Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Trojan.Hiloti.Gen / Appcrash svchost.exe / Google Redirects / ständige Angriffe etc. (https://www.trojaner-board.de/97210-trojan-hiloti-gen-appcrash-svchost-exe-google-redirects-staendige-angriffe-etc.html)

zelluloid 06.04.2011 18:22
Trojan.Hiloti.Gen / Appcrash svchost.exe / Google Redirects / ständige Angriffe etc.
 
(Kenne mich nicht so aus, also bitte nicht wundern, ich geb mein Bestes)

Habe seit einigen Tagen mehrere Probleme auf meiner Windows Vista Partition:

Norton meldet ständig Angriffe (Tidserv Activity : System Infected). Es sind immer die selben IP's, anscheinend russische. Windows Update funktioniert nicht. Google leitet mich öfter um. Es kommt ständig die Meldung 'Windows Dienst funktioniert nicht mehr', Appcrash, svchost.exe. Manchmal wechselt das Design meiner Taskleiste und sieht dann wie das von XP aus, auch bei dem Fenster von 'Windows Dienst funktioniert nicht' hab ich das XP-Design.

Hier meine Malwarebytes logfile
Code:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6283

Windows 6.0.6000
Internet Explorer 7.0.6000.17037

##########
mbam-log-2011-04-06 (11-05-39).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 150130
Laufzeit: 5 Minute(n), 51 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 2
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell.Gen) -> Value: Shell -> Delete on reboot.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer (PUM.Bad.Proxy) -> Value: ProxyServer -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (explorer.exe,C:\Users\Zaphod\AppData\Roaming\Microsoft\Windows\shell.exe) Good: (Explorer.exe) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\Zaphod\AppData\Local\Temp\snwroeaxcm.exe (Trojan.Hiloti.Gen) -> Quarantined and deleted successfully.
c:\Users\Zaphod\AppData\Roaming\chkntfs.dat (Malware.Trace) -> Quarantined and deleted successfully.

cosinus 06.04.2011 19:57
Hallo und :hallo:

Bitte routinemäßig einen Vollscan mit malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

Danach OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.

zelluloid 07.04.2011 14:01
Vielen Dank für die schnelle Antwort. Habe schon einmal versucht zu posten, hat aber anscheinend nicht funktioniert.

Hier die logfilfe von Malwarebytes nach Aktualisierung und Vollscan:
Code:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6290

Windows 6.0.6000
Internet Explorer 7.0.6000.17037

07.04.2011 00:04
mbam-log-2011-04-07 (00-04-00).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|F:\|)
Durchsuchte Objekte: 277464
Laufzeit: 1 Stunde(n), 14 Minute(n), 30 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
OTL:
Code:
OTL logfile created on: 07.04.2011 14:16:23 - Run 1
OTL by OldTimer - Version 3.2.22.3    Folder = C:\Users\Zaphod\Downloads
Windows Vista Business Edition  (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.17037)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 48,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 78,00% Paging File free
Paging file location(s): ?:\pagefile.sys
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 218,41 Gb Total Space | 172,77 Gb Free Space | 79,10% Space Free | Partition Type: NTFS
 
Computer Name: ZAPHOD-LAB | User Name: Zaphod | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Zaphod\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
PRC - C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE (Logitech, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Zaphod\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\PROGRAM FILES\NORTON INTERNET SECURITY\ENGINE\18.5.0.125\ASOEHOOK.DLL (Symantec Corporation)
MOD - C:\PROGRAM FILES\NORTON INTERNET SECURITY\ENGINE\18.5.0.125\Microsoft.VC90.CRT\MSVCR90.dll (Microsoft Corporation)
MOD - C:\PROGRAM FILES\NORTON INTERNET SECURITY\ENGINE\18.5.0.125\Microsoft.VC90.CRT\MSVCP90.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (NIS) -- C:\Program Files\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe (Symantec Corporation)
SRV - (LBTServ) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (AdobeActiveFileMonitor5.0) -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe ()
SRV - (WisLMSvc) -- C:\Program Files\Launch Manager\WisLMSvc.exe (Wistron Corp.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110406.003\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110406.003\NAVENG.SYS (Symantec Corporation)
DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110405.001\IDSvix86.sys (Symantec Corporation)
DRV - (BHDrvx86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110309.001\BHDrvx86.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (SYMTDIv) -- C:\Windows\System32\Drivers\NIS\1205000.07D\SYMTDIV.SYS (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\System32\Drivers\NIS\1205000.07D\SRTSP.SYS (Symantec Corporation)
DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\system32\drivers\NIS\1205000.07D\SRTSPX.SYS (Symantec Corporation)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (SymEFA) -- C:\Windows\system32\drivers\NIS\1205000.07D\SYMEFA.SYS (Symantec Corporation)
DRV - (SymIRON) -- C:\Windows\system32\drivers\NIS\1205000.07D\Ironx86.SYS (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (SymDS) -- C:\Windows\system32\drivers\NIS\1205000.07D\SYMDS.SYS (Symantec Corporation)
DRV - (BthAvrcp) -- C:\Windows\System32\drivers\BthAvrcp.sys (CSR, plc)
DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (USBModem) -- C:\Windows\System32\drivers\lgusbmodem.sys (LG Electronics Inc.)
DRV - (UsbDiag) -- C:\Windows\System32\drivers\lgusbdiag.sys (LG Electronics Inc.)
DRV - (usbbus) -- C:\Windows\System32\drivers\lgusbbus.sys (LG Electronics Inc.)
DRV - (SVKP) -- C:\Windows\System32\SVKP.sys (AntiCracking)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.)
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (AF15BDA) -- C:\Windows\System32\drivers\AF15BDA.sys (AfaTech                  )
DRV - (NETw4v32) Intel(R) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (USB28xxBGA) -- C:\Windows\System32\drivers\emBDA.sys (eMPIA Technology, Inc.)
DRV - (USB28xxOEM) -- C:\Windows\System32\drivers\emOEM.sys (eMPIA Technology, Inc.)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation                                            )
DRV - (Hotkey) -- C:\Windows\System32\drivers\HOTKEY.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.fujitsu-siemens.com/index2
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:5.5
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\ [2011.01.13 19:48:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn\ [2011.01.07 04:05:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.03.29 10:10:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.03.29 10:10:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.04.06 14:17:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.04.06 14:17:16 | 000,000,000 | ---D | M]
 
[2011.04.06 14:18:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Zaphod\AppData\Roaming\mozilla\Extensions
[2011.04.06 14:21:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Zaphod\AppData\Roaming\mozilla\Firefox\Profiles\3pbm62fv.default\extensions
[2011.04.06 14:21:22 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Zaphod\AppData\Roaming\mozilla\Firefox\Profiles\3pbm62fv.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.04.06 14:17:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2011.04.06 14:03:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.03.29 10:10:21 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\HTML5VIDEO
[2011.03.29 10:10:21 | 000,000,000 | ---D | M] (DivX HiQ) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\WPA
[2011.01.07 04:05:19 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\COFFPLGN
[2011.01.13 19:48:04 | 000,000,000 | ---D | M] (Norton IPS) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPLGN
[2011.04.06 14:02:30 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.03.17 21:57:30 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2011.03.20 01:06:12 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.03.20 01:06:12 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.03.20 01:06:13 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.03.20 01:06:13 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.03.20 01:06:13 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.04.06 13:02:04 | 000,432,311 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O1 - Hosts: 127.0.0.1
O1 - Hosts: 127.0.0.1
O1 - Hosts: 127.0.0.1
O1 - Hosts: 127.0.0.1
O1 - Hosts: 127.0.0.1
O1 - Hosts: 127.0.0.1
O1 - Hosts: 127.0.0.1
O1 - Hosts: 127.0.0.1
O1 - Hosts: 127.0.0.1
O1 - Hosts: 127.0.0.1
O1 - Hosts: 127.0.0.1
O1 - Hosts: 127.0.0.1
O1 - Hosts: 127.0.0.1
O1 - Hosts: 127.0.0.1
O1 - Hosts: 127.0.0.1
O1 - Hosts: 127.0.0.1
O1 - Hosts: 127.0.0.1
O1 - Hosts: 127.0.0.1
O1 - Hosts: 127.0.0.1
O1 - Hosts: 127.0.0.1
O1 - Hosts: 127.0.0.1
O1 - Hosts: 127.0.0.1
O1 - Hosts: 127.0.0.1
O1 - Hosts: 14882 more lines...
O2 - BHO: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\IPS\IPSBHO.DLL (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\coIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\coIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [MSConfig] C:\Windows\System32\msconfig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files\vShare\vshare_toolbar.dll ()
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Zaphod\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Zaphod\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{5d118db0-23b3-11e0-baaa-8412d60bb5e4}\Shell - "" = AutoRun
O33 - MountPoints2\{5d118db0-23b3-11e0-baaa-8412d60bb5e4}\Shell\AutoRun\command - "" = E:\LGAutoRun.exe
O33 - MountPoints2\{77d23c94-c14c-11dd-8837-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{77d23c94-c14c-11dd-8837-806e6f6e6963}\Shell\AutoRun\command - "" = D:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.04.06 17:22:48 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.04.06 17:22:42 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.04.06 15:07:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2011.04.06 14:18:07 | 000,000,000 | ---D | C] -- C:\Users\Zaphod\AppData\Roaming\Mozilla
[2011.04.06 14:03:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011.04.06 14:03:06 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011.04.06 14:03:06 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011.04.06 14:03:06 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011.04.06 14:02:22 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011.04.06 13:59:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2011.04.06 13:59:45 | 000,180,224 | ---- | C] (Apple Inc.) -- C:\Windows\System32\QTCF.dll
[2011.04.06 13:59:45 | 000,094,208 | ---- | C] (Apple Inc.) -- C:\Windows\System32\QuickTimeVR.qtx
[2011.04.06 13:59:45 | 000,069,632 | ---- | C] (Apple Inc.) -- C:\Windows\System32\QuickTime.qts
[2011.04.06 13:59:39 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime Alternative
[2011.04.06 12:18:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011.04.06 12:18:37 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011.04.06 10:52:23 | 000,000,000 | ---D | C] -- C:\Users\Zaphod\AppData\Roaming\Malwarebytes
[2011.04.06 10:52:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.04.06 10:52:03 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.04.02 16:06:35 | 000,000,000 | ---D | C] -- C:\Program Files\MSN
[2011.03.31 15:55:43 | 000,962,560 | ---- | C] (East Wind Software) -- C:\Windows\System32\advdaudio.ocx
[2011.03.31 15:55:43 | 000,835,584 | ---- | C] (NCT) -- C:\Windows\System32\NCTAudioCDGrabber2.dll
[2011.03.31 15:55:43 | 000,634,880 | ---- | C] (Online Media Technologies Ltd.) -- C:\Windows\System32\NCTAudioEditor2.dll
[2011.03.31 15:55:43 | 000,522,752 | ---- | C] (Online Media Technologies Ltd.) -- C:\Windows\System32\NCTAudioTransform2.dll
[2011.03.31 15:55:43 | 000,479,232 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\NCTAudioVisualization2.dll
[2011.03.31 15:55:43 | 000,348,160 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\NCTWMAFile2.dll
[2011.03.31 15:55:42 | 000,966,144 | ---- | C] (Online Media Technologies Ltd.) -- C:\Windows\System32\NCTAudioInformation2.dll
[2011.03.31 15:55:42 | 000,877,568 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\NCTAudioFile2.dll
[2011.03.31 15:55:42 | 000,467,968 | ---- | C] (Online Media Technologies Ltd.) -- C:\Windows\System32\NCTAudioRecord2.dll
[2011.03.31 15:55:42 | 000,467,456 | ---- | C] (Online Media Technologies Ltd.) -- C:\Windows\System32\NCTAudioPlayer2.dll
[2011.03.31 15:55:42 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcr70.dll
[2011.03.31 15:55:41 | 000,000,000 | ---D | C] -- C:\Program Files\concept design
[2011.03.29 10:11:26 | 000,000,000 | ---D | C] -- C:\Users\Zaphod\AppData\Local\DDMSettings
[2011.03.27 21:59:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus
[2011.03.27 21:59:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2011.03.26 14:36:27 | 000,000,000 | ---D | C] -- C:\Users\Zaphod\AppData\Roaming\EAC
[2011.03.26 14:36:18 | 000,000,000 | ---D | C] -- C:\Users\Zaphod\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Exact Audio Copy
[2011.03.26 14:36:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Exact Audio Copy
[2011.03.26 14:36:17 | 000,000,000 | ---D | C] -- C:\Program Files\Exact Audio Copy
[2011.03.26 11:54:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Driver Whiz
[2011.03.24 23:12:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Monkey's Audio
[2011.03.24 23:12:25 | 000,364,544 | ---- | C] (Matthew T. Ashland) -- C:\Windows\System32\MACDll.dll
[2011.03.24 23:12:25 | 000,246,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unicows.dll
[2011.03.24 23:12:24 | 000,000,000 | ---D | C] -- C:\Program Files\Monkey's Audio
[2011.03.24 15:30:52 | 000,000,000 | ---D | C] -- C:\Program Files\LG Electronics
[2011.03.24 15:12:19 | 000,000,000 | ---D | C] -- C:\Users\Zaphod\AppData\Roaming\Amazon
[2011.03.24 15:11:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon
[2011.03.24 15:11:20 | 000,000,000 | ---D | C] -- C:\Program Files\Amazon
[2011.03.24 14:42:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp
[2011.03.24 14:42:09 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_42.dll
[2011.03.24 14:41:16 | 000,000,000 | ---D | C] -- C:\Users\Zaphod\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Winamp Erkennungs-Plug-in
[2011.03.24 14:41:16 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp Detect
[2011.03.24 14:39:31 | 000,000,000 | ---D | C] -- C:\Users\Zaphod\AppData\Roaming\Winamp
[2011.03.24 14:39:31 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp
[2011.03.09 13:22:23 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.04.07 14:15:09 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.04.07 14:14:41 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.04.07 14:14:41 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.04.07 14:14:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.04.07 14:14:01 | 2137,432,064 | -HS- | M] () -- C:\hiberfil.sys
[2011.04.07 02:46:42 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011.04.07 02:37:39 | 000,644,854 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.04.07 02:37:39 | 000,613,046 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.04.07 02:37:39 | 000,117,716 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.04.07 02:37:39 | 000,104,768 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.04.07 00:47:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.04.06 17:22:48 | 000,000,912 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.04.06 14:17:22 | 000,001,730 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011.04.06 14:11:59 | 000,019,277 | ---- | M] () -- C:\Users\Zaphod\Desktop\bookmarks-2011-04-06.json
[2011.04.06 14:02:30 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2011.04.06 14:02:30 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011.04.06 14:02:30 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011.04.06 14:02:30 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011.04.06 14:00:56 | 000,001,903 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
[2011.04.06 14:00:55 | 000,001,401 | ---- | M] () -- C:\Users\Zaphod\Desktop\DivX Movies.lnk
[2011.04.06 13:02:04 | 000,432,311 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011.04.05 21:35:36 | 406,186,373 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011.04.03 00:52:18 | 000,007,102 | ---- | M] () -- C:\Users\Zaphod\Desktop\9783867300940.jpg
[2011.04.02 16:14:14 | 000,433,272 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.04.02 15:46:44 | 000,101,376 | ---- | M] (Infineon Technologies AG) -- C:\Windows\System32\ifxcardm.dll
[2011.04.02 15:46:07 | 000,079,872 | ---- | M] (Axalto, Inc.) -- C:\Windows\System32\axaltocm.dll
[2011.04.02 13:38:24 | 000,152,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SPWizUI.dll
[2011.04.02 13:38:24 | 000,047,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SPReview.exe
[2011.03.30 18:06:14 | 000,000,436 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2011.03.26 14:36:20 | 000,000,873 | ---- | M] () -- C:\Users\Zaphod\Desktop\Exact Audio Copy.lnk
[2011.03.25 16:24:53 | 000,012,288 | ---- | M] () -- C:\Users\Zaphod\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.03.23 15:20:58 | 000,031,027 | ---- | M] () -- C:\Users\Zaphod\Desktop\SkizzeJohnson.jpg
[2011.03.12 11:27:38 | 000,007,020 | ---- | M] () -- C:\Users\Zaphod\Desktop\Rittersdorf1 an Schubert 27.2.11.pdf
[2011.03.12 11:21:03 | 001,369,134 | ---- | M] () -- C:\Users\Zaphod\Desktop\00000001.TIF
[3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.04.06 17:22:48 | 000,000,912 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.04.06 15:06:20 | 000,001,839 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk
[2011.04.06 14:17:22 | 000,001,730 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011.04.06 14:11:59 | 000,019,277 | ---- | C] () -- C:\Users\Zaphod\Desktop\bookmarks-2011-04-06.json
[2011.04.06 14:00:56 | 000,001,903 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
[2011.04.06 14:00:55 | 000,001,401 | ---- | C] () -- C:\Users\Zaphod\Desktop\DivX Movies.lnk
[2011.04.05 23:22:14 | 2137,432,064 | -HS- | C] () -- C:\hiberfil.sys
[2011.04.03 00:50:28 | 000,007,102 | ---- | C] () -- C:\Users\Zaphod\Desktop\9783867300940.jpg
[2011.03.31 15:55:43 | 000,110,080 | ---- | C] () -- C:\Windows\System32\advd.dll
[2011.03.31 15:55:43 | 000,023,040 | ---- | C] () -- C:\Windows\System32\auth.dll
[2011.03.31 15:55:42 | 000,237,568 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2011.03.26 14:36:19 | 000,000,873 | ---- | C] () -- C:\Users\Zaphod\Desktop\Exact Audio Copy.lnk
[2011.03.23 15:20:56 | 000,031,027 | ---- | C] () -- C:\Users\Zaphod\Desktop\SkizzeJohnson.jpg
[2011.03.12 11:27:38 | 000,007,020 | ---- | C] () -- C:\Users\Zaphod\Desktop\Rittersdorf1 an Schubert 27.2.11.pdf
[2011.03.12 11:21:02 | 001,369,134 | ---- | C] () -- C:\Users\Zaphod\Desktop\00000001.TIF
[2010.12.31 19:36:00 | 000,001,378 | ---- | C] () -- C:\Windows\System32\SpoonUninstall-dBpowerAMP WMA V9.1 Codec.dat
[2010.12.31 19:35:43 | 000,002,180 | ---- | C] () -- C:\Windows\System32\SpoonUninstall-dBpowerAMP WMA V9 Codec.dat
[2010.12.31 19:33:45 | 000,002,605 | ---- | C] () -- C:\Windows\System32\SpoonUninstall-dBpowerAMP Wavpack Codec.dat
[2010.11.16 22:47:39 | 000,012,288 | ---- | C] () -- C:\Users\Zaphod\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.03.04 13:03:32 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2009.09.01 20:20:34 | 000,179,200 | ---- | C] () -- C:\Windows\System32\Un_PLUSr.dll
[2009.08.12 14:53:28 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2009.08.12 14:13:03 | 000,000,035 | ---- | C] () -- C:\Windows\A4W.INI
[2009.08.12 14:12:03 | 000,000,319 | ---- | C] () -- C:\Windows\ULEAD32.INI
[2009.07.10 19:26:47 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009.06.06 11:03:06 | 000,000,760 | ---- | C] () -- C:\Users\Zaphod\AppData\Roaming\setup_ldm.iss
[2009.05.09 17:49:35 | 000,000,046 | ---- | C] () -- C:\Windows\QTW.INI
[2008.07.12 21:28:24 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2008.05.30 13:48:34 | 000,010,840 | ---- | C] () -- C:\Windows\System32\SpoonUninstall-dMC Power Pack.dat
[2008.05.30 13:37:54 | 000,036,104 | ---- | C] () -- C:\Windows\System32\SpoonUninstall-dBpowerAMP Music Converter.dat
[2008.02.21 11:39:52 | 000,069,632 | ---- | C] () -- C:\Windows\System32\xmltok.dll
[2008.02.21 11:39:51 | 000,036,864 | ---- | C] () -- C:\Windows\System32\xmlparse.dll
[2008.02.18 09:22:21 | 000,271,360 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2008.02.18 09:22:19 | 000,018,048 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2008.02.11 20:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2008.02.11 20:34:48 | 002,215,364 | ---- | C] () -- C:\Windows\System32\igklg400.bin
[2008.02.11 20:34:48 | 001,971,732 | ---- | C] () -- C:\Windows\System32\igklg450.bin
[2008.02.11 20:34:48 | 000,029,932 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.bin
[2008.02.05 18:38:49 | 000,000,850 | ---- | C] () -- C:\Windows\System32\SpoonUninstall-Ogg Vorbis aoTuV b4 SSE2.dat
[2008.02.05 18:38:44 | 000,000,789 | ---- | C] () -- C:\Windows\System32\SpoonUninstall-Ogg Vorbis aoTuV b4.dat
[2008.02.05 18:29:31 | 000,130,048 | ---- | C] () -- C:\Windows\System32\SpoonUninstall.exe
[2008.01.31 16:40:36 | 000,000,034 | ---- | C] () -- C:\Windows\cdplayer.ini
[2007.12.10 14:49:41 | 000,217,088 | R--- | C] () -- C:\Windows\System32\MafiaSetup.exe
[2007.10.11 10:52:30 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2007.09.29 21:30:39 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
[2007.09.29 21:30:39 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
[2007.09.29 21:30:39 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll
[2007.09.29 21:21:53 | 000,038,674 | ---- | C] () -- C:\Windows\DIIUnin.dat
[2007.09.27 20:48:18 | 000,009,867 | ---- | C] () -- C:\Windows\System32\drivers\HOTKEY.sys
[2007.09.27 20:47:03 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2007.09.05 17:56:47 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007.09.05 17:56:32 | 000,910,464 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007.09.05 17:56:32 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1268.dll
[2007.07.11 13:38:37 | 000,040,448 | ---- | C] () -- C:\Windows\REGOBJ.DLL
[2007.02.02 11:56:54 | 000,644,854 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2007.02.02 11:56:54 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2007.02.02 11:56:54 | 000,117,716 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2007.02.02 11:56:54 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006.12.01 18:34:16 | 000,053,248 | ---- | C] () -- C:\Windows\System32\PhysXLoader.dll
[2006.11.22 11:37:08 | 000,045,056 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2006.11.22 11:37:08 | 000,045,056 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2006.11.22 11:37:08 | 000,045,056 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2006.11.22 11:37:08 | 000,045,056 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2006.11.22 11:37:08 | 000,045,056 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2006.11.22 11:37:08 | 000,045,056 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2006.11.22 11:37:08 | 000,045,056 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2006.11.22 11:37:08 | 000,045,056 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2006.11.22 11:37:08 | 000,045,056 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2006.11.02 14:56:48 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:43 | 000,433,272 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:36:36 | 000,063,488 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2006.11.02 12:33:01 | 000,613,046 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,104,768 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.11.02 09:22:43 | 000,099,999 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2006.11.02 09:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[1997.06.14 08:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8

< End of report >
OTL Registry:
Code:
OTL Extras logfile created on: 07.04.2011 14:16:23 - Run 1
OTL by OldTimer - Version 3.2.22.3    Folder = C:\Users\Zaphod\Downloads
Windows Vista Business Edition  (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.17037)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 48,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 78,00% Paging File free
Paging file location(s): ?:\pagefile.sys
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 218,41 Gb Total Space | 172,77 Gb Free Space | 79,10% Space Free | Partition Type: NTFS
 
Computer Name: ZAPHOD-LAB | User Name: Zaphod | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
cval = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
AntiVirusOverride = 0
AntiSpywareOverride = 0
FirewallOverride = 0
VistaSp1 = Reg Error: Unknown registry data type -- File not found
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications = 0
EnableFirewall = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications = 0
EnableFirewall = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
DisableNotifications = 0
EnableFirewall = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
{275F5956-D7ED-4822-ACB6-4B629B3577A9} = lport=1434 | protocol=17 | dir=in | name=microsoft sql (udp) |
{60A9F5A4-28C8-474B-A813-74A8A98F3B52} = lport=1433 | protocol=6 | dir=in | name=microsoft sql (tcp) |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
{207784FF-D210-49BD-8E48-5AEA2D7F76D3} = protocol=6 | dir=in | app=c:\program files\team mediaportal\mediaportal\mediaportal.exe |
{2BC45063-1145-44EA-9CD3-8407E812538A} = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
{392E73D7-5E15-4540-AF1D-9368E33E21C5} = protocol=6 | dir=in | app=c:\program files\team mediaportal\mediaportal tv server\tvservice.exe |
{4DEE3944-E82D-4F45-AB13-883446C35C27} = protocol=17 | dir=in | app=c:\program files\team mediaportal\mediaportal tv server\tvservice.exe |
{4E3A8426-C85C-4682-A9FE-FAA1238F3206} = protocol=17 | dir=in | app=c:\program files\team mediaportal\mediaportal\mediaportal.exe |
{914603C7-F9A7-4014-B60D-F9D708CBD455} = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
{DFC8FC5F-41EE-46D3-885A-F922882853D6} = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
TCP Query User{27302830-F8FA-408D-9136-67855E575A57}C:\program files\google\google earth\client\googleearth.exe = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
TCP Query User{64BFDC2F-794A-46BB-A254-51765551D2AE}C:\program files\mozilla firefox\firefox.exe = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
TCP Query User{6C42D564-CFED-4F85-B0E0-FCF87A7EF106}C:\program files\mozilla firefox\firefox.exe = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
TCP Query User{7C1F5E4E-8AC3-411C-A970-857226E08F06}D:\mirandaportable\app\miranda\miranda32.exe = protocol=6 | dir=in | app=d:\mirandaportable\app\miranda\miranda32.exe |
TCP Query User{9F7ABBD7-6A20-4EA6-A4CD-728919EF5168}C:\program files\real\realplayer\realplay.exe = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
TCP Query User{CEAAB43F-BF08-456A-B512-0891BC571FCF}C:\program files\diablo ii\game.exe = protocol=6 | dir=in | app=c:\program files\diablo ii\game.exe |
TCP Query User{EE2DDEA0-2D95-49DA-BB15-5A7ED1343E12}C:\program files\google\google earth\plugin\geplugin.exe = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
TCP Query User{F7AA8D78-2DB0-4B95-A897-A8E4EDBF747D}C:\program files\real\realplayer\realplay.exe = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
UDP Query User{06144DC5-5AE5-48D5-A5B3-4020E5030BCE}C:\program files\mozilla firefox\firefox.exe = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
UDP Query User{0BF4EA33-4EED-402C-A93F-114B74607A6D}C:\program files\google\google earth\plugin\geplugin.exe = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
UDP Query User{1BF43519-4D83-48EF-8790-A4ABD284887B}C:\program files\diablo ii\game.exe = protocol=17 | dir=in | app=c:\program files\diablo ii\game.exe |
UDP Query User{77BA60A8-AAD3-4988-BDCF-81E90CB13BF4}C:\program files\mozilla firefox\firefox.exe = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
UDP Query User{9EF770DF-4FB1-41DF-B3EB-3D9C77DE3EC6}C:\program files\google\google earth\client\googleearth.exe = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
UDP Query User{BBBDA0F5-68FE-4E34-AFDD-D0489369CBE7}C:\program files\real\realplayer\realplay.exe = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
UDP Query User{DE55D95C-9DC4-4744-AD1D-B57C6060E3A3}C:\program files\real\realplayer\realplay.exe = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
UDP Query User{E02D339B-F031-451B-A799-5398751C26AD}D:\mirandaportable\app\miranda\miranda32.exe = protocol=17 | dir=in | app=d:\mirandaportable\app\miranda\miranda32.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
{052FDD78-A6EA-3187-8386-C82F4CA3A929} = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
{0C826C5B-B131-423A-A229-C71B3CACCD6A} = CDDRV_Installer
{23F2AD64-EAB3-4C01-AECA-33FBA6C7BFCD} = Neverwinter Nights
{25569723-DC5A-4467-A639-79535BF01B71} = Adobe Help Center 2.1
{26A24AE4-039D-4CA4-87B4-2F83216024FF} = Java(TM) 6 Update 24
{3101CB58-3482-4D21-AF1A-7057FC935355} = KhalInstallWrapper
{4286E640-B5FB-11DF-AC4B-005056C00008} = Google Earth
{4A03706F-666A-4037-7777-5F2748764D10} = Java Auto Updater
{55D8440D-6577-46DC-9571-8E5E3046AC11} = X-TENSIONS EM_USB Device Utilities
{5EE7D259-D137-4438-9A5F-42F432EC0421} = VC80CRTRedist - 8.0.50727.4053
{65DA2EC9-0642-47E9-AAE2-B5267AA14D75} = Activation Assistant for the 2007 Microsoft Office suites
{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4} = Windows Media Player Firefox Plugin
{716E0306-8318-4364-8B8F-0CC4E9376BAC} = MSXML 4.0 SP2 Parser and SDK
{7655E113-C306-11D9-A373-0050BAE317E1} = MCE Software Encoder 1.1
{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} = Microsoft Silverlight
{90120000-0015-0407-0000-0000000FF1CE} = Microsoft Office Access MUI (German) 2007
{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISER_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD} = 2007 Microsoft Office Suite Service Pack 1 (SP1)
{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD} = 2007 Microsoft Office Suite Service Pack 1 (SP1)
{90120000-0015-0409-0000-0000000FF1CE} = Microsoft Office Access MUI (English) 2007
{90120000-0016-0407-0000-0000000FF1CE} = Microsoft Office Excel MUI (German) 2007
{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISER_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD} = 2007 Microsoft Office Suite Service Pack 1 (SP1)
{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD} = 2007 Microsoft Office Suite Service Pack 1 (SP1)
{90120000-0016-0409-0000-0000000FF1CE} = Microsoft Office Excel MUI (English) 2007
{90120000-0018-0407-0000-0000000FF1CE} = Microsoft Office PowerPoint MUI (German) 2007
{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISER_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD} = 2007 Microsoft Office Suite Service Pack 1 (SP1)
{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD} = 2007 Microsoft Office Suite Service Pack 1 (SP1)
{90120000-0018-0409-0000-0000000FF1CE} = Microsoft Office PowerPoint MUI (English) 2007
{90120000-0019-0407-0000-0000000FF1CE} = Microsoft Office Publisher MUI (German) 2007
{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISER_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD} = 2007 Microsoft Office Suite Service Pack 1 (SP1)
{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD} = 2007 Microsoft Office Suite Service Pack 1 (SP1)
{90120000-0019-0409-0000-0000000FF1CE} = Microsoft Office Publisher MUI (English) 2007
{90120000-001A-0407-0000-0000000FF1CE} = Microsoft Office Outlook MUI (German) 2007
{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISER_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD} = 2007 Microsoft Office Suite Service Pack 1 (SP1)
{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD} = 2007 Microsoft Office Suite Service Pack 1 (SP1)
{90120000-001A-0409-0000-0000000FF1CE} = Microsoft Office Outlook MUI (English) 2007
{90120000-001B-0407-0000-0000000FF1CE} = Microsoft Office Word MUI (German) 2007
{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISER_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD} = 2007 Microsoft Office Suite Service Pack 1 (SP1)
{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD} = 2007 Microsoft Office Suite Service Pack 1 (SP1)
{90120000-001B-0409-0000-0000000FF1CE} = Microsoft Office Word MUI (English) 2007
{90120000-001F-0407-0000-0000000FF1CE} = Microsoft Office Proof (German) 2007
{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISER_{2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9} = 2007 Microsoft Office Suite Service Pack 1 (SP1)
{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9} = 2007 Microsoft Office Suite Service Pack 1 (SP1)
{90120000-001F-0409-0000-0000000FF1CE} = Microsoft Office Proof (English) 2007
{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{3EC77D26-799B-4CD8-914F-C1565E796173} = 2007 Microsoft Office Suite Service Pack 1 (SP1)
{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{3EC77D26-799B-4CD8-914F-C1565E796173} = 2007 Microsoft Office Suite Service Pack 1 (SP1)
{90120000-001F-040C-0000-0000000FF1CE} = Microsoft Office Proof (French) 2007
{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{430971B1-C31E-45DA-81E0-72C095BAB72C} = 2007 Microsoft Office Suite Service Pack 1 (SP1)
{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{430971B1-C31E-45DA-81E0-72C095BAB72C} = 2007 Microsoft Office Suite Service Pack 1 (SP1)
{90120000-001F-0410-0000-0000000FF1CE} = Microsoft Office Proof (Italian) 2007
{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISER_{58FC5E37-DD28-4D4A-A549-125744C6763C} = 2007 Microsoft Office Suite Service Pack 1 (SP1)
{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{58FC5E37-DD28-4D4A-A549-125744C6763C} = 2007 Microsoft Office Suite Service Pack 1 (SP1)
{90120000-001F-0C0A-0000-0000000FF1CE} = Microsoft Office Proof (Spanish) 2007
{90120000-002C-0407-0000-0000000FF1CE} = Microsoft Office Proofing (German) 2007
{90120000-002C-0409-0000-0000000FF1CE} = Microsoft Office Proofing (English) 2007
{90120000-0044-0407-0000-0000000FF1CE} = Microsoft Office InfoPath MUI (German) 2007
{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISER_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD} = 2007 Microsoft Office Suite Service Pack 1 (SP1)
{90120000-006E-0407-0000-0000000FF1CE} = Microsoft Office Shared MUI (German) 2007
{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISER_{888B9AC7-8F5C-456B-A27A-157A6C310E52} = 2007 Microsoft Office Suite Service Pack 1 (SP1)
{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{888B9AC7-8F5C-456B-A27A-157A6C310E52} = 2007 Microsoft Office Suite Service Pack 1 (SP1)
{90120000-006E-0409-0000-0000000FF1CE} = Microsoft Office Shared MUI (English) 2007
{90120000-00A1-0407-0000-0000000FF1CE} = Microsoft Office OneNote MUI (German) 2007
{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISER_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD} = 2007 Microsoft Office Suite Service Pack 1 (SP1)
{90120000-00B2-0407-0000-0000000FF1CE} = Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme
{90120000-00BA-0407-0000-0000000FF1CE} = Microsoft Office Groove MUI (German) 2007
{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISER_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD} = 2007 Microsoft Office Suite Service Pack 1 (SP1)
{90120000-0115-0409-0000-0000000FF1CE} = Microsoft Office Shared Setup Metadata MUI (English) 2007
{90120000-0117-0409-0000-0000000FF1CE} = Microsoft Office Access Setup Metadata MUI (English) 2007
{91120000-0030-0000-0000-0000000FF1CE} = Microsoft Office Enterprise 2007
{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{BEE75E01-DD3F-4D5F-B96C-609E6538D419} = 2007 Microsoft Office Suite Service Pack 1 (SP1)
{91120000-0031-0000-0000-0000000FF1CE} = Microsoft Office Professional Hybrid 2007
{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419} = 2007 Microsoft Office Suite Service Pack 1 (SP1)
{9A25302D-30C0-39D9-BD6F-21E6EC160475} = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
{A49F249F-0C91-497F-86DF-B2585E8E76B7} = Microsoft Visual C++ 2005 Redistributable
{A7B609FB-83D8-4FC3-8477-1BC65ECFE85B} = Adobe Photoshop Elements 5.0
{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} = Google Update Helper
{AC76BA86-7AD7-1031-7B44-A81300000003} = Adobe Reader 8.1.3 - Deutsch
{AC76BA86-7AD7-5464-3428-800000000003} = Spelling Dictionaries Support For Adobe Reader 8
{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} = Microsoft .NET Framework 3.5 SP1
{D0846526-66DD-4DC9-A02C-98F9A2806812} = Launch Manager V1.4.6
{D34D82E0-4600-407B-9478-8506C1DD1031} = Nero 7 Essentials
{DC24971E-1946-445D-8A82-CE685433FA7D} = Realtek USB 2.0 Card Reader
{E1640DA5-89B4-4F52-B15D-5DA3D14F29D4} = LG USB Modem Drivers
{F0FC1E09-AF67-47BC-9E61-90ECFEB4CE82} = OLYMPUS Master 2
{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E} = Logitech SetPoint
Activation Assistant for the 2007 Microsoft Office suites = Activation Assistant for the 2007 Microsoft Office suites
Adobe Flash Player Plugin = Adobe Flash Player 10 Plugin
Adobe Photoshop Elements 5 = Adobe Photoshop Elements 5.0
Adobe Shockwave Player = Adobe Shockwave Player 11.5
Amazon MP3-Downloader = Amazon MP3-Downloader 1.0.9
CNXT_AUDIO_HDA = Conexant HD Audio
dBASE PLUS series1 Runtime Engine = dBASE PLUS Runtime Engine
dBpowerAMP Music Converter = dBpowerAMP Music Converter
dBpowerAMP Wavpack Codec = dBpowerAMP Wavpack Codec
dBpowerAMP WMA V9 Codec = dBpowerAMP WMA V9 Codec
dBpowerAMP WMA V9.1 Codec = dBpowerAMP WMA V9.1 Codec
Diablo II = Diablo II
DivX Setup.divx.com = DivX-Setup
dMC Power Pack = dMC Power Pack
EAX Unified = EAX Unified
ENTERPRISER = Microsoft Office Enterprise 2007
Exact Audio Copy = Exact Audio Copy 1.0beta1
HDMI = Intel(R) Graphics Media Accelerator Driver
HyperMedia_is1 = HyperMedia Software
HyperMediaCenter 3.6_is1 = HyperMediaCenter 3.6
Malwarebytes' Anti-Malware_is1 = Malwarebytes' Anti-Malware
Microsoft .NET Framework 3.5 Language Pack SP1 - deu = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
Microsoft .NET Framework 3.5 SP1 = Microsoft .NET Framework 3.5 SP1
Monkey's Audio_is1 = Monkey's Audio
Mozilla Firefox (3.6.16) = Mozilla Firefox (3.6.16)
NIS = Norton Internet Security
Ogg Vorbis aoTuV b4 = Ogg Vorbis aoTuV b4
Ogg Vorbis aoTuV b4 SSE2 = Ogg Vorbis aoTuV b4 SSE2
PROHYBRIDR = 2007 Microsoft Office system
QuicktimeAlt_is1 = QuickTime Alternative 3.2.2
RealPlayer 6.0 = RealPlayer
SynTPDeinstKey = Synaptics Pointing Device Driver
Ulead Photo Express 2.0 SE = Ulead Photo Express 2.0 SE
Veetle TV = Veetle TV 0.9.18
VLC media player = VideoLAN VLC media player 0.8.6c
vShare = vShare Plugin
Winamp = Winamp
WinRAR archiver = WinRAR
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
Winamp Detect = Winamp Erkennungs-Plug-in
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 06.04.2011 18:46:53 | Computer Name = Zaphod-Lab | Source = Microsoft-Windows-CAPI2 | ID = 131077
Description =
 
Error - 06.04.2011 18:46:53 | Computer Name = Zaphod-Lab | Source = Microsoft-Windows-CAPI2 | ID = 131077
Description =
 
Error - 06.04.2011 18:46:53 | Computer Name = Zaphod-Lab | Source = Microsoft-Windows-CAPI2 | ID = 131077
Description =
 
Error - 06.04.2011 18:47:16 | Computer Name = Zaphod-Lab | Source = Microsoft-Windows-CAPI2 | ID = 131077
Description =
 
Error - 06.04.2011 18:47:16 | Computer Name = Zaphod-Lab | Source = Microsoft-Windows-CAPI2 | ID = 131077
Description =
 
Error - 06.04.2011 18:47:19 | Computer Name = Zaphod-Lab | Source = Microsoft-Windows-CAPI2 | ID = 131077
Description =
 
Error - 06.04.2011 18:47:19 | Computer Name = Zaphod-Lab | Source = Microsoft-Windows-CAPI2 | ID = 131077
Description =
 
Error - 06.04.2011 18:52:58 | Computer Name = Zaphod-Lab | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung svchost.exe, Version 6.0.6000.16386, Zeitstempel
 0x4549adc4, fehlerhaftes Modul ntdll.dll, Version 6.0.6000.16386, Zeitstempel 0x4549bdc9,
 Ausnahmecode 0xc000071b, Fehleroffset 0x0008ac88,  Prozess-ID 0x41c, Anwendungsstartzeit
 01cbf4aa898b77e2.
 
Error - 06.04.2011 20:24:17 | Computer Name = Zaphod-Lab | Source = WerSvc | ID = 5007
Description =
 
Error - 06.04.2011 20:30:41 | Computer Name = Zaphod-Lab | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung svchost.exe, Version 6.0.6000.16386, Zeitstempel
 0x4549adc4, fehlerhaftes Modul ntdll.dll, Version 6.0.6000.16386, Zeitstempel 0x4549bdc9,
 Ausnahmecode 0xc0000005, Fehleroffset 0x00040026,  Prozess-ID 0x414, Anwendungsstartzeit
 01cbf4b920c701ad.
 
[ System Events ]
Error - 06.04.2011 16:47:15 | Computer Name = Zaphod-Lab | Source = Service Control Manager | ID = 7026
Description =
 
Error - 06.04.2011 17:47:04 | Computer Name = Zaphod-Lab | Source = DCOM | ID = 10005
Description =
 
Error - 06.04.2011 18:33:23 | Computer Name = Zaphod-Lab | Source = Service Control Manager | ID = 7000
Description =
 
Error - 06.04.2011 18:33:23 | Computer Name = Zaphod-Lab | Source = Service Control Manager | ID = 7026
Description =
 
Error - 06.04.2011 19:01:29 | Computer Name = Zaphod-Lab | Source = DCOM | ID = 10005
Description =
 
Error - 06.04.2011 20:17:44 | Computer Name = Zaphod-Lab | Source = Service Control Manager | ID = 7000
Description =
 
Error - 06.04.2011 20:17:44 | Computer Name = Zaphod-Lab | Source = Service Control Manager | ID = 7026
Description =
 
Error - 06.04.2011 20:33:41 | Computer Name = Zaphod-Lab | Source = Service Control Manager | ID = 7032
Description =
 
Error - 07.04.2011 08:15:11 | Computer Name = Zaphod-Lab | Source = Service Control Manager | ID = 7000
Description =
 
Error - 07.04.2011 08:15:11 | Computer Name = Zaphod-Lab | Source = Service Control Manager | ID = 7026
Description =
 
 
< End of report >
Hoffe, ich hab alles richtig gemacht.

cosinus 07.04.2011 14:41
Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.

zelluloid 07.04.2011 19:55
Ja, gibt noch 2 Malwarebytes logfiles, wurden zwischen der logfile aus meinem 1. Beitrag und der logfile aus meinem 2. Beitrag erstellt. Waren aber auch wie der erste nur Quick-Scans.

Malwarebytes logfile:
Code:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6283

Windows 6.0.6000
Internet Explorer 7.0.6000.17037

06.04.2011 11:16
mbam-log-2011-04-06 (11-16-11).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 150077
Laufzeit: 5 Minute(n), 23 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Malwarebytes logfile:
Code:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6287

Windows 6.0.6000
Internet Explorer 7.0.6000.17037

06.04.2011 17:30
mbam-log-2011-04-06 (17-30-31).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 144921
Laufzeit: 4 Minute(n), 42 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Gruß

cosinus 07.04.2011 19:57
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)


Code:
:OTL
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{5d118db0-23b3-11e0-baaa-8412d60bb5e4}\Shell - "" = AutoRun
O33 - MountPoints2\{5d118db0-23b3-11e0-baaa-8412d60bb5e4}\Shell\AutoRun\command - "" = E:\LGAutoRun.exe
O33 - MountPoints2\{77d23c94-c14c-11dd-8837-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{77d23c94-c14c-11dd-8837-806e6f6e6963}\Shell\AutoRun\command - "" = D:\setup.exe
:Commands
[purity]
[resethosts]
[emptytemp]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

zelluloid 07.04.2011 20:21
Gesagt, Getan.
OTL:
Code:
All processes killed
========== OTL ==========
ADS C:\ProgramData\TEMP:DFC5A2B2 deleted successfully.
ADS C:\ProgramData\TEMP:A8ADE5D8 deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5d118db0-23b3-11e0-baaa-8412d60bb5e4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5d118db0-23b3-11e0-baaa-8412d60bb5e4}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5d118db0-23b3-11e0-baaa-8412d60bb5e4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5d118db0-23b3-11e0-baaa-8412d60bb5e4}\ not found.
File E:\LGAutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{77d23c94-c14c-11dd-8837-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{77d23c94-c14c-11dd-8837-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{77d23c94-c14c-11dd-8837-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{77d23c94-c14c-11dd-8837-806e6f6e6963}\ not found.
File D:\setup.exe not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Flash cache emptied: 41 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
User: Zaphod
->Temp folder emptied: 17489889 bytes
->Java cache emptied: 10643 bytes
->FireFox cache emptied: 97425173 bytes
->Flash cache emptied: 1393 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 820529 bytes
%systemroot%\System32 .tmp files removed: 556616 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 430930 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 111,00 mb
 
 
OTL by OldTimer - Version 3.2.22.3 log created on 04072011_211243

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
Gruß,
Stephi

cosinus 08.04.2011 04:48
Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

zelluloid 08.04.2011 09:29
Hallo Arne,

hier kommt das rootkit log:

Code:
2011/04/08 10:10:33.0416 3260        TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/08 10:10:33.0447 3260        ================================================================================
2011/04/08 10:10:33.0447 3260        SystemInfo:
2011/04/08 10:10:33.0447 3260       
2011/04/08 10:10:33.0447 3260        OS Version: 6.0.6000 ServicePack: 0.0
2011/04/08 10:10:33.0447 3260        Product type: Workstation
2011/04/08 10:10:33.0447 3260        ComputerName: ZAPHOD-LAB
2011/04/08 10:10:33.0447 3260        UserName: Zaphod
2011/04/08 10:10:33.0447 3260        Windows directory: C:\Windows
2011/04/08 10:10:33.0447 3260        System windows directory: C:\Windows
2011/04/08 10:10:33.0447 3260        Processor architecture: Intel x86
2011/04/08 10:10:33.0447 3260        Number of processors: 2
2011/04/08 10:10:33.0447 3260        Page size: 0x1000
2011/04/08 10:10:33.0447 3260        Boot type: Normal boot
2011/04/08 10:10:33.0447 3260        ================================================================================
2011/04/08 10:10:35.0241 3260        Initialize success
2011/04/08 10:10:48.0174 0792        ================================================================================
2011/04/08 10:10:48.0174 0792        Scan started
2011/04/08 10:10:48.0174 0792        Mode: Manual;
2011/04/08 10:10:48.0174 0792        ================================================================================
2011/04/08 10:10:49.0344 0792        ACPI            (84fc6df81212d16be5c4f441682feccc) C:\Windows\system32\drivers\acpi.sys
2011/04/08 10:10:49.0422 0792        adp94xx        (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2011/04/08 10:10:49.0453 0792        adpahci        (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2011/04/08 10:10:49.0500 0792        adpu160m        (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2011/04/08 10:10:49.0531 0792        adpu320        (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2011/04/08 10:10:49.0625 0792        AF15BDA        (25e12313338e476293178bcae4d6f4e2) C:\Windows\system32\DRIVERS\AF15BDA.sys
2011/04/08 10:10:49.0671 0792        AFD            (5d24caf8efd924a875698ff28384db8b) C:\Windows\system32\drivers\afd.sys
2011/04/08 10:10:49.0718 0792        agp440          (8b10ce1c1f9f1d47e4deb1a547a00cd4) C:\Windows\system32\drivers\agp440.sys
2011/04/08 10:10:49.0765 0792        aic78xx        (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/04/08 10:10:49.0796 0792        aliide          (5c42a992e68724d2cd3ddb4fc3b0409f) C:\Windows\system32\drivers\aliide.sys
2011/04/08 10:10:49.0827 0792        amdagp          (848f27e5b27c1c253f6cefdc1a5d8f21) C:\Windows\system32\drivers\amdagp.sys
2011/04/08 10:10:49.0859 0792        amdide          (849dfacdde533da5d1810f0caf84eb19) C:\Windows\system32\drivers\amdide.sys
2011/04/08 10:10:49.0890 0792        AmdK7          (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2011/04/08 10:10:49.0921 0792        AmdK8          (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
2011/04/08 10:10:49.0983 0792        arc            (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2011/04/08 10:10:50.0030 0792        arcsas          (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2011/04/08 10:10:50.0061 0792        AsyncMac        (e86cf7ce67d5de898f27ef884dc357d8) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/04/08 10:10:50.0108 0792        atapi          (e03e8c99d15d0381e02743c36afc7c6f) C:\Windows\system32\drivers\atapi.sys
2011/04/08 10:10:50.0155 0792        atksgt          (6e996cf8459a2594e0e9609d0e34d41f) C:\Windows\system32\DRIVERS\atksgt.sys
2011/04/08 10:10:50.0233 0792        b57nd60x        (8e287eb3a52fd30c999482c576f4a61b) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/04/08 10:10:50.0295 0792        Beep            (ac3dd1708b22761ebd7cbe14dcc3b5d7) C:\Windows\system32\drivers\Beep.sys
2011/04/08 10:10:50.0514 0792        BHDrvx86        (32d6e07922d17bed40ae746fc86b8a68) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110309.001\BHDrvx86.sys
2011/04/08 10:10:50.0779 0792        bowser          (913cd06fbe9105ce6077e90fd4418561) C:\Windows\system32\DRIVERS\bowser.sys
2011/04/08 10:10:50.0826 0792        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/04/08 10:10:50.0857 0792        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/04/08 10:10:50.0888 0792        Brserid        (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/04/08 10:10:50.0997 0792        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/04/08 10:10:51.0091 0792        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/04/08 10:10:51.0107 0792        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/04/08 10:10:51.0169 0792        BthAvrcp        (3472331b9d460212965b51a8d38e8bec) C:\Windows\system32\DRIVERS\BthAvrcp.sys
2011/04/08 10:10:51.0200 0792        BthEnum        (cf97c2d6a011ee9403b42191b5f95ba8) C:\Windows\system32\DRIVERS\BthEnum.sys
2011/04/08 10:10:51.0263 0792        BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/04/08 10:10:51.0309 0792        BthPan          (b8c3d9ddf85fd197c3e5f849fef71144) C:\Windows\system32\DRIVERS\bthpan.sys
2011/04/08 10:10:51.0356 0792        BTHPORT        (b4ce8000aab30a9ab16cd0fb3db4d7cf) C:\Windows\system32\Drivers\BTHport.sys
2011/04/08 10:10:51.0403 0792        BTHUSB          (9a4ddc8544c1459aa2a118a8858dade3) C:\Windows\system32\Drivers\BTHUSB.sys
2011/04/08 10:10:51.0450 0792        cdfs            (6c3a437fc873c6f6a4fc620b6888cb86) C:\Windows\system32\DRIVERS\cdfs.sys
2011/04/08 10:10:51.0528 0792        cdrom          (8d1866e61af096ae8b582454f5e4d303) C:\Windows\system32\DRIVERS\cdrom.sys
2011/04/08 10:10:51.0575 0792        circlass        (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2011/04/08 10:10:51.0621 0792        CLFS            (1b84fd0937d3b99af9ba38ddff3daf54) C:\Windows\system32\CLFS.sys
2011/04/08 10:10:51.0668 0792        CmBatt          (ed97ad3df1b9005989eaf149bf06c821) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/04/08 10:10:51.0684 0792        cmdide          (de11a06e187756ecb86cfa82dac40ff7) C:\Windows\system32\drivers\cmdide.sys
2011/04/08 10:10:51.0762 0792        CnxtHdAudService (b6e7991e3d6146c04c85cd31af22a381) C:\Windows\system32\drivers\CHDRT32.sys
2011/04/08 10:10:51.0809 0792        Compbatt        (722936afb75a7f509662b69b5632f48a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/04/08 10:10:51.0840 0792        crcdisk        (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2011/04/08 10:10:51.0871 0792        Crusoe          (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2011/04/08 10:10:51.0933 0792        CSC            (ee95a5f89766f199557e5900ce6b2d7d) C:\Windows\system32\drivers\csc.sys
2011/04/08 10:10:51.0980 0792        DfsC            (a7179de59ae269ab70345527894ccd7c) C:\Windows\system32\Drivers\dfsc.sys
2011/04/08 10:10:52.0058 0792        disk            (841af4c4d41d3e3b2f244e976b0f7963) C:\Windows\system32\drivers\disk.sys
2011/04/08 10:10:52.0121 0792        drmkaud        (ee472cd2c01f6f8e8aa1fa06ffef61b6) C:\Windows\system32\drivers\drmkaud.sys
2011/04/08 10:10:52.0167 0792        DXGKrnl        (a2b160c1bb13ee3303c342e551373c59) C:\Windows\System32\drivers\dxgkrnl.sys
2011/04/08 10:10:52.0277 0792        E1G60          (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/04/08 10:10:52.0323 0792        Ecache          (0efc7531b936ee57fdb4e837664c509f) C:\Windows\system32\drivers\ecache.sys
2011/04/08 10:10:52.0433 0792        eeCtrl          (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2011/04/08 10:10:52.0495 0792        elxstor        (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2011/04/08 10:10:52.0557 0792        EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2011/04/08 10:10:52.0604 0792        fastfat        (84a317cb0b3954d3768cdcd018dbf670) C:\Windows\system32\drivers\fastfat.sys
2011/04/08 10:10:52.0635 0792        fdc            (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
2011/04/08 10:10:52.0682 0792        FileInfo        (65773d6115c037ffd7ef8280ae85eb9d) C:\Windows\system32\drivers\fileinfo.sys
2011/04/08 10:10:52.0698 0792        Filetrace      (c226dd0de060745f3e042f58dcf78402) C:\Windows\system32\drivers\filetrace.sys
2011/04/08 10:10:52.0729 0792        flpydisk        (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/04/08 10:10:52.0760 0792        FltMgr          (a6a8da7ae4d53394ab22ac3ab6d3f5d3) C:\Windows\system32\drivers\fltmgr.sys
2011/04/08 10:10:52.0807 0792        Fs_Rec          (66a078591208baa210c7634b11eb392c) C:\Windows\system32\drivers\Fs_Rec.sys
2011/04/08 10:10:52.0838 0792        gagp30kx        (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2011/04/08 10:10:52.0916 0792        HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/04/08 10:10:52.0963 0792        HDAudBus        (0db613a7e427b5663563677796fd5258) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/04/08 10:10:52.0994 0792        HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/04/08 10:10:53.0025 0792        HidIr          (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/04/08 10:10:53.0072 0792        HidUsb          (01e7971e9f4bd6ac6a08db52d0ea0418) C:\Windows\system32\DRIVERS\hidusb.sys
2011/04/08 10:10:53.0135 0792        Hotkey          (8b566ea71d5b76157a9cdb78f25a5731) C:\Windows\system32\drivers\Hotkey.sys
2011/04/08 10:10:53.0181 0792        HpCISSs        (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2011/04/08 10:10:53.0291 0792        HTTP            (ea24fe637d974a8a31bc650f478e3533) C:\Windows\system32\drivers\HTTP.sys
2011/04/08 10:10:53.0369 0792        hwdatacard      (4e370a583e78b614918c8f2cd5b733ef) C:\Windows\system32\DRIVERS\ewusbmdm.sys
2011/04/08 10:10:53.0415 0792        i2omp          (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2011/04/08 10:10:53.0462 0792        i8042prt        (1c9ee072baa3abb460b91d7ee9152660) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/04/08 10:10:53.0571 0792        ialm            (9378d57e2b96c0a185d844770ad49948) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/04/08 10:10:53.0665 0792        iaStorV        (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2011/04/08 10:10:53.0883 0792        IDSVix86        (7c8ce2b83a89ee1cb0c3fee5991e62a2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110406.001\IDSvix86.sys
2011/04/08 10:10:54.0071 0792        igfx            (9378d57e2b96c0a185d844770ad49948) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/04/08 10:10:54.0149 0792        iirsp          (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/04/08 10:10:54.0195 0792        intelide        (59b00efb24ead979becf413703bb1fac) C:\Windows\system32\drivers\intelide.sys
2011/04/08 10:10:54.0227 0792        intelppm        (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
2011/04/08 10:10:54.0289 0792        IpFilterDriver  (880c6f86cc3f551b8fea2c11141268c0) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/04/08 10:10:54.0351 0792        IPMIDRV        (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2011/04/08 10:10:54.0383 0792        IPNAT          (10077c35845101548037df04fd1a420b) C:\Windows\system32\DRIVERS\ipnat.sys
2011/04/08 10:10:54.0414 0792        IRENUM          (a82f328f4792304184642d6d397bb1e3) C:\Windows\system32\drivers\irenum.sys
2011/04/08 10:10:54.0445 0792        isapnp          (2f8ece2699e7e2070545e9b0960a8ed2) C:\Windows\system32\drivers\isapnp.sys
2011/04/08 10:10:54.0492 0792        iScsiPrt        (4dca456d4d5723f8fa9c6760d240b0df) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/04/08 10:10:54.0523 0792        iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/04/08 10:10:54.0554 0792        iteraid        (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/04/08 10:10:54.0601 0792        kbdclass        (b076b2ab806b3f696dab21375389101c) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/04/08 10:10:54.0663 0792        kbdhid          (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\drivers\kbdhid.sys
2011/04/08 10:10:54.0710 0792        KSecDD          (0a829977b078dea11641fc2af87ceade) C:\Windows\system32\Drivers\ksecdd.sys
2011/04/08 10:10:54.0804 0792        LHidFilt        (7f9c7b28cf1c859e1c42619eea946dc8) C:\Windows\system32\DRIVERS\LHidFilt.Sys
2011/04/08 10:10:54.0866 0792        lirsgt          (975b6cf65f44e95883f3855bae8cecaf) C:\Windows\system32\DRIVERS\lirsgt.sys
2011/04/08 10:10:54.0913 0792        lltdio          (fd015b4f95daa2b712f0e372a116fbad) C:\Windows\system32\DRIVERS\lltdio.sys
2011/04/08 10:10:54.0944 0792        LMouFilt        (ab33792a87285344f43b5ce23421bab0) C:\Windows\system32\DRIVERS\LMouFilt.Sys
2011/04/08 10:10:54.0975 0792        LSI_FC          (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2011/04/08 10:10:55.0007 0792        LSI_SAS        (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2011/04/08 10:10:55.0069 0792        LSI_SCSI        (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2011/04/08 10:10:55.0163 0792        luafv          (42885bb44b6e065b8575a8dd6c430c52) C:\Windows\system32\drivers\luafv.sys
2011/04/08 10:10:55.0209 0792        megasas        (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2011/04/08 10:10:55.0272 0792        Modem          (21755967298a46fb6adfec9db6012211) C:\Windows\system32\drivers\modem.sys
2011/04/08 10:10:55.0319 0792        monitor        (7446e104a5fe5987ca9e4983fbac4f97) C:\Windows\system32\DRIVERS\monitor.sys
2011/04/08 10:10:55.0381 0792        mouclass        (5fba13c1a1841b0885d316ed3589489d) C:\Windows\system32\DRIVERS\mouclass.sys
2011/04/08 10:10:55.0428 0792        mouhid          (b569b5c5d3bde545df3a6af512cccdba) C:\Windows\system32\DRIVERS\mouhid.sys
2011/04/08 10:10:55.0459 0792        MountMgr        (01f1e5a3e4877c931cbb31613fec16a6) C:\Windows\system32\drivers\mountmgr.sys
2011/04/08 10:10:55.0506 0792        mpio            (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2011/04/08 10:10:55.0553 0792        mpsdrv          (6e7a7f0c1193ee5648443fe2d4b789ec) C:\Windows\system32\drivers\mpsdrv.sys
2011/04/08 10:10:55.0584 0792        Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/04/08 10:10:55.0615 0792        MRxDAV          (1d8828b98ee309d65e006f0829e280e5) C:\Windows\system32\drivers\mrxdav.sys
2011/04/08 10:10:55.0662 0792        mrxsmb          (8af705ce1bb907932157fab821170f27) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/04/08 10:10:55.0693 0792        mrxsmb10        (47e13ab23371be3279eef22bbfa2c1be) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/04/08 10:10:55.0724 0792        mrxsmb20        (90b3fc7bd6b3d7ee7635debba2187f66) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/04/08 10:10:55.0771 0792        msahci          (2681302b63b318cbea6c82902ac5428c) C:\Windows\system32\drivers\msahci.sys
2011/04/08 10:10:55.0833 0792        msdsm          (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2011/04/08 10:10:55.0896 0792        Msfs            (729eafefd4e7417165f353a18dbe947d) C:\Windows\system32\drivers\Msfs.sys
2011/04/08 10:10:55.0943 0792        msisadrv        (207df26dbb2537c20276da0e15892274) C:\Windows\system32\drivers\msisadrv.sys
2011/04/08 10:10:55.0974 0792        MSKSSRV        (892cedefa7e0ffe7be8da651b651d047) C:\Windows\system32\drivers\MSKSSRV.sys
2011/04/08 10:10:56.0021 0792        MSPCLOCK        (ae2cb1da69b2676b4cee2a501af5871c) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/04/08 10:10:56.0099 0792        MSPQM          (f910da84fa90c44a3addb7cd874463fd) C:\Windows\system32\drivers\MSPQM.sys
2011/04/08 10:10:56.0379 0792        MsRPC          (84571c0ae07647ba38d493f5f0015df7) C:\Windows\system32\drivers\MsRPC.sys
2011/04/08 10:10:56.0426 0792        mssmbios        (7dbaa028f625aa46b95dda4fbe4b602b) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/04/08 10:10:56.0473 0792        MSTEE          (c826dd1373f38afd9ca46ec3c436a14e) C:\Windows\system32\drivers\MSTEE.sys
2011/04/08 10:10:56.0504 0792        Mup            (fa7aa70050cf5e2d15de00941e5665e5) C:\Windows\system32\Drivers\mup.sys
2011/04/08 10:10:56.0567 0792        NativeWifiP    (6da4a0fc7c0e83df0cb3cfd0a514c3bc) C:\Windows\system32\DRIVERS\nwifi.sys
2011/04/08 10:10:56.0769 0792        NAVENG          (c34e2a884ccca8b5567d0c2752527073) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110407.002\NAVENG.SYS
2011/04/08 10:10:56.0863 0792        NAVEX15        (b3916eeec738dd4178f4fd6a44a32e36) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110407.002\NAVEX15.SYS
2011/04/08 10:10:57.0019 0792        NDIS            (227c11e1e7cf6ef8afb2a238d209760c) C:\Windows\system32\drivers\ndis.sys
2011/04/08 10:10:57.0066 0792        NdisTapi        (81659cdcbd0f9a9e07e6878ad8c78d3f) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/04/08 10:10:57.0097 0792        Ndisuio        (5de5ee546bf40838ebe0e01cb629df64) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/04/08 10:10:57.0128 0792        NdisWan        (397402adcbb8946223a1950101f6cd94) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/04/08 10:10:57.0144 0792        NDProxy        (1b24fa907af283199a81b3bb37e5e526) C:\Windows\system32\drivers\NDProxy.sys
2011/04/08 10:10:57.0175 0792        NetBIOS        (356dbb9f98e8dc1028dd3092fceeb877) C:\Windows\system32\DRIVERS\netbios.sys
2011/04/08 10:10:57.0237 0792        netbt          (e3a168912e7eefc3bd3b814720d68b41) C:\Windows\system32\DRIVERS\netbt.sys
2011/04/08 10:10:57.0440 0792        NETw4v32        (6522dd40a5f67ced020bd81b856613fb) C:\Windows\system32\DRIVERS\NETw4v32.sys
2011/04/08 10:10:57.0534 0792        nfrd960        (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/04/08 10:10:57.0596 0792        Npfs            (4f9832beb9fafd8ceb0e541f1323b26e) C:\Windows\system32\drivers\Npfs.sys
2011/04/08 10:10:57.0627 0792        nsiproxy        (b488dfec274de1fc9d653870ef2587be) C:\Windows\system32\drivers\nsiproxy.sys
2011/04/08 10:10:57.0752 0792        Ntfs            (37430aa7a66d7a63407adc2c0d05e9f6) C:\Windows\system32\drivers\Ntfs.sys
2011/04/08 10:10:57.0846 0792        ntrigdigi      (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/04/08 10:10:57.0877 0792        Null            (ec5efb3c60f1b624648344a328bce596) C:\Windows\system32\drivers\Null.sys
2011/04/08 10:10:57.0908 0792        nvraid          (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
2011/04/08 10:10:57.0939 0792        nvstor          (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
2011/04/08 10:10:57.0986 0792        nv_agp          (055081fd5076401c1ee1bcab08d81911) C:\Windows\system32\drivers\nv_agp.sys
2011/04/08 10:10:58.0064 0792        ohci1394        (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
2011/04/08 10:10:58.0142 0792        Parport        (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\DRIVERS\parport.sys
2011/04/08 10:10:58.0158 0792        partmgr        (555a5b2c8022983bc7467bc925b222ee) C:\Windows\system32\drivers\partmgr.sys
2011/04/08 10:10:58.0189 0792        Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\DRIVERS\parvdm.sys
2011/04/08 10:10:58.0251 0792        pci            (bdd96f9cf34d58958aff1be6ef4c8020) C:\Windows\system32\drivers\pci.sys
2011/04/08 10:10:58.0283 0792        pciide          (54d23dc5b5072311116826fdb7f6e83e) C:\Windows\system32\drivers\pciide.sys
2011/04/08 10:10:58.0329 0792        pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/04/08 10:10:58.0407 0792        PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/04/08 10:10:58.0548 0792        PptpMiniport    (c04dec5ace67c5247b150c4223970bb7) C:\Windows\system32\DRIVERS\raspptp.sys
2011/04/08 10:10:58.0579 0792        Processor      (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2011/04/08 10:10:58.0641 0792        PSched          (2c8bae55247c4e09352e870292e4d1ab) C:\Windows\system32\DRIVERS\pacer.sys
2011/04/08 10:10:58.0704 0792        PxHelp20        (e42e3433dbb4cffe8fdd91eab29aea8e) C:\Windows\system32\Drivers\PxHelp20.sys
2011/04/08 10:10:58.0766 0792        ql2300          (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2011/04/08 10:10:58.0829 0792        ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/04/08 10:10:58.0875 0792        QWAVEdrv        (d2b3e2b7426dc23e185fbc73c8936c12) C:\Windows\system32\drivers\qwavedrv.sys
2011/04/08 10:10:58.0907 0792        RasAcd          (bd7b30f55b3649506dd8b3d38f571d2a) C:\Windows\system32\DRIVERS\rasacd.sys
2011/04/08 10:10:58.0969 0792        Rasl2tp        (68b0019fee429ec49d29017af937e482) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/04/08 10:10:59.0016 0792        RasPppoe        (ccf4e9c6cbbac81437f88cb2ae0b6c96) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/04/08 10:10:59.0063 0792        rdbss          (54129c5d9581bbec8bd1ebd3ba813f47) C:\Windows\system32\DRIVERS\rdbss.sys
2011/04/08 10:10:59.0094 0792        RDPCDD          (794585276b5d7fca9f3fc15543f9f0b9) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/04/08 10:10:59.0141 0792        rdpdr          (0245418224cfa77bf4b41c2fe0622258) C:\Windows\system32\DRIVERS\rdpdr.sys
2011/04/08 10:10:59.0172 0792        RDPENCDD        (980b56e2e273e19d3a9d72d5c420f008) C:\Windows\system32\drivers\rdpencdd.sys
2011/04/08 10:10:59.0203 0792        RDPWD          (8830e790a74a96605faba74f9665bb3c) C:\Windows\system32\drivers\RDPWD.sys
2011/04/08 10:10:59.0281 0792        RFCOMM          (7ec90c316177ba3f1bce92005264b447) C:\Windows\system32\DRIVERS\rfcomm.sys
2011/04/08 10:10:59.0328 0792        rspndr          (97e939d2128fec5d5a3e6e79b290a2f4) C:\Windows\system32\DRIVERS\rspndr.sys
2011/04/08 10:10:59.0390 0792        RTL8169        (71b7026d61293c1e91145bdad11c53bf) C:\Windows\system32\DRIVERS\Rtlh86.sys
2011/04/08 10:10:59.0421 0792        RTSTOR          (e845f4d709c456992f11d2acf321bced) C:\Windows\system32\drivers\RTSTOR.SYS
2011/04/08 10:10:59.0468 0792        sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/04/08 10:10:59.0515 0792        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/04/08 10:10:59.0546 0792        Serenum        (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\DRIVERS\serenum.sys
2011/04/08 10:10:59.0593 0792        Serial          (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\DRIVERS\serial.sys
2011/04/08 10:10:59.0624 0792        sermouse        (450accd77ec5cea720c1cdb9e26b953b) C:\Windows\system32\drivers\sermouse.sys
2011/04/08 10:10:59.0671 0792        sffdisk        (51cf56aa8bcc241f134b420b8f850406) C:\Windows\system32\drivers\sffdisk.sys
2011/04/08 10:10:59.0702 0792        sffp_mmc        (96ded8b20c734ac41641ce275250e55d) C:\Windows\system32\drivers\sffp_mmc.sys
2011/04/08 10:10:59.0718 0792        sffp_sd        (8b08cab1267b2c377883fc9e56981f90) C:\Windows\system32\drivers\sffp_sd.sys
2011/04/08 10:10:59.0749 0792        sfloppy        (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/04/08 10:10:59.0796 0792        sisagp          (08072b2fb92477fc813271a84b3a8698) C:\Windows\system32\drivers\sisagp.sys
2011/04/08 10:10:59.0827 0792        SiSRaid2        (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2011/04/08 10:10:59.0874 0792        SiSRaid4        (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2011/04/08 10:10:59.0905 0792        Smb            (ac0d90738adb51a6fd12ff00874a2162) C:\Windows\system32\DRIVERS\smb.sys
2011/04/08 10:10:59.0936 0792        spldr          (426f9b029aa9162ceccf65369457d046) C:\Windows\system32\drivers\spldr.sys
2011/04/08 10:11:00.0014 0792        sptd            (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys
2011/04/08 10:11:00.0014 0792        Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
2011/04/08 10:11:00.0030 0792        sptd - detected Locked file (1)
2011/04/08 10:11:00.0123 0792        SRTSP          (a7a104a61c4e30de9c58f8c372a5c209) C:\Windows\System32\Drivers\NIS\1205000.07D\SRTSP.SYS
2011/04/08 10:11:00.0170 0792        SRTSPX          (2833445f786bd000bb14c84a9d91347a) C:\Windows\system32\drivers\NIS\1205000.07D\SRTSPX.SYS
2011/04/08 10:11:00.0217 0792        srv            (038579c35f7cad4a4bbf735dbf83277d) C:\Windows\system32\DRIVERS\srv.sys
2011/04/08 10:11:00.0264 0792        srv2            (6971a757af8cb5e2cbcbb76cc530db6c) C:\Windows\system32\DRIVERS\srv2.sys
2011/04/08 10:11:00.0311 0792        srvnet          (9e1a4603b874eebce0298113951abefb) C:\Windows\system32\DRIVERS\srvnet.sys
2011/04/08 10:11:00.0435 0792        SVKP            (f05028b163b92c302a74409d683ac9b0) C:\Windows\system32\SVKP.sys
2011/04/08 10:11:00.0482 0792        swenum          (3b80b4383c9bce13279c8482734b32b2) C:\Windows\system32\DRIVERS\swenum.sys
2011/04/08 10:11:00.0529 0792        Symc8xx        (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/04/08 10:11:00.0623 0792        SymDS          (bdf077b897b5f9f929b6bf0cfd436962) C:\Windows\system32\drivers\NIS\1205000.07D\SYMDS.SYS
2011/04/08 10:11:00.0685 0792        SymEFA          (7732298ad2eddd364c1d4f439d99ae7c) C:\Windows\system32\drivers\NIS\1205000.07D\SYMEFA.SYS
2011/04/08 10:11:00.0747 0792        SymEvent        (5c76a63fac8a5580c5a1c4a4ed827782) C:\Windows\system32\Drivers\SYMEVENT.SYS
2011/04/08 10:11:00.0810 0792        SymIRON        (a73399804d5d4a8b20ba60fcf70c9f1f) C:\Windows\system32\drivers\NIS\1205000.07D\Ironx86.SYS
2011/04/08 10:11:00.0872 0792        SYMTDIv        (c93e93bff7cba0cd1c1ea282d791b772) C:\Windows\System32\Drivers\NIS\1205000.07D\SYMTDIV.SYS
2011/04/08 10:11:00.0935 0792        Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/04/08 10:11:00.0966 0792        Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/04/08 10:11:01.0013 0792        SynTP          (f7a4250bb3e3afcd4af100e551509352) C:\Windows\system32\DRIVERS\SynTP.sys
2011/04/08 10:11:01.0091 0792        Tcpip          (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\drivers\tcpip.sys
2011/04/08 10:11:01.0153 0792        Tcpip6          (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\DRIVERS\tcpip.sys
2011/04/08 10:11:01.0184 0792        tcpipreg        (5ce0c4a7b12d0067dad527d72b68c726) C:\Windows\system32\drivers\tcpipreg.sys
2011/04/08 10:11:01.0215 0792        TDPIPE          (964248aef49c31fa6a93201a73ffaf50) C:\Windows\system32\drivers\tdpipe.sys
2011/04/08 10:11:01.0262 0792        TDTCP          (7d2c1ae1648a60fce4aa0f7982e419d3) C:\Windows\system32\drivers\tdtcp.sys
2011/04/08 10:11:01.0293 0792        tdx            (ab4fde8af4a0270a46a001c08cbce1c2) C:\Windows\system32\DRIVERS\tdx.sys
2011/04/08 10:11:01.0340 0792        TermDD          (849ed71967d45f15c3e0abfc633fdf2a) C:\Windows\system32\DRIVERS\termdd.sys
2011/04/08 10:11:01.0434 0792        tssecsrv        (29f0eca726f0d51f7e048bdb0b372f29) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/04/08 10:11:01.0481 0792        tunmp          (65e953bc0084d44498b51f59784d2a82) C:\Windows\system32\DRIVERS\tunmp.sys
2011/04/08 10:11:01.0512 0792        tunnel          (4a39bda5e0fd30bdf4884f9d33ae6105) C:\Windows\system32\DRIVERS\tunnel.sys
2011/04/08 10:11:01.0543 0792        uagp35          (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2011/04/08 10:11:01.0590 0792        udfs            (6348da98707ceda8a0dfb05820e17732) C:\Windows\system32\DRIVERS\udfs.sys
2011/04/08 10:11:01.0637 0792        uliagpkx        (6d72ef05921abdf59fc45c7ebfe7e8dd) C:\Windows\system32\drivers\uliagpkx.sys
2011/04/08 10:11:01.0668 0792        uliahci        (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2011/04/08 10:11:01.0715 0792        UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/04/08 10:11:01.0746 0792        ulsata2        (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/04/08 10:11:01.0793 0792        umbus          (3fb78f1d1dd86d87bececd9dffa24dd9) C:\Windows\system32\DRIVERS\umbus.sys
2011/04/08 10:11:01.0871 0792        USB28xxBGA      (01f43ddc94653cd68d2794ec4500debc) C:\Windows\system32\DRIVERS\emBDA.sys
2011/04/08 10:11:01.0902 0792        USB28xxOEM      (925e82ffe06a37799e5cb486528ed835) C:\Windows\system32\DRIVERS\emOEM.sys
2011/04/08 10:11:01.0949 0792        usbbus          (9419faac6552a51542dbba02971c841c) C:\Windows\system32\DRIVERS\lgusbbus.sys
2011/04/08 10:11:01.0995 0792        usbccgp        (03b01e8dbd2da2b49157b7e51912aaf2) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/04/08 10:11:02.0042 0792        usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/04/08 10:11:02.0089 0792        UsbDiag        (c0a466fa4ffec464320e159bc1bbdc0c) C:\Windows\system32\DRIVERS\lgusbdiag.sys
2011/04/08 10:11:02.0151 0792        usbehci        (2f83363f98484f8edaf49f9b41520d14) C:\Windows\system32\DRIVERS\usbehci.sys
2011/04/08 10:11:02.0198 0792        usbhub          (14d2a4dcd92c0b3368667aed6893463d) C:\Windows\system32\DRIVERS\usbhub.sys
2011/04/08 10:11:02.0261 0792        USBModem        (f74a54774a9b0afeb3c40adec68aa600) C:\Windows\system32\DRIVERS\lgusbmodem.sys
2011/04/08 10:11:02.0292 0792        usbohci        (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/04/08 10:11:02.0323 0792        usbprint        (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\DRIVERS\usbprint.sys
2011/04/08 10:11:02.0385 0792        usbscan        (b1f95285c08ddfe00c0b955462637ec7) C:\Windows\system32\DRIVERS\usbscan.sys
2011/04/08 10:11:02.0448 0792        usbsermptxp    (49106ee29074e6a3d3ac9e24c6d791d8) C:\Windows\system32\DRIVERS\usbsermptxp.sys
2011/04/08 10:11:02.0479 0792        USBSTOR        (7887ce56934e7f104e98c975f47353c5) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/04/08 10:11:02.0541 0792        usbuhci        (7747b902f6b7d0096f9c2bf55d3247f1) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/04/08 10:11:02.0604 0792        vga            (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/04/08 10:11:02.0651 0792        VgaSave        (17a8f877314e4067f8c8172cc6d9101c) C:\Windows\System32\drivers\vga.sys
2011/04/08 10:11:02.0682 0792        viaagp          (d5929a28bdff4367a12caf06af901971) C:\Windows\system32\drivers\viaagp.sys
2011/04/08 10:11:02.0713 0792        ViaC7          (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2011/04/08 10:11:02.0744 0792        viaide          (c0ace9d0f5a5ee0b00f58345947a57fc) C:\Windows\system32\drivers\viaide.sys
2011/04/08 10:11:02.0791 0792        volmgr          (fd16fac15f9f165ac19a618e7b391f5c) C:\Windows\system32\drivers\volmgr.sys
2011/04/08 10:11:02.0838 0792        volmgrx        (294da8d3f965f6a8db934a83c7b461ff) C:\Windows\system32\drivers\volmgrx.sys
2011/04/08 10:11:02.0900 0792        volsnap        (80dc0c9bcb579ed9815001a4d37cbfd5) C:\Windows\system32\drivers\volsnap.sys
2011/04/08 10:11:02.0931 0792        vsmraid        (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2011/04/08 10:11:02.0978 0792        WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/04/08 10:11:03.0025 0792        Wanarp          (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/08 10:11:03.0041 0792        Wanarpv6        (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/08 10:11:03.0087 0792        Wd              (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2011/04/08 10:11:03.0134 0792        Wdf01000        (7b5f66e4a2219c7d9daf9e738480e534) C:\Windows\system32\drivers\Wdf01000.sys
2011/04/08 10:11:03.0243 0792        WmiAcpi        (17eac0d023a65fa9b02114cc2baacad5) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/04/08 10:11:03.0321 0792        WpdUsb          (2d27171b16a577ef14c1273668753485) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/04/08 10:11:03.0353 0792        ws2ifsl        (84620aecdcfd2a7a14e6263927d8c0ed) C:\Windows\system32\drivers\ws2ifsl.sys
2011/04/08 10:11:03.0415 0792        WUDFRd          (a2aafcc8a204736296d937c7c545b53f) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/04/08 10:11:03.0477 0792        \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/04/08 10:11:03.0477 0792        ================================================================================
2011/04/08 10:11:03.0477 0792        Scan finished
2011/04/08 10:11:03.0477 0792        ================================================================================
2011/04/08 10:11:03.0493 1332        Detected object count: 2
2011/04/08 10:19:22.0007 1332        HKLM\SYSTEM\ControlSet001\services\sptd - will be deleted after reboot
2011/04/08 10:19:22.0038 1332        HKLM\SYSTEM\ControlSet002\services\sptd - will be deleted after reboot
2011/04/08 10:19:22.0069 1332        C:\Windows\system32\Drivers\sptd.sys - will be deleted after reboot
2011/04/08 10:19:22.0069 1332        Locked file(sptd) - User select action: Delete
2011/04/08 10:19:22.0147 1332        \HardDisk0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/04/08 10:19:22.0147 1332        \HardDisk0 - ok
2011/04/08 10:19:22.0147 1332        Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2011/04/08 10:19:36.0671 3436        Deinitialize success
Danke und Gruß,
Stephi

cosinus 08.04.2011 09:54
TDL4 wurde erkannt und entfernt. Bitte Windows neu starten und den TDSS-Killer zur Kontrolle nochmal ausführen - Log posten.

zelluloid 08.04.2011 10:18
Wow, nach Kaspersky Tool keine Angriffe, Weiterleitungen, Windows Dienst Fehlermeldungen und XP-Designs mehr, jubelfreu :daumenhoc
Und Windows Update funzt auch wieder!!!, bin beeindruckt (auch wenn wir bestimmt noch nicht fertig sind)

rootkit log:
Code:
2011/04/08 11:08:38.0538 1852        TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/08 11:08:39.0849 1852        ================================================================================
2011/04/08 11:08:39.0849 1852        SystemInfo:
2011/04/08 11:08:39.0849 1852       
2011/04/08 11:08:39.0849 1852        OS Version: 6.0.6000 ServicePack: 0.0
2011/04/08 11:08:39.0849 1852        Product type: Workstation
2011/04/08 11:08:39.0849 1852        ComputerName: ZAPHOD-LAB
2011/04/08 11:08:39.0849 1852        UserName: Zaphod
2011/04/08 11:08:39.0849 1852        Windows directory: C:\Windows
2011/04/08 11:08:39.0849 1852        System windows directory: C:\Windows
2011/04/08 11:08:39.0849 1852        Processor architecture: Intel x86
2011/04/08 11:08:39.0849 1852        Number of processors: 2
2011/04/08 11:08:39.0849 1852        Page size: 0x1000
2011/04/08 11:08:39.0849 1852        Boot type: Normal boot
2011/04/08 11:08:39.0849 1852        ================================================================================
2011/04/08 11:08:40.0925 1852        Initialize success
2011/04/08 11:08:43.0920 3808        ================================================================================
2011/04/08 11:08:43.0920 3808        Scan started
2011/04/08 11:08:43.0920 3808        Mode: Manual;
2011/04/08 11:08:43.0920 3808        ================================================================================
2011/04/08 11:08:45.0356 3808        ACPI            (84fc6df81212d16be5c4f441682feccc) C:\Windows\system32\drivers\acpi.sys
2011/04/08 11:08:45.0512 3808        adp94xx        (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2011/04/08 11:08:45.0558 3808        adpahci        (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2011/04/08 11:08:45.0605 3808        adpu160m        (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2011/04/08 11:08:45.0652 3808        adpu320        (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2011/04/08 11:08:45.0730 3808        AF15BDA        (25e12313338e476293178bcae4d6f4e2) C:\Windows\system32\DRIVERS\AF15BDA.sys
2011/04/08 11:08:45.0792 3808        AFD            (5d24caf8efd924a875698ff28384db8b) C:\Windows\system32\drivers\afd.sys
2011/04/08 11:08:45.0839 3808        agp440          (8b10ce1c1f9f1d47e4deb1a547a00cd4) C:\Windows\system32\drivers\agp440.sys
2011/04/08 11:08:45.0886 3808        aic78xx        (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/04/08 11:08:45.0917 3808        aliide          (5c42a992e68724d2cd3ddb4fc3b0409f) C:\Windows\system32\drivers\aliide.sys
2011/04/08 11:08:45.0948 3808        amdagp          (848f27e5b27c1c253f6cefdc1a5d8f21) C:\Windows\system32\drivers\amdagp.sys
2011/04/08 11:08:45.0980 3808        amdide          (849dfacdde533da5d1810f0caf84eb19) C:\Windows\system32\drivers\amdide.sys
2011/04/08 11:08:46.0026 3808        AmdK7          (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2011/04/08 11:08:46.0058 3808        AmdK8          (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
2011/04/08 11:08:46.0120 3808        arc            (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2011/04/08 11:08:46.0151 3808        arcsas          (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2011/04/08 11:08:46.0198 3808        AsyncMac        (e86cf7ce67d5de898f27ef884dc357d8) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/04/08 11:08:46.0245 3808        atapi          (e03e8c99d15d0381e02743c36afc7c6f) C:\Windows\system32\drivers\atapi.sys
2011/04/08 11:08:46.0307 3808        atksgt          (6e996cf8459a2594e0e9609d0e34d41f) C:\Windows\system32\DRIVERS\atksgt.sys
2011/04/08 11:08:46.0370 3808        b57nd60x        (8e287eb3a52fd30c999482c576f4a61b) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/04/08 11:08:46.0432 3808        Beep            (ac3dd1708b22761ebd7cbe14dcc3b5d7) C:\Windows\system32\drivers\Beep.sys
2011/04/08 11:08:46.0666 3808        BHDrvx86        (32d6e07922d17bed40ae746fc86b8a68) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110309.001\BHDrvx86.sys
2011/04/08 11:08:46.0744 3808        bowser          (913cd06fbe9105ce6077e90fd4418561) C:\Windows\system32\DRIVERS\bowser.sys
2011/04/08 11:08:46.0791 3808        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/04/08 11:08:46.0822 3808        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/04/08 11:08:46.0869 3808        Brserid        (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/04/08 11:08:46.0900 3808        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/04/08 11:08:46.0931 3808        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/04/08 11:08:46.0947 3808        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/04/08 11:08:47.0009 3808        BthAvrcp        (3472331b9d460212965b51a8d38e8bec) C:\Windows\system32\DRIVERS\BthAvrcp.sys
2011/04/08 11:08:47.0072 3808        BthEnum        (cf97c2d6a011ee9403b42191b5f95ba8) C:\Windows\system32\DRIVERS\BthEnum.sys
2011/04/08 11:08:47.0118 3808        BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/04/08 11:08:47.0181 3808        BthPan          (b8c3d9ddf85fd197c3e5f849fef71144) C:\Windows\system32\DRIVERS\bthpan.sys
2011/04/08 11:08:47.0228 3808        BTHPORT        (b4ce8000aab30a9ab16cd0fb3db4d7cf) C:\Windows\system32\Drivers\BTHport.sys
2011/04/08 11:08:47.0274 3808        BTHUSB          (9a4ddc8544c1459aa2a118a8858dade3) C:\Windows\system32\Drivers\BTHUSB.sys
2011/04/08 11:08:47.0321 3808        cdfs            (6c3a437fc873c6f6a4fc620b6888cb86) C:\Windows\system32\DRIVERS\cdfs.sys
2011/04/08 11:08:47.0384 3808        cdrom          (8d1866e61af096ae8b582454f5e4d303) C:\Windows\system32\DRIVERS\cdrom.sys
2011/04/08 11:08:47.0430 3808        circlass        (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2011/04/08 11:08:47.0477 3808        CLFS            (1b84fd0937d3b99af9ba38ddff3daf54) C:\Windows\system32\CLFS.sys
2011/04/08 11:08:47.0540 3808        CmBatt          (ed97ad3df1b9005989eaf149bf06c821) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/04/08 11:08:47.0555 3808        cmdide          (de11a06e187756ecb86cfa82dac40ff7) C:\Windows\system32\drivers\cmdide.sys
2011/04/08 11:08:47.0633 3808        CnxtHdAudService (b6e7991e3d6146c04c85cd31af22a381) C:\Windows\system32\drivers\CHDRT32.sys
2011/04/08 11:08:47.0696 3808        Compbatt        (722936afb75a7f509662b69b5632f48a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/04/08 11:08:47.0727 3808        crcdisk        (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2011/04/08 11:08:47.0774 3808        Crusoe          (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2011/04/08 11:08:47.0836 3808        CSC            (ee95a5f89766f199557e5900ce6b2d7d) C:\Windows\system32\drivers\csc.sys
2011/04/08 11:08:47.0867 3808        DfsC            (a7179de59ae269ab70345527894ccd7c) C:\Windows\system32\Drivers\dfsc.sys
2011/04/08 11:08:47.0945 3808        disk            (841af4c4d41d3e3b2f244e976b0f7963) C:\Windows\system32\drivers\disk.sys
2011/04/08 11:08:48.0023 3808        drmkaud        (ee472cd2c01f6f8e8aa1fa06ffef61b6) C:\Windows\system32\drivers\drmkaud.sys
2011/04/08 11:08:48.0070 3808        DXGKrnl        (a2b160c1bb13ee3303c342e551373c59) C:\Windows\System32\drivers\dxgkrnl.sys
2011/04/08 11:08:48.0164 3808        E1G60          (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/04/08 11:08:48.0210 3808        Ecache          (0efc7531b936ee57fdb4e837664c509f) C:\Windows\system32\drivers\ecache.sys
2011/04/08 11:08:48.0335 3808        eeCtrl          (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2011/04/08 11:08:48.0398 3808        elxstor        (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2011/04/08 11:08:48.0444 3808        EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2011/04/08 11:08:48.0491 3808        fastfat        (84a317cb0b3954d3768cdcd018dbf670) C:\Windows\system32\drivers\fastfat.sys
2011/04/08 11:08:48.0538 3808        fdc            (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
2011/04/08 11:08:48.0569 3808        FileInfo        (65773d6115c037ffd7ef8280ae85eb9d) C:\Windows\system32\drivers\fileinfo.sys
2011/04/08 11:08:48.0616 3808        Filetrace      (c226dd0de060745f3e042f58dcf78402) C:\Windows\system32\drivers\filetrace.sys
2011/04/08 11:08:48.0647 3808        flpydisk        (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/04/08 11:08:48.0663 3808        FltMgr          (a6a8da7ae4d53394ab22ac3ab6d3f5d3) C:\Windows\system32\drivers\fltmgr.sys
2011/04/08 11:08:48.0725 3808        Fs_Rec          (66a078591208baa210c7634b11eb392c) C:\Windows\system32\drivers\Fs_Rec.sys
2011/04/08 11:08:48.0756 3808        gagp30kx        (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2011/04/08 11:08:48.0819 3808        HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/04/08 11:08:48.0881 3808        HDAudBus        (0db613a7e427b5663563677796fd5258) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/04/08 11:08:48.0912 3808        HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/04/08 11:08:48.0944 3808        HidIr          (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/04/08 11:08:49.0006 3808        HidUsb          (01e7971e9f4bd6ac6a08db52d0ea0418) C:\Windows\system32\DRIVERS\hidusb.sys
2011/04/08 11:08:49.0068 3808        Hotkey          (8b566ea71d5b76157a9cdb78f25a5731) C:\Windows\system32\drivers\Hotkey.sys
2011/04/08 11:08:49.0100 3808        HpCISSs        (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2011/04/08 11:08:49.0146 3808        HTTP            (ea24fe637d974a8a31bc650f478e3533) C:\Windows\system32\drivers\HTTP.sys
2011/04/08 11:08:49.0224 3808        hwdatacard      (4e370a583e78b614918c8f2cd5b733ef) C:\Windows\system32\DRIVERS\ewusbmdm.sys
2011/04/08 11:08:49.0256 3808        i2omp          (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2011/04/08 11:08:49.0334 3808        i8042prt        (1c9ee072baa3abb460b91d7ee9152660) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/04/08 11:08:49.0412 3808        ialm            (9378d57e2b96c0a185d844770ad49948) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/04/08 11:08:49.0505 3808        iaStorV        (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2011/04/08 11:08:49.0755 3808        IDSVix86        (7c8ce2b83a89ee1cb0c3fee5991e62a2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110407.001\IDSvix86.sys
2011/04/08 11:08:49.0942 3808        igfx            (9378d57e2b96c0a185d844770ad49948) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/04/08 11:08:50.0004 3808        iirsp          (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/04/08 11:08:50.0082 3808        intelide        (59b00efb24ead979becf413703bb1fac) C:\Windows\system32\drivers\intelide.sys
2011/04/08 11:08:50.0114 3808        intelppm        (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
2011/04/08 11:08:50.0160 3808        IpFilterDriver  (880c6f86cc3f551b8fea2c11141268c0) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/04/08 11:08:50.0223 3808        IPMIDRV        (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2011/04/08 11:08:50.0270 3808        IPNAT          (10077c35845101548037df04fd1a420b) C:\Windows\system32\DRIVERS\ipnat.sys
2011/04/08 11:08:50.0301 3808        IRENUM          (a82f328f4792304184642d6d397bb1e3) C:\Windows\system32\drivers\irenum.sys
2011/04/08 11:08:50.0332 3808        isapnp          (2f8ece2699e7e2070545e9b0960a8ed2) C:\Windows\system32\drivers\isapnp.sys
2011/04/08 11:08:50.0394 3808        iScsiPrt        (4dca456d4d5723f8fa9c6760d240b0df) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/04/08 11:08:50.0410 3808        iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/04/08 11:08:50.0441 3808        iteraid        (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/04/08 11:08:50.0628 3808        kbdclass        (b076b2ab806b3f696dab21375389101c) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/04/08 11:08:50.0722 3808        kbdhid          (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\drivers\kbdhid.sys
2011/04/08 11:08:50.0784 3808        KSecDD          (0a829977b078dea11641fc2af87ceade) C:\Windows\system32\Drivers\ksecdd.sys
2011/04/08 11:08:50.0894 3808        LHidFilt        (7f9c7b28cf1c859e1c42619eea946dc8) C:\Windows\system32\DRIVERS\LHidFilt.Sys
2011/04/08 11:08:50.0956 3808        lirsgt          (975b6cf65f44e95883f3855bae8cecaf) C:\Windows\system32\DRIVERS\lirsgt.sys
2011/04/08 11:08:50.0987 3808        lltdio          (fd015b4f95daa2b712f0e372a116fbad) C:\Windows\system32\DRIVERS\lltdio.sys
2011/04/08 11:08:51.0018 3808        LMouFilt        (ab33792a87285344f43b5ce23421bab0) C:\Windows\system32\DRIVERS\LMouFilt.Sys
2011/04/08 11:08:51.0065 3808        LSI_FC          (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2011/04/08 11:08:51.0112 3808        LSI_SAS        (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2011/04/08 11:08:51.0159 3808        LSI_SCSI        (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2011/04/08 11:08:51.0206 3808        luafv          (42885bb44b6e065b8575a8dd6c430c52) C:\Windows\system32\drivers\luafv.sys
2011/04/08 11:08:51.0252 3808        megasas        (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2011/04/08 11:08:51.0299 3808        Modem          (21755967298a46fb6adfec9db6012211) C:\Windows\system32\drivers\modem.sys
2011/04/08 11:08:51.0346 3808        monitor        (7446e104a5fe5987ca9e4983fbac4f97) C:\Windows\system32\DRIVERS\monitor.sys
2011/04/08 11:08:51.0408 3808        mouclass        (5fba13c1a1841b0885d316ed3589489d) C:\Windows\system32\DRIVERS\mouclass.sys
2011/04/08 11:08:51.0440 3808        mouhid          (b569b5c5d3bde545df3a6af512cccdba) C:\Windows\system32\DRIVERS\mouhid.sys
2011/04/08 11:08:51.0471 3808        MountMgr        (01f1e5a3e4877c931cbb31613fec16a6) C:\Windows\system32\drivers\mountmgr.sys
2011/04/08 11:08:51.0518 3808        mpio            (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2011/04/08 11:08:51.0564 3808        mpsdrv          (6e7a7f0c1193ee5648443fe2d4b789ec) C:\Windows\system32\drivers\mpsdrv.sys
2011/04/08 11:08:51.0596 3808        Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/04/08 11:08:51.0642 3808        MRxDAV          (1d8828b98ee309d65e006f0829e280e5) C:\Windows\system32\drivers\mrxdav.sys
2011/04/08 11:08:51.0689 3808        mrxsmb          (8af705ce1bb907932157fab821170f27) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/04/08 11:08:51.0720 3808        mrxsmb10        (47e13ab23371be3279eef22bbfa2c1be) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/04/08 11:08:51.0752 3808        mrxsmb20        (90b3fc7bd6b3d7ee7635debba2187f66) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/04/08 11:08:51.0814 3808        msahci          (2681302b63b318cbea6c82902ac5428c) C:\Windows\system32\drivers\msahci.sys
2011/04/08 11:08:51.0845 3808        msdsm          (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2011/04/08 11:08:51.0892 3808        Msfs            (729eafefd4e7417165f353a18dbe947d) C:\Windows\system32\drivers\Msfs.sys
2011/04/08 11:08:51.0939 3808        msisadrv        (207df26dbb2537c20276da0e15892274) C:\Windows\system32\drivers\msisadrv.sys
2011/04/08 11:08:51.0970 3808        MSKSSRV        (892cedefa7e0ffe7be8da651b651d047) C:\Windows\system32\drivers\MSKSSRV.sys
2011/04/08 11:08:52.0017 3808        MSPCLOCK        (ae2cb1da69b2676b4cee2a501af5871c) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/04/08 11:08:52.0064 3808        MSPQM          (f910da84fa90c44a3addb7cd874463fd) C:\Windows\system32\drivers\MSPQM.sys
2011/04/08 11:08:52.0095 3808        MsRPC          (84571c0ae07647ba38d493f5f0015df7) C:\Windows\system32\drivers\MsRPC.sys
2011/04/08 11:08:52.0142 3808        mssmbios        (7dbaa028f625aa46b95dda4fbe4b602b) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/04/08 11:08:52.0173 3808        MSTEE          (c826dd1373f38afd9ca46ec3c436a14e) C:\Windows\system32\drivers\MSTEE.sys
2011/04/08 11:08:52.0204 3808        Mup            (fa7aa70050cf5e2d15de00941e5665e5) C:\Windows\system32\Drivers\mup.sys
2011/04/08 11:08:52.0266 3808        NativeWifiP    (6da4a0fc7c0e83df0cb3cfd0a514c3bc) C:\Windows\system32\DRIVERS\nwifi.sys
2011/04/08 11:08:52.0422 3808        NAVENG          (c34e2a884ccca8b5567d0c2752527073) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110407.035\NAVENG.SYS
2011/04/08 11:08:52.0500 3808        NAVEX15        (b3916eeec738dd4178f4fd6a44a32e36) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110407.035\NAVEX15.SYS
2011/04/08 11:08:52.0656 3808        NDIS            (227c11e1e7cf6ef8afb2a238d209760c) C:\Windows\system32\drivers\ndis.sys
2011/04/08 11:08:52.0719 3808        NdisTapi        (81659cdcbd0f9a9e07e6878ad8c78d3f) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/04/08 11:08:52.0766 3808        Ndisuio        (5de5ee546bf40838ebe0e01cb629df64) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/04/08 11:08:52.0812 3808        NdisWan        (397402adcbb8946223a1950101f6cd94) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/04/08 11:08:52.0859 3808        NDProxy        (1b24fa907af283199a81b3bb37e5e526) C:\Windows\system32\drivers\NDProxy.sys
2011/04/08 11:08:52.0890 3808        NetBIOS        (356dbb9f98e8dc1028dd3092fceeb877) C:\Windows\system32\DRIVERS\netbios.sys
2011/04/08 11:08:52.0937 3808        netbt          (e3a168912e7eefc3bd3b814720d68b41) C:\Windows\system32\DRIVERS\netbt.sys
2011/04/08 11:08:53.0062 3808        NETw4v32        (6522dd40a5f67ced020bd81b856613fb) C:\Windows\system32\DRIVERS\NETw4v32.sys
2011/04/08 11:08:53.0140 3808        nfrd960        (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/04/08 11:08:53.0218 3808        Npfs            (4f9832beb9fafd8ceb0e541f1323b26e) C:\Windows\system32\drivers\Npfs.sys
2011/04/08 11:08:53.0249 3808        nsiproxy        (b488dfec274de1fc9d653870ef2587be) C:\Windows\system32\drivers\nsiproxy.sys
2011/04/08 11:08:53.0327 3808        Ntfs            (37430aa7a66d7a63407adc2c0d05e9f6) C:\Windows\system32\drivers\Ntfs.sys
2011/04/08 11:08:53.0390 3808        ntrigdigi      (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/04/08 11:08:53.0421 3808        Null            (ec5efb3c60f1b624648344a328bce596) C:\Windows\system32\drivers\Null.sys
2011/04/08 11:08:53.0452 3808        nvraid          (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
2011/04/08 11:08:53.0499 3808        nvstor          (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
2011/04/08 11:08:53.0530 3808        nv_agp          (055081fd5076401c1ee1bcab08d81911) C:\Windows\system32\drivers\nv_agp.sys
2011/04/08 11:08:53.0624 3808        ohci1394        (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
2011/04/08 11:08:53.0702 3808        Parport        (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\DRIVERS\parport.sys
2011/04/08 11:08:53.0733 3808        partmgr        (555a5b2c8022983bc7467bc925b222ee) C:\Windows\system32\drivers\partmgr.sys
2011/04/08 11:08:53.0764 3808        Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\DRIVERS\parvdm.sys
2011/04/08 11:08:53.0826 3808        pci            (bdd96f9cf34d58958aff1be6ef4c8020) C:\Windows\system32\drivers\pci.sys
2011/04/08 11:08:53.0858 3808        pciide          (54d23dc5b5072311116826fdb7f6e83e) C:\Windows\system32\drivers\pciide.sys
2011/04/08 11:08:53.0889 3808        pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/04/08 11:08:53.0967 3808        PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/04/08 11:08:54.0092 3808        PptpMiniport    (c04dec5ace67c5247b150c4223970bb7) C:\Windows\system32\DRIVERS\raspptp.sys
2011/04/08 11:08:54.0123 3808        Processor      (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2011/04/08 11:08:54.0201 3808        PSched          (2c8bae55247c4e09352e870292e4d1ab) C:\Windows\system32\DRIVERS\pacer.sys
2011/04/08 11:08:54.0248 3808        PxHelp20        (e42e3433dbb4cffe8fdd91eab29aea8e) C:\Windows\system32\Drivers\PxHelp20.sys
2011/04/08 11:08:54.0310 3808        ql2300          (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2011/04/08 11:08:54.0388 3808        ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/04/08 11:08:54.0419 3808        QWAVEdrv        (d2b3e2b7426dc23e185fbc73c8936c12) C:\Windows\system32\drivers\qwavedrv.sys
2011/04/08 11:08:54.0450 3808        RasAcd          (bd7b30f55b3649506dd8b3d38f571d2a) C:\Windows\system32\DRIVERS\rasacd.sys
2011/04/08 11:08:54.0528 3808        Rasl2tp        (68b0019fee429ec49d29017af937e482) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/04/08 11:08:54.0575 3808        RasPppoe        (ccf4e9c6cbbac81437f88cb2ae0b6c96) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/04/08 11:08:54.0622 3808        rdbss          (54129c5d9581bbec8bd1ebd3ba813f47) C:\Windows\system32\DRIVERS\rdbss.sys
2011/04/08 11:08:54.0653 3808        RDPCDD          (794585276b5d7fca9f3fc15543f9f0b9) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/04/08 11:08:54.0700 3808        rdpdr          (0245418224cfa77bf4b41c2fe0622258) C:\Windows\system32\DRIVERS\rdpdr.sys
2011/04/08 11:08:54.0731 3808        RDPENCDD        (980b56e2e273e19d3a9d72d5c420f008) C:\Windows\system32\drivers\rdpencdd.sys
2011/04/08 11:08:54.0762 3808        RDPWD          (8830e790a74a96605faba74f9665bb3c) C:\Windows\system32\drivers\RDPWD.sys
2011/04/08 11:08:54.0840 3808        RFCOMM          (7ec90c316177ba3f1bce92005264b447) C:\Windows\system32\DRIVERS\rfcomm.sys
2011/04/08 11:08:54.0887 3808        rspndr          (97e939d2128fec5d5a3e6e79b290a2f4) C:\Windows\system32\DRIVERS\rspndr.sys
2011/04/08 11:08:54.0934 3808        RTL8169        (71b7026d61293c1e91145bdad11c53bf) C:\Windows\system32\DRIVERS\Rtlh86.sys
2011/04/08 11:08:54.0981 3808        RTSTOR          (e845f4d709c456992f11d2acf321bced) C:\Windows\system32\drivers\RTSTOR.SYS
2011/04/08 11:08:55.0012 3808        sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/04/08 11:08:55.0059 3808        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/04/08 11:08:55.0106 3808        Serenum        (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\DRIVERS\serenum.sys
2011/04/08 11:08:55.0152 3808        Serial          (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\DRIVERS\serial.sys
2011/04/08 11:08:55.0199 3808        sermouse        (450accd77ec5cea720c1cdb9e26b953b) C:\Windows\system32\drivers\sermouse.sys
2011/04/08 11:08:55.0246 3808        sffdisk        (51cf56aa8bcc241f134b420b8f850406) C:\Windows\system32\drivers\sffdisk.sys
2011/04/08 11:08:55.0277 3808        sffp_mmc        (96ded8b20c734ac41641ce275250e55d) C:\Windows\system32\drivers\sffp_mmc.sys
2011/04/08 11:08:55.0293 3808        sffp_sd        (8b08cab1267b2c377883fc9e56981f90) C:\Windows\system32\drivers\sffp_sd.sys
2011/04/08 11:08:55.0324 3808        sfloppy        (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/04/08 11:08:55.0371 3808        sisagp          (08072b2fb92477fc813271a84b3a8698) C:\Windows\system32\drivers\sisagp.sys
2011/04/08 11:08:55.0402 3808        SiSRaid2        (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2011/04/08 11:08:55.0433 3808        SiSRaid4        (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2011/04/08 11:08:55.0480 3808        Smb            (ac0d90738adb51a6fd12ff00874a2162) C:\Windows\system32\DRIVERS\smb.sys
2011/04/08 11:08:55.0511 3808        spldr          (426f9b029aa9162ceccf65369457d046) C:\Windows\system32\drivers\spldr.sys
2011/04/08 11:08:55.0620 3808        SRTSP          (a7a104a61c4e30de9c58f8c372a5c209) C:\Windows\System32\Drivers\NIS\1205000.07D\SRTSP.SYS
2011/04/08 11:08:55.0667 3808        SRTSPX          (2833445f786bd000bb14c84a9d91347a) C:\Windows\system32\drivers\NIS\1205000.07D\SRTSPX.SYS
2011/04/08 11:08:55.0761 3808        srv            (038579c35f7cad4a4bbf735dbf83277d) C:\Windows\system32\DRIVERS\srv.sys
2011/04/08 11:08:55.0808 3808        srv2            (6971a757af8cb5e2cbcbb76cc530db6c) C:\Windows\system32\DRIVERS\srv2.sys
2011/04/08 11:08:55.0854 3808        srvnet          (9e1a4603b874eebce0298113951abefb) C:\Windows\system32\DRIVERS\srvnet.sys
2011/04/08 11:08:55.0948 3808        SVKP            (f05028b163b92c302a74409d683ac9b0) C:\Windows\system32\SVKP.sys
2011/04/08 11:08:55.0995 3808        swenum          (3b80b4383c9bce13279c8482734b32b2) C:\Windows\system32\DRIVERS\swenum.sys
2011/04/08 11:08:56.0042 3808        Symc8xx        (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/04/08 11:08:56.0120 3808        SymDS          (bdf077b897b5f9f929b6bf0cfd436962) C:\Windows\system32\drivers\NIS\1205000.07D\SYMDS.SYS
2011/04/08 11:08:56.0198 3808        SymEFA          (7732298ad2eddd364c1d4f439d99ae7c) C:\Windows\system32\drivers\NIS\1205000.07D\SYMEFA.SYS
2011/04/08 11:08:56.0276 3808        SymEvent        (5c76a63fac8a5580c5a1c4a4ed827782) C:\Windows\system32\Drivers\SYMEVENT.SYS
2011/04/08 11:08:56.0338 3808        SymIRON        (a73399804d5d4a8b20ba60fcf70c9f1f) C:\Windows\system32\drivers\NIS\1205000.07D\Ironx86.SYS
2011/04/08 11:08:56.0400 3808        SYMTDIv        (c93e93bff7cba0cd1c1ea282d791b772) C:\Windows\System32\Drivers\NIS\1205000.07D\SYMTDIV.SYS
2011/04/08 11:08:56.0447 3808        Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/04/08 11:08:56.0478 3808        Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/04/08 11:08:56.0510 3808        SynTP          (f7a4250bb3e3afcd4af100e551509352) C:\Windows\system32\DRIVERS\SynTP.sys
2011/04/08 11:08:56.0603 3808        Tcpip          (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\drivers\tcpip.sys
2011/04/08 11:08:56.0650 3808        Tcpip6          (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\DRIVERS\tcpip.sys
2011/04/08 11:08:56.0681 3808        tcpipreg        (5ce0c4a7b12d0067dad527d72b68c726) C:\Windows\system32\drivers\tcpipreg.sys
2011/04/08 11:08:56.0728 3808        TDPIPE          (964248aef49c31fa6a93201a73ffaf50) C:\Windows\system32\drivers\tdpipe.sys
2011/04/08 11:08:56.0759 3808        TDTCP          (7d2c1ae1648a60fce4aa0f7982e419d3) C:\Windows\system32\drivers\tdtcp.sys
2011/04/08 11:08:56.0806 3808        tdx            (ab4fde8af4a0270a46a001c08cbce1c2) C:\Windows\system32\DRIVERS\tdx.sys
2011/04/08 11:08:56.0853 3808        TermDD          (849ed71967d45f15c3e0abfc633fdf2a) C:\Windows\system32\DRIVERS\termdd.sys
2011/04/08 11:08:56.0915 3808        tssecsrv        (29f0eca726f0d51f7e048bdb0b372f29) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/04/08 11:08:56.0962 3808        tunmp          (65e953bc0084d44498b51f59784d2a82) C:\Windows\system32\DRIVERS\tunmp.sys
2011/04/08 11:08:56.0993 3808        tunnel          (4a39bda5e0fd30bdf4884f9d33ae6105) C:\Windows\system32\DRIVERS\tunnel.sys
2011/04/08 11:08:57.0024 3808        uagp35          (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2011/04/08 11:08:57.0056 3808        udfs            (6348da98707ceda8a0dfb05820e17732) C:\Windows\system32\DRIVERS\udfs.sys
2011/04/08 11:08:57.0102 3808        uliagpkx        (6d72ef05921abdf59fc45c7ebfe7e8dd) C:\Windows\system32\drivers\uliagpkx.sys
2011/04/08 11:08:57.0149 3808        uliahci        (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2011/04/08 11:08:57.0180 3808        UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/04/08 11:08:57.0212 3808        ulsata2        (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/04/08 11:08:57.0258 3808        umbus          (3fb78f1d1dd86d87bececd9dffa24dd9) C:\Windows\system32\DRIVERS\umbus.sys
2011/04/08 11:08:57.0336 3808        USB28xxBGA      (01f43ddc94653cd68d2794ec4500debc) C:\Windows\system32\DRIVERS\emBDA.sys
2011/04/08 11:08:57.0368 3808        USB28xxOEM      (925e82ffe06a37799e5cb486528ed835) C:\Windows\system32\DRIVERS\emOEM.sys
2011/04/08 11:08:57.0430 3808        usbbus          (9419faac6552a51542dbba02971c841c) C:\Windows\system32\DRIVERS\lgusbbus.sys
2011/04/08 11:08:57.0477 3808        usbccgp        (03b01e8dbd2da2b49157b7e51912aaf2) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/04/08 11:08:57.0539 3808        usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/04/08 11:08:57.0586 3808        UsbDiag        (c0a466fa4ffec464320e159bc1bbdc0c) C:\Windows\system32\DRIVERS\lgusbdiag.sys
2011/04/08 11:08:57.0648 3808        usbehci        (2f83363f98484f8edaf49f9b41520d14) C:\Windows\system32\DRIVERS\usbehci.sys
2011/04/08 11:08:57.0695 3808        usbhub          (14d2a4dcd92c0b3368667aed6893463d) C:\Windows\system32\DRIVERS\usbhub.sys
2011/04/08 11:08:57.0758 3808        USBModem        (f74a54774a9b0afeb3c40adec68aa600) C:\Windows\system32\DRIVERS\lgusbmodem.sys
2011/04/08 11:08:57.0789 3808        usbohci        (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/04/08 11:08:57.0836 3808        usbprint        (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\DRIVERS\usbprint.sys
2011/04/08 11:08:57.0898 3808        usbscan        (b1f95285c08ddfe00c0b955462637ec7) C:\Windows\system32\DRIVERS\usbscan.sys
2011/04/08 11:08:57.0945 3808        usbsermptxp    (49106ee29074e6a3d3ac9e24c6d791d8) C:\Windows\system32\DRIVERS\usbsermptxp.sys
2011/04/08 11:08:57.0992 3808        USBSTOR        (7887ce56934e7f104e98c975f47353c5) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/04/08 11:08:58.0054 3808        usbuhci        (7747b902f6b7d0096f9c2bf55d3247f1) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/04/08 11:08:58.0116 3808        vga            (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/04/08 11:08:58.0163 3808        VgaSave        (17a8f877314e4067f8c8172cc6d9101c) C:\Windows\System32\drivers\vga.sys
2011/04/08 11:08:58.0194 3808        viaagp          (d5929a28bdff4367a12caf06af901971) C:\Windows\system32\drivers\viaagp.sys
2011/04/08 11:08:58.0226 3808        ViaC7          (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2011/04/08 11:08:58.0257 3808        viaide          (c0ace9d0f5a5ee0b00f58345947a57fc) C:\Windows\system32\drivers\viaide.sys
2011/04/08 11:08:58.0304 3808        volmgr          (fd16fac15f9f165ac19a618e7b391f5c) C:\Windows\system32\drivers\volmgr.sys
2011/04/08 11:08:58.0350 3808        volmgrx        (294da8d3f965f6a8db934a83c7b461ff) C:\Windows\system32\drivers\volmgrx.sys
2011/04/08 11:08:58.0413 3808        volsnap        (80dc0c9bcb579ed9815001a4d37cbfd5) C:\Windows\system32\drivers\volsnap.sys
2011/04/08 11:08:58.0444 3808        vsmraid        (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2011/04/08 11:08:58.0506 3808        WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/04/08 11:08:58.0538 3808        Wanarp          (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/08 11:08:58.0553 3808        Wanarpv6        (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/08 11:08:58.0600 3808        Wd              (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2011/04/08 11:08:58.0647 3808        Wdf01000        (7b5f66e4a2219c7d9daf9e738480e534) C:\Windows\system32\drivers\Wdf01000.sys
2011/04/08 11:08:58.0772 3808        WmiAcpi        (17eac0d023a65fa9b02114cc2baacad5) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/04/08 11:08:58.0850 3808        WpdUsb          (2d27171b16a577ef14c1273668753485) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/04/08 11:08:58.0896 3808        ws2ifsl        (84620aecdcfd2a7a14e6263927d8c0ed) C:\Windows\system32\drivers\ws2ifsl.sys
2011/04/08 11:08:58.0943 3808        WUDFRd          (a2aafcc8a204736296d937c7c545b53f) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/04/08 11:08:59.0037 3808        ================================================================================
2011/04/08 11:08:59.0037 3808        Scan finished
2011/04/08 11:08:59.0037 3808        ================================================================================
2011/04/08 11:09:15.0604 2020        Deinitialize success
:dankeschoen: und Gruß,
Stephi

cosinus 08.04.2011 10:35
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
http://saved.im/mtm0nzyzmzd5/cofi.jpg
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

zelluloid 08.04.2011 11:52
Hallo Arne,

Combofix lief problemlos. Hier die logfile:

Code:
ComboFix 11-04-07.08 - Zaphod 08.04.2011  12:24:30.1.2 - x86
Microsoft® Windows Vista™ Business  6.0.6000.0.1252.49.1031.18.2038.1037 [GMT 2:00]
ausgeführt von:: c:\users\Zaphod\Downloads\cofi.exe
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\Thumbs.db
.
.
(((((((((((((((((((((((  Dateien erstellt von 2011-03-08 bis 2011-04-08  ))))))))))))))))))))))))))))))
.
.
2011-04-08 10:35 . 2011-04-08 10:35        --------        d-----w-        c:\users\Zaphod\AppData\Local\temp
2011-04-08 10:13 . 2011-04-08 10:13        --------        d-----w-        c:\program files\CCleaner
2011-04-07 19:12 . 2011-04-07 19:12        --------        d-----w-        C:\_OTL
2011-04-06 15:22 . 2010-12-20 16:09        38224        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-06 15:22 . 2010-12-20 16:08        20952        ----a-w-        c:\windows\system32\drivers\mbam.sys
2011-04-06 12:03 . 2011-04-06 12:03        --------        d-----w-        c:\program files\Common Files\Java
2011-04-06 12:02 . 2011-04-06 12:02        --------        d-----w-        c:\program files\Java
2011-04-06 11:59 . 2011-04-06 11:59        --------        d-----w-        c:\programdata\Apple Computer
2011-04-06 11:59 . 2010-04-16 17:00        159744        ----a-w-        c:\program files\Mozilla Firefox\plugins\npqtplugin5.dll
2011-04-06 11:59 . 2010-04-16 17:00        159744        ----a-w-        c:\program files\Mozilla Firefox\plugins\npqtplugin4.dll
2011-04-06 11:59 . 2010-04-16 17:00        159744        ----a-w-        c:\program files\Mozilla Firefox\plugins\npqtplugin3.dll
2011-04-06 11:59 . 2010-04-16 17:00        159744        ----a-w-        c:\program files\Mozilla Firefox\plugins\npqtplugin2.dll
2011-04-06 11:59 . 2010-04-16 17:00        159744        ----a-w-        c:\program files\Mozilla Firefox\plugins\npqtplugin.dll
2011-04-06 11:59 . 2010-03-17 20:53        94208        ----a-w-        c:\windows\system32\QuickTimeVR.qtx
2011-04-06 11:59 . 2010-03-17 20:53        69632        ----a-w-        c:\windows\system32\QuickTime.qts
2011-04-06 11:59 . 2010-03-17 20:53        180224        ----a-w-        c:\windows\system32\QTCF.dll
2011-04-06 11:59 . 2011-04-06 11:59        --------        d-----w-        c:\program files\QuickTime Alternative
2011-04-06 10:18 . 2011-04-06 11:34        --------        d-----w-        c:\program files\Spybot - Search & Destroy
2011-04-06 10:18 . 2011-04-06 11:32        --------        d-----w-        c:\programdata\Spybot - Search & Destroy
2011-04-06 08:52 . 2011-04-06 08:52        --------        d-----w-        c:\users\Zaphod\AppData\Roaming\Malwarebytes
2011-04-06 08:52 . 2011-04-06 08:52        --------        d-----w-        c:\programdata\Malwarebytes
2011-04-06 08:52 . 2011-04-06 15:22        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2011-03-29 08:11 . 2011-03-29 08:11        --------        d-----w-        c:\users\Zaphod\AppData\Local\DDMSettings
2011-03-27 19:59 . 2011-03-27 19:59        --------        d-----w-        c:\program files\Common Files\DivX Shared
2011-03-26 12:36 . 2011-03-26 12:36        --------        d-----w-        c:\users\Zaphod\AppData\Roaming\EAC
2011-03-26 12:36 . 2011-03-26 12:36        --------        d-----w-        c:\program files\Exact Audio Copy
2011-03-26 09:54 . 2011-03-26 09:54        --------        d-----w-        c:\programdata\Driver Whiz
2011-03-24 21:12 . 2009-03-17 09:38        364544        ----a-w-        c:\windows\system32\MACDll.dll
2011-03-24 21:12 . 2009-01-19 18:39        246424        ----a-w-        c:\windows\system32\unicows.dll
2011-03-24 21:12 . 2011-03-24 21:12        --------        d-----w-        c:\program files\Monkey's Audio
2011-03-24 13:30 . 2011-03-24 13:30        --------        d-----w-        c:\program files\LG Electronics
2011-03-24 13:12 . 2011-03-24 13:12        --------        d-----w-        c:\users\Zaphod\AppData\Roaming\Amazon
2011-03-24 13:11 . 2011-03-24 13:11        --------        d-----w-        c:\program files\Amazon
2011-03-24 12:42 . 2009-09-04 16:29        1892184        ----a-w-        c:\windows\system32\D3DX9_42.dll
2011-03-24 12:41 . 2011-03-24 12:41        --------        d-----w-        c:\program files\Winamp Detect
2011-03-24 12:39 . 2011-04-08 10:15        --------        d-----w-        c:\users\Zaphod\AppData\Roaming\Winamp
2011-03-24 12:39 . 2011-03-24 12:42        --------        d-----w-        c:\program files\Winamp
2011-03-17 19:57 . 2011-03-17 19:57        12800        ----a-w-        c:\program files\Mozilla Firefox\plugins\npwachk.dll
2011-03-09 11:22 . 2011-04-06 12:00        --------        d-----w-        c:\program files\DivX
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-06 12:02 . 2010-12-27 15:09        472808        ----a-w-        c:\windows\system32\deployJava1.dll
2011-04-02 13:46 . 2006-11-02 10:32        101376        ----a-w-        c:\windows\system32\ifxcardm.dll
2011-04-02 13:46 . 2006-11-02 10:32        79872        ----a-w-        c:\windows\system32\axaltocm.dll
2011-04-02 11:38 . 2010-12-28 13:53        47560        ----a-w-        c:\windows\system32\SPReview.exe
2011-04-02 11:38 . 2010-12-28 13:53        152576        ----a-w-        c:\windows\system32\SPWizUI.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 815104]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-11 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-11 133656]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2007-12-5 813584]
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Photo Express Calendar Checker SE.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Photo Express Calendar Checker SE.lnk
backup=c:\windows\pss\Photo Express Calendar Checker SE.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Remote Control.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Remote Control.lnk
backup=c:\windows\pss\Remote Control.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Zaphod^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PowerReg Scheduler V3.exe]
path=c:\users\Zaphod\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe
backup=c:\windows\pss\PowerReg Scheduler V3.exe.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2006-12-22 05:29        67752        ----a-w-        c:\program files\Adobe\Photoshop Elements 5.0\apdproxy.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Center Agent]
2009-08-18 19:02        1520128        ----a-w-        c:\program files\KWorld Multimedia\HyperMedia\DTVR\Scheduled.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-03-21 21:10        1230704        ----a-w-        c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 09:44        31072        ----a-w-        c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotkeyApp]
2007-04-26 17:29        188416        ----a-w-        c:\program files\Launch Manager\HotkeyApp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
2009-06-17 16:55        55824        ----a-w-        c:\windows\KHALMNPR.Exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 13:40        155648        ----a-w-        c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM2_Monitor]
2006-12-01 20:28        95800        ----a-w-        c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PE2CKFNT SE]
1998-07-03 10:51        25088        ------w-        c:\program files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-10-29 12:49        249064        ----a-w-        c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2008-01-19 11:41        185896        ----a-w-        c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2011-03-17 19:56        74752        ----a-w-        c:\program files\Winamp\winampa.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2006-11-02 12:36        201728        ----a-w-        c:\program files\Windows Media Player\wmpnscfg.exe
.
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2006-11-02 167936]
R3 BthAvrcp;Bluetooth-AVRCP-Profil;c:\windows\system32\DRIVERS\BthAvrcp.sys [2010-02-05 28048]
R4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-12-20 135664]
S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110309.001\BHDrvx86.sys [2011-02-25 800376]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110407.001\IDSvix86.sys [2011-03-14 353912]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-11-15 102448]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork        REG_MULTI_SZ          PLA DPS BFE mpssvc
bthsvcs        REG_MULTI_SZ          BthServ
.
Inhalt des "geplante Tasks" Ordners
.
2011-04-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-20 09:10]
.
2011-04-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-20 09:10]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Zaphod\AppData\Roaming\Mozilla\Firefox\Profiles\3pbm62fv.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Norton IPS: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn
FF - Ext: Norton Toolbar: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62} - c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn
FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\DivX\DivX Plus Web Player\firefox\wpa
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
SafeBoot-klmdb.sys
MSConfigStartUp-cleansweep - c:\cleansweep.exe\cleansweep.exe
MSConfigStartUp-CtrlVol - c:\program files\Launch Manager\CtrlVol.exe
MSConfigStartUp-LaunchAp - c:\program files\Launch Manager\LaunchAp.exe
MSConfigStartUp-MobileConnect - %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\QTTask.exe
MSConfigStartUp-Wbutton - c:\program files\Launch Manager\WButton.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-04-08 12:35
Windows 6.0.6000  NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\18.5.0.125\diMaster.dll\" /prefetch:1"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2011-04-08  12:40:43
ComboFix-quarantined-files.txt  2011-04-08 10:40
.
Vor Suchlauf: 13 Verzeichnis(se), 184.853.966.848 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 184.252.383.232 Bytes frei
.
- - End Of File - - 32828BEAC649B8580D4EA4B5001AC5D0
Gruß,
Stephi :)

cosinus 08.04.2011 14:02
Zitat:
Windows 6.0.6000
Internet Explorer 7.0.6000.17037
Wieso wurd eigentlich noch kein einziges Update installiert?
Wo ist das SP2? Nichtmal SP1 ist drauf! Wo ist IE9 oder zumindest IE8?

zelluloid 08.04.2011 15:54
Hallo Arne,

ich versteh das auch nicht. Die automatischen Updates über Windows Update habe ich immer ausgeführt. Dachte eigentlich, dass dieses Programm auch die SP's installiert. War aber nicht so.
Habe deshalb mehrmals (gerade eben auch noch einmal) versucht, das SP1 manuell zu installieren. Klappt aber nicht. Sagt mir immer am Ende der Installation, dass SP1 nicht installiert werden konnte und alle Änderungen rückgängig gemacht werden. (Norton, Windows Firewall und Defender waren immer ausgeschaltet und ich habe das SP auch immer als Admin gestartet). Wenn er wieder hochfährt, zeigt er mir den Fehlercode 0x800F0826 an.
Soll ich Norton deinstallieren? Mir fällt nix mehr ein. :confused:

Grüße,
Stephi


Alle Zeitangaben in WEZ +1. Es ist jetzt 18:32 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19