| |
| |||||||
Log-Analyse und Auswertung: Trojan.Hiloti.Gen / Appcrash svchost.exe / Google Redirects / ständige Angriffe etc.Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
06.04.2011, 18:22
| #1 |
 |  Trojan.Hiloti.Gen / Appcrash svchost.exe / Google Redirects / ständige Angriffe etc. (Kenne mich nicht so aus, also bitte nicht wundern, ich geb mein Bestes) Habe seit einigen Tagen mehrere Probleme auf meiner Windows Vista Partition: Norton meldet ständig Angriffe (Tidserv Activity : System Infected). Es sind immer die selben IP's, anscheinend russische. Windows Update funktioniert nicht. Google leitet mich öfter um. Es kommt ständig die Meldung 'Windows Dienst funktioniert nicht mehr', Appcrash, svchost.exe. Manchmal wechselt das Design meiner Taskleiste und sieht dann wie das von XP aus, auch bei dem Fenster von 'Windows Dienst funktioniert nicht' hab ich das XP-Design. Hier meine Malwarebytes logfile Code:
ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Datenbank Version: 6283
Windows 6.0.6000
Internet Explorer 7.0.6000.17037
##########
mbam-log-2011-04-06 (11-05-39).txt
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 150130
Laufzeit: 5 Minute(n), 51 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 2
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell.Gen) -> Value: Shell -> Delete on reboot.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer (PUM.Bad.Proxy) -> Value: ProxyServer -> Quarantined and deleted successfully.
Infizierte Dateiobjekte der Registrierung:
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (explorer.exe,C:\Users\Zaphod\AppData\Roaming\Microsoft\Windows\shell.exe) Good: (Explorer.exe) -> Quarantined and deleted successfully.
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
c:\Users\Zaphod\AppData\Local\Temp\snwroeaxcm.exe (Trojan.Hiloti.Gen) -> Quarantined and deleted successfully.
c:\Users\Zaphod\AppData\Roaming\chkntfs.dat (Malware.Trace) -> Quarantined and deleted successfully.
|
|
06.04.2011, 19:57
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Trojan.Hiloti.Gen / Appcrash svchost.exe / Google Redirects / ständige Angriffe etc. Hallo und
__________________ Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! Danach OTL: Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________ |
|
07.04.2011, 14:01
| #3 |
| | Trojan.Hiloti.Gen / Appcrash svchost.exe / Google Redirects / ständige Angriffe etc. Vielen Dank für die schnelle Antwort. Habe schon einmal versucht zu posten, hat aber anscheinend nicht funktioniert.
__________________Hier die logfilfe von Malwarebytes nach Aktualisierung und Vollscan: Code:
ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Datenbank Version: 6290
Windows 6.0.6000
Internet Explorer 7.0.6000.17037
07.04.2011 00:04
mbam-log-2011-04-07 (00-04-00).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|F:\|)
Durchsuchte Objekte: 277464
Laufzeit: 1 Stunde(n), 14 Minute(n), 30 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Code:
ATTFilter OTL logfile created on: 07.04.2011 14:16:23 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Zaphod\Downloads Windows Vista Business Edition (Version = 6.0.6000) - Type = NTWorkstation Internet Explorer (Version = 7.0.6000.17037) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 48,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 78,00% Paging File free Paging file location(s): ?:\pagefile.sys %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 218,41 Gb Total Space | 172,77 Gb Free Space | 79,10% Space Free | Partition Type: NTFS Computer Name: ZAPHOD-LAB | User Name: Zaphod | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Zaphod\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe (Symantec Corporation) PRC - C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.) PRC - C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE (Logitech, Inc.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - C:\Users\Zaphod\Downloads\OTL.exe (OldTimer Tools) MOD - C:\PROGRAM FILES\NORTON INTERNET SECURITY\ENGINE\18.5.0.125\ASOEHOOK.DLL (Symantec Corporation) MOD - C:\PROGRAM FILES\NORTON INTERNET SECURITY\ENGINE\18.5.0.125\Microsoft.VC90.CRT\MSVCR90.dll (Microsoft Corporation) MOD - C:\PROGRAM FILES\NORTON INTERNET SECURITY\ENGINE\18.5.0.125\Microsoft.VC90.CRT\MSVCP90.dll (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (NIS) -- C:\Program Files\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe (Symantec Corporation) SRV - (LBTServ) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.) SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV - (AdobeActiveFileMonitor5.0) -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe () SRV - (WisLMSvc) -- C:\Program Files\Launch Manager\WisLMSvc.exe (Wistron Corp.) ========== Driver Services (SafeList) ========== DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110406.003\NAVEX15.SYS (Symantec Corporation) DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110406.003\NAVENG.SYS (Symantec Corporation) DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110405.001\IDSvix86.sys (Symantec Corporation) DRV - (BHDrvx86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110309.001\BHDrvx86.sys (Symantec Corporation) DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation) DRV - (SYMTDIv) -- C:\Windows\System32\Drivers\NIS\1205000.07D\SYMTDIV.SYS (Symantec Corporation) DRV - (SRTSP) -- C:\Windows\System32\Drivers\NIS\1205000.07D\SRTSP.SYS (Symantec Corporation) DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\system32\drivers\NIS\1205000.07D\SRTSPX.SYS (Symantec Corporation) DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys () DRV - (SymEFA) -- C:\Windows\system32\drivers\NIS\1205000.07D\SYMEFA.SYS (Symantec Corporation) DRV - (SymIRON) -- C:\Windows\system32\drivers\NIS\1205000.07D\Ironx86.SYS (Symantec Corporation) DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation) DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation) DRV - (SymDS) -- C:\Windows\system32\drivers\NIS\1205000.07D\SYMDS.SYS (Symantec Corporation) DRV - (BthAvrcp) -- C:\Windows\System32\drivers\BthAvrcp.sys (CSR, plc) DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.) DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.) DRV - (USBModem) -- C:\Windows\System32\drivers\lgusbmodem.sys (LG Electronics Inc.) DRV - (UsbDiag) -- C:\Windows\System32\drivers\lgusbdiag.sys (LG Electronics Inc.) DRV - (usbbus) -- C:\Windows\System32\drivers\lgusbbus.sys (LG Electronics Inc.) DRV - (SVKP) -- C:\Windows\System32\SVKP.sys (AntiCracking) DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.) DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys () DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys () DRV - (AF15BDA) -- C:\Windows\System32\drivers\AF15BDA.sys (AfaTech ) DRV - (NETw4v32) Intel(R) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation) DRV - (USB28xxBGA) -- C:\Windows\System32\drivers\emBDA.sys (eMPIA Technology, Inc.) DRV - (USB28xxOEM) -- C:\Windows\System32\drivers\emOEM.sys (eMPIA Technology, Inc.) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation ) DRV - (Hotkey) -- C:\Windows\System32\drivers\HOTKEY.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.fujitsu-siemens.com/index2 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0 FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:5.5 FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94 FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94 FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\ [2011.01.13 19:48:04 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn\ [2011.01.07 04:05:19 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.03.29 10:10:21 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.03.29 10:10:21 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.04.06 14:17:21 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.04.06 14:17:16 | 000,000,000 | ---D | M] [2011.04.06 14:18:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Zaphod\AppData\Roaming\mozilla\Extensions [2011.04.06 14:21:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Zaphod\AppData\Roaming\mozilla\Firefox\Profiles\3pbm62fv.default\extensions [2011.04.06 14:21:22 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Zaphod\AppData\Roaming\mozilla\Firefox\Profiles\3pbm62fv.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.04.06 14:17:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions [2011.04.06 14:03:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011.03.29 10:10:21 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\HTML5VIDEO [2011.03.29 10:10:21 | 000,000,000 | ---D | M] (DivX HiQ) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\WPA [2011.01.07 04:05:19 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\COFFPLGN [2011.01.13 19:48:04 | 000,000,000 | ---D | M] (Norton IPS) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPLGN [2011.04.06 14:02:30 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011.03.17 21:57:30 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll [2011.03.20 01:06:12 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.03.20 01:06:12 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.03.20 01:06:13 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011.03.20 01:06:13 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011.03.20 01:06:13 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2011.04.06 13:02:04 | 000,432,311 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 O1 - Hosts: 127.0.0.1 O1 - Hosts: 127.0.0.1 O1 - Hosts: 127.0.0.1 O1 - Hosts: 127.0.0.1 O1 - Hosts: 127.0.0.1 O1 - Hosts: 127.0.0.1 O1 - Hosts: 127.0.0.1 O1 - Hosts: 127.0.0.1 O1 - Hosts: 127.0.0.1 O1 - Hosts: 127.0.0.1 O1 - Hosts: 127.0.0.1 O1 - Hosts: 127.0.0.1 O1 - Hosts: 127.0.0.1 O1 - Hosts: 127.0.0.1 O1 - Hosts: 127.0.0.1 O1 - Hosts: 127.0.0.1 O1 - Hosts: 127.0.0.1 O1 - Hosts: 127.0.0.1 O1 - Hosts: 127.0.0.1 O1 - Hosts: 127.0.0.1 O1 - Hosts: 127.0.0.1 O1 - Hosts: 127.0.0.1 O1 - Hosts: 14882 more lines... O2 - BHO: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll () O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\coIEPlg.dll (Symantec Corporation) O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\IPS\IPSBHO.DLL (Symantec Corporation) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\coIEPlg.dll (Symantec Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll () O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\coIEPlg.dll (Symantec Corporation) O4 - HKLM..\Run: [MSConfig] C:\Windows\System32\msconfig.exe (Microsoft Corporation) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files\vShare\vshare_toolbar.dll () O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Zaphod\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Zaphod\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{5d118db0-23b3-11e0-baaa-8412d60bb5e4}\Shell - "" = AutoRun O33 - MountPoints2\{5d118db0-23b3-11e0-baaa-8412d60bb5e4}\Shell\AutoRun\command - "" = E:\LGAutoRun.exe O33 - MountPoints2\{77d23c94-c14c-11dd-8837-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{77d23c94-c14c-11dd-8837-806e6f6e6963}\Shell\AutoRun\command - "" = D:\setup.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.04.06 17:22:48 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.04.06 17:22:42 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.04.06 15:07:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2011.04.06 14:18:07 | 000,000,000 | ---D | C] -- C:\Users\Zaphod\AppData\Roaming\Mozilla [2011.04.06 14:03:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2011.04.06 14:03:06 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2011.04.06 14:03:06 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2011.04.06 14:03:06 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2011.04.06 14:02:22 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2011.04.06 13:59:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer [2011.04.06 13:59:45 | 000,180,224 | ---- | C] (Apple Inc.) -- C:\Windows\System32\QTCF.dll [2011.04.06 13:59:45 | 000,094,208 | ---- | C] (Apple Inc.) -- C:\Windows\System32\QuickTimeVR.qtx [2011.04.06 13:59:45 | 000,069,632 | ---- | C] (Apple Inc.) -- C:\Windows\System32\QuickTime.qts [2011.04.06 13:59:39 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime Alternative [2011.04.06 12:18:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2011.04.06 12:18:37 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy [2011.04.06 10:52:23 | 000,000,000 | ---D | C] -- C:\Users\Zaphod\AppData\Roaming\Malwarebytes [2011.04.06 10:52:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.04.06 10:52:03 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2011.04.02 16:06:35 | 000,000,000 | ---D | C] -- C:\Program Files\MSN [2011.03.31 15:55:43 | 000,962,560 | ---- | C] (East Wind Software) -- C:\Windows\System32\advdaudio.ocx [2011.03.31 15:55:43 | 000,835,584 | ---- | C] (NCT) -- C:\Windows\System32\NCTAudioCDGrabber2.dll [2011.03.31 15:55:43 | 000,634,880 | ---- | C] (Online Media Technologies Ltd.) -- C:\Windows\System32\NCTAudioEditor2.dll [2011.03.31 15:55:43 | 000,522,752 | ---- | C] (Online Media Technologies Ltd.) -- C:\Windows\System32\NCTAudioTransform2.dll [2011.03.31 15:55:43 | 000,479,232 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\NCTAudioVisualization2.dll [2011.03.31 15:55:43 | 000,348,160 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\NCTWMAFile2.dll [2011.03.31 15:55:42 | 000,966,144 | ---- | C] (Online Media Technologies Ltd.) -- C:\Windows\System32\NCTAudioInformation2.dll [2011.03.31 15:55:42 | 000,877,568 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\NCTAudioFile2.dll [2011.03.31 15:55:42 | 000,467,968 | ---- | C] (Online Media Technologies Ltd.) -- C:\Windows\System32\NCTAudioRecord2.dll [2011.03.31 15:55:42 | 000,467,456 | ---- | C] (Online Media Technologies Ltd.) -- C:\Windows\System32\NCTAudioPlayer2.dll [2011.03.31 15:55:42 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcr70.dll [2011.03.31 15:55:41 | 000,000,000 | ---D | C] -- C:\Program Files\concept design [2011.03.29 10:11:26 | 000,000,000 | ---D | C] -- C:\Users\Zaphod\AppData\Local\DDMSettings [2011.03.27 21:59:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus [2011.03.27 21:59:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared [2011.03.26 14:36:27 | 000,000,000 | ---D | C] -- C:\Users\Zaphod\AppData\Roaming\EAC [2011.03.26 14:36:18 | 000,000,000 | ---D | C] -- C:\Users\Zaphod\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Exact Audio Copy [2011.03.26 14:36:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Exact Audio Copy [2011.03.26 14:36:17 | 000,000,000 | ---D | C] -- C:\Program Files\Exact Audio Copy [2011.03.26 11:54:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Driver Whiz [2011.03.24 23:12:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Monkey's Audio [2011.03.24 23:12:25 | 000,364,544 | ---- | C] (Matthew T. Ashland) -- C:\Windows\System32\MACDll.dll [2011.03.24 23:12:25 | 000,246,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unicows.dll [2011.03.24 23:12:24 | 000,000,000 | ---D | C] -- C:\Program Files\Monkey's Audio [2011.03.24 15:30:52 | 000,000,000 | ---D | C] -- C:\Program Files\LG Electronics [2011.03.24 15:12:19 | 000,000,000 | ---D | C] -- C:\Users\Zaphod\AppData\Roaming\Amazon [2011.03.24 15:11:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon [2011.03.24 15:11:20 | 000,000,000 | ---D | C] -- C:\Program Files\Amazon [2011.03.24 14:42:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp [2011.03.24 14:42:09 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_42.dll [2011.03.24 14:41:16 | 000,000,000 | ---D | C] -- C:\Users\Zaphod\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Winamp Erkennungs-Plug-in [2011.03.24 14:41:16 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp Detect [2011.03.24 14:39:31 | 000,000,000 | ---D | C] -- C:\Users\Zaphod\AppData\Roaming\Winamp [2011.03.24 14:39:31 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp [2011.03.09 13:22:23 | 000,000,000 | ---D | C] -- C:\Program Files\DivX [3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.04.07 14:15:09 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.04.07 14:14:41 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.04.07 14:14:41 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.04.07 14:14:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.04.07 14:14:01 | 2137,432,064 | -HS- | M] () -- C:\hiberfil.sys [2011.04.07 02:46:42 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2011.04.07 02:37:39 | 000,644,854 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.04.07 02:37:39 | 000,613,046 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.04.07 02:37:39 | 000,117,716 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.04.07 02:37:39 | 000,104,768 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.04.07 00:47:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.04.06 17:22:48 | 000,000,912 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.04.06 14:17:22 | 000,001,730 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2011.04.06 14:11:59 | 000,019,277 | ---- | M] () -- C:\Users\Zaphod\Desktop\bookmarks-2011-04-06.json [2011.04.06 14:02:30 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll [2011.04.06 14:02:30 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2011.04.06 14:02:30 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2011.04.06 14:02:30 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2011.04.06 14:00:56 | 000,001,903 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk [2011.04.06 14:00:55 | 000,001,401 | ---- | M] () -- C:\Users\Zaphod\Desktop\DivX Movies.lnk [2011.04.06 13:02:04 | 000,432,311 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts [2011.04.05 21:35:36 | 406,186,373 | ---- | M] () -- C:\Windows\MEMORY.DMP [2011.04.03 00:52:18 | 000,007,102 | ---- | M] () -- C:\Users\Zaphod\Desktop\9783867300940.jpg [2011.04.02 16:14:14 | 000,433,272 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.04.02 15:46:44 | 000,101,376 | ---- | M] (Infineon Technologies AG) -- C:\Windows\System32\ifxcardm.dll [2011.04.02 15:46:07 | 000,079,872 | ---- | M] (Axalto, Inc.) -- C:\Windows\System32\axaltocm.dll [2011.04.02 13:38:24 | 000,152,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SPWizUI.dll [2011.04.02 13:38:24 | 000,047,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SPReview.exe [2011.03.30 18:06:14 | 000,000,436 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics [2011.03.26 14:36:20 | 000,000,873 | ---- | M] () -- C:\Users\Zaphod\Desktop\Exact Audio Copy.lnk [2011.03.25 16:24:53 | 000,012,288 | ---- | M] () -- C:\Users\Zaphod\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.03.23 15:20:58 | 000,031,027 | ---- | M] () -- C:\Users\Zaphod\Desktop\SkizzeJohnson.jpg [2011.03.12 11:27:38 | 000,007,020 | ---- | M] () -- C:\Users\Zaphod\Desktop\Rittersdorf1 an Schubert 27.2.11.pdf [2011.03.12 11:21:03 | 001,369,134 | ---- | M] () -- C:\Users\Zaphod\Desktop\00000001.TIF [3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.04.06 17:22:48 | 000,000,912 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.04.06 15:06:20 | 000,001,839 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk [2011.04.06 14:17:22 | 000,001,730 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2011.04.06 14:11:59 | 000,019,277 | ---- | C] () -- C:\Users\Zaphod\Desktop\bookmarks-2011-04-06.json [2011.04.06 14:00:56 | 000,001,903 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk [2011.04.06 14:00:55 | 000,001,401 | ---- | C] () -- C:\Users\Zaphod\Desktop\DivX Movies.lnk [2011.04.05 23:22:14 | 2137,432,064 | -HS- | C] () -- C:\hiberfil.sys [2011.04.03 00:50:28 | 000,007,102 | ---- | C] () -- C:\Users\Zaphod\Desktop\9783867300940.jpg [2011.03.31 15:55:43 | 000,110,080 | ---- | C] () -- C:\Windows\System32\advd.dll [2011.03.31 15:55:43 | 000,023,040 | ---- | C] () -- C:\Windows\System32\auth.dll [2011.03.31 15:55:42 | 000,237,568 | ---- | C] () -- C:\Windows\System32\lame_enc.dll [2011.03.26 14:36:19 | 000,000,873 | ---- | C] () -- C:\Users\Zaphod\Desktop\Exact Audio Copy.lnk [2011.03.23 15:20:56 | 000,031,027 | ---- | C] () -- C:\Users\Zaphod\Desktop\SkizzeJohnson.jpg [2011.03.12 11:27:38 | 000,007,020 | ---- | C] () -- C:\Users\Zaphod\Desktop\Rittersdorf1 an Schubert 27.2.11.pdf [2011.03.12 11:21:02 | 001,369,134 | ---- | C] () -- C:\Users\Zaphod\Desktop\00000001.TIF [2010.12.31 19:36:00 | 000,001,378 | ---- | C] () -- C:\Windows\System32\SpoonUninstall-dBpowerAMP WMA V9.1 Codec.dat [2010.12.31 19:35:43 | 000,002,180 | ---- | C] () -- C:\Windows\System32\SpoonUninstall-dBpowerAMP WMA V9 Codec.dat [2010.12.31 19:33:45 | 000,002,605 | ---- | C] () -- C:\Windows\System32\SpoonUninstall-dBpowerAMP Wavpack Codec.dat [2010.11.16 22:47:39 | 000,012,288 | ---- | C] () -- C:\Users\Zaphod\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.03.04 13:03:32 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib [2009.09.01 20:20:34 | 000,179,200 | ---- | C] () -- C:\Windows\System32\Un_PLUSr.dll [2009.08.12 14:53:28 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI [2009.08.12 14:13:03 | 000,000,035 | ---- | C] () -- C:\Windows\A4W.INI [2009.08.12 14:12:03 | 000,000,319 | ---- | C] () -- C:\Windows\ULEAD32.INI [2009.07.10 19:26:47 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2009.06.06 11:03:06 | 000,000,760 | ---- | C] () -- C:\Users\Zaphod\AppData\Roaming\setup_ldm.iss [2009.05.09 17:49:35 | 000,000,046 | ---- | C] () -- C:\Windows\QTW.INI [2008.07.12 21:28:24 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat [2008.05.30 13:48:34 | 000,010,840 | ---- | C] () -- C:\Windows\System32\SpoonUninstall-dMC Power Pack.dat [2008.05.30 13:37:54 | 000,036,104 | ---- | C] () -- C:\Windows\System32\SpoonUninstall-dBpowerAMP Music Converter.dat [2008.02.21 11:39:52 | 000,069,632 | ---- | C] () -- C:\Windows\System32\xmltok.dll [2008.02.21 11:39:51 | 000,036,864 | ---- | C] () -- C:\Windows\System32\xmlparse.dll [2008.02.18 09:22:21 | 000,271,360 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2008.02.18 09:22:19 | 000,018,048 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2008.02.11 20:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll [2008.02.11 20:34:48 | 002,215,364 | ---- | C] () -- C:\Windows\System32\igklg400.bin [2008.02.11 20:34:48 | 001,971,732 | ---- | C] () -- C:\Windows\System32\igklg450.bin [2008.02.11 20:34:48 | 000,029,932 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.bin [2008.02.05 18:38:49 | 000,000,850 | ---- | C] () -- C:\Windows\System32\SpoonUninstall-Ogg Vorbis aoTuV b4 SSE2.dat [2008.02.05 18:38:44 | 000,000,789 | ---- | C] () -- C:\Windows\System32\SpoonUninstall-Ogg Vorbis aoTuV b4.dat [2008.02.05 18:29:31 | 000,130,048 | ---- | C] () -- C:\Windows\System32\SpoonUninstall.exe [2008.01.31 16:40:36 | 000,000,034 | ---- | C] () -- C:\Windows\cdplayer.ini [2007.12.10 14:49:41 | 000,217,088 | R--- | C] () -- C:\Windows\System32\MafiaSetup.exe [2007.10.11 10:52:30 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll [2007.09.29 21:30:39 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll [2007.09.29 21:30:39 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll [2007.09.29 21:30:39 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll [2007.09.29 21:21:53 | 000,038,674 | ---- | C] () -- C:\Windows\DIIUnin.dat [2007.09.27 20:48:18 | 000,009,867 | ---- | C] () -- C:\Windows\System32\drivers\HOTKEY.sys [2007.09.27 20:47:03 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat [2007.09.05 17:56:47 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2007.09.05 17:56:32 | 000,910,464 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll [2007.09.05 17:56:32 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1268.dll [2007.07.11 13:38:37 | 000,040,448 | ---- | C] () -- C:\Windows\REGOBJ.DLL [2007.02.02 11:56:54 | 000,644,854 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2007.02.02 11:56:54 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2007.02.02 11:56:54 | 000,117,716 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2007.02.02 11:56:54 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2006.12.01 18:34:16 | 000,053,248 | ---- | C] () -- C:\Windows\System32\PhysXLoader.dll [2006.11.22 11:37:08 | 000,045,056 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll [2006.11.22 11:37:08 | 000,045,056 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll [2006.11.22 11:37:08 | 000,045,056 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll [2006.11.22 11:37:08 | 000,045,056 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll [2006.11.22 11:37:08 | 000,045,056 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll [2006.11.22 11:37:08 | 000,045,056 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll [2006.11.22 11:37:08 | 000,045,056 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll [2006.11.22 11:37:08 | 000,045,056 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll [2006.11.22 11:37:08 | 000,045,056 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll [2006.11.02 14:56:48 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:47:43 | 000,433,272 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 14:36:36 | 000,063,488 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2006.11.02 12:33:01 | 000,613,046 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 12:33:01 | 000,104,768 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2006.11.02 09:22:43 | 000,099,999 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2006.11.02 09:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [1997.06.14 08:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2 @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8 < End of report > Code:
ATTFilter OTL Extras logfile created on: 07.04.2011 14:16:23 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Zaphod\Downloads
Windows Vista Business Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.17037)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 48,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 78,00% Paging File free
Paging file location(s): ?:\pagefile.sys
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 218,41 Gb Total Space | 172,77 Gb Free Space | 79,10% Space Free | Partition Type: NTFS
Computer Name: ZAPHOD-LAB | User Name: Zaphod | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
cval = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
AntiVirusOverride = 0
AntiSpywareOverride = 0
FirewallOverride = 0
VistaSp1 = Reg Error: Unknown registry data type -- File not found
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications = 0
EnableFirewall = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications = 0
EnableFirewall = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
DisableNotifications = 0
EnableFirewall = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
{275F5956-D7ED-4822-ACB6-4B629B3577A9} = lport=1434 | protocol=17 | dir=in | name=microsoft sql (udp) |
{60A9F5A4-28C8-474B-A813-74A8A98F3B52} = lport=1433 | protocol=6 | dir=in | name=microsoft sql (tcp) |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
{207784FF-D210-49BD-8E48-5AEA2D7F76D3} = protocol=6 | dir=in | app=c:\program files\team mediaportal\mediaportal\mediaportal.exe |
{2BC45063-1145-44EA-9CD3-8407E812538A} = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
{392E73D7-5E15-4540-AF1D-9368E33E21C5} = protocol=6 | dir=in | app=c:\program files\team mediaportal\mediaportal tv server\tvservice.exe |
{4DEE3944-E82D-4F45-AB13-883446C35C27} = protocol=17 | dir=in | app=c:\program files\team mediaportal\mediaportal tv server\tvservice.exe |
{4E3A8426-C85C-4682-A9FE-FAA1238F3206} = protocol=17 | dir=in | app=c:\program files\team mediaportal\mediaportal\mediaportal.exe |
{914603C7-F9A7-4014-B60D-F9D708CBD455} = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
{DFC8FC5F-41EE-46D3-885A-F922882853D6} = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
TCP Query User{27302830-F8FA-408D-9136-67855E575A57}C:\program files\google\google earth\client\googleearth.exe = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
TCP Query User{64BFDC2F-794A-46BB-A254-51765551D2AE}C:\program files\mozilla firefox\firefox.exe = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
TCP Query User{6C42D564-CFED-4F85-B0E0-FCF87A7EF106}C:\program files\mozilla firefox\firefox.exe = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
TCP Query User{7C1F5E4E-8AC3-411C-A970-857226E08F06}D:\mirandaportable\app\miranda\miranda32.exe = protocol=6 | dir=in | app=d:\mirandaportable\app\miranda\miranda32.exe |
TCP Query User{9F7ABBD7-6A20-4EA6-A4CD-728919EF5168}C:\program files\real\realplayer\realplay.exe = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
TCP Query User{CEAAB43F-BF08-456A-B512-0891BC571FCF}C:\program files\diablo ii\game.exe = protocol=6 | dir=in | app=c:\program files\diablo ii\game.exe |
TCP Query User{EE2DDEA0-2D95-49DA-BB15-5A7ED1343E12}C:\program files\google\google earth\plugin\geplugin.exe = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
TCP Query User{F7AA8D78-2DB0-4B95-A897-A8E4EDBF747D}C:\program files\real\realplayer\realplay.exe = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
UDP Query User{06144DC5-5AE5-48D5-A5B3-4020E5030BCE}C:\program files\mozilla firefox\firefox.exe = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
UDP Query User{0BF4EA33-4EED-402C-A93F-114B74607A6D}C:\program files\google\google earth\plugin\geplugin.exe = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
UDP Query User{1BF43519-4D83-48EF-8790-A4ABD284887B}C:\program files\diablo ii\game.exe = protocol=17 | dir=in | app=c:\program files\diablo ii\game.exe |
UDP Query User{77BA60A8-AAD3-4988-BDCF-81E90CB13BF4}C:\program files\mozilla firefox\firefox.exe = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
UDP Query User{9EF770DF-4FB1-41DF-B3EB-3D9C77DE3EC6}C:\program files\google\google earth\client\googleearth.exe = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
UDP Query User{BBBDA0F5-68FE-4E34-AFDD-D0489369CBE7}C:\program files\real\realplayer\realplay.exe = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
UDP Query User{DE55D95C-9DC4-4744-AD1D-B57C6060E3A3}C:\program files\real\realplayer\realplay.exe = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
UDP Query User{E02D339B-F031-451B-A799-5398751C26AD}D:\mirandaportable\app\miranda\miranda32.exe = protocol=17 | dir=in | app=d:\mirandaportable\app\miranda\miranda32.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
{052FDD78-A6EA-3187-8386-C82F4CA3A929} = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
{0C826C5B-B131-423A-A229-C71B3CACCD6A} = CDDRV_Installer
{23F2AD64-EAB3-4C01-AECA-33FBA6C7BFCD} = Neverwinter Nights
{25569723-DC5A-4467-A639-79535BF01B71} = Adobe Help Center 2.1
{26A24AE4-039D-4CA4-87B4-2F83216024FF} = Java(TM) 6 Update 24
{3101CB58-3482-4D21-AF1A-7057FC935355} = KhalInstallWrapper
{4286E640-B5FB-11DF-AC4B-005056C00008} = Google Earth
{4A03706F-666A-4037-7777-5F2748764D10} = Java Auto Updater
{55D8440D-6577-46DC-9571-8E5E3046AC11} = X-TENSIONS EM_USB Device Utilities
{5EE7D259-D137-4438-9A5F-42F432EC0421} = VC80CRTRedist - 8.0.50727.4053
{65DA2EC9-0642-47E9-AAE2-B5267AA14D75} = Activation Assistant for the 2007 Microsoft Office suites
{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4} = Windows Media Player Firefox Plugin
{716E0306-8318-4364-8B8F-0CC4E9376BAC} = MSXML 4.0 SP2 Parser and SDK
{7655E113-C306-11D9-A373-0050BAE317E1} = MCE Software Encoder 1.1
{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} = Microsoft Silverlight
{90120000-0015-0407-0000-0000000FF1CE} = Microsoft Office Access MUI (German) 2007
{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISER_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD} = 2007 Microsoft Office Suite Service Pack 1 (SP1)
{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD} = 2007 Microsoft Office Suite Service Pack 1 (SP1)
{90120000-0015-0409-0000-0000000FF1CE} = Microsoft Office Access MUI (English) 2007
{90120000-0016-0407-0000-0000000FF1CE} = Microsoft Office Excel MUI (German) 2007
{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISER_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD} = 2007 Microsoft Office Suite Service Pack 1 (SP1)
{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD} = 2007 Microsoft Office Suite Service Pack 1 (SP1)
{90120000-0016-0409-0000-0000000FF1CE} = Microsoft Office Excel MUI (English) 2007
{90120000-0018-0407-0000-0000000FF1CE} = Microsoft Office PowerPoint MUI (German) 2007
{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISER_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD} = 2007 Microsoft Office Suite Service Pack 1 (SP1)
{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD} = 2007 Microsoft Office Suite Service Pack 1 (SP1)
{90120000-0018-0409-0000-0000000FF1CE} = Microsoft Office PowerPoint MUI (English) 2007
{90120000-0019-0407-0000-0000000FF1CE} = Microsoft Office Publisher MUI (German) 2007
{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISER_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD} = 2007 Microsoft Office Suite Service Pack 1 (SP1)
{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD} = 2007 Microsoft Office Suite Service Pack 1 (SP1)
{90120000-0019-0409-0000-0000000FF1CE} = Microsoft Office Publisher MUI (English) 2007
{90120000-001A-0407-0000-0000000FF1CE} = Microsoft Office Outlook MUI (German) 2007
{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISER_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD} = 2007 Microsoft Office Suite Service Pack 1 (SP1)
{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD} = 2007 Microsoft Office Suite Service Pack 1 (SP1)
{90120000-001A-0409-0000-0000000FF1CE} = Microsoft Office Outlook MUI (English) 2007
{90120000-001B-0407-0000-0000000FF1CE} = Microsoft Office Word MUI (German) 2007
{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISER_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD} = 2007 Microsoft Office Suite Service Pack 1 (SP1)
{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD} = 2007 Microsoft Office Suite Service Pack 1 (SP1)
{90120000-001B-0409-0000-0000000FF1CE} = Microsoft Office Word MUI (English) 2007
{90120000-001F-0407-0000-0000000FF1CE} = Microsoft Office Proof (German) 2007
{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISER_{2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9} = 2007 Microsoft Office Suite Service Pack 1 (SP1)
{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9} = 2007 Microsoft Office Suite Service Pack 1 (SP1)
{90120000-001F-0409-0000-0000000FF1CE} = Microsoft Office Proof (English) 2007
{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{3EC77D26-799B-4CD8-914F-C1565E796173} = 2007 Microsoft Office Suite Service Pack 1 (SP1)
{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{3EC77D26-799B-4CD8-914F-C1565E796173} = 2007 Microsoft Office Suite Service Pack 1 (SP1)
{90120000-001F-040C-0000-0000000FF1CE} = Microsoft Office Proof (French) 2007
{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{430971B1-C31E-45DA-81E0-72C095BAB72C} = 2007 Microsoft Office Suite Service Pack 1 (SP1)
{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{430971B1-C31E-45DA-81E0-72C095BAB72C} = 2007 Microsoft Office Suite Service Pack 1 (SP1)
{90120000-001F-0410-0000-0000000FF1CE} = Microsoft Office Proof (Italian) 2007
{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISER_{58FC5E37-DD28-4D4A-A549-125744C6763C} = 2007 Microsoft Office Suite Service Pack 1 (SP1)
{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{58FC5E37-DD28-4D4A-A549-125744C6763C} = 2007 Microsoft Office Suite Service Pack 1 (SP1)
{90120000-001F-0C0A-0000-0000000FF1CE} = Microsoft Office Proof (Spanish) 2007
{90120000-002C-0407-0000-0000000FF1CE} = Microsoft Office Proofing (German) 2007
{90120000-002C-0409-0000-0000000FF1CE} = Microsoft Office Proofing (English) 2007
{90120000-0044-0407-0000-0000000FF1CE} = Microsoft Office InfoPath MUI (German) 2007
{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISER_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD} = 2007 Microsoft Office Suite Service Pack 1 (SP1)
{90120000-006E-0407-0000-0000000FF1CE} = Microsoft Office Shared MUI (German) 2007
{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISER_{888B9AC7-8F5C-456B-A27A-157A6C310E52} = 2007 Microsoft Office Suite Service Pack 1 (SP1)
{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{888B9AC7-8F5C-456B-A27A-157A6C310E52} = 2007 Microsoft Office Suite Service Pack 1 (SP1)
{90120000-006E-0409-0000-0000000FF1CE} = Microsoft Office Shared MUI (English) 2007
{90120000-00A1-0407-0000-0000000FF1CE} = Microsoft Office OneNote MUI (German) 2007
{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISER_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD} = 2007 Microsoft Office Suite Service Pack 1 (SP1)
{90120000-00B2-0407-0000-0000000FF1CE} = Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme
{90120000-00BA-0407-0000-0000000FF1CE} = Microsoft Office Groove MUI (German) 2007
{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISER_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD} = 2007 Microsoft Office Suite Service Pack 1 (SP1)
{90120000-0115-0409-0000-0000000FF1CE} = Microsoft Office Shared Setup Metadata MUI (English) 2007
{90120000-0117-0409-0000-0000000FF1CE} = Microsoft Office Access Setup Metadata MUI (English) 2007
{91120000-0030-0000-0000-0000000FF1CE} = Microsoft Office Enterprise 2007
{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{BEE75E01-DD3F-4D5F-B96C-609E6538D419} = 2007 Microsoft Office Suite Service Pack 1 (SP1)
{91120000-0031-0000-0000-0000000FF1CE} = Microsoft Office Professional Hybrid 2007
{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419} = 2007 Microsoft Office Suite Service Pack 1 (SP1)
{9A25302D-30C0-39D9-BD6F-21E6EC160475} = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
{A49F249F-0C91-497F-86DF-B2585E8E76B7} = Microsoft Visual C++ 2005 Redistributable
{A7B609FB-83D8-4FC3-8477-1BC65ECFE85B} = Adobe Photoshop Elements 5.0
{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} = Google Update Helper
{AC76BA86-7AD7-1031-7B44-A81300000003} = Adobe Reader 8.1.3 - Deutsch
{AC76BA86-7AD7-5464-3428-800000000003} = Spelling Dictionaries Support For Adobe Reader 8
{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} = Microsoft .NET Framework 3.5 SP1
{D0846526-66DD-4DC9-A02C-98F9A2806812} = Launch Manager V1.4.6
{D34D82E0-4600-407B-9478-8506C1DD1031} = Nero 7 Essentials
{DC24971E-1946-445D-8A82-CE685433FA7D} = Realtek USB 2.0 Card Reader
{E1640DA5-89B4-4F52-B15D-5DA3D14F29D4} = LG USB Modem Drivers
{F0FC1E09-AF67-47BC-9E61-90ECFEB4CE82} = OLYMPUS Master 2
{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E} = Logitech SetPoint
Activation Assistant for the 2007 Microsoft Office suites = Activation Assistant for the 2007 Microsoft Office suites
Adobe Flash Player Plugin = Adobe Flash Player 10 Plugin
Adobe Photoshop Elements 5 = Adobe Photoshop Elements 5.0
Adobe Shockwave Player = Adobe Shockwave Player 11.5
Amazon MP3-Downloader = Amazon MP3-Downloader 1.0.9
CNXT_AUDIO_HDA = Conexant HD Audio
dBASE PLUS series1 Runtime Engine = dBASE PLUS Runtime Engine
dBpowerAMP Music Converter = dBpowerAMP Music Converter
dBpowerAMP Wavpack Codec = dBpowerAMP Wavpack Codec
dBpowerAMP WMA V9 Codec = dBpowerAMP WMA V9 Codec
dBpowerAMP WMA V9.1 Codec = dBpowerAMP WMA V9.1 Codec
Diablo II = Diablo II
DivX Setup.divx.com = DivX-Setup
dMC Power Pack = dMC Power Pack
EAX Unified = EAX Unified
ENTERPRISER = Microsoft Office Enterprise 2007
Exact Audio Copy = Exact Audio Copy 1.0beta1
HDMI = Intel(R) Graphics Media Accelerator Driver
HyperMedia_is1 = HyperMedia Software
HyperMediaCenter 3.6_is1 = HyperMediaCenter 3.6
Malwarebytes' Anti-Malware_is1 = Malwarebytes' Anti-Malware
Microsoft .NET Framework 3.5 Language Pack SP1 - deu = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
Microsoft .NET Framework 3.5 SP1 = Microsoft .NET Framework 3.5 SP1
Monkey's Audio_is1 = Monkey's Audio
Mozilla Firefox (3.6.16) = Mozilla Firefox (3.6.16)
NIS = Norton Internet Security
Ogg Vorbis aoTuV b4 = Ogg Vorbis aoTuV b4
Ogg Vorbis aoTuV b4 SSE2 = Ogg Vorbis aoTuV b4 SSE2
PROHYBRIDR = 2007 Microsoft Office system
QuicktimeAlt_is1 = QuickTime Alternative 3.2.2
RealPlayer 6.0 = RealPlayer
SynTPDeinstKey = Synaptics Pointing Device Driver
Ulead Photo Express 2.0 SE = Ulead Photo Express 2.0 SE
Veetle TV = Veetle TV 0.9.18
VLC media player = VideoLAN VLC media player 0.8.6c
vShare = vShare Plugin
Winamp = Winamp
WinRAR archiver = WinRAR
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
Winamp Detect = Winamp Erkennungs-Plug-in
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 06.04.2011 18:46:53 | Computer Name = Zaphod-Lab | Source = Microsoft-Windows-CAPI2 | ID = 131077
Description =
Error - 06.04.2011 18:46:53 | Computer Name = Zaphod-Lab | Source = Microsoft-Windows-CAPI2 | ID = 131077
Description =
Error - 06.04.2011 18:46:53 | Computer Name = Zaphod-Lab | Source = Microsoft-Windows-CAPI2 | ID = 131077
Description =
Error - 06.04.2011 18:47:16 | Computer Name = Zaphod-Lab | Source = Microsoft-Windows-CAPI2 | ID = 131077
Description =
Error - 06.04.2011 18:47:16 | Computer Name = Zaphod-Lab | Source = Microsoft-Windows-CAPI2 | ID = 131077
Description =
Error - 06.04.2011 18:47:19 | Computer Name = Zaphod-Lab | Source = Microsoft-Windows-CAPI2 | ID = 131077
Description =
Error - 06.04.2011 18:47:19 | Computer Name = Zaphod-Lab | Source = Microsoft-Windows-CAPI2 | ID = 131077
Description =
Error - 06.04.2011 18:52:58 | Computer Name = Zaphod-Lab | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung svchost.exe, Version 6.0.6000.16386, Zeitstempel
0x4549adc4, fehlerhaftes Modul ntdll.dll, Version 6.0.6000.16386, Zeitstempel 0x4549bdc9,
Ausnahmecode 0xc000071b, Fehleroffset 0x0008ac88, Prozess-ID 0x41c, Anwendungsstartzeit
01cbf4aa898b77e2.
Error - 06.04.2011 20:24:17 | Computer Name = Zaphod-Lab | Source = WerSvc | ID = 5007
Description =
Error - 06.04.2011 20:30:41 | Computer Name = Zaphod-Lab | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung svchost.exe, Version 6.0.6000.16386, Zeitstempel
0x4549adc4, fehlerhaftes Modul ntdll.dll, Version 6.0.6000.16386, Zeitstempel 0x4549bdc9,
Ausnahmecode 0xc0000005, Fehleroffset 0x00040026, Prozess-ID 0x414, Anwendungsstartzeit
01cbf4b920c701ad.
[ System Events ]
Error - 06.04.2011 16:47:15 | Computer Name = Zaphod-Lab | Source = Service Control Manager | ID = 7026
Description =
Error - 06.04.2011 17:47:04 | Computer Name = Zaphod-Lab | Source = DCOM | ID = 10005
Description =
Error - 06.04.2011 18:33:23 | Computer Name = Zaphod-Lab | Source = Service Control Manager | ID = 7000
Description =
Error - 06.04.2011 18:33:23 | Computer Name = Zaphod-Lab | Source = Service Control Manager | ID = 7026
Description =
Error - 06.04.2011 19:01:29 | Computer Name = Zaphod-Lab | Source = DCOM | ID = 10005
Description =
Error - 06.04.2011 20:17:44 | Computer Name = Zaphod-Lab | Source = Service Control Manager | ID = 7000
Description =
Error - 06.04.2011 20:17:44 | Computer Name = Zaphod-Lab | Source = Service Control Manager | ID = 7026
Description =
Error - 06.04.2011 20:33:41 | Computer Name = Zaphod-Lab | Source = Service Control Manager | ID = 7032
Description =
Error - 07.04.2011 08:15:11 | Computer Name = Zaphod-Lab | Source = Service Control Manager | ID = 7000
Description =
Error - 07.04.2011 08:15:11 | Computer Name = Zaphod-Lab | Source = Service Control Manager | ID = 7026
Description =
< End of report >
|
|
07.04.2011, 14:41
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojan.Hiloti.Gen / Appcrash svchost.exe / Google Redirects / ständige Angriffe etc. Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
07.04.2011, 19:55
| #5 |
| | Trojan.Hiloti.Gen / Appcrash svchost.exe / Google Redirects / ständige Angriffe etc. Ja, gibt noch 2 Malwarebytes logfiles, wurden zwischen der logfile aus meinem 1. Beitrag und der logfile aus meinem 2. Beitrag erstellt. Waren aber auch wie der erste nur Quick-Scans. Malwarebytes logfile: Code:
ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Datenbank Version: 6283
Windows 6.0.6000
Internet Explorer 7.0.6000.17037
06.04.2011 11:16
mbam-log-2011-04-06 (11-16-11).txt
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 150077
Laufzeit: 5 Minute(n), 23 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Code:
ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Datenbank Version: 6287
Windows 6.0.6000
Internet Explorer 7.0.6000.17037
06.04.2011 17:30
mbam-log-2011-04-06 (17-30-31).txt
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 144921
Laufzeit: 4 Minute(n), 42 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
|
|
07.04.2011, 19:57
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojan.Hiloti.Gen / Appcrash svchost.exe / Google Redirects / ständige Angriffe etc. Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{5d118db0-23b3-11e0-baaa-8412d60bb5e4}\Shell - "" = AutoRun
O33 - MountPoints2\{5d118db0-23b3-11e0-baaa-8412d60bb5e4}\Shell\AutoRun\command - "" = E:\LGAutoRun.exe
O33 - MountPoints2\{77d23c94-c14c-11dd-8837-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{77d23c94-c14c-11dd-8837-806e6f6e6963}\Shell\AutoRun\command - "" = D:\setup.exe
:Commands
[purity]
[resethosts]
[emptytemp]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________ --> Trojan.Hiloti.Gen / Appcrash svchost.exe / Google Redirects / ständige Angriffe etc. |
|
07.04.2011, 20:21
| #7 |
| | Trojan.Hiloti.Gen / Appcrash svchost.exe / Google Redirects / ständige Angriffe etc. Gesagt, Getan. OTL: Code:
ATTFilter All processes killed
========== OTL ==========
ADS C:\ProgramData\TEMP:DFC5A2B2 deleted successfully.
ADS C:\ProgramData\TEMP:A8ADE5D8 deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5d118db0-23b3-11e0-baaa-8412d60bb5e4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5d118db0-23b3-11e0-baaa-8412d60bb5e4}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5d118db0-23b3-11e0-baaa-8412d60bb5e4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5d118db0-23b3-11e0-baaa-8412d60bb5e4}\ not found.
File E:\LGAutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{77d23c94-c14c-11dd-8837-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{77d23c94-c14c-11dd-8837-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{77d23c94-c14c-11dd-8837-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{77d23c94-c14c-11dd-8837-806e6f6e6963}\ not found.
File D:\setup.exe not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Flash cache emptied: 41 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Public
User: Zaphod
->Temp folder emptied: 17489889 bytes
->Java cache emptied: 10643 bytes
->FireFox cache emptied: 97425173 bytes
->Flash cache emptied: 1393 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 820529 bytes
%systemroot%\System32 .tmp files removed: 556616 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 430930 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 111,00 mb
OTL by OldTimer - Version 3.2.22.3 log created on 04072011_211243
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
Stephi |
|
08.04.2011, 04:48
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojan.Hiloti.Gen / Appcrash svchost.exe / Google Redirects / ständige Angriffe etc. Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html
__________________ Logfiles bitte immer in CODE-Tags posten |
|
08.04.2011, 09:29
| #9 |
| | Trojan.Hiloti.Gen / Appcrash svchost.exe / Google Redirects / ständige Angriffe etc. Hallo Arne, hier kommt das rootkit log: Code:
ATTFilter 2011/04/08 10:10:33.0416 3260 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/08 10:10:33.0447 3260 ================================================================================
2011/04/08 10:10:33.0447 3260 SystemInfo:
2011/04/08 10:10:33.0447 3260
2011/04/08 10:10:33.0447 3260 OS Version: 6.0.6000 ServicePack: 0.0
2011/04/08 10:10:33.0447 3260 Product type: Workstation
2011/04/08 10:10:33.0447 3260 ComputerName: ZAPHOD-LAB
2011/04/08 10:10:33.0447 3260 UserName: Zaphod
2011/04/08 10:10:33.0447 3260 Windows directory: C:\Windows
2011/04/08 10:10:33.0447 3260 System windows directory: C:\Windows
2011/04/08 10:10:33.0447 3260 Processor architecture: Intel x86
2011/04/08 10:10:33.0447 3260 Number of processors: 2
2011/04/08 10:10:33.0447 3260 Page size: 0x1000
2011/04/08 10:10:33.0447 3260 Boot type: Normal boot
2011/04/08 10:10:33.0447 3260 ================================================================================
2011/04/08 10:10:35.0241 3260 Initialize success
2011/04/08 10:10:48.0174 0792 ================================================================================
2011/04/08 10:10:48.0174 0792 Scan started
2011/04/08 10:10:48.0174 0792 Mode: Manual;
2011/04/08 10:10:48.0174 0792 ================================================================================
2011/04/08 10:10:49.0344 0792 ACPI (84fc6df81212d16be5c4f441682feccc) C:\Windows\system32\drivers\acpi.sys
2011/04/08 10:10:49.0422 0792 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2011/04/08 10:10:49.0453 0792 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2011/04/08 10:10:49.0500 0792 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2011/04/08 10:10:49.0531 0792 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2011/04/08 10:10:49.0625 0792 AF15BDA (25e12313338e476293178bcae4d6f4e2) C:\Windows\system32\DRIVERS\AF15BDA.sys
2011/04/08 10:10:49.0671 0792 AFD (5d24caf8efd924a875698ff28384db8b) C:\Windows\system32\drivers\afd.sys
2011/04/08 10:10:49.0718 0792 agp440 (8b10ce1c1f9f1d47e4deb1a547a00cd4) C:\Windows\system32\drivers\agp440.sys
2011/04/08 10:10:49.0765 0792 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/04/08 10:10:49.0796 0792 aliide (5c42a992e68724d2cd3ddb4fc3b0409f) C:\Windows\system32\drivers\aliide.sys
2011/04/08 10:10:49.0827 0792 amdagp (848f27e5b27c1c253f6cefdc1a5d8f21) C:\Windows\system32\drivers\amdagp.sys
2011/04/08 10:10:49.0859 0792 amdide (849dfacdde533da5d1810f0caf84eb19) C:\Windows\system32\drivers\amdide.sys
2011/04/08 10:10:49.0890 0792 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2011/04/08 10:10:49.0921 0792 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
2011/04/08 10:10:49.0983 0792 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2011/04/08 10:10:50.0030 0792 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2011/04/08 10:10:50.0061 0792 AsyncMac (e86cf7ce67d5de898f27ef884dc357d8) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/04/08 10:10:50.0108 0792 atapi (e03e8c99d15d0381e02743c36afc7c6f) C:\Windows\system32\drivers\atapi.sys
2011/04/08 10:10:50.0155 0792 atksgt (6e996cf8459a2594e0e9609d0e34d41f) C:\Windows\system32\DRIVERS\atksgt.sys
2011/04/08 10:10:50.0233 0792 b57nd60x (8e287eb3a52fd30c999482c576f4a61b) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/04/08 10:10:50.0295 0792 Beep (ac3dd1708b22761ebd7cbe14dcc3b5d7) C:\Windows\system32\drivers\Beep.sys
2011/04/08 10:10:50.0514 0792 BHDrvx86 (32d6e07922d17bed40ae746fc86b8a68) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110309.001\BHDrvx86.sys
2011/04/08 10:10:50.0779 0792 bowser (913cd06fbe9105ce6077e90fd4418561) C:\Windows\system32\DRIVERS\bowser.sys
2011/04/08 10:10:50.0826 0792 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/04/08 10:10:50.0857 0792 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/04/08 10:10:50.0888 0792 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/04/08 10:10:50.0997 0792 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/04/08 10:10:51.0091 0792 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/04/08 10:10:51.0107 0792 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/04/08 10:10:51.0169 0792 BthAvrcp (3472331b9d460212965b51a8d38e8bec) C:\Windows\system32\DRIVERS\BthAvrcp.sys
2011/04/08 10:10:51.0200 0792 BthEnum (cf97c2d6a011ee9403b42191b5f95ba8) C:\Windows\system32\DRIVERS\BthEnum.sys
2011/04/08 10:10:51.0263 0792 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/04/08 10:10:51.0309 0792 BthPan (b8c3d9ddf85fd197c3e5f849fef71144) C:\Windows\system32\DRIVERS\bthpan.sys
2011/04/08 10:10:51.0356 0792 BTHPORT (b4ce8000aab30a9ab16cd0fb3db4d7cf) C:\Windows\system32\Drivers\BTHport.sys
2011/04/08 10:10:51.0403 0792 BTHUSB (9a4ddc8544c1459aa2a118a8858dade3) C:\Windows\system32\Drivers\BTHUSB.sys
2011/04/08 10:10:51.0450 0792 cdfs (6c3a437fc873c6f6a4fc620b6888cb86) C:\Windows\system32\DRIVERS\cdfs.sys
2011/04/08 10:10:51.0528 0792 cdrom (8d1866e61af096ae8b582454f5e4d303) C:\Windows\system32\DRIVERS\cdrom.sys
2011/04/08 10:10:51.0575 0792 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2011/04/08 10:10:51.0621 0792 CLFS (1b84fd0937d3b99af9ba38ddff3daf54) C:\Windows\system32\CLFS.sys
2011/04/08 10:10:51.0668 0792 CmBatt (ed97ad3df1b9005989eaf149bf06c821) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/04/08 10:10:51.0684 0792 cmdide (de11a06e187756ecb86cfa82dac40ff7) C:\Windows\system32\drivers\cmdide.sys
2011/04/08 10:10:51.0762 0792 CnxtHdAudService (b6e7991e3d6146c04c85cd31af22a381) C:\Windows\system32\drivers\CHDRT32.sys
2011/04/08 10:10:51.0809 0792 Compbatt (722936afb75a7f509662b69b5632f48a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/04/08 10:10:51.0840 0792 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2011/04/08 10:10:51.0871 0792 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2011/04/08 10:10:51.0933 0792 CSC (ee95a5f89766f199557e5900ce6b2d7d) C:\Windows\system32\drivers\csc.sys
2011/04/08 10:10:51.0980 0792 DfsC (a7179de59ae269ab70345527894ccd7c) C:\Windows\system32\Drivers\dfsc.sys
2011/04/08 10:10:52.0058 0792 disk (841af4c4d41d3e3b2f244e976b0f7963) C:\Windows\system32\drivers\disk.sys
2011/04/08 10:10:52.0121 0792 drmkaud (ee472cd2c01f6f8e8aa1fa06ffef61b6) C:\Windows\system32\drivers\drmkaud.sys
2011/04/08 10:10:52.0167 0792 DXGKrnl (a2b160c1bb13ee3303c342e551373c59) C:\Windows\System32\drivers\dxgkrnl.sys
2011/04/08 10:10:52.0277 0792 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/04/08 10:10:52.0323 0792 Ecache (0efc7531b936ee57fdb4e837664c509f) C:\Windows\system32\drivers\ecache.sys
2011/04/08 10:10:52.0433 0792 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2011/04/08 10:10:52.0495 0792 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2011/04/08 10:10:52.0557 0792 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2011/04/08 10:10:52.0604 0792 fastfat (84a317cb0b3954d3768cdcd018dbf670) C:\Windows\system32\drivers\fastfat.sys
2011/04/08 10:10:52.0635 0792 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
2011/04/08 10:10:52.0682 0792 FileInfo (65773d6115c037ffd7ef8280ae85eb9d) C:\Windows\system32\drivers\fileinfo.sys
2011/04/08 10:10:52.0698 0792 Filetrace (c226dd0de060745f3e042f58dcf78402) C:\Windows\system32\drivers\filetrace.sys
2011/04/08 10:10:52.0729 0792 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/04/08 10:10:52.0760 0792 FltMgr (a6a8da7ae4d53394ab22ac3ab6d3f5d3) C:\Windows\system32\drivers\fltmgr.sys
2011/04/08 10:10:52.0807 0792 Fs_Rec (66a078591208baa210c7634b11eb392c) C:\Windows\system32\drivers\Fs_Rec.sys
2011/04/08 10:10:52.0838 0792 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2011/04/08 10:10:52.0916 0792 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/04/08 10:10:52.0963 0792 HDAudBus (0db613a7e427b5663563677796fd5258) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/04/08 10:10:52.0994 0792 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/04/08 10:10:53.0025 0792 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/04/08 10:10:53.0072 0792 HidUsb (01e7971e9f4bd6ac6a08db52d0ea0418) C:\Windows\system32\DRIVERS\hidusb.sys
2011/04/08 10:10:53.0135 0792 Hotkey (8b566ea71d5b76157a9cdb78f25a5731) C:\Windows\system32\drivers\Hotkey.sys
2011/04/08 10:10:53.0181 0792 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2011/04/08 10:10:53.0291 0792 HTTP (ea24fe637d974a8a31bc650f478e3533) C:\Windows\system32\drivers\HTTP.sys
2011/04/08 10:10:53.0369 0792 hwdatacard (4e370a583e78b614918c8f2cd5b733ef) C:\Windows\system32\DRIVERS\ewusbmdm.sys
2011/04/08 10:10:53.0415 0792 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2011/04/08 10:10:53.0462 0792 i8042prt (1c9ee072baa3abb460b91d7ee9152660) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/04/08 10:10:53.0571 0792 ialm (9378d57e2b96c0a185d844770ad49948) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/04/08 10:10:53.0665 0792 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2011/04/08 10:10:53.0883 0792 IDSVix86 (7c8ce2b83a89ee1cb0c3fee5991e62a2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110406.001\IDSvix86.sys
2011/04/08 10:10:54.0071 0792 igfx (9378d57e2b96c0a185d844770ad49948) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/04/08 10:10:54.0149 0792 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/04/08 10:10:54.0195 0792 intelide (59b00efb24ead979becf413703bb1fac) C:\Windows\system32\drivers\intelide.sys
2011/04/08 10:10:54.0227 0792 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
2011/04/08 10:10:54.0289 0792 IpFilterDriver (880c6f86cc3f551b8fea2c11141268c0) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/04/08 10:10:54.0351 0792 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2011/04/08 10:10:54.0383 0792 IPNAT (10077c35845101548037df04fd1a420b) C:\Windows\system32\DRIVERS\ipnat.sys
2011/04/08 10:10:54.0414 0792 IRENUM (a82f328f4792304184642d6d397bb1e3) C:\Windows\system32\drivers\irenum.sys
2011/04/08 10:10:54.0445 0792 isapnp (2f8ece2699e7e2070545e9b0960a8ed2) C:\Windows\system32\drivers\isapnp.sys
2011/04/08 10:10:54.0492 0792 iScsiPrt (4dca456d4d5723f8fa9c6760d240b0df) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/04/08 10:10:54.0523 0792 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/04/08 10:10:54.0554 0792 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/04/08 10:10:54.0601 0792 kbdclass (b076b2ab806b3f696dab21375389101c) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/04/08 10:10:54.0663 0792 kbdhid (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\drivers\kbdhid.sys
2011/04/08 10:10:54.0710 0792 KSecDD (0a829977b078dea11641fc2af87ceade) C:\Windows\system32\Drivers\ksecdd.sys
2011/04/08 10:10:54.0804 0792 LHidFilt (7f9c7b28cf1c859e1c42619eea946dc8) C:\Windows\system32\DRIVERS\LHidFilt.Sys
2011/04/08 10:10:54.0866 0792 lirsgt (975b6cf65f44e95883f3855bae8cecaf) C:\Windows\system32\DRIVERS\lirsgt.sys
2011/04/08 10:10:54.0913 0792 lltdio (fd015b4f95daa2b712f0e372a116fbad) C:\Windows\system32\DRIVERS\lltdio.sys
2011/04/08 10:10:54.0944 0792 LMouFilt (ab33792a87285344f43b5ce23421bab0) C:\Windows\system32\DRIVERS\LMouFilt.Sys
2011/04/08 10:10:54.0975 0792 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2011/04/08 10:10:55.0007 0792 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2011/04/08 10:10:55.0069 0792 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2011/04/08 10:10:55.0163 0792 luafv (42885bb44b6e065b8575a8dd6c430c52) C:\Windows\system32\drivers\luafv.sys
2011/04/08 10:10:55.0209 0792 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2011/04/08 10:10:55.0272 0792 Modem (21755967298a46fb6adfec9db6012211) C:\Windows\system32\drivers\modem.sys
2011/04/08 10:10:55.0319 0792 monitor (7446e104a5fe5987ca9e4983fbac4f97) C:\Windows\system32\DRIVERS\monitor.sys
2011/04/08 10:10:55.0381 0792 mouclass (5fba13c1a1841b0885d316ed3589489d) C:\Windows\system32\DRIVERS\mouclass.sys
2011/04/08 10:10:55.0428 0792 mouhid (b569b5c5d3bde545df3a6af512cccdba) C:\Windows\system32\DRIVERS\mouhid.sys
2011/04/08 10:10:55.0459 0792 MountMgr (01f1e5a3e4877c931cbb31613fec16a6) C:\Windows\system32\drivers\mountmgr.sys
2011/04/08 10:10:55.0506 0792 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2011/04/08 10:10:55.0553 0792 mpsdrv (6e7a7f0c1193ee5648443fe2d4b789ec) C:\Windows\system32\drivers\mpsdrv.sys
2011/04/08 10:10:55.0584 0792 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/04/08 10:10:55.0615 0792 MRxDAV (1d8828b98ee309d65e006f0829e280e5) C:\Windows\system32\drivers\mrxdav.sys
2011/04/08 10:10:55.0662 0792 mrxsmb (8af705ce1bb907932157fab821170f27) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/04/08 10:10:55.0693 0792 mrxsmb10 (47e13ab23371be3279eef22bbfa2c1be) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/04/08 10:10:55.0724 0792 mrxsmb20 (90b3fc7bd6b3d7ee7635debba2187f66) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/04/08 10:10:55.0771 0792 msahci (2681302b63b318cbea6c82902ac5428c) C:\Windows\system32\drivers\msahci.sys
2011/04/08 10:10:55.0833 0792 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2011/04/08 10:10:55.0896 0792 Msfs (729eafefd4e7417165f353a18dbe947d) C:\Windows\system32\drivers\Msfs.sys
2011/04/08 10:10:55.0943 0792 msisadrv (207df26dbb2537c20276da0e15892274) C:\Windows\system32\drivers\msisadrv.sys
2011/04/08 10:10:55.0974 0792 MSKSSRV (892cedefa7e0ffe7be8da651b651d047) C:\Windows\system32\drivers\MSKSSRV.sys
2011/04/08 10:10:56.0021 0792 MSPCLOCK (ae2cb1da69b2676b4cee2a501af5871c) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/04/08 10:10:56.0099 0792 MSPQM (f910da84fa90c44a3addb7cd874463fd) C:\Windows\system32\drivers\MSPQM.sys
2011/04/08 10:10:56.0379 0792 MsRPC (84571c0ae07647ba38d493f5f0015df7) C:\Windows\system32\drivers\MsRPC.sys
2011/04/08 10:10:56.0426 0792 mssmbios (7dbaa028f625aa46b95dda4fbe4b602b) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/04/08 10:10:56.0473 0792 MSTEE (c826dd1373f38afd9ca46ec3c436a14e) C:\Windows\system32\drivers\MSTEE.sys
2011/04/08 10:10:56.0504 0792 Mup (fa7aa70050cf5e2d15de00941e5665e5) C:\Windows\system32\Drivers\mup.sys
2011/04/08 10:10:56.0567 0792 NativeWifiP (6da4a0fc7c0e83df0cb3cfd0a514c3bc) C:\Windows\system32\DRIVERS\nwifi.sys
2011/04/08 10:10:56.0769 0792 NAVENG (c34e2a884ccca8b5567d0c2752527073) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110407.002\NAVENG.SYS
2011/04/08 10:10:56.0863 0792 NAVEX15 (b3916eeec738dd4178f4fd6a44a32e36) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110407.002\NAVEX15.SYS
2011/04/08 10:10:57.0019 0792 NDIS (227c11e1e7cf6ef8afb2a238d209760c) C:\Windows\system32\drivers\ndis.sys
2011/04/08 10:10:57.0066 0792 NdisTapi (81659cdcbd0f9a9e07e6878ad8c78d3f) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/04/08 10:10:57.0097 0792 Ndisuio (5de5ee546bf40838ebe0e01cb629df64) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/04/08 10:10:57.0128 0792 NdisWan (397402adcbb8946223a1950101f6cd94) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/04/08 10:10:57.0144 0792 NDProxy (1b24fa907af283199a81b3bb37e5e526) C:\Windows\system32\drivers\NDProxy.sys
2011/04/08 10:10:57.0175 0792 NetBIOS (356dbb9f98e8dc1028dd3092fceeb877) C:\Windows\system32\DRIVERS\netbios.sys
2011/04/08 10:10:57.0237 0792 netbt (e3a168912e7eefc3bd3b814720d68b41) C:\Windows\system32\DRIVERS\netbt.sys
2011/04/08 10:10:57.0440 0792 NETw4v32 (6522dd40a5f67ced020bd81b856613fb) C:\Windows\system32\DRIVERS\NETw4v32.sys
2011/04/08 10:10:57.0534 0792 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/04/08 10:10:57.0596 0792 Npfs (4f9832beb9fafd8ceb0e541f1323b26e) C:\Windows\system32\drivers\Npfs.sys
2011/04/08 10:10:57.0627 0792 nsiproxy (b488dfec274de1fc9d653870ef2587be) C:\Windows\system32\drivers\nsiproxy.sys
2011/04/08 10:10:57.0752 0792 Ntfs (37430aa7a66d7a63407adc2c0d05e9f6) C:\Windows\system32\drivers\Ntfs.sys
2011/04/08 10:10:57.0846 0792 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/04/08 10:10:57.0877 0792 Null (ec5efb3c60f1b624648344a328bce596) C:\Windows\system32\drivers\Null.sys
2011/04/08 10:10:57.0908 0792 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
2011/04/08 10:10:57.0939 0792 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
2011/04/08 10:10:57.0986 0792 nv_agp (055081fd5076401c1ee1bcab08d81911) C:\Windows\system32\drivers\nv_agp.sys
2011/04/08 10:10:58.0064 0792 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
2011/04/08 10:10:58.0142 0792 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\DRIVERS\parport.sys
2011/04/08 10:10:58.0158 0792 partmgr (555a5b2c8022983bc7467bc925b222ee) C:\Windows\system32\drivers\partmgr.sys
2011/04/08 10:10:58.0189 0792 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\DRIVERS\parvdm.sys
2011/04/08 10:10:58.0251 0792 pci (bdd96f9cf34d58958aff1be6ef4c8020) C:\Windows\system32\drivers\pci.sys
2011/04/08 10:10:58.0283 0792 pciide (54d23dc5b5072311116826fdb7f6e83e) C:\Windows\system32\drivers\pciide.sys
2011/04/08 10:10:58.0329 0792 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/04/08 10:10:58.0407 0792 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/04/08 10:10:58.0548 0792 PptpMiniport (c04dec5ace67c5247b150c4223970bb7) C:\Windows\system32\DRIVERS\raspptp.sys
2011/04/08 10:10:58.0579 0792 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2011/04/08 10:10:58.0641 0792 PSched (2c8bae55247c4e09352e870292e4d1ab) C:\Windows\system32\DRIVERS\pacer.sys
2011/04/08 10:10:58.0704 0792 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\Windows\system32\Drivers\PxHelp20.sys
2011/04/08 10:10:58.0766 0792 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2011/04/08 10:10:58.0829 0792 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/04/08 10:10:58.0875 0792 QWAVEdrv (d2b3e2b7426dc23e185fbc73c8936c12) C:\Windows\system32\drivers\qwavedrv.sys
2011/04/08 10:10:58.0907 0792 RasAcd (bd7b30f55b3649506dd8b3d38f571d2a) C:\Windows\system32\DRIVERS\rasacd.sys
2011/04/08 10:10:58.0969 0792 Rasl2tp (68b0019fee429ec49d29017af937e482) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/04/08 10:10:59.0016 0792 RasPppoe (ccf4e9c6cbbac81437f88cb2ae0b6c96) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/04/08 10:10:59.0063 0792 rdbss (54129c5d9581bbec8bd1ebd3ba813f47) C:\Windows\system32\DRIVERS\rdbss.sys
2011/04/08 10:10:59.0094 0792 RDPCDD (794585276b5d7fca9f3fc15543f9f0b9) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/04/08 10:10:59.0141 0792 rdpdr (0245418224cfa77bf4b41c2fe0622258) C:\Windows\system32\DRIVERS\rdpdr.sys
2011/04/08 10:10:59.0172 0792 RDPENCDD (980b56e2e273e19d3a9d72d5c420f008) C:\Windows\system32\drivers\rdpencdd.sys
2011/04/08 10:10:59.0203 0792 RDPWD (8830e790a74a96605faba74f9665bb3c) C:\Windows\system32\drivers\RDPWD.sys
2011/04/08 10:10:59.0281 0792 RFCOMM (7ec90c316177ba3f1bce92005264b447) C:\Windows\system32\DRIVERS\rfcomm.sys
2011/04/08 10:10:59.0328 0792 rspndr (97e939d2128fec5d5a3e6e79b290a2f4) C:\Windows\system32\DRIVERS\rspndr.sys
2011/04/08 10:10:59.0390 0792 RTL8169 (71b7026d61293c1e91145bdad11c53bf) C:\Windows\system32\DRIVERS\Rtlh86.sys
2011/04/08 10:10:59.0421 0792 RTSTOR (e845f4d709c456992f11d2acf321bced) C:\Windows\system32\drivers\RTSTOR.SYS
2011/04/08 10:10:59.0468 0792 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/04/08 10:10:59.0515 0792 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/04/08 10:10:59.0546 0792 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\DRIVERS\serenum.sys
2011/04/08 10:10:59.0593 0792 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\DRIVERS\serial.sys
2011/04/08 10:10:59.0624 0792 sermouse (450accd77ec5cea720c1cdb9e26b953b) C:\Windows\system32\drivers\sermouse.sys
2011/04/08 10:10:59.0671 0792 sffdisk (51cf56aa8bcc241f134b420b8f850406) C:\Windows\system32\drivers\sffdisk.sys
2011/04/08 10:10:59.0702 0792 sffp_mmc (96ded8b20c734ac41641ce275250e55d) C:\Windows\system32\drivers\sffp_mmc.sys
2011/04/08 10:10:59.0718 0792 sffp_sd (8b08cab1267b2c377883fc9e56981f90) C:\Windows\system32\drivers\sffp_sd.sys
2011/04/08 10:10:59.0749 0792 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/04/08 10:10:59.0796 0792 sisagp (08072b2fb92477fc813271a84b3a8698) C:\Windows\system32\drivers\sisagp.sys
2011/04/08 10:10:59.0827 0792 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2011/04/08 10:10:59.0874 0792 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2011/04/08 10:10:59.0905 0792 Smb (ac0d90738adb51a6fd12ff00874a2162) C:\Windows\system32\DRIVERS\smb.sys
2011/04/08 10:10:59.0936 0792 spldr (426f9b029aa9162ceccf65369457d046) C:\Windows\system32\drivers\spldr.sys
2011/04/08 10:11:00.0014 0792 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys
2011/04/08 10:11:00.0014 0792 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
2011/04/08 10:11:00.0030 0792 sptd - detected Locked file (1)
2011/04/08 10:11:00.0123 0792 SRTSP (a7a104a61c4e30de9c58f8c372a5c209) C:\Windows\System32\Drivers\NIS\1205000.07D\SRTSP.SYS
2011/04/08 10:11:00.0170 0792 SRTSPX (2833445f786bd000bb14c84a9d91347a) C:\Windows\system32\drivers\NIS\1205000.07D\SRTSPX.SYS
2011/04/08 10:11:00.0217 0792 srv (038579c35f7cad4a4bbf735dbf83277d) C:\Windows\system32\DRIVERS\srv.sys
2011/04/08 10:11:00.0264 0792 srv2 (6971a757af8cb5e2cbcbb76cc530db6c) C:\Windows\system32\DRIVERS\srv2.sys
2011/04/08 10:11:00.0311 0792 srvnet (9e1a4603b874eebce0298113951abefb) C:\Windows\system32\DRIVERS\srvnet.sys
2011/04/08 10:11:00.0435 0792 SVKP (f05028b163b92c302a74409d683ac9b0) C:\Windows\system32\SVKP.sys
2011/04/08 10:11:00.0482 0792 swenum (3b80b4383c9bce13279c8482734b32b2) C:\Windows\system32\DRIVERS\swenum.sys
2011/04/08 10:11:00.0529 0792 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/04/08 10:11:00.0623 0792 SymDS (bdf077b897b5f9f929b6bf0cfd436962) C:\Windows\system32\drivers\NIS\1205000.07D\SYMDS.SYS
2011/04/08 10:11:00.0685 0792 SymEFA (7732298ad2eddd364c1d4f439d99ae7c) C:\Windows\system32\drivers\NIS\1205000.07D\SYMEFA.SYS
2011/04/08 10:11:00.0747 0792 SymEvent (5c76a63fac8a5580c5a1c4a4ed827782) C:\Windows\system32\Drivers\SYMEVENT.SYS
2011/04/08 10:11:00.0810 0792 SymIRON (a73399804d5d4a8b20ba60fcf70c9f1f) C:\Windows\system32\drivers\NIS\1205000.07D\Ironx86.SYS
2011/04/08 10:11:00.0872 0792 SYMTDIv (c93e93bff7cba0cd1c1ea282d791b772) C:\Windows\System32\Drivers\NIS\1205000.07D\SYMTDIV.SYS
2011/04/08 10:11:00.0935 0792 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/04/08 10:11:00.0966 0792 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/04/08 10:11:01.0013 0792 SynTP (f7a4250bb3e3afcd4af100e551509352) C:\Windows\system32\DRIVERS\SynTP.sys
2011/04/08 10:11:01.0091 0792 Tcpip (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\drivers\tcpip.sys
2011/04/08 10:11:01.0153 0792 Tcpip6 (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\DRIVERS\tcpip.sys
2011/04/08 10:11:01.0184 0792 tcpipreg (5ce0c4a7b12d0067dad527d72b68c726) C:\Windows\system32\drivers\tcpipreg.sys
2011/04/08 10:11:01.0215 0792 TDPIPE (964248aef49c31fa6a93201a73ffaf50) C:\Windows\system32\drivers\tdpipe.sys
2011/04/08 10:11:01.0262 0792 TDTCP (7d2c1ae1648a60fce4aa0f7982e419d3) C:\Windows\system32\drivers\tdtcp.sys
2011/04/08 10:11:01.0293 0792 tdx (ab4fde8af4a0270a46a001c08cbce1c2) C:\Windows\system32\DRIVERS\tdx.sys
2011/04/08 10:11:01.0340 0792 TermDD (849ed71967d45f15c3e0abfc633fdf2a) C:\Windows\system32\DRIVERS\termdd.sys
2011/04/08 10:11:01.0434 0792 tssecsrv (29f0eca726f0d51f7e048bdb0b372f29) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/04/08 10:11:01.0481 0792 tunmp (65e953bc0084d44498b51f59784d2a82) C:\Windows\system32\DRIVERS\tunmp.sys
2011/04/08 10:11:01.0512 0792 tunnel (4a39bda5e0fd30bdf4884f9d33ae6105) C:\Windows\system32\DRIVERS\tunnel.sys
2011/04/08 10:11:01.0543 0792 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2011/04/08 10:11:01.0590 0792 udfs (6348da98707ceda8a0dfb05820e17732) C:\Windows\system32\DRIVERS\udfs.sys
2011/04/08 10:11:01.0637 0792 uliagpkx (6d72ef05921abdf59fc45c7ebfe7e8dd) C:\Windows\system32\drivers\uliagpkx.sys
2011/04/08 10:11:01.0668 0792 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2011/04/08 10:11:01.0715 0792 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/04/08 10:11:01.0746 0792 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/04/08 10:11:01.0793 0792 umbus (3fb78f1d1dd86d87bececd9dffa24dd9) C:\Windows\system32\DRIVERS\umbus.sys
2011/04/08 10:11:01.0871 0792 USB28xxBGA (01f43ddc94653cd68d2794ec4500debc) C:\Windows\system32\DRIVERS\emBDA.sys
2011/04/08 10:11:01.0902 0792 USB28xxOEM (925e82ffe06a37799e5cb486528ed835) C:\Windows\system32\DRIVERS\emOEM.sys
2011/04/08 10:11:01.0949 0792 usbbus (9419faac6552a51542dbba02971c841c) C:\Windows\system32\DRIVERS\lgusbbus.sys
2011/04/08 10:11:01.0995 0792 usbccgp (03b01e8dbd2da2b49157b7e51912aaf2) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/04/08 10:11:02.0042 0792 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/04/08 10:11:02.0089 0792 UsbDiag (c0a466fa4ffec464320e159bc1bbdc0c) C:\Windows\system32\DRIVERS\lgusbdiag.sys
2011/04/08 10:11:02.0151 0792 usbehci (2f83363f98484f8edaf49f9b41520d14) C:\Windows\system32\DRIVERS\usbehci.sys
2011/04/08 10:11:02.0198 0792 usbhub (14d2a4dcd92c0b3368667aed6893463d) C:\Windows\system32\DRIVERS\usbhub.sys
2011/04/08 10:11:02.0261 0792 USBModem (f74a54774a9b0afeb3c40adec68aa600) C:\Windows\system32\DRIVERS\lgusbmodem.sys
2011/04/08 10:11:02.0292 0792 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/04/08 10:11:02.0323 0792 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\DRIVERS\usbprint.sys
2011/04/08 10:11:02.0385 0792 usbscan (b1f95285c08ddfe00c0b955462637ec7) C:\Windows\system32\DRIVERS\usbscan.sys
2011/04/08 10:11:02.0448 0792 usbsermptxp (49106ee29074e6a3d3ac9e24c6d791d8) C:\Windows\system32\DRIVERS\usbsermptxp.sys
2011/04/08 10:11:02.0479 0792 USBSTOR (7887ce56934e7f104e98c975f47353c5) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/04/08 10:11:02.0541 0792 usbuhci (7747b902f6b7d0096f9c2bf55d3247f1) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/04/08 10:11:02.0604 0792 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/04/08 10:11:02.0651 0792 VgaSave (17a8f877314e4067f8c8172cc6d9101c) C:\Windows\System32\drivers\vga.sys
2011/04/08 10:11:02.0682 0792 viaagp (d5929a28bdff4367a12caf06af901971) C:\Windows\system32\drivers\viaagp.sys
2011/04/08 10:11:02.0713 0792 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2011/04/08 10:11:02.0744 0792 viaide (c0ace9d0f5a5ee0b00f58345947a57fc) C:\Windows\system32\drivers\viaide.sys
2011/04/08 10:11:02.0791 0792 volmgr (fd16fac15f9f165ac19a618e7b391f5c) C:\Windows\system32\drivers\volmgr.sys
2011/04/08 10:11:02.0838 0792 volmgrx (294da8d3f965f6a8db934a83c7b461ff) C:\Windows\system32\drivers\volmgrx.sys
2011/04/08 10:11:02.0900 0792 volsnap (80dc0c9bcb579ed9815001a4d37cbfd5) C:\Windows\system32\drivers\volsnap.sys
2011/04/08 10:11:02.0931 0792 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2011/04/08 10:11:02.0978 0792 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/04/08 10:11:03.0025 0792 Wanarp (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/08 10:11:03.0041 0792 Wanarpv6 (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/08 10:11:03.0087 0792 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2011/04/08 10:11:03.0134 0792 Wdf01000 (7b5f66e4a2219c7d9daf9e738480e534) C:\Windows\system32\drivers\Wdf01000.sys
2011/04/08 10:11:03.0243 0792 WmiAcpi (17eac0d023a65fa9b02114cc2baacad5) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/04/08 10:11:03.0321 0792 WpdUsb (2d27171b16a577ef14c1273668753485) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/04/08 10:11:03.0353 0792 ws2ifsl (84620aecdcfd2a7a14e6263927d8c0ed) C:\Windows\system32\drivers\ws2ifsl.sys
2011/04/08 10:11:03.0415 0792 WUDFRd (a2aafcc8a204736296d937c7c545b53f) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/04/08 10:11:03.0477 0792 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/04/08 10:11:03.0477 0792 ================================================================================
2011/04/08 10:11:03.0477 0792 Scan finished
2011/04/08 10:11:03.0477 0792 ================================================================================
2011/04/08 10:11:03.0493 1332 Detected object count: 2
2011/04/08 10:19:22.0007 1332 HKLM\SYSTEM\ControlSet001\services\sptd - will be deleted after reboot
2011/04/08 10:19:22.0038 1332 HKLM\SYSTEM\ControlSet002\services\sptd - will be deleted after reboot
2011/04/08 10:19:22.0069 1332 C:\Windows\system32\Drivers\sptd.sys - will be deleted after reboot
2011/04/08 10:19:22.0069 1332 Locked file(sptd) - User select action: Delete
2011/04/08 10:19:22.0147 1332 \HardDisk0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/04/08 10:19:22.0147 1332 \HardDisk0 - ok
2011/04/08 10:19:22.0147 1332 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2011/04/08 10:19:36.0671 3436 Deinitialize success
Stephi |
|
08.04.2011, 09:54
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojan.Hiloti.Gen / Appcrash svchost.exe / Google Redirects / ständige Angriffe etc. TDL4 wurde erkannt und entfernt. Bitte Windows neu starten und den TDSS-Killer zur Kontrolle nochmal ausführen - Log posten.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
08.04.2011, 10:18
| #11 |
| | Trojan.Hiloti.Gen / Appcrash svchost.exe / Google Redirects / ständige Angriffe etc. Wow, nach Kaspersky Tool keine Angriffe, Weiterleitungen, Windows Dienst Fehlermeldungen und XP-Designs mehr, jubelfreu  Und Windows Update funzt auch wieder!!!, bin beeindruckt (auch wenn wir bestimmt noch nicht fertig sind) rootkit log: Code:
ATTFilter 2011/04/08 11:08:38.0538 1852 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/08 11:08:39.0849 1852 ================================================================================
2011/04/08 11:08:39.0849 1852 SystemInfo:
2011/04/08 11:08:39.0849 1852
2011/04/08 11:08:39.0849 1852 OS Version: 6.0.6000 ServicePack: 0.0
2011/04/08 11:08:39.0849 1852 Product type: Workstation
2011/04/08 11:08:39.0849 1852 ComputerName: ZAPHOD-LAB
2011/04/08 11:08:39.0849 1852 UserName: Zaphod
2011/04/08 11:08:39.0849 1852 Windows directory: C:\Windows
2011/04/08 11:08:39.0849 1852 System windows directory: C:\Windows
2011/04/08 11:08:39.0849 1852 Processor architecture: Intel x86
2011/04/08 11:08:39.0849 1852 Number of processors: 2
2011/04/08 11:08:39.0849 1852 Page size: 0x1000
2011/04/08 11:08:39.0849 1852 Boot type: Normal boot
2011/04/08 11:08:39.0849 1852 ================================================================================
2011/04/08 11:08:40.0925 1852 Initialize success
2011/04/08 11:08:43.0920 3808 ================================================================================
2011/04/08 11:08:43.0920 3808 Scan started
2011/04/08 11:08:43.0920 3808 Mode: Manual;
2011/04/08 11:08:43.0920 3808 ================================================================================
2011/04/08 11:08:45.0356 3808 ACPI (84fc6df81212d16be5c4f441682feccc) C:\Windows\system32\drivers\acpi.sys
2011/04/08 11:08:45.0512 3808 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2011/04/08 11:08:45.0558 3808 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2011/04/08 11:08:45.0605 3808 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2011/04/08 11:08:45.0652 3808 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2011/04/08 11:08:45.0730 3808 AF15BDA (25e12313338e476293178bcae4d6f4e2) C:\Windows\system32\DRIVERS\AF15BDA.sys
2011/04/08 11:08:45.0792 3808 AFD (5d24caf8efd924a875698ff28384db8b) C:\Windows\system32\drivers\afd.sys
2011/04/08 11:08:45.0839 3808 agp440 (8b10ce1c1f9f1d47e4deb1a547a00cd4) C:\Windows\system32\drivers\agp440.sys
2011/04/08 11:08:45.0886 3808 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/04/08 11:08:45.0917 3808 aliide (5c42a992e68724d2cd3ddb4fc3b0409f) C:\Windows\system32\drivers\aliide.sys
2011/04/08 11:08:45.0948 3808 amdagp (848f27e5b27c1c253f6cefdc1a5d8f21) C:\Windows\system32\drivers\amdagp.sys
2011/04/08 11:08:45.0980 3808 amdide (849dfacdde533da5d1810f0caf84eb19) C:\Windows\system32\drivers\amdide.sys
2011/04/08 11:08:46.0026 3808 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2011/04/08 11:08:46.0058 3808 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
2011/04/08 11:08:46.0120 3808 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2011/04/08 11:08:46.0151 3808 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2011/04/08 11:08:46.0198 3808 AsyncMac (e86cf7ce67d5de898f27ef884dc357d8) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/04/08 11:08:46.0245 3808 atapi (e03e8c99d15d0381e02743c36afc7c6f) C:\Windows\system32\drivers\atapi.sys
2011/04/08 11:08:46.0307 3808 atksgt (6e996cf8459a2594e0e9609d0e34d41f) C:\Windows\system32\DRIVERS\atksgt.sys
2011/04/08 11:08:46.0370 3808 b57nd60x (8e287eb3a52fd30c999482c576f4a61b) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/04/08 11:08:46.0432 3808 Beep (ac3dd1708b22761ebd7cbe14dcc3b5d7) C:\Windows\system32\drivers\Beep.sys
2011/04/08 11:08:46.0666 3808 BHDrvx86 (32d6e07922d17bed40ae746fc86b8a68) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110309.001\BHDrvx86.sys
2011/04/08 11:08:46.0744 3808 bowser (913cd06fbe9105ce6077e90fd4418561) C:\Windows\system32\DRIVERS\bowser.sys
2011/04/08 11:08:46.0791 3808 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/04/08 11:08:46.0822 3808 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/04/08 11:08:46.0869 3808 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/04/08 11:08:46.0900 3808 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/04/08 11:08:46.0931 3808 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/04/08 11:08:46.0947 3808 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/04/08 11:08:47.0009 3808 BthAvrcp (3472331b9d460212965b51a8d38e8bec) C:\Windows\system32\DRIVERS\BthAvrcp.sys
2011/04/08 11:08:47.0072 3808 BthEnum (cf97c2d6a011ee9403b42191b5f95ba8) C:\Windows\system32\DRIVERS\BthEnum.sys
2011/04/08 11:08:47.0118 3808 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/04/08 11:08:47.0181 3808 BthPan (b8c3d9ddf85fd197c3e5f849fef71144) C:\Windows\system32\DRIVERS\bthpan.sys
2011/04/08 11:08:47.0228 3808 BTHPORT (b4ce8000aab30a9ab16cd0fb3db4d7cf) C:\Windows\system32\Drivers\BTHport.sys
2011/04/08 11:08:47.0274 3808 BTHUSB (9a4ddc8544c1459aa2a118a8858dade3) C:\Windows\system32\Drivers\BTHUSB.sys
2011/04/08 11:08:47.0321 3808 cdfs (6c3a437fc873c6f6a4fc620b6888cb86) C:\Windows\system32\DRIVERS\cdfs.sys
2011/04/08 11:08:47.0384 3808 cdrom (8d1866e61af096ae8b582454f5e4d303) C:\Windows\system32\DRIVERS\cdrom.sys
2011/04/08 11:08:47.0430 3808 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2011/04/08 11:08:47.0477 3808 CLFS (1b84fd0937d3b99af9ba38ddff3daf54) C:\Windows\system32\CLFS.sys
2011/04/08 11:08:47.0540 3808 CmBatt (ed97ad3df1b9005989eaf149bf06c821) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/04/08 11:08:47.0555 3808 cmdide (de11a06e187756ecb86cfa82dac40ff7) C:\Windows\system32\drivers\cmdide.sys
2011/04/08 11:08:47.0633 3808 CnxtHdAudService (b6e7991e3d6146c04c85cd31af22a381) C:\Windows\system32\drivers\CHDRT32.sys
2011/04/08 11:08:47.0696 3808 Compbatt (722936afb75a7f509662b69b5632f48a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/04/08 11:08:47.0727 3808 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2011/04/08 11:08:47.0774 3808 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2011/04/08 11:08:47.0836 3808 CSC (ee95a5f89766f199557e5900ce6b2d7d) C:\Windows\system32\drivers\csc.sys
2011/04/08 11:08:47.0867 3808 DfsC (a7179de59ae269ab70345527894ccd7c) C:\Windows\system32\Drivers\dfsc.sys
2011/04/08 11:08:47.0945 3808 disk (841af4c4d41d3e3b2f244e976b0f7963) C:\Windows\system32\drivers\disk.sys
2011/04/08 11:08:48.0023 3808 drmkaud (ee472cd2c01f6f8e8aa1fa06ffef61b6) C:\Windows\system32\drivers\drmkaud.sys
2011/04/08 11:08:48.0070 3808 DXGKrnl (a2b160c1bb13ee3303c342e551373c59) C:\Windows\System32\drivers\dxgkrnl.sys
2011/04/08 11:08:48.0164 3808 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/04/08 11:08:48.0210 3808 Ecache (0efc7531b936ee57fdb4e837664c509f) C:\Windows\system32\drivers\ecache.sys
2011/04/08 11:08:48.0335 3808 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2011/04/08 11:08:48.0398 3808 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2011/04/08 11:08:48.0444 3808 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2011/04/08 11:08:48.0491 3808 fastfat (84a317cb0b3954d3768cdcd018dbf670) C:\Windows\system32\drivers\fastfat.sys
2011/04/08 11:08:48.0538 3808 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
2011/04/08 11:08:48.0569 3808 FileInfo (65773d6115c037ffd7ef8280ae85eb9d) C:\Windows\system32\drivers\fileinfo.sys
2011/04/08 11:08:48.0616 3808 Filetrace (c226dd0de060745f3e042f58dcf78402) C:\Windows\system32\drivers\filetrace.sys
2011/04/08 11:08:48.0647 3808 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/04/08 11:08:48.0663 3808 FltMgr (a6a8da7ae4d53394ab22ac3ab6d3f5d3) C:\Windows\system32\drivers\fltmgr.sys
2011/04/08 11:08:48.0725 3808 Fs_Rec (66a078591208baa210c7634b11eb392c) C:\Windows\system32\drivers\Fs_Rec.sys
2011/04/08 11:08:48.0756 3808 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2011/04/08 11:08:48.0819 3808 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/04/08 11:08:48.0881 3808 HDAudBus (0db613a7e427b5663563677796fd5258) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/04/08 11:08:48.0912 3808 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/04/08 11:08:48.0944 3808 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/04/08 11:08:49.0006 3808 HidUsb (01e7971e9f4bd6ac6a08db52d0ea0418) C:\Windows\system32\DRIVERS\hidusb.sys
2011/04/08 11:08:49.0068 3808 Hotkey (8b566ea71d5b76157a9cdb78f25a5731) C:\Windows\system32\drivers\Hotkey.sys
2011/04/08 11:08:49.0100 3808 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2011/04/08 11:08:49.0146 3808 HTTP (ea24fe637d974a8a31bc650f478e3533) C:\Windows\system32\drivers\HTTP.sys
2011/04/08 11:08:49.0224 3808 hwdatacard (4e370a583e78b614918c8f2cd5b733ef) C:\Windows\system32\DRIVERS\ewusbmdm.sys
2011/04/08 11:08:49.0256 3808 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2011/04/08 11:08:49.0334 3808 i8042prt (1c9ee072baa3abb460b91d7ee9152660) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/04/08 11:08:49.0412 3808 ialm (9378d57e2b96c0a185d844770ad49948) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/04/08 11:08:49.0505 3808 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2011/04/08 11:08:49.0755 3808 IDSVix86 (7c8ce2b83a89ee1cb0c3fee5991e62a2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110407.001\IDSvix86.sys
2011/04/08 11:08:49.0942 3808 igfx (9378d57e2b96c0a185d844770ad49948) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/04/08 11:08:50.0004 3808 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/04/08 11:08:50.0082 3808 intelide (59b00efb24ead979becf413703bb1fac) C:\Windows\system32\drivers\intelide.sys
2011/04/08 11:08:50.0114 3808 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
2011/04/08 11:08:50.0160 3808 IpFilterDriver (880c6f86cc3f551b8fea2c11141268c0) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/04/08 11:08:50.0223 3808 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2011/04/08 11:08:50.0270 3808 IPNAT (10077c35845101548037df04fd1a420b) C:\Windows\system32\DRIVERS\ipnat.sys
2011/04/08 11:08:50.0301 3808 IRENUM (a82f328f4792304184642d6d397bb1e3) C:\Windows\system32\drivers\irenum.sys
2011/04/08 11:08:50.0332 3808 isapnp (2f8ece2699e7e2070545e9b0960a8ed2) C:\Windows\system32\drivers\isapnp.sys
2011/04/08 11:08:50.0394 3808 iScsiPrt (4dca456d4d5723f8fa9c6760d240b0df) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/04/08 11:08:50.0410 3808 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/04/08 11:08:50.0441 3808 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/04/08 11:08:50.0628 3808 kbdclass (b076b2ab806b3f696dab21375389101c) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/04/08 11:08:50.0722 3808 kbdhid (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\drivers\kbdhid.sys
2011/04/08 11:08:50.0784 3808 KSecDD (0a829977b078dea11641fc2af87ceade) C:\Windows\system32\Drivers\ksecdd.sys
2011/04/08 11:08:50.0894 3808 LHidFilt (7f9c7b28cf1c859e1c42619eea946dc8) C:\Windows\system32\DRIVERS\LHidFilt.Sys
2011/04/08 11:08:50.0956 3808 lirsgt (975b6cf65f44e95883f3855bae8cecaf) C:\Windows\system32\DRIVERS\lirsgt.sys
2011/04/08 11:08:50.0987 3808 lltdio (fd015b4f95daa2b712f0e372a116fbad) C:\Windows\system32\DRIVERS\lltdio.sys
2011/04/08 11:08:51.0018 3808 LMouFilt (ab33792a87285344f43b5ce23421bab0) C:\Windows\system32\DRIVERS\LMouFilt.Sys
2011/04/08 11:08:51.0065 3808 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2011/04/08 11:08:51.0112 3808 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2011/04/08 11:08:51.0159 3808 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2011/04/08 11:08:51.0206 3808 luafv (42885bb44b6e065b8575a8dd6c430c52) C:\Windows\system32\drivers\luafv.sys
2011/04/08 11:08:51.0252 3808 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2011/04/08 11:08:51.0299 3808 Modem (21755967298a46fb6adfec9db6012211) C:\Windows\system32\drivers\modem.sys
2011/04/08 11:08:51.0346 3808 monitor (7446e104a5fe5987ca9e4983fbac4f97) C:\Windows\system32\DRIVERS\monitor.sys
2011/04/08 11:08:51.0408 3808 mouclass (5fba13c1a1841b0885d316ed3589489d) C:\Windows\system32\DRIVERS\mouclass.sys
2011/04/08 11:08:51.0440 3808 mouhid (b569b5c5d3bde545df3a6af512cccdba) C:\Windows\system32\DRIVERS\mouhid.sys
2011/04/08 11:08:51.0471 3808 MountMgr (01f1e5a3e4877c931cbb31613fec16a6) C:\Windows\system32\drivers\mountmgr.sys
2011/04/08 11:08:51.0518 3808 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2011/04/08 11:08:51.0564 3808 mpsdrv (6e7a7f0c1193ee5648443fe2d4b789ec) C:\Windows\system32\drivers\mpsdrv.sys
2011/04/08 11:08:51.0596 3808 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/04/08 11:08:51.0642 3808 MRxDAV (1d8828b98ee309d65e006f0829e280e5) C:\Windows\system32\drivers\mrxdav.sys
2011/04/08 11:08:51.0689 3808 mrxsmb (8af705ce1bb907932157fab821170f27) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/04/08 11:08:51.0720 3808 mrxsmb10 (47e13ab23371be3279eef22bbfa2c1be) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/04/08 11:08:51.0752 3808 mrxsmb20 (90b3fc7bd6b3d7ee7635debba2187f66) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/04/08 11:08:51.0814 3808 msahci (2681302b63b318cbea6c82902ac5428c) C:\Windows\system32\drivers\msahci.sys
2011/04/08 11:08:51.0845 3808 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2011/04/08 11:08:51.0892 3808 Msfs (729eafefd4e7417165f353a18dbe947d) C:\Windows\system32\drivers\Msfs.sys
2011/04/08 11:08:51.0939 3808 msisadrv (207df26dbb2537c20276da0e15892274) C:\Windows\system32\drivers\msisadrv.sys
2011/04/08 11:08:51.0970 3808 MSKSSRV (892cedefa7e0ffe7be8da651b651d047) C:\Windows\system32\drivers\MSKSSRV.sys
2011/04/08 11:08:52.0017 3808 MSPCLOCK (ae2cb1da69b2676b4cee2a501af5871c) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/04/08 11:08:52.0064 3808 MSPQM (f910da84fa90c44a3addb7cd874463fd) C:\Windows\system32\drivers\MSPQM.sys
2011/04/08 11:08:52.0095 3808 MsRPC (84571c0ae07647ba38d493f5f0015df7) C:\Windows\system32\drivers\MsRPC.sys
2011/04/08 11:08:52.0142 3808 mssmbios (7dbaa028f625aa46b95dda4fbe4b602b) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/04/08 11:08:52.0173 3808 MSTEE (c826dd1373f38afd9ca46ec3c436a14e) C:\Windows\system32\drivers\MSTEE.sys
2011/04/08 11:08:52.0204 3808 Mup (fa7aa70050cf5e2d15de00941e5665e5) C:\Windows\system32\Drivers\mup.sys
2011/04/08 11:08:52.0266 3808 NativeWifiP (6da4a0fc7c0e83df0cb3cfd0a514c3bc) C:\Windows\system32\DRIVERS\nwifi.sys
2011/04/08 11:08:52.0422 3808 NAVENG (c34e2a884ccca8b5567d0c2752527073) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110407.035\NAVENG.SYS
2011/04/08 11:08:52.0500 3808 NAVEX15 (b3916eeec738dd4178f4fd6a44a32e36) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110407.035\NAVEX15.SYS
2011/04/08 11:08:52.0656 3808 NDIS (227c11e1e7cf6ef8afb2a238d209760c) C:\Windows\system32\drivers\ndis.sys
2011/04/08 11:08:52.0719 3808 NdisTapi (81659cdcbd0f9a9e07e6878ad8c78d3f) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/04/08 11:08:52.0766 3808 Ndisuio (5de5ee546bf40838ebe0e01cb629df64) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/04/08 11:08:52.0812 3808 NdisWan (397402adcbb8946223a1950101f6cd94) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/04/08 11:08:52.0859 3808 NDProxy (1b24fa907af283199a81b3bb37e5e526) C:\Windows\system32\drivers\NDProxy.sys
2011/04/08 11:08:52.0890 3808 NetBIOS (356dbb9f98e8dc1028dd3092fceeb877) C:\Windows\system32\DRIVERS\netbios.sys
2011/04/08 11:08:52.0937 3808 netbt (e3a168912e7eefc3bd3b814720d68b41) C:\Windows\system32\DRIVERS\netbt.sys
2011/04/08 11:08:53.0062 3808 NETw4v32 (6522dd40a5f67ced020bd81b856613fb) C:\Windows\system32\DRIVERS\NETw4v32.sys
2011/04/08 11:08:53.0140 3808 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/04/08 11:08:53.0218 3808 Npfs (4f9832beb9fafd8ceb0e541f1323b26e) C:\Windows\system32\drivers\Npfs.sys
2011/04/08 11:08:53.0249 3808 nsiproxy (b488dfec274de1fc9d653870ef2587be) C:\Windows\system32\drivers\nsiproxy.sys
2011/04/08 11:08:53.0327 3808 Ntfs (37430aa7a66d7a63407adc2c0d05e9f6) C:\Windows\system32\drivers\Ntfs.sys
2011/04/08 11:08:53.0390 3808 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/04/08 11:08:53.0421 3808 Null (ec5efb3c60f1b624648344a328bce596) C:\Windows\system32\drivers\Null.sys
2011/04/08 11:08:53.0452 3808 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
2011/04/08 11:08:53.0499 3808 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
2011/04/08 11:08:53.0530 3808 nv_agp (055081fd5076401c1ee1bcab08d81911) C:\Windows\system32\drivers\nv_agp.sys
2011/04/08 11:08:53.0624 3808 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
2011/04/08 11:08:53.0702 3808 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\DRIVERS\parport.sys
2011/04/08 11:08:53.0733 3808 partmgr (555a5b2c8022983bc7467bc925b222ee) C:\Windows\system32\drivers\partmgr.sys
2011/04/08 11:08:53.0764 3808 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\DRIVERS\parvdm.sys
2011/04/08 11:08:53.0826 3808 pci (bdd96f9cf34d58958aff1be6ef4c8020) C:\Windows\system32\drivers\pci.sys
2011/04/08 11:08:53.0858 3808 pciide (54d23dc5b5072311116826fdb7f6e83e) C:\Windows\system32\drivers\pciide.sys
2011/04/08 11:08:53.0889 3808 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/04/08 11:08:53.0967 3808 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/04/08 11:08:54.0092 3808 PptpMiniport (c04dec5ace67c5247b150c4223970bb7) C:\Windows\system32\DRIVERS\raspptp.sys
2011/04/08 11:08:54.0123 3808 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2011/04/08 11:08:54.0201 3808 PSched (2c8bae55247c4e09352e870292e4d1ab) C:\Windows\system32\DRIVERS\pacer.sys
2011/04/08 11:08:54.0248 3808 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\Windows\system32\Drivers\PxHelp20.sys
2011/04/08 11:08:54.0310 3808 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2011/04/08 11:08:54.0388 3808 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/04/08 11:08:54.0419 3808 QWAVEdrv (d2b3e2b7426dc23e185fbc73c8936c12) C:\Windows\system32\drivers\qwavedrv.sys
2011/04/08 11:08:54.0450 3808 RasAcd (bd7b30f55b3649506dd8b3d38f571d2a) C:\Windows\system32\DRIVERS\rasacd.sys
2011/04/08 11:08:54.0528 3808 Rasl2tp (68b0019fee429ec49d29017af937e482) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/04/08 11:08:54.0575 3808 RasPppoe (ccf4e9c6cbbac81437f88cb2ae0b6c96) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/04/08 11:08:54.0622 3808 rdbss (54129c5d9581bbec8bd1ebd3ba813f47) C:\Windows\system32\DRIVERS\rdbss.sys
2011/04/08 11:08:54.0653 3808 RDPCDD (794585276b5d7fca9f3fc15543f9f0b9) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/04/08 11:08:54.0700 3808 rdpdr (0245418224cfa77bf4b41c2fe0622258) C:\Windows\system32\DRIVERS\rdpdr.sys
2011/04/08 11:08:54.0731 3808 RDPENCDD (980b56e2e273e19d3a9d72d5c420f008) C:\Windows\system32\drivers\rdpencdd.sys
2011/04/08 11:08:54.0762 3808 RDPWD (8830e790a74a96605faba74f9665bb3c) C:\Windows\system32\drivers\RDPWD.sys
2011/04/08 11:08:54.0840 3808 RFCOMM (7ec90c316177ba3f1bce92005264b447) C:\Windows\system32\DRIVERS\rfcomm.sys
2011/04/08 11:08:54.0887 3808 rspndr (97e939d2128fec5d5a3e6e79b290a2f4) C:\Windows\system32\DRIVERS\rspndr.sys
2011/04/08 11:08:54.0934 3808 RTL8169 (71b7026d61293c1e91145bdad11c53bf) C:\Windows\system32\DRIVERS\Rtlh86.sys
2011/04/08 11:08:54.0981 3808 RTSTOR (e845f4d709c456992f11d2acf321bced) C:\Windows\system32\drivers\RTSTOR.SYS
2011/04/08 11:08:55.0012 3808 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/04/08 11:08:55.0059 3808 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/04/08 11:08:55.0106 3808 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\DRIVERS\serenum.sys
2011/04/08 11:08:55.0152 3808 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\DRIVERS\serial.sys
2011/04/08 11:08:55.0199 3808 sermouse (450accd77ec5cea720c1cdb9e26b953b) C:\Windows\system32\drivers\sermouse.sys
2011/04/08 11:08:55.0246 3808 sffdisk (51cf56aa8bcc241f134b420b8f850406) C:\Windows\system32\drivers\sffdisk.sys
2011/04/08 11:08:55.0277 3808 sffp_mmc (96ded8b20c734ac41641ce275250e55d) C:\Windows\system32\drivers\sffp_mmc.sys
2011/04/08 11:08:55.0293 3808 sffp_sd (8b08cab1267b2c377883fc9e56981f90) C:\Windows\system32\drivers\sffp_sd.sys
2011/04/08 11:08:55.0324 3808 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/04/08 11:08:55.0371 3808 sisagp (08072b2fb92477fc813271a84b3a8698) C:\Windows\system32\drivers\sisagp.sys
2011/04/08 11:08:55.0402 3808 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2011/04/08 11:08:55.0433 3808 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2011/04/08 11:08:55.0480 3808 Smb (ac0d90738adb51a6fd12ff00874a2162) C:\Windows\system32\DRIVERS\smb.sys
2011/04/08 11:08:55.0511 3808 spldr (426f9b029aa9162ceccf65369457d046) C:\Windows\system32\drivers\spldr.sys
2011/04/08 11:08:55.0620 3808 SRTSP (a7a104a61c4e30de9c58f8c372a5c209) C:\Windows\System32\Drivers\NIS\1205000.07D\SRTSP.SYS
2011/04/08 11:08:55.0667 3808 SRTSPX (2833445f786bd000bb14c84a9d91347a) C:\Windows\system32\drivers\NIS\1205000.07D\SRTSPX.SYS
2011/04/08 11:08:55.0761 3808 srv (038579c35f7cad4a4bbf735dbf83277d) C:\Windows\system32\DRIVERS\srv.sys
2011/04/08 11:08:55.0808 3808 srv2 (6971a757af8cb5e2cbcbb76cc530db6c) C:\Windows\system32\DRIVERS\srv2.sys
2011/04/08 11:08:55.0854 3808 srvnet (9e1a4603b874eebce0298113951abefb) C:\Windows\system32\DRIVERS\srvnet.sys
2011/04/08 11:08:55.0948 3808 SVKP (f05028b163b92c302a74409d683ac9b0) C:\Windows\system32\SVKP.sys
2011/04/08 11:08:55.0995 3808 swenum (3b80b4383c9bce13279c8482734b32b2) C:\Windows\system32\DRIVERS\swenum.sys
2011/04/08 11:08:56.0042 3808 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/04/08 11:08:56.0120 3808 SymDS (bdf077b897b5f9f929b6bf0cfd436962) C:\Windows\system32\drivers\NIS\1205000.07D\SYMDS.SYS
2011/04/08 11:08:56.0198 3808 SymEFA (7732298ad2eddd364c1d4f439d99ae7c) C:\Windows\system32\drivers\NIS\1205000.07D\SYMEFA.SYS
2011/04/08 11:08:56.0276 3808 SymEvent (5c76a63fac8a5580c5a1c4a4ed827782) C:\Windows\system32\Drivers\SYMEVENT.SYS
2011/04/08 11:08:56.0338 3808 SymIRON (a73399804d5d4a8b20ba60fcf70c9f1f) C:\Windows\system32\drivers\NIS\1205000.07D\Ironx86.SYS
2011/04/08 11:08:56.0400 3808 SYMTDIv (c93e93bff7cba0cd1c1ea282d791b772) C:\Windows\System32\Drivers\NIS\1205000.07D\SYMTDIV.SYS
2011/04/08 11:08:56.0447 3808 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/04/08 11:08:56.0478 3808 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/04/08 11:08:56.0510 3808 SynTP (f7a4250bb3e3afcd4af100e551509352) C:\Windows\system32\DRIVERS\SynTP.sys
2011/04/08 11:08:56.0603 3808 Tcpip (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\drivers\tcpip.sys
2011/04/08 11:08:56.0650 3808 Tcpip6 (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\DRIVERS\tcpip.sys
2011/04/08 11:08:56.0681 3808 tcpipreg (5ce0c4a7b12d0067dad527d72b68c726) C:\Windows\system32\drivers\tcpipreg.sys
2011/04/08 11:08:56.0728 3808 TDPIPE (964248aef49c31fa6a93201a73ffaf50) C:\Windows\system32\drivers\tdpipe.sys
2011/04/08 11:08:56.0759 3808 TDTCP (7d2c1ae1648a60fce4aa0f7982e419d3) C:\Windows\system32\drivers\tdtcp.sys
2011/04/08 11:08:56.0806 3808 tdx (ab4fde8af4a0270a46a001c08cbce1c2) C:\Windows\system32\DRIVERS\tdx.sys
2011/04/08 11:08:56.0853 3808 TermDD (849ed71967d45f15c3e0abfc633fdf2a) C:\Windows\system32\DRIVERS\termdd.sys
2011/04/08 11:08:56.0915 3808 tssecsrv (29f0eca726f0d51f7e048bdb0b372f29) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/04/08 11:08:56.0962 3808 tunmp (65e953bc0084d44498b51f59784d2a82) C:\Windows\system32\DRIVERS\tunmp.sys
2011/04/08 11:08:56.0993 3808 tunnel (4a39bda5e0fd30bdf4884f9d33ae6105) C:\Windows\system32\DRIVERS\tunnel.sys
2011/04/08 11:08:57.0024 3808 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2011/04/08 11:08:57.0056 3808 udfs (6348da98707ceda8a0dfb05820e17732) C:\Windows\system32\DRIVERS\udfs.sys
2011/04/08 11:08:57.0102 3808 uliagpkx (6d72ef05921abdf59fc45c7ebfe7e8dd) C:\Windows\system32\drivers\uliagpkx.sys
2011/04/08 11:08:57.0149 3808 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2011/04/08 11:08:57.0180 3808 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/04/08 11:08:57.0212 3808 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/04/08 11:08:57.0258 3808 umbus (3fb78f1d1dd86d87bececd9dffa24dd9) C:\Windows\system32\DRIVERS\umbus.sys
2011/04/08 11:08:57.0336 3808 USB28xxBGA (01f43ddc94653cd68d2794ec4500debc) C:\Windows\system32\DRIVERS\emBDA.sys
2011/04/08 11:08:57.0368 3808 USB28xxOEM (925e82ffe06a37799e5cb486528ed835) C:\Windows\system32\DRIVERS\emOEM.sys
2011/04/08 11:08:57.0430 3808 usbbus (9419faac6552a51542dbba02971c841c) C:\Windows\system32\DRIVERS\lgusbbus.sys
2011/04/08 11:08:57.0477 3808 usbccgp (03b01e8dbd2da2b49157b7e51912aaf2) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/04/08 11:08:57.0539 3808 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/04/08 11:08:57.0586 3808 UsbDiag (c0a466fa4ffec464320e159bc1bbdc0c) C:\Windows\system32\DRIVERS\lgusbdiag.sys
2011/04/08 11:08:57.0648 3808 usbehci (2f83363f98484f8edaf49f9b41520d14) C:\Windows\system32\DRIVERS\usbehci.sys
2011/04/08 11:08:57.0695 3808 usbhub (14d2a4dcd92c0b3368667aed6893463d) C:\Windows\system32\DRIVERS\usbhub.sys
2011/04/08 11:08:57.0758 3808 USBModem (f74a54774a9b0afeb3c40adec68aa600) C:\Windows\system32\DRIVERS\lgusbmodem.sys
2011/04/08 11:08:57.0789 3808 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/04/08 11:08:57.0836 3808 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\DRIVERS\usbprint.sys
2011/04/08 11:08:57.0898 3808 usbscan (b1f95285c08ddfe00c0b955462637ec7) C:\Windows\system32\DRIVERS\usbscan.sys
2011/04/08 11:08:57.0945 3808 usbsermptxp (49106ee29074e6a3d3ac9e24c6d791d8) C:\Windows\system32\DRIVERS\usbsermptxp.sys
2011/04/08 11:08:57.0992 3808 USBSTOR (7887ce56934e7f104e98c975f47353c5) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/04/08 11:08:58.0054 3808 usbuhci (7747b902f6b7d0096f9c2bf55d3247f1) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/04/08 11:08:58.0116 3808 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/04/08 11:08:58.0163 3808 VgaSave (17a8f877314e4067f8c8172cc6d9101c) C:\Windows\System32\drivers\vga.sys
2011/04/08 11:08:58.0194 3808 viaagp (d5929a28bdff4367a12caf06af901971) C:\Windows\system32\drivers\viaagp.sys
2011/04/08 11:08:58.0226 3808 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2011/04/08 11:08:58.0257 3808 viaide (c0ace9d0f5a5ee0b00f58345947a57fc) C:\Windows\system32\drivers\viaide.sys
2011/04/08 11:08:58.0304 3808 volmgr (fd16fac15f9f165ac19a618e7b391f5c) C:\Windows\system32\drivers\volmgr.sys
2011/04/08 11:08:58.0350 3808 volmgrx (294da8d3f965f6a8db934a83c7b461ff) C:\Windows\system32\drivers\volmgrx.sys
2011/04/08 11:08:58.0413 3808 volsnap (80dc0c9bcb579ed9815001a4d37cbfd5) C:\Windows\system32\drivers\volsnap.sys
2011/04/08 11:08:58.0444 3808 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2011/04/08 11:08:58.0506 3808 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/04/08 11:08:58.0538 3808 Wanarp (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/08 11:08:58.0553 3808 Wanarpv6 (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/08 11:08:58.0600 3808 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2011/04/08 11:08:58.0647 3808 Wdf01000 (7b5f66e4a2219c7d9daf9e738480e534) C:\Windows\system32\drivers\Wdf01000.sys
2011/04/08 11:08:58.0772 3808 WmiAcpi (17eac0d023a65fa9b02114cc2baacad5) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/04/08 11:08:58.0850 3808 WpdUsb (2d27171b16a577ef14c1273668753485) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/04/08 11:08:58.0896 3808 ws2ifsl (84620aecdcfd2a7a14e6263927d8c0ed) C:\Windows\system32\drivers\ws2ifsl.sys
2011/04/08 11:08:58.0943 3808 WUDFRd (a2aafcc8a204736296d937c7c545b53f) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/04/08 11:08:59.0037 3808 ================================================================================
2011/04/08 11:08:59.0037 3808 Scan finished
2011/04/08 11:08:59.0037 3808 ================================================================================
2011/04/08 11:09:15.0604 2020 Deinitialize success
 und Gruß,Stephi |
|
08.04.2011, 10:35
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojan.Hiloti.Gen / Appcrash svchost.exe / Google Redirects / ständige Angriffe etc. Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
08.04.2011, 11:52
| #13 |
| | Trojan.Hiloti.Gen / Appcrash svchost.exe / Google Redirects / ständige Angriffe etc. Hallo Arne, Combofix lief problemlos. Hier die logfile: Code:
ATTFilter ComboFix 11-04-07.08 - Zaphod 08.04.2011 12:24:30.1.2 - x86
Microsoft® Windows Vista™ Business 6.0.6000.0.1252.49.1031.18.2038.1037 [GMT 2:00]
ausgeführt von:: c:\users\Zaphod\Downloads\cofi.exe
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\Thumbs.db
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-03-08 bis 2011-04-08 ))))))))))))))))))))))))))))))
.
.
2011-04-08 10:35 . 2011-04-08 10:35 -------- d-----w- c:\users\Zaphod\AppData\Local\temp
2011-04-08 10:13 . 2011-04-08 10:13 -------- d-----w- c:\program files\CCleaner
2011-04-07 19:12 . 2011-04-07 19:12 -------- d-----w- C:\_OTL
2011-04-06 15:22 . 2010-12-20 16:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-06 15:22 . 2010-12-20 16:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-06 12:03 . 2011-04-06 12:03 -------- d-----w- c:\program files\Common Files\Java
2011-04-06 12:02 . 2011-04-06 12:02 -------- d-----w- c:\program files\Java
2011-04-06 11:59 . 2011-04-06 11:59 -------- d-----w- c:\programdata\Apple Computer
2011-04-06 11:59 . 2010-04-16 17:00 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin5.dll
2011-04-06 11:59 . 2010-04-16 17:00 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin4.dll
2011-04-06 11:59 . 2010-04-16 17:00 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin3.dll
2011-04-06 11:59 . 2010-04-16 17:00 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin2.dll
2011-04-06 11:59 . 2010-04-16 17:00 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin.dll
2011-04-06 11:59 . 2010-03-17 20:53 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-04-06 11:59 . 2010-03-17 20:53 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-04-06 11:59 . 2010-03-17 20:53 180224 ----a-w- c:\windows\system32\QTCF.dll
2011-04-06 11:59 . 2011-04-06 11:59 -------- d-----w- c:\program files\QuickTime Alternative
2011-04-06 10:18 . 2011-04-06 11:34 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-04-06 10:18 . 2011-04-06 11:32 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-04-06 08:52 . 2011-04-06 08:52 -------- d-----w- c:\users\Zaphod\AppData\Roaming\Malwarebytes
2011-04-06 08:52 . 2011-04-06 08:52 -------- d-----w- c:\programdata\Malwarebytes
2011-04-06 08:52 . 2011-04-06 15:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-29 08:11 . 2011-03-29 08:11 -------- d-----w- c:\users\Zaphod\AppData\Local\DDMSettings
2011-03-27 19:59 . 2011-03-27 19:59 -------- d-----w- c:\program files\Common Files\DivX Shared
2011-03-26 12:36 . 2011-03-26 12:36 -------- d-----w- c:\users\Zaphod\AppData\Roaming\EAC
2011-03-26 12:36 . 2011-03-26 12:36 -------- d-----w- c:\program files\Exact Audio Copy
2011-03-26 09:54 . 2011-03-26 09:54 -------- d-----w- c:\programdata\Driver Whiz
2011-03-24 21:12 . 2009-03-17 09:38 364544 ----a-w- c:\windows\system32\MACDll.dll
2011-03-24 21:12 . 2009-01-19 18:39 246424 ----a-w- c:\windows\system32\unicows.dll
2011-03-24 21:12 . 2011-03-24 21:12 -------- d-----w- c:\program files\Monkey's Audio
2011-03-24 13:30 . 2011-03-24 13:30 -------- d-----w- c:\program files\LG Electronics
2011-03-24 13:12 . 2011-03-24 13:12 -------- d-----w- c:\users\Zaphod\AppData\Roaming\Amazon
2011-03-24 13:11 . 2011-03-24 13:11 -------- d-----w- c:\program files\Amazon
2011-03-24 12:42 . 2009-09-04 16:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2011-03-24 12:41 . 2011-03-24 12:41 -------- d-----w- c:\program files\Winamp Detect
2011-03-24 12:39 . 2011-04-08 10:15 -------- d-----w- c:\users\Zaphod\AppData\Roaming\Winamp
2011-03-24 12:39 . 2011-03-24 12:42 -------- d-----w- c:\program files\Winamp
2011-03-17 19:57 . 2011-03-17 19:57 12800 ----a-w- c:\program files\Mozilla Firefox\plugins\npwachk.dll
2011-03-09 11:22 . 2011-04-06 12:00 -------- d-----w- c:\program files\DivX
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-06 12:02 . 2010-12-27 15:09 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-04-02 13:46 . 2006-11-02 10:32 101376 ----a-w- c:\windows\system32\ifxcardm.dll
2011-04-02 13:46 . 2006-11-02 10:32 79872 ----a-w- c:\windows\system32\axaltocm.dll
2011-04-02 11:38 . 2010-12-28 13:53 47560 ----a-w- c:\windows\system32\SPReview.exe
2011-04-02 11:38 . 2010-12-28 13:53 152576 ----a-w- c:\windows\system32\SPWizUI.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 815104]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-11 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-11 133656]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2007-12-5 813584]
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Photo Express Calendar Checker SE.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Photo Express Calendar Checker SE.lnk
backup=c:\windows\pss\Photo Express Calendar Checker SE.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Remote Control.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Remote Control.lnk
backup=c:\windows\pss\Remote Control.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Zaphod^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PowerReg Scheduler V3.exe]
path=c:\users\Zaphod\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe
backup=c:\windows\pss\PowerReg Scheduler V3.exe.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2006-12-22 05:29 67752 ----a-w- c:\program files\Adobe\Photoshop Elements 5.0\apdproxy.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Center Agent]
2009-08-18 19:02 1520128 ----a-w- c:\program files\KWorld Multimedia\HyperMedia\DTVR\Scheduled.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-03-21 21:10 1230704 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 09:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotkeyApp]
2007-04-26 17:29 188416 ----a-w- c:\program files\Launch Manager\HotkeyApp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
2009-06-17 16:55 55824 ----a-w- c:\windows\KHALMNPR.Exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 13:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM2_Monitor]
2006-12-01 20:28 95800 ----a-w- c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PE2CKFNT SE]
1998-07-03 10:51 25088 ------w- c:\program files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-10-29 12:49 249064 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2008-01-19 11:41 185896 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2011-03-17 19:56 74752 ----a-w- c:\program files\Winamp\winampa.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2006-11-02 12:36 201728 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2006-11-02 167936]
R3 BthAvrcp;Bluetooth-AVRCP-Profil;c:\windows\system32\DRIVERS\BthAvrcp.sys [2010-02-05 28048]
R4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-12-20 135664]
S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110309.001\BHDrvx86.sys [2011-02-25 800376]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110407.001\IDSvix86.sys [2011-03-14 353912]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-11-15 102448]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
.
Inhalt des "geplante Tasks" Ordners
.
2011-04-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-20 09:10]
.
2011-04-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-20 09:10]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Zaphod\AppData\Roaming\Mozilla\Firefox\Profiles\3pbm62fv.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Norton IPS: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn
FF - Ext: Norton Toolbar: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62} - c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn
FF - Ext: DivX Plus Web Player HTML5 <video>: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\DivX\DivX Plus Web Player\firefox\wpa
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
SafeBoot-klmdb.sys
MSConfigStartUp-cleansweep - c:\cleansweep.exe\cleansweep.exe
MSConfigStartUp-CtrlVol - c:\program files\Launch Manager\CtrlVol.exe
MSConfigStartUp-LaunchAp - c:\program files\Launch Manager\LaunchAp.exe
MSConfigStartUp-MobileConnect - %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\QTTask.exe
MSConfigStartUp-Wbutton - c:\program files\Launch Manager\WButton.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-04-08 12:35
Windows 6.0.6000 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\18.5.0.125\diMaster.dll\" /prefetch:1"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2011-04-08 12:40:43
ComboFix-quarantined-files.txt 2011-04-08 10:40
.
Vor Suchlauf: 13 Verzeichnis(se), 184.853.966.848 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 184.252.383.232 Bytes frei
.
- - End Of File - - 32828BEAC649B8580D4EA4B5001AC5D0
Stephi |
|
08.04.2011, 14:02
| #14 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojan.Hiloti.Gen / Appcrash svchost.exe / Google Redirects / ständige Angriffe etc.Zitat:
Wo ist das SP2? Nichtmal SP1 ist drauf! Wo ist IE9 oder zumindest IE8?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
08.04.2011, 15:54
| #15 |
| | Trojan.Hiloti.Gen / Appcrash svchost.exe / Google Redirects / ständige Angriffe etc. Hallo Arne, ich versteh das auch nicht. Die automatischen Updates über Windows Update habe ich immer ausgeführt. Dachte eigentlich, dass dieses Programm auch die SP's installiert. War aber nicht so. Habe deshalb mehrmals (gerade eben auch noch einmal) versucht, das SP1 manuell zu installieren. Klappt aber nicht. Sagt mir immer am Ende der Installation, dass SP1 nicht installiert werden konnte und alle Änderungen rückgängig gemacht werden. (Norton, Windows Firewall und Defender waren immer ausgeschaltet und ich habe das SP auch immer als Admin gestartet). Wenn er wieder hochfährt, zeigt er mir den Fehlercode 0x800F0826 an. Soll ich Norton deinstallieren? Mir fällt nix mehr ein.  Grüße, Stephi |
|
| Themen zu Trojan.Hiloti.Gen / Appcrash svchost.exe / Google Redirects / ständige Angriffe etc. |
| anti-malware, appdata, dateien, explorer, explorer.exe, funktioniert, funktioniert nicht mehr, google, infected, leitet, malwarebytes, microsoft, nicht mehr, probleme, roaming, software, svchost.exe, system, taskleiste, temp, update, vista, windows, windows dienst, windows update, windows vista, winlogon |
Linear-Darstellung
