Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Trojan.Hiloti.Gen / Appcrash svchost.exe / Google Redirects / ständige Angriffe etc.

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 06.04.2011, 18:22   #1
zelluloid
 
Trojan.Hiloti.Gen / Appcrash svchost.exe / Google Redirects / ständige Angriffe etc. - Standard

Trojan.Hiloti.Gen / Appcrash svchost.exe / Google Redirects / ständige Angriffe etc.



(Kenne mich nicht so aus, also bitte nicht wundern, ich geb mein Bestes)

Habe seit einigen Tagen mehrere Probleme auf meiner Windows Vista Partition:

Norton meldet ständig Angriffe (Tidserv Activity : System Infected). Es sind immer die selben IP's, anscheinend russische. Windows Update funktioniert nicht. Google leitet mich öfter um. Es kommt ständig die Meldung 'Windows Dienst funktioniert nicht mehr', Appcrash, svchost.exe. Manchmal wechselt das Design meiner Taskleiste und sieht dann wie das von XP aus, auch bei dem Fenster von 'Windows Dienst funktioniert nicht' hab ich das XP-Design.

Hier meine Malwarebytes logfile
Code:
ATTFilter
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6283

Windows 6.0.6000
Internet Explorer 7.0.6000.17037

##########
mbam-log-2011-04-06 (11-05-39).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 150130
Laufzeit: 5 Minute(n), 51 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 2
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell.Gen) -> Value: Shell -> Delete on reboot.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer (PUM.Bad.Proxy) -> Value: ProxyServer -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (explorer.exe,C:\Users\Zaphod\AppData\Roaming\Microsoft\Windows\shell.exe) Good: (Explorer.exe) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\Zaphod\AppData\Local\Temp\snwroeaxcm.exe (Trojan.Hiloti.Gen) -> Quarantined and deleted successfully.
c:\Users\Zaphod\AppData\Roaming\chkntfs.dat (Malware.Trace) -> Quarantined and deleted successfully.
         

Alt 06.04.2011, 19:57   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojan.Hiloti.Gen / Appcrash svchost.exe / Google Redirects / ständige Angriffe etc. - Standard

Trojan.Hiloti.Gen / Appcrash svchost.exe / Google Redirects / ständige Angriffe etc.



Hallo und

Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

Danach OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________

__________________

Alt 07.04.2011, 14:01   #3
zelluloid
 
Trojan.Hiloti.Gen / Appcrash svchost.exe / Google Redirects / ständige Angriffe etc. - Standard

Trojan.Hiloti.Gen / Appcrash svchost.exe / Google Redirects / ständige Angriffe etc.



Vielen Dank für die schnelle Antwort. Habe schon einmal versucht zu posten, hat aber anscheinend nicht funktioniert.

Hier die logfilfe von Malwarebytes nach Aktualisierung und Vollscan:
Code:
ATTFilter
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6290

Windows 6.0.6000
Internet Explorer 7.0.6000.17037

07.04.2011 00:04
mbam-log-2011-04-07 (00-04-00).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|F:\|)
Durchsuchte Objekte: 277464
Laufzeit: 1 Stunde(n), 14 Minute(n), 30 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
         
OTL:
Code:
ATTFilter
OTL logfile created on: 07.04.2011 14:16:23 - Run 1
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\Zaphod\Downloads
Windows Vista Business Edition  (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.17037)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 48,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 78,00% Paging File free
Paging file location(s): ?:\pagefile.sys
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 218,41 Gb Total Space | 172,77 Gb Free Space | 79,10% Space Free | Partition Type: NTFS
 
Computer Name: ZAPHOD-LAB | User Name: Zaphod | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Zaphod\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
PRC - C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE (Logitech, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Zaphod\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\PROGRAM FILES\NORTON INTERNET SECURITY\ENGINE\18.5.0.125\ASOEHOOK.DLL (Symantec Corporation)
MOD - C:\PROGRAM FILES\NORTON INTERNET SECURITY\ENGINE\18.5.0.125\Microsoft.VC90.CRT\MSVCR90.dll (Microsoft Corporation)
MOD - C:\PROGRAM FILES\NORTON INTERNET SECURITY\ENGINE\18.5.0.125\Microsoft.VC90.CRT\MSVCP90.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (NIS) -- C:\Program Files\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe (Symantec Corporation)
SRV - (LBTServ) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (AdobeActiveFileMonitor5.0) -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe ()
SRV - (WisLMSvc) -- C:\Program Files\Launch Manager\WisLMSvc.exe (Wistron Corp.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110406.003\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110406.003\NAVENG.SYS (Symantec Corporation)
DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110405.001\IDSvix86.sys (Symantec Corporation)
DRV - (BHDrvx86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110309.001\BHDrvx86.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (SYMTDIv) -- C:\Windows\System32\Drivers\NIS\1205000.07D\SYMTDIV.SYS (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\System32\Drivers\NIS\1205000.07D\SRTSP.SYS (Symantec Corporation)
DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\system32\drivers\NIS\1205000.07D\SRTSPX.SYS (Symantec Corporation)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (SymEFA) -- C:\Windows\system32\drivers\NIS\1205000.07D\SYMEFA.SYS (Symantec Corporation)
DRV - (SymIRON) -- C:\Windows\system32\drivers\NIS\1205000.07D\Ironx86.SYS (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (SymDS) -- C:\Windows\system32\drivers\NIS\1205000.07D\SYMDS.SYS (Symantec Corporation)
DRV - (BthAvrcp) -- C:\Windows\System32\drivers\BthAvrcp.sys (CSR, plc)
DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (USBModem) -- C:\Windows\System32\drivers\lgusbmodem.sys (LG Electronics Inc.)
DRV - (UsbDiag) -- C:\Windows\System32\drivers\lgusbdiag.sys (LG Electronics Inc.)
DRV - (usbbus) -- C:\Windows\System32\drivers\lgusbbus.sys (LG Electronics Inc.)
DRV - (SVKP) -- C:\Windows\System32\SVKP.sys (AntiCracking)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.)
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (AF15BDA) -- C:\Windows\System32\drivers\AF15BDA.sys (AfaTech                  )
DRV - (NETw4v32) Intel(R) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (USB28xxBGA) -- C:\Windows\System32\drivers\emBDA.sys (eMPIA Technology, Inc.)
DRV - (USB28xxOEM) -- C:\Windows\System32\drivers\emOEM.sys (eMPIA Technology, Inc.)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation                                            )
DRV - (Hotkey) -- C:\Windows\System32\drivers\HOTKEY.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.fujitsu-siemens.com/index2
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:5.5
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\ [2011.01.13 19:48:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn\ [2011.01.07 04:05:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.03.29 10:10:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.03.29 10:10:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.04.06 14:17:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.04.06 14:17:16 | 000,000,000 | ---D | M]
 
[2011.04.06 14:18:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Zaphod\AppData\Roaming\mozilla\Extensions
[2011.04.06 14:21:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Zaphod\AppData\Roaming\mozilla\Firefox\Profiles\3pbm62fv.default\extensions
[2011.04.06 14:21:22 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Zaphod\AppData\Roaming\mozilla\Firefox\Profiles\3pbm62fv.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.04.06 14:17:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2011.04.06 14:03:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.03.29 10:10:21 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\HTML5VIDEO
[2011.03.29 10:10:21 | 000,000,000 | ---D | M] (DivX HiQ) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\WPA
[2011.01.07 04:05:19 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\COFFPLGN
[2011.01.13 19:48:04 | 000,000,000 | ---D | M] (Norton IPS) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPLGN
[2011.04.06 14:02:30 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.03.17 21:57:30 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2011.03.20 01:06:12 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.03.20 01:06:12 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.03.20 01:06:13 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.03.20 01:06:13 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.03.20 01:06:13 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.04.06 13:02:04 | 000,432,311 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O1 - Hosts: 127.0.0.1
O1 - Hosts: 127.0.0.1
O1 - Hosts: 127.0.0.1
O1 - Hosts: 127.0.0.1
O1 - Hosts: 127.0.0.1
O1 - Hosts: 127.0.0.1
O1 - Hosts: 127.0.0.1
O1 - Hosts: 127.0.0.1
O1 - Hosts: 127.0.0.1
O1 - Hosts: 127.0.0.1
O1 - Hosts: 127.0.0.1
O1 - Hosts: 127.0.0.1
O1 - Hosts: 127.0.0.1
O1 - Hosts: 127.0.0.1
O1 - Hosts: 127.0.0.1
O1 - Hosts: 127.0.0.1
O1 - Hosts: 127.0.0.1
O1 - Hosts: 127.0.0.1
O1 - Hosts: 127.0.0.1
O1 - Hosts: 127.0.0.1
O1 - Hosts: 127.0.0.1
O1 - Hosts: 127.0.0.1
O1 - Hosts: 127.0.0.1
O1 - Hosts: 14882 more lines...
O2 - BHO: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\IPS\IPSBHO.DLL (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\coIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\coIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [MSConfig] C:\Windows\System32\msconfig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files\vShare\vshare_toolbar.dll ()
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Zaphod\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Zaphod\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{5d118db0-23b3-11e0-baaa-8412d60bb5e4}\Shell - "" = AutoRun
O33 - MountPoints2\{5d118db0-23b3-11e0-baaa-8412d60bb5e4}\Shell\AutoRun\command - "" = E:\LGAutoRun.exe
O33 - MountPoints2\{77d23c94-c14c-11dd-8837-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{77d23c94-c14c-11dd-8837-806e6f6e6963}\Shell\AutoRun\command - "" = D:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.04.06 17:22:48 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.04.06 17:22:42 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.04.06 15:07:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2011.04.06 14:18:07 | 000,000,000 | ---D | C] -- C:\Users\Zaphod\AppData\Roaming\Mozilla
[2011.04.06 14:03:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011.04.06 14:03:06 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011.04.06 14:03:06 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011.04.06 14:03:06 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011.04.06 14:02:22 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011.04.06 13:59:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2011.04.06 13:59:45 | 000,180,224 | ---- | C] (Apple Inc.) -- C:\Windows\System32\QTCF.dll
[2011.04.06 13:59:45 | 000,094,208 | ---- | C] (Apple Inc.) -- C:\Windows\System32\QuickTimeVR.qtx
[2011.04.06 13:59:45 | 000,069,632 | ---- | C] (Apple Inc.) -- C:\Windows\System32\QuickTime.qts
[2011.04.06 13:59:39 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime Alternative
[2011.04.06 12:18:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011.04.06 12:18:37 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011.04.06 10:52:23 | 000,000,000 | ---D | C] -- C:\Users\Zaphod\AppData\Roaming\Malwarebytes
[2011.04.06 10:52:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.04.06 10:52:03 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.04.02 16:06:35 | 000,000,000 | ---D | C] -- C:\Program Files\MSN
[2011.03.31 15:55:43 | 000,962,560 | ---- | C] (East Wind Software) -- C:\Windows\System32\advdaudio.ocx
[2011.03.31 15:55:43 | 000,835,584 | ---- | C] (NCT) -- C:\Windows\System32\NCTAudioCDGrabber2.dll
[2011.03.31 15:55:43 | 000,634,880 | ---- | C] (Online Media Technologies Ltd.) -- C:\Windows\System32\NCTAudioEditor2.dll
[2011.03.31 15:55:43 | 000,522,752 | ---- | C] (Online Media Technologies Ltd.) -- C:\Windows\System32\NCTAudioTransform2.dll
[2011.03.31 15:55:43 | 000,479,232 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\NCTAudioVisualization2.dll
[2011.03.31 15:55:43 | 000,348,160 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\NCTWMAFile2.dll
[2011.03.31 15:55:42 | 000,966,144 | ---- | C] (Online Media Technologies Ltd.) -- C:\Windows\System32\NCTAudioInformation2.dll
[2011.03.31 15:55:42 | 000,877,568 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\NCTAudioFile2.dll
[2011.03.31 15:55:42 | 000,467,968 | ---- | C] (Online Media Technologies Ltd.) -- C:\Windows\System32\NCTAudioRecord2.dll
[2011.03.31 15:55:42 | 000,467,456 | ---- | C] (Online Media Technologies Ltd.) -- C:\Windows\System32\NCTAudioPlayer2.dll
[2011.03.31 15:55:42 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcr70.dll
[2011.03.31 15:55:41 | 000,000,000 | ---D | C] -- C:\Program Files\concept design
[2011.03.29 10:11:26 | 000,000,000 | ---D | C] -- C:\Users\Zaphod\AppData\Local\DDMSettings
[2011.03.27 21:59:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus
[2011.03.27 21:59:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2011.03.26 14:36:27 | 000,000,000 | ---D | C] -- C:\Users\Zaphod\AppData\Roaming\EAC
[2011.03.26 14:36:18 | 000,000,000 | ---D | C] -- C:\Users\Zaphod\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Exact Audio Copy
[2011.03.26 14:36:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Exact Audio Copy
[2011.03.26 14:36:17 | 000,000,000 | ---D | C] -- C:\Program Files\Exact Audio Copy
[2011.03.26 11:54:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Driver Whiz
[2011.03.24 23:12:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Monkey's Audio
[2011.03.24 23:12:25 | 000,364,544 | ---- | C] (Matthew T. Ashland) -- C:\Windows\System32\MACDll.dll
[2011.03.24 23:12:25 | 000,246,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unicows.dll
[2011.03.24 23:12:24 | 000,000,000 | ---D | C] -- C:\Program Files\Monkey's Audio
[2011.03.24 15:30:52 | 000,000,000 | ---D | C] -- C:\Program Files\LG Electronics
[2011.03.24 15:12:19 | 000,000,000 | ---D | C] -- C:\Users\Zaphod\AppData\Roaming\Amazon
[2011.03.24 15:11:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon
[2011.03.24 15:11:20 | 000,000,000 | ---D | C] -- C:\Program Files\Amazon
[2011.03.24 14:42:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp
[2011.03.24 14:42:09 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_42.dll
[2011.03.24 14:41:16 | 000,000,000 | ---D | C] -- C:\Users\Zaphod\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Winamp Erkennungs-Plug-in
[2011.03.24 14:41:16 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp Detect
[2011.03.24 14:39:31 | 000,000,000 | ---D | C] -- C:\Users\Zaphod\AppData\Roaming\Winamp
[2011.03.24 14:39:31 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp
[2011.03.09 13:22:23 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.04.07 14:15:09 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.04.07 14:14:41 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.04.07 14:14:41 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.04.07 14:14:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.04.07 14:14:01 | 2137,432,064 | -HS- | M] () -- C:\hiberfil.sys
[2011.04.07 02:46:42 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011.04.07 02:37:39 | 000,644,854 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.04.07 02:37:39 | 000,613,046 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.04.07 02:37:39 | 000,117,716 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.04.07 02:37:39 | 000,104,768 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.04.07 00:47:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.04.06 17:22:48 | 000,000,912 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.04.06 14:17:22 | 000,001,730 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011.04.06 14:11:59 | 000,019,277 | ---- | M] () -- C:\Users\Zaphod\Desktop\bookmarks-2011-04-06.json
[2011.04.06 14:02:30 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2011.04.06 14:02:30 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011.04.06 14:02:30 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011.04.06 14:02:30 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011.04.06 14:00:56 | 000,001,903 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
[2011.04.06 14:00:55 | 000,001,401 | ---- | M] () -- C:\Users\Zaphod\Desktop\DivX Movies.lnk
[2011.04.06 13:02:04 | 000,432,311 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011.04.05 21:35:36 | 406,186,373 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011.04.03 00:52:18 | 000,007,102 | ---- | M] () -- C:\Users\Zaphod\Desktop\9783867300940.jpg
[2011.04.02 16:14:14 | 000,433,272 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.04.02 15:46:44 | 000,101,376 | ---- | M] (Infineon Technologies AG) -- C:\Windows\System32\ifxcardm.dll
[2011.04.02 15:46:07 | 000,079,872 | ---- | M] (Axalto, Inc.) -- C:\Windows\System32\axaltocm.dll
[2011.04.02 13:38:24 | 000,152,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SPWizUI.dll
[2011.04.02 13:38:24 | 000,047,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SPReview.exe
[2011.03.30 18:06:14 | 000,000,436 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2011.03.26 14:36:20 | 000,000,873 | ---- | M] () -- C:\Users\Zaphod\Desktop\Exact Audio Copy.lnk
[2011.03.25 16:24:53 | 000,012,288 | ---- | M] () -- C:\Users\Zaphod\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.03.23 15:20:58 | 000,031,027 | ---- | M] () -- C:\Users\Zaphod\Desktop\SkizzeJohnson.jpg
[2011.03.12 11:27:38 | 000,007,020 | ---- | M] () -- C:\Users\Zaphod\Desktop\Rittersdorf1 an Schubert 27.2.11.pdf
[2011.03.12 11:21:03 | 001,369,134 | ---- | M] () -- C:\Users\Zaphod\Desktop\00000001.TIF
[3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.04.06 17:22:48 | 000,000,912 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.04.06 15:06:20 | 000,001,839 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk
[2011.04.06 14:17:22 | 000,001,730 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011.04.06 14:11:59 | 000,019,277 | ---- | C] () -- C:\Users\Zaphod\Desktop\bookmarks-2011-04-06.json
[2011.04.06 14:00:56 | 000,001,903 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
[2011.04.06 14:00:55 | 000,001,401 | ---- | C] () -- C:\Users\Zaphod\Desktop\DivX Movies.lnk
[2011.04.05 23:22:14 | 2137,432,064 | -HS- | C] () -- C:\hiberfil.sys
[2011.04.03 00:50:28 | 000,007,102 | ---- | C] () -- C:\Users\Zaphod\Desktop\9783867300940.jpg
[2011.03.31 15:55:43 | 000,110,080 | ---- | C] () -- C:\Windows\System32\advd.dll
[2011.03.31 15:55:43 | 000,023,040 | ---- | C] () -- C:\Windows\System32\auth.dll
[2011.03.31 15:55:42 | 000,237,568 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2011.03.26 14:36:19 | 000,000,873 | ---- | C] () -- C:\Users\Zaphod\Desktop\Exact Audio Copy.lnk
[2011.03.23 15:20:56 | 000,031,027 | ---- | C] () -- C:\Users\Zaphod\Desktop\SkizzeJohnson.jpg
[2011.03.12 11:27:38 | 000,007,020 | ---- | C] () -- C:\Users\Zaphod\Desktop\Rittersdorf1 an Schubert 27.2.11.pdf
[2011.03.12 11:21:02 | 001,369,134 | ---- | C] () -- C:\Users\Zaphod\Desktop\00000001.TIF
[2010.12.31 19:36:00 | 000,001,378 | ---- | C] () -- C:\Windows\System32\SpoonUninstall-dBpowerAMP WMA V9.1 Codec.dat
[2010.12.31 19:35:43 | 000,002,180 | ---- | C] () -- C:\Windows\System32\SpoonUninstall-dBpowerAMP WMA V9 Codec.dat
[2010.12.31 19:33:45 | 000,002,605 | ---- | C] () -- C:\Windows\System32\SpoonUninstall-dBpowerAMP Wavpack Codec.dat
[2010.11.16 22:47:39 | 000,012,288 | ---- | C] () -- C:\Users\Zaphod\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.03.04 13:03:32 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2009.09.01 20:20:34 | 000,179,200 | ---- | C] () -- C:\Windows\System32\Un_PLUSr.dll
[2009.08.12 14:53:28 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2009.08.12 14:13:03 | 000,000,035 | ---- | C] () -- C:\Windows\A4W.INI
[2009.08.12 14:12:03 | 000,000,319 | ---- | C] () -- C:\Windows\ULEAD32.INI
[2009.07.10 19:26:47 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009.06.06 11:03:06 | 000,000,760 | ---- | C] () -- C:\Users\Zaphod\AppData\Roaming\setup_ldm.iss
[2009.05.09 17:49:35 | 000,000,046 | ---- | C] () -- C:\Windows\QTW.INI
[2008.07.12 21:28:24 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2008.05.30 13:48:34 | 000,010,840 | ---- | C] () -- C:\Windows\System32\SpoonUninstall-dMC Power Pack.dat
[2008.05.30 13:37:54 | 000,036,104 | ---- | C] () -- C:\Windows\System32\SpoonUninstall-dBpowerAMP Music Converter.dat
[2008.02.21 11:39:52 | 000,069,632 | ---- | C] () -- C:\Windows\System32\xmltok.dll
[2008.02.21 11:39:51 | 000,036,864 | ---- | C] () -- C:\Windows\System32\xmlparse.dll
[2008.02.18 09:22:21 | 000,271,360 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2008.02.18 09:22:19 | 000,018,048 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2008.02.11 20:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2008.02.11 20:34:48 | 002,215,364 | ---- | C] () -- C:\Windows\System32\igklg400.bin
[2008.02.11 20:34:48 | 001,971,732 | ---- | C] () -- C:\Windows\System32\igklg450.bin
[2008.02.11 20:34:48 | 000,029,932 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.bin
[2008.02.05 18:38:49 | 000,000,850 | ---- | C] () -- C:\Windows\System32\SpoonUninstall-Ogg Vorbis aoTuV b4 SSE2.dat
[2008.02.05 18:38:44 | 000,000,789 | ---- | C] () -- C:\Windows\System32\SpoonUninstall-Ogg Vorbis aoTuV b4.dat
[2008.02.05 18:29:31 | 000,130,048 | ---- | C] () -- C:\Windows\System32\SpoonUninstall.exe
[2008.01.31 16:40:36 | 000,000,034 | ---- | C] () -- C:\Windows\cdplayer.ini
[2007.12.10 14:49:41 | 000,217,088 | R--- | C] () -- C:\Windows\System32\MafiaSetup.exe
[2007.10.11 10:52:30 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2007.09.29 21:30:39 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
[2007.09.29 21:30:39 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
[2007.09.29 21:30:39 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll
[2007.09.29 21:21:53 | 000,038,674 | ---- | C] () -- C:\Windows\DIIUnin.dat
[2007.09.27 20:48:18 | 000,009,867 | ---- | C] () -- C:\Windows\System32\drivers\HOTKEY.sys
[2007.09.27 20:47:03 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2007.09.05 17:56:47 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007.09.05 17:56:32 | 000,910,464 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007.09.05 17:56:32 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1268.dll
[2007.07.11 13:38:37 | 000,040,448 | ---- | C] () -- C:\Windows\REGOBJ.DLL
[2007.02.02 11:56:54 | 000,644,854 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2007.02.02 11:56:54 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2007.02.02 11:56:54 | 000,117,716 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2007.02.02 11:56:54 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006.12.01 18:34:16 | 000,053,248 | ---- | C] () -- C:\Windows\System32\PhysXLoader.dll
[2006.11.22 11:37:08 | 000,045,056 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2006.11.22 11:37:08 | 000,045,056 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2006.11.22 11:37:08 | 000,045,056 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2006.11.22 11:37:08 | 000,045,056 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2006.11.22 11:37:08 | 000,045,056 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2006.11.22 11:37:08 | 000,045,056 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2006.11.22 11:37:08 | 000,045,056 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2006.11.22 11:37:08 | 000,045,056 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2006.11.22 11:37:08 | 000,045,056 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2006.11.02 14:56:48 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:43 | 000,433,272 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:36:36 | 000,063,488 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2006.11.02 12:33:01 | 000,613,046 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,104,768 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.11.02 09:22:43 | 000,099,999 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2006.11.02 09:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[1997.06.14 08:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8

< End of report >
         
OTL Registry:
Code:
ATTFilter
OTL Extras logfile created on: 07.04.2011 14:16:23 - Run 1
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\Zaphod\Downloads
Windows Vista Business Edition  (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.17037)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 48,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 78,00% Paging File free
Paging file location(s): ?:\pagefile.sys
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 218,41 Gb Total Space | 172,77 Gb Free Space | 79,10% Space Free | Partition Type: NTFS
 
Computer Name: ZAPHOD-LAB | User Name: Zaphod | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
cval = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
AntiVirusOverride = 0
AntiSpywareOverride = 0
FirewallOverride = 0
VistaSp1 = Reg Error: Unknown registry data type -- File not found
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications = 0
EnableFirewall = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications = 0
EnableFirewall = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
DisableNotifications = 0
EnableFirewall = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
{275F5956-D7ED-4822-ACB6-4B629B3577A9} = lport=1434 | protocol=17 | dir=in | name=microsoft sql (udp) | 
{60A9F5A4-28C8-474B-A813-74A8A98F3B52} = lport=1433 | protocol=6 | dir=in | name=microsoft sql (tcp) | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
{207784FF-D210-49BD-8E48-5AEA2D7F76D3} = protocol=6 | dir=in | app=c:\program files\team mediaportal\mediaportal\mediaportal.exe | 
{2BC45063-1145-44EA-9CD3-8407E812538A} = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
{392E73D7-5E15-4540-AF1D-9368E33E21C5} = protocol=6 | dir=in | app=c:\program files\team mediaportal\mediaportal tv server\tvservice.exe | 
{4DEE3944-E82D-4F45-AB13-883446C35C27} = protocol=17 | dir=in | app=c:\program files\team mediaportal\mediaportal tv server\tvservice.exe | 
{4E3A8426-C85C-4682-A9FE-FAA1238F3206} = protocol=17 | dir=in | app=c:\program files\team mediaportal\mediaportal\mediaportal.exe | 
{914603C7-F9A7-4014-B60D-F9D708CBD455} = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
{DFC8FC5F-41EE-46D3-885A-F922882853D6} = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
TCP Query User{27302830-F8FA-408D-9136-67855E575A57}C:\program files\google\google earth\client\googleearth.exe = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
TCP Query User{64BFDC2F-794A-46BB-A254-51765551D2AE}C:\program files\mozilla firefox\firefox.exe = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
TCP Query User{6C42D564-CFED-4F85-B0E0-FCF87A7EF106}C:\program files\mozilla firefox\firefox.exe = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
TCP Query User{7C1F5E4E-8AC3-411C-A970-857226E08F06}D:\mirandaportable\app\miranda\miranda32.exe = protocol=6 | dir=in | app=d:\mirandaportable\app\miranda\miranda32.exe | 
TCP Query User{9F7ABBD7-6A20-4EA6-A4CD-728919EF5168}C:\program files\real\realplayer\realplay.exe = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe | 
TCP Query User{CEAAB43F-BF08-456A-B512-0891BC571FCF}C:\program files\diablo ii\game.exe = protocol=6 | dir=in | app=c:\program files\diablo ii\game.exe | 
TCP Query User{EE2DDEA0-2D95-49DA-BB15-5A7ED1343E12}C:\program files\google\google earth\plugin\geplugin.exe = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
TCP Query User{F7AA8D78-2DB0-4B95-A897-A8E4EDBF747D}C:\program files\real\realplayer\realplay.exe = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe | 
UDP Query User{06144DC5-5AE5-48D5-A5B3-4020E5030BCE}C:\program files\mozilla firefox\firefox.exe = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
UDP Query User{0BF4EA33-4EED-402C-A93F-114B74607A6D}C:\program files\google\google earth\plugin\geplugin.exe = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
UDP Query User{1BF43519-4D83-48EF-8790-A4ABD284887B}C:\program files\diablo ii\game.exe = protocol=17 | dir=in | app=c:\program files\diablo ii\game.exe | 
UDP Query User{77BA60A8-AAD3-4988-BDCF-81E90CB13BF4}C:\program files\mozilla firefox\firefox.exe = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
UDP Query User{9EF770DF-4FB1-41DF-B3EB-3D9C77DE3EC6}C:\program files\google\google earth\client\googleearth.exe = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
UDP Query User{BBBDA0F5-68FE-4E34-AFDD-D0489369CBE7}C:\program files\real\realplayer\realplay.exe = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe | 
UDP Query User{DE55D95C-9DC4-4744-AD1D-B57C6060E3A3}C:\program files\real\realplayer\realplay.exe = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe | 
UDP Query User{E02D339B-F031-451B-A799-5398751C26AD}D:\mirandaportable\app\miranda\miranda32.exe = protocol=17 | dir=in | app=d:\mirandaportable\app\miranda\miranda32.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
{052FDD78-A6EA-3187-8386-C82F4CA3A929} = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
{0C826C5B-B131-423A-A229-C71B3CACCD6A} = CDDRV_Installer
{23F2AD64-EAB3-4C01-AECA-33FBA6C7BFCD} = Neverwinter Nights
{25569723-DC5A-4467-A639-79535BF01B71} = Adobe Help Center 2.1
{26A24AE4-039D-4CA4-87B4-2F83216024FF} = Java(TM) 6 Update 24
{3101CB58-3482-4D21-AF1A-7057FC935355} = KhalInstallWrapper
{4286E640-B5FB-11DF-AC4B-005056C00008} = Google Earth
{4A03706F-666A-4037-7777-5F2748764D10} = Java Auto Updater
{55D8440D-6577-46DC-9571-8E5E3046AC11} = X-TENSIONS EM_USB Device Utilities
{5EE7D259-D137-4438-9A5F-42F432EC0421} = VC80CRTRedist - 8.0.50727.4053
{65DA2EC9-0642-47E9-AAE2-B5267AA14D75} = Activation Assistant for the 2007 Microsoft Office suites
{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4} = Windows Media Player Firefox Plugin
{716E0306-8318-4364-8B8F-0CC4E9376BAC} = MSXML 4.0 SP2 Parser and SDK
{7655E113-C306-11D9-A373-0050BAE317E1} = MCE Software Encoder 1.1
{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} = Microsoft Silverlight
{90120000-0015-0407-0000-0000000FF1CE} = Microsoft Office Access MUI (German) 2007
{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISER_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD} = 2007 Microsoft Office Suite Service Pack 1 (SP1)
{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD} = 2007 Microsoft Office Suite Service Pack 1 (SP1)
{90120000-0015-0409-0000-0000000FF1CE} = Microsoft Office Access MUI (English) 2007
{90120000-0016-0407-0000-0000000FF1CE} = Microsoft Office Excel MUI (German) 2007
{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISER_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD} = 2007 Microsoft Office Suite Service Pack 1 (SP1)
{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD} = 2007 Microsoft Office Suite Service Pack 1 (SP1)
{90120000-0016-0409-0000-0000000FF1CE} = Microsoft Office Excel MUI (English) 2007
{90120000-0018-0407-0000-0000000FF1CE} = Microsoft Office PowerPoint MUI (German) 2007
{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISER_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD} = 2007 Microsoft Office Suite Service Pack 1 (SP1)
{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD} = 2007 Microsoft Office Suite Service Pack 1 (SP1)
{90120000-0018-0409-0000-0000000FF1CE} = Microsoft Office PowerPoint MUI (English) 2007
{90120000-0019-0407-0000-0000000FF1CE} = Microsoft Office Publisher MUI (German) 2007
{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISER_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD} = 2007 Microsoft Office Suite Service Pack 1 (SP1)
{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD} = 2007 Microsoft Office Suite Service Pack 1 (SP1)
{90120000-0019-0409-0000-0000000FF1CE} = Microsoft Office Publisher MUI (English) 2007
{90120000-001A-0407-0000-0000000FF1CE} = Microsoft Office Outlook MUI (German) 2007
{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISER_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD} = 2007 Microsoft Office Suite Service Pack 1 (SP1)
{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD} = 2007 Microsoft Office Suite Service Pack 1 (SP1)
{90120000-001A-0409-0000-0000000FF1CE} = Microsoft Office Outlook MUI (English) 2007
{90120000-001B-0407-0000-0000000FF1CE} = Microsoft Office Word MUI (German) 2007
{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISER_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD} = 2007 Microsoft Office Suite Service Pack 1 (SP1)
{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD} = 2007 Microsoft Office Suite Service Pack 1 (SP1)
{90120000-001B-0409-0000-0000000FF1CE} = Microsoft Office Word MUI (English) 2007
{90120000-001F-0407-0000-0000000FF1CE} = Microsoft Office Proof (German) 2007
{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISER_{2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9} = 2007 Microsoft Office Suite Service Pack 1 (SP1)
{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9} = 2007 Microsoft Office Suite Service Pack 1 (SP1)
{90120000-001F-0409-0000-0000000FF1CE} = Microsoft Office Proof (English) 2007
{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{3EC77D26-799B-4CD8-914F-C1565E796173} = 2007 Microsoft Office Suite Service Pack 1 (SP1)
{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{3EC77D26-799B-4CD8-914F-C1565E796173} = 2007 Microsoft Office Suite Service Pack 1 (SP1)
{90120000-001F-040C-0000-0000000FF1CE} = Microsoft Office Proof (French) 2007
{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{430971B1-C31E-45DA-81E0-72C095BAB72C} = 2007 Microsoft Office Suite Service Pack 1 (SP1)
{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{430971B1-C31E-45DA-81E0-72C095BAB72C} = 2007 Microsoft Office Suite Service Pack 1 (SP1)
{90120000-001F-0410-0000-0000000FF1CE} = Microsoft Office Proof (Italian) 2007
{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISER_{58FC5E37-DD28-4D4A-A549-125744C6763C} = 2007 Microsoft Office Suite Service Pack 1 (SP1)
{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{58FC5E37-DD28-4D4A-A549-125744C6763C} = 2007 Microsoft Office Suite Service Pack 1 (SP1)
{90120000-001F-0C0A-0000-0000000FF1CE} = Microsoft Office Proof (Spanish) 2007
{90120000-002C-0407-0000-0000000FF1CE} = Microsoft Office Proofing (German) 2007
{90120000-002C-0409-0000-0000000FF1CE} = Microsoft Office Proofing (English) 2007
{90120000-0044-0407-0000-0000000FF1CE} = Microsoft Office InfoPath MUI (German) 2007
{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISER_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD} = 2007 Microsoft Office Suite Service Pack 1 (SP1)
{90120000-006E-0407-0000-0000000FF1CE} = Microsoft Office Shared MUI (German) 2007
{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISER_{888B9AC7-8F5C-456B-A27A-157A6C310E52} = 2007 Microsoft Office Suite Service Pack 1 (SP1)
{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{888B9AC7-8F5C-456B-A27A-157A6C310E52} = 2007 Microsoft Office Suite Service Pack 1 (SP1)
{90120000-006E-0409-0000-0000000FF1CE} = Microsoft Office Shared MUI (English) 2007
{90120000-00A1-0407-0000-0000000FF1CE} = Microsoft Office OneNote MUI (German) 2007
{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISER_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD} = 2007 Microsoft Office Suite Service Pack 1 (SP1)
{90120000-00B2-0407-0000-0000000FF1CE} = Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme
{90120000-00BA-0407-0000-0000000FF1CE} = Microsoft Office Groove MUI (German) 2007
{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISER_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD} = 2007 Microsoft Office Suite Service Pack 1 (SP1)
{90120000-0115-0409-0000-0000000FF1CE} = Microsoft Office Shared Setup Metadata MUI (English) 2007
{90120000-0117-0409-0000-0000000FF1CE} = Microsoft Office Access Setup Metadata MUI (English) 2007
{91120000-0030-0000-0000-0000000FF1CE} = Microsoft Office Enterprise 2007
{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{BEE75E01-DD3F-4D5F-B96C-609E6538D419} = 2007 Microsoft Office Suite Service Pack 1 (SP1)
{91120000-0031-0000-0000-0000000FF1CE} = Microsoft Office Professional Hybrid 2007
{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419} = 2007 Microsoft Office Suite Service Pack 1 (SP1)
{9A25302D-30C0-39D9-BD6F-21E6EC160475} = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
{A49F249F-0C91-497F-86DF-B2585E8E76B7} = Microsoft Visual C++ 2005 Redistributable
{A7B609FB-83D8-4FC3-8477-1BC65ECFE85B} = Adobe Photoshop Elements 5.0
{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} = Google Update Helper
{AC76BA86-7AD7-1031-7B44-A81300000003} = Adobe Reader 8.1.3 - Deutsch
{AC76BA86-7AD7-5464-3428-800000000003} = Spelling Dictionaries Support For Adobe Reader 8
{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} = Microsoft .NET Framework 3.5 SP1
{D0846526-66DD-4DC9-A02C-98F9A2806812} = Launch Manager V1.4.6
{D34D82E0-4600-407B-9478-8506C1DD1031} = Nero 7 Essentials
{DC24971E-1946-445D-8A82-CE685433FA7D} = Realtek USB 2.0 Card Reader
{E1640DA5-89B4-4F52-B15D-5DA3D14F29D4} = LG USB Modem Drivers
{F0FC1E09-AF67-47BC-9E61-90ECFEB4CE82} = OLYMPUS Master 2
{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E} = Logitech SetPoint
Activation Assistant for the 2007 Microsoft Office suites = Activation Assistant for the 2007 Microsoft Office suites
Adobe Flash Player Plugin = Adobe Flash Player 10 Plugin
Adobe Photoshop Elements 5 = Adobe Photoshop Elements 5.0
Adobe Shockwave Player = Adobe Shockwave Player 11.5
Amazon MP3-Downloader = Amazon MP3-Downloader 1.0.9
CNXT_AUDIO_HDA = Conexant HD Audio
dBASE PLUS series1 Runtime Engine = dBASE PLUS Runtime Engine
dBpowerAMP Music Converter = dBpowerAMP Music Converter
dBpowerAMP Wavpack Codec = dBpowerAMP Wavpack Codec
dBpowerAMP WMA V9 Codec = dBpowerAMP WMA V9 Codec
dBpowerAMP WMA V9.1 Codec = dBpowerAMP WMA V9.1 Codec
Diablo II = Diablo II
DivX Setup.divx.com = DivX-Setup
dMC Power Pack = dMC Power Pack
EAX Unified = EAX Unified
ENTERPRISER = Microsoft Office Enterprise 2007
Exact Audio Copy = Exact Audio Copy 1.0beta1
HDMI = Intel(R) Graphics Media Accelerator Driver
HyperMedia_is1 = HyperMedia Software
HyperMediaCenter 3.6_is1 = HyperMediaCenter 3.6
Malwarebytes' Anti-Malware_is1 = Malwarebytes' Anti-Malware
Microsoft .NET Framework 3.5 Language Pack SP1 - deu = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
Microsoft .NET Framework 3.5 SP1 = Microsoft .NET Framework 3.5 SP1
Monkey's Audio_is1 = Monkey's Audio
Mozilla Firefox (3.6.16) = Mozilla Firefox (3.6.16)
NIS = Norton Internet Security
Ogg Vorbis aoTuV b4 = Ogg Vorbis aoTuV b4
Ogg Vorbis aoTuV b4 SSE2 = Ogg Vorbis aoTuV b4 SSE2
PROHYBRIDR = 2007 Microsoft Office system
QuicktimeAlt_is1 = QuickTime Alternative 3.2.2
RealPlayer 6.0 = RealPlayer
SynTPDeinstKey = Synaptics Pointing Device Driver
Ulead Photo Express 2.0 SE = Ulead Photo Express 2.0 SE
Veetle TV = Veetle TV 0.9.18
VLC media player = VideoLAN VLC media player 0.8.6c
vShare = vShare Plugin
Winamp = Winamp
WinRAR archiver = WinRAR
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
Winamp Detect = Winamp Erkennungs-Plug-in
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 06.04.2011 18:46:53 | Computer Name = Zaphod-Lab | Source = Microsoft-Windows-CAPI2 | ID = 131077
Description = 
 
Error - 06.04.2011 18:46:53 | Computer Name = Zaphod-Lab | Source = Microsoft-Windows-CAPI2 | ID = 131077
Description = 
 
Error - 06.04.2011 18:46:53 | Computer Name = Zaphod-Lab | Source = Microsoft-Windows-CAPI2 | ID = 131077
Description = 
 
Error - 06.04.2011 18:47:16 | Computer Name = Zaphod-Lab | Source = Microsoft-Windows-CAPI2 | ID = 131077
Description = 
 
Error - 06.04.2011 18:47:16 | Computer Name = Zaphod-Lab | Source = Microsoft-Windows-CAPI2 | ID = 131077
Description = 
 
Error - 06.04.2011 18:47:19 | Computer Name = Zaphod-Lab | Source = Microsoft-Windows-CAPI2 | ID = 131077
Description = 
 
Error - 06.04.2011 18:47:19 | Computer Name = Zaphod-Lab | Source = Microsoft-Windows-CAPI2 | ID = 131077
Description = 
 
Error - 06.04.2011 18:52:58 | Computer Name = Zaphod-Lab | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung svchost.exe, Version 6.0.6000.16386, Zeitstempel
 0x4549adc4, fehlerhaftes Modul ntdll.dll, Version 6.0.6000.16386, Zeitstempel 0x4549bdc9,
 Ausnahmecode 0xc000071b, Fehleroffset 0x0008ac88,  Prozess-ID 0x41c, Anwendungsstartzeit
 01cbf4aa898b77e2.
 
Error - 06.04.2011 20:24:17 | Computer Name = Zaphod-Lab | Source = WerSvc | ID = 5007
Description = 
 
Error - 06.04.2011 20:30:41 | Computer Name = Zaphod-Lab | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung svchost.exe, Version 6.0.6000.16386, Zeitstempel
 0x4549adc4, fehlerhaftes Modul ntdll.dll, Version 6.0.6000.16386, Zeitstempel 0x4549bdc9,
 Ausnahmecode 0xc0000005, Fehleroffset 0x00040026,  Prozess-ID 0x414, Anwendungsstartzeit
 01cbf4b920c701ad.
 
[ System Events ]
Error - 06.04.2011 16:47:15 | Computer Name = Zaphod-Lab | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 06.04.2011 17:47:04 | Computer Name = Zaphod-Lab | Source = DCOM | ID = 10005
Description = 
 
Error - 06.04.2011 18:33:23 | Computer Name = Zaphod-Lab | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 06.04.2011 18:33:23 | Computer Name = Zaphod-Lab | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 06.04.2011 19:01:29 | Computer Name = Zaphod-Lab | Source = DCOM | ID = 10005
Description = 
 
Error - 06.04.2011 20:17:44 | Computer Name = Zaphod-Lab | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 06.04.2011 20:17:44 | Computer Name = Zaphod-Lab | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 06.04.2011 20:33:41 | Computer Name = Zaphod-Lab | Source = Service Control Manager | ID = 7032
Description = 
 
Error - 07.04.2011 08:15:11 | Computer Name = Zaphod-Lab | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 07.04.2011 08:15:11 | Computer Name = Zaphod-Lab | Source = Service Control Manager | ID = 7026
Description = 
 
 
< End of report >
         
Hoffe, ich hab alles richtig gemacht.
__________________

Alt 07.04.2011, 14:41   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojan.Hiloti.Gen / Appcrash svchost.exe / Google Redirects / ständige Angriffe etc. - Standard

Trojan.Hiloti.Gen / Appcrash svchost.exe / Google Redirects / ständige Angriffe etc.



Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 07.04.2011, 19:55   #5
zelluloid
 
Trojan.Hiloti.Gen / Appcrash svchost.exe / Google Redirects / ständige Angriffe etc. - Standard

Trojan.Hiloti.Gen / Appcrash svchost.exe / Google Redirects / ständige Angriffe etc.



Ja, gibt noch 2 Malwarebytes logfiles, wurden zwischen der logfile aus meinem 1. Beitrag und der logfile aus meinem 2. Beitrag erstellt. Waren aber auch wie der erste nur Quick-Scans.

Malwarebytes logfile:
Code:
ATTFilter
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6283

Windows 6.0.6000
Internet Explorer 7.0.6000.17037

06.04.2011 11:16
mbam-log-2011-04-06 (11-16-11).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 150077
Laufzeit: 5 Minute(n), 23 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
         
Malwarebytes logfile:
Code:
ATTFilter
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6287

Windows 6.0.6000
Internet Explorer 7.0.6000.17037

06.04.2011 17:30
mbam-log-2011-04-06 (17-30-31).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 144921
Laufzeit: 4 Minute(n), 42 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
         
Gruß


Alt 07.04.2011, 19:57   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojan.Hiloti.Gen / Appcrash svchost.exe / Google Redirects / ständige Angriffe etc. - Standard

Trojan.Hiloti.Gen / Appcrash svchost.exe / Google Redirects / ständige Angriffe etc.



Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)


Code:
ATTFilter
:OTL
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{5d118db0-23b3-11e0-baaa-8412d60bb5e4}\Shell - "" = AutoRun
O33 - MountPoints2\{5d118db0-23b3-11e0-baaa-8412d60bb5e4}\Shell\AutoRun\command - "" = E:\LGAutoRun.exe
O33 - MountPoints2\{77d23c94-c14c-11dd-8837-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{77d23c94-c14c-11dd-8837-806e6f6e6963}\Shell\AutoRun\command - "" = D:\setup.exe
:Commands
[purity]
[resethosts]
[emptytemp]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________
--> Trojan.Hiloti.Gen / Appcrash svchost.exe / Google Redirects / ständige Angriffe etc.

Alt 07.04.2011, 20:21   #7
zelluloid
 
Trojan.Hiloti.Gen / Appcrash svchost.exe / Google Redirects / ständige Angriffe etc. - Standard

Trojan.Hiloti.Gen / Appcrash svchost.exe / Google Redirects / ständige Angriffe etc.



Gesagt, Getan.
OTL:
Code:
ATTFilter
All processes killed
========== OTL ==========
ADS C:\ProgramData\TEMP:DFC5A2B2 deleted successfully.
ADS C:\ProgramData\TEMP:A8ADE5D8 deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5d118db0-23b3-11e0-baaa-8412d60bb5e4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5d118db0-23b3-11e0-baaa-8412d60bb5e4}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5d118db0-23b3-11e0-baaa-8412d60bb5e4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5d118db0-23b3-11e0-baaa-8412d60bb5e4}\ not found.
File E:\LGAutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{77d23c94-c14c-11dd-8837-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{77d23c94-c14c-11dd-8837-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{77d23c94-c14c-11dd-8837-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{77d23c94-c14c-11dd-8837-806e6f6e6963}\ not found.
File D:\setup.exe not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Flash cache emptied: 41 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
User: Zaphod
->Temp folder emptied: 17489889 bytes
->Java cache emptied: 10643 bytes
->FireFox cache emptied: 97425173 bytes
->Flash cache emptied: 1393 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 820529 bytes
%systemroot%\System32 .tmp files removed: 556616 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 430930 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 111,00 mb
 
 
OTL by OldTimer - Version 3.2.22.3 log created on 04072011_211243

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
         
Gruß,
Stephi

Alt 08.04.2011, 04:48   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojan.Hiloti.Gen / Appcrash svchost.exe / Google Redirects / ständige Angriffe etc. - Standard

Trojan.Hiloti.Gen / Appcrash svchost.exe / Google Redirects / ständige Angriffe etc.



Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 08.04.2011, 09:29   #9
zelluloid
 
Trojan.Hiloti.Gen / Appcrash svchost.exe / Google Redirects / ständige Angriffe etc. - Standard

Trojan.Hiloti.Gen / Appcrash svchost.exe / Google Redirects / ständige Angriffe etc.



Hallo Arne,

hier kommt das rootkit log:

Code:
ATTFilter
2011/04/08 10:10:33.0416 3260	TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/08 10:10:33.0447 3260	================================================================================
2011/04/08 10:10:33.0447 3260	SystemInfo:
2011/04/08 10:10:33.0447 3260	
2011/04/08 10:10:33.0447 3260	OS Version: 6.0.6000 ServicePack: 0.0
2011/04/08 10:10:33.0447 3260	Product type: Workstation
2011/04/08 10:10:33.0447 3260	ComputerName: ZAPHOD-LAB
2011/04/08 10:10:33.0447 3260	UserName: Zaphod
2011/04/08 10:10:33.0447 3260	Windows directory: C:\Windows
2011/04/08 10:10:33.0447 3260	System windows directory: C:\Windows
2011/04/08 10:10:33.0447 3260	Processor architecture: Intel x86
2011/04/08 10:10:33.0447 3260	Number of processors: 2
2011/04/08 10:10:33.0447 3260	Page size: 0x1000
2011/04/08 10:10:33.0447 3260	Boot type: Normal boot
2011/04/08 10:10:33.0447 3260	================================================================================
2011/04/08 10:10:35.0241 3260	Initialize success
2011/04/08 10:10:48.0174 0792	================================================================================
2011/04/08 10:10:48.0174 0792	Scan started
2011/04/08 10:10:48.0174 0792	Mode: Manual; 
2011/04/08 10:10:48.0174 0792	================================================================================
2011/04/08 10:10:49.0344 0792	ACPI            (84fc6df81212d16be5c4f441682feccc) C:\Windows\system32\drivers\acpi.sys
2011/04/08 10:10:49.0422 0792	adp94xx         (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2011/04/08 10:10:49.0453 0792	adpahci         (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2011/04/08 10:10:49.0500 0792	adpu160m        (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2011/04/08 10:10:49.0531 0792	adpu320         (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2011/04/08 10:10:49.0625 0792	AF15BDA         (25e12313338e476293178bcae4d6f4e2) C:\Windows\system32\DRIVERS\AF15BDA.sys
2011/04/08 10:10:49.0671 0792	AFD             (5d24caf8efd924a875698ff28384db8b) C:\Windows\system32\drivers\afd.sys
2011/04/08 10:10:49.0718 0792	agp440          (8b10ce1c1f9f1d47e4deb1a547a00cd4) C:\Windows\system32\drivers\agp440.sys
2011/04/08 10:10:49.0765 0792	aic78xx         (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/04/08 10:10:49.0796 0792	aliide          (5c42a992e68724d2cd3ddb4fc3b0409f) C:\Windows\system32\drivers\aliide.sys
2011/04/08 10:10:49.0827 0792	amdagp          (848f27e5b27c1c253f6cefdc1a5d8f21) C:\Windows\system32\drivers\amdagp.sys
2011/04/08 10:10:49.0859 0792	amdide          (849dfacdde533da5d1810f0caf84eb19) C:\Windows\system32\drivers\amdide.sys
2011/04/08 10:10:49.0890 0792	AmdK7           (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2011/04/08 10:10:49.0921 0792	AmdK8           (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
2011/04/08 10:10:49.0983 0792	arc             (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2011/04/08 10:10:50.0030 0792	arcsas          (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2011/04/08 10:10:50.0061 0792	AsyncMac        (e86cf7ce67d5de898f27ef884dc357d8) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/04/08 10:10:50.0108 0792	atapi           (e03e8c99d15d0381e02743c36afc7c6f) C:\Windows\system32\drivers\atapi.sys
2011/04/08 10:10:50.0155 0792	atksgt          (6e996cf8459a2594e0e9609d0e34d41f) C:\Windows\system32\DRIVERS\atksgt.sys
2011/04/08 10:10:50.0233 0792	b57nd60x        (8e287eb3a52fd30c999482c576f4a61b) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/04/08 10:10:50.0295 0792	Beep            (ac3dd1708b22761ebd7cbe14dcc3b5d7) C:\Windows\system32\drivers\Beep.sys
2011/04/08 10:10:50.0514 0792	BHDrvx86        (32d6e07922d17bed40ae746fc86b8a68) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110309.001\BHDrvx86.sys
2011/04/08 10:10:50.0779 0792	bowser          (913cd06fbe9105ce6077e90fd4418561) C:\Windows\system32\DRIVERS\bowser.sys
2011/04/08 10:10:50.0826 0792	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/04/08 10:10:50.0857 0792	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/04/08 10:10:50.0888 0792	Brserid         (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/04/08 10:10:50.0997 0792	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/04/08 10:10:51.0091 0792	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/04/08 10:10:51.0107 0792	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/04/08 10:10:51.0169 0792	BthAvrcp        (3472331b9d460212965b51a8d38e8bec) C:\Windows\system32\DRIVERS\BthAvrcp.sys
2011/04/08 10:10:51.0200 0792	BthEnum         (cf97c2d6a011ee9403b42191b5f95ba8) C:\Windows\system32\DRIVERS\BthEnum.sys
2011/04/08 10:10:51.0263 0792	BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/04/08 10:10:51.0309 0792	BthPan          (b8c3d9ddf85fd197c3e5f849fef71144) C:\Windows\system32\DRIVERS\bthpan.sys
2011/04/08 10:10:51.0356 0792	BTHPORT         (b4ce8000aab30a9ab16cd0fb3db4d7cf) C:\Windows\system32\Drivers\BTHport.sys
2011/04/08 10:10:51.0403 0792	BTHUSB          (9a4ddc8544c1459aa2a118a8858dade3) C:\Windows\system32\Drivers\BTHUSB.sys
2011/04/08 10:10:51.0450 0792	cdfs            (6c3a437fc873c6f6a4fc620b6888cb86) C:\Windows\system32\DRIVERS\cdfs.sys
2011/04/08 10:10:51.0528 0792	cdrom           (8d1866e61af096ae8b582454f5e4d303) C:\Windows\system32\DRIVERS\cdrom.sys
2011/04/08 10:10:51.0575 0792	circlass        (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2011/04/08 10:10:51.0621 0792	CLFS            (1b84fd0937d3b99af9ba38ddff3daf54) C:\Windows\system32\CLFS.sys
2011/04/08 10:10:51.0668 0792	CmBatt          (ed97ad3df1b9005989eaf149bf06c821) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/04/08 10:10:51.0684 0792	cmdide          (de11a06e187756ecb86cfa82dac40ff7) C:\Windows\system32\drivers\cmdide.sys
2011/04/08 10:10:51.0762 0792	CnxtHdAudService (b6e7991e3d6146c04c85cd31af22a381) C:\Windows\system32\drivers\CHDRT32.sys
2011/04/08 10:10:51.0809 0792	Compbatt        (722936afb75a7f509662b69b5632f48a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/04/08 10:10:51.0840 0792	crcdisk         (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2011/04/08 10:10:51.0871 0792	Crusoe          (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2011/04/08 10:10:51.0933 0792	CSC             (ee95a5f89766f199557e5900ce6b2d7d) C:\Windows\system32\drivers\csc.sys
2011/04/08 10:10:51.0980 0792	DfsC            (a7179de59ae269ab70345527894ccd7c) C:\Windows\system32\Drivers\dfsc.sys
2011/04/08 10:10:52.0058 0792	disk            (841af4c4d41d3e3b2f244e976b0f7963) C:\Windows\system32\drivers\disk.sys
2011/04/08 10:10:52.0121 0792	drmkaud         (ee472cd2c01f6f8e8aa1fa06ffef61b6) C:\Windows\system32\drivers\drmkaud.sys
2011/04/08 10:10:52.0167 0792	DXGKrnl         (a2b160c1bb13ee3303c342e551373c59) C:\Windows\System32\drivers\dxgkrnl.sys
2011/04/08 10:10:52.0277 0792	E1G60           (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/04/08 10:10:52.0323 0792	Ecache          (0efc7531b936ee57fdb4e837664c509f) C:\Windows\system32\drivers\ecache.sys
2011/04/08 10:10:52.0433 0792	eeCtrl          (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2011/04/08 10:10:52.0495 0792	elxstor         (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2011/04/08 10:10:52.0557 0792	EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2011/04/08 10:10:52.0604 0792	fastfat         (84a317cb0b3954d3768cdcd018dbf670) C:\Windows\system32\drivers\fastfat.sys
2011/04/08 10:10:52.0635 0792	fdc             (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
2011/04/08 10:10:52.0682 0792	FileInfo        (65773d6115c037ffd7ef8280ae85eb9d) C:\Windows\system32\drivers\fileinfo.sys
2011/04/08 10:10:52.0698 0792	Filetrace       (c226dd0de060745f3e042f58dcf78402) C:\Windows\system32\drivers\filetrace.sys
2011/04/08 10:10:52.0729 0792	flpydisk        (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/04/08 10:10:52.0760 0792	FltMgr          (a6a8da7ae4d53394ab22ac3ab6d3f5d3) C:\Windows\system32\drivers\fltmgr.sys
2011/04/08 10:10:52.0807 0792	Fs_Rec          (66a078591208baa210c7634b11eb392c) C:\Windows\system32\drivers\Fs_Rec.sys
2011/04/08 10:10:52.0838 0792	gagp30kx        (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2011/04/08 10:10:52.0916 0792	HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/04/08 10:10:52.0963 0792	HDAudBus        (0db613a7e427b5663563677796fd5258) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/04/08 10:10:52.0994 0792	HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/04/08 10:10:53.0025 0792	HidIr           (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/04/08 10:10:53.0072 0792	HidUsb          (01e7971e9f4bd6ac6a08db52d0ea0418) C:\Windows\system32\DRIVERS\hidusb.sys
2011/04/08 10:10:53.0135 0792	Hotkey          (8b566ea71d5b76157a9cdb78f25a5731) C:\Windows\system32\drivers\Hotkey.sys
2011/04/08 10:10:53.0181 0792	HpCISSs         (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2011/04/08 10:10:53.0291 0792	HTTP            (ea24fe637d974a8a31bc650f478e3533) C:\Windows\system32\drivers\HTTP.sys
2011/04/08 10:10:53.0369 0792	hwdatacard      (4e370a583e78b614918c8f2cd5b733ef) C:\Windows\system32\DRIVERS\ewusbmdm.sys
2011/04/08 10:10:53.0415 0792	i2omp           (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2011/04/08 10:10:53.0462 0792	i8042prt        (1c9ee072baa3abb460b91d7ee9152660) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/04/08 10:10:53.0571 0792	ialm            (9378d57e2b96c0a185d844770ad49948) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/04/08 10:10:53.0665 0792	iaStorV         (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2011/04/08 10:10:53.0883 0792	IDSVix86        (7c8ce2b83a89ee1cb0c3fee5991e62a2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110406.001\IDSvix86.sys
2011/04/08 10:10:54.0071 0792	igfx            (9378d57e2b96c0a185d844770ad49948) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/04/08 10:10:54.0149 0792	iirsp           (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/04/08 10:10:54.0195 0792	intelide        (59b00efb24ead979becf413703bb1fac) C:\Windows\system32\drivers\intelide.sys
2011/04/08 10:10:54.0227 0792	intelppm        (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
2011/04/08 10:10:54.0289 0792	IpFilterDriver  (880c6f86cc3f551b8fea2c11141268c0) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/04/08 10:10:54.0351 0792	IPMIDRV         (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2011/04/08 10:10:54.0383 0792	IPNAT           (10077c35845101548037df04fd1a420b) C:\Windows\system32\DRIVERS\ipnat.sys
2011/04/08 10:10:54.0414 0792	IRENUM          (a82f328f4792304184642d6d397bb1e3) C:\Windows\system32\drivers\irenum.sys
2011/04/08 10:10:54.0445 0792	isapnp          (2f8ece2699e7e2070545e9b0960a8ed2) C:\Windows\system32\drivers\isapnp.sys
2011/04/08 10:10:54.0492 0792	iScsiPrt        (4dca456d4d5723f8fa9c6760d240b0df) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/04/08 10:10:54.0523 0792	iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/04/08 10:10:54.0554 0792	iteraid         (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/04/08 10:10:54.0601 0792	kbdclass        (b076b2ab806b3f696dab21375389101c) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/04/08 10:10:54.0663 0792	kbdhid          (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\drivers\kbdhid.sys
2011/04/08 10:10:54.0710 0792	KSecDD          (0a829977b078dea11641fc2af87ceade) C:\Windows\system32\Drivers\ksecdd.sys
2011/04/08 10:10:54.0804 0792	LHidFilt        (7f9c7b28cf1c859e1c42619eea946dc8) C:\Windows\system32\DRIVERS\LHidFilt.Sys
2011/04/08 10:10:54.0866 0792	lirsgt          (975b6cf65f44e95883f3855bae8cecaf) C:\Windows\system32\DRIVERS\lirsgt.sys
2011/04/08 10:10:54.0913 0792	lltdio          (fd015b4f95daa2b712f0e372a116fbad) C:\Windows\system32\DRIVERS\lltdio.sys
2011/04/08 10:10:54.0944 0792	LMouFilt        (ab33792a87285344f43b5ce23421bab0) C:\Windows\system32\DRIVERS\LMouFilt.Sys
2011/04/08 10:10:54.0975 0792	LSI_FC          (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2011/04/08 10:10:55.0007 0792	LSI_SAS         (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2011/04/08 10:10:55.0069 0792	LSI_SCSI        (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2011/04/08 10:10:55.0163 0792	luafv           (42885bb44b6e065b8575a8dd6c430c52) C:\Windows\system32\drivers\luafv.sys
2011/04/08 10:10:55.0209 0792	megasas         (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2011/04/08 10:10:55.0272 0792	Modem           (21755967298a46fb6adfec9db6012211) C:\Windows\system32\drivers\modem.sys
2011/04/08 10:10:55.0319 0792	monitor         (7446e104a5fe5987ca9e4983fbac4f97) C:\Windows\system32\DRIVERS\monitor.sys
2011/04/08 10:10:55.0381 0792	mouclass        (5fba13c1a1841b0885d316ed3589489d) C:\Windows\system32\DRIVERS\mouclass.sys
2011/04/08 10:10:55.0428 0792	mouhid          (b569b5c5d3bde545df3a6af512cccdba) C:\Windows\system32\DRIVERS\mouhid.sys
2011/04/08 10:10:55.0459 0792	MountMgr        (01f1e5a3e4877c931cbb31613fec16a6) C:\Windows\system32\drivers\mountmgr.sys
2011/04/08 10:10:55.0506 0792	mpio            (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2011/04/08 10:10:55.0553 0792	mpsdrv          (6e7a7f0c1193ee5648443fe2d4b789ec) C:\Windows\system32\drivers\mpsdrv.sys
2011/04/08 10:10:55.0584 0792	Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/04/08 10:10:55.0615 0792	MRxDAV          (1d8828b98ee309d65e006f0829e280e5) C:\Windows\system32\drivers\mrxdav.sys
2011/04/08 10:10:55.0662 0792	mrxsmb          (8af705ce1bb907932157fab821170f27) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/04/08 10:10:55.0693 0792	mrxsmb10        (47e13ab23371be3279eef22bbfa2c1be) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/04/08 10:10:55.0724 0792	mrxsmb20        (90b3fc7bd6b3d7ee7635debba2187f66) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/04/08 10:10:55.0771 0792	msahci          (2681302b63b318cbea6c82902ac5428c) C:\Windows\system32\drivers\msahci.sys
2011/04/08 10:10:55.0833 0792	msdsm           (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2011/04/08 10:10:55.0896 0792	Msfs            (729eafefd4e7417165f353a18dbe947d) C:\Windows\system32\drivers\Msfs.sys
2011/04/08 10:10:55.0943 0792	msisadrv        (207df26dbb2537c20276da0e15892274) C:\Windows\system32\drivers\msisadrv.sys
2011/04/08 10:10:55.0974 0792	MSKSSRV         (892cedefa7e0ffe7be8da651b651d047) C:\Windows\system32\drivers\MSKSSRV.sys
2011/04/08 10:10:56.0021 0792	MSPCLOCK        (ae2cb1da69b2676b4cee2a501af5871c) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/04/08 10:10:56.0099 0792	MSPQM           (f910da84fa90c44a3addb7cd874463fd) C:\Windows\system32\drivers\MSPQM.sys
2011/04/08 10:10:56.0379 0792	MsRPC           (84571c0ae07647ba38d493f5f0015df7) C:\Windows\system32\drivers\MsRPC.sys
2011/04/08 10:10:56.0426 0792	mssmbios        (7dbaa028f625aa46b95dda4fbe4b602b) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/04/08 10:10:56.0473 0792	MSTEE           (c826dd1373f38afd9ca46ec3c436a14e) C:\Windows\system32\drivers\MSTEE.sys
2011/04/08 10:10:56.0504 0792	Mup             (fa7aa70050cf5e2d15de00941e5665e5) C:\Windows\system32\Drivers\mup.sys
2011/04/08 10:10:56.0567 0792	NativeWifiP     (6da4a0fc7c0e83df0cb3cfd0a514c3bc) C:\Windows\system32\DRIVERS\nwifi.sys
2011/04/08 10:10:56.0769 0792	NAVENG          (c34e2a884ccca8b5567d0c2752527073) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110407.002\NAVENG.SYS
2011/04/08 10:10:56.0863 0792	NAVEX15         (b3916eeec738dd4178f4fd6a44a32e36) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110407.002\NAVEX15.SYS
2011/04/08 10:10:57.0019 0792	NDIS            (227c11e1e7cf6ef8afb2a238d209760c) C:\Windows\system32\drivers\ndis.sys
2011/04/08 10:10:57.0066 0792	NdisTapi        (81659cdcbd0f9a9e07e6878ad8c78d3f) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/04/08 10:10:57.0097 0792	Ndisuio         (5de5ee546bf40838ebe0e01cb629df64) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/04/08 10:10:57.0128 0792	NdisWan         (397402adcbb8946223a1950101f6cd94) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/04/08 10:10:57.0144 0792	NDProxy         (1b24fa907af283199a81b3bb37e5e526) C:\Windows\system32\drivers\NDProxy.sys
2011/04/08 10:10:57.0175 0792	NetBIOS         (356dbb9f98e8dc1028dd3092fceeb877) C:\Windows\system32\DRIVERS\netbios.sys
2011/04/08 10:10:57.0237 0792	netbt           (e3a168912e7eefc3bd3b814720d68b41) C:\Windows\system32\DRIVERS\netbt.sys
2011/04/08 10:10:57.0440 0792	NETw4v32        (6522dd40a5f67ced020bd81b856613fb) C:\Windows\system32\DRIVERS\NETw4v32.sys
2011/04/08 10:10:57.0534 0792	nfrd960         (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/04/08 10:10:57.0596 0792	Npfs            (4f9832beb9fafd8ceb0e541f1323b26e) C:\Windows\system32\drivers\Npfs.sys
2011/04/08 10:10:57.0627 0792	nsiproxy        (b488dfec274de1fc9d653870ef2587be) C:\Windows\system32\drivers\nsiproxy.sys
2011/04/08 10:10:57.0752 0792	Ntfs            (37430aa7a66d7a63407adc2c0d05e9f6) C:\Windows\system32\drivers\Ntfs.sys
2011/04/08 10:10:57.0846 0792	ntrigdigi       (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/04/08 10:10:57.0877 0792	Null            (ec5efb3c60f1b624648344a328bce596) C:\Windows\system32\drivers\Null.sys
2011/04/08 10:10:57.0908 0792	nvraid          (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
2011/04/08 10:10:57.0939 0792	nvstor          (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
2011/04/08 10:10:57.0986 0792	nv_agp          (055081fd5076401c1ee1bcab08d81911) C:\Windows\system32\drivers\nv_agp.sys
2011/04/08 10:10:58.0064 0792	ohci1394        (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
2011/04/08 10:10:58.0142 0792	Parport         (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\DRIVERS\parport.sys
2011/04/08 10:10:58.0158 0792	partmgr         (555a5b2c8022983bc7467bc925b222ee) C:\Windows\system32\drivers\partmgr.sys
2011/04/08 10:10:58.0189 0792	Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\DRIVERS\parvdm.sys
2011/04/08 10:10:58.0251 0792	pci             (bdd96f9cf34d58958aff1be6ef4c8020) C:\Windows\system32\drivers\pci.sys
2011/04/08 10:10:58.0283 0792	pciide          (54d23dc5b5072311116826fdb7f6e83e) C:\Windows\system32\drivers\pciide.sys
2011/04/08 10:10:58.0329 0792	pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/04/08 10:10:58.0407 0792	PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/04/08 10:10:58.0548 0792	PptpMiniport    (c04dec5ace67c5247b150c4223970bb7) C:\Windows\system32\DRIVERS\raspptp.sys
2011/04/08 10:10:58.0579 0792	Processor       (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2011/04/08 10:10:58.0641 0792	PSched          (2c8bae55247c4e09352e870292e4d1ab) C:\Windows\system32\DRIVERS\pacer.sys
2011/04/08 10:10:58.0704 0792	PxHelp20        (e42e3433dbb4cffe8fdd91eab29aea8e) C:\Windows\system32\Drivers\PxHelp20.sys
2011/04/08 10:10:58.0766 0792	ql2300          (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2011/04/08 10:10:58.0829 0792	ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/04/08 10:10:58.0875 0792	QWAVEdrv        (d2b3e2b7426dc23e185fbc73c8936c12) C:\Windows\system32\drivers\qwavedrv.sys
2011/04/08 10:10:58.0907 0792	RasAcd          (bd7b30f55b3649506dd8b3d38f571d2a) C:\Windows\system32\DRIVERS\rasacd.sys
2011/04/08 10:10:58.0969 0792	Rasl2tp         (68b0019fee429ec49d29017af937e482) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/04/08 10:10:59.0016 0792	RasPppoe        (ccf4e9c6cbbac81437f88cb2ae0b6c96) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/04/08 10:10:59.0063 0792	rdbss           (54129c5d9581bbec8bd1ebd3ba813f47) C:\Windows\system32\DRIVERS\rdbss.sys
2011/04/08 10:10:59.0094 0792	RDPCDD          (794585276b5d7fca9f3fc15543f9f0b9) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/04/08 10:10:59.0141 0792	rdpdr           (0245418224cfa77bf4b41c2fe0622258) C:\Windows\system32\DRIVERS\rdpdr.sys
2011/04/08 10:10:59.0172 0792	RDPENCDD        (980b56e2e273e19d3a9d72d5c420f008) C:\Windows\system32\drivers\rdpencdd.sys
2011/04/08 10:10:59.0203 0792	RDPWD           (8830e790a74a96605faba74f9665bb3c) C:\Windows\system32\drivers\RDPWD.sys
2011/04/08 10:10:59.0281 0792	RFCOMM          (7ec90c316177ba3f1bce92005264b447) C:\Windows\system32\DRIVERS\rfcomm.sys
2011/04/08 10:10:59.0328 0792	rspndr          (97e939d2128fec5d5a3e6e79b290a2f4) C:\Windows\system32\DRIVERS\rspndr.sys
2011/04/08 10:10:59.0390 0792	RTL8169         (71b7026d61293c1e91145bdad11c53bf) C:\Windows\system32\DRIVERS\Rtlh86.sys
2011/04/08 10:10:59.0421 0792	RTSTOR          (e845f4d709c456992f11d2acf321bced) C:\Windows\system32\drivers\RTSTOR.SYS
2011/04/08 10:10:59.0468 0792	sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/04/08 10:10:59.0515 0792	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/04/08 10:10:59.0546 0792	Serenum         (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\DRIVERS\serenum.sys
2011/04/08 10:10:59.0593 0792	Serial          (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\DRIVERS\serial.sys
2011/04/08 10:10:59.0624 0792	sermouse        (450accd77ec5cea720c1cdb9e26b953b) C:\Windows\system32\drivers\sermouse.sys
2011/04/08 10:10:59.0671 0792	sffdisk         (51cf56aa8bcc241f134b420b8f850406) C:\Windows\system32\drivers\sffdisk.sys
2011/04/08 10:10:59.0702 0792	sffp_mmc        (96ded8b20c734ac41641ce275250e55d) C:\Windows\system32\drivers\sffp_mmc.sys
2011/04/08 10:10:59.0718 0792	sffp_sd         (8b08cab1267b2c377883fc9e56981f90) C:\Windows\system32\drivers\sffp_sd.sys
2011/04/08 10:10:59.0749 0792	sfloppy         (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/04/08 10:10:59.0796 0792	sisagp          (08072b2fb92477fc813271a84b3a8698) C:\Windows\system32\drivers\sisagp.sys
2011/04/08 10:10:59.0827 0792	SiSRaid2        (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2011/04/08 10:10:59.0874 0792	SiSRaid4        (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2011/04/08 10:10:59.0905 0792	Smb             (ac0d90738adb51a6fd12ff00874a2162) C:\Windows\system32\DRIVERS\smb.sys
2011/04/08 10:10:59.0936 0792	spldr           (426f9b029aa9162ceccf65369457d046) C:\Windows\system32\drivers\spldr.sys
2011/04/08 10:11:00.0014 0792	sptd            (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys
2011/04/08 10:11:00.0014 0792	Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
2011/04/08 10:11:00.0030 0792	sptd - detected Locked file (1)
2011/04/08 10:11:00.0123 0792	SRTSP           (a7a104a61c4e30de9c58f8c372a5c209) C:\Windows\System32\Drivers\NIS\1205000.07D\SRTSP.SYS
2011/04/08 10:11:00.0170 0792	SRTSPX          (2833445f786bd000bb14c84a9d91347a) C:\Windows\system32\drivers\NIS\1205000.07D\SRTSPX.SYS
2011/04/08 10:11:00.0217 0792	srv             (038579c35f7cad4a4bbf735dbf83277d) C:\Windows\system32\DRIVERS\srv.sys
2011/04/08 10:11:00.0264 0792	srv2            (6971a757af8cb5e2cbcbb76cc530db6c) C:\Windows\system32\DRIVERS\srv2.sys
2011/04/08 10:11:00.0311 0792	srvnet          (9e1a4603b874eebce0298113951abefb) C:\Windows\system32\DRIVERS\srvnet.sys
2011/04/08 10:11:00.0435 0792	SVKP            (f05028b163b92c302a74409d683ac9b0) C:\Windows\system32\SVKP.sys
2011/04/08 10:11:00.0482 0792	swenum          (3b80b4383c9bce13279c8482734b32b2) C:\Windows\system32\DRIVERS\swenum.sys
2011/04/08 10:11:00.0529 0792	Symc8xx         (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/04/08 10:11:00.0623 0792	SymDS           (bdf077b897b5f9f929b6bf0cfd436962) C:\Windows\system32\drivers\NIS\1205000.07D\SYMDS.SYS
2011/04/08 10:11:00.0685 0792	SymEFA          (7732298ad2eddd364c1d4f439d99ae7c) C:\Windows\system32\drivers\NIS\1205000.07D\SYMEFA.SYS
2011/04/08 10:11:00.0747 0792	SymEvent        (5c76a63fac8a5580c5a1c4a4ed827782) C:\Windows\system32\Drivers\SYMEVENT.SYS
2011/04/08 10:11:00.0810 0792	SymIRON         (a73399804d5d4a8b20ba60fcf70c9f1f) C:\Windows\system32\drivers\NIS\1205000.07D\Ironx86.SYS
2011/04/08 10:11:00.0872 0792	SYMTDIv         (c93e93bff7cba0cd1c1ea282d791b772) C:\Windows\System32\Drivers\NIS\1205000.07D\SYMTDIV.SYS
2011/04/08 10:11:00.0935 0792	Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/04/08 10:11:00.0966 0792	Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/04/08 10:11:01.0013 0792	SynTP           (f7a4250bb3e3afcd4af100e551509352) C:\Windows\system32\DRIVERS\SynTP.sys
2011/04/08 10:11:01.0091 0792	Tcpip           (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\drivers\tcpip.sys
2011/04/08 10:11:01.0153 0792	Tcpip6          (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\DRIVERS\tcpip.sys
2011/04/08 10:11:01.0184 0792	tcpipreg        (5ce0c4a7b12d0067dad527d72b68c726) C:\Windows\system32\drivers\tcpipreg.sys
2011/04/08 10:11:01.0215 0792	TDPIPE          (964248aef49c31fa6a93201a73ffaf50) C:\Windows\system32\drivers\tdpipe.sys
2011/04/08 10:11:01.0262 0792	TDTCP           (7d2c1ae1648a60fce4aa0f7982e419d3) C:\Windows\system32\drivers\tdtcp.sys
2011/04/08 10:11:01.0293 0792	tdx             (ab4fde8af4a0270a46a001c08cbce1c2) C:\Windows\system32\DRIVERS\tdx.sys
2011/04/08 10:11:01.0340 0792	TermDD          (849ed71967d45f15c3e0abfc633fdf2a) C:\Windows\system32\DRIVERS\termdd.sys
2011/04/08 10:11:01.0434 0792	tssecsrv        (29f0eca726f0d51f7e048bdb0b372f29) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/04/08 10:11:01.0481 0792	tunmp           (65e953bc0084d44498b51f59784d2a82) C:\Windows\system32\DRIVERS\tunmp.sys
2011/04/08 10:11:01.0512 0792	tunnel          (4a39bda5e0fd30bdf4884f9d33ae6105) C:\Windows\system32\DRIVERS\tunnel.sys
2011/04/08 10:11:01.0543 0792	uagp35          (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2011/04/08 10:11:01.0590 0792	udfs            (6348da98707ceda8a0dfb05820e17732) C:\Windows\system32\DRIVERS\udfs.sys
2011/04/08 10:11:01.0637 0792	uliagpkx        (6d72ef05921abdf59fc45c7ebfe7e8dd) C:\Windows\system32\drivers\uliagpkx.sys
2011/04/08 10:11:01.0668 0792	uliahci         (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2011/04/08 10:11:01.0715 0792	UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/04/08 10:11:01.0746 0792	ulsata2         (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/04/08 10:11:01.0793 0792	umbus           (3fb78f1d1dd86d87bececd9dffa24dd9) C:\Windows\system32\DRIVERS\umbus.sys
2011/04/08 10:11:01.0871 0792	USB28xxBGA      (01f43ddc94653cd68d2794ec4500debc) C:\Windows\system32\DRIVERS\emBDA.sys
2011/04/08 10:11:01.0902 0792	USB28xxOEM      (925e82ffe06a37799e5cb486528ed835) C:\Windows\system32\DRIVERS\emOEM.sys
2011/04/08 10:11:01.0949 0792	usbbus          (9419faac6552a51542dbba02971c841c) C:\Windows\system32\DRIVERS\lgusbbus.sys
2011/04/08 10:11:01.0995 0792	usbccgp         (03b01e8dbd2da2b49157b7e51912aaf2) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/04/08 10:11:02.0042 0792	usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/04/08 10:11:02.0089 0792	UsbDiag         (c0a466fa4ffec464320e159bc1bbdc0c) C:\Windows\system32\DRIVERS\lgusbdiag.sys
2011/04/08 10:11:02.0151 0792	usbehci         (2f83363f98484f8edaf49f9b41520d14) C:\Windows\system32\DRIVERS\usbehci.sys
2011/04/08 10:11:02.0198 0792	usbhub          (14d2a4dcd92c0b3368667aed6893463d) C:\Windows\system32\DRIVERS\usbhub.sys
2011/04/08 10:11:02.0261 0792	USBModem        (f74a54774a9b0afeb3c40adec68aa600) C:\Windows\system32\DRIVERS\lgusbmodem.sys
2011/04/08 10:11:02.0292 0792	usbohci         (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/04/08 10:11:02.0323 0792	usbprint        (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\DRIVERS\usbprint.sys
2011/04/08 10:11:02.0385 0792	usbscan         (b1f95285c08ddfe00c0b955462637ec7) C:\Windows\system32\DRIVERS\usbscan.sys
2011/04/08 10:11:02.0448 0792	usbsermptxp     (49106ee29074e6a3d3ac9e24c6d791d8) C:\Windows\system32\DRIVERS\usbsermptxp.sys
2011/04/08 10:11:02.0479 0792	USBSTOR         (7887ce56934e7f104e98c975f47353c5) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/04/08 10:11:02.0541 0792	usbuhci         (7747b902f6b7d0096f9c2bf55d3247f1) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/04/08 10:11:02.0604 0792	vga             (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/04/08 10:11:02.0651 0792	VgaSave         (17a8f877314e4067f8c8172cc6d9101c) C:\Windows\System32\drivers\vga.sys
2011/04/08 10:11:02.0682 0792	viaagp          (d5929a28bdff4367a12caf06af901971) C:\Windows\system32\drivers\viaagp.sys
2011/04/08 10:11:02.0713 0792	ViaC7           (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2011/04/08 10:11:02.0744 0792	viaide          (c0ace9d0f5a5ee0b00f58345947a57fc) C:\Windows\system32\drivers\viaide.sys
2011/04/08 10:11:02.0791 0792	volmgr          (fd16fac15f9f165ac19a618e7b391f5c) C:\Windows\system32\drivers\volmgr.sys
2011/04/08 10:11:02.0838 0792	volmgrx         (294da8d3f965f6a8db934a83c7b461ff) C:\Windows\system32\drivers\volmgrx.sys
2011/04/08 10:11:02.0900 0792	volsnap         (80dc0c9bcb579ed9815001a4d37cbfd5) C:\Windows\system32\drivers\volsnap.sys
2011/04/08 10:11:02.0931 0792	vsmraid         (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2011/04/08 10:11:02.0978 0792	WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/04/08 10:11:03.0025 0792	Wanarp          (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/08 10:11:03.0041 0792	Wanarpv6        (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/08 10:11:03.0087 0792	Wd              (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2011/04/08 10:11:03.0134 0792	Wdf01000        (7b5f66e4a2219c7d9daf9e738480e534) C:\Windows\system32\drivers\Wdf01000.sys
2011/04/08 10:11:03.0243 0792	WmiAcpi         (17eac0d023a65fa9b02114cc2baacad5) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/04/08 10:11:03.0321 0792	WpdUsb          (2d27171b16a577ef14c1273668753485) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/04/08 10:11:03.0353 0792	ws2ifsl         (84620aecdcfd2a7a14e6263927d8c0ed) C:\Windows\system32\drivers\ws2ifsl.sys
2011/04/08 10:11:03.0415 0792	WUDFRd          (a2aafcc8a204736296d937c7c545b53f) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/04/08 10:11:03.0477 0792	\HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/04/08 10:11:03.0477 0792	================================================================================
2011/04/08 10:11:03.0477 0792	Scan finished
2011/04/08 10:11:03.0477 0792	================================================================================
2011/04/08 10:11:03.0493 1332	Detected object count: 2
2011/04/08 10:19:22.0007 1332	HKLM\SYSTEM\ControlSet001\services\sptd - will be deleted after reboot
2011/04/08 10:19:22.0038 1332	HKLM\SYSTEM\ControlSet002\services\sptd - will be deleted after reboot
2011/04/08 10:19:22.0069 1332	C:\Windows\system32\Drivers\sptd.sys - will be deleted after reboot
2011/04/08 10:19:22.0069 1332	Locked file(sptd) - User select action: Delete 
2011/04/08 10:19:22.0147 1332	\HardDisk0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/04/08 10:19:22.0147 1332	\HardDisk0 - ok
2011/04/08 10:19:22.0147 1332	Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure 
2011/04/08 10:19:36.0671 3436	Deinitialize success
         
Danke und Gruß,
Stephi

Alt 08.04.2011, 09:54   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojan.Hiloti.Gen / Appcrash svchost.exe / Google Redirects / ständige Angriffe etc. - Standard

Trojan.Hiloti.Gen / Appcrash svchost.exe / Google Redirects / ständige Angriffe etc.



TDL4 wurde erkannt und entfernt. Bitte Windows neu starten und den TDSS-Killer zur Kontrolle nochmal ausführen - Log posten.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 08.04.2011, 10:18   #11
zelluloid
 
Trojan.Hiloti.Gen / Appcrash svchost.exe / Google Redirects / ständige Angriffe etc. - Standard

Trojan.Hiloti.Gen / Appcrash svchost.exe / Google Redirects / ständige Angriffe etc.



Wow, nach Kaspersky Tool keine Angriffe, Weiterleitungen, Windows Dienst Fehlermeldungen und XP-Designs mehr, jubelfreu
Und Windows Update funzt auch wieder!!!, bin beeindruckt (auch wenn wir bestimmt noch nicht fertig sind)

rootkit log:
Code:
ATTFilter
2011/04/08 11:08:38.0538 1852	TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/08 11:08:39.0849 1852	================================================================================
2011/04/08 11:08:39.0849 1852	SystemInfo:
2011/04/08 11:08:39.0849 1852	
2011/04/08 11:08:39.0849 1852	OS Version: 6.0.6000 ServicePack: 0.0
2011/04/08 11:08:39.0849 1852	Product type: Workstation
2011/04/08 11:08:39.0849 1852	ComputerName: ZAPHOD-LAB
2011/04/08 11:08:39.0849 1852	UserName: Zaphod
2011/04/08 11:08:39.0849 1852	Windows directory: C:\Windows
2011/04/08 11:08:39.0849 1852	System windows directory: C:\Windows
2011/04/08 11:08:39.0849 1852	Processor architecture: Intel x86
2011/04/08 11:08:39.0849 1852	Number of processors: 2
2011/04/08 11:08:39.0849 1852	Page size: 0x1000
2011/04/08 11:08:39.0849 1852	Boot type: Normal boot
2011/04/08 11:08:39.0849 1852	================================================================================
2011/04/08 11:08:40.0925 1852	Initialize success
2011/04/08 11:08:43.0920 3808	================================================================================
2011/04/08 11:08:43.0920 3808	Scan started
2011/04/08 11:08:43.0920 3808	Mode: Manual; 
2011/04/08 11:08:43.0920 3808	================================================================================
2011/04/08 11:08:45.0356 3808	ACPI            (84fc6df81212d16be5c4f441682feccc) C:\Windows\system32\drivers\acpi.sys
2011/04/08 11:08:45.0512 3808	adp94xx         (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2011/04/08 11:08:45.0558 3808	adpahci         (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2011/04/08 11:08:45.0605 3808	adpu160m        (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2011/04/08 11:08:45.0652 3808	adpu320         (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2011/04/08 11:08:45.0730 3808	AF15BDA         (25e12313338e476293178bcae4d6f4e2) C:\Windows\system32\DRIVERS\AF15BDA.sys
2011/04/08 11:08:45.0792 3808	AFD             (5d24caf8efd924a875698ff28384db8b) C:\Windows\system32\drivers\afd.sys
2011/04/08 11:08:45.0839 3808	agp440          (8b10ce1c1f9f1d47e4deb1a547a00cd4) C:\Windows\system32\drivers\agp440.sys
2011/04/08 11:08:45.0886 3808	aic78xx         (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/04/08 11:08:45.0917 3808	aliide          (5c42a992e68724d2cd3ddb4fc3b0409f) C:\Windows\system32\drivers\aliide.sys
2011/04/08 11:08:45.0948 3808	amdagp          (848f27e5b27c1c253f6cefdc1a5d8f21) C:\Windows\system32\drivers\amdagp.sys
2011/04/08 11:08:45.0980 3808	amdide          (849dfacdde533da5d1810f0caf84eb19) C:\Windows\system32\drivers\amdide.sys
2011/04/08 11:08:46.0026 3808	AmdK7           (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2011/04/08 11:08:46.0058 3808	AmdK8           (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
2011/04/08 11:08:46.0120 3808	arc             (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2011/04/08 11:08:46.0151 3808	arcsas          (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2011/04/08 11:08:46.0198 3808	AsyncMac        (e86cf7ce67d5de898f27ef884dc357d8) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/04/08 11:08:46.0245 3808	atapi           (e03e8c99d15d0381e02743c36afc7c6f) C:\Windows\system32\drivers\atapi.sys
2011/04/08 11:08:46.0307 3808	atksgt          (6e996cf8459a2594e0e9609d0e34d41f) C:\Windows\system32\DRIVERS\atksgt.sys
2011/04/08 11:08:46.0370 3808	b57nd60x        (8e287eb3a52fd30c999482c576f4a61b) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/04/08 11:08:46.0432 3808	Beep            (ac3dd1708b22761ebd7cbe14dcc3b5d7) C:\Windows\system32\drivers\Beep.sys
2011/04/08 11:08:46.0666 3808	BHDrvx86        (32d6e07922d17bed40ae746fc86b8a68) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110309.001\BHDrvx86.sys
2011/04/08 11:08:46.0744 3808	bowser          (913cd06fbe9105ce6077e90fd4418561) C:\Windows\system32\DRIVERS\bowser.sys
2011/04/08 11:08:46.0791 3808	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/04/08 11:08:46.0822 3808	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/04/08 11:08:46.0869 3808	Brserid         (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/04/08 11:08:46.0900 3808	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/04/08 11:08:46.0931 3808	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/04/08 11:08:46.0947 3808	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/04/08 11:08:47.0009 3808	BthAvrcp        (3472331b9d460212965b51a8d38e8bec) C:\Windows\system32\DRIVERS\BthAvrcp.sys
2011/04/08 11:08:47.0072 3808	BthEnum         (cf97c2d6a011ee9403b42191b5f95ba8) C:\Windows\system32\DRIVERS\BthEnum.sys
2011/04/08 11:08:47.0118 3808	BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/04/08 11:08:47.0181 3808	BthPan          (b8c3d9ddf85fd197c3e5f849fef71144) C:\Windows\system32\DRIVERS\bthpan.sys
2011/04/08 11:08:47.0228 3808	BTHPORT         (b4ce8000aab30a9ab16cd0fb3db4d7cf) C:\Windows\system32\Drivers\BTHport.sys
2011/04/08 11:08:47.0274 3808	BTHUSB          (9a4ddc8544c1459aa2a118a8858dade3) C:\Windows\system32\Drivers\BTHUSB.sys
2011/04/08 11:08:47.0321 3808	cdfs            (6c3a437fc873c6f6a4fc620b6888cb86) C:\Windows\system32\DRIVERS\cdfs.sys
2011/04/08 11:08:47.0384 3808	cdrom           (8d1866e61af096ae8b582454f5e4d303) C:\Windows\system32\DRIVERS\cdrom.sys
2011/04/08 11:08:47.0430 3808	circlass        (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2011/04/08 11:08:47.0477 3808	CLFS            (1b84fd0937d3b99af9ba38ddff3daf54) C:\Windows\system32\CLFS.sys
2011/04/08 11:08:47.0540 3808	CmBatt          (ed97ad3df1b9005989eaf149bf06c821) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/04/08 11:08:47.0555 3808	cmdide          (de11a06e187756ecb86cfa82dac40ff7) C:\Windows\system32\drivers\cmdide.sys
2011/04/08 11:08:47.0633 3808	CnxtHdAudService (b6e7991e3d6146c04c85cd31af22a381) C:\Windows\system32\drivers\CHDRT32.sys
2011/04/08 11:08:47.0696 3808	Compbatt        (722936afb75a7f509662b69b5632f48a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/04/08 11:08:47.0727 3808	crcdisk         (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2011/04/08 11:08:47.0774 3808	Crusoe          (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2011/04/08 11:08:47.0836 3808	CSC             (ee95a5f89766f199557e5900ce6b2d7d) C:\Windows\system32\drivers\csc.sys
2011/04/08 11:08:47.0867 3808	DfsC            (a7179de59ae269ab70345527894ccd7c) C:\Windows\system32\Drivers\dfsc.sys
2011/04/08 11:08:47.0945 3808	disk            (841af4c4d41d3e3b2f244e976b0f7963) C:\Windows\system32\drivers\disk.sys
2011/04/08 11:08:48.0023 3808	drmkaud         (ee472cd2c01f6f8e8aa1fa06ffef61b6) C:\Windows\system32\drivers\drmkaud.sys
2011/04/08 11:08:48.0070 3808	DXGKrnl         (a2b160c1bb13ee3303c342e551373c59) C:\Windows\System32\drivers\dxgkrnl.sys
2011/04/08 11:08:48.0164 3808	E1G60           (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/04/08 11:08:48.0210 3808	Ecache          (0efc7531b936ee57fdb4e837664c509f) C:\Windows\system32\drivers\ecache.sys
2011/04/08 11:08:48.0335 3808	eeCtrl          (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2011/04/08 11:08:48.0398 3808	elxstor         (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2011/04/08 11:08:48.0444 3808	EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2011/04/08 11:08:48.0491 3808	fastfat         (84a317cb0b3954d3768cdcd018dbf670) C:\Windows\system32\drivers\fastfat.sys
2011/04/08 11:08:48.0538 3808	fdc             (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
2011/04/08 11:08:48.0569 3808	FileInfo        (65773d6115c037ffd7ef8280ae85eb9d) C:\Windows\system32\drivers\fileinfo.sys
2011/04/08 11:08:48.0616 3808	Filetrace       (c226dd0de060745f3e042f58dcf78402) C:\Windows\system32\drivers\filetrace.sys
2011/04/08 11:08:48.0647 3808	flpydisk        (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/04/08 11:08:48.0663 3808	FltMgr          (a6a8da7ae4d53394ab22ac3ab6d3f5d3) C:\Windows\system32\drivers\fltmgr.sys
2011/04/08 11:08:48.0725 3808	Fs_Rec          (66a078591208baa210c7634b11eb392c) C:\Windows\system32\drivers\Fs_Rec.sys
2011/04/08 11:08:48.0756 3808	gagp30kx        (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2011/04/08 11:08:48.0819 3808	HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/04/08 11:08:48.0881 3808	HDAudBus        (0db613a7e427b5663563677796fd5258) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/04/08 11:08:48.0912 3808	HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/04/08 11:08:48.0944 3808	HidIr           (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/04/08 11:08:49.0006 3808	HidUsb          (01e7971e9f4bd6ac6a08db52d0ea0418) C:\Windows\system32\DRIVERS\hidusb.sys
2011/04/08 11:08:49.0068 3808	Hotkey          (8b566ea71d5b76157a9cdb78f25a5731) C:\Windows\system32\drivers\Hotkey.sys
2011/04/08 11:08:49.0100 3808	HpCISSs         (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2011/04/08 11:08:49.0146 3808	HTTP            (ea24fe637d974a8a31bc650f478e3533) C:\Windows\system32\drivers\HTTP.sys
2011/04/08 11:08:49.0224 3808	hwdatacard      (4e370a583e78b614918c8f2cd5b733ef) C:\Windows\system32\DRIVERS\ewusbmdm.sys
2011/04/08 11:08:49.0256 3808	i2omp           (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2011/04/08 11:08:49.0334 3808	i8042prt        (1c9ee072baa3abb460b91d7ee9152660) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/04/08 11:08:49.0412 3808	ialm            (9378d57e2b96c0a185d844770ad49948) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/04/08 11:08:49.0505 3808	iaStorV         (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2011/04/08 11:08:49.0755 3808	IDSVix86        (7c8ce2b83a89ee1cb0c3fee5991e62a2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110407.001\IDSvix86.sys
2011/04/08 11:08:49.0942 3808	igfx            (9378d57e2b96c0a185d844770ad49948) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/04/08 11:08:50.0004 3808	iirsp           (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/04/08 11:08:50.0082 3808	intelide        (59b00efb24ead979becf413703bb1fac) C:\Windows\system32\drivers\intelide.sys
2011/04/08 11:08:50.0114 3808	intelppm        (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
2011/04/08 11:08:50.0160 3808	IpFilterDriver  (880c6f86cc3f551b8fea2c11141268c0) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/04/08 11:08:50.0223 3808	IPMIDRV         (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2011/04/08 11:08:50.0270 3808	IPNAT           (10077c35845101548037df04fd1a420b) C:\Windows\system32\DRIVERS\ipnat.sys
2011/04/08 11:08:50.0301 3808	IRENUM          (a82f328f4792304184642d6d397bb1e3) C:\Windows\system32\drivers\irenum.sys
2011/04/08 11:08:50.0332 3808	isapnp          (2f8ece2699e7e2070545e9b0960a8ed2) C:\Windows\system32\drivers\isapnp.sys
2011/04/08 11:08:50.0394 3808	iScsiPrt        (4dca456d4d5723f8fa9c6760d240b0df) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/04/08 11:08:50.0410 3808	iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/04/08 11:08:50.0441 3808	iteraid         (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/04/08 11:08:50.0628 3808	kbdclass        (b076b2ab806b3f696dab21375389101c) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/04/08 11:08:50.0722 3808	kbdhid          (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\drivers\kbdhid.sys
2011/04/08 11:08:50.0784 3808	KSecDD          (0a829977b078dea11641fc2af87ceade) C:\Windows\system32\Drivers\ksecdd.sys
2011/04/08 11:08:50.0894 3808	LHidFilt        (7f9c7b28cf1c859e1c42619eea946dc8) C:\Windows\system32\DRIVERS\LHidFilt.Sys
2011/04/08 11:08:50.0956 3808	lirsgt          (975b6cf65f44e95883f3855bae8cecaf) C:\Windows\system32\DRIVERS\lirsgt.sys
2011/04/08 11:08:50.0987 3808	lltdio          (fd015b4f95daa2b712f0e372a116fbad) C:\Windows\system32\DRIVERS\lltdio.sys
2011/04/08 11:08:51.0018 3808	LMouFilt        (ab33792a87285344f43b5ce23421bab0) C:\Windows\system32\DRIVERS\LMouFilt.Sys
2011/04/08 11:08:51.0065 3808	LSI_FC          (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2011/04/08 11:08:51.0112 3808	LSI_SAS         (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2011/04/08 11:08:51.0159 3808	LSI_SCSI        (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2011/04/08 11:08:51.0206 3808	luafv           (42885bb44b6e065b8575a8dd6c430c52) C:\Windows\system32\drivers\luafv.sys
2011/04/08 11:08:51.0252 3808	megasas         (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2011/04/08 11:08:51.0299 3808	Modem           (21755967298a46fb6adfec9db6012211) C:\Windows\system32\drivers\modem.sys
2011/04/08 11:08:51.0346 3808	monitor         (7446e104a5fe5987ca9e4983fbac4f97) C:\Windows\system32\DRIVERS\monitor.sys
2011/04/08 11:08:51.0408 3808	mouclass        (5fba13c1a1841b0885d316ed3589489d) C:\Windows\system32\DRIVERS\mouclass.sys
2011/04/08 11:08:51.0440 3808	mouhid          (b569b5c5d3bde545df3a6af512cccdba) C:\Windows\system32\DRIVERS\mouhid.sys
2011/04/08 11:08:51.0471 3808	MountMgr        (01f1e5a3e4877c931cbb31613fec16a6) C:\Windows\system32\drivers\mountmgr.sys
2011/04/08 11:08:51.0518 3808	mpio            (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2011/04/08 11:08:51.0564 3808	mpsdrv          (6e7a7f0c1193ee5648443fe2d4b789ec) C:\Windows\system32\drivers\mpsdrv.sys
2011/04/08 11:08:51.0596 3808	Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/04/08 11:08:51.0642 3808	MRxDAV          (1d8828b98ee309d65e006f0829e280e5) C:\Windows\system32\drivers\mrxdav.sys
2011/04/08 11:08:51.0689 3808	mrxsmb          (8af705ce1bb907932157fab821170f27) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/04/08 11:08:51.0720 3808	mrxsmb10        (47e13ab23371be3279eef22bbfa2c1be) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/04/08 11:08:51.0752 3808	mrxsmb20        (90b3fc7bd6b3d7ee7635debba2187f66) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/04/08 11:08:51.0814 3808	msahci          (2681302b63b318cbea6c82902ac5428c) C:\Windows\system32\drivers\msahci.sys
2011/04/08 11:08:51.0845 3808	msdsm           (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2011/04/08 11:08:51.0892 3808	Msfs            (729eafefd4e7417165f353a18dbe947d) C:\Windows\system32\drivers\Msfs.sys
2011/04/08 11:08:51.0939 3808	msisadrv        (207df26dbb2537c20276da0e15892274) C:\Windows\system32\drivers\msisadrv.sys
2011/04/08 11:08:51.0970 3808	MSKSSRV         (892cedefa7e0ffe7be8da651b651d047) C:\Windows\system32\drivers\MSKSSRV.sys
2011/04/08 11:08:52.0017 3808	MSPCLOCK        (ae2cb1da69b2676b4cee2a501af5871c) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/04/08 11:08:52.0064 3808	MSPQM           (f910da84fa90c44a3addb7cd874463fd) C:\Windows\system32\drivers\MSPQM.sys
2011/04/08 11:08:52.0095 3808	MsRPC           (84571c0ae07647ba38d493f5f0015df7) C:\Windows\system32\drivers\MsRPC.sys
2011/04/08 11:08:52.0142 3808	mssmbios        (7dbaa028f625aa46b95dda4fbe4b602b) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/04/08 11:08:52.0173 3808	MSTEE           (c826dd1373f38afd9ca46ec3c436a14e) C:\Windows\system32\drivers\MSTEE.sys
2011/04/08 11:08:52.0204 3808	Mup             (fa7aa70050cf5e2d15de00941e5665e5) C:\Windows\system32\Drivers\mup.sys
2011/04/08 11:08:52.0266 3808	NativeWifiP     (6da4a0fc7c0e83df0cb3cfd0a514c3bc) C:\Windows\system32\DRIVERS\nwifi.sys
2011/04/08 11:08:52.0422 3808	NAVENG          (c34e2a884ccca8b5567d0c2752527073) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110407.035\NAVENG.SYS
2011/04/08 11:08:52.0500 3808	NAVEX15         (b3916eeec738dd4178f4fd6a44a32e36) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110407.035\NAVEX15.SYS
2011/04/08 11:08:52.0656 3808	NDIS            (227c11e1e7cf6ef8afb2a238d209760c) C:\Windows\system32\drivers\ndis.sys
2011/04/08 11:08:52.0719 3808	NdisTapi        (81659cdcbd0f9a9e07e6878ad8c78d3f) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/04/08 11:08:52.0766 3808	Ndisuio         (5de5ee546bf40838ebe0e01cb629df64) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/04/08 11:08:52.0812 3808	NdisWan         (397402adcbb8946223a1950101f6cd94) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/04/08 11:08:52.0859 3808	NDProxy         (1b24fa907af283199a81b3bb37e5e526) C:\Windows\system32\drivers\NDProxy.sys
2011/04/08 11:08:52.0890 3808	NetBIOS         (356dbb9f98e8dc1028dd3092fceeb877) C:\Windows\system32\DRIVERS\netbios.sys
2011/04/08 11:08:52.0937 3808	netbt           (e3a168912e7eefc3bd3b814720d68b41) C:\Windows\system32\DRIVERS\netbt.sys
2011/04/08 11:08:53.0062 3808	NETw4v32        (6522dd40a5f67ced020bd81b856613fb) C:\Windows\system32\DRIVERS\NETw4v32.sys
2011/04/08 11:08:53.0140 3808	nfrd960         (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/04/08 11:08:53.0218 3808	Npfs            (4f9832beb9fafd8ceb0e541f1323b26e) C:\Windows\system32\drivers\Npfs.sys
2011/04/08 11:08:53.0249 3808	nsiproxy        (b488dfec274de1fc9d653870ef2587be) C:\Windows\system32\drivers\nsiproxy.sys
2011/04/08 11:08:53.0327 3808	Ntfs            (37430aa7a66d7a63407adc2c0d05e9f6) C:\Windows\system32\drivers\Ntfs.sys
2011/04/08 11:08:53.0390 3808	ntrigdigi       (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/04/08 11:08:53.0421 3808	Null            (ec5efb3c60f1b624648344a328bce596) C:\Windows\system32\drivers\Null.sys
2011/04/08 11:08:53.0452 3808	nvraid          (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
2011/04/08 11:08:53.0499 3808	nvstor          (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
2011/04/08 11:08:53.0530 3808	nv_agp          (055081fd5076401c1ee1bcab08d81911) C:\Windows\system32\drivers\nv_agp.sys
2011/04/08 11:08:53.0624 3808	ohci1394        (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
2011/04/08 11:08:53.0702 3808	Parport         (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\DRIVERS\parport.sys
2011/04/08 11:08:53.0733 3808	partmgr         (555a5b2c8022983bc7467bc925b222ee) C:\Windows\system32\drivers\partmgr.sys
2011/04/08 11:08:53.0764 3808	Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\DRIVERS\parvdm.sys
2011/04/08 11:08:53.0826 3808	pci             (bdd96f9cf34d58958aff1be6ef4c8020) C:\Windows\system32\drivers\pci.sys
2011/04/08 11:08:53.0858 3808	pciide          (54d23dc5b5072311116826fdb7f6e83e) C:\Windows\system32\drivers\pciide.sys
2011/04/08 11:08:53.0889 3808	pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/04/08 11:08:53.0967 3808	PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/04/08 11:08:54.0092 3808	PptpMiniport    (c04dec5ace67c5247b150c4223970bb7) C:\Windows\system32\DRIVERS\raspptp.sys
2011/04/08 11:08:54.0123 3808	Processor       (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2011/04/08 11:08:54.0201 3808	PSched          (2c8bae55247c4e09352e870292e4d1ab) C:\Windows\system32\DRIVERS\pacer.sys
2011/04/08 11:08:54.0248 3808	PxHelp20        (e42e3433dbb4cffe8fdd91eab29aea8e) C:\Windows\system32\Drivers\PxHelp20.sys
2011/04/08 11:08:54.0310 3808	ql2300          (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2011/04/08 11:08:54.0388 3808	ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/04/08 11:08:54.0419 3808	QWAVEdrv        (d2b3e2b7426dc23e185fbc73c8936c12) C:\Windows\system32\drivers\qwavedrv.sys
2011/04/08 11:08:54.0450 3808	RasAcd          (bd7b30f55b3649506dd8b3d38f571d2a) C:\Windows\system32\DRIVERS\rasacd.sys
2011/04/08 11:08:54.0528 3808	Rasl2tp         (68b0019fee429ec49d29017af937e482) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/04/08 11:08:54.0575 3808	RasPppoe        (ccf4e9c6cbbac81437f88cb2ae0b6c96) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/04/08 11:08:54.0622 3808	rdbss           (54129c5d9581bbec8bd1ebd3ba813f47) C:\Windows\system32\DRIVERS\rdbss.sys
2011/04/08 11:08:54.0653 3808	RDPCDD          (794585276b5d7fca9f3fc15543f9f0b9) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/04/08 11:08:54.0700 3808	rdpdr           (0245418224cfa77bf4b41c2fe0622258) C:\Windows\system32\DRIVERS\rdpdr.sys
2011/04/08 11:08:54.0731 3808	RDPENCDD        (980b56e2e273e19d3a9d72d5c420f008) C:\Windows\system32\drivers\rdpencdd.sys
2011/04/08 11:08:54.0762 3808	RDPWD           (8830e790a74a96605faba74f9665bb3c) C:\Windows\system32\drivers\RDPWD.sys
2011/04/08 11:08:54.0840 3808	RFCOMM          (7ec90c316177ba3f1bce92005264b447) C:\Windows\system32\DRIVERS\rfcomm.sys
2011/04/08 11:08:54.0887 3808	rspndr          (97e939d2128fec5d5a3e6e79b290a2f4) C:\Windows\system32\DRIVERS\rspndr.sys
2011/04/08 11:08:54.0934 3808	RTL8169         (71b7026d61293c1e91145bdad11c53bf) C:\Windows\system32\DRIVERS\Rtlh86.sys
2011/04/08 11:08:54.0981 3808	RTSTOR          (e845f4d709c456992f11d2acf321bced) C:\Windows\system32\drivers\RTSTOR.SYS
2011/04/08 11:08:55.0012 3808	sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/04/08 11:08:55.0059 3808	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/04/08 11:08:55.0106 3808	Serenum         (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\DRIVERS\serenum.sys
2011/04/08 11:08:55.0152 3808	Serial          (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\DRIVERS\serial.sys
2011/04/08 11:08:55.0199 3808	sermouse        (450accd77ec5cea720c1cdb9e26b953b) C:\Windows\system32\drivers\sermouse.sys
2011/04/08 11:08:55.0246 3808	sffdisk         (51cf56aa8bcc241f134b420b8f850406) C:\Windows\system32\drivers\sffdisk.sys
2011/04/08 11:08:55.0277 3808	sffp_mmc        (96ded8b20c734ac41641ce275250e55d) C:\Windows\system32\drivers\sffp_mmc.sys
2011/04/08 11:08:55.0293 3808	sffp_sd         (8b08cab1267b2c377883fc9e56981f90) C:\Windows\system32\drivers\sffp_sd.sys
2011/04/08 11:08:55.0324 3808	sfloppy         (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/04/08 11:08:55.0371 3808	sisagp          (08072b2fb92477fc813271a84b3a8698) C:\Windows\system32\drivers\sisagp.sys
2011/04/08 11:08:55.0402 3808	SiSRaid2        (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2011/04/08 11:08:55.0433 3808	SiSRaid4        (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2011/04/08 11:08:55.0480 3808	Smb             (ac0d90738adb51a6fd12ff00874a2162) C:\Windows\system32\DRIVERS\smb.sys
2011/04/08 11:08:55.0511 3808	spldr           (426f9b029aa9162ceccf65369457d046) C:\Windows\system32\drivers\spldr.sys
2011/04/08 11:08:55.0620 3808	SRTSP           (a7a104a61c4e30de9c58f8c372a5c209) C:\Windows\System32\Drivers\NIS\1205000.07D\SRTSP.SYS
2011/04/08 11:08:55.0667 3808	SRTSPX          (2833445f786bd000bb14c84a9d91347a) C:\Windows\system32\drivers\NIS\1205000.07D\SRTSPX.SYS
2011/04/08 11:08:55.0761 3808	srv             (038579c35f7cad4a4bbf735dbf83277d) C:\Windows\system32\DRIVERS\srv.sys
2011/04/08 11:08:55.0808 3808	srv2            (6971a757af8cb5e2cbcbb76cc530db6c) C:\Windows\system32\DRIVERS\srv2.sys
2011/04/08 11:08:55.0854 3808	srvnet          (9e1a4603b874eebce0298113951abefb) C:\Windows\system32\DRIVERS\srvnet.sys
2011/04/08 11:08:55.0948 3808	SVKP            (f05028b163b92c302a74409d683ac9b0) C:\Windows\system32\SVKP.sys
2011/04/08 11:08:55.0995 3808	swenum          (3b80b4383c9bce13279c8482734b32b2) C:\Windows\system32\DRIVERS\swenum.sys
2011/04/08 11:08:56.0042 3808	Symc8xx         (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/04/08 11:08:56.0120 3808	SymDS           (bdf077b897b5f9f929b6bf0cfd436962) C:\Windows\system32\drivers\NIS\1205000.07D\SYMDS.SYS
2011/04/08 11:08:56.0198 3808	SymEFA          (7732298ad2eddd364c1d4f439d99ae7c) C:\Windows\system32\drivers\NIS\1205000.07D\SYMEFA.SYS
2011/04/08 11:08:56.0276 3808	SymEvent        (5c76a63fac8a5580c5a1c4a4ed827782) C:\Windows\system32\Drivers\SYMEVENT.SYS
2011/04/08 11:08:56.0338 3808	SymIRON         (a73399804d5d4a8b20ba60fcf70c9f1f) C:\Windows\system32\drivers\NIS\1205000.07D\Ironx86.SYS
2011/04/08 11:08:56.0400 3808	SYMTDIv         (c93e93bff7cba0cd1c1ea282d791b772) C:\Windows\System32\Drivers\NIS\1205000.07D\SYMTDIV.SYS
2011/04/08 11:08:56.0447 3808	Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/04/08 11:08:56.0478 3808	Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/04/08 11:08:56.0510 3808	SynTP           (f7a4250bb3e3afcd4af100e551509352) C:\Windows\system32\DRIVERS\SynTP.sys
2011/04/08 11:08:56.0603 3808	Tcpip           (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\drivers\tcpip.sys
2011/04/08 11:08:56.0650 3808	Tcpip6          (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\DRIVERS\tcpip.sys
2011/04/08 11:08:56.0681 3808	tcpipreg        (5ce0c4a7b12d0067dad527d72b68c726) C:\Windows\system32\drivers\tcpipreg.sys
2011/04/08 11:08:56.0728 3808	TDPIPE          (964248aef49c31fa6a93201a73ffaf50) C:\Windows\system32\drivers\tdpipe.sys
2011/04/08 11:08:56.0759 3808	TDTCP           (7d2c1ae1648a60fce4aa0f7982e419d3) C:\Windows\system32\drivers\tdtcp.sys
2011/04/08 11:08:56.0806 3808	tdx             (ab4fde8af4a0270a46a001c08cbce1c2) C:\Windows\system32\DRIVERS\tdx.sys
2011/04/08 11:08:56.0853 3808	TermDD          (849ed71967d45f15c3e0abfc633fdf2a) C:\Windows\system32\DRIVERS\termdd.sys
2011/04/08 11:08:56.0915 3808	tssecsrv        (29f0eca726f0d51f7e048bdb0b372f29) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/04/08 11:08:56.0962 3808	tunmp           (65e953bc0084d44498b51f59784d2a82) C:\Windows\system32\DRIVERS\tunmp.sys
2011/04/08 11:08:56.0993 3808	tunnel          (4a39bda5e0fd30bdf4884f9d33ae6105) C:\Windows\system32\DRIVERS\tunnel.sys
2011/04/08 11:08:57.0024 3808	uagp35          (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2011/04/08 11:08:57.0056 3808	udfs            (6348da98707ceda8a0dfb05820e17732) C:\Windows\system32\DRIVERS\udfs.sys
2011/04/08 11:08:57.0102 3808	uliagpkx        (6d72ef05921abdf59fc45c7ebfe7e8dd) C:\Windows\system32\drivers\uliagpkx.sys
2011/04/08 11:08:57.0149 3808	uliahci         (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2011/04/08 11:08:57.0180 3808	UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/04/08 11:08:57.0212 3808	ulsata2         (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/04/08 11:08:57.0258 3808	umbus           (3fb78f1d1dd86d87bececd9dffa24dd9) C:\Windows\system32\DRIVERS\umbus.sys
2011/04/08 11:08:57.0336 3808	USB28xxBGA      (01f43ddc94653cd68d2794ec4500debc) C:\Windows\system32\DRIVERS\emBDA.sys
2011/04/08 11:08:57.0368 3808	USB28xxOEM      (925e82ffe06a37799e5cb486528ed835) C:\Windows\system32\DRIVERS\emOEM.sys
2011/04/08 11:08:57.0430 3808	usbbus          (9419faac6552a51542dbba02971c841c) C:\Windows\system32\DRIVERS\lgusbbus.sys
2011/04/08 11:08:57.0477 3808	usbccgp         (03b01e8dbd2da2b49157b7e51912aaf2) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/04/08 11:08:57.0539 3808	usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/04/08 11:08:57.0586 3808	UsbDiag         (c0a466fa4ffec464320e159bc1bbdc0c) C:\Windows\system32\DRIVERS\lgusbdiag.sys
2011/04/08 11:08:57.0648 3808	usbehci         (2f83363f98484f8edaf49f9b41520d14) C:\Windows\system32\DRIVERS\usbehci.sys
2011/04/08 11:08:57.0695 3808	usbhub          (14d2a4dcd92c0b3368667aed6893463d) C:\Windows\system32\DRIVERS\usbhub.sys
2011/04/08 11:08:57.0758 3808	USBModem        (f74a54774a9b0afeb3c40adec68aa600) C:\Windows\system32\DRIVERS\lgusbmodem.sys
2011/04/08 11:08:57.0789 3808	usbohci         (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/04/08 11:08:57.0836 3808	usbprint        (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\DRIVERS\usbprint.sys
2011/04/08 11:08:57.0898 3808	usbscan         (b1f95285c08ddfe00c0b955462637ec7) C:\Windows\system32\DRIVERS\usbscan.sys
2011/04/08 11:08:57.0945 3808	usbsermptxp     (49106ee29074e6a3d3ac9e24c6d791d8) C:\Windows\system32\DRIVERS\usbsermptxp.sys
2011/04/08 11:08:57.0992 3808	USBSTOR         (7887ce56934e7f104e98c975f47353c5) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/04/08 11:08:58.0054 3808	usbuhci         (7747b902f6b7d0096f9c2bf55d3247f1) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/04/08 11:08:58.0116 3808	vga             (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/04/08 11:08:58.0163 3808	VgaSave         (17a8f877314e4067f8c8172cc6d9101c) C:\Windows\System32\drivers\vga.sys
2011/04/08 11:08:58.0194 3808	viaagp          (d5929a28bdff4367a12caf06af901971) C:\Windows\system32\drivers\viaagp.sys
2011/04/08 11:08:58.0226 3808	ViaC7           (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2011/04/08 11:08:58.0257 3808	viaide          (c0ace9d0f5a5ee0b00f58345947a57fc) C:\Windows\system32\drivers\viaide.sys
2011/04/08 11:08:58.0304 3808	volmgr          (fd16fac15f9f165ac19a618e7b391f5c) C:\Windows\system32\drivers\volmgr.sys
2011/04/08 11:08:58.0350 3808	volmgrx         (294da8d3f965f6a8db934a83c7b461ff) C:\Windows\system32\drivers\volmgrx.sys
2011/04/08 11:08:58.0413 3808	volsnap         (80dc0c9bcb579ed9815001a4d37cbfd5) C:\Windows\system32\drivers\volsnap.sys
2011/04/08 11:08:58.0444 3808	vsmraid         (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2011/04/08 11:08:58.0506 3808	WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/04/08 11:08:58.0538 3808	Wanarp          (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/08 11:08:58.0553 3808	Wanarpv6        (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/08 11:08:58.0600 3808	Wd              (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2011/04/08 11:08:58.0647 3808	Wdf01000        (7b5f66e4a2219c7d9daf9e738480e534) C:\Windows\system32\drivers\Wdf01000.sys
2011/04/08 11:08:58.0772 3808	WmiAcpi         (17eac0d023a65fa9b02114cc2baacad5) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/04/08 11:08:58.0850 3808	WpdUsb          (2d27171b16a577ef14c1273668753485) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/04/08 11:08:58.0896 3808	ws2ifsl         (84620aecdcfd2a7a14e6263927d8c0ed) C:\Windows\system32\drivers\ws2ifsl.sys
2011/04/08 11:08:58.0943 3808	WUDFRd          (a2aafcc8a204736296d937c7c545b53f) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/04/08 11:08:59.0037 3808	================================================================================
2011/04/08 11:08:59.0037 3808	Scan finished
2011/04/08 11:08:59.0037 3808	================================================================================
2011/04/08 11:09:15.0604 2020	Deinitialize success
         
und Gruß,
Stephi

Alt 08.04.2011, 10:35   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojan.Hiloti.Gen / Appcrash svchost.exe / Google Redirects / ständige Angriffe etc. - Standard

Trojan.Hiloti.Gen / Appcrash svchost.exe / Google Redirects / ständige Angriffe etc.



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 08.04.2011, 11:52   #13
zelluloid
 
Trojan.Hiloti.Gen / Appcrash svchost.exe / Google Redirects / ständige Angriffe etc. - Standard

Trojan.Hiloti.Gen / Appcrash svchost.exe / Google Redirects / ständige Angriffe etc.



Hallo Arne,

Combofix lief problemlos. Hier die logfile:

Code:
ATTFilter
ComboFix 11-04-07.08 - Zaphod 08.04.2011  12:24:30.1.2 - x86
Microsoft® Windows Vista™ Business   6.0.6000.0.1252.49.1031.18.2038.1037 [GMT 2:00]
ausgeführt von:: c:\users\Zaphod\Downloads\cofi.exe
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\Thumbs.db
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-03-08 bis 2011-04-08  ))))))))))))))))))))))))))))))
.
.
2011-04-08 10:35 . 2011-04-08 10:35	--------	d-----w-	c:\users\Zaphod\AppData\Local\temp
2011-04-08 10:13 . 2011-04-08 10:13	--------	d-----w-	c:\program files\CCleaner
2011-04-07 19:12 . 2011-04-07 19:12	--------	d-----w-	C:\_OTL
2011-04-06 15:22 . 2010-12-20 16:09	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-06 15:22 . 2010-12-20 16:08	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-04-06 12:03 . 2011-04-06 12:03	--------	d-----w-	c:\program files\Common Files\Java
2011-04-06 12:02 . 2011-04-06 12:02	--------	d-----w-	c:\program files\Java
2011-04-06 11:59 . 2011-04-06 11:59	--------	d-----w-	c:\programdata\Apple Computer
2011-04-06 11:59 . 2010-04-16 17:00	159744	----a-w-	c:\program files\Mozilla Firefox\plugins\npqtplugin5.dll
2011-04-06 11:59 . 2010-04-16 17:00	159744	----a-w-	c:\program files\Mozilla Firefox\plugins\npqtplugin4.dll
2011-04-06 11:59 . 2010-04-16 17:00	159744	----a-w-	c:\program files\Mozilla Firefox\plugins\npqtplugin3.dll
2011-04-06 11:59 . 2010-04-16 17:00	159744	----a-w-	c:\program files\Mozilla Firefox\plugins\npqtplugin2.dll
2011-04-06 11:59 . 2010-04-16 17:00	159744	----a-w-	c:\program files\Mozilla Firefox\plugins\npqtplugin.dll
2011-04-06 11:59 . 2010-03-17 20:53	94208	----a-w-	c:\windows\system32\QuickTimeVR.qtx
2011-04-06 11:59 . 2010-03-17 20:53	69632	----a-w-	c:\windows\system32\QuickTime.qts
2011-04-06 11:59 . 2010-03-17 20:53	180224	----a-w-	c:\windows\system32\QTCF.dll
2011-04-06 11:59 . 2011-04-06 11:59	--------	d-----w-	c:\program files\QuickTime Alternative
2011-04-06 10:18 . 2011-04-06 11:34	--------	d-----w-	c:\program files\Spybot - Search & Destroy
2011-04-06 10:18 . 2011-04-06 11:32	--------	d-----w-	c:\programdata\Spybot - Search & Destroy
2011-04-06 08:52 . 2011-04-06 08:52	--------	d-----w-	c:\users\Zaphod\AppData\Roaming\Malwarebytes
2011-04-06 08:52 . 2011-04-06 08:52	--------	d-----w-	c:\programdata\Malwarebytes
2011-04-06 08:52 . 2011-04-06 15:22	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2011-03-29 08:11 . 2011-03-29 08:11	--------	d-----w-	c:\users\Zaphod\AppData\Local\DDMSettings
2011-03-27 19:59 . 2011-03-27 19:59	--------	d-----w-	c:\program files\Common Files\DivX Shared
2011-03-26 12:36 . 2011-03-26 12:36	--------	d-----w-	c:\users\Zaphod\AppData\Roaming\EAC
2011-03-26 12:36 . 2011-03-26 12:36	--------	d-----w-	c:\program files\Exact Audio Copy
2011-03-26 09:54 . 2011-03-26 09:54	--------	d-----w-	c:\programdata\Driver Whiz
2011-03-24 21:12 . 2009-03-17 09:38	364544	----a-w-	c:\windows\system32\MACDll.dll
2011-03-24 21:12 . 2009-01-19 18:39	246424	----a-w-	c:\windows\system32\unicows.dll
2011-03-24 21:12 . 2011-03-24 21:12	--------	d-----w-	c:\program files\Monkey's Audio
2011-03-24 13:30 . 2011-03-24 13:30	--------	d-----w-	c:\program files\LG Electronics
2011-03-24 13:12 . 2011-03-24 13:12	--------	d-----w-	c:\users\Zaphod\AppData\Roaming\Amazon
2011-03-24 13:11 . 2011-03-24 13:11	--------	d-----w-	c:\program files\Amazon
2011-03-24 12:42 . 2009-09-04 16:29	1892184	----a-w-	c:\windows\system32\D3DX9_42.dll
2011-03-24 12:41 . 2011-03-24 12:41	--------	d-----w-	c:\program files\Winamp Detect
2011-03-24 12:39 . 2011-04-08 10:15	--------	d-----w-	c:\users\Zaphod\AppData\Roaming\Winamp
2011-03-24 12:39 . 2011-03-24 12:42	--------	d-----w-	c:\program files\Winamp
2011-03-17 19:57 . 2011-03-17 19:57	12800	----a-w-	c:\program files\Mozilla Firefox\plugins\npwachk.dll
2011-03-09 11:22 . 2011-04-06 12:00	--------	d-----w-	c:\program files\DivX
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-06 12:02 . 2010-12-27 15:09	472808	----a-w-	c:\windows\system32\deployJava1.dll
2011-04-02 13:46 . 2006-11-02 10:32	101376	----a-w-	c:\windows\system32\ifxcardm.dll
2011-04-02 13:46 . 2006-11-02 10:32	79872	----a-w-	c:\windows\system32\axaltocm.dll
2011-04-02 11:38 . 2010-12-28 13:53	47560	----a-w-	c:\windows\system32\SPReview.exe
2011-04-02 11:38 . 2010-12-28 13:53	152576	----a-w-	c:\windows\system32\SPWizUI.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 815104]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-11 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-11 133656]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2007-12-5 813584]
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Photo Express Calendar Checker SE.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Photo Express Calendar Checker SE.lnk
backup=c:\windows\pss\Photo Express Calendar Checker SE.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Remote Control.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Remote Control.lnk
backup=c:\windows\pss\Remote Control.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Zaphod^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PowerReg Scheduler V3.exe]
path=c:\users\Zaphod\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe
backup=c:\windows\pss\PowerReg Scheduler V3.exe.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2006-12-22 05:29	67752	----a-w-	c:\program files\Adobe\Photoshop Elements 5.0\apdproxy.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Center Agent]
2009-08-18 19:02	1520128	----a-w-	c:\program files\KWorld Multimedia\HyperMedia\DTVR\Scheduled.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-03-21 21:10	1230704	----a-w-	c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 09:44	31072	----a-w-	c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotkeyApp]
2007-04-26 17:29	188416	----a-w-	c:\program files\Launch Manager\HotkeyApp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
2009-06-17 16:55	55824	----a-w-	c:\windows\KHALMNPR.Exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 13:40	155648	----a-w-	c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM2_Monitor]
2006-12-01 20:28	95800	----a-w-	c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PE2CKFNT SE]
1998-07-03 10:51	25088	------w-	c:\program files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-10-29 12:49	249064	----a-w-	c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2008-01-19 11:41	185896	----a-w-	c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2011-03-17 19:56	74752	----a-w-	c:\program files\Winamp\winampa.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2006-11-02 12:36	201728	----a-w-	c:\program files\Windows Media Player\wmpnscfg.exe
.
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2006-11-02 167936]
R3 BthAvrcp;Bluetooth-AVRCP-Profil;c:\windows\system32\DRIVERS\BthAvrcp.sys [2010-02-05 28048]
R4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-12-20 135664]
S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110309.001\BHDrvx86.sys [2011-02-25 800376]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110407.001\IDSvix86.sys [2011-03-14 353912]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-11-15 102448]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork	REG_MULTI_SZ   	PLA DPS BFE mpssvc
bthsvcs	REG_MULTI_SZ   	BthServ
.
Inhalt des "geplante Tasks" Ordners
.
2011-04-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-20 09:10]
.
2011-04-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-20 09:10]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Zaphod\AppData\Roaming\Mozilla\Firefox\Profiles\3pbm62fv.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Norton IPS: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn
FF - Ext: Norton Toolbar: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62} - c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn
FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\DivX\DivX Plus Web Player\firefox\wpa
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
SafeBoot-klmdb.sys
MSConfigStartUp-cleansweep - c:\cleansweep.exe\cleansweep.exe
MSConfigStartUp-CtrlVol - c:\program files\Launch Manager\CtrlVol.exe
MSConfigStartUp-LaunchAp - c:\program files\Launch Manager\LaunchAp.exe
MSConfigStartUp-MobileConnect - %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\QTTask.exe
MSConfigStartUp-Wbutton - c:\program files\Launch Manager\WButton.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-04-08 12:35
Windows 6.0.6000  NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\18.5.0.125\diMaster.dll\" /prefetch:1"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2011-04-08  12:40:43
ComboFix-quarantined-files.txt  2011-04-08 10:40
.
Vor Suchlauf: 13 Verzeichnis(se), 184.853.966.848 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 184.252.383.232 Bytes frei
.
- - End Of File - - 32828BEAC649B8580D4EA4B5001AC5D0
         
Gruß,
Stephi

Alt 08.04.2011, 14:02   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojan.Hiloti.Gen / Appcrash svchost.exe / Google Redirects / ständige Angriffe etc. - Standard

Trojan.Hiloti.Gen / Appcrash svchost.exe / Google Redirects / ständige Angriffe etc.



Zitat:
Windows 6.0.6000
Internet Explorer 7.0.6000.17037
Wieso wurd eigentlich noch kein einziges Update installiert?
Wo ist das SP2? Nichtmal SP1 ist drauf! Wo ist IE9 oder zumindest IE8?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 08.04.2011, 15:54   #15
zelluloid
 
Trojan.Hiloti.Gen / Appcrash svchost.exe / Google Redirects / ständige Angriffe etc. - Standard

Trojan.Hiloti.Gen / Appcrash svchost.exe / Google Redirects / ständige Angriffe etc.



Hallo Arne,

ich versteh das auch nicht. Die automatischen Updates über Windows Update habe ich immer ausgeführt. Dachte eigentlich, dass dieses Programm auch die SP's installiert. War aber nicht so.
Habe deshalb mehrmals (gerade eben auch noch einmal) versucht, das SP1 manuell zu installieren. Klappt aber nicht. Sagt mir immer am Ende der Installation, dass SP1 nicht installiert werden konnte und alle Änderungen rückgängig gemacht werden. (Norton, Windows Firewall und Defender waren immer ausgeschaltet und ich habe das SP auch immer als Admin gestartet). Wenn er wieder hochfährt, zeigt er mir den Fehlercode 0x800F0826 an.
Soll ich Norton deinstallieren? Mir fällt nix mehr ein.

Grüße,
Stephi

Antwort

Themen zu Trojan.Hiloti.Gen / Appcrash svchost.exe / Google Redirects / ständige Angriffe etc.
anti-malware, appdata, dateien, explorer, explorer.exe, funktioniert, funktioniert nicht mehr, google, infected, leitet, malwarebytes, microsoft, nicht mehr, probleme, roaming, software, svchost.exe, system, taskleiste, temp, update, vista, windows, windows update, windows vista, winlogon



Ähnliche Themen: Trojan.Hiloti.Gen / Appcrash svchost.exe / Google Redirects / ständige Angriffe etc.


  1. Virus: Ständige Popups und Redirects (asrv-a-akamaihd.org)
    Plagegeister aller Art und deren Bekämpfung - 29.05.2014 (13)
  2. Trojan hiloti
    Plagegeister aller Art und deren Bekämpfung - 04.05.2011 (5)
  3. google redirects unter ff und ie
    Plagegeister aller Art und deren Bekämpfung - 28.04.2011 (2)
  4. Trojan.Agent, Trojan.FakeAltert, Trojan.Hiloti.Gen gefunden und gelöscht,aber wirklich weg?
    Log-Analyse und Auswertung - 27.04.2011 (11)
  5. Windows Absturz.APPCRASH svchost.exe
    Log-Analyse und Auswertung - 14.04.2011 (3)
  6. Nachsorge nach Trojanerbefall (Trojan.Hiloti.Gen)
    Plagegeister aller Art und deren Bekämpfung - 13.04.2011 (2)
  7. Trojan.Hiloti.Gen / Trojan.SpyEyes /Trojan.Agent.U in Registry
    Plagegeister aller Art und deren Bekämpfung - 18.02.2011 (12)
  8. Windows stürzt ab. APPCRASH svchost.exe
    Log-Analyse und Auswertung - 11.01.2011 (46)
  9. Befall mit trojan.hiloti & co. C:\WINDOWS\msmcfy.dll (Trojan.Hiloti)
    Plagegeister aller Art und deren Bekämpfung - 09.12.2010 (16)
  10. Google Redirects zu unerwünschten Seiten
    Plagegeister aller Art und deren Bekämpfung - 11.10.2010 (1)
  11. Spyware.Zbot/Trojan Downloader/Trojan.Hiloti Viren Problem!
    Plagegeister aller Art und deren Bekämpfung - 04.10.2010 (3)
  12. ständige Angriffe in Firefox 3.6.10 und T-Com Browser 6.0
    Plagegeister aller Art und deren Bekämpfung - 16.07.2010 (19)
  13. Trojan.Zbot/Hiloti auf dem rechner
    Plagegeister aller Art und deren Bekämpfung - 04.07.2010 (8)
  14. Explorer stürzt ständig ab und ständige angriffe auf meinen rechner
    Plagegeister aller Art und deren Bekämpfung - 24.04.2010 (6)
  15. Trojan.Packed.Hiloti.gen.2-BitDefender-Keine Aktion möglich
    Plagegeister aller Art und deren Bekämpfung - 12.11.2009 (26)
  16. go.google.com redirects verhindern via Deaktivieren von TDSSserv.sys - und nun?
    Log-Analyse und Auswertung - 11.01.2009 (9)
  17. Ständige Angriffe? InetExplorer kaputt
    Log-Analyse und Auswertung - 30.05.2006 (4)

Zum Thema Trojan.Hiloti.Gen / Appcrash svchost.exe / Google Redirects / ständige Angriffe etc. - (Kenne mich nicht so aus, also bitte nicht wundern, ich geb mein Bestes) Habe seit einigen Tagen mehrere Probleme auf meiner Windows Vista Partition: Norton meldet ständig Angriffe (Tidserv Activity - Trojan.Hiloti.Gen / Appcrash svchost.exe / Google Redirects / ständige Angriffe etc....
Archiv
Du betrachtest: Trojan.Hiloti.Gen / Appcrash svchost.exe / Google Redirects / ständige Angriffe etc. auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.