|
Log-Analyse und Auswertung: Trojan.Hiloti.Gen / Appcrash svchost.exe / Google Redirects / ständige Angriffe etc.Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
06.04.2011, 18:22 | #1 |
| Trojan.Hiloti.Gen / Appcrash svchost.exe / Google Redirects / ständige Angriffe etc. (Kenne mich nicht so aus, also bitte nicht wundern, ich geb mein Bestes) Habe seit einigen Tagen mehrere Probleme auf meiner Windows Vista Partition: Norton meldet ständig Angriffe (Tidserv Activity : System Infected). Es sind immer die selben IP's, anscheinend russische. Windows Update funktioniert nicht. Google leitet mich öfter um. Es kommt ständig die Meldung 'Windows Dienst funktioniert nicht mehr', Appcrash, svchost.exe. Manchmal wechselt das Design meiner Taskleiste und sieht dann wie das von XP aus, auch bei dem Fenster von 'Windows Dienst funktioniert nicht' hab ich das XP-Design. Hier meine Malwarebytes logfile Code:
ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 6283 Windows 6.0.6000 Internet Explorer 7.0.6000.17037 ########## mbam-log-2011-04-06 (11-05-39).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 150130 Laufzeit: 5 Minute(n), 51 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 2 Infizierte Dateiobjekte der Registrierung: 1 Infizierte Verzeichnisse: 0 Infizierte Dateien: 2 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell.Gen) -> Value: Shell -> Delete on reboot. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer (PUM.Bad.Proxy) -> Value: ProxyServer -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (explorer.exe,C:\Users\Zaphod\AppData\Roaming\Microsoft\Windows\shell.exe) Good: (Explorer.exe) -> Quarantined and deleted successfully. Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: c:\Users\Zaphod\AppData\Local\Temp\snwroeaxcm.exe (Trojan.Hiloti.Gen) -> Quarantined and deleted successfully. c:\Users\Zaphod\AppData\Roaming\chkntfs.dat (Malware.Trace) -> Quarantined and deleted successfully. |
06.04.2011, 19:57 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Trojan.Hiloti.Gen / Appcrash svchost.exe / Google Redirects / ständige Angriffe etc. Hallo und
__________________Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! Danach OTL: Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________ |
07.04.2011, 14:01 | #3 |
| Trojan.Hiloti.Gen / Appcrash svchost.exe / Google Redirects / ständige Angriffe etc. Vielen Dank für die schnelle Antwort. Habe schon einmal versucht zu posten, hat aber anscheinend nicht funktioniert.
__________________Hier die logfilfe von Malwarebytes nach Aktualisierung und Vollscan: Code:
ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 6290 Windows 6.0.6000 Internet Explorer 7.0.6000.17037 07.04.2011 00:04 mbam-log-2011-04-07 (00-04-00).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|F:\|) Durchsuchte Objekte: 277464 Laufzeit: 1 Stunde(n), 14 Minute(n), 30 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) Code:
ATTFilter OTL logfile created on: 07.04.2011 14:16:23 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Zaphod\Downloads Windows Vista Business Edition (Version = 6.0.6000) - Type = NTWorkstation Internet Explorer (Version = 7.0.6000.17037) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 48,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 78,00% Paging File free Paging file location(s): ?:\pagefile.sys %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 218,41 Gb Total Space | 172,77 Gb Free Space | 79,10% Space Free | Partition Type: NTFS Computer Name: ZAPHOD-LAB | User Name: Zaphod | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Zaphod\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe (Symantec Corporation) PRC - C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.) PRC - C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE (Logitech, Inc.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - C:\Users\Zaphod\Downloads\OTL.exe (OldTimer Tools) MOD - C:\PROGRAM FILES\NORTON INTERNET SECURITY\ENGINE\18.5.0.125\ASOEHOOK.DLL (Symantec Corporation) MOD - C:\PROGRAM FILES\NORTON INTERNET SECURITY\ENGINE\18.5.0.125\Microsoft.VC90.CRT\MSVCR90.dll (Microsoft Corporation) MOD - C:\PROGRAM FILES\NORTON INTERNET SECURITY\ENGINE\18.5.0.125\Microsoft.VC90.CRT\MSVCP90.dll (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (NIS) -- C:\Program Files\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe (Symantec Corporation) SRV - (LBTServ) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.) SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV - (AdobeActiveFileMonitor5.0) -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe () SRV - (WisLMSvc) -- C:\Program Files\Launch Manager\WisLMSvc.exe (Wistron Corp.) ========== Driver Services (SafeList) ========== DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110406.003\NAVEX15.SYS (Symantec Corporation) DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110406.003\NAVENG.SYS (Symantec Corporation) DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110405.001\IDSvix86.sys (Symantec Corporation) DRV - (BHDrvx86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110309.001\BHDrvx86.sys (Symantec Corporation) DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation) DRV - (SYMTDIv) -- C:\Windows\System32\Drivers\NIS\1205000.07D\SYMTDIV.SYS (Symantec Corporation) DRV - (SRTSP) -- C:\Windows\System32\Drivers\NIS\1205000.07D\SRTSP.SYS (Symantec Corporation) DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\system32\drivers\NIS\1205000.07D\SRTSPX.SYS (Symantec Corporation) DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys () DRV - (SymEFA) -- C:\Windows\system32\drivers\NIS\1205000.07D\SYMEFA.SYS (Symantec Corporation) DRV - (SymIRON) -- C:\Windows\system32\drivers\NIS\1205000.07D\Ironx86.SYS (Symantec Corporation) DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation) DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation) DRV - (SymDS) -- C:\Windows\system32\drivers\NIS\1205000.07D\SYMDS.SYS (Symantec Corporation) DRV - (BthAvrcp) -- C:\Windows\System32\drivers\BthAvrcp.sys (CSR, plc) DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.) DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.) DRV - (USBModem) -- C:\Windows\System32\drivers\lgusbmodem.sys (LG Electronics Inc.) DRV - (UsbDiag) -- C:\Windows\System32\drivers\lgusbdiag.sys (LG Electronics Inc.) DRV - (usbbus) -- C:\Windows\System32\drivers\lgusbbus.sys (LG Electronics Inc.) DRV - (SVKP) -- C:\Windows\System32\SVKP.sys (AntiCracking) DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.) DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys () DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys () DRV - (AF15BDA) -- C:\Windows\System32\drivers\AF15BDA.sys (AfaTech ) DRV - (NETw4v32) Intel(R) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation) DRV - (USB28xxBGA) -- C:\Windows\System32\drivers\emBDA.sys (eMPIA Technology, Inc.) DRV - (USB28xxOEM) -- C:\Windows\System32\drivers\emOEM.sys (eMPIA Technology, Inc.) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation ) DRV - (Hotkey) -- C:\Windows\System32\drivers\HOTKEY.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.fujitsu-siemens.com/index2 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0 FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:5.5 FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94 FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94 FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\ [2011.01.13 19:48:04 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn\ [2011.01.07 04:05:19 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.03.29 10:10:21 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.03.29 10:10:21 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.04.06 14:17:21 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.04.06 14:17:16 | 000,000,000 | ---D | M] [2011.04.06 14:18:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Zaphod\AppData\Roaming\mozilla\Extensions [2011.04.06 14:21:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Zaphod\AppData\Roaming\mozilla\Firefox\Profiles\3pbm62fv.default\extensions [2011.04.06 14:21:22 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Zaphod\AppData\Roaming\mozilla\Firefox\Profiles\3pbm62fv.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.04.06 14:17:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions [2011.04.06 14:03:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011.03.29 10:10:21 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\HTML5VIDEO [2011.03.29 10:10:21 | 000,000,000 | ---D | M] (DivX HiQ) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\WPA [2011.01.07 04:05:19 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\COFFPLGN [2011.01.13 19:48:04 | 000,000,000 | ---D | M] (Norton IPS) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPLGN [2011.04.06 14:02:30 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011.03.17 21:57:30 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll [2011.03.20 01:06:12 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.03.20 01:06:12 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.03.20 01:06:13 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011.03.20 01:06:13 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011.03.20 01:06:13 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2011.04.06 13:02:04 | 000,432,311 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 O1 - Hosts: 127.0.0.1 O1 - Hosts: 127.0.0.1 O1 - Hosts: 127.0.0.1 O1 - Hosts: 127.0.0.1 O1 - Hosts: 127.0.0.1 O1 - Hosts: 127.0.0.1 O1 - Hosts: 127.0.0.1 O1 - Hosts: 127.0.0.1 O1 - Hosts: 127.0.0.1 O1 - Hosts: 127.0.0.1 O1 - Hosts: 127.0.0.1 O1 - Hosts: 127.0.0.1 O1 - Hosts: 127.0.0.1 O1 - Hosts: 127.0.0.1 O1 - Hosts: 127.0.0.1 O1 - Hosts: 127.0.0.1 O1 - Hosts: 127.0.0.1 O1 - Hosts: 127.0.0.1 O1 - Hosts: 127.0.0.1 O1 - Hosts: 127.0.0.1 O1 - Hosts: 127.0.0.1 O1 - Hosts: 127.0.0.1 O1 - Hosts: 14882 more lines... O2 - BHO: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll () O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\coIEPlg.dll (Symantec Corporation) O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\IPS\IPSBHO.DLL (Symantec Corporation) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\coIEPlg.dll (Symantec Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll () O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\coIEPlg.dll (Symantec Corporation) O4 - HKLM..\Run: [MSConfig] C:\Windows\System32\msconfig.exe (Microsoft Corporation) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files\vShare\vshare_toolbar.dll () O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Zaphod\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Zaphod\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{5d118db0-23b3-11e0-baaa-8412d60bb5e4}\Shell - "" = AutoRun O33 - MountPoints2\{5d118db0-23b3-11e0-baaa-8412d60bb5e4}\Shell\AutoRun\command - "" = E:\LGAutoRun.exe O33 - MountPoints2\{77d23c94-c14c-11dd-8837-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{77d23c94-c14c-11dd-8837-806e6f6e6963}\Shell\AutoRun\command - "" = D:\setup.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.04.06 17:22:48 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.04.06 17:22:42 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.04.06 15:07:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2011.04.06 14:18:07 | 000,000,000 | ---D | C] -- C:\Users\Zaphod\AppData\Roaming\Mozilla [2011.04.06 14:03:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2011.04.06 14:03:06 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2011.04.06 14:03:06 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2011.04.06 14:03:06 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2011.04.06 14:02:22 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2011.04.06 13:59:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer [2011.04.06 13:59:45 | 000,180,224 | ---- | C] (Apple Inc.) -- C:\Windows\System32\QTCF.dll [2011.04.06 13:59:45 | 000,094,208 | ---- | C] (Apple Inc.) -- C:\Windows\System32\QuickTimeVR.qtx [2011.04.06 13:59:45 | 000,069,632 | ---- | C] (Apple Inc.) -- C:\Windows\System32\QuickTime.qts [2011.04.06 13:59:39 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime Alternative [2011.04.06 12:18:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2011.04.06 12:18:37 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy [2011.04.06 10:52:23 | 000,000,000 | ---D | C] -- C:\Users\Zaphod\AppData\Roaming\Malwarebytes [2011.04.06 10:52:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.04.06 10:52:03 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2011.04.02 16:06:35 | 000,000,000 | ---D | C] -- C:\Program Files\MSN [2011.03.31 15:55:43 | 000,962,560 | ---- | C] (East Wind Software) -- C:\Windows\System32\advdaudio.ocx [2011.03.31 15:55:43 | 000,835,584 | ---- | C] (NCT) -- C:\Windows\System32\NCTAudioCDGrabber2.dll [2011.03.31 15:55:43 | 000,634,880 | ---- | C] (Online Media Technologies Ltd.) -- C:\Windows\System32\NCTAudioEditor2.dll [2011.03.31 15:55:43 | 000,522,752 | ---- | C] (Online Media Technologies Ltd.) -- C:\Windows\System32\NCTAudioTransform2.dll [2011.03.31 15:55:43 | 000,479,232 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\NCTAudioVisualization2.dll [2011.03.31 15:55:43 | 000,348,160 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\NCTWMAFile2.dll [2011.03.31 15:55:42 | 000,966,144 | ---- | C] (Online Media Technologies Ltd.) -- C:\Windows\System32\NCTAudioInformation2.dll [2011.03.31 15:55:42 | 000,877,568 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\NCTAudioFile2.dll [2011.03.31 15:55:42 | 000,467,968 | ---- | C] (Online Media Technologies Ltd.) -- C:\Windows\System32\NCTAudioRecord2.dll [2011.03.31 15:55:42 | 000,467,456 | ---- | C] (Online Media Technologies Ltd.) -- C:\Windows\System32\NCTAudioPlayer2.dll [2011.03.31 15:55:42 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcr70.dll [2011.03.31 15:55:41 | 000,000,000 | ---D | C] -- C:\Program Files\concept design [2011.03.29 10:11:26 | 000,000,000 | ---D | C] -- C:\Users\Zaphod\AppData\Local\DDMSettings [2011.03.27 21:59:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus [2011.03.27 21:59:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared [2011.03.26 14:36:27 | 000,000,000 | ---D | C] -- C:\Users\Zaphod\AppData\Roaming\EAC [2011.03.26 14:36:18 | 000,000,000 | ---D | C] -- C:\Users\Zaphod\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Exact Audio Copy [2011.03.26 14:36:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Exact Audio Copy [2011.03.26 14:36:17 | 000,000,000 | ---D | C] -- C:\Program Files\Exact Audio Copy [2011.03.26 11:54:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Driver Whiz [2011.03.24 23:12:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Monkey's Audio [2011.03.24 23:12:25 | 000,364,544 | ---- | C] (Matthew T. Ashland) -- C:\Windows\System32\MACDll.dll [2011.03.24 23:12:25 | 000,246,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unicows.dll [2011.03.24 23:12:24 | 000,000,000 | ---D | C] -- C:\Program Files\Monkey's Audio [2011.03.24 15:30:52 | 000,000,000 | ---D | C] -- C:\Program Files\LG Electronics [2011.03.24 15:12:19 | 000,000,000 | ---D | C] -- C:\Users\Zaphod\AppData\Roaming\Amazon [2011.03.24 15:11:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon [2011.03.24 15:11:20 | 000,000,000 | ---D | C] -- C:\Program Files\Amazon [2011.03.24 14:42:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp [2011.03.24 14:42:09 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_42.dll [2011.03.24 14:41:16 | 000,000,000 | ---D | C] -- C:\Users\Zaphod\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Winamp Erkennungs-Plug-in [2011.03.24 14:41:16 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp Detect [2011.03.24 14:39:31 | 000,000,000 | ---D | C] -- C:\Users\Zaphod\AppData\Roaming\Winamp [2011.03.24 14:39:31 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp [2011.03.09 13:22:23 | 000,000,000 | ---D | C] -- C:\Program Files\DivX [3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.04.07 14:15:09 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.04.07 14:14:41 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.04.07 14:14:41 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.04.07 14:14:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.04.07 14:14:01 | 2137,432,064 | -HS- | M] () -- C:\hiberfil.sys [2011.04.07 02:46:42 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2011.04.07 02:37:39 | 000,644,854 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.04.07 02:37:39 | 000,613,046 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.04.07 02:37:39 | 000,117,716 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.04.07 02:37:39 | 000,104,768 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.04.07 00:47:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.04.06 17:22:48 | 000,000,912 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.04.06 14:17:22 | 000,001,730 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2011.04.06 14:11:59 | 000,019,277 | ---- | M] () -- C:\Users\Zaphod\Desktop\bookmarks-2011-04-06.json [2011.04.06 14:02:30 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll [2011.04.06 14:02:30 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2011.04.06 14:02:30 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2011.04.06 14:02:30 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2011.04.06 14:00:56 | 000,001,903 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk [2011.04.06 14:00:55 | 000,001,401 | ---- | M] () -- C:\Users\Zaphod\Desktop\DivX Movies.lnk [2011.04.06 13:02:04 | 000,432,311 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts [2011.04.05 21:35:36 | 406,186,373 | ---- | M] () -- C:\Windows\MEMORY.DMP [2011.04.03 00:52:18 | 000,007,102 | ---- | M] () -- C:\Users\Zaphod\Desktop\9783867300940.jpg [2011.04.02 16:14:14 | 000,433,272 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.04.02 15:46:44 | 000,101,376 | ---- | M] (Infineon Technologies AG) -- C:\Windows\System32\ifxcardm.dll [2011.04.02 15:46:07 | 000,079,872 | ---- | M] (Axalto, Inc.) -- C:\Windows\System32\axaltocm.dll [2011.04.02 13:38:24 | 000,152,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SPWizUI.dll [2011.04.02 13:38:24 | 000,047,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SPReview.exe [2011.03.30 18:06:14 | 000,000,436 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics [2011.03.26 14:36:20 | 000,000,873 | ---- | M] () -- C:\Users\Zaphod\Desktop\Exact Audio Copy.lnk [2011.03.25 16:24:53 | 000,012,288 | ---- | M] () -- C:\Users\Zaphod\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.03.23 15:20:58 | 000,031,027 | ---- | M] () -- C:\Users\Zaphod\Desktop\SkizzeJohnson.jpg [2011.03.12 11:27:38 | 000,007,020 | ---- | M] () -- C:\Users\Zaphod\Desktop\Rittersdorf1 an Schubert 27.2.11.pdf [2011.03.12 11:21:03 | 001,369,134 | ---- | M] () -- C:\Users\Zaphod\Desktop\00000001.TIF [3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.04.06 17:22:48 | 000,000,912 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.04.06 15:06:20 | 000,001,839 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk [2011.04.06 14:17:22 | 000,001,730 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2011.04.06 14:11:59 | 000,019,277 | ---- | C] () -- C:\Users\Zaphod\Desktop\bookmarks-2011-04-06.json [2011.04.06 14:00:56 | 000,001,903 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk [2011.04.06 14:00:55 | 000,001,401 | ---- | C] () -- C:\Users\Zaphod\Desktop\DivX Movies.lnk [2011.04.05 23:22:14 | 2137,432,064 | -HS- | C] () -- C:\hiberfil.sys [2011.04.03 00:50:28 | 000,007,102 | ---- | C] () -- C:\Users\Zaphod\Desktop\9783867300940.jpg [2011.03.31 15:55:43 | 000,110,080 | ---- | C] () -- C:\Windows\System32\advd.dll [2011.03.31 15:55:43 | 000,023,040 | ---- | C] () -- C:\Windows\System32\auth.dll [2011.03.31 15:55:42 | 000,237,568 | ---- | C] () -- C:\Windows\System32\lame_enc.dll [2011.03.26 14:36:19 | 000,000,873 | ---- | C] () -- C:\Users\Zaphod\Desktop\Exact Audio Copy.lnk [2011.03.23 15:20:56 | 000,031,027 | ---- | C] () -- C:\Users\Zaphod\Desktop\SkizzeJohnson.jpg [2011.03.12 11:27:38 | 000,007,020 | ---- | C] () -- C:\Users\Zaphod\Desktop\Rittersdorf1 an Schubert 27.2.11.pdf [2011.03.12 11:21:02 | 001,369,134 | ---- | C] () -- C:\Users\Zaphod\Desktop\00000001.TIF [2010.12.31 19:36:00 | 000,001,378 | ---- | C] () -- C:\Windows\System32\SpoonUninstall-dBpowerAMP WMA V9.1 Codec.dat [2010.12.31 19:35:43 | 000,002,180 | ---- | C] () -- C:\Windows\System32\SpoonUninstall-dBpowerAMP WMA V9 Codec.dat [2010.12.31 19:33:45 | 000,002,605 | ---- | C] () -- C:\Windows\System32\SpoonUninstall-dBpowerAMP Wavpack Codec.dat [2010.11.16 22:47:39 | 000,012,288 | ---- | C] () -- C:\Users\Zaphod\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.03.04 13:03:32 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib [2009.09.01 20:20:34 | 000,179,200 | ---- | C] () -- C:\Windows\System32\Un_PLUSr.dll [2009.08.12 14:53:28 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI [2009.08.12 14:13:03 | 000,000,035 | ---- | C] () -- C:\Windows\A4W.INI [2009.08.12 14:12:03 | 000,000,319 | ---- | C] () -- C:\Windows\ULEAD32.INI [2009.07.10 19:26:47 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2009.06.06 11:03:06 | 000,000,760 | ---- | C] () -- C:\Users\Zaphod\AppData\Roaming\setup_ldm.iss [2009.05.09 17:49:35 | 000,000,046 | ---- | C] () -- C:\Windows\QTW.INI [2008.07.12 21:28:24 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat [2008.05.30 13:48:34 | 000,010,840 | ---- | C] () -- C:\Windows\System32\SpoonUninstall-dMC Power Pack.dat [2008.05.30 13:37:54 | 000,036,104 | ---- | C] () -- C:\Windows\System32\SpoonUninstall-dBpowerAMP Music Converter.dat [2008.02.21 11:39:52 | 000,069,632 | ---- | C] () -- C:\Windows\System32\xmltok.dll [2008.02.21 11:39:51 | 000,036,864 | ---- | C] () -- C:\Windows\System32\xmlparse.dll [2008.02.18 09:22:21 | 000,271,360 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2008.02.18 09:22:19 | 000,018,048 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2008.02.11 20:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll [2008.02.11 20:34:48 | 002,215,364 | ---- | C] () -- C:\Windows\System32\igklg400.bin [2008.02.11 20:34:48 | 001,971,732 | ---- | C] () -- C:\Windows\System32\igklg450.bin [2008.02.11 20:34:48 | 000,029,932 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.bin [2008.02.05 18:38:49 | 000,000,850 | ---- | C] () -- C:\Windows\System32\SpoonUninstall-Ogg Vorbis aoTuV b4 SSE2.dat [2008.02.05 18:38:44 | 000,000,789 | ---- | C] () -- C:\Windows\System32\SpoonUninstall-Ogg Vorbis aoTuV b4.dat [2008.02.05 18:29:31 | 000,130,048 | ---- | C] () -- C:\Windows\System32\SpoonUninstall.exe [2008.01.31 16:40:36 | 000,000,034 | ---- | C] () -- C:\Windows\cdplayer.ini [2007.12.10 14:49:41 | 000,217,088 | R--- | C] () -- C:\Windows\System32\MafiaSetup.exe [2007.10.11 10:52:30 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll [2007.09.29 21:30:39 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll [2007.09.29 21:30:39 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll [2007.09.29 21:30:39 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll [2007.09.29 21:21:53 | 000,038,674 | ---- | C] () -- C:\Windows\DIIUnin.dat [2007.09.27 20:48:18 | 000,009,867 | ---- | C] () -- C:\Windows\System32\drivers\HOTKEY.sys [2007.09.27 20:47:03 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat [2007.09.05 17:56:47 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2007.09.05 17:56:32 | 000,910,464 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll [2007.09.05 17:56:32 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1268.dll [2007.07.11 13:38:37 | 000,040,448 | ---- | C] () -- C:\Windows\REGOBJ.DLL [2007.02.02 11:56:54 | 000,644,854 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2007.02.02 11:56:54 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2007.02.02 11:56:54 | 000,117,716 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2007.02.02 11:56:54 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2006.12.01 18:34:16 | 000,053,248 | ---- | C] () -- C:\Windows\System32\PhysXLoader.dll [2006.11.22 11:37:08 | 000,045,056 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll [2006.11.22 11:37:08 | 000,045,056 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll [2006.11.22 11:37:08 | 000,045,056 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll [2006.11.22 11:37:08 | 000,045,056 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll [2006.11.22 11:37:08 | 000,045,056 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll [2006.11.22 11:37:08 | 000,045,056 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll [2006.11.22 11:37:08 | 000,045,056 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll [2006.11.22 11:37:08 | 000,045,056 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll [2006.11.22 11:37:08 | 000,045,056 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll [2006.11.02 14:56:48 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:47:43 | 000,433,272 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 14:36:36 | 000,063,488 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2006.11.02 12:33:01 | 000,613,046 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 12:33:01 | 000,104,768 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2006.11.02 09:22:43 | 000,099,999 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2006.11.02 09:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [1997.06.14 08:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2 @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8 < End of report > Code:
ATTFilter OTL Extras logfile created on: 07.04.2011 14:16:23 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Zaphod\Downloads Windows Vista Business Edition (Version = 6.0.6000) - Type = NTWorkstation Internet Explorer (Version = 7.0.6000.17037) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 48,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 78,00% Paging File free Paging file location(s): ?:\pagefile.sys %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 218,41 Gb Total Space | 172,77 Gb Free Space | 79,10% Space Free | Partition Type: NTFS Computer Name: ZAPHOD-LAB | User Name: Zaphod | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~1\Office12\ONENOTE.EXE "%L" Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] cval = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride = 0 AntiSpywareOverride = 0 FirewallOverride = 0 VistaSp1 = Reg Error: Unknown registry data type -- File not found ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] DisableNotifications = 0 EnableFirewall = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] DisableNotifications = 0 EnableFirewall = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] DisableNotifications = 0 EnableFirewall = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] {275F5956-D7ED-4822-ACB6-4B629B3577A9} = lport=1434 | protocol=17 | dir=in | name=microsoft sql (udp) | {60A9F5A4-28C8-474B-A813-74A8A98F3B52} = lport=1433 | protocol=6 | dir=in | name=microsoft sql (tcp) | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] {207784FF-D210-49BD-8E48-5AEA2D7F76D3} = protocol=6 | dir=in | app=c:\program files\team mediaportal\mediaportal\mediaportal.exe | {2BC45063-1145-44EA-9CD3-8407E812538A} = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | {392E73D7-5E15-4540-AF1D-9368E33E21C5} = protocol=6 | dir=in | app=c:\program files\team mediaportal\mediaportal tv server\tvservice.exe | {4DEE3944-E82D-4F45-AB13-883446C35C27} = protocol=17 | dir=in | app=c:\program files\team mediaportal\mediaportal tv server\tvservice.exe | {4E3A8426-C85C-4682-A9FE-FAA1238F3206} = protocol=17 | dir=in | app=c:\program files\team mediaportal\mediaportal\mediaportal.exe | {914603C7-F9A7-4014-B60D-F9D708CBD455} = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | {DFC8FC5F-41EE-46D3-885A-F922882853D6} = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | TCP Query User{27302830-F8FA-408D-9136-67855E575A57}C:\program files\google\google earth\client\googleearth.exe = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | TCP Query User{64BFDC2F-794A-46BB-A254-51765551D2AE}C:\program files\mozilla firefox\firefox.exe = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | TCP Query User{6C42D564-CFED-4F85-B0E0-FCF87A7EF106}C:\program files\mozilla firefox\firefox.exe = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | TCP Query User{7C1F5E4E-8AC3-411C-A970-857226E08F06}D:\mirandaportable\app\miranda\miranda32.exe = protocol=6 | dir=in | app=d:\mirandaportable\app\miranda\miranda32.exe | TCP Query User{9F7ABBD7-6A20-4EA6-A4CD-728919EF5168}C:\program files\real\realplayer\realplay.exe = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe | TCP Query User{CEAAB43F-BF08-456A-B512-0891BC571FCF}C:\program files\diablo ii\game.exe = protocol=6 | dir=in | app=c:\program files\diablo ii\game.exe | TCP Query User{EE2DDEA0-2D95-49DA-BB15-5A7ED1343E12}C:\program files\google\google earth\plugin\geplugin.exe = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | TCP Query User{F7AA8D78-2DB0-4B95-A897-A8E4EDBF747D}C:\program files\real\realplayer\realplay.exe = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe | UDP Query User{06144DC5-5AE5-48D5-A5B3-4020E5030BCE}C:\program files\mozilla firefox\firefox.exe = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | UDP Query User{0BF4EA33-4EED-402C-A93F-114B74607A6D}C:\program files\google\google earth\plugin\geplugin.exe = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | UDP Query User{1BF43519-4D83-48EF-8790-A4ABD284887B}C:\program files\diablo ii\game.exe = protocol=17 | dir=in | app=c:\program files\diablo ii\game.exe | UDP Query User{77BA60A8-AAD3-4988-BDCF-81E90CB13BF4}C:\program files\mozilla firefox\firefox.exe = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | UDP Query User{9EF770DF-4FB1-41DF-B3EB-3D9C77DE3EC6}C:\program files\google\google earth\client\googleearth.exe = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | UDP Query User{BBBDA0F5-68FE-4E34-AFDD-D0489369CBE7}C:\program files\real\realplayer\realplay.exe = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe | UDP Query User{DE55D95C-9DC4-4744-AD1D-B57C6060E3A3}C:\program files\real\realplayer\realplay.exe = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe | UDP Query User{E02D339B-F031-451B-A799-5398751C26AD}D:\mirandaportable\app\miranda\miranda32.exe = protocol=17 | dir=in | app=d:\mirandaportable\app\miranda\miranda32.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] {052FDD78-A6EA-3187-8386-C82F4CA3A929} = Microsoft .NET Framework 3.5 Language Pack SP1 - deu {0C826C5B-B131-423A-A229-C71B3CACCD6A} = CDDRV_Installer {23F2AD64-EAB3-4C01-AECA-33FBA6C7BFCD} = Neverwinter Nights {25569723-DC5A-4467-A639-79535BF01B71} = Adobe Help Center 2.1 {26A24AE4-039D-4CA4-87B4-2F83216024FF} = Java(TM) 6 Update 24 {3101CB58-3482-4D21-AF1A-7057FC935355} = KhalInstallWrapper {4286E640-B5FB-11DF-AC4B-005056C00008} = Google Earth {4A03706F-666A-4037-7777-5F2748764D10} = Java Auto Updater {55D8440D-6577-46DC-9571-8E5E3046AC11} = X-TENSIONS EM_USB Device Utilities {5EE7D259-D137-4438-9A5F-42F432EC0421} = VC80CRTRedist - 8.0.50727.4053 {65DA2EC9-0642-47E9-AAE2-B5267AA14D75} = Activation Assistant for the 2007 Microsoft Office suites {69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4} = Windows Media Player Firefox Plugin {716E0306-8318-4364-8B8F-0CC4E9376BAC} = MSXML 4.0 SP2 Parser and SDK {7655E113-C306-11D9-A373-0050BAE317E1} = MCE Software Encoder 1.1 {89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} = Microsoft Silverlight {90120000-0015-0407-0000-0000000FF1CE} = Microsoft Office Access MUI (German) 2007 {90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISER_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD} = 2007 Microsoft Office Suite Service Pack 1 (SP1) {90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD} = 2007 Microsoft Office Suite Service Pack 1 (SP1) {90120000-0015-0409-0000-0000000FF1CE} = Microsoft Office Access MUI (English) 2007 {90120000-0016-0407-0000-0000000FF1CE} = Microsoft Office Excel MUI (German) 2007 {90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISER_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD} = 2007 Microsoft Office Suite Service Pack 1 (SP1) {90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD} = 2007 Microsoft Office Suite Service Pack 1 (SP1) {90120000-0016-0409-0000-0000000FF1CE} = Microsoft Office Excel MUI (English) 2007 {90120000-0018-0407-0000-0000000FF1CE} = Microsoft Office PowerPoint MUI (German) 2007 {90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISER_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD} = 2007 Microsoft Office Suite Service Pack 1 (SP1) {90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD} = 2007 Microsoft Office Suite Service Pack 1 (SP1) {90120000-0018-0409-0000-0000000FF1CE} = Microsoft Office PowerPoint MUI (English) 2007 {90120000-0019-0407-0000-0000000FF1CE} = Microsoft Office Publisher MUI (German) 2007 {90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISER_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD} = 2007 Microsoft Office Suite Service Pack 1 (SP1) {90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD} = 2007 Microsoft Office Suite Service Pack 1 (SP1) {90120000-0019-0409-0000-0000000FF1CE} = Microsoft Office Publisher MUI (English) 2007 {90120000-001A-0407-0000-0000000FF1CE} = Microsoft Office Outlook MUI (German) 2007 {90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISER_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD} = 2007 Microsoft Office Suite Service Pack 1 (SP1) {90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD} = 2007 Microsoft Office Suite Service Pack 1 (SP1) {90120000-001A-0409-0000-0000000FF1CE} = Microsoft Office Outlook MUI (English) 2007 {90120000-001B-0407-0000-0000000FF1CE} = Microsoft Office Word MUI (German) 2007 {90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISER_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD} = 2007 Microsoft Office Suite Service Pack 1 (SP1) {90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD} = 2007 Microsoft Office Suite Service Pack 1 (SP1) {90120000-001B-0409-0000-0000000FF1CE} = Microsoft Office Word MUI (English) 2007 {90120000-001F-0407-0000-0000000FF1CE} = Microsoft Office Proof (German) 2007 {90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISER_{2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9} = 2007 Microsoft Office Suite Service Pack 1 (SP1) {90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9} = 2007 Microsoft Office Suite Service Pack 1 (SP1) {90120000-001F-0409-0000-0000000FF1CE} = Microsoft Office Proof (English) 2007 {90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{3EC77D26-799B-4CD8-914F-C1565E796173} = 2007 Microsoft Office Suite Service Pack 1 (SP1) {90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{3EC77D26-799B-4CD8-914F-C1565E796173} = 2007 Microsoft Office Suite Service Pack 1 (SP1) {90120000-001F-040C-0000-0000000FF1CE} = Microsoft Office Proof (French) 2007 {90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{430971B1-C31E-45DA-81E0-72C095BAB72C} = 2007 Microsoft Office Suite Service Pack 1 (SP1) {90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{430971B1-C31E-45DA-81E0-72C095BAB72C} = 2007 Microsoft Office Suite Service Pack 1 (SP1) {90120000-001F-0410-0000-0000000FF1CE} = Microsoft Office Proof (Italian) 2007 {90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISER_{58FC5E37-DD28-4D4A-A549-125744C6763C} = 2007 Microsoft Office Suite Service Pack 1 (SP1) {90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{58FC5E37-DD28-4D4A-A549-125744C6763C} = 2007 Microsoft Office Suite Service Pack 1 (SP1) {90120000-001F-0C0A-0000-0000000FF1CE} = Microsoft Office Proof (Spanish) 2007 {90120000-002C-0407-0000-0000000FF1CE} = Microsoft Office Proofing (German) 2007 {90120000-002C-0409-0000-0000000FF1CE} = Microsoft Office Proofing (English) 2007 {90120000-0044-0407-0000-0000000FF1CE} = Microsoft Office InfoPath MUI (German) 2007 {90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISER_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD} = 2007 Microsoft Office Suite Service Pack 1 (SP1) {90120000-006E-0407-0000-0000000FF1CE} = Microsoft Office Shared MUI (German) 2007 {90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISER_{888B9AC7-8F5C-456B-A27A-157A6C310E52} = 2007 Microsoft Office Suite Service Pack 1 (SP1) {90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{888B9AC7-8F5C-456B-A27A-157A6C310E52} = 2007 Microsoft Office Suite Service Pack 1 (SP1) {90120000-006E-0409-0000-0000000FF1CE} = Microsoft Office Shared MUI (English) 2007 {90120000-00A1-0407-0000-0000000FF1CE} = Microsoft Office OneNote MUI (German) 2007 {90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISER_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD} = 2007 Microsoft Office Suite Service Pack 1 (SP1) {90120000-00B2-0407-0000-0000000FF1CE} = Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme {90120000-00BA-0407-0000-0000000FF1CE} = Microsoft Office Groove MUI (German) 2007 {90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISER_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD} = 2007 Microsoft Office Suite Service Pack 1 (SP1) {90120000-0115-0409-0000-0000000FF1CE} = Microsoft Office Shared Setup Metadata MUI (English) 2007 {90120000-0117-0409-0000-0000000FF1CE} = Microsoft Office Access Setup Metadata MUI (English) 2007 {91120000-0030-0000-0000-0000000FF1CE} = Microsoft Office Enterprise 2007 {91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{BEE75E01-DD3F-4D5F-B96C-609E6538D419} = 2007 Microsoft Office Suite Service Pack 1 (SP1) {91120000-0031-0000-0000-0000000FF1CE} = Microsoft Office Professional Hybrid 2007 {91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419} = 2007 Microsoft Office Suite Service Pack 1 (SP1) {9A25302D-30C0-39D9-BD6F-21E6EC160475} = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 {A49F249F-0C91-497F-86DF-B2585E8E76B7} = Microsoft Visual C++ 2005 Redistributable {A7B609FB-83D8-4FC3-8477-1BC65ECFE85B} = Adobe Photoshop Elements 5.0 {A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} = Google Update Helper {AC76BA86-7AD7-1031-7B44-A81300000003} = Adobe Reader 8.1.3 - Deutsch {AC76BA86-7AD7-5464-3428-800000000003} = Spelling Dictionaries Support For Adobe Reader 8 {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} = Microsoft .NET Framework 3.5 SP1 {D0846526-66DD-4DC9-A02C-98F9A2806812} = Launch Manager V1.4.6 {D34D82E0-4600-407B-9478-8506C1DD1031} = Nero 7 Essentials {DC24971E-1946-445D-8A82-CE685433FA7D} = Realtek USB 2.0 Card Reader {E1640DA5-89B4-4F52-B15D-5DA3D14F29D4} = LG USB Modem Drivers {F0FC1E09-AF67-47BC-9E61-90ECFEB4CE82} = OLYMPUS Master 2 {F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E} = Logitech SetPoint Activation Assistant for the 2007 Microsoft Office suites = Activation Assistant for the 2007 Microsoft Office suites Adobe Flash Player Plugin = Adobe Flash Player 10 Plugin Adobe Photoshop Elements 5 = Adobe Photoshop Elements 5.0 Adobe Shockwave Player = Adobe Shockwave Player 11.5 Amazon MP3-Downloader = Amazon MP3-Downloader 1.0.9 CNXT_AUDIO_HDA = Conexant HD Audio dBASE PLUS series1 Runtime Engine = dBASE PLUS Runtime Engine dBpowerAMP Music Converter = dBpowerAMP Music Converter dBpowerAMP Wavpack Codec = dBpowerAMP Wavpack Codec dBpowerAMP WMA V9 Codec = dBpowerAMP WMA V9 Codec dBpowerAMP WMA V9.1 Codec = dBpowerAMP WMA V9.1 Codec Diablo II = Diablo II DivX Setup.divx.com = DivX-Setup dMC Power Pack = dMC Power Pack EAX Unified = EAX Unified ENTERPRISER = Microsoft Office Enterprise 2007 Exact Audio Copy = Exact Audio Copy 1.0beta1 HDMI = Intel(R) Graphics Media Accelerator Driver HyperMedia_is1 = HyperMedia Software HyperMediaCenter 3.6_is1 = HyperMediaCenter 3.6 Malwarebytes' Anti-Malware_is1 = Malwarebytes' Anti-Malware Microsoft .NET Framework 3.5 Language Pack SP1 - deu = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU Microsoft .NET Framework 3.5 SP1 = Microsoft .NET Framework 3.5 SP1 Monkey's Audio_is1 = Monkey's Audio Mozilla Firefox (3.6.16) = Mozilla Firefox (3.6.16) NIS = Norton Internet Security Ogg Vorbis aoTuV b4 = Ogg Vorbis aoTuV b4 Ogg Vorbis aoTuV b4 SSE2 = Ogg Vorbis aoTuV b4 SSE2 PROHYBRIDR = 2007 Microsoft Office system QuicktimeAlt_is1 = QuickTime Alternative 3.2.2 RealPlayer 6.0 = RealPlayer SynTPDeinstKey = Synaptics Pointing Device Driver Ulead Photo Express 2.0 SE = Ulead Photo Express 2.0 SE Veetle TV = Veetle TV 0.9.18 VLC media player = VideoLAN VLC media player 0.8.6c vShare = vShare Plugin Winamp = Winamp WinRAR archiver = WinRAR ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] Winamp Detect = Winamp Erkennungs-Plug-in ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 06.04.2011 18:46:53 | Computer Name = Zaphod-Lab | Source = Microsoft-Windows-CAPI2 | ID = 131077 Description = Error - 06.04.2011 18:46:53 | Computer Name = Zaphod-Lab | Source = Microsoft-Windows-CAPI2 | ID = 131077 Description = Error - 06.04.2011 18:46:53 | Computer Name = Zaphod-Lab | Source = Microsoft-Windows-CAPI2 | ID = 131077 Description = Error - 06.04.2011 18:47:16 | Computer Name = Zaphod-Lab | Source = Microsoft-Windows-CAPI2 | ID = 131077 Description = Error - 06.04.2011 18:47:16 | Computer Name = Zaphod-Lab | Source = Microsoft-Windows-CAPI2 | ID = 131077 Description = Error - 06.04.2011 18:47:19 | Computer Name = Zaphod-Lab | Source = Microsoft-Windows-CAPI2 | ID = 131077 Description = Error - 06.04.2011 18:47:19 | Computer Name = Zaphod-Lab | Source = Microsoft-Windows-CAPI2 | ID = 131077 Description = Error - 06.04.2011 18:52:58 | Computer Name = Zaphod-Lab | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung svchost.exe, Version 6.0.6000.16386, Zeitstempel 0x4549adc4, fehlerhaftes Modul ntdll.dll, Version 6.0.6000.16386, Zeitstempel 0x4549bdc9, Ausnahmecode 0xc000071b, Fehleroffset 0x0008ac88, Prozess-ID 0x41c, Anwendungsstartzeit 01cbf4aa898b77e2. Error - 06.04.2011 20:24:17 | Computer Name = Zaphod-Lab | Source = WerSvc | ID = 5007 Description = Error - 06.04.2011 20:30:41 | Computer Name = Zaphod-Lab | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung svchost.exe, Version 6.0.6000.16386, Zeitstempel 0x4549adc4, fehlerhaftes Modul ntdll.dll, Version 6.0.6000.16386, Zeitstempel 0x4549bdc9, Ausnahmecode 0xc0000005, Fehleroffset 0x00040026, Prozess-ID 0x414, Anwendungsstartzeit 01cbf4b920c701ad. [ System Events ] Error - 06.04.2011 16:47:15 | Computer Name = Zaphod-Lab | Source = Service Control Manager | ID = 7026 Description = Error - 06.04.2011 17:47:04 | Computer Name = Zaphod-Lab | Source = DCOM | ID = 10005 Description = Error - 06.04.2011 18:33:23 | Computer Name = Zaphod-Lab | Source = Service Control Manager | ID = 7000 Description = Error - 06.04.2011 18:33:23 | Computer Name = Zaphod-Lab | Source = Service Control Manager | ID = 7026 Description = Error - 06.04.2011 19:01:29 | Computer Name = Zaphod-Lab | Source = DCOM | ID = 10005 Description = Error - 06.04.2011 20:17:44 | Computer Name = Zaphod-Lab | Source = Service Control Manager | ID = 7000 Description = Error - 06.04.2011 20:17:44 | Computer Name = Zaphod-Lab | Source = Service Control Manager | ID = 7026 Description = Error - 06.04.2011 20:33:41 | Computer Name = Zaphod-Lab | Source = Service Control Manager | ID = 7032 Description = Error - 07.04.2011 08:15:11 | Computer Name = Zaphod-Lab | Source = Service Control Manager | ID = 7000 Description = Error - 07.04.2011 08:15:11 | Computer Name = Zaphod-Lab | Source = Service Control Manager | ID = 7026 Description = < End of report > |
07.04.2011, 14:41 | #4 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Trojan.Hiloti.Gen / Appcrash svchost.exe / Google Redirects / ständige Angriffe etc. Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.
__________________ Logfiles bitte immer in CODE-Tags posten |
07.04.2011, 19:55 | #5 |
| Trojan.Hiloti.Gen / Appcrash svchost.exe / Google Redirects / ständige Angriffe etc. Ja, gibt noch 2 Malwarebytes logfiles, wurden zwischen der logfile aus meinem 1. Beitrag und der logfile aus meinem 2. Beitrag erstellt. Waren aber auch wie der erste nur Quick-Scans. Malwarebytes logfile: Code:
ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 6283 Windows 6.0.6000 Internet Explorer 7.0.6000.17037 06.04.2011 11:16 mbam-log-2011-04-06 (11-16-11).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 150077 Laufzeit: 5 Minute(n), 23 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) Code:
ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 6287 Windows 6.0.6000 Internet Explorer 7.0.6000.17037 06.04.2011 17:30 mbam-log-2011-04-06 (17-30-31).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 144921 Laufzeit: 4 Minute(n), 42 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) |
07.04.2011, 19:57 | #6 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Trojan.Hiloti.Gen / Appcrash svchost.exe / Google Redirects / ständige Angriffe etc. Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2 @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8 O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{5d118db0-23b3-11e0-baaa-8412d60bb5e4}\Shell - "" = AutoRun O33 - MountPoints2\{5d118db0-23b3-11e0-baaa-8412d60bb5e4}\Shell\AutoRun\command - "" = E:\LGAutoRun.exe O33 - MountPoints2\{77d23c94-c14c-11dd-8837-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{77d23c94-c14c-11dd-8837-806e6f6e6963}\Shell\AutoRun\command - "" = D:\setup.exe :Commands [purity] [resethosts] [emptytemp] Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________ --> Trojan.Hiloti.Gen / Appcrash svchost.exe / Google Redirects / ständige Angriffe etc. |
07.04.2011, 20:21 | #7 |
| Trojan.Hiloti.Gen / Appcrash svchost.exe / Google Redirects / ständige Angriffe etc. Gesagt, Getan. OTL: Code:
ATTFilter All processes killed ========== OTL ========== ADS C:\ProgramData\TEMP:DFC5A2B2 deleted successfully. ADS C:\ProgramData\TEMP:A8ADE5D8 deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully! C:\autoexec.bat moved successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5d118db0-23b3-11e0-baaa-8412d60bb5e4}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5d118db0-23b3-11e0-baaa-8412d60bb5e4}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5d118db0-23b3-11e0-baaa-8412d60bb5e4}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5d118db0-23b3-11e0-baaa-8412d60bb5e4}\ not found. File E:\LGAutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{77d23c94-c14c-11dd-8837-806e6f6e6963}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{77d23c94-c14c-11dd-8837-806e6f6e6963}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{77d23c94-c14c-11dd-8837-806e6f6e6963}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{77d23c94-c14c-11dd-8837-806e6f6e6963}\ not found. File D:\setup.exe not found. ========== COMMANDS ========== C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Flash cache emptied: 41 bytes User: Default User ->Temp folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public User: Zaphod ->Temp folder emptied: 17489889 bytes ->Java cache emptied: 10643 bytes ->FireFox cache emptied: 97425173 bytes ->Flash cache emptied: 1393 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 820529 bytes %systemroot%\System32 .tmp files removed: 556616 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 430930 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 111,00 mb OTL by OldTimer - Version 3.2.22.3 log created on 04072011_211243 Files\Folders moved on Reboot... Registry entries deleted on Reboot... Stephi |
08.04.2011, 04:48 | #8 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Trojan.Hiloti.Gen / Appcrash svchost.exe / Google Redirects / ständige Angriffe etc. Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html
__________________ Logfiles bitte immer in CODE-Tags posten |
08.04.2011, 09:29 | #9 |
| Trojan.Hiloti.Gen / Appcrash svchost.exe / Google Redirects / ständige Angriffe etc. Hallo Arne, hier kommt das rootkit log: Code:
ATTFilter 2011/04/08 10:10:33.0416 3260 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28 2011/04/08 10:10:33.0447 3260 ================================================================================ 2011/04/08 10:10:33.0447 3260 SystemInfo: 2011/04/08 10:10:33.0447 3260 2011/04/08 10:10:33.0447 3260 OS Version: 6.0.6000 ServicePack: 0.0 2011/04/08 10:10:33.0447 3260 Product type: Workstation 2011/04/08 10:10:33.0447 3260 ComputerName: ZAPHOD-LAB 2011/04/08 10:10:33.0447 3260 UserName: Zaphod 2011/04/08 10:10:33.0447 3260 Windows directory: C:\Windows 2011/04/08 10:10:33.0447 3260 System windows directory: C:\Windows 2011/04/08 10:10:33.0447 3260 Processor architecture: Intel x86 2011/04/08 10:10:33.0447 3260 Number of processors: 2 2011/04/08 10:10:33.0447 3260 Page size: 0x1000 2011/04/08 10:10:33.0447 3260 Boot type: Normal boot 2011/04/08 10:10:33.0447 3260 ================================================================================ 2011/04/08 10:10:35.0241 3260 Initialize success 2011/04/08 10:10:48.0174 0792 ================================================================================ 2011/04/08 10:10:48.0174 0792 Scan started 2011/04/08 10:10:48.0174 0792 Mode: Manual; 2011/04/08 10:10:48.0174 0792 ================================================================================ 2011/04/08 10:10:49.0344 0792 ACPI (84fc6df81212d16be5c4f441682feccc) C:\Windows\system32\drivers\acpi.sys 2011/04/08 10:10:49.0422 0792 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys 2011/04/08 10:10:49.0453 0792 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys 2011/04/08 10:10:49.0500 0792 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys 2011/04/08 10:10:49.0531 0792 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys 2011/04/08 10:10:49.0625 0792 AF15BDA (25e12313338e476293178bcae4d6f4e2) C:\Windows\system32\DRIVERS\AF15BDA.sys 2011/04/08 10:10:49.0671 0792 AFD (5d24caf8efd924a875698ff28384db8b) C:\Windows\system32\drivers\afd.sys 2011/04/08 10:10:49.0718 0792 agp440 (8b10ce1c1f9f1d47e4deb1a547a00cd4) C:\Windows\system32\drivers\agp440.sys 2011/04/08 10:10:49.0765 0792 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys 2011/04/08 10:10:49.0796 0792 aliide (5c42a992e68724d2cd3ddb4fc3b0409f) C:\Windows\system32\drivers\aliide.sys 2011/04/08 10:10:49.0827 0792 amdagp (848f27e5b27c1c253f6cefdc1a5d8f21) C:\Windows\system32\drivers\amdagp.sys 2011/04/08 10:10:49.0859 0792 amdide (849dfacdde533da5d1810f0caf84eb19) C:\Windows\system32\drivers\amdide.sys 2011/04/08 10:10:49.0890 0792 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys 2011/04/08 10:10:49.0921 0792 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys 2011/04/08 10:10:49.0983 0792 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys 2011/04/08 10:10:50.0030 0792 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys 2011/04/08 10:10:50.0061 0792 AsyncMac (e86cf7ce67d5de898f27ef884dc357d8) C:\Windows\system32\DRIVERS\asyncmac.sys 2011/04/08 10:10:50.0108 0792 atapi (e03e8c99d15d0381e02743c36afc7c6f) C:\Windows\system32\drivers\atapi.sys 2011/04/08 10:10:50.0155 0792 atksgt (6e996cf8459a2594e0e9609d0e34d41f) C:\Windows\system32\DRIVERS\atksgt.sys 2011/04/08 10:10:50.0233 0792 b57nd60x (8e287eb3a52fd30c999482c576f4a61b) C:\Windows\system32\DRIVERS\b57nd60x.sys 2011/04/08 10:10:50.0295 0792 Beep (ac3dd1708b22761ebd7cbe14dcc3b5d7) C:\Windows\system32\drivers\Beep.sys 2011/04/08 10:10:50.0514 0792 BHDrvx86 (32d6e07922d17bed40ae746fc86b8a68) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110309.001\BHDrvx86.sys 2011/04/08 10:10:50.0779 0792 bowser (913cd06fbe9105ce6077e90fd4418561) C:\Windows\system32\DRIVERS\bowser.sys 2011/04/08 10:10:50.0826 0792 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys 2011/04/08 10:10:50.0857 0792 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys 2011/04/08 10:10:50.0888 0792 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys 2011/04/08 10:10:50.0997 0792 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys 2011/04/08 10:10:51.0091 0792 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys 2011/04/08 10:10:51.0107 0792 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys 2011/04/08 10:10:51.0169 0792 BthAvrcp (3472331b9d460212965b51a8d38e8bec) C:\Windows\system32\DRIVERS\BthAvrcp.sys 2011/04/08 10:10:51.0200 0792 BthEnum (cf97c2d6a011ee9403b42191b5f95ba8) C:\Windows\system32\DRIVERS\BthEnum.sys 2011/04/08 10:10:51.0263 0792 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\DRIVERS\bthmodem.sys 2011/04/08 10:10:51.0309 0792 BthPan (b8c3d9ddf85fd197c3e5f849fef71144) C:\Windows\system32\DRIVERS\bthpan.sys 2011/04/08 10:10:51.0356 0792 BTHPORT (b4ce8000aab30a9ab16cd0fb3db4d7cf) C:\Windows\system32\Drivers\BTHport.sys 2011/04/08 10:10:51.0403 0792 BTHUSB (9a4ddc8544c1459aa2a118a8858dade3) C:\Windows\system32\Drivers\BTHUSB.sys 2011/04/08 10:10:51.0450 0792 cdfs (6c3a437fc873c6f6a4fc620b6888cb86) C:\Windows\system32\DRIVERS\cdfs.sys 2011/04/08 10:10:51.0528 0792 cdrom (8d1866e61af096ae8b582454f5e4d303) C:\Windows\system32\DRIVERS\cdrom.sys 2011/04/08 10:10:51.0575 0792 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys 2011/04/08 10:10:51.0621 0792 CLFS (1b84fd0937d3b99af9ba38ddff3daf54) C:\Windows\system32\CLFS.sys 2011/04/08 10:10:51.0668 0792 CmBatt (ed97ad3df1b9005989eaf149bf06c821) C:\Windows\system32\DRIVERS\CmBatt.sys 2011/04/08 10:10:51.0684 0792 cmdide (de11a06e187756ecb86cfa82dac40ff7) C:\Windows\system32\drivers\cmdide.sys 2011/04/08 10:10:51.0762 0792 CnxtHdAudService (b6e7991e3d6146c04c85cd31af22a381) C:\Windows\system32\drivers\CHDRT32.sys 2011/04/08 10:10:51.0809 0792 Compbatt (722936afb75a7f509662b69b5632f48a) C:\Windows\system32\DRIVERS\compbatt.sys 2011/04/08 10:10:51.0840 0792 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys 2011/04/08 10:10:51.0871 0792 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys 2011/04/08 10:10:51.0933 0792 CSC (ee95a5f89766f199557e5900ce6b2d7d) C:\Windows\system32\drivers\csc.sys 2011/04/08 10:10:51.0980 0792 DfsC (a7179de59ae269ab70345527894ccd7c) C:\Windows\system32\Drivers\dfsc.sys 2011/04/08 10:10:52.0058 0792 disk (841af4c4d41d3e3b2f244e976b0f7963) C:\Windows\system32\drivers\disk.sys 2011/04/08 10:10:52.0121 0792 drmkaud (ee472cd2c01f6f8e8aa1fa06ffef61b6) C:\Windows\system32\drivers\drmkaud.sys 2011/04/08 10:10:52.0167 0792 DXGKrnl (a2b160c1bb13ee3303c342e551373c59) C:\Windows\System32\drivers\dxgkrnl.sys 2011/04/08 10:10:52.0277 0792 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys 2011/04/08 10:10:52.0323 0792 Ecache (0efc7531b936ee57fdb4e837664c509f) C:\Windows\system32\drivers\ecache.sys 2011/04/08 10:10:52.0433 0792 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 2011/04/08 10:10:52.0495 0792 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys 2011/04/08 10:10:52.0557 0792 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 2011/04/08 10:10:52.0604 0792 fastfat (84a317cb0b3954d3768cdcd018dbf670) C:\Windows\system32\drivers\fastfat.sys 2011/04/08 10:10:52.0635 0792 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys 2011/04/08 10:10:52.0682 0792 FileInfo (65773d6115c037ffd7ef8280ae85eb9d) C:\Windows\system32\drivers\fileinfo.sys 2011/04/08 10:10:52.0698 0792 Filetrace (c226dd0de060745f3e042f58dcf78402) C:\Windows\system32\drivers\filetrace.sys 2011/04/08 10:10:52.0729 0792 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys 2011/04/08 10:10:52.0760 0792 FltMgr (a6a8da7ae4d53394ab22ac3ab6d3f5d3) C:\Windows\system32\drivers\fltmgr.sys 2011/04/08 10:10:52.0807 0792 Fs_Rec (66a078591208baa210c7634b11eb392c) C:\Windows\system32\drivers\Fs_Rec.sys 2011/04/08 10:10:52.0838 0792 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys 2011/04/08 10:10:52.0916 0792 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys 2011/04/08 10:10:52.0963 0792 HDAudBus (0db613a7e427b5663563677796fd5258) C:\Windows\system32\DRIVERS\HDAudBus.sys 2011/04/08 10:10:52.0994 0792 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys 2011/04/08 10:10:53.0025 0792 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys 2011/04/08 10:10:53.0072 0792 HidUsb (01e7971e9f4bd6ac6a08db52d0ea0418) C:\Windows\system32\DRIVERS\hidusb.sys 2011/04/08 10:10:53.0135 0792 Hotkey (8b566ea71d5b76157a9cdb78f25a5731) C:\Windows\system32\drivers\Hotkey.sys 2011/04/08 10:10:53.0181 0792 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys 2011/04/08 10:10:53.0291 0792 HTTP (ea24fe637d974a8a31bc650f478e3533) C:\Windows\system32\drivers\HTTP.sys 2011/04/08 10:10:53.0369 0792 hwdatacard (4e370a583e78b614918c8f2cd5b733ef) C:\Windows\system32\DRIVERS\ewusbmdm.sys 2011/04/08 10:10:53.0415 0792 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys 2011/04/08 10:10:53.0462 0792 i8042prt (1c9ee072baa3abb460b91d7ee9152660) C:\Windows\system32\DRIVERS\i8042prt.sys 2011/04/08 10:10:53.0571 0792 ialm (9378d57e2b96c0a185d844770ad49948) C:\Windows\system32\DRIVERS\igdkmd32.sys 2011/04/08 10:10:53.0665 0792 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys 2011/04/08 10:10:53.0883 0792 IDSVix86 (7c8ce2b83a89ee1cb0c3fee5991e62a2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110406.001\IDSvix86.sys 2011/04/08 10:10:54.0071 0792 igfx (9378d57e2b96c0a185d844770ad49948) C:\Windows\system32\DRIVERS\igdkmd32.sys 2011/04/08 10:10:54.0149 0792 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys 2011/04/08 10:10:54.0195 0792 intelide (59b00efb24ead979becf413703bb1fac) C:\Windows\system32\drivers\intelide.sys 2011/04/08 10:10:54.0227 0792 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys 2011/04/08 10:10:54.0289 0792 IpFilterDriver (880c6f86cc3f551b8fea2c11141268c0) C:\Windows\system32\DRIVERS\ipfltdrv.sys 2011/04/08 10:10:54.0351 0792 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys 2011/04/08 10:10:54.0383 0792 IPNAT (10077c35845101548037df04fd1a420b) C:\Windows\system32\DRIVERS\ipnat.sys 2011/04/08 10:10:54.0414 0792 IRENUM (a82f328f4792304184642d6d397bb1e3) C:\Windows\system32\drivers\irenum.sys 2011/04/08 10:10:54.0445 0792 isapnp (2f8ece2699e7e2070545e9b0960a8ed2) C:\Windows\system32\drivers\isapnp.sys 2011/04/08 10:10:54.0492 0792 iScsiPrt (4dca456d4d5723f8fa9c6760d240b0df) C:\Windows\system32\DRIVERS\msiscsi.sys 2011/04/08 10:10:54.0523 0792 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys 2011/04/08 10:10:54.0554 0792 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys 2011/04/08 10:10:54.0601 0792 kbdclass (b076b2ab806b3f696dab21375389101c) C:\Windows\system32\DRIVERS\kbdclass.sys 2011/04/08 10:10:54.0663 0792 kbdhid (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\drivers\kbdhid.sys 2011/04/08 10:10:54.0710 0792 KSecDD (0a829977b078dea11641fc2af87ceade) C:\Windows\system32\Drivers\ksecdd.sys 2011/04/08 10:10:54.0804 0792 LHidFilt (7f9c7b28cf1c859e1c42619eea946dc8) C:\Windows\system32\DRIVERS\LHidFilt.Sys 2011/04/08 10:10:54.0866 0792 lirsgt (975b6cf65f44e95883f3855bae8cecaf) C:\Windows\system32\DRIVERS\lirsgt.sys 2011/04/08 10:10:54.0913 0792 lltdio (fd015b4f95daa2b712f0e372a116fbad) C:\Windows\system32\DRIVERS\lltdio.sys 2011/04/08 10:10:54.0944 0792 LMouFilt (ab33792a87285344f43b5ce23421bab0) C:\Windows\system32\DRIVERS\LMouFilt.Sys 2011/04/08 10:10:54.0975 0792 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys 2011/04/08 10:10:55.0007 0792 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys 2011/04/08 10:10:55.0069 0792 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys 2011/04/08 10:10:55.0163 0792 luafv (42885bb44b6e065b8575a8dd6c430c52) C:\Windows\system32\drivers\luafv.sys 2011/04/08 10:10:55.0209 0792 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys 2011/04/08 10:10:55.0272 0792 Modem (21755967298a46fb6adfec9db6012211) C:\Windows\system32\drivers\modem.sys 2011/04/08 10:10:55.0319 0792 monitor (7446e104a5fe5987ca9e4983fbac4f97) C:\Windows\system32\DRIVERS\monitor.sys 2011/04/08 10:10:55.0381 0792 mouclass (5fba13c1a1841b0885d316ed3589489d) C:\Windows\system32\DRIVERS\mouclass.sys 2011/04/08 10:10:55.0428 0792 mouhid (b569b5c5d3bde545df3a6af512cccdba) C:\Windows\system32\DRIVERS\mouhid.sys 2011/04/08 10:10:55.0459 0792 MountMgr (01f1e5a3e4877c931cbb31613fec16a6) C:\Windows\system32\drivers\mountmgr.sys 2011/04/08 10:10:55.0506 0792 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys 2011/04/08 10:10:55.0553 0792 mpsdrv (6e7a7f0c1193ee5648443fe2d4b789ec) C:\Windows\system32\drivers\mpsdrv.sys 2011/04/08 10:10:55.0584 0792 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys 2011/04/08 10:10:55.0615 0792 MRxDAV (1d8828b98ee309d65e006f0829e280e5) C:\Windows\system32\drivers\mrxdav.sys 2011/04/08 10:10:55.0662 0792 mrxsmb (8af705ce1bb907932157fab821170f27) C:\Windows\system32\DRIVERS\mrxsmb.sys 2011/04/08 10:10:55.0693 0792 mrxsmb10 (47e13ab23371be3279eef22bbfa2c1be) C:\Windows\system32\DRIVERS\mrxsmb10.sys 2011/04/08 10:10:55.0724 0792 mrxsmb20 (90b3fc7bd6b3d7ee7635debba2187f66) C:\Windows\system32\DRIVERS\mrxsmb20.sys 2011/04/08 10:10:55.0771 0792 msahci (2681302b63b318cbea6c82902ac5428c) C:\Windows\system32\drivers\msahci.sys 2011/04/08 10:10:55.0833 0792 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys 2011/04/08 10:10:55.0896 0792 Msfs (729eafefd4e7417165f353a18dbe947d) C:\Windows\system32\drivers\Msfs.sys 2011/04/08 10:10:55.0943 0792 msisadrv (207df26dbb2537c20276da0e15892274) C:\Windows\system32\drivers\msisadrv.sys 2011/04/08 10:10:55.0974 0792 MSKSSRV (892cedefa7e0ffe7be8da651b651d047) C:\Windows\system32\drivers\MSKSSRV.sys 2011/04/08 10:10:56.0021 0792 MSPCLOCK (ae2cb1da69b2676b4cee2a501af5871c) C:\Windows\system32\drivers\MSPCLOCK.sys 2011/04/08 10:10:56.0099 0792 MSPQM (f910da84fa90c44a3addb7cd874463fd) C:\Windows\system32\drivers\MSPQM.sys 2011/04/08 10:10:56.0379 0792 MsRPC (84571c0ae07647ba38d493f5f0015df7) C:\Windows\system32\drivers\MsRPC.sys 2011/04/08 10:10:56.0426 0792 mssmbios (7dbaa028f625aa46b95dda4fbe4b602b) C:\Windows\system32\DRIVERS\mssmbios.sys 2011/04/08 10:10:56.0473 0792 MSTEE (c826dd1373f38afd9ca46ec3c436a14e) C:\Windows\system32\drivers\MSTEE.sys 2011/04/08 10:10:56.0504 0792 Mup (fa7aa70050cf5e2d15de00941e5665e5) C:\Windows\system32\Drivers\mup.sys 2011/04/08 10:10:56.0567 0792 NativeWifiP (6da4a0fc7c0e83df0cb3cfd0a514c3bc) C:\Windows\system32\DRIVERS\nwifi.sys 2011/04/08 10:10:56.0769 0792 NAVENG (c34e2a884ccca8b5567d0c2752527073) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110407.002\NAVENG.SYS 2011/04/08 10:10:56.0863 0792 NAVEX15 (b3916eeec738dd4178f4fd6a44a32e36) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110407.002\NAVEX15.SYS 2011/04/08 10:10:57.0019 0792 NDIS (227c11e1e7cf6ef8afb2a238d209760c) C:\Windows\system32\drivers\ndis.sys 2011/04/08 10:10:57.0066 0792 NdisTapi (81659cdcbd0f9a9e07e6878ad8c78d3f) C:\Windows\system32\DRIVERS\ndistapi.sys 2011/04/08 10:10:57.0097 0792 Ndisuio (5de5ee546bf40838ebe0e01cb629df64) C:\Windows\system32\DRIVERS\ndisuio.sys 2011/04/08 10:10:57.0128 0792 NdisWan (397402adcbb8946223a1950101f6cd94) C:\Windows\system32\DRIVERS\ndiswan.sys 2011/04/08 10:10:57.0144 0792 NDProxy (1b24fa907af283199a81b3bb37e5e526) C:\Windows\system32\drivers\NDProxy.sys 2011/04/08 10:10:57.0175 0792 NetBIOS (356dbb9f98e8dc1028dd3092fceeb877) C:\Windows\system32\DRIVERS\netbios.sys 2011/04/08 10:10:57.0237 0792 netbt (e3a168912e7eefc3bd3b814720d68b41) C:\Windows\system32\DRIVERS\netbt.sys 2011/04/08 10:10:57.0440 0792 NETw4v32 (6522dd40a5f67ced020bd81b856613fb) C:\Windows\system32\DRIVERS\NETw4v32.sys 2011/04/08 10:10:57.0534 0792 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys 2011/04/08 10:10:57.0596 0792 Npfs (4f9832beb9fafd8ceb0e541f1323b26e) C:\Windows\system32\drivers\Npfs.sys 2011/04/08 10:10:57.0627 0792 nsiproxy (b488dfec274de1fc9d653870ef2587be) C:\Windows\system32\drivers\nsiproxy.sys 2011/04/08 10:10:57.0752 0792 Ntfs (37430aa7a66d7a63407adc2c0d05e9f6) C:\Windows\system32\drivers\Ntfs.sys 2011/04/08 10:10:57.0846 0792 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys 2011/04/08 10:10:57.0877 0792 Null (ec5efb3c60f1b624648344a328bce596) C:\Windows\system32\drivers\Null.sys 2011/04/08 10:10:57.0908 0792 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys 2011/04/08 10:10:57.0939 0792 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys 2011/04/08 10:10:57.0986 0792 nv_agp (055081fd5076401c1ee1bcab08d81911) C:\Windows\system32\drivers\nv_agp.sys 2011/04/08 10:10:58.0064 0792 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys 2011/04/08 10:10:58.0142 0792 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\DRIVERS\parport.sys 2011/04/08 10:10:58.0158 0792 partmgr (555a5b2c8022983bc7467bc925b222ee) C:\Windows\system32\drivers\partmgr.sys 2011/04/08 10:10:58.0189 0792 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\DRIVERS\parvdm.sys 2011/04/08 10:10:58.0251 0792 pci (bdd96f9cf34d58958aff1be6ef4c8020) C:\Windows\system32\drivers\pci.sys 2011/04/08 10:10:58.0283 0792 pciide (54d23dc5b5072311116826fdb7f6e83e) C:\Windows\system32\drivers\pciide.sys 2011/04/08 10:10:58.0329 0792 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys 2011/04/08 10:10:58.0407 0792 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys 2011/04/08 10:10:58.0548 0792 PptpMiniport (c04dec5ace67c5247b150c4223970bb7) C:\Windows\system32\DRIVERS\raspptp.sys 2011/04/08 10:10:58.0579 0792 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys 2011/04/08 10:10:58.0641 0792 PSched (2c8bae55247c4e09352e870292e4d1ab) C:\Windows\system32\DRIVERS\pacer.sys 2011/04/08 10:10:58.0704 0792 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\Windows\system32\Drivers\PxHelp20.sys 2011/04/08 10:10:58.0766 0792 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys 2011/04/08 10:10:58.0829 0792 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys 2011/04/08 10:10:58.0875 0792 QWAVEdrv (d2b3e2b7426dc23e185fbc73c8936c12) C:\Windows\system32\drivers\qwavedrv.sys 2011/04/08 10:10:58.0907 0792 RasAcd (bd7b30f55b3649506dd8b3d38f571d2a) C:\Windows\system32\DRIVERS\rasacd.sys 2011/04/08 10:10:58.0969 0792 Rasl2tp (68b0019fee429ec49d29017af937e482) C:\Windows\system32\DRIVERS\rasl2tp.sys 2011/04/08 10:10:59.0016 0792 RasPppoe (ccf4e9c6cbbac81437f88cb2ae0b6c96) C:\Windows\system32\DRIVERS\raspppoe.sys 2011/04/08 10:10:59.0063 0792 rdbss (54129c5d9581bbec8bd1ebd3ba813f47) C:\Windows\system32\DRIVERS\rdbss.sys 2011/04/08 10:10:59.0094 0792 RDPCDD (794585276b5d7fca9f3fc15543f9f0b9) C:\Windows\system32\DRIVERS\RDPCDD.sys 2011/04/08 10:10:59.0141 0792 rdpdr (0245418224cfa77bf4b41c2fe0622258) C:\Windows\system32\DRIVERS\rdpdr.sys 2011/04/08 10:10:59.0172 0792 RDPENCDD (980b56e2e273e19d3a9d72d5c420f008) C:\Windows\system32\drivers\rdpencdd.sys 2011/04/08 10:10:59.0203 0792 RDPWD (8830e790a74a96605faba74f9665bb3c) C:\Windows\system32\drivers\RDPWD.sys 2011/04/08 10:10:59.0281 0792 RFCOMM (7ec90c316177ba3f1bce92005264b447) C:\Windows\system32\DRIVERS\rfcomm.sys 2011/04/08 10:10:59.0328 0792 rspndr (97e939d2128fec5d5a3e6e79b290a2f4) C:\Windows\system32\DRIVERS\rspndr.sys 2011/04/08 10:10:59.0390 0792 RTL8169 (71b7026d61293c1e91145bdad11c53bf) C:\Windows\system32\DRIVERS\Rtlh86.sys 2011/04/08 10:10:59.0421 0792 RTSTOR (e845f4d709c456992f11d2acf321bced) C:\Windows\system32\drivers\RTSTOR.SYS 2011/04/08 10:10:59.0468 0792 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys 2011/04/08 10:10:59.0515 0792 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 2011/04/08 10:10:59.0546 0792 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\DRIVERS\serenum.sys 2011/04/08 10:10:59.0593 0792 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\DRIVERS\serial.sys 2011/04/08 10:10:59.0624 0792 sermouse (450accd77ec5cea720c1cdb9e26b953b) C:\Windows\system32\drivers\sermouse.sys 2011/04/08 10:10:59.0671 0792 sffdisk (51cf56aa8bcc241f134b420b8f850406) C:\Windows\system32\drivers\sffdisk.sys 2011/04/08 10:10:59.0702 0792 sffp_mmc (96ded8b20c734ac41641ce275250e55d) C:\Windows\system32\drivers\sffp_mmc.sys 2011/04/08 10:10:59.0718 0792 sffp_sd (8b08cab1267b2c377883fc9e56981f90) C:\Windows\system32\drivers\sffp_sd.sys 2011/04/08 10:10:59.0749 0792 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys 2011/04/08 10:10:59.0796 0792 sisagp (08072b2fb92477fc813271a84b3a8698) C:\Windows\system32\drivers\sisagp.sys 2011/04/08 10:10:59.0827 0792 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys 2011/04/08 10:10:59.0874 0792 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys 2011/04/08 10:10:59.0905 0792 Smb (ac0d90738adb51a6fd12ff00874a2162) C:\Windows\system32\DRIVERS\smb.sys 2011/04/08 10:10:59.0936 0792 spldr (426f9b029aa9162ceccf65369457d046) C:\Windows\system32\drivers\spldr.sys 2011/04/08 10:11:00.0014 0792 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys 2011/04/08 10:11:00.0014 0792 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505 2011/04/08 10:11:00.0030 0792 sptd - detected Locked file (1) 2011/04/08 10:11:00.0123 0792 SRTSP (a7a104a61c4e30de9c58f8c372a5c209) C:\Windows\System32\Drivers\NIS\1205000.07D\SRTSP.SYS 2011/04/08 10:11:00.0170 0792 SRTSPX (2833445f786bd000bb14c84a9d91347a) C:\Windows\system32\drivers\NIS\1205000.07D\SRTSPX.SYS 2011/04/08 10:11:00.0217 0792 srv (038579c35f7cad4a4bbf735dbf83277d) C:\Windows\system32\DRIVERS\srv.sys 2011/04/08 10:11:00.0264 0792 srv2 (6971a757af8cb5e2cbcbb76cc530db6c) C:\Windows\system32\DRIVERS\srv2.sys 2011/04/08 10:11:00.0311 0792 srvnet (9e1a4603b874eebce0298113951abefb) C:\Windows\system32\DRIVERS\srvnet.sys 2011/04/08 10:11:00.0435 0792 SVKP (f05028b163b92c302a74409d683ac9b0) C:\Windows\system32\SVKP.sys 2011/04/08 10:11:00.0482 0792 swenum (3b80b4383c9bce13279c8482734b32b2) C:\Windows\system32\DRIVERS\swenum.sys 2011/04/08 10:11:00.0529 0792 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys 2011/04/08 10:11:00.0623 0792 SymDS (bdf077b897b5f9f929b6bf0cfd436962) C:\Windows\system32\drivers\NIS\1205000.07D\SYMDS.SYS 2011/04/08 10:11:00.0685 0792 SymEFA (7732298ad2eddd364c1d4f439d99ae7c) C:\Windows\system32\drivers\NIS\1205000.07D\SYMEFA.SYS 2011/04/08 10:11:00.0747 0792 SymEvent (5c76a63fac8a5580c5a1c4a4ed827782) C:\Windows\system32\Drivers\SYMEVENT.SYS 2011/04/08 10:11:00.0810 0792 SymIRON (a73399804d5d4a8b20ba60fcf70c9f1f) C:\Windows\system32\drivers\NIS\1205000.07D\Ironx86.SYS 2011/04/08 10:11:00.0872 0792 SYMTDIv (c93e93bff7cba0cd1c1ea282d791b772) C:\Windows\System32\Drivers\NIS\1205000.07D\SYMTDIV.SYS 2011/04/08 10:11:00.0935 0792 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys 2011/04/08 10:11:00.0966 0792 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys 2011/04/08 10:11:01.0013 0792 SynTP (f7a4250bb3e3afcd4af100e551509352) C:\Windows\system32\DRIVERS\SynTP.sys 2011/04/08 10:11:01.0091 0792 Tcpip (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\drivers\tcpip.sys 2011/04/08 10:11:01.0153 0792 Tcpip6 (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\DRIVERS\tcpip.sys 2011/04/08 10:11:01.0184 0792 tcpipreg (5ce0c4a7b12d0067dad527d72b68c726) C:\Windows\system32\drivers\tcpipreg.sys 2011/04/08 10:11:01.0215 0792 TDPIPE (964248aef49c31fa6a93201a73ffaf50) C:\Windows\system32\drivers\tdpipe.sys 2011/04/08 10:11:01.0262 0792 TDTCP (7d2c1ae1648a60fce4aa0f7982e419d3) C:\Windows\system32\drivers\tdtcp.sys 2011/04/08 10:11:01.0293 0792 tdx (ab4fde8af4a0270a46a001c08cbce1c2) C:\Windows\system32\DRIVERS\tdx.sys 2011/04/08 10:11:01.0340 0792 TermDD (849ed71967d45f15c3e0abfc633fdf2a) C:\Windows\system32\DRIVERS\termdd.sys 2011/04/08 10:11:01.0434 0792 tssecsrv (29f0eca726f0d51f7e048bdb0b372f29) C:\Windows\system32\DRIVERS\tssecsrv.sys 2011/04/08 10:11:01.0481 0792 tunmp (65e953bc0084d44498b51f59784d2a82) C:\Windows\system32\DRIVERS\tunmp.sys 2011/04/08 10:11:01.0512 0792 tunnel (4a39bda5e0fd30bdf4884f9d33ae6105) C:\Windows\system32\DRIVERS\tunnel.sys 2011/04/08 10:11:01.0543 0792 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys 2011/04/08 10:11:01.0590 0792 udfs (6348da98707ceda8a0dfb05820e17732) C:\Windows\system32\DRIVERS\udfs.sys 2011/04/08 10:11:01.0637 0792 uliagpkx (6d72ef05921abdf59fc45c7ebfe7e8dd) C:\Windows\system32\drivers\uliagpkx.sys 2011/04/08 10:11:01.0668 0792 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys 2011/04/08 10:11:01.0715 0792 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys 2011/04/08 10:11:01.0746 0792 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys 2011/04/08 10:11:01.0793 0792 umbus (3fb78f1d1dd86d87bececd9dffa24dd9) C:\Windows\system32\DRIVERS\umbus.sys 2011/04/08 10:11:01.0871 0792 USB28xxBGA (01f43ddc94653cd68d2794ec4500debc) C:\Windows\system32\DRIVERS\emBDA.sys 2011/04/08 10:11:01.0902 0792 USB28xxOEM (925e82ffe06a37799e5cb486528ed835) C:\Windows\system32\DRIVERS\emOEM.sys 2011/04/08 10:11:01.0949 0792 usbbus (9419faac6552a51542dbba02971c841c) C:\Windows\system32\DRIVERS\lgusbbus.sys 2011/04/08 10:11:01.0995 0792 usbccgp (03b01e8dbd2da2b49157b7e51912aaf2) C:\Windows\system32\DRIVERS\usbccgp.sys 2011/04/08 10:11:02.0042 0792 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys 2011/04/08 10:11:02.0089 0792 UsbDiag (c0a466fa4ffec464320e159bc1bbdc0c) C:\Windows\system32\DRIVERS\lgusbdiag.sys 2011/04/08 10:11:02.0151 0792 usbehci (2f83363f98484f8edaf49f9b41520d14) C:\Windows\system32\DRIVERS\usbehci.sys 2011/04/08 10:11:02.0198 0792 usbhub (14d2a4dcd92c0b3368667aed6893463d) C:\Windows\system32\DRIVERS\usbhub.sys 2011/04/08 10:11:02.0261 0792 USBModem (f74a54774a9b0afeb3c40adec68aa600) C:\Windows\system32\DRIVERS\lgusbmodem.sys 2011/04/08 10:11:02.0292 0792 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys 2011/04/08 10:11:02.0323 0792 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\DRIVERS\usbprint.sys 2011/04/08 10:11:02.0385 0792 usbscan (b1f95285c08ddfe00c0b955462637ec7) C:\Windows\system32\DRIVERS\usbscan.sys 2011/04/08 10:11:02.0448 0792 usbsermptxp (49106ee29074e6a3d3ac9e24c6d791d8) C:\Windows\system32\DRIVERS\usbsermptxp.sys 2011/04/08 10:11:02.0479 0792 USBSTOR (7887ce56934e7f104e98c975f47353c5) C:\Windows\system32\DRIVERS\USBSTOR.SYS 2011/04/08 10:11:02.0541 0792 usbuhci (7747b902f6b7d0096f9c2bf55d3247f1) C:\Windows\system32\DRIVERS\usbuhci.sys 2011/04/08 10:11:02.0604 0792 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys 2011/04/08 10:11:02.0651 0792 VgaSave (17a8f877314e4067f8c8172cc6d9101c) C:\Windows\System32\drivers\vga.sys 2011/04/08 10:11:02.0682 0792 viaagp (d5929a28bdff4367a12caf06af901971) C:\Windows\system32\drivers\viaagp.sys 2011/04/08 10:11:02.0713 0792 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys 2011/04/08 10:11:02.0744 0792 viaide (c0ace9d0f5a5ee0b00f58345947a57fc) C:\Windows\system32\drivers\viaide.sys 2011/04/08 10:11:02.0791 0792 volmgr (fd16fac15f9f165ac19a618e7b391f5c) C:\Windows\system32\drivers\volmgr.sys 2011/04/08 10:11:02.0838 0792 volmgrx (294da8d3f965f6a8db934a83c7b461ff) C:\Windows\system32\drivers\volmgrx.sys 2011/04/08 10:11:02.0900 0792 volsnap (80dc0c9bcb579ed9815001a4d37cbfd5) C:\Windows\system32\drivers\volsnap.sys 2011/04/08 10:11:02.0931 0792 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys 2011/04/08 10:11:02.0978 0792 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys 2011/04/08 10:11:03.0025 0792 Wanarp (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys 2011/04/08 10:11:03.0041 0792 Wanarpv6 (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys 2011/04/08 10:11:03.0087 0792 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys 2011/04/08 10:11:03.0134 0792 Wdf01000 (7b5f66e4a2219c7d9daf9e738480e534) C:\Windows\system32\drivers\Wdf01000.sys 2011/04/08 10:11:03.0243 0792 WmiAcpi (17eac0d023a65fa9b02114cc2baacad5) C:\Windows\system32\DRIVERS\wmiacpi.sys 2011/04/08 10:11:03.0321 0792 WpdUsb (2d27171b16a577ef14c1273668753485) C:\Windows\system32\DRIVERS\wpdusb.sys 2011/04/08 10:11:03.0353 0792 ws2ifsl (84620aecdcfd2a7a14e6263927d8c0ed) C:\Windows\system32\drivers\ws2ifsl.sys 2011/04/08 10:11:03.0415 0792 WUDFRd (a2aafcc8a204736296d937c7c545b53f) C:\Windows\system32\DRIVERS\WUDFRd.sys 2011/04/08 10:11:03.0477 0792 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0) 2011/04/08 10:11:03.0477 0792 ================================================================================ 2011/04/08 10:11:03.0477 0792 Scan finished 2011/04/08 10:11:03.0477 0792 ================================================================================ 2011/04/08 10:11:03.0493 1332 Detected object count: 2 2011/04/08 10:19:22.0007 1332 HKLM\SYSTEM\ControlSet001\services\sptd - will be deleted after reboot 2011/04/08 10:19:22.0038 1332 HKLM\SYSTEM\ControlSet002\services\sptd - will be deleted after reboot 2011/04/08 10:19:22.0069 1332 C:\Windows\system32\Drivers\sptd.sys - will be deleted after reboot 2011/04/08 10:19:22.0069 1332 Locked file(sptd) - User select action: Delete 2011/04/08 10:19:22.0147 1332 \HardDisk0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot 2011/04/08 10:19:22.0147 1332 \HardDisk0 - ok 2011/04/08 10:19:22.0147 1332 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure 2011/04/08 10:19:36.0671 3436 Deinitialize success Stephi |
08.04.2011, 09:54 | #10 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Trojan.Hiloti.Gen / Appcrash svchost.exe / Google Redirects / ständige Angriffe etc. TDL4 wurde erkannt und entfernt. Bitte Windows neu starten und den TDSS-Killer zur Kontrolle nochmal ausführen - Log posten.
__________________ Logfiles bitte immer in CODE-Tags posten |
08.04.2011, 10:18 | #11 |
| Trojan.Hiloti.Gen / Appcrash svchost.exe / Google Redirects / ständige Angriffe etc. Wow, nach Kaspersky Tool keine Angriffe, Weiterleitungen, Windows Dienst Fehlermeldungen und XP-Designs mehr, jubelfreu Und Windows Update funzt auch wieder!!!, bin beeindruckt (auch wenn wir bestimmt noch nicht fertig sind) rootkit log: Code:
ATTFilter 2011/04/08 11:08:38.0538 1852 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28 2011/04/08 11:08:39.0849 1852 ================================================================================ 2011/04/08 11:08:39.0849 1852 SystemInfo: 2011/04/08 11:08:39.0849 1852 2011/04/08 11:08:39.0849 1852 OS Version: 6.0.6000 ServicePack: 0.0 2011/04/08 11:08:39.0849 1852 Product type: Workstation 2011/04/08 11:08:39.0849 1852 ComputerName: ZAPHOD-LAB 2011/04/08 11:08:39.0849 1852 UserName: Zaphod 2011/04/08 11:08:39.0849 1852 Windows directory: C:\Windows 2011/04/08 11:08:39.0849 1852 System windows directory: C:\Windows 2011/04/08 11:08:39.0849 1852 Processor architecture: Intel x86 2011/04/08 11:08:39.0849 1852 Number of processors: 2 2011/04/08 11:08:39.0849 1852 Page size: 0x1000 2011/04/08 11:08:39.0849 1852 Boot type: Normal boot 2011/04/08 11:08:39.0849 1852 ================================================================================ 2011/04/08 11:08:40.0925 1852 Initialize success 2011/04/08 11:08:43.0920 3808 ================================================================================ 2011/04/08 11:08:43.0920 3808 Scan started 2011/04/08 11:08:43.0920 3808 Mode: Manual; 2011/04/08 11:08:43.0920 3808 ================================================================================ 2011/04/08 11:08:45.0356 3808 ACPI (84fc6df81212d16be5c4f441682feccc) C:\Windows\system32\drivers\acpi.sys 2011/04/08 11:08:45.0512 3808 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys 2011/04/08 11:08:45.0558 3808 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys 2011/04/08 11:08:45.0605 3808 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys 2011/04/08 11:08:45.0652 3808 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys 2011/04/08 11:08:45.0730 3808 AF15BDA (25e12313338e476293178bcae4d6f4e2) C:\Windows\system32\DRIVERS\AF15BDA.sys 2011/04/08 11:08:45.0792 3808 AFD (5d24caf8efd924a875698ff28384db8b) C:\Windows\system32\drivers\afd.sys 2011/04/08 11:08:45.0839 3808 agp440 (8b10ce1c1f9f1d47e4deb1a547a00cd4) C:\Windows\system32\drivers\agp440.sys 2011/04/08 11:08:45.0886 3808 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys 2011/04/08 11:08:45.0917 3808 aliide (5c42a992e68724d2cd3ddb4fc3b0409f) C:\Windows\system32\drivers\aliide.sys 2011/04/08 11:08:45.0948 3808 amdagp (848f27e5b27c1c253f6cefdc1a5d8f21) C:\Windows\system32\drivers\amdagp.sys 2011/04/08 11:08:45.0980 3808 amdide (849dfacdde533da5d1810f0caf84eb19) C:\Windows\system32\drivers\amdide.sys 2011/04/08 11:08:46.0026 3808 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys 2011/04/08 11:08:46.0058 3808 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys 2011/04/08 11:08:46.0120 3808 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys 2011/04/08 11:08:46.0151 3808 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys 2011/04/08 11:08:46.0198 3808 AsyncMac (e86cf7ce67d5de898f27ef884dc357d8) C:\Windows\system32\DRIVERS\asyncmac.sys 2011/04/08 11:08:46.0245 3808 atapi (e03e8c99d15d0381e02743c36afc7c6f) C:\Windows\system32\drivers\atapi.sys 2011/04/08 11:08:46.0307 3808 atksgt (6e996cf8459a2594e0e9609d0e34d41f) C:\Windows\system32\DRIVERS\atksgt.sys 2011/04/08 11:08:46.0370 3808 b57nd60x (8e287eb3a52fd30c999482c576f4a61b) C:\Windows\system32\DRIVERS\b57nd60x.sys 2011/04/08 11:08:46.0432 3808 Beep (ac3dd1708b22761ebd7cbe14dcc3b5d7) C:\Windows\system32\drivers\Beep.sys 2011/04/08 11:08:46.0666 3808 BHDrvx86 (32d6e07922d17bed40ae746fc86b8a68) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110309.001\BHDrvx86.sys 2011/04/08 11:08:46.0744 3808 bowser (913cd06fbe9105ce6077e90fd4418561) C:\Windows\system32\DRIVERS\bowser.sys 2011/04/08 11:08:46.0791 3808 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys 2011/04/08 11:08:46.0822 3808 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys 2011/04/08 11:08:46.0869 3808 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys 2011/04/08 11:08:46.0900 3808 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys 2011/04/08 11:08:46.0931 3808 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys 2011/04/08 11:08:46.0947 3808 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys 2011/04/08 11:08:47.0009 3808 BthAvrcp (3472331b9d460212965b51a8d38e8bec) C:\Windows\system32\DRIVERS\BthAvrcp.sys 2011/04/08 11:08:47.0072 3808 BthEnum (cf97c2d6a011ee9403b42191b5f95ba8) C:\Windows\system32\DRIVERS\BthEnum.sys 2011/04/08 11:08:47.0118 3808 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\DRIVERS\bthmodem.sys 2011/04/08 11:08:47.0181 3808 BthPan (b8c3d9ddf85fd197c3e5f849fef71144) C:\Windows\system32\DRIVERS\bthpan.sys 2011/04/08 11:08:47.0228 3808 BTHPORT (b4ce8000aab30a9ab16cd0fb3db4d7cf) C:\Windows\system32\Drivers\BTHport.sys 2011/04/08 11:08:47.0274 3808 BTHUSB (9a4ddc8544c1459aa2a118a8858dade3) C:\Windows\system32\Drivers\BTHUSB.sys 2011/04/08 11:08:47.0321 3808 cdfs (6c3a437fc873c6f6a4fc620b6888cb86) C:\Windows\system32\DRIVERS\cdfs.sys 2011/04/08 11:08:47.0384 3808 cdrom (8d1866e61af096ae8b582454f5e4d303) C:\Windows\system32\DRIVERS\cdrom.sys 2011/04/08 11:08:47.0430 3808 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys 2011/04/08 11:08:47.0477 3808 CLFS (1b84fd0937d3b99af9ba38ddff3daf54) C:\Windows\system32\CLFS.sys 2011/04/08 11:08:47.0540 3808 CmBatt (ed97ad3df1b9005989eaf149bf06c821) C:\Windows\system32\DRIVERS\CmBatt.sys 2011/04/08 11:08:47.0555 3808 cmdide (de11a06e187756ecb86cfa82dac40ff7) C:\Windows\system32\drivers\cmdide.sys 2011/04/08 11:08:47.0633 3808 CnxtHdAudService (b6e7991e3d6146c04c85cd31af22a381) C:\Windows\system32\drivers\CHDRT32.sys 2011/04/08 11:08:47.0696 3808 Compbatt (722936afb75a7f509662b69b5632f48a) C:\Windows\system32\DRIVERS\compbatt.sys 2011/04/08 11:08:47.0727 3808 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys 2011/04/08 11:08:47.0774 3808 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys 2011/04/08 11:08:47.0836 3808 CSC (ee95a5f89766f199557e5900ce6b2d7d) C:\Windows\system32\drivers\csc.sys 2011/04/08 11:08:47.0867 3808 DfsC (a7179de59ae269ab70345527894ccd7c) C:\Windows\system32\Drivers\dfsc.sys 2011/04/08 11:08:47.0945 3808 disk (841af4c4d41d3e3b2f244e976b0f7963) C:\Windows\system32\drivers\disk.sys 2011/04/08 11:08:48.0023 3808 drmkaud (ee472cd2c01f6f8e8aa1fa06ffef61b6) C:\Windows\system32\drivers\drmkaud.sys 2011/04/08 11:08:48.0070 3808 DXGKrnl (a2b160c1bb13ee3303c342e551373c59) C:\Windows\System32\drivers\dxgkrnl.sys 2011/04/08 11:08:48.0164 3808 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys 2011/04/08 11:08:48.0210 3808 Ecache (0efc7531b936ee57fdb4e837664c509f) C:\Windows\system32\drivers\ecache.sys 2011/04/08 11:08:48.0335 3808 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 2011/04/08 11:08:48.0398 3808 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys 2011/04/08 11:08:48.0444 3808 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 2011/04/08 11:08:48.0491 3808 fastfat (84a317cb0b3954d3768cdcd018dbf670) C:\Windows\system32\drivers\fastfat.sys 2011/04/08 11:08:48.0538 3808 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys 2011/04/08 11:08:48.0569 3808 FileInfo (65773d6115c037ffd7ef8280ae85eb9d) C:\Windows\system32\drivers\fileinfo.sys 2011/04/08 11:08:48.0616 3808 Filetrace (c226dd0de060745f3e042f58dcf78402) C:\Windows\system32\drivers\filetrace.sys 2011/04/08 11:08:48.0647 3808 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys 2011/04/08 11:08:48.0663 3808 FltMgr (a6a8da7ae4d53394ab22ac3ab6d3f5d3) C:\Windows\system32\drivers\fltmgr.sys 2011/04/08 11:08:48.0725 3808 Fs_Rec (66a078591208baa210c7634b11eb392c) C:\Windows\system32\drivers\Fs_Rec.sys 2011/04/08 11:08:48.0756 3808 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys 2011/04/08 11:08:48.0819 3808 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys 2011/04/08 11:08:48.0881 3808 HDAudBus (0db613a7e427b5663563677796fd5258) C:\Windows\system32\DRIVERS\HDAudBus.sys 2011/04/08 11:08:48.0912 3808 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys 2011/04/08 11:08:48.0944 3808 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys 2011/04/08 11:08:49.0006 3808 HidUsb (01e7971e9f4bd6ac6a08db52d0ea0418) C:\Windows\system32\DRIVERS\hidusb.sys 2011/04/08 11:08:49.0068 3808 Hotkey (8b566ea71d5b76157a9cdb78f25a5731) C:\Windows\system32\drivers\Hotkey.sys 2011/04/08 11:08:49.0100 3808 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys 2011/04/08 11:08:49.0146 3808 HTTP (ea24fe637d974a8a31bc650f478e3533) C:\Windows\system32\drivers\HTTP.sys 2011/04/08 11:08:49.0224 3808 hwdatacard (4e370a583e78b614918c8f2cd5b733ef) C:\Windows\system32\DRIVERS\ewusbmdm.sys 2011/04/08 11:08:49.0256 3808 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys 2011/04/08 11:08:49.0334 3808 i8042prt (1c9ee072baa3abb460b91d7ee9152660) C:\Windows\system32\DRIVERS\i8042prt.sys 2011/04/08 11:08:49.0412 3808 ialm (9378d57e2b96c0a185d844770ad49948) C:\Windows\system32\DRIVERS\igdkmd32.sys 2011/04/08 11:08:49.0505 3808 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys 2011/04/08 11:08:49.0755 3808 IDSVix86 (7c8ce2b83a89ee1cb0c3fee5991e62a2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110407.001\IDSvix86.sys 2011/04/08 11:08:49.0942 3808 igfx (9378d57e2b96c0a185d844770ad49948) C:\Windows\system32\DRIVERS\igdkmd32.sys 2011/04/08 11:08:50.0004 3808 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys 2011/04/08 11:08:50.0082 3808 intelide (59b00efb24ead979becf413703bb1fac) C:\Windows\system32\drivers\intelide.sys 2011/04/08 11:08:50.0114 3808 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys 2011/04/08 11:08:50.0160 3808 IpFilterDriver (880c6f86cc3f551b8fea2c11141268c0) C:\Windows\system32\DRIVERS\ipfltdrv.sys 2011/04/08 11:08:50.0223 3808 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys 2011/04/08 11:08:50.0270 3808 IPNAT (10077c35845101548037df04fd1a420b) C:\Windows\system32\DRIVERS\ipnat.sys 2011/04/08 11:08:50.0301 3808 IRENUM (a82f328f4792304184642d6d397bb1e3) C:\Windows\system32\drivers\irenum.sys 2011/04/08 11:08:50.0332 3808 isapnp (2f8ece2699e7e2070545e9b0960a8ed2) C:\Windows\system32\drivers\isapnp.sys 2011/04/08 11:08:50.0394 3808 iScsiPrt (4dca456d4d5723f8fa9c6760d240b0df) C:\Windows\system32\DRIVERS\msiscsi.sys 2011/04/08 11:08:50.0410 3808 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys 2011/04/08 11:08:50.0441 3808 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys 2011/04/08 11:08:50.0628 3808 kbdclass (b076b2ab806b3f696dab21375389101c) C:\Windows\system32\DRIVERS\kbdclass.sys 2011/04/08 11:08:50.0722 3808 kbdhid (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\drivers\kbdhid.sys 2011/04/08 11:08:50.0784 3808 KSecDD (0a829977b078dea11641fc2af87ceade) C:\Windows\system32\Drivers\ksecdd.sys 2011/04/08 11:08:50.0894 3808 LHidFilt (7f9c7b28cf1c859e1c42619eea946dc8) C:\Windows\system32\DRIVERS\LHidFilt.Sys 2011/04/08 11:08:50.0956 3808 lirsgt (975b6cf65f44e95883f3855bae8cecaf) C:\Windows\system32\DRIVERS\lirsgt.sys 2011/04/08 11:08:50.0987 3808 lltdio (fd015b4f95daa2b712f0e372a116fbad) C:\Windows\system32\DRIVERS\lltdio.sys 2011/04/08 11:08:51.0018 3808 LMouFilt (ab33792a87285344f43b5ce23421bab0) C:\Windows\system32\DRIVERS\LMouFilt.Sys 2011/04/08 11:08:51.0065 3808 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys 2011/04/08 11:08:51.0112 3808 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys 2011/04/08 11:08:51.0159 3808 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys 2011/04/08 11:08:51.0206 3808 luafv (42885bb44b6e065b8575a8dd6c430c52) C:\Windows\system32\drivers\luafv.sys 2011/04/08 11:08:51.0252 3808 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys 2011/04/08 11:08:51.0299 3808 Modem (21755967298a46fb6adfec9db6012211) C:\Windows\system32\drivers\modem.sys 2011/04/08 11:08:51.0346 3808 monitor (7446e104a5fe5987ca9e4983fbac4f97) C:\Windows\system32\DRIVERS\monitor.sys 2011/04/08 11:08:51.0408 3808 mouclass (5fba13c1a1841b0885d316ed3589489d) C:\Windows\system32\DRIVERS\mouclass.sys 2011/04/08 11:08:51.0440 3808 mouhid (b569b5c5d3bde545df3a6af512cccdba) C:\Windows\system32\DRIVERS\mouhid.sys 2011/04/08 11:08:51.0471 3808 MountMgr (01f1e5a3e4877c931cbb31613fec16a6) C:\Windows\system32\drivers\mountmgr.sys 2011/04/08 11:08:51.0518 3808 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys 2011/04/08 11:08:51.0564 3808 mpsdrv (6e7a7f0c1193ee5648443fe2d4b789ec) C:\Windows\system32\drivers\mpsdrv.sys 2011/04/08 11:08:51.0596 3808 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys 2011/04/08 11:08:51.0642 3808 MRxDAV (1d8828b98ee309d65e006f0829e280e5) C:\Windows\system32\drivers\mrxdav.sys 2011/04/08 11:08:51.0689 3808 mrxsmb (8af705ce1bb907932157fab821170f27) C:\Windows\system32\DRIVERS\mrxsmb.sys 2011/04/08 11:08:51.0720 3808 mrxsmb10 (47e13ab23371be3279eef22bbfa2c1be) C:\Windows\system32\DRIVERS\mrxsmb10.sys 2011/04/08 11:08:51.0752 3808 mrxsmb20 (90b3fc7bd6b3d7ee7635debba2187f66) C:\Windows\system32\DRIVERS\mrxsmb20.sys 2011/04/08 11:08:51.0814 3808 msahci (2681302b63b318cbea6c82902ac5428c) C:\Windows\system32\drivers\msahci.sys 2011/04/08 11:08:51.0845 3808 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys 2011/04/08 11:08:51.0892 3808 Msfs (729eafefd4e7417165f353a18dbe947d) C:\Windows\system32\drivers\Msfs.sys 2011/04/08 11:08:51.0939 3808 msisadrv (207df26dbb2537c20276da0e15892274) C:\Windows\system32\drivers\msisadrv.sys 2011/04/08 11:08:51.0970 3808 MSKSSRV (892cedefa7e0ffe7be8da651b651d047) C:\Windows\system32\drivers\MSKSSRV.sys 2011/04/08 11:08:52.0017 3808 MSPCLOCK (ae2cb1da69b2676b4cee2a501af5871c) C:\Windows\system32\drivers\MSPCLOCK.sys 2011/04/08 11:08:52.0064 3808 MSPQM (f910da84fa90c44a3addb7cd874463fd) C:\Windows\system32\drivers\MSPQM.sys 2011/04/08 11:08:52.0095 3808 MsRPC (84571c0ae07647ba38d493f5f0015df7) C:\Windows\system32\drivers\MsRPC.sys 2011/04/08 11:08:52.0142 3808 mssmbios (7dbaa028f625aa46b95dda4fbe4b602b) C:\Windows\system32\DRIVERS\mssmbios.sys 2011/04/08 11:08:52.0173 3808 MSTEE (c826dd1373f38afd9ca46ec3c436a14e) C:\Windows\system32\drivers\MSTEE.sys 2011/04/08 11:08:52.0204 3808 Mup (fa7aa70050cf5e2d15de00941e5665e5) C:\Windows\system32\Drivers\mup.sys 2011/04/08 11:08:52.0266 3808 NativeWifiP (6da4a0fc7c0e83df0cb3cfd0a514c3bc) C:\Windows\system32\DRIVERS\nwifi.sys 2011/04/08 11:08:52.0422 3808 NAVENG (c34e2a884ccca8b5567d0c2752527073) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110407.035\NAVENG.SYS 2011/04/08 11:08:52.0500 3808 NAVEX15 (b3916eeec738dd4178f4fd6a44a32e36) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110407.035\NAVEX15.SYS 2011/04/08 11:08:52.0656 3808 NDIS (227c11e1e7cf6ef8afb2a238d209760c) C:\Windows\system32\drivers\ndis.sys 2011/04/08 11:08:52.0719 3808 NdisTapi (81659cdcbd0f9a9e07e6878ad8c78d3f) C:\Windows\system32\DRIVERS\ndistapi.sys 2011/04/08 11:08:52.0766 3808 Ndisuio (5de5ee546bf40838ebe0e01cb629df64) C:\Windows\system32\DRIVERS\ndisuio.sys 2011/04/08 11:08:52.0812 3808 NdisWan (397402adcbb8946223a1950101f6cd94) C:\Windows\system32\DRIVERS\ndiswan.sys 2011/04/08 11:08:52.0859 3808 NDProxy (1b24fa907af283199a81b3bb37e5e526) C:\Windows\system32\drivers\NDProxy.sys 2011/04/08 11:08:52.0890 3808 NetBIOS (356dbb9f98e8dc1028dd3092fceeb877) C:\Windows\system32\DRIVERS\netbios.sys 2011/04/08 11:08:52.0937 3808 netbt (e3a168912e7eefc3bd3b814720d68b41) C:\Windows\system32\DRIVERS\netbt.sys 2011/04/08 11:08:53.0062 3808 NETw4v32 (6522dd40a5f67ced020bd81b856613fb) C:\Windows\system32\DRIVERS\NETw4v32.sys 2011/04/08 11:08:53.0140 3808 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys 2011/04/08 11:08:53.0218 3808 Npfs (4f9832beb9fafd8ceb0e541f1323b26e) C:\Windows\system32\drivers\Npfs.sys 2011/04/08 11:08:53.0249 3808 nsiproxy (b488dfec274de1fc9d653870ef2587be) C:\Windows\system32\drivers\nsiproxy.sys 2011/04/08 11:08:53.0327 3808 Ntfs (37430aa7a66d7a63407adc2c0d05e9f6) C:\Windows\system32\drivers\Ntfs.sys 2011/04/08 11:08:53.0390 3808 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys 2011/04/08 11:08:53.0421 3808 Null (ec5efb3c60f1b624648344a328bce596) C:\Windows\system32\drivers\Null.sys 2011/04/08 11:08:53.0452 3808 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys 2011/04/08 11:08:53.0499 3808 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys 2011/04/08 11:08:53.0530 3808 nv_agp (055081fd5076401c1ee1bcab08d81911) C:\Windows\system32\drivers\nv_agp.sys 2011/04/08 11:08:53.0624 3808 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys 2011/04/08 11:08:53.0702 3808 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\DRIVERS\parport.sys 2011/04/08 11:08:53.0733 3808 partmgr (555a5b2c8022983bc7467bc925b222ee) C:\Windows\system32\drivers\partmgr.sys 2011/04/08 11:08:53.0764 3808 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\DRIVERS\parvdm.sys 2011/04/08 11:08:53.0826 3808 pci (bdd96f9cf34d58958aff1be6ef4c8020) C:\Windows\system32\drivers\pci.sys 2011/04/08 11:08:53.0858 3808 pciide (54d23dc5b5072311116826fdb7f6e83e) C:\Windows\system32\drivers\pciide.sys 2011/04/08 11:08:53.0889 3808 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys 2011/04/08 11:08:53.0967 3808 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys 2011/04/08 11:08:54.0092 3808 PptpMiniport (c04dec5ace67c5247b150c4223970bb7) C:\Windows\system32\DRIVERS\raspptp.sys 2011/04/08 11:08:54.0123 3808 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys 2011/04/08 11:08:54.0201 3808 PSched (2c8bae55247c4e09352e870292e4d1ab) C:\Windows\system32\DRIVERS\pacer.sys 2011/04/08 11:08:54.0248 3808 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\Windows\system32\Drivers\PxHelp20.sys 2011/04/08 11:08:54.0310 3808 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys 2011/04/08 11:08:54.0388 3808 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys 2011/04/08 11:08:54.0419 3808 QWAVEdrv (d2b3e2b7426dc23e185fbc73c8936c12) C:\Windows\system32\drivers\qwavedrv.sys 2011/04/08 11:08:54.0450 3808 RasAcd (bd7b30f55b3649506dd8b3d38f571d2a) C:\Windows\system32\DRIVERS\rasacd.sys 2011/04/08 11:08:54.0528 3808 Rasl2tp (68b0019fee429ec49d29017af937e482) C:\Windows\system32\DRIVERS\rasl2tp.sys 2011/04/08 11:08:54.0575 3808 RasPppoe (ccf4e9c6cbbac81437f88cb2ae0b6c96) C:\Windows\system32\DRIVERS\raspppoe.sys 2011/04/08 11:08:54.0622 3808 rdbss (54129c5d9581bbec8bd1ebd3ba813f47) C:\Windows\system32\DRIVERS\rdbss.sys 2011/04/08 11:08:54.0653 3808 RDPCDD (794585276b5d7fca9f3fc15543f9f0b9) C:\Windows\system32\DRIVERS\RDPCDD.sys 2011/04/08 11:08:54.0700 3808 rdpdr (0245418224cfa77bf4b41c2fe0622258) C:\Windows\system32\DRIVERS\rdpdr.sys 2011/04/08 11:08:54.0731 3808 RDPENCDD (980b56e2e273e19d3a9d72d5c420f008) C:\Windows\system32\drivers\rdpencdd.sys 2011/04/08 11:08:54.0762 3808 RDPWD (8830e790a74a96605faba74f9665bb3c) C:\Windows\system32\drivers\RDPWD.sys 2011/04/08 11:08:54.0840 3808 RFCOMM (7ec90c316177ba3f1bce92005264b447) C:\Windows\system32\DRIVERS\rfcomm.sys 2011/04/08 11:08:54.0887 3808 rspndr (97e939d2128fec5d5a3e6e79b290a2f4) C:\Windows\system32\DRIVERS\rspndr.sys 2011/04/08 11:08:54.0934 3808 RTL8169 (71b7026d61293c1e91145bdad11c53bf) C:\Windows\system32\DRIVERS\Rtlh86.sys 2011/04/08 11:08:54.0981 3808 RTSTOR (e845f4d709c456992f11d2acf321bced) C:\Windows\system32\drivers\RTSTOR.SYS 2011/04/08 11:08:55.0012 3808 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys 2011/04/08 11:08:55.0059 3808 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 2011/04/08 11:08:55.0106 3808 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\DRIVERS\serenum.sys 2011/04/08 11:08:55.0152 3808 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\DRIVERS\serial.sys 2011/04/08 11:08:55.0199 3808 sermouse (450accd77ec5cea720c1cdb9e26b953b) C:\Windows\system32\drivers\sermouse.sys 2011/04/08 11:08:55.0246 3808 sffdisk (51cf56aa8bcc241f134b420b8f850406) C:\Windows\system32\drivers\sffdisk.sys 2011/04/08 11:08:55.0277 3808 sffp_mmc (96ded8b20c734ac41641ce275250e55d) C:\Windows\system32\drivers\sffp_mmc.sys 2011/04/08 11:08:55.0293 3808 sffp_sd (8b08cab1267b2c377883fc9e56981f90) C:\Windows\system32\drivers\sffp_sd.sys 2011/04/08 11:08:55.0324 3808 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys 2011/04/08 11:08:55.0371 3808 sisagp (08072b2fb92477fc813271a84b3a8698) C:\Windows\system32\drivers\sisagp.sys 2011/04/08 11:08:55.0402 3808 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys 2011/04/08 11:08:55.0433 3808 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys 2011/04/08 11:08:55.0480 3808 Smb (ac0d90738adb51a6fd12ff00874a2162) C:\Windows\system32\DRIVERS\smb.sys 2011/04/08 11:08:55.0511 3808 spldr (426f9b029aa9162ceccf65369457d046) C:\Windows\system32\drivers\spldr.sys 2011/04/08 11:08:55.0620 3808 SRTSP (a7a104a61c4e30de9c58f8c372a5c209) C:\Windows\System32\Drivers\NIS\1205000.07D\SRTSP.SYS 2011/04/08 11:08:55.0667 3808 SRTSPX (2833445f786bd000bb14c84a9d91347a) C:\Windows\system32\drivers\NIS\1205000.07D\SRTSPX.SYS 2011/04/08 11:08:55.0761 3808 srv (038579c35f7cad4a4bbf735dbf83277d) C:\Windows\system32\DRIVERS\srv.sys 2011/04/08 11:08:55.0808 3808 srv2 (6971a757af8cb5e2cbcbb76cc530db6c) C:\Windows\system32\DRIVERS\srv2.sys 2011/04/08 11:08:55.0854 3808 srvnet (9e1a4603b874eebce0298113951abefb) C:\Windows\system32\DRIVERS\srvnet.sys 2011/04/08 11:08:55.0948 3808 SVKP (f05028b163b92c302a74409d683ac9b0) C:\Windows\system32\SVKP.sys 2011/04/08 11:08:55.0995 3808 swenum (3b80b4383c9bce13279c8482734b32b2) C:\Windows\system32\DRIVERS\swenum.sys 2011/04/08 11:08:56.0042 3808 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys 2011/04/08 11:08:56.0120 3808 SymDS (bdf077b897b5f9f929b6bf0cfd436962) C:\Windows\system32\drivers\NIS\1205000.07D\SYMDS.SYS 2011/04/08 11:08:56.0198 3808 SymEFA (7732298ad2eddd364c1d4f439d99ae7c) C:\Windows\system32\drivers\NIS\1205000.07D\SYMEFA.SYS 2011/04/08 11:08:56.0276 3808 SymEvent (5c76a63fac8a5580c5a1c4a4ed827782) C:\Windows\system32\Drivers\SYMEVENT.SYS 2011/04/08 11:08:56.0338 3808 SymIRON (a73399804d5d4a8b20ba60fcf70c9f1f) C:\Windows\system32\drivers\NIS\1205000.07D\Ironx86.SYS 2011/04/08 11:08:56.0400 3808 SYMTDIv (c93e93bff7cba0cd1c1ea282d791b772) C:\Windows\System32\Drivers\NIS\1205000.07D\SYMTDIV.SYS 2011/04/08 11:08:56.0447 3808 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys 2011/04/08 11:08:56.0478 3808 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys 2011/04/08 11:08:56.0510 3808 SynTP (f7a4250bb3e3afcd4af100e551509352) C:\Windows\system32\DRIVERS\SynTP.sys 2011/04/08 11:08:56.0603 3808 Tcpip (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\drivers\tcpip.sys 2011/04/08 11:08:56.0650 3808 Tcpip6 (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\DRIVERS\tcpip.sys 2011/04/08 11:08:56.0681 3808 tcpipreg (5ce0c4a7b12d0067dad527d72b68c726) C:\Windows\system32\drivers\tcpipreg.sys 2011/04/08 11:08:56.0728 3808 TDPIPE (964248aef49c31fa6a93201a73ffaf50) C:\Windows\system32\drivers\tdpipe.sys 2011/04/08 11:08:56.0759 3808 TDTCP (7d2c1ae1648a60fce4aa0f7982e419d3) C:\Windows\system32\drivers\tdtcp.sys 2011/04/08 11:08:56.0806 3808 tdx (ab4fde8af4a0270a46a001c08cbce1c2) C:\Windows\system32\DRIVERS\tdx.sys 2011/04/08 11:08:56.0853 3808 TermDD (849ed71967d45f15c3e0abfc633fdf2a) C:\Windows\system32\DRIVERS\termdd.sys 2011/04/08 11:08:56.0915 3808 tssecsrv (29f0eca726f0d51f7e048bdb0b372f29) C:\Windows\system32\DRIVERS\tssecsrv.sys 2011/04/08 11:08:56.0962 3808 tunmp (65e953bc0084d44498b51f59784d2a82) C:\Windows\system32\DRIVERS\tunmp.sys 2011/04/08 11:08:56.0993 3808 tunnel (4a39bda5e0fd30bdf4884f9d33ae6105) C:\Windows\system32\DRIVERS\tunnel.sys 2011/04/08 11:08:57.0024 3808 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys 2011/04/08 11:08:57.0056 3808 udfs (6348da98707ceda8a0dfb05820e17732) C:\Windows\system32\DRIVERS\udfs.sys 2011/04/08 11:08:57.0102 3808 uliagpkx (6d72ef05921abdf59fc45c7ebfe7e8dd) C:\Windows\system32\drivers\uliagpkx.sys 2011/04/08 11:08:57.0149 3808 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys 2011/04/08 11:08:57.0180 3808 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys 2011/04/08 11:08:57.0212 3808 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys 2011/04/08 11:08:57.0258 3808 umbus (3fb78f1d1dd86d87bececd9dffa24dd9) C:\Windows\system32\DRIVERS\umbus.sys 2011/04/08 11:08:57.0336 3808 USB28xxBGA (01f43ddc94653cd68d2794ec4500debc) C:\Windows\system32\DRIVERS\emBDA.sys 2011/04/08 11:08:57.0368 3808 USB28xxOEM (925e82ffe06a37799e5cb486528ed835) C:\Windows\system32\DRIVERS\emOEM.sys 2011/04/08 11:08:57.0430 3808 usbbus (9419faac6552a51542dbba02971c841c) C:\Windows\system32\DRIVERS\lgusbbus.sys 2011/04/08 11:08:57.0477 3808 usbccgp (03b01e8dbd2da2b49157b7e51912aaf2) C:\Windows\system32\DRIVERS\usbccgp.sys 2011/04/08 11:08:57.0539 3808 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys 2011/04/08 11:08:57.0586 3808 UsbDiag (c0a466fa4ffec464320e159bc1bbdc0c) C:\Windows\system32\DRIVERS\lgusbdiag.sys 2011/04/08 11:08:57.0648 3808 usbehci (2f83363f98484f8edaf49f9b41520d14) C:\Windows\system32\DRIVERS\usbehci.sys 2011/04/08 11:08:57.0695 3808 usbhub (14d2a4dcd92c0b3368667aed6893463d) C:\Windows\system32\DRIVERS\usbhub.sys 2011/04/08 11:08:57.0758 3808 USBModem (f74a54774a9b0afeb3c40adec68aa600) C:\Windows\system32\DRIVERS\lgusbmodem.sys 2011/04/08 11:08:57.0789 3808 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys 2011/04/08 11:08:57.0836 3808 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\DRIVERS\usbprint.sys 2011/04/08 11:08:57.0898 3808 usbscan (b1f95285c08ddfe00c0b955462637ec7) C:\Windows\system32\DRIVERS\usbscan.sys 2011/04/08 11:08:57.0945 3808 usbsermptxp (49106ee29074e6a3d3ac9e24c6d791d8) C:\Windows\system32\DRIVERS\usbsermptxp.sys 2011/04/08 11:08:57.0992 3808 USBSTOR (7887ce56934e7f104e98c975f47353c5) C:\Windows\system32\DRIVERS\USBSTOR.SYS 2011/04/08 11:08:58.0054 3808 usbuhci (7747b902f6b7d0096f9c2bf55d3247f1) C:\Windows\system32\DRIVERS\usbuhci.sys 2011/04/08 11:08:58.0116 3808 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys 2011/04/08 11:08:58.0163 3808 VgaSave (17a8f877314e4067f8c8172cc6d9101c) C:\Windows\System32\drivers\vga.sys 2011/04/08 11:08:58.0194 3808 viaagp (d5929a28bdff4367a12caf06af901971) C:\Windows\system32\drivers\viaagp.sys 2011/04/08 11:08:58.0226 3808 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys 2011/04/08 11:08:58.0257 3808 viaide (c0ace9d0f5a5ee0b00f58345947a57fc) C:\Windows\system32\drivers\viaide.sys 2011/04/08 11:08:58.0304 3808 volmgr (fd16fac15f9f165ac19a618e7b391f5c) C:\Windows\system32\drivers\volmgr.sys 2011/04/08 11:08:58.0350 3808 volmgrx (294da8d3f965f6a8db934a83c7b461ff) C:\Windows\system32\drivers\volmgrx.sys 2011/04/08 11:08:58.0413 3808 volsnap (80dc0c9bcb579ed9815001a4d37cbfd5) C:\Windows\system32\drivers\volsnap.sys 2011/04/08 11:08:58.0444 3808 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys 2011/04/08 11:08:58.0506 3808 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys 2011/04/08 11:08:58.0538 3808 Wanarp (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys 2011/04/08 11:08:58.0553 3808 Wanarpv6 (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys 2011/04/08 11:08:58.0600 3808 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys 2011/04/08 11:08:58.0647 3808 Wdf01000 (7b5f66e4a2219c7d9daf9e738480e534) C:\Windows\system32\drivers\Wdf01000.sys 2011/04/08 11:08:58.0772 3808 WmiAcpi (17eac0d023a65fa9b02114cc2baacad5) C:\Windows\system32\DRIVERS\wmiacpi.sys 2011/04/08 11:08:58.0850 3808 WpdUsb (2d27171b16a577ef14c1273668753485) C:\Windows\system32\DRIVERS\wpdusb.sys 2011/04/08 11:08:58.0896 3808 ws2ifsl (84620aecdcfd2a7a14e6263927d8c0ed) C:\Windows\system32\drivers\ws2ifsl.sys 2011/04/08 11:08:58.0943 3808 WUDFRd (a2aafcc8a204736296d937c7c545b53f) C:\Windows\system32\DRIVERS\WUDFRd.sys 2011/04/08 11:08:59.0037 3808 ================================================================================ 2011/04/08 11:08:59.0037 3808 Scan finished 2011/04/08 11:08:59.0037 3808 ================================================================================ 2011/04/08 11:09:15.0604 2020 Deinitialize success Stephi |
08.04.2011, 10:35 | #12 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Trojan.Hiloti.Gen / Appcrash svchost.exe / Google Redirects / ständige Angriffe etc. Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
08.04.2011, 11:52 | #13 |
| Trojan.Hiloti.Gen / Appcrash svchost.exe / Google Redirects / ständige Angriffe etc. Hallo Arne, Combofix lief problemlos. Hier die logfile: Code:
ATTFilter ComboFix 11-04-07.08 - Zaphod 08.04.2011 12:24:30.1.2 - x86 Microsoft® Windows Vista™ Business 6.0.6000.0.1252.49.1031.18.2038.1037 [GMT 2:00] ausgeführt von:: c:\users\Zaphod\Downloads\cofi.exe . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\system32\Thumbs.db . . ((((((((((((((((((((((( Dateien erstellt von 2011-03-08 bis 2011-04-08 )))))))))))))))))))))))))))))) . . 2011-04-08 10:35 . 2011-04-08 10:35 -------- d-----w- c:\users\Zaphod\AppData\Local\temp 2011-04-08 10:13 . 2011-04-08 10:13 -------- d-----w- c:\program files\CCleaner 2011-04-07 19:12 . 2011-04-07 19:12 -------- d-----w- C:\_OTL 2011-04-06 15:22 . 2010-12-20 16:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-04-06 15:22 . 2010-12-20 16:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-04-06 12:03 . 2011-04-06 12:03 -------- d-----w- c:\program files\Common Files\Java 2011-04-06 12:02 . 2011-04-06 12:02 -------- d-----w- c:\program files\Java 2011-04-06 11:59 . 2011-04-06 11:59 -------- d-----w- c:\programdata\Apple Computer 2011-04-06 11:59 . 2010-04-16 17:00 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin5.dll 2011-04-06 11:59 . 2010-04-16 17:00 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin4.dll 2011-04-06 11:59 . 2010-04-16 17:00 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin3.dll 2011-04-06 11:59 . 2010-04-16 17:00 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin2.dll 2011-04-06 11:59 . 2010-04-16 17:00 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin.dll 2011-04-06 11:59 . 2010-03-17 20:53 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2011-04-06 11:59 . 2010-03-17 20:53 69632 ----a-w- c:\windows\system32\QuickTime.qts 2011-04-06 11:59 . 2010-03-17 20:53 180224 ----a-w- c:\windows\system32\QTCF.dll 2011-04-06 11:59 . 2011-04-06 11:59 -------- d-----w- c:\program files\QuickTime Alternative 2011-04-06 10:18 . 2011-04-06 11:34 -------- d-----w- c:\program files\Spybot - Search & Destroy 2011-04-06 10:18 . 2011-04-06 11:32 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2011-04-06 08:52 . 2011-04-06 08:52 -------- d-----w- c:\users\Zaphod\AppData\Roaming\Malwarebytes 2011-04-06 08:52 . 2011-04-06 08:52 -------- d-----w- c:\programdata\Malwarebytes 2011-04-06 08:52 . 2011-04-06 15:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-03-29 08:11 . 2011-03-29 08:11 -------- d-----w- c:\users\Zaphod\AppData\Local\DDMSettings 2011-03-27 19:59 . 2011-03-27 19:59 -------- d-----w- c:\program files\Common Files\DivX Shared 2011-03-26 12:36 . 2011-03-26 12:36 -------- d-----w- c:\users\Zaphod\AppData\Roaming\EAC 2011-03-26 12:36 . 2011-03-26 12:36 -------- d-----w- c:\program files\Exact Audio Copy 2011-03-26 09:54 . 2011-03-26 09:54 -------- d-----w- c:\programdata\Driver Whiz 2011-03-24 21:12 . 2009-03-17 09:38 364544 ----a-w- c:\windows\system32\MACDll.dll 2011-03-24 21:12 . 2009-01-19 18:39 246424 ----a-w- c:\windows\system32\unicows.dll 2011-03-24 21:12 . 2011-03-24 21:12 -------- d-----w- c:\program files\Monkey's Audio 2011-03-24 13:30 . 2011-03-24 13:30 -------- d-----w- c:\program files\LG Electronics 2011-03-24 13:12 . 2011-03-24 13:12 -------- d-----w- c:\users\Zaphod\AppData\Roaming\Amazon 2011-03-24 13:11 . 2011-03-24 13:11 -------- d-----w- c:\program files\Amazon 2011-03-24 12:42 . 2009-09-04 16:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll 2011-03-24 12:41 . 2011-03-24 12:41 -------- d-----w- c:\program files\Winamp Detect 2011-03-24 12:39 . 2011-04-08 10:15 -------- d-----w- c:\users\Zaphod\AppData\Roaming\Winamp 2011-03-24 12:39 . 2011-03-24 12:42 -------- d-----w- c:\program files\Winamp 2011-03-17 19:57 . 2011-03-17 19:57 12800 ----a-w- c:\program files\Mozilla Firefox\plugins\npwachk.dll 2011-03-09 11:22 . 2011-04-06 12:00 -------- d-----w- c:\program files\DivX . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-04-06 12:02 . 2010-12-27 15:09 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-04-02 13:46 . 2006-11-02 10:32 101376 ----a-w- c:\windows\system32\ifxcardm.dll 2011-04-02 13:46 . 2006-11-02 10:32 79872 ----a-w- c:\windows\system32\axaltocm.dll 2011-04-02 11:38 . 2010-12-28 13:53 47560 ----a-w- c:\windows\system32\SPReview.exe 2011-04-02 11:38 . 2010-12-28 13:53 152576 ----a-w- c:\windows\system32\SPWizUI.dll . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 815104] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-11 166424] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-11 133656] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2007-12-5 813584] . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Photo Express Calendar Checker SE.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Photo Express Calendar Checker SE.lnk backup=c:\windows\pss\Photo Express Calendar Checker SE.lnk.CommonStartup backupExtension=.CommonStartup . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Remote Control.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Remote Control.lnk backup=c:\windows\pss\Remote Control.lnk.CommonStartup backupExtension=.CommonStartup . [HKLM\~\startupfolder\C:^Users^Zaphod^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PowerReg Scheduler V3.exe] path=c:\users\Zaphod\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe backup=c:\windows\pss\PowerReg Scheduler V3.exe.Startup backupExtension=.Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] 2006-12-22 05:29 67752 ----a-w- c:\program files\Adobe\Photoshop Elements 5.0\apdproxy.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Center Agent] 2009-08-18 19:02 1520128 ----a-w- c:\program files\KWorld Multimedia\HyperMedia\DTVR\Scheduled.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate] 2011-03-21 21:10 1230704 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] 2008-10-25 09:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotkeyApp] 2007-04-26 17:29 188416 ----a-w- c:\program files\Launch Manager\HotkeyApp.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer] 2009-06-17 16:55 55824 ----a-w- c:\windows\KHALMNPR.Exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2006-01-12 13:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM2_Monitor] 2006-12-01 20:28 95800 ----a-w- c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PE2CKFNT SE] 1998-07-03 10:51 25088 ------w- c:\program files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2010-10-29 12:49 249064 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] 2008-01-19 11:41 185896 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] 2011-03-17 19:56 74752 ----a-w- c:\program files\Winamp\winampa.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] 2006-11-02 12:36 201728 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe . R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2006-11-02 167936] R3 BthAvrcp;Bluetooth-AVRCP-Profil;c:\windows\system32\DRIVERS\BthAvrcp.sys [2010-02-05 28048] R4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-12-20 135664] S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110309.001\BHDrvx86.sys [2011-02-25 800376] S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110407.001\IDSvix86.sys [2011-03-14 353912] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-11-15 102448] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc bthsvcs REG_MULTI_SZ BthServ . Inhalt des "geplante Tasks" Ordners . 2011-04-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-12-20 09:10] . 2011-04-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-12-20 09:10] . . ------- Zusätzlicher Suchlauf ------- . uStart Page = about:blank IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\users\Zaphod\AppData\Roaming\Mozilla\Firefox\Profiles\3pbm62fv.default\ FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: Norton IPS: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn FF - Ext: Norton Toolbar: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62} - c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn FF - Ext: DivX Plus Web Player HTML5 <video>: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\html5video FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\DivX\DivX Plus Web Player\firefox\wpa FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} . - - - - Entfernte verwaiste Registrierungseinträge - - - - . SafeBoot-klmdb.sys MSConfigStartUp-cleansweep - c:\cleansweep.exe\cleansweep.exe MSConfigStartUp-CtrlVol - c:\program files\Launch Manager\CtrlVol.exe MSConfigStartUp-LaunchAp - c:\program files\Launch Manager\LaunchAp.exe MSConfigStartUp-MobileConnect - %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\QTTask.exe MSConfigStartUp-Wbutton - c:\program files\Launch Manager\WButton.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net Rootkit scan 2011-04-08 12:35 Windows 6.0.6000 NTFS . Scanne versteckte Prozesse... . Scanne versteckte Autostarteinträge... . Scanne versteckte Dateien... . Scan erfolgreich abgeschlossen versteckte Dateien: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NIS] "ImagePath"="\"c:\program files\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\18.5.0.125\diMaster.dll\" /prefetch:1" . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Zeit der Fertigstellung: 2011-04-08 12:40:43 ComboFix-quarantined-files.txt 2011-04-08 10:40 . Vor Suchlauf: 13 Verzeichnis(se), 184.853.966.848 Bytes frei Nach Suchlauf: 17 Verzeichnis(se), 184.252.383.232 Bytes frei . - - End Of File - - 32828BEAC649B8580D4EA4B5001AC5D0 Stephi |
08.04.2011, 14:02 | #14 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Trojan.Hiloti.Gen / Appcrash svchost.exe / Google Redirects / ständige Angriffe etc.Zitat:
Wo ist das SP2? Nichtmal SP1 ist drauf! Wo ist IE9 oder zumindest IE8?
__________________ Logfiles bitte immer in CODE-Tags posten |
08.04.2011, 15:54 | #15 |
| Trojan.Hiloti.Gen / Appcrash svchost.exe / Google Redirects / ständige Angriffe etc. Hallo Arne, ich versteh das auch nicht. Die automatischen Updates über Windows Update habe ich immer ausgeführt. Dachte eigentlich, dass dieses Programm auch die SP's installiert. War aber nicht so. Habe deshalb mehrmals (gerade eben auch noch einmal) versucht, das SP1 manuell zu installieren. Klappt aber nicht. Sagt mir immer am Ende der Installation, dass SP1 nicht installiert werden konnte und alle Änderungen rückgängig gemacht werden. (Norton, Windows Firewall und Defender waren immer ausgeschaltet und ich habe das SP auch immer als Admin gestartet). Wenn er wieder hochfährt, zeigt er mir den Fehlercode 0x800F0826 an. Soll ich Norton deinstallieren? Mir fällt nix mehr ein. Grüße, Stephi |
Themen zu Trojan.Hiloti.Gen / Appcrash svchost.exe / Google Redirects / ständige Angriffe etc. |
anti-malware, appdata, dateien, explorer, explorer.exe, funktioniert, funktioniert nicht mehr, google, infected, leitet, malwarebytes, microsoft, nicht mehr, probleme, roaming, software, svchost.exe, system, taskleiste, temp, update, vista, windows, windows dienst, windows update, windows vista, winlogon |