ID = 8003
Description = 
 
Error - 28.11.2010 09:19:19 | Computer Name = Desktop | Source = bowser | ID = 8003
Description = 
 
Error - 28.11.2010 11:48:04 | Computer Name = Desktop | Source = bowser | ID = 8003
Description = 
 
Error - 02.12.2010 17:45:17 | Computer Name = Desktop | Source = bowser | ID = 8003
Description = 
 
Error - 03.12.2010 04:31:38 | Computer Name = Desktop | Source = bowser | ID = 8003
Description = 
 
Error - 03.12.2010 11:16:24 | Computer Name = Desktop | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
 
Error - 03.12.2010 11:20:38 | Computer Name = Desktop | Source = Ntfs | ID = 262281
Description = Auf dem Volume "H:" konnte der Transaktionsressourcen-Manager aufgrund
 eines nicht wiederholbaren Fehlers nicht gestartet werden. Der Fehlercode ist in
 den Daten enthalten.
 
Error - 03.12.2010 12:35:45 | Computer Name = Desktop | Source = bowser | ID = 8003
Description = 
 
Error - 04.12.2010 06:34:52 | Computer Name = Desktop | Source = NetBT | ID = 4321
Description = Der Name "WORKGROUP      :1d" konnte nicht auf der Schnittstelle mit
 IP-Adresse 192.168.2.104  registriert werden. Der Computer mit IP-Adresse 192.168.2.1
 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.
 
 
< End of report >
         
Gmer.txt

Code:
ATTFilter
GMER 1.0.15.15570 - hxxp://www.gmer.net
Rootkit scan 2011-04-22 09:59:54
Windows 6.1.7600  Harddisk0\DR0 -> \Device\Ide\iaStor0 WDC_WD10 rev.80.0
Running: g2m3e4r.exe; Driver: C:\Users\********\AppData\Local\Temp\fwldapoc.sys
 
 
---- Kernel code sections - GMER 1.0.15 ----
 
.text           ntkrnlpa.exe!ZwSaveKeyEx + 13BD                                                                                                                           83247589 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                                                                    8326C092 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
?               System32\Drivers\spfi.sys                                                                                                                                 Das System kann den angegebenen Pfad nicht finden. !
.text           USBPORT.SYS!DllUnload                                                                                                                                     917A4CA0 5 Bytes  JMP 88A251D8 
 
---- Devices - GMER 1.0.15 ----
 
Device          \FileSystem\Ntfs \Ntfs                                                                                                                                    8663B1F8
Device          \Driver\NetBT \Device\NetBT_Tcpip_{0B8F75AA-6092-423F-8182-9C35D08FA678}                                                                                  88A3C1F8
Device          \Driver\volmgr \Device\VolMgrControl                                                                                                                      8597D1F8
Device          \Driver\usbuhci \Device\USBPDO-0                                                                                                                          88A361F8
Device          \Driver\usbuhci \Device\USBPDO-1                                                                                                                          88A361F8
Device          \Driver\usbuhci \Device\USBPDO-2                                                                                                                          88A361F8
Device          \Driver\usbehci \Device\USBPDO-3                                                                                                                          86691500
Device          \Driver\usbuhci \Device\USBPDO-4                                                                                                                          88A361F8
Device          \Driver\usbuhci \Device\USBPDO-5                                                                                                                          88A361F8
Device          \Driver\usbuhci \Device\USBPDO-6                                                                                                                          88A361F8
Device          \Driver\volmgr \Device\HarddiskVolume1                                                                                                                    8597D1F8
 
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                                                                    fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                                                                    rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
 
Device          \Driver\usbehci \Device\USBPDO-7                                                                                                                          86691500
Device          \Driver\volmgr \Device\HarddiskVolume2                                                                                                                    8597D1F8
 
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                                                                    fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                                                                    rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
 
Device          \Driver\cdrom \Device\CdRom0                                                                                                                              88A5C1F8
Device          \Driver\iaStor -> DriverStartIo \Device\Ide\iaStor0                                                                                                       88BCAAEA
Device          \Driver\iaStor \Device\Ide\iaStor0                                                                                                                        [8BA7C960] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\iaStor -> DriverStartIo \Device\Ide\IAAStorageDevice-0                                                                                            88BCAAEA
Device          \Driver\iaStor \Device\Ide\IAAStorageDevice-0                                                                                                             [8BA7C960] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\volmgr \Device\HarddiskVolume3                                                                                                                    8597D1F8
 
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                                                                                    fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                                                                                    rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
 
Device          \Driver\volmgr \Device\HarddiskVolume4                                                                                                                    8597D1F8
 
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4                                                                                                                    fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4                                                                                                                    rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
 
Device          \Driver\NetBT \Device\NetBt_Wins_Export                                                                                                                   88A3C1F8
Device          \Driver\ACPI_HAL \Device\0000004b                                                                                                                         halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
Device          \Driver\NetBT \Device\NetBT_Tcpip_{C01B1037-EBDE-4812-918C-42D7B7594353}                                                                                  88A3C1F8
Device          \Driver\BTHUSB \Device\00000089                                                                                                                           bthport.sys (Bluetooth-Bustreiber/Microsoft Corporation)
Device          \Driver\BTHUSB \Device\00000089                                                                                                                           bthport.sys (Bluetooth-Bustreiber/Microsoft Corporation)
Device          \Driver\NetBT \Device\NetBT_Tcpip_{7A5F3B8D-398E-416E-83ED-75B499643A19}                                                                                  88A3C1F8
Device          \Driver\usbuhci \Device\USBFDO-0                                                                                                                          88A361F8
Device          \Driver\usbuhci \Device\USBFDO-1                                                                                                                          88A361F8
Device          \Driver\usbuhci \Device\USBFDO-2                                                                                                                          88A361F8
Device          \Driver\usbehci \Device\USBFDO-3                                                                                                                          86691500
Device          \Driver\usbuhci \Device\USBFDO-4                                                                                                                          88A361F8
Device          \Driver\usbuhci \Device\USBFDO-5                                                                                                                          88A361F8
Device          \Driver\NetBT \Device\NetBT_Tcpip_{4F7CE2CD-1AA4-4E79-95F5-FAB2ED8FADF3}                                                                                  88A3C1F8
Device          \Driver\BTHUSB \Device\0000008b                                                                                                                           bthport.sys (Bluetooth-Bustreiber/Microsoft Corporation)
Device          \Driver\BTHUSB \Device\0000008b                                                                                                                           bthport.sys (Bluetooth-Bustreiber/Microsoft Corporation)
Device          \Driver\usbuhci \Device\USBFDO-6                                                                                                                          88A361F8
Device          \Driver\usbehci \Device\USBFDO-7                                                                                                                          86691500
Device          \Device\Ide\IAAStorageDevice-1 -> \??\IDE#DiskWDC_WD10EARS-00Y5B1_____________________80.00A80#4&1b2adb9a&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}  device not found
 
---- Registry - GMER 1.0.15 ----
 
Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0025d3a14f3d                                                                               
Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0025d3a15499                                                                               
Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\1c4bd6033cb2                                                                               
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1                                                                                                        771343423
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2                                                                                                        285507792
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0                                                                                                        1
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                                                          
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                                                       0x00 0x00 0x00 0x00 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                                                       0
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                                                    0xA2 0xC4 0x49 0xF4 ...
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0025d3a14f3d (not active ControlSet)                                                           
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0025d3a15499 (not active ControlSet)                                                           
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\1c4bd6033cb2 (not active ControlSet)                                                           
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                                                      
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                                                           0x00 0x00 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                                                           0
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                                                        0xA2 0xC4 0x49 0xF4 ...
Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System                                                                                                     
Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OOSAFEERASE04.00.00.01MSWINDOWS                                                                     0DCA2D38AAC82F9F01ADBA02A26CA80B243744DB67F39D5C2552B2957B163C93D291408F77FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808FEBC9E127BECC74CBA7FD869164D6794BA7FD869164D67944DC90C7E176435D7B5884736BF660771E6ECE2E676DBF6615D3516A2E81587361B530287B0EB3174CB9DB73ED93807A228050085B34FADDA386087557B1727F5E048C48C4A2AE8BEBB7DBCAA5C0CC63944E896A62765277959A4F545BBDB918A0513B00C7CF38165998BCBBF9E7F12F39E17CD6F8426752C8EB65F18DA74BD3462423ACF947E751A6DCFEB032B9188968BADE34731F97A681AEFD437BCD17239C889E85F95E51293B4763940BF271BE753732A5ACA2D6EA6B04FFE4E79CACDE3F9BFD78934A9788DDDCEE506508892363450841920F25DE37DF596D05E194080AEDF3561D9AE1F464ECC34A801E3884D5ED2EE3735DF27211EA9E9716BDB0DE01008C5BCA33ACF005B097D3FAE46EB05F6A974AD416D7EE124D45B2B5594CF5C3EFB61B46379A802D4BEADA3E7A70032972C37382FF86CAE1706E1B904AAF2C9CCA170A820791B16F74EC3F46C5EDA30CCD06C569EC34C95EFED86209568380AC085F4B990306D8BF93CD698B526E7E097365CCB6474CDA61DE16921597BB47B1754024F2474B7B5022E0
 
---- EOF - GMER 1.0.15 ----
         
Malwarebytes findet übrigens nichts, hier auch noch der Logfile:

Code:
ATTFilter
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
 
Datenbank Version: 6417
 
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
 
22.04.2011 11:11:14
mbam-log-2011-04-22 (11-11-14).txt
 
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 299494
Laufzeit: 41 Minute(n), 24 Sekunde(n)
 
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
 
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
 
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
 
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
 
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
 
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
 
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
 
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
         

Alt 25.04.2011, 14:25   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Spy.SpyEyes.gps von AntiVir gefunden - Standard

TR/Spy.SpyEyes.gps von AntiVir gefunden



Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.
__________________

__________________

Alt 25.04.2011, 15:02   #3
mattan75
 
TR/Spy.SpyEyes.gps von AntiVir gefunden - Standard

TR/Spy.SpyEyes.gps von AntiVir gefunden



Hi, das ist, was bei all meinen kürzlichen Scans an Logfiles gespeichert wurde (beginnend mit den ältesten, erstmalig ausgeführt am 10.04.2011):

Code:
ATTFilter
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 5363

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

10.04.2011 13:14:36
mbam-log-2011-04-10 (13-14-36).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 150094
Laufzeit: 2 Minute(n), 56 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 7
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{8B644AD0-956D-A60B-F32E-C98C2E711249} (Trojan.Dropper) -> Value: {8B644AD0-956D-A60B-F32E-C98C2E711249} -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Bad: (93.188.165.13,93.188.160.43) Good: () -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{0B8F75AA-6092-423F-8182-9C35D08FA678}\NameServer (Trojan.DNSChanger) -> Bad: (93.188.165.13,93.188.160.43) Good: () -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{4F7CE2CD-1AA4-4E79-95F5-FAB2ED8FADF3}\NameServer (Trojan.DNSChanger) -> Bad: (93.188.165.13,93.188.160.43) Good: () -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7A5F3B8D-398E-416E-83ED-75B499643A19}\NameServer (Trojan.DNSChanger) -> Bad: (93.188.165.13,93.188.160.43) Good: () -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7A5F3B8D-398E-416E-83ED-75B499643A19}\DhcpNameServer (Trojan.DNSChanger) -> Bad: (93.188.165.13,93.188.160.43) Good: () -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{C01B1037-EBDE-4812-918C-42D7B7594353}\NameServer (Trojan.DNSChanger) -> Bad: (93.188.165.13,93.188.160.43) Good: () -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{C01B1037-EBDE-4812-918C-42D7B7594353}\DhcpNameServer (Trojan.DNSChanger) -> Bad: (93.188.165.13,93.188.160.43) Good: () -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\Matthias\AppData\Roaming\Quwe\axer.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Users\Public\Desktop\control center.lnk (Rogue.ControlCenter) -> Quarantined and deleted successfully.
         
Code:
ATTFilter
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6324

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

10.04.2011 17:32:47
mbam-log-2011-04-10 (17-32-47).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 160297
Laufzeit: 3 Minute(n), 56 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{8B644AD0-956D-A60B-F32E-C98C2E711249} (Trojan.ZbotR.Gen) -> Value: {8B644AD0-956D-A60B-F32E-C98C2E711249} -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
         
Code:
ATTFilter
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6414

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

21.04.2011 20:18:30
mbam-log-2011-04-21 (20-18-30).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 161663
Laufzeit: 4 Minute(n), 5 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
         
Code:
ATTFilter
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6415

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

21.04.2011 23:38:56
mbam-log-2011-04-21 (23-38-56).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 68586
Laufzeit: 5 Minute(n), 22 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
         
Code:
ATTFilter
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6415

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

21.04.2011 23:42:31
mbam-log-2011-04-21 (23-42-31).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 162120
Laufzeit: 3 Minute(n), 24 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
         
Code:
ATTFilter
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6416

Windows 6.1.7600 (Safe Mode)
Internet Explorer 8.0.7600.16385

22.04.2011 00:57:56
mbam-log-2011-04-22 (00-57-56).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 114422
Laufzeit: 9 Minute(n), 34 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
         
Code:
ATTFilter
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6416

Windows 6.1.7600 (Safe Mode)
Internet Explorer 8.0.7600.16385

22.04.2011 01:00:01
mbam-log-2011-04-22 (01-00-01).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 159596
Laufzeit: 1 Minute(n), 54 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
         
Code:
ATTFilter
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6417

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

22.04.2011 11:11:14
mbam-log-2011-04-22 (11-11-14).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 299494
Laufzeit: 41 Minute(n), 24 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
         
__________________

Alt 25.04.2011, 15:10   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Spy.SpyEyes.gps von AntiVir gefunden - Standard

TR/Spy.SpyEyes.gps von AntiVir gefunden



Zitat:
[2011.04.21 22:53:54 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011.04.21 22:53:54 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011.04.21 22:53:54 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011.04.21 22:53:54 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011.04.21 22:53:54 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
Wer hat dich angewiesen Combofix auszuführen??
Warum postest du das Log nicht von allein?
__________________
Logs bitte immer in CODE-Tags posten

Alt 25.04.2011, 15:20   #5
mattan75
 
TR/Spy.SpyEyes.gps von AntiVir gefunden - Standard

TR/Spy.SpyEyes.gps von AntiVir gefunden



Combofix war eine Art Selbstversuch - habe das Kleingedruckte zu spät gelesen. Da Combofix aber nicht vollständig gelaufen ist, war mir nicht bewusst, dass es ein Logfile gibt... Hoffe, ich hab dadurch nix kaputt gemacht?

Wo finde ich das Log, um es hier posten zu können?


Geändert von mattan75 (25.04.2011 um 15:26 Uhr) Grund: vergessen, zu fragen...

Alt 25.04.2011, 15:32   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Spy.SpyEyes.gps von AntiVir gefunden - Standard

TR/Spy.SpyEyes.gps von AntiVir gefunden



Schau nach: C:\Combofix.txt oder in C:\Qoobox
__________________
--> TR/Spy.SpyEyes.gps von AntiVir gefunden

Alt 25.04.2011, 15:39   #7
mattan75
 
TR/Spy.SpyEyes.gps von AntiVir gefunden - Standard

TR/Spy.SpyEyes.gps von AntiVir gefunden



Eine .txt direkt auf C: existiert nicht und in C:\Qoobox ist auch kein Logfile zu finden. Soll ich das tool noch mal ausführen? Falls ja - ich möchte diesmal alles richtig machen - bitte weise an, wie...

Alt 25.04.2011, 15:49   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Spy.SpyEyes.gps von AntiVir gefunden - Standard

TR/Spy.SpyEyes.gps von AntiVir gefunden



Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!!

Code:
ATTFilter
:OTL
[2011.04.10 12:25:38 | 000,000,000 | ---D | C] -- C:\Users\********\AppData\Roaming\Quwe
[2011.04.10 12:25:38 | 000,000,000 | ---D | C] -- C:\Users\********\AppData\Roaming\Qesew
[2011.04.07 22:54:32 | 000,000,000 | ---D | C] -- C:\Users\********\AppData\Roaming\kock
:Commands
[purity]
[resethosts]
[emptytemp]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________
Logs bitte immer in CODE-Tags posten

Alt 25.04.2011, 16:11   #9
mattan75
 
TR/Spy.SpyEyes.gps von AntiVir gefunden - Standard

TR/Spy.SpyEyes.gps von AntiVir gefunden



Done:

Code:
ATTFilter
All processes killed
========== OTL ==========
C:\Users\********\AppData\Roaming\Quwe folder moved successfully.
C:\Users\********\AppData\Roaming\Qesew folder moved successfully.
C:\Users\********\AppData\Roaming\kock folder moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: ********
->Temp folder emptied: 3356796 bytes
->Temporary Internet Files folder emptied: 812350 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 7654262 bytes
->Flash cache emptied: 479 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 9356 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 11,00 mb
 
 
OTL by OldTimer - Version 3.2.22.3 log created on 04252011_170532

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
         

Alt 25.04.2011, 20:00   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Spy.SpyEyes.gps von AntiVir gefunden - Standard

TR/Spy.SpyEyes.gps von AntiVir gefunden



Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________
Logs bitte immer in CODE-Tags posten

Alt 25.04.2011, 20:32   #11
mattan75
 
TR/Spy.SpyEyes.gps von AntiVir gefunden - Standard

TR/Spy.SpyEyes.gps von AntiVir gefunden



Danke - alles klar, hab ich gemacht. Finde ich übrigens super, dass du mir so hilfst!! Hier das Log:

Code:
ATTFilter
2011/04/25 21:28:24.0412 0588	TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/25 21:28:24.0640 0588	================================================================================
2011/04/25 21:28:24.0640 0588	SystemInfo:
2011/04/25 21:28:24.0640 0588	
2011/04/25 21:28:24.0640 0588	OS Version: 6.1.7600 ServicePack: 0.0
2011/04/25 21:28:24.0640 0588	Product type: Workstation
2011/04/25 21:28:24.0640 0588	ComputerName: DESKTOP
2011/04/25 21:28:24.0641 0588	UserName: ********
2011/04/25 21:28:24.0641 0588	Windows directory: C:\Windows
2011/04/25 21:28:24.0641 0588	System windows directory: C:\Windows
2011/04/25 21:28:24.0641 0588	Processor architecture: Intel x86
2011/04/25 21:28:24.0641 0588	Number of processors: 2
2011/04/25 21:28:24.0641 0588	Page size: 0x1000
2011/04/25 21:28:24.0641 0588	Boot type: Normal boot
2011/04/25 21:28:24.0641 0588	================================================================================
2011/04/25 21:28:24.0988 0588	Initialize success
2011/04/25 21:28:30.0132 1308	================================================================================
2011/04/25 21:28:30.0132 1308	Scan started
2011/04/25 21:28:30.0132 1308	Mode: Manual; 
2011/04/25 21:28:30.0132 1308	================================================================================
2011/04/25 21:28:31.0219 1308	1394ohci        (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/04/25 21:28:31.0287 1308	ACPI            (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
2011/04/25 21:28:31.0327 1308	AcpiPmi         (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/04/25 21:28:31.0380 1308	adp94xx         (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/04/25 21:28:31.0441 1308	adpahci         (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2011/04/25 21:28:31.0473 1308	adpu320         (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2011/04/25 21:28:31.0533 1308	AFD             (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
2011/04/25 21:28:31.0568 1308	agp440          (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
2011/04/25 21:28:31.0606 1308	aic78xx         (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2011/04/25 21:28:31.0682 1308	aliide          (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
2011/04/25 21:28:31.0719 1308	amdagp          (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
2011/04/25 21:28:31.0757 1308	amdide          (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
2011/04/25 21:28:31.0789 1308	AmdK8           (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2011/04/25 21:28:31.0811 1308	AmdPPM          (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2011/04/25 21:28:31.0847 1308	amdsata         (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
2011/04/25 21:28:31.0893 1308	amdsbs          (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/04/25 21:28:31.0936 1308	amdxata         (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
2011/04/25 21:28:32.0012 1308	AppID           (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
2011/04/25 21:28:32.0070 1308	arc             (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2011/04/25 21:28:32.0105 1308	arcsas          (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2011/04/25 21:28:32.0154 1308	AsyncMac        (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/04/25 21:28:32.0184 1308	atapi           (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
2011/04/25 21:28:32.0275 1308	avgntflt        (47b879406246ffdced59e18d331a0e7d) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/04/25 21:28:32.0324 1308	avipbb          (5fedef54757b34fb611b9ec8fb399364) C:\Windows\system32\DRIVERS\avipbb.sys
2011/04/25 21:28:32.0388 1308	b06bdrv         (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2011/04/25 21:28:32.0421 1308	b57nd60x        (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/04/25 21:28:32.0469 1308	Beep            (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2011/04/25 21:28:32.0513 1308	blbdrive        (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/04/25 21:28:32.0585 1308	bowser          (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys
2011/04/25 21:28:32.0612 1308	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/04/25 21:28:32.0647 1308	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/04/25 21:28:32.0691 1308	Brserid         (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2011/04/25 21:28:32.0731 1308	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/04/25 21:28:32.0760 1308	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/04/25 21:28:32.0785 1308	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/04/25 21:28:32.0823 1308	BthEnum         (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\DRIVERS\BthEnum.sys
2011/04/25 21:28:32.0849 1308	BTHMODEM        (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/04/25 21:28:32.0882 1308	BthPan          (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
2011/04/25 21:28:32.0915 1308	BTHPORT         (4a34888e13224678dd062466afec4240) C:\Windows\system32\Drivers\BTHport.sys
2011/04/25 21:28:32.0959 1308	BTHUSB          (fa04c63916fa221dbb91fce153d07a55) C:\Windows\system32\Drivers\BTHUSB.sys
2011/04/25 21:28:33.0006 1308	btusbflt        (92c5b845803f3662637eb691ac0b250f) C:\Windows\system32\drivers\btusbflt.sys
2011/04/25 21:28:33.0039 1308	btwaudio        (d57d29132efe13a83133d9bd449e0cf1) C:\Windows\system32\drivers\btwaudio.sys
2011/04/25 21:28:33.0078 1308	btwavdt         (d282c14a69357d0e1bafaecc2ca98c3a) C:\Windows\system32\drivers\btwavdt.sys
2011/04/25 21:28:33.0130 1308	btwl2cap        (aafd7cb76ba61fbb08e302da208c974a) C:\Windows\system32\DRIVERS\btwl2cap.sys
2011/04/25 21:28:33.0164 1308	btwrchid        (02eb4d2b05967df2d32f29c84ab1fb17) C:\Windows\system32\DRIVERS\btwrchid.sys
2011/04/25 21:28:33.0271 1308	cdfs            (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2011/04/25 21:28:33.0324 1308	cdrom           (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
2011/04/25 21:28:33.0363 1308	circlass        (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2011/04/25 21:28:33.0397 1308	CLFS            (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2011/04/25 21:28:33.0443 1308	CmBatt          (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/04/25 21:28:33.0473 1308	cmdide          (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
2011/04/25 21:28:33.0522 1308	CNG             (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2011/04/25 21:28:33.0572 1308	Compbatt        (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2011/04/25 21:28:33.0606 1308	CompositeBus    (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/04/25 21:28:33.0637 1308	crcdisk         (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/04/25 21:28:33.0719 1308	DfsC            (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
2011/04/25 21:28:33.0745 1308	discache        (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2011/04/25 21:28:33.0775 1308	Disk            (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2011/04/25 21:28:33.0850 1308	drmkaud         (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2011/04/25 21:28:33.0906 1308	DXGKrnl         (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys
2011/04/25 21:28:34.0041 1308	ebdrv           (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2011/04/25 21:28:34.0247 1308	elxstor         (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2011/04/25 21:28:34.0286 1308	ErrDev          (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
2011/04/25 21:28:34.0348 1308	exfat           (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2011/04/25 21:28:34.0395 1308	fastfat         (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2011/04/25 21:28:34.0432 1308	fdc             (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2011/04/25 21:28:34.0469 1308	FileInfo        (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2011/04/25 21:28:34.0520 1308	Filetrace       (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2011/04/25 21:28:34.0574 1308	flpydisk        (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/04/25 21:28:34.0608 1308	FltMgr          (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2011/04/25 21:28:34.0658 1308	FsDepends       (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2011/04/25 21:28:34.0690 1308	Fs_Rec          (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2011/04/25 21:28:34.0736 1308	fvevol          (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
2011/04/25 21:28:34.0771 1308	gagp30kx        (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/04/25 21:28:34.0818 1308	GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/04/25 21:28:34.0891 1308	genport         (c1049f3d658f33d0d64cc48b0dcccf08) C:\Program Files\RemoteKeySrv\GenPort.sys
2011/04/25 21:28:35.0008 1308	hcw85cir        (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2011/04/25 21:28:35.0050 1308	HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
2011/04/25 21:28:35.0093 1308	HDAudBus        (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/04/25 21:28:35.0117 1308	HidBatt         (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/04/25 21:28:35.0147 1308	HidBth          (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2011/04/25 21:28:35.0182 1308	HidIr           (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2011/04/25 21:28:35.0216 1308	hidkmdf         (1fab2540c1bd6da847ccd292f4eee48a) C:\Windows\system32\DRIVERS\hidkmdf.sys
2011/04/25 21:28:35.0267 1308	HidUsb          (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
2011/04/25 21:28:35.0357 1308	HpSAMD          (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/04/25 21:28:35.0422 1308	HTTP            (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
2011/04/25 21:28:35.0449 1308	hwpolicy        (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
2011/04/25 21:28:35.0472 1308	i8042prt        (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/04/25 21:28:35.0531 1308	iaStor          (5a6c5876fb84418d08d67b8caed5efcf) C:\Windows\system32\DRIVERS\iaStor.sys
2011/04/25 21:28:35.0574 1308	iaStorV         (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
2011/04/25 21:28:35.0619 1308	iirsp           (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2011/04/25 21:28:35.0798 1308	IntcAzAudAddService (ba9a1f572d1a91559e6e76504cfd381c) C:\Windows\system32\drivers\RTKVHDA.sys
2011/04/25 21:28:35.0998 1308	intelide        (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
2011/04/25 21:28:36.0035 1308	intelppm        (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2011/04/25 21:28:36.0066 1308	IpFilterDriver  (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/04/25 21:28:36.0126 1308	IPMIDRV         (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/04/25 21:28:36.0162 1308	IPNAT           (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2011/04/25 21:28:36.0218 1308	IRENUM          (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2011/04/25 21:28:36.0252 1308	isapnp          (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
2011/04/25 21:28:36.0290 1308	iScsiPrt        (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/04/25 21:28:36.0327 1308	kbdclass        (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/04/25 21:28:36.0358 1308	kbdhid          (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/04/25 21:28:36.0413 1308	KSecDD          (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
2011/04/25 21:28:36.0457 1308	KSecPkg         (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
2011/04/25 21:28:36.0598 1308	Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
2011/04/25 21:28:36.0674 1308	Lbd             (336abe8721cbc3110f1c6426da633417) C:\Windows\system32\DRIVERS\Lbd.sys
2011/04/25 21:28:36.0702 1308	lltdio          (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/04/25 21:28:36.0759 1308	LSI_FC          (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/04/25 21:28:36.0789 1308	LSI_SAS         (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/04/25 21:28:36.0824 1308	LSI_SAS2        (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/04/25 21:28:36.0865 1308	LSI_SCSI        (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/04/25 21:28:36.0896 1308	luafv           (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2011/04/25 21:28:36.0933 1308	megasas         (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2011/04/25 21:28:36.0964 1308	MegaSR          (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/04/25 21:28:36.0994 1308	Modem           (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2011/04/25 21:28:37.0034 1308	monitor         (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2011/04/25 21:28:37.0051 1308	mouclass        (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
2011/04/25 21:28:37.0092 1308	mouhid          (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2011/04/25 21:28:37.0117 1308	mountmgr        (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
2011/04/25 21:28:37.0134 1308	mpio            (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
2011/04/25 21:28:37.0160 1308	mpsdrv          (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2011/04/25 21:28:37.0189 1308	MRxDAV          (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
2011/04/25 21:28:37.0249 1308	mrxsmb          (b4c76ef46322a9711c7b0f4e21ef6ea5) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/04/25 21:28:37.0284 1308	mrxsmb10        (e593d45024a3fdd11e93cc4a6ca91101) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/04/25 21:28:37.0323 1308	mrxsmb20        (a9f86c82c9cc3b679cc3957e1183a30f) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/04/25 21:28:37.0357 1308	msahci          (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
2011/04/25 21:28:37.0410 1308	msdsm           (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
2011/04/25 21:28:37.0481 1308	Msfs            (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2011/04/25 21:28:37.0506 1308	mshidkmdf       (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2011/04/25 21:28:37.0540 1308	msisadrv        (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/04/25 21:28:37.0589 1308	MSKSSRV         (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2011/04/25 21:28:37.0619 1308	MSPCLOCK        (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/04/25 21:28:37.0642 1308	MSPQM           (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2011/04/25 21:28:37.0671 1308	MsRPC           (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2011/04/25 21:28:37.0704 1308	mssmbios        (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/04/25 21:28:37.0725 1308	MSTEE           (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2011/04/25 21:28:37.0765 1308	MTConfig        (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/04/25 21:28:37.0814 1308	Mup             (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2011/04/25 21:28:37.0876 1308	NativeWifiP     (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2011/04/25 21:28:37.0927 1308	NDIS            (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
2011/04/25 21:28:37.0958 1308	NdisCap         (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/04/25 21:28:38.0004 1308	NdisTapi        (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/04/25 21:28:38.0040 1308	Ndisuio         (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/04/25 21:28:38.0064 1308	NdisWan         (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/04/25 21:28:38.0099 1308	NDProxy         (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
2011/04/25 21:28:38.0129 1308	NetBIOS         (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2011/04/25 21:28:38.0165 1308	NetBT           (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
2011/04/25 21:28:38.0214 1308	nfrd960         (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/04/25 21:28:38.0253 1308	Npfs            (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2011/04/25 21:28:38.0287 1308	nsiproxy        (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2011/04/25 21:28:38.0337 1308	Ntfs            (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
2011/04/25 21:28:38.0394 1308	Null            (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2011/04/25 21:28:38.0449 1308	NVHDA           (eff6795cdacb959d1ab89eb9b9c29b57) C:\Windows\system32\drivers\nvhda32v.sys
2011/04/25 21:28:38.0654 1308	nvlddmkm        (50c1b2dd2a5b3ed82c6e4683c4ad58b8) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/04/25 21:28:38.0926 1308	nvraid          (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
2011/04/25 21:28:38.0962 1308	nvstor          (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
2011/04/25 21:28:39.0015 1308	nv_agp          (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/04/25 21:28:39.0054 1308	NW1950          (f1a718c6c6cd3edf157fa3d459adfef7) C:\Windows\system32\DRIVERS\NW1950.sys
2011/04/25 21:28:39.0122 1308	NxpCap          (953e08d5ca0b02697a8145aaa0ca28be) C:\Windows\system32\DRIVERS\NxpCap.sys
2011/04/25 21:28:39.0198 1308	ohci1394        (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/04/25 21:28:39.0291 1308	Parport         (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2011/04/25 21:28:39.0317 1308	partmgr         (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
2011/04/25 21:28:39.0339 1308	Parvdm          (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2011/04/25 21:28:39.0395 1308	pci             (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
2011/04/25 21:28:39.0433 1308	pciide          (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
2011/04/25 21:28:39.0473 1308	pcmcia          (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/04/25 21:28:39.0513 1308	pcw             (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2011/04/25 21:28:39.0582 1308	PEAUTH          (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2011/04/25 21:28:39.0700 1308	PptpMiniport    (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2011/04/25 21:28:39.0730 1308	Processor       (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2011/04/25 21:28:39.0792 1308	Psched          (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2011/04/25 21:28:39.0844 1308	ql2300          (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2011/04/25 21:28:39.0903 1308	ql40xx          (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/04/25 21:28:39.0937 1308	QWAVEdrv        (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2011/04/25 21:28:39.0974 1308	RasAcd          (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2011/04/25 21:28:39.0994 1308	RasAgileVpn     (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/04/25 21:28:40.0046 1308	Rasl2tp         (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/04/25 21:28:40.0085 1308	RasPppoe        (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/04/25 21:28:40.0117 1308	RasSstp         (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2011/04/25 21:28:40.0149 1308	rdbss           (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
2011/04/25 21:28:40.0182 1308	rdpbus          (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/04/25 21:28:40.0201 1308	RDPCDD          (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/04/25 21:28:40.0233 1308	RDPENCDD        (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2011/04/25 21:28:40.0262 1308	RDPREFMP        (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2011/04/25 21:28:40.0293 1308	RDPWD           (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
2011/04/25 21:28:40.0322 1308	rdyboost        (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
2011/04/25 21:28:40.0385 1308	RFCOMM          (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
2011/04/25 21:28:40.0447 1308	rspndr          (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2011/04/25 21:28:40.0486 1308	RSUSBSTOR       (b87f999e05dd9c0312c83a8752e8e66b) C:\Windows\System32\Drivers\RtsUStor.sys
2011/04/25 21:28:40.0543 1308	RTL8167         (80b66a4181f782884a815e69d0afa743) C:\Windows\system32\DRIVERS\Rt86win7.sys
2011/04/25 21:28:40.0593 1308	rtl8192se       (cfd6c307bf5db3b339be9f92b95433b9) C:\Windows\system32\DRIVERS\rtl8192se.sys
2011/04/25 21:28:40.0674 1308	sbp2port        (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/04/25 21:28:40.0704 1308	scfilter        (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
2011/04/25 21:28:40.0769 1308	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/04/25 21:28:40.0806 1308	Serenum         (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2011/04/25 21:28:40.0837 1308	Serial          (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2011/04/25 21:28:40.0859 1308	sermouse        (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2011/04/25 21:28:40.0929 1308	sffdisk         (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/04/25 21:28:40.0958 1308	sffp_mmc        (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/04/25 21:28:40.0981 1308	sffp_sd         (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/04/25 21:28:41.0002 1308	sfloppy         (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/04/25 21:28:41.0048 1308	sisagp          (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
2011/04/25 21:28:41.0081 1308	SiSRaid2        (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/04/25 21:28:41.0120 1308	SiSRaid4        (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/04/25 21:28:41.0143 1308	Smb             (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2011/04/25 21:28:41.0200 1308	spldr           (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2011/04/25 21:28:41.0252 1308	SPLITCAM        (c7c361a04742ab187e10583bbf4fa975) C:\Windows\system32\DRIVERS\splitcam.sys
2011/04/25 21:28:41.0324 1308	sptd            (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys
2011/04/25 21:28:41.0324 1308	Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
2011/04/25 21:28:41.0331 1308	sptd - detected Locked file (1)
2011/04/25 21:28:41.0369 1308	srv             (4a9b0f215de2519e2363f91df25c1e97) C:\Windows\system32\DRIVERS\srv.sys
2011/04/25 21:28:41.0422 1308	srv2            (14c44875518ae1c982e54ea8c5f7fe28) C:\Windows\system32\DRIVERS\srv2.sys
2011/04/25 21:28:41.0467 1308	srvnet          (07a14223b0a50e76ade003fdf95d4fec) C:\Windows\system32\DRIVERS\srvnet.sys
2011/04/25 21:28:41.0547 1308	ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
2011/04/25 21:28:41.0602 1308	stdriver        (5c031c715e14f10dfc9395004f54ee21) C:\Windows\system32\DRIVERS\stdriver32.sys
2011/04/25 21:28:41.0630 1308	stexstor        (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2011/04/25 21:28:41.0656 1308	swenum          (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
2011/04/25 21:28:41.0765 1308	Tcpip           (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\drivers\tcpip.sys
2011/04/25 21:28:41.0861 1308	TCPIP6          (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\DRIVERS\tcpip.sys
2011/04/25 21:28:41.0897 1308	tcpipreg        (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
2011/04/25 21:28:41.0935 1308	TDPIPE          (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
2011/04/25 21:28:41.0961 1308	TDTCP           (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
2011/04/25 21:28:41.0993 1308	tdx             (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
2011/04/25 21:28:42.0024 1308	TermDD          (a85c8503237a12e393b2c22acd3a3bc2) C:\Windows\system32\DRIVERS\termdd.sys
2011/04/25 21:28:42.0031 1308	Suspicious file (Forged): C:\Windows\system32\DRIVERS\termdd.sys. Real md5: a85c8503237a12e393b2c22acd3a3bc2, Fake md5: c36f41ee20e6999dbf4b0425963268a5
2011/04/25 21:28:42.0038 1308	TermDD - detected Rootkit.Win32.TDSS.tdl3 (0)
2011/04/25 21:28:42.0128 1308	truecrypt       (aceb4f4f83b895e15c8c1a2f55009783) C:\Windows\system32\drivers\truecrypt.sys
2011/04/25 21:28:42.0180 1308	tssecsrv        (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/04/25 21:28:42.0213 1308	tunnel          (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
2011/04/25 21:28:42.0253 1308	uagp35          (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2011/04/25 21:28:42.0306 1308	udfs            (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
2011/04/25 21:28:42.0364 1308	uliagpkx        (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/04/25 21:28:42.0406 1308	umbus           (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
2011/04/25 21:28:42.0434 1308	UmPass          (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2011/04/25 21:28:42.0484 1308	USBAAPL         (d4fb6ecc60a428564ba8768b0e23c0fc) C:\Windows\system32\Drivers\usbaapl.sys
2011/04/25 21:28:42.0516 1308	usbccgp         (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/04/25 21:28:42.0553 1308	usbcir          (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
2011/04/25 21:28:42.0600 1308	usbehci         (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys
2011/04/25 21:28:42.0637 1308	usbhub          (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys
2011/04/25 21:28:42.0666 1308	usbohci         (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
2011/04/25 21:28:42.0700 1308	usbprint        (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2011/04/25 21:28:42.0756 1308	usbscan         (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
2011/04/25 21:28:42.0779 1308	USBSTOR         (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/04/25 21:28:42.0805 1308	usbuhci         (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/04/25 21:28:42.0862 1308	usbvideo        (b5f6a992d996282b7fae7048e50af83a) C:\Windows\System32\Drivers\usbvideo.sys
2011/04/25 21:28:42.0900 1308	vdrvroot        (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/04/25 21:28:42.0942 1308	vga             (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/04/25 21:28:42.0974 1308	VgaSave         (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2011/04/25 21:28:43.0015 1308	vhdmp           (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/04/25 21:28:43.0084 1308	viaagp          (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
2011/04/25 21:28:43.0117 1308	ViaC7           (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2011/04/25 21:28:43.0144 1308	viaide          (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
2011/04/25 21:28:43.0192 1308	volmgr          (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/04/25 21:28:43.0230 1308	volmgrx         (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2011/04/25 21:28:43.0269 1308	volsnap         (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
2011/04/25 21:28:43.0372 1308	vsmraid         (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/04/25 21:28:43.0413 1308	vwifibus        (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/04/25 21:28:43.0449 1308	vwififlt        (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/04/25 21:28:43.0485 1308	vwifimp         (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys
2011/04/25 21:28:43.0530 1308	WacomPen        (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2011/04/25 21:28:43.0563 1308	WANARP          (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/25 21:28:43.0584 1308	Wanarpv6        (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/25 21:28:43.0647 1308	Wd              (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2011/04/25 21:28:43.0683 1308	Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2011/04/25 21:28:43.0792 1308	WfpLwf          (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/04/25 21:28:43.0828 1308	WIMMount        (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2011/04/25 21:28:43.0942 1308	WinUsb          (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/04/25 21:28:43.0983 1308	WmiAcpi         (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/04/25 21:28:44.0040 1308	ws2ifsl         (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/04/25 21:28:44.0104 1308	WudfPf          (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
2011/04/25 21:28:44.0146 1308	WUDFRd          (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/04/25 21:28:44.0213 1308	X10Hid          (1f93fcb5bab3a921ecba522f63586f4a) C:\Windows\System32\Drivers\x10hid.sys
2011/04/25 21:28:44.0258 1308	XUIF            (378dc1b0b1f62a7488ee8d31a3c6e949) C:\Windows\System32\Drivers\x10ufx2.sys
2011/04/25 21:28:44.0396 1308	================================================================================
2011/04/25 21:28:44.0396 1308	Scan finished
2011/04/25 21:28:44.0396 1308	================================================================================
2011/04/25 21:28:44.0417 5624	Detected object count: 2
2011/04/25 21:29:05.0961 5624	Locked file(sptd) - User select action: Skip 
2011/04/25 21:29:05.0987 5624	TermDD          (a85c8503237a12e393b2c22acd3a3bc2) C:\Windows\system32\DRIVERS\termdd.sys
2011/04/25 21:29:05.0987 5624	Suspicious file (Forged): C:\Windows\system32\DRIVERS\termdd.sys. Real md5: a85c8503237a12e393b2c22acd3a3bc2, Fake md5: c36f41ee20e6999dbf4b0425963268a5
2011/04/25 21:29:06.0061 5624	Backup copy found, using it..
2011/04/25 21:29:06.0083 5624	C:\Windows\system32\DRIVERS\termdd.sys - will be cured after reboot
2011/04/25 21:29:06.0083 5624	Rootkit.Win32.TDSS.tdl3(TermDD) - User select action: Cure 
2011/04/25 21:29:10.0100 3288	Deinitialize success
         

Alt 25.04.2011, 20:51   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Spy.SpyEyes.gps von AntiVir gefunden - Standard

TR/Spy.SpyEyes.gps von AntiVir gefunden



TDL3 wurde erkannt und entfernt. Bitte Windows neu starten und zur Kontrolle ein neues Log mit dem Kaspersky-TDSS-Killer machen.
__________________
Logs bitte immer in CODE-Tags posten

Alt 25.04.2011, 21:11   #13
mattan75
 
TR/Spy.SpyEyes.gps von AntiVir gefunden - Standard

TR/Spy.SpyEyes.gps von AntiVir gefunden



Die Kontrolle sah schon mal gut aus:

Code:
ATTFilter
2011/04/25 22:10:25.0627 5080	TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/25 22:10:25.0968 5080	================================================================================
2011/04/25 22:10:25.0968 5080	SystemInfo:
2011/04/25 22:10:25.0968 5080	
2011/04/25 22:10:25.0968 5080	OS Version: 6.1.7600 ServicePack: 0.0
2011/04/25 22:10:25.0968 5080	Product type: Workstation
2011/04/25 22:10:25.0968 5080	ComputerName: DESKTOP
2011/04/25 22:10:25.0968 5080	UserName: Matthias
2011/04/25 22:10:25.0968 5080	Windows directory: C:\Windows
2011/04/25 22:10:25.0968 5080	System windows directory: C:\Windows
2011/04/25 22:10:25.0968 5080	Processor architecture: Intel x86
2011/04/25 22:10:25.0968 5080	Number of processors: 2
2011/04/25 22:10:25.0968 5080	Page size: 0x1000
2011/04/25 22:10:25.0968 5080	Boot type: Normal boot
2011/04/25 22:10:25.0968 5080	================================================================================
2011/04/25 22:10:27.0569 5080	Initialize success
2011/04/25 22:10:29.0939 5128	================================================================================
2011/04/25 22:10:29.0939 5128	Scan started
2011/04/25 22:10:29.0939 5128	Mode: Manual; 
2011/04/25 22:10:29.0939 5128	================================================================================
2011/04/25 22:10:32.0457 5128	1394ohci        (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/04/25 22:10:32.0514 5128	ACPI            (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
2011/04/25 22:10:32.0554 5128	AcpiPmi         (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/04/25 22:10:32.0596 5128	adp94xx         (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/04/25 22:10:32.0635 5128	adpahci         (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2011/04/25 22:10:32.0678 5128	adpu320         (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2011/04/25 22:10:32.0749 5128	AFD             (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
2011/04/25 22:10:32.0806 5128	agp440          (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
2011/04/25 22:10:32.0855 5128	aic78xx         (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2011/04/25 22:10:32.0931 5128	aliide          (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
2011/04/25 22:10:32.0957 5128	amdagp          (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
2011/04/25 22:10:32.0995 5128	amdide          (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
2011/04/25 22:10:33.0038 5128	AmdK8           (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2011/04/25 22:10:33.0083 5128	AmdPPM          (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2011/04/25 22:10:33.0119 5128	amdsata         (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
2011/04/25 22:10:33.0146 5128	amdsbs          (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/04/25 22:10:33.0185 5128	amdxata         (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
2011/04/25 22:10:33.0283 5128	AppID           (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
2011/04/25 22:10:33.0375 5128	arc             (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2011/04/25 22:10:33.0410 5128	arcsas          (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2011/04/25 22:10:33.0459 5128	AsyncMac        (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/04/25 22:10:33.0500 5128	atapi           (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
2011/04/25 22:10:33.0601 5128	avgntflt        (47b879406246ffdced59e18d331a0e7d) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/04/25 22:10:33.0651 5128	avipbb          (5fedef54757b34fb611b9ec8fb399364) C:\Windows\system32\DRIVERS\avipbb.sys
2011/04/25 22:10:33.0715 5128	b06bdrv         (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2011/04/25 22:10:33.0770 5128	b57nd60x        (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/04/25 22:10:33.0840 5128	Beep            (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2011/04/25 22:10:33.0884 5128	blbdrive        (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/04/25 22:10:33.0967 5128	bowser          (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys
2011/04/25 22:10:33.0994 5128	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/04/25 22:10:34.0041 5128	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/04/25 22:10:34.0085 5128	Brserid         (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2011/04/25 22:10:34.0125 5128	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/04/25 22:10:34.0175 5128	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/04/25 22:10:34.0212 5128	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/04/25 22:10:34.0294 5128	BthEnum         (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\DRIVERS\BthEnum.sys
2011/04/25 22:10:34.0332 5128	BTHMODEM        (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/04/25 22:10:34.0375 5128	BthPan          (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
2011/04/25 22:10:34.0409 5128	BTHPORT         (4a34888e13224678dd062466afec4240) C:\Windows\system32\Drivers\BTHport.sys
2011/04/25 22:10:34.0475 5128	BTHUSB          (fa04c63916fa221dbb91fce153d07a55) C:\Windows\system32\Drivers\BTHUSB.sys
2011/04/25 22:10:34.0522 5128	btusbflt        (92c5b845803f3662637eb691ac0b250f) C:\Windows\system32\drivers\btusbflt.sys
2011/04/25 22:10:34.0563 5128	btwaudio        (d57d29132efe13a83133d9bd449e0cf1) C:\Windows\system32\drivers\btwaudio.sys
2011/04/25 22:10:34.0671 5128	btwavdt         (d282c14a69357d0e1bafaecc2ca98c3a) C:\Windows\system32\drivers\btwavdt.sys
2011/04/25 22:10:34.0708 5128	btwl2cap        (aafd7cb76ba61fbb08e302da208c974a) C:\Windows\system32\DRIVERS\btwl2cap.sys
2011/04/25 22:10:34.0758 5128	btwrchid        (02eb4d2b05967df2d32f29c84ab1fb17) C:\Windows\system32\DRIVERS\btwrchid.sys
2011/04/25 22:10:34.0931 5128	cdfs            (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2011/04/25 22:10:34.0984 5128	cdrom           (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
2011/04/25 22:10:35.0068 5128	circlass        (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2011/04/25 22:10:35.0102 5128	CLFS            (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2011/04/25 22:10:35.0225 5128	CmBatt          (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/04/25 22:10:35.0288 5128	cmdide          (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
2011/04/25 22:10:35.0360 5128	CNG             (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2011/04/25 22:10:35.0410 5128	Compbatt        (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2011/04/25 22:10:35.0489 5128	CompositeBus    (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/04/25 22:10:35.0597 5128	crcdisk         (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/04/25 22:10:35.0701 5128	DfsC            (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
2011/04/25 22:10:35.0759 5128	discache        (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2011/04/25 22:10:35.0790 5128	Disk            (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2011/04/25 22:10:35.0877 5128	drmkaud         (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2011/04/25 22:10:36.0022 5128	DXGKrnl         (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys
2011/04/25 22:10:36.0358 5128	ebdrv           (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2011/04/25 22:10:36.0485 5128	elxstor         (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2011/04/25 22:10:36.0524 5128	ErrDev          (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
2011/04/25 22:10:36.0574 5128	exfat           (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2011/04/25 22:10:36.0666 5128	fastfat         (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2011/04/25 22:10:36.0726 5128	fdc             (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2011/04/25 22:10:36.0774 5128	FileInfo        (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2011/04/25 22:10:36.0803 5128	Filetrace       (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2011/04/25 22:10:36.0834 5128	flpydisk        (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/04/25 22:10:36.0869 5128	FltMgr          (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2011/04/25 22:10:36.0929 5128	FsDepends       (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2011/04/25 22:10:36.0962 5128	Fs_Rec          (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2011/04/25 22:10:37.0029 5128	fvevol          (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
2011/04/25 22:10:37.0109 5128	gagp30kx        (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/04/25 22:10:37.0189 5128	GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/04/25 22:10:37.0301 5128	genport         (c1049f3d658f33d0d64cc48b0dcccf08) C:\Program Files\RemoteKeySrv\GenPort.sys
2011/04/25 22:10:37.0417 5128	hcw85cir        (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2011/04/25 22:10:37.0510 5128	HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
2011/04/25 22:10:37.0564 5128	HDAudBus        (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/04/25 22:10:37.0600 5128	HidBatt         (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/04/25 22:10:37.0630 5128	HidBth          (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2011/04/25 22:10:37.0665 5128	HidIr           (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2011/04/25 22:10:37.0721 5128	hidkmdf         (1fab2540c1bd6da847ccd292f4eee48a) C:\Windows\system32\DRIVERS\hidkmdf.sys
2011/04/25 22:10:37.0828 5128	HidUsb          (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
2011/04/25 22:10:37.0872 5128	HpSAMD          (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/04/25 22:10:37.0926 5128	HTTP            (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
2011/04/25 22:10:37.0964 5128	hwpolicy        (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
2011/04/25 22:10:37.0999 5128	i8042prt        (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/04/25 22:10:38.0059 5128	iaStor          (5a6c5876fb84418d08d67b8caed5efcf) C:\Windows\system32\DRIVERS\iaStor.sys
2011/04/25 22:10:38.0100 5128	iaStorV         (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
2011/04/25 22:10:38.0157 5128	iirsp           (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2011/04/25 22:10:38.0351 5128	IntcAzAudAddService (ba9a1f572d1a91559e6e76504cfd381c) C:\Windows\system32\drivers\RTKVHDA.sys
2011/04/25 22:10:38.0403 5128	intelide        (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
2011/04/25 22:10:38.0461 5128	intelppm        (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2011/04/25 22:10:38.0493 5128	IpFilterDriver  (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/04/25 22:10:38.0542 5128	IPMIDRV         (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/04/25 22:10:38.0577 5128	IPNAT           (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2011/04/25 22:10:38.0634 5128	IRENUM          (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2011/04/25 22:10:38.0667 5128	isapnp          (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
2011/04/25 22:10:38.0727 5128	iScsiPrt        (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/04/25 22:10:38.0765 5128	kbdclass        (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/04/25 22:10:38.0807 5128	kbdhid          (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/04/25 22:10:38.0842 5128	KSecDD          (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
2011/04/25 22:10:38.0884 5128	KSecPkg         (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
2011/04/25 22:10:39.0036 5128	Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
2011/04/25 22:10:39.0089 5128	Lbd             (336abe8721cbc3110f1c6426da633417) C:\Windows\system32\DRIVERS\Lbd.sys
2011/04/25 22:10:39.0117 5128	lltdio          (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/04/25 22:10:39.0186 5128	LSI_FC          (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/04/25 22:10:39.0216 5128	LSI_SAS         (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/04/25 22:10:39.0329 5128	LSI_SAS2        (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/04/25 22:10:39.0381 5128	LSI_SCSI        (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/04/25 22:10:39.0423 5128	luafv           (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2011/04/25 22:10:39.0471 5128	megasas         (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2011/04/25 22:10:39.0502 5128	MegaSR          (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/04/25 22:10:39.0538 5128	Modem           (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2011/04/25 22:10:39.0583 5128	monitor         (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2011/04/25 22:10:39.0637 5128	mouclass        (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
2011/04/25 22:10:39.0720 5128	mouhid          (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2011/04/25 22:10:39.0755 5128	mountmgr        (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
2011/04/25 22:10:39.0808 5128	mpio            (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
2011/04/25 22:10:39.0846 5128	mpsdrv          (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2011/04/25 22:10:39.0895 5128	MRxDAV          (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
2011/04/25 22:10:39.0943 5128	mrxsmb          (b4c76ef46322a9711c7b0f4e21ef6ea5) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/04/25 22:10:39.0989 5128	mrxsmb10        (e593d45024a3fdd11e93cc4a6ca91101) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/04/25 22:10:40.0036 5128	mrxsmb20        (a9f86c82c9cc3b679cc3957e1183a30f) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/04/25 22:10:40.0072 5128	msahci          (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
2011/04/25 22:10:40.0103 5128	msdsm           (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
2011/04/25 22:10:40.0164 5128	Msfs            (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2011/04/25 22:10:40.0188 5128	mshidkmdf       (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2011/04/25 22:10:40.0223 5128	msisadrv        (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/04/25 22:10:40.0394 5128	MSKSSRV         (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2011/04/25 22:10:40.0423 5128	MSPCLOCK        (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/04/25 22:10:40.0458 5128	MSPQM           (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2011/04/25 22:10:40.0487 5128	MsRPC           (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2011/04/25 22:10:40.0531 5128	mssmbios        (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/04/25 22:10:40.0555 5128	MSTEE           (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2011/04/25 22:10:40.0603 5128	MTConfig        (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/04/25 22:10:40.0630 5128	Mup             (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2011/04/25 22:10:40.0670 5128	NativeWifiP     (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2011/04/25 22:10:40.0732 5128	NDIS            (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
2011/04/25 22:10:40.0773 5128	NdisCap         (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/04/25 22:10:40.0820 5128	NdisTapi        (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/04/25 22:10:40.0844 5128	Ndisuio         (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/04/25 22:10:40.0880 5128	NdisWan         (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/04/25 22:10:40.0915 5128	NDProxy         (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
2011/04/25 22:10:40.0945 5128	NetBIOS         (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2011/04/25 22:10:40.0981 5128	NetBT           (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
2011/04/25 22:10:41.0043 5128	nfrd960         (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/04/25 22:10:41.0080 5128	Npfs            (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2011/04/25 22:10:41.0125 5128	nsiproxy        (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2011/04/25 22:10:41.0175 5128	Ntfs            (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
2011/04/25 22:10:41.0232 5128	Null            (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2011/04/25 22:10:41.0354 5128	NVHDA           (eff6795cdacb959d1ab89eb9b9c29b57) C:\Windows\system32\drivers\nvhda32v.sys
2011/04/25 22:10:41.0553 5128	nvlddmkm        (50c1b2dd2a5b3ed82c6e4683c4ad58b8) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/04/25 22:10:41.0642 5128	nvraid          (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
2011/04/25 22:10:41.0677 5128	nvstor          (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
2011/04/25 22:10:41.0720 5128	nv_agp          (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/04/25 22:10:41.0747 5128	NW1950          (f1a718c6c6cd3edf157fa3d459adfef7) C:\Windows\system32\DRIVERS\NW1950.sys
2011/04/25 22:10:41.0804 5128	NxpCap          (953e08d5ca0b02697a8145aaa0ca28be) C:\Windows\system32\DRIVERS\NxpCap.sys
2011/04/25 22:10:41.0858 5128	ohci1394        (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/04/25 22:10:41.0952 5128	Parport         (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2011/04/25 22:10:41.0988 5128	partmgr         (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
2011/04/25 22:10:42.0018 5128	Parvdm          (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2011/04/25 22:10:42.0056 5128	pci             (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
2011/04/25 22:10:42.0104 5128	pciide          (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
2011/04/25 22:10:42.0144 5128	pcmcia          (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/04/25 22:10:42.0184 5128	pcw             (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2011/04/25 22:10:42.0231 5128	PEAUTH          (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2011/04/25 22:10:42.0515 5128	PptpMiniport    (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2011/04/25 22:10:42.0545 5128	Processor       (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2011/04/25 22:10:42.0608 5128	Psched          (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2011/04/25 22:10:42.0671 5128	ql2300          (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2011/04/25 22:10:42.0830 5128	ql40xx          (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/04/25 22:10:42.0919 5128	QWAVEdrv        (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2011/04/25 22:10:43.0001 5128	RasAcd          (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2011/04/25 22:10:43.0065 5128	RasAgileVpn     (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/04/25 22:10:43.0106 5128	Rasl2tp         (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/04/25 22:10:43.0156 5128	RasPppoe        (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/04/25 22:10:43.0221 5128	RasSstp         (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2011/04/25 22:10:43.0364 5128	rdbss           (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
2011/04/25 22:10:43.0398 5128	rdpbus          (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/04/25 22:10:43.0430 5128	RDPCDD          (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/04/25 22:10:43.0471 5128	RDPENCDD        (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2011/04/25 22:10:43.0511 5128	RDPREFMP        (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2011/04/25 22:10:43.0542 5128	RDPWD           (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
2011/04/25 22:10:43.0582 5128	rdyboost        (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
2011/04/25 22:10:43.0678 5128	RFCOMM          (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
2011/04/25 22:10:43.0763 5128	rspndr          (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2011/04/25 22:10:43.0821 5128	RSUSBSTOR       (b87f999e05dd9c0312c83a8752e8e66b) C:\Windows\System32\Drivers\RtsUStor.sys
2011/04/25 22:10:43.0881 5128	RTL8167         (80b66a4181f782884a815e69d0afa743) C:\Windows\system32\DRIVERS\Rt86win7.sys
2011/04/25 22:10:43.0942 5128	rtl8192se       (cfd6c307bf5db3b339be9f92b95433b9) C:\Windows\system32\DRIVERS\rtl8192se.sys
2011/04/25 22:10:43.0990 5128	sbp2port        (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/04/25 22:10:44.0031 5128	scfilter        (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
2011/04/25 22:10:44.0163 5128	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/04/25 22:10:44.0221 5128	Serenum         (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2011/04/25 22:10:44.0331 5128	Serial          (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2011/04/25 22:10:44.0384 5128	sermouse        (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2011/04/25 22:10:44.0466 5128	sffdisk         (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/04/25 22:10:44.0496 5128	sffp_mmc        (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/04/25 22:10:44.0533 5128	sffp_sd         (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/04/25 22:10:44.0554 5128	sfloppy         (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/04/25 22:10:44.0608 5128	sisagp          (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
2011/04/25 22:10:44.0633 5128	SiSRaid2        (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/04/25 22:10:44.0669 5128	SiSRaid4        (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/04/25 22:10:44.0695 5128	Smb             (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2011/04/25 22:10:44.0760 5128	spldr           (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2011/04/25 22:10:44.0801 5128	SPLITCAM        (c7c361a04742ab187e10583bbf4fa975) C:\Windows\system32\DRIVERS\splitcam.sys
2011/04/25 22:10:44.0884 5128	sptd            (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys
2011/04/25 22:10:44.0885 5128	Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
2011/04/25 22:10:44.0892 5128	sptd - detected Locked file (1)
2011/04/25 22:10:44.0940 5128	srv             (4a9b0f215de2519e2363f91df25c1e97) C:\Windows\system32\DRIVERS\srv.sys
2011/04/25 22:10:44.0993 5128	srv2            (14c44875518ae1c982e54ea8c5f7fe28) C:\Windows\system32\DRIVERS\srv2.sys
2011/04/25 22:10:45.0049 5128	srvnet          (07a14223b0a50e76ade003fdf95d4fec) C:\Windows\system32\DRIVERS\srvnet.sys
2011/04/25 22:10:45.0140 5128	ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
2011/04/25 22:10:45.0229 5128	stdriver        (5c031c715e14f10dfc9395004f54ee21) C:\Windows\system32\DRIVERS\stdriver32.sys
2011/04/25 22:10:45.0335 5128	stexstor        (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2011/04/25 22:10:45.0364 5128	swenum          (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
2011/04/25 22:10:45.0581 5128	Tcpip           (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\drivers\tcpip.sys
2011/04/25 22:10:45.0639 5128	TCPIP6          (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\DRIVERS\tcpip.sys
2011/04/25 22:10:45.0702 5128	tcpipreg        (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
2011/04/25 22:10:45.0751 5128	TDPIPE          (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
2011/04/25 22:10:45.0788 5128	TDTCP           (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
2011/04/25 22:10:45.0819 5128	tdx             (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
2011/04/25 22:10:45.0893 5128	TermDD          (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
2011/04/25 22:10:46.0010 5128	truecrypt       (aceb4f4f83b895e15c8c1a2f55009783) C:\Windows\system32\drivers\truecrypt.sys
2011/04/25 22:10:46.0062 5128	tssecsrv        (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/04/25 22:10:46.0095 5128	tunnel          (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
2011/04/25 22:10:46.0135 5128	uagp35          (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2011/04/25 22:10:46.0177 5128	udfs            (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
2011/04/25 22:10:46.0258 5128	uliagpkx        (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/04/25 22:10:46.0333 5128	umbus           (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
2011/04/25 22:10:46.0361 5128	UmPass          (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2011/04/25 22:10:46.0444 5128	USBAAPL         (d4fb6ecc60a428564ba8768b0e23c0fc) C:\Windows\system32\Drivers\usbaapl.sys
2011/04/25 22:10:46.0487 5128	usbccgp         (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/04/25 22:10:46.0524 5128	usbcir          (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
2011/04/25 22:10:46.0560 5128	usbehci         (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys
2011/04/25 22:10:46.0597 5128	usbhub          (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys
2011/04/25 22:10:46.0625 5128	usbohci         (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
2011/04/25 22:10:46.0738 5128	usbprint        (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2011/04/25 22:10:46.0816 5128	usbscan         (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
2011/04/25 22:10:46.0847 5128	USBSTOR         (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/04/25 22:10:46.0869 5128	usbuhci         (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/04/25 22:10:46.0989 5128	usbvideo        (b5f6a992d996282b7fae7048e50af83a) C:\Windows\System32\Drivers\usbvideo.sys
2011/04/25 22:10:47.0065 5128	vdrvroot        (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/04/25 22:10:47.0113 5128	vga             (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/04/25 22:10:47.0146 5128	VgaSave         (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2011/04/25 22:10:47.0208 5128	vhdmp           (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/04/25 22:10:47.0266 5128	viaagp          (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
2011/04/25 22:10:47.0332 5128	ViaC7           (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2011/04/25 22:10:47.0371 5128	viaide          (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
2011/04/25 22:10:47.0393 5128	volmgr          (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/04/25 22:10:47.0436 5128	volmgrx         (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2011/04/25 22:10:47.0475 5128	volsnap         (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
2011/04/25 22:10:47.0510 5128	vsmraid         (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/04/25 22:10:47.0550 5128	vwifibus        (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/04/25 22:10:47.0587 5128	vwififlt        (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/04/25 22:10:47.0623 5128	vwifimp         (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys
2011/04/25 22:10:47.0668 5128	WacomPen        (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2011/04/25 22:10:47.0701 5128	WANARP          (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/25 22:10:47.0724 5128	Wanarpv6        (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/25 22:10:47.0785 5128	Wd              (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2011/04/25 22:10:47.0821 5128	Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2011/04/25 22:10:47.0908 5128	WfpLwf          (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/04/25 22:10:47.0945 5128	WIMMount        (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2011/04/25 22:10:48.0069 5128	WinUsb          (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/04/25 22:10:48.0121 5128	WmiAcpi         (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/04/25 22:10:48.0184 5128	ws2ifsl         (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/04/25 22:10:48.0315 5128	WudfPf          (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
2011/04/25 22:10:48.0406 5128	WUDFRd          (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/04/25 22:10:48.0484 5128	X10Hid          (1f93fcb5bab3a921ecba522f63586f4a) C:\Windows\System32\Drivers\x10hid.sys
2011/04/25 22:10:48.0552 5128	XUIF            (378dc1b0b1f62a7488ee8d31a3c6e949) C:\Windows\System32\Drivers\x10ufx2.sys
2011/04/25 22:10:48.0699 5128	================================================================================
2011/04/25 22:10:48.0699 5128	Scan finished
2011/04/25 22:10:48.0699 5128	================================================================================
2011/04/25 22:10:48.0721 5120	Detected object count: 1
2011/04/25 22:11:00.0103 5120	Locked file(sptd) - User select action: Skip
         

Alt 26.04.2011, 09:06   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Spy.SpyEyes.gps von AntiVir gefunden - Standard

TR/Spy.SpyEyes.gps von AntiVir gefunden



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
__________________
Logs bitte immer in CODE-Tags posten

Alt 26.04.2011, 20:28   #15
mattan75
 
TR/Spy.SpyEyes.gps von AntiVir gefunden - Standard

TR/Spy.SpyEyes.gps von AntiVir gefunden



Hi, habe alles wie angewiesen erledigt. Hier das Log:

Code:
ATTFilter
ComboFix 11-04-25.03 - ******** 26.04.2011  21:15:31.2.2 - x86
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.49.1031.18.3070.1816 [GMT 2:00]
ausgeführt von:: c:\users\********\Desktop\cofi.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
AV: Lavasoft Ad-Watch Live! Virenschutz *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\SplitCam Toolbar\tbHElper.dll
c:\windows\system32\scvideo.dll
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-03-26 bis 2011-04-26  ))))))))))))))))))))))))))))))
.
.
2011-04-26 19:22 . 2011-04-26 19:22	--------	d-----w-	c:\users\********\AppData\Local\temp
2011-04-26 19:22 . 2011-04-26 19:22	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-04-25 15:05 . 2011-04-25 15:05	--------	d-----w-	C:\_OTL
2011-04-23 11:53 . 2007-06-26 22:56	19968	----a-w-	c:\windows\system32\Spool\prtprocs\w32x86\sst3cpc.dll
2011-04-22 07:31 . 2011-04-22 07:32	--------	d-----w-	c:\program files\ERUNT
2011-04-21 20:44 . 2011-04-21 21:13	--------	d-----w-	c:\programdata\Spybot - Search & Destroy
2011-04-21 20:44 . 2011-04-21 21:13	--------	d-----w-	c:\program files\Spybot - Search & Destroy
2011-04-21 20:38 . 2011-04-18 10:23	16432	----a-w-	c:\windows\system32\lsdelete.exe
2011-04-21 18:28 . 2011-04-19 00:00	64512	----a-w-	c:\windows\system32\drivers\Lbd.sys
2011-04-21 18:28 . 2011-04-21 18:28	98392	----a-w-	c:\windows\system32\drivers\SBREDrv.sys
2011-04-21 18:28 . 2011-04-21 18:28	--------	d-----w-	c:\users\********\AppData\Local\Sunbelt Software
2011-04-21 18:27 . 2011-04-21 18:27	--------	dc-h--w-	c:\programdata\{AA5544E4-9BBC-419B-9204-40B5924D26AA}
2011-04-21 18:27 . 2011-04-21 18:27	--------	d-----w-	c:\programdata\Lavasoft
2011-04-21 18:27 . 2011-04-21 18:27	--------	d-----w-	c:\program files\Lavasoft
2011-04-16 08:22 . 2011-02-23 05:06	311296	----a-w-	c:\windows\system32\drivers\srv.sys
2011-04-16 08:22 . 2011-02-23 05:05	309760	----a-w-	c:\windows\system32\drivers\srv2.sys
2011-04-16 08:22 . 2011-02-23 05:05	113664	----a-w-	c:\windows\system32\drivers\srvnet.sys
2011-04-16 08:22 . 2011-02-18 05:36	428032	----a-w-	c:\windows\system32\vbscript.dll
2011-04-16 08:22 . 2011-03-03 03:31	2331136	----a-w-	c:\windows\system32\win32k.sys
2011-04-16 08:22 . 2011-02-24 05:32	981504	----a-w-	c:\windows\system32\wininet.dll
2011-04-16 08:22 . 2011-02-24 05:32	673040	----a-w-	c:\program files\Internet Explorer\iexplore.exe
2011-04-16 08:22 . 2011-02-24 05:29	860160	----a-w-	c:\program files\Internet Explorer\iedvtool.dll
2011-04-16 08:19 . 2011-03-03 05:29	132608	----a-w-	c:\windows\system32\dnsrslvr.dll
2011-04-16 08:19 . 2011-03-03 05:27	28672	----a-w-	c:\windows\system32\dnscacheugc.exe
2011-04-16 08:19 . 2011-02-19 05:32	34304	----a-w-	c:\windows\system32\atmlib.dll
2011-04-16 08:19 . 2011-02-19 03:37	294912	----a-w-	c:\windows\system32\atmfd.dll
2011-04-16 08:19 . 2011-02-12 05:30	191488	----a-w-	c:\windows\system32\FXSCOVER.exe
2011-04-16 08:19 . 2011-02-24 05:32	288256	----a-w-	c:\windows\system32\XpsGdiConverter.dll
2011-04-14 18:16 . 2011-03-08 05:38	740864	----a-w-	c:\windows\system32\inetcomm.dll
2011-04-14 18:16 . 2011-03-11 05:40	1164288	----a-w-	c:\windows\system32\mfc42u.dll
2011-04-14 18:16 . 2011-03-11 05:40	1137664	----a-w-	c:\windows\system32\mfc42.dll
2011-04-14 18:16 . 2011-02-23 05:05	221696	----a-w-	c:\windows\system32\drivers\mrxsmb10.sys
2011-04-14 18:16 . 2011-02-23 05:05	95744	----a-w-	c:\windows\system32\drivers\mrxsmb20.sys
2011-04-14 18:16 . 2011-02-23 05:05	123392	----a-w-	c:\windows\system32\drivers\mrxsmb.sys
2011-04-14 18:16 . 2011-02-23 05:05	69632	----a-w-	c:\windows\system32\drivers\bowser.sys
2011-04-10 11:07 . 2011-04-10 11:07	--------	d-----w-	c:\users\********\AppData\Roaming\Malwarebytes
2011-04-10 10:48 . 2010-12-20 16:09	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-10 10:48 . 2011-04-10 10:48	--------	d-----w-	c:\programdata\Malwarebytes
2011-04-10 10:48 . 2010-12-20 16:08	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-04-10 10:48 . 2011-04-10 11:06	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2011-04-07 17:23 . 2011-04-07 17:23	--------	d--h--w-	c:\programdata\CanonIJEGV
2011-04-05 20:33 . 2011-04-05 20:33	--------	d-----w-	c:\users\********\AppData\Local\PDF24
2011-04-05 20:31 . 2011-04-24 10:15	--------	d-----w-	c:\program files\PDF24
2011-04-05 20:20 . 2011-04-05 20:20	--------	d--h--w-	c:\programdata\CanonIJScan
2011-04-05 20:11 . 2011-04-05 20:11	--------	d-----w-	c:\programdata\CanonIJWSpt
2011-04-05 20:10 . 2010-03-29 15:31	438272	----a-w-	c:\windows\system32\CNQ4809L.dll
2011-04-05 20:10 . 2010-03-18 15:12	1335296	----a-w-	c:\windows\system32\CNQ4809C.dll
2011-04-05 20:10 . 2010-03-18 15:12	114688	----a-w-	c:\windows\system32\CNQ4809I.dll
2011-04-05 20:10 . 2010-03-18 15:11	106496	----a-w-	c:\windows\system32\CNQ4809U.dll
2011-04-05 20:10 . 2008-08-25 16:02	15872	----a-w-	c:\windows\system32\CNHMCA.dll
2011-04-05 20:10 . 2010-03-11 08:56	180224	----a-w-	c:\windows\system32\CNQ4809Y.dll
2011-04-05 20:10 . 2010-01-13 14:03	94208	----a-w-	c:\windows\system32\CNQ4809O.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-25 19:30 . 2009-07-14 00:01	51776	----a-w-	c:\windows\system32\drivers\termdd.sys
2011-04-21 23:53 . 2010-03-29 23:46	237568	----a-w-	c:\windows\system32\rmc_rtspdl.dll
2011-04-21 23:53 . 2010-03-29 23:46	156672	----a-w-	c:\windows\system32\rmc_fixasf.exe
2011-03-17 22:33 . 2011-03-17 22:33	49240	----a-w-	c:\windows\system32\drivers\stdriver32.sys
2011-03-16 18:38 . 2010-03-29 17:18	137656	----a-w-	c:\windows\system32\drivers\avipbb.sys
2011-02-19 05:33 . 2011-03-09 19:32	802304	----a-w-	c:\windows\system32\FntCache.dll
2011-02-19 05:32 . 2011-03-09 19:32	1074176	----a-w-	c:\windows\system32\DWrite.dll
2011-02-19 05:32 . 2011-03-09 19:32	739840	----a-w-	c:\windows\system32\d2d1.dll
2011-02-18 15:36 . 2011-02-18 15:36	41984	----a-w-	c:\windows\system32\drivers\usbaapl.sys
2011-02-18 15:36 . 2011-02-18 15:36	4184352	----a-w-	c:\windows\system32\usbaaplrc.dll
2011-02-03 05:45 . 2011-02-10 19:12	219008	----a-w-	c:\windows\system32\drivers\dxgmms1.sys
2011-02-02 20:40 . 2010-09-18 15:41	472808	----a-w-	c:\windows\system32\deployJava1.dll
2011-03-22 19:23 . 2011-03-22 19:23	142296	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"ccleaner"="c:\program files\CCleaner\ccleaner.exe" [2011-03-23 2229048]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-12-02 13838952]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-12-29 8391200]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RtHDVBg.exe" [2009-12-29 678432]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-14 281768]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"CanonSolutionMenuEx"="c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-04-01 202256]
"PDFPrint"="c:\program files\PDF24\pdf24.exe" [2011-04-18 220552]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-1 795936]
RemoteKeySrv.lnk - c:\program files\RemoteKeySrv\RemoteKeySrv.exe [2010-1-8 303104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer9"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-04-01 21:57	202256	----a-w-	c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2010-08-24 09:38	247144	----a-w-	c:\program files\TomTom HOME 2\TomTomHOMERunner.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-04-04 136176]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2011-04-21 2146496]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [2010-01-07 182304]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2011-04-19 64512]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-12-04 691696]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AirPrint;AirPrint;c:\program files\AirPrint\Airprint.exe [2011-02-06 234784]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-11-14 135336]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-02-03 1155072]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-12-09 13336]
S2 RemoteKeySrv;RemoteKeySrv;c:\program files\RemoteKeySrv\RemoteKeySrv.exe [2010-01-08 303104]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2010-08-24 92008]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2009-07-01 43944]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]
S3 genport;genport;c:\program files\RemoteKeySrv\GenPort.sys [2005-12-08 4096]
S3 hidkmdf;Microsoft HID Class Shim for KMDF;c:\windows\system32\DRIVERS\hidkmdf.sys [2009-10-29 10360]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-10-13 67688]
S3 NW1950;NextWindow 1950 Touch Screen;c:\windows\system32\DRIVERS\NW1950.sys [2009-10-29 22392]
S3 NxpCap;CTX capture service;c:\windows\system32\DRIVERS\NxpCap.sys [2009-12-22 1558368]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-03-04 277536]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2010-03-02 1006624]
S3 stdriver;Sound Tap Upper Class Filter Driver v2.0.0.0;c:\windows\system32\DRIVERS\stdriver32.sys [2011-03-17 49240]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
S3 X10Hid;X10 Hid Device;c:\windows\System32\Drivers\x10hid.sys [2009-05-13 13720]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - Lavasoft Kernexplorer
.
Inhalt des "geplante Tasks" Ordners
.
2011-04-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-04 15:21]
.
2011-04-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-04 15:21]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = https://webmail.havigs.com/
uInternet Settings,ProxyOverride = *.local
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4
IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} - c:\program files\ICQ7.1\ICQ.exe
FF - ProfilePath - c:\users\********\AppData\Roaming\Mozilla\Firefox\Profiles\lmsewdbk.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
SafeBoot-klmdb.sys
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]
"OOSAFEERASE04.00.00.01MSWINDOWS"="0DCA2D38AAC82F9F01ADBA02A26CA80B243744DB67F39D5C2552B2957B163C93D291408F77FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808FEBC9E127BECC74CBA7FD869164D6794BA7FD869164D67944DC90C7E176435D7B5884736BF660771E6ECE2E676DBF6615D3516A2E81587361B530287B0EB3174CB9DB73ED93807A228050085B34FADDA386087557B1727F5E048C48C4A2AE8BEBB7DBCAA5C0CC63944E896A62765277959A4F545BBDB918A0513B00C7CF38165998BCBBF9E7F12F39E17CD6F8426752C8EB65F18DA74BD3462423ACF947E751A6DCFEB032B9188968BADE34731F97A681AEFD437BCD17239C889E85F95E51293B4763940BF271BE753732A5ACA2D6EA6B04FFE4E79CACDE3F9BFD78934A9788DDDCEE506508892363450841920F25DE37DF596D05E194080AEDF3561D9AE1F464ECC34A801E3884D5ED2EE3735DF27211EA9E9716BDB0DE01008C5BCA33ACF005B097D3FAE46EB05F6A974AD416D7EE124D45B2B5594CF5C3EFB61B46379A802D4BEADA3E7A70032972C37382FF86CAE1706E1B904AAF2C9CCA170A820791B16F74EC3F46C5EDA30CCD06C569EC34C95EFED86209568380AC085F4B990306D8BF93CD698B526E7E097365CCB6474CDA61DE16921597BB47B1754024F2474B7B5022E0DB2EC2165A66D1C66A2869275F57F5EBA4853F6D0863FE2BC12FB806969ACF2A3B1715366E8B668F926420C9A1D6E7EC1E13ED1489319A762F16E74C3038AF76A4255A4D114D0241DE58433E7B8348659FD84642E10FE3DC12083D2DCDF1F53C5D75E61E2960D7B6937733CDDE80DDAED73C7EE65ED3A623E1279841DE2E13A2D2A88BA27E5303F0CB1E5C15151AC8484D95B14A7A30B7A4F03C154C474BF8B2E358044027872E4453065BFE81C3834318F49D800A9A38B7E700272E3FC97C5E9362BF62AC98184EA5534192176CAB91FB4CC28527E2A416D9D9370DF6B3F8C91B09CAE2AD9FEDBE7034591480F718B0CAFD7D0D0A33B6ACD8E05C6F3B3FCA7EFEDA12CE12C7FCB37633ED4839C2EC34B290E05069D65F9688F96D0AD4C0E046176B69382498C586AE07C6E4AD5F69FC10E47D94DF72B8697ADBDCEECAE22B0549B8FEE943B212CA8AC0F50E8F8B6026A8F124CD6BE04CBC93CA46269595D614EEE13A7F093B012A8B93A507E464AEF53A22D392A055BA7044FA8932CD156EE67C7DA11C7E320FB39C174277E8185939F800D631DDE8F1D5C425B4F149A1C544CC1355D9BC5C500BBBFE8F132F3ACBA05A6DA705FE5F3547E340263D1422B33BC3C26A643D3F155A5F4F733336A7AD84ED573EC6FBACF17A88517826AD47ACC8CD96368E82E64587FE435CFF2B51C01D7936744A2FB5D53B0DDC5463AE4708A25"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-04-26  21:24:15
ComboFix-quarantined-files.txt  2011-04-26 19:24
.
Vor Suchlauf: 8 Verzeichnis(se), 838.284.333.056 Bytes frei
Nach Suchlauf: 11 Verzeichnis(se), 837.818.785.792 Bytes frei
.
- - End Of File - - CAFAB19DC104FC2AF0DE24A0440FC70C
         

Antwort

Themen zu TR/Spy.SpyEyes.gps von AntiVir gefunden
ad-aware, antivir, avgntflt.sys, avira, benutzerregistrierung, bho, bonjour, canon, converter, dllhost.exe, error, excel, firefox, flash player, home, install.exe, ip-adresse, jdownloader, location, locker, logfile, microsoft office word, mozilla, neu aufsetzen, ntdll.dll, nvlddmkm.sys, office 2007, oldtimer, plug-in, programm, realtek, registry, rundll, saver, scan, searchplugins, security, security update, shell32.dll, software, sptd.sys, start menu, system, trojan, usb 2.0, usbport.sys, video converter, virus, visual studio, webcheck, windows



Ähnliche Themen: TR/Spy.SpyEyes.gps von AntiVir gefunden


  1. Trojaner gefunden (Trojan.Spyeyes,Trojan.Agent.Gen...): wie gehe ich vor?
    Plagegeister aller Art und deren Bekämpfung - 25.02.2013 (11)
  2. PUM.Bad.Proxy und Trojan.Spyeyes durch Malwarebytes gefunden und gelöscht,OTL und gmer durchgelaufen
    Log-Analyse und Auswertung - 23.01.2012 (1)
  3. Trojan.Spyeyes gefunden
    Log-Analyse und Auswertung - 09.09.2011 (10)
  4. Spyeyes von Malwarebytes gefunden&entfernt --> AUSREICHEND?
    Plagegeister aller Art und deren Bekämpfung - 09.08.2011 (1)
  5. Antivir meldet Fund: TR/Jorik.SpyEyes.tl
    Plagegeister aller Art und deren Bekämpfung - 23.07.2011 (16)
  6. TR/Spy.SpyEyes.ide gefunden
    Plagegeister aller Art und deren Bekämpfung - 15.06.2011 (34)
  7. 5 x Malware gefunden: TR/Drop.Agent.yds, TR/Jorik.SpyEyes.of, AVA/OpenConnecti.C
    Plagegeister aller Art und deren Bekämpfung - 06.06.2011 (27)
  8. 4 Trojaner Kazy, Dofoil, Jorik.Spyeyes, Spy.Gen gefunden durch AntiVir
    Log-Analyse und Auswertung - 05.06.2011 (9)
  9. Trojaner: 'TR/Spy.SpyEyes.hbk' auf Netbook Samsung NC10 Plus gefunden.
    Plagegeister aller Art und deren Bekämpfung - 31.05.2011 (36)
  10. Trojaner gefunden, was nun? c:\Recycle.Bin\config.bin (Trojan.Spyeyes)
    Plagegeister aller Art und deren Bekämpfung - 30.05.2011 (10)
  11. SpyEyes-Trojaner gefunden (Antivir läßt sich nicht mehr updaten)
    Plagegeister aller Art und deren Bekämpfung - 27.05.2011 (21)
  12. TR/Spy.SpyEyes.AU.1 wird von AntiVir gemeldet
    Plagegeister aller Art und deren Bekämpfung - 22.05.2011 (10)
  13. 3 Objekte Trojan.Spyeyes mit Malwarebytes gefunden
    Plagegeister aller Art und deren Bekämpfung - 15.05.2011 (19)
  14. Virus 'Spy.SpyEyes.SC1' gefunden
    Plagegeister aller Art und deren Bekämpfung - 29.04.2011 (14)
  15. Tr/Ramnit.D und TR/Trash.GEn von Antivir gefunden, Symantec hat 097M.Dropper gefunden
    Log-Analyse und Auswertung - 20.04.2011 (7)
  16. SpyEyes Trojaner gefunden, Logfiles erstellt
    Plagegeister aller Art und deren Bekämpfung - 01.03.2011 (15)
  17. TR/Crypt.EPACK.Gen2 Antivir-Fund / Spyeyes
    Plagegeister aller Art und deren Bekämpfung - 22.02.2011 (15)

Zum Thema TR/Spy.SpyEyes.gps von AntiVir gefunden - Hallo zusammen, AntiVir hat mir gestern folgenden Fund gemeldet: Code: Alles auswählen Aufklappen ATTFilter In der Datei 'C:\polaroidexe\polaroidexe.exe' wurde ein Virus oder unerwünschtes Programm 'TR/Spy.SpyEyes.gps' [trojan] gefunden. Ausgeführte Aktion: Zugriff - TR/Spy.SpyEyes.gps von AntiVir gefunden...
Archiv
Du betrachtest: TR/Spy.SpyEyes.gps von AntiVir gefunden auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.